Merge branch 'eip-service.json_updates' into 'master'

Fix auto-check issues after successful connection attempt Closes #9093 See merge request leap/bitmask_android!197
author: cyberta <cyberta@riseup.net> 2022-07-18 21:57:07 +0000
committer: cyberta <cyberta@riseup.net> 2022-07-18 21:57:07 +0000
commit: abd8c8d06f01cc5b794a18779c2ea36b9317b4e3 (patch)
tree: 3bf4274594bc45c879093adbab58c2ec7a142146
parent: f90e72fb3e90d561a433278f251ee27297b42001 (diff)
parent: 6ad47f6665312cfbc5c9b9e9bae1088d91b8dc99 (diff)
13 files changed, 234 insertions, 88 deletions
diff --git a/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/DownloadNotificationManager.java b/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/DownloadNotificationManager.java
index 1a88000b..336802c6 100644
--- a/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/DownloadNotificationManager.java
+++ b/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/DownloadNotificationManager.java
@@ -84,6 +84,7 @@ public class DownloadNotificationManager {
         notificationBuilder
                 .setDefaults(Notification.DEFAULT_ALL)
                 .setAutoCancel(false)
+                .setNotificationSilent()
                 .setOngoing(true)
                 .setSmallIcon(android.R.drawable.stat_sys_download)
                 .setContentTitle(context.getString(R.string.version_update_apk_description, context.getString(R.string.app_name)))
diff --git a/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/DownloadServiceCommand.java b/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/DownloadServiceCommand.java
index 4e0d9079..41efd621 100644
--- a/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/DownloadServiceCommand.java
+++ b/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/DownloadServiceCommand.java
@@ -18,6 +18,7 @@ package se.leap.bitmaskclient.appUpdate;
 
 import android.content.Context;
 import android.content.Intent;
+import android.os.Bundle;
 import android.os.ResultReceiver;
 
 import androidx.annotation.NonNull;
@@ -31,18 +32,27 @@ public class DownloadServiceCommand {
             CHECK_VERSION_FILE = "checkVersionFile",
             DOWNLOAD_UPDATE = "downloadUpdate";
 
-    private Context context;
-    private String action;
-    private ResultReceiver resultReceiver;
+    private final Context context;
+    private final String action;
+    private Bundle parameters;
+    private final ResultReceiver resultReceiver;
 
     private DownloadServiceCommand(@NonNull Context context, @NonNull String action) {
-        this(context.getApplicationContext(), action, null);
+        this(context.getApplicationContext(), action, null, null);
     }
 
+    private DownloadServiceCommand(@NonNull Context context, @NonNull String action, @Nullable Bundle parameters) {
+        this(context.getApplicationContext(), action, parameters, null);
+    }
     private DownloadServiceCommand(@NonNull Context context, @NonNull String action, @Nullable ResultReceiver resultReceiver) {
+        this(context.getApplicationContext(), action, null, resultReceiver);
+    }
+
+    private DownloadServiceCommand(@NonNull Context context, @NonNull String action, @Nullable Bundle parameters, @Nullable ResultReceiver resultReceiver) {
         super();
         this.context = context;
         this.action = action;
+        this.parameters = parameters;
         this.resultReceiver = resultReceiver;
     }
 
@@ -53,6 +63,10 @@ public class DownloadServiceCommand {
         if (resultReceiver != null) {
             command.putExtra(ProviderAPI.RECEIVER_KEY, resultReceiver);
         }
+        if (parameters == null) {
+            parameters = Bundle.EMPTY;
+        }
+        command.putExtra(ProviderAPI.PARAMETERS, parameters);
         return command;
     }
 
@@ -73,7 +87,12 @@ public class DownloadServiceCommand {
         command.execute();
     }
 
-    public static void execute(Context context, String action, ResultReceiver resultReceiver) {
+    public static void execute(Context context, String action, Bundle parameters) {
+        DownloadServiceCommand command = new DownloadServiceCommand(context, action, parameters);
+        command.execute();
+    }
+
+    public static void execute(Context context, String action, Bundle parameters, ResultReceiver resultReceiver) {
         DownloadServiceCommand command = new DownloadServiceCommand(context, action, resultReceiver);
         command.execute();
     }
diff --git a/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/UpdateDownloadManager.java b/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/UpdateDownloadManager.java
index b50c587c..109164c5 100644
--- a/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/UpdateDownloadManager.java
+++ b/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/UpdateDownloadManager.java
@@ -48,6 +48,8 @@ import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_DOWNLOAD_SER
 import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_RESULT_CODE;
 import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_RESULT_KEY;
 import static se.leap.bitmaskclient.base.utils.FileHelper.readPublicKey;
+import static se.leap.bitmaskclient.providersetup.ProviderAPI.DELAY;
+import static se.leap.bitmaskclient.providersetup.ProviderAPI.PARAMETERS;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.RECEIVER_KEY;
 
 public class UpdateDownloadManager implements Logger, DownloadConnector.DownloadProgress {
@@ -93,6 +95,15 @@ public class UpdateDownloadManager implements Logger, DownloadConnector.Download
             receiver = command.getParcelableExtra(RECEIVER_KEY);
         }
         String action = command.getAction();
+        Bundle parameters = command.getBundleExtra(PARAMETERS);
+
+        if (parameters.containsKey(DELAY)) {
+            try {
+                Thread.sleep(parameters.getLong(DELAY));
+            } catch (InterruptedException e) {
+                e.printStackTrace();
+            }
+        }
 
         Bundle result = new Bundle();
         switch (action) {
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java
index 974aef80..02a9694a 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java
@@ -63,6 +63,7 @@ public final class Provider implements Parcelable {
     private String vpnCertificate = "";
     private long lastEipServiceUpdate = 0L;
     private long lastGeoIpUpdate = 0L;
+    private boolean shouldUpdateVpnCertificate;
 
     private boolean allowAnonymous;
     private boolean allowRegistered;
@@ -361,6 +362,7 @@ public final class Provider implements Parcelable {
         parcel.writeString(getVpnCertificate());
         parcel.writeLong(lastEipServiceUpdate);
         parcel.writeLong(lastGeoIpUpdate);
+        parcel.writeInt(shouldUpdateVpnCertificate ? 0 : 1);
     }
 
 
@@ -407,6 +409,7 @@ public final class Provider implements Parcelable {
             }
             this.lastEipServiceUpdate = in.readLong();
             this.lastGeoIpUpdate = in.readLong();
+            this.shouldUpdateVpnCertificate = in.readInt()  == 0;
         } catch (MalformedURLException | JSONException e) {
             e.printStackTrace();
         }
@@ -492,6 +495,13 @@ public final class Provider implements Parcelable {
         return System.currentTimeMillis() - lastEipServiceUpdate >= EIP_SERVICE_TIMEOUT;
     }
 
+    public void setShouldUpdateVpnCertificate(Boolean update) {
+        shouldUpdateVpnCertificate = update;
+    }
+
+    public boolean shouldUpdateVpnCertificate() {
+        return shouldUpdateVpnCertificate;
+    }
 
     public void setLastGeoIpUpdate(long timestamp) {
         lastGeoIpUpdate = timestamp;
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java
index cf4dc9bf..46f91781 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java
@@ -56,6 +56,7 @@ import de.blinkt.openvpn.core.VpnStatus;
 import de.blinkt.openvpn.core.connection.Connection;
 import se.leap.bitmaskclient.R;
 import se.leap.bitmaskclient.base.OnBootReceiver;
+import se.leap.bitmaskclient.base.models.Provider;
 import se.leap.bitmaskclient.base.models.ProviderObservable;
 import se.leap.bitmaskclient.base.utils.PreferenceHelper;
 
@@ -242,6 +243,12 @@ public final class EIP extends JobIntentService implements Observer {
             return;
         }
 
+        if (shouldUpdateVPNCertificate()) {
+            Provider p = ProviderObservable.getInstance().getCurrentProvider();
+            p.setShouldUpdateVpnCertificate(true);
+            ProviderObservable.getInstance().updateProvider(p);
+        }
+
         GatewaysManager gatewaysManager = new GatewaysManager(getApplicationContext());
         if (gatewaysManager.isEmpty()) {
             setErrorResult(result, warning_client_parsing_error_gateways, null);
@@ -267,6 +274,12 @@ public final class EIP extends JobIntentService implements Observer {
         Gateway gateway = gatewaysManager.select(0);
         Bundle result = new Bundle();
 
+        if (shouldUpdateVPNCertificate()) {
+            Provider p = ProviderObservable.getInstance().getCurrentProvider();
+            p.setShouldUpdateVpnCertificate(true);
+            ProviderObservable.getInstance().updateProvider(p);
+        }
+
         launchActiveGateway(gateway, 0, result);
         if (result.containsKey(BROADCAST_RESULT_KEY) && !result.getBoolean(BROADCAST_RESULT_KEY)){
             VpnStatus.logWarning("ALWAYS-ON VPN: " + getString(R.string.no_vpn_profiles_defined));
@@ -415,6 +428,12 @@ public final class EIP extends JobIntentService implements Observer {
         return validator.isValid();
     }
 
+    private boolean shouldUpdateVPNCertificate() {
+        VpnCertificateValidator validator = new VpnCertificateValidator(preferences.getString(PROVIDER_VPN_CERTIFICATE, ""));
+        return validator.shouldBeUpdated();
+    }
+
+
     /**
      * helper function to add error to result bundle
      *
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java b/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java
index 9d67340e..05991390 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java
@@ -39,12 +39,14 @@ import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PROFILE;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_EIP_SERVICE;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_GEOIP_JSON;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE;
+import static se.leap.bitmaskclient.providersetup.ProviderAPI.DELAY;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_EIP_SERVICE;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_GEOIP_JSON;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_VPN_CERTIFICATE;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.PROVIDER_NOK;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.PROVIDER_OK;
+import static se.leap.bitmaskclient.providersetup.ProviderAPI.QUIETLY_UPDATE_VPN_CERTIFICATE;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.TOR_EXCEPTION;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.TOR_TIMEOUT;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE;
@@ -367,11 +369,21 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta
             Provider provider = ProviderObservable.getInstance().getCurrentProvider();
             if (setupNClosestGateway.get() > 0 || provider.shouldUpdateEipServiceJson()) {
                 //setupNClostestGateway > 0: at least one failed gateway -> did the provider change it's gateways?
-                ProviderAPICommand.execute(appContext, ProviderAPI.DOWNLOAD_SERVICE_JSON, provider);
+                Bundle parameters = new Bundle();
+                parameters.putLong(DELAY, 500);
+                ProviderAPICommand.execute(appContext, ProviderAPI.DOWNLOAD_SERVICE_JSON, parameters, provider);
             }
 
             if (shouldCheckAppUpdate()) {
-                DownloadServiceCommand.execute(appContext, CHECK_VERSION_FILE);
+                Bundle parameters = new Bundle();
+                parameters.putLong(DELAY, 500);
+                DownloadServiceCommand.execute(appContext, CHECK_VERSION_FILE, parameters);
+            }
+
+            if (provider.shouldUpdateVpnCertificate()) {
+                Bundle parameters = new Bundle();
+                parameters.putLong(DELAY, 500);
+                ProviderAPICommand.execute(appContext, QUIETLY_UPDATE_VPN_CERTIFICATE, parameters, provider);
             }
             finishGatewaySetup(false);
         } else if ("TCP_CONNECT".equals(state)) {
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
index 16d1c5ad..8841ae94 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
@@ -45,9 +45,22 @@ public class VpnCertificateValidator {
 
     /**
      *
-     * @return true if all certificates are valid for more than 15 more days
+     * @return true if all certificates are valid for 1 more day
      */
     public boolean isValid() {
+        return isValid(1);
+    }
+
+    /**
+     *
+     * @return return true if certificates will expire in 8 days or less
+     */
+    public boolean shouldBeUpdated() {
+        return !isValid(8);
+    }
+
+
+    private boolean isValid(int offsetDays) {
         if (certificate.isEmpty()) {
             return false;
         }
@@ -57,7 +70,7 @@ public class VpnCertificateValidator {
             return false;
         }
         for (X509Certificate cert : x509Certificates) {
-            if (!isValid(cert)) {
+            if (!isValid(cert, offsetDays)) {
                 return false;
             }
         }
@@ -65,12 +78,12 @@ public class VpnCertificateValidator {
     }
 
 
-    private boolean isValid(X509Certificate certificate) {
+    private boolean isValid(X509Certificate certificate, int offsetDays) {
         if (certificate == null) {
             return false;
         }
 
-        Calendar offsetDate = calculateOffsetCertificateValidity(certificate);
+        Calendar offsetDate = calculateOffsetCertificateValidity(certificate, offsetDays);
         try {
             certificate.checkValidity(offsetDate.getTime());
             return true;
@@ -81,15 +94,15 @@ public class VpnCertificateValidator {
         }
     }
 
-    private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) {
+    private Calendar calculateOffsetCertificateValidity(X509Certificate certificate, int offsetDays) {
         Calendar limitDate = calendarProvider.getCalendar();
         Date startDate = certificate.getNotBefore();
         // if certificates start date is before current date just return the current date without an offset
         if (startDate.getTime() >= limitDate.getTime().getTime()) {
             return limitDate;
         }
-        // else add an offset of 15 days to the current date
-        limitDate.add(Calendar.DAY_OF_YEAR, 15);
+        // else add an offset to the current date
+        limitDate.add(Calendar.DAY_OF_YEAR, offsetDays);
 
         return limitDate;
     }
diff --git a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java
index da77af2f..e45add50 100644
--- a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java
+++ b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java
@@ -63,9 +63,15 @@ public class ProviderAPI extends JobIntentService implements ProviderApiManagerB
             SIGN_UP = "srpRegister",
             LOG_IN = "srpAuth",
             LOG_OUT = "logOut",
+            // all vpn certificate download commands are used in different scenarios with different error handling
+            // command key used for the initial vpn certificate download during the provider setup
             DOWNLOAD_VPN_CERTIFICATE = "downloadUserAuthedVPNCertificate",
+            // command key used to update soon expiring but yet valid certificates after connecting to the vpn
+            QUIETLY_UPDATE_VPN_CERTIFICATE = "ProviderAPI.QUIETLY_UPDATE_VPN_CERTIFICATE",
+            // command key used to update invalid certificates, connecting to the vpn is impossible
             UPDATE_INVALID_VPN_CERTIFICATE = "ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE",
             PARAMETERS = "parameters",
+            DELAY = "delay",
             RECEIVER_KEY = "receiver",
             ERRORS = "errors",
             ERRORID = "errorId",
@@ -97,7 +103,6 @@ public class ProviderAPI extends JobIntentService implements ProviderApiManagerB
             TOR_EXCEPTION = 21;
 
     ProviderApiManager providerApiManager;
-    private volatile TorServiceConnection torServiceConnection;
 
     //TODO: refactor me, please!
     //used in insecure flavor only
@@ -156,7 +161,7 @@ public class ProviderAPI extends JobIntentService implements ProviderApiManagerB
             if (Build.VERSION.SDK_INT < Build.VERSION_CODES.Q) {
                 NetworkInfo activeNetwork = cm.getActiveNetworkInfo();
                 return activeNetwork != null &&
-                        activeNetwork.isConnectedOrConnecting();
+                        activeNetwork.isConnected();
             } else {
                 NetworkCapabilities capabilities = cm.getNetworkCapabilities(cm.getActiveNetwork());
                 if (capabilities != null) {
diff --git a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerBase.java b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerBase.java
index ecddb9c7..607339fd 100644
--- a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerBase.java
+++ b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerBase.java
@@ -52,6 +52,7 @@ import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOAD
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_GEOIP_JSON;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_VPN_CERTIFICATE;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE;
+import static se.leap.bitmaskclient.providersetup.ProviderAPI.DELAY;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.DOWNLOAD_GEOIP_JSON;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.DOWNLOAD_SERVICE_JSON;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.DOWNLOAD_VPN_CERTIFICATE;
@@ -71,6 +72,7 @@ import static se.leap.bitmaskclient.providersetup.ProviderAPI.MISSING_NETWORK_CO
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.PARAMETERS;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.PROVIDER_NOK;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.PROVIDER_OK;
+import static se.leap.bitmaskclient.providersetup.ProviderAPI.QUIETLY_UPDATE_VPN_CERTIFICATE;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.RECEIVER_KEY;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.SET_UP_PROVIDER;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.SIGN_UP;
@@ -193,6 +195,14 @@ public abstract class ProviderApiManagerBase {
             return;
         }
 
+        if (parameters.containsKey(DELAY)) {
+            try {
+                Thread.sleep(parameters.getLong(DELAY));
+            } catch (InterruptedException e) {
+                e.printStackTrace();
+            }
+        }
+
         if (!serviceCallback.hasNetworkConnection()) {
             Bundle result = new Bundle();
             setErrorResult(result, R.string.error_network_connection, null);
@@ -277,6 +287,17 @@ public abstract class ProviderApiManagerBase {
                 }
                 ProviderObservable.getInstance().setProviderForDns(null);
                 break;
+            case QUIETLY_UPDATE_VPN_CERTIFICATE:
+                ProviderObservable.getInstance().setProviderForDns(provider);
+                result = updateVpnCertificate(provider);
+                if (result.getBoolean(BROADCAST_RESULT_KEY)) {
+                    Log.d(TAG, "successfully downloaded VPN certificate");
+                    provider.setShouldUpdateVpnCertificate(false);
+                    PreferenceHelper.storeProviderInPreferences(preferences, provider);
+                    ProviderObservable.getInstance().updateProvider(provider);
+                }
+                ProviderObservable.getInstance().setProviderForDns(null);
+                break;
             case UPDATE_INVALID_VPN_CERTIFICATE:
                 ProviderObservable.getInstance().setProviderForDns(provider);
                 result = updateVpnCertificate(provider);
diff --git a/app/src/notFatweb/java/se/leap/bitmaskclient/appUpdate/DownloadServiceCommand.java b/app/src/notFatweb/java/se/leap/bitmaskclient/appUpdate/DownloadServiceCommand.java
index 157f04fe..02a830ca 100644
--- a/app/src/notFatweb/java/se/leap/bitmaskclient/appUpdate/DownloadServiceCommand.java
+++ b/app/src/notFatweb/java/se/leap/bitmaskclient/appUpdate/DownloadServiceCommand.java
@@ -1,6 +1,10 @@
 package se.leap.bitmaskclient.appUpdate;
 
 import android.content.Context;
+import android.os.Bundle;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
 
 /**
  * DownloadServiceCommand is only implemented in Fatweb builds
@@ -16,4 +20,8 @@ public class DownloadServiceCommand {
     public static void execute(Context context, String action) {
         // DO NOTHING.
     }
+
+    public static void execute(@NonNull Context context, @NonNull String action, @Nullable Bundle parameters) {
+        // DO NOTHING.
+    }
 }
diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java
index cb1e1f73..2b1615da 100644
--- a/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java
+++ b/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java
@@ -186,6 +186,7 @@ public class ProviderApiManagerTest {
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult));
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
 
         providerApiManager.handleIntent(providerApiCommand);
     }
@@ -207,6 +208,7 @@ public class ProviderApiManagerTest {
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_OK, expectedResult));
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
 
         providerApiManager.handleIntent(providerApiCommand);
     }
@@ -228,6 +230,7 @@ public class ProviderApiManagerTest {
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_OK, expectedResult));
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
 
         providerApiManager.handleIntent(providerApiCommand);
     }
@@ -249,7 +252,7 @@ public class ProviderApiManagerTest {
         Intent providerApiCommand = mockIntent();
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_OK, expectedResult));
-
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
 
         providerApiManager.handleIntent(providerApiCommand);
@@ -270,6 +273,7 @@ public class ProviderApiManagerTest {
 
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult));
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
 
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
 
@@ -292,6 +296,7 @@ public class ProviderApiManagerTest {
 
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult));
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
 
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
 
@@ -318,7 +323,7 @@ public class ProviderApiManagerTest {
 
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult));
-
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
 
         providerApiManager.handleIntent(providerApiCommand);
@@ -341,7 +346,7 @@ public class ProviderApiManagerTest {
 
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult));
-
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
 
         providerApiManager.handleIntent(providerApiCommand);
@@ -365,7 +370,7 @@ public class ProviderApiManagerTest {
 
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult));
-
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
 
         providerApiManager.handleIntent(providerApiCommand);
@@ -388,6 +393,7 @@ public class ProviderApiManagerTest {
 
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult));
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
 
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
 
@@ -413,6 +419,7 @@ public class ProviderApiManagerTest {
 
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult));
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
 
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
 
@@ -433,12 +440,12 @@ public class ProviderApiManagerTest {
         expectedResult.putString(ERRORS, "{\"errors\":\"There was an error configuring Bitmask with your chosen provider.\"}");
         expectedResult.putParcelable(PROVIDER_KEY, provider);
 
-
         Intent providerApiCommand = mockIntent();
 
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult));
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
 
         providerApiManager.handleIntent(providerApiCommand);
     }
@@ -461,12 +468,12 @@ public class ProviderApiManagerTest {
         expectedResult.putString(ERRORS, "{\"errors\":\"There was an error configuring RiseupVPN.\"}");
         expectedResult.putParcelable(PROVIDER_KEY, provider);
 
-
         Intent providerApiCommand = mockIntent();
 
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult));
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
 
         providerApiManager.handleIntent(providerApiCommand);
     }
@@ -484,12 +491,12 @@ public class ProviderApiManagerTest {
         expectedResult.putBoolean(BROADCAST_RESULT_KEY, true);
         expectedResult.putParcelable(PROVIDER_KEY, provider);
 
-
         Intent providerApiCommand = mockIntent();
 
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_OK, expectedResult));
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
 
         providerApiManager.handleIntent(providerApiCommand);
     }
@@ -510,12 +517,12 @@ public class ProviderApiManagerTest {
         expectedResult.putBoolean(BROADCAST_RESULT_KEY, false);
         expectedResult.putParcelable(PROVIDER_KEY, provider);
         expectedResult.putString(ERRORS, "This is not a trusted Bitmask provider.");
-
         Intent providerApiCommand = mockIntent();
 
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult));
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
 
         providerApiManager.handleIntent(providerApiCommand);
     }
@@ -685,12 +692,12 @@ public class ProviderApiManagerTest {
 
         expectedResult.putBoolean(BROADCAST_RESULT_KEY, true);
         expectedResult.putParcelable(PROVIDER_KEY, provider);
-
         Intent providerApiCommand = mockIntent();
 
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_OK, expectedResult));
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
 
         providerApiManager.handleIntent(providerApiCommand);
     }
@@ -707,7 +714,7 @@ public class ProviderApiManagerTest {
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_OK));
-
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
         mockTorStatusObservable(null);
 
         providerApiManager.handleIntent(providerApiCommand);
@@ -727,7 +734,7 @@ public class ProviderApiManagerTest {
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK));
-
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
         mockTorStatusObservable(null);
 
         providerApiManager.handleIntent(providerApiCommand);
@@ -746,7 +753,7 @@ public class ProviderApiManagerTest {
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK));
-
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
         mockTorStatusObservable(new TimeoutException("Tor took too long to start."));
 
         providerApiManager.handleIntent(providerApiCommand);
@@ -767,7 +774,7 @@ public class ProviderApiManagerTest {
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_OK));
-
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
         mockTorStatusObservable(null);
 
         providerApiManager.handleIntent(providerApiCommand);
@@ -788,7 +795,7 @@ public class ProviderApiManagerTest {
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_OK));
-
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
         mockTorStatusObservable(new TimeoutException("This timeout exception is never thrown"));
 
         providerApiManager.handleIntent(providerApiCommand);
@@ -809,7 +816,7 @@ public class ProviderApiManagerTest {
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
         providerApiCommand.setAction(ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(CORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE));
-
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
         mockTorStatusObservable(null);
 
         providerApiManager.handleIntent(providerApiCommand);
@@ -831,7 +838,7 @@ public class ProviderApiManagerTest {
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
         providerApiCommand.setAction(ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(INCORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE));
-
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
         mockTorStatusObservable(new TimeoutException("This timeout exception is never thrown"));
 
         providerApiManager.handleIntent(providerApiCommand);
@@ -853,7 +860,7 @@ public class ProviderApiManagerTest {
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
         providerApiCommand.setAction(ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(CORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE));
-
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
         mockTorStatusObservable(null);
 
         providerApiManager.handleIntent(providerApiCommand);
@@ -880,7 +887,7 @@ public class ProviderApiManagerTest {
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
         providerApiCommand.setAction(ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(TOR_EXCEPTION, expectedResult));
-
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
         mockTorStatusObservable(new InterruptedException("Tor thread was interrupted."));
 
         providerApiManager.handleIntent(providerApiCommand);
@@ -903,7 +910,7 @@ public class ProviderApiManagerTest {
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(TOR_TIMEOUT, expectedResult));
-
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
         mockTorStatusObservable(new TimeoutException("Tor took too long to start."));
 
         providerApiManager.handleIntent(providerApiCommand);
@@ -928,7 +935,7 @@ public class ProviderApiManagerTest {
         providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
         providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(MISSING_NETWORK_CONNECTION, expectedResult));
         providerApiCommand.putExtra(PROVIDER_KEY, provider);
-
+        providerApiCommand.putExtra(PARAMETERS, mockBundle());
         providerApiManager.handleIntent(providerApiCommand);
     }
 
diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/VpnCertificateValidatorTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/VpnCertificateValidatorTest.java
index 32c0d0e4..1cb47f43 100644
--- a/app/src/test/java/se/leap/bitmaskclient/eip/VpnCertificateValidatorTest.java
+++ b/app/src/test/java/se/leap/bitmaskclient/eip/VpnCertificateValidatorTest.java
@@ -38,9 +38,9 @@ public class VpnCertificateValidatorTest {
     }
 
     @Test
-    public void test_isValid_lessThan15days_returnFalse() throws NoSuchAlgorithmException, CertificateEncodingException, IOException {
+    public void test_isValid_lessThan1day_returnFalse() throws NoSuchAlgorithmException, CertificateEncodingException, IOException {
         String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("riseup.net.pem"));
-        Calendar c = new Calendar.Builder().setDate(2024, 4, 14).setCalendarType("gregorian").build();
+        Calendar c = new Calendar.Builder().setDate(2024, 3, 28).setCalendarType("gregorian").build();
         mockConfigHelper("falseFingerPrint");
         VpnCertificateValidator validator = new VpnCertificateValidator(cert);
         validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis()));
@@ -50,7 +50,7 @@ public class VpnCertificateValidatorTest {
     @Test
     public void test_isValid_multipleCerts_failIfOneExpires() throws NoSuchAlgorithmException, CertificateEncodingException, IOException {
         String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("float.hexacab.org.pem"));
-        Calendar c = new Calendar.Builder().setDate(2024, 4, 14).setCalendarType("gregorian").build();
+        Calendar c = new Calendar.Builder().setDate(2024, 3, 28).setCalendarType("gregorian").build();
         mockConfigHelper("falseFingerPrint");
         VpnCertificateValidator validator = new VpnCertificateValidator(cert);
         validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis()));
@@ -60,10 +60,30 @@ public class VpnCertificateValidatorTest {
     @Test
     public void test_isValid_multipleCerts_allValid() throws NoSuchAlgorithmException, CertificateEncodingException, IOException {
         String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("float.hexacab.org.pem"));
-        Calendar c = new Calendar.Builder().setDate(2024, 4, 13).setCalendarType("gregorian").build();
+        Calendar c = new Calendar.Builder().setDate(2024, 3, 27).setCalendarType("gregorian").build();
         mockConfigHelper("falseFingerPrint");
         VpnCertificateValidator validator = new VpnCertificateValidator(cert);
         validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis()));
-        assertFalse(validator.isValid());
+        assertTrue(validator.isValid());
+    }
+
+    @Test
+    public void test_shouldBeUpdated_lessThan8days_returnTrue() throws NoSuchAlgorithmException, CertificateEncodingException, IOException {
+        String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("float.hexacab.org.pem"));
+        Calendar c = new Calendar.Builder().setDate(2024, 3, 21).setCalendarType("gregorian").build();
+        mockConfigHelper("falseFingerPrint");
+        VpnCertificateValidator validator = new VpnCertificateValidator(cert);
+        validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis()));
+        assertTrue(validator.shouldBeUpdated());
+    }
+
+    @Test
+    public void test_shouldBeUpdated_moreThan8days_returnFalse() throws NoSuchAlgorithmException, CertificateEncodingException, IOException {
+        String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("float.hexacab.org.pem"));
+        Calendar c = new Calendar.Builder().setDate(2024, 3, 20).setCalendarType("gregorian").build();
+        mockConfigHelper("falseFingerPrint");
+        VpnCertificateValidator validator = new VpnCertificateValidator(cert);
+        validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis()));
+        assertFalse(validator.shouldBeUpdated());
     }
 }
 \ No newline at end of file
diff --git a/app/src/test/resources/v4/riseup.net.cert b/app/src/test/resources/v4/riseup.net.cert
index b689c033..86bc0b55 100644
--- a/app/src/test/resources/v4/riseup.net.cert
+++ b/app/src/test/resources/v4/riseup.net.cert
@@ -1,54 +1,54 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAvXvOGBJeNZfzvkLgEbunA29j/zrxGtDxQwHQ2oAElpQyZfzF
-smHza6Q4o1audAH/hrLF4Z3I3jRbGsuh81pq7GCMsaL1/C2xWlOOHH6+zljdLHvr
-/COwVOuKIUR19yIIozcBaCp3mvDCMAH+cF0uLPw/cfs4Le0gaptN3n3f5jFnFxEs
-3fDXnAgUP7QPvxm5Wl5MM2HBNKcwPNLA29VrgRtJ6OJWtK3raB1S1D3Iv9OMAYtA
-5dCpRMYbV0gBcxc0YRsmlLy8s3ZKdKF3aqiZfN4R/dLzqmysIAVSgfvp8vZpRZDz
-uStE+fiTH4MEFpUTQ6bwbjV9hh6+M5UO1aPYUwIDAQABAoIBAGPgDhHCHMZDAccX
-mOO/9Zhp7ltpxgxMdd7L5jpFoCV+l9IKGmqcFqJ2PSRbXDjplLZ7JLJ3aJk3H45Q
-J10OG63cdkxriR0TOJhT0mRSqmA5ltsLtqeAaEFapcRDQaqx1buyEpvFRqX0oWaM
-poCznNM5YnfB4yrSAnQuyCyuTIYYO5n4baOWR97vbpfwPtznyt2vsVhsP6hj2+4u
-Jv4cgDtvap/yXpCcQdfoAKavDRKDd9Ig+6ZirfNZv8nMShQqQj3WWzDY9FxWb2kG
-BjKRURS5CD/4FRTY4CIQ9sGvhTvcY7WxgQ6uESuM2YBTEFygEtB9tyIMdPDTz9qg
-43eqA4ECgYEA6YbVqnZPxGK2TTqJw0yV/UPDhXy0gViOX+eMwQpfQySd1wqBabeh
-hS0ntMMcgZHNQ9IsBZDSkfVFA51+x97kQeoF5kvM3PYLBBvP6NBBaR/rlofkz/4z
-4CIEFoFMUFplF4tyJOm+QQx7A8njG8oIJ0MI8zEjglJk4//yHF8AfU8CgYEAz7fs
-uGKevL7Ha6n9qiQ08cLunWPP0CEUobf4afgXMVBl7R9hDiq80YImK0wuh8prOt0E
-TWtL9i8ToEvHaubuXT1kgoOZoeyIAEYpi1aF/a/+AZ562Ts8jeWwa6ZJVqLfG0lR
-gdrQvJgDgqsF4B6oynEjrvtanW48g+ROLmXwG70CgYBAF7yey1f7O2hza8SRsHxe
-BXItOdvEwExbMA7mkHUy1WLouT5piHexOIJ0TzSMrzqaCZ4BbQ0N+DYX1usL6jXV
-jWhPG7C/WFwPpZ57dGTveE5Ng0CegVM1icB7eMM8LoMeYixSy0BnVAiTMp69asaw
-F+rl7C+lvf1owj9t3/kfawKBgQCxvqFB5qIOwPHEn2IBBZqIhlXJOG/LmYMeH17i
-zviJqlKN5hwXE1sfrE8dHcNzTzMS262i0f3eW8pfkHjEcXfnMXGgfRwqA00dbux9
-3zwpKUAiAor8+EOI6NNeSpzXFef0YXjttWCJAUt/tPkCHzowgUAXq96OeJYwBl0g
-NvqPwQKBgDpV8An1JZAjcUNc9IP6GvubYpsTwyEjSHYteEdBtahLrh0G4gjLNgg7
-PvhHxni5UvjeRiNPwb3cWVYL7v7YVTRyDvRmZ7FrLWJ0q3P0S8Ww4ar+ZWw8sQhQ
-zaoY20NYypde+K9RRamnUw6GvoS+o7pF0c+hXaup/jGAwszcLJr3
+MIIEpAIBAAKCAQEAwtqqSbTsB/JchPr41KdSyTWfG+qBxRfbqYw5hx8VxzuVNPn4
+nEmKm4KbtEhZLT3Kk0yJa+9X3UBVkeTrI6IZQmsK1s1lq9YTcwjsryza//xtw6gM
+7Wd8X8FaMnaYPBBRpaWWi//RsrLmztm0kSU1pJbgSL1VJsngGImWPcnAPvhPS4IG
+6XD/4DLyog7Hyg0yuZyBf6DzvQUMFh/B9Sm+ogY8nG+vEaoN/RaKn25M+uC6NC2v
+X+9wcqLyQeh0JsIA23foyyWlA2sW2+ad4VWfI3DpXwYCnCuJZlD3JZoLP8OoQacl
+PsBIll+n6KeVcE7H7af2CkNinFa+0CgMYtvpgQIDAQABAoIBAQC5ufkkRinQLUfY
+jOuOrmovVUfyMOU+es4qXnka/RsiCv3eQAGi3koajjRhc7BkeghTvFkkIz9pqX+m
+jz89eK2A7Eypj5/AWU2ykSgglK2t3+qz2sNvqfsXvlF91iKm5ZsdO6cyjEVRgkqT
+kVkWHBR0bEcdrjGyxisu2D33aQ0wNo1ENoJYJEe+F+fcm3IhVsSCMWEoYeX+RXXq
+scwGgwNSn3V4fEqQA7Hs77ri+gjbuIf6KZ3DPcQTpJ4ST6UcJkyXowLLYFmPgVJt
+XOqJ5sjDUNLgX2F6LJj8r0C2V0UmRoed/ZONmB2AVr/e/BmGB4zLVOFv4NLK52CP
+m3B4SrPNAoGBAPEJcfFPAOAHIW51xz2l61W4d4rqvu54IuHYMGWRJjtNx/zqIxwE
+I4hTHz9jz++JZaJH9anOliosIqzmieds57JX0MBEOIVG8wb0BgxziIO8E5hdfptr
+DWtfmnFnCiz2qEb38UU8GiifiwCrU6NkEniAaoCVkMMx+B0cycLfeeUHAoGBAM7z
+SOUbZooN7ZAz/KFe05wHOwngb7ikEuENXFLziyaOa+0zXyv0PitWese0GdGbU1nH
+Alkw/qA8kozGobmfSWrLxBCjJDtz4wuDilwI4OT0hO6+VZlF89C84BjAVA/RXjzo
+CcIUrIvZv8OaopESicuC67KB1ujB4p+XFTEmlmM3AoGABSNTZ3ZsqVndj5I5JgpE
+YvZkrfRlD4ZGEBRgq7mVXAxDaBPBndZEv6It91b0VsHSBcyM4wrBTrLUJmVfqSw8
+ICQZEhAiOE0T3yESg+9uiIhYzpWnnj6A8bn++83bfKvhWGnunbAzSoxkFSaRyNjY
+P/NU0dreVBrblBtJ/bpvyb8CgYBOX13kvdq4P4wPB1EN/65dsXNPSzqkDybDKd8j
+3u18nYUL4F+Tcry0htyakn8QnSUUo8Qk6OQU5LuPKo4GkOcp1Z8budy30yxRqPAV
+6Jrauis5isU59X7fNxga54MuNljc8fb4FAJAOCdiOUaFcCLU+nCuOnOb1Akx7PJu
+mbFsQwKBgQCfOLsXqDHMRTnyRCwGOx9aIbYt0qW5ZE08f8vbqKMz2KeX9uN7G/7s
+NO36Zakppn9IS9nQVPmBDQhQ+8VQYqX7VaB1ug7d1OhuP+dbvXGBq4nN9f2iqy6Z
+G5PyYZpI8Qo+Cr04TkXacz9Lc4NFOxyqw/Ln1tuOLYAZY8dSaTHOsg==
 -----END RSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
-MIIEmzCCAoOgAwIBAgIQfhZuQF/HQWNj4bY/2E0R1zANBgkqhkiG9w0BAQsFADB1
+MIIEmzCCAoOgAwIBAgIQdYL065go8MY1TA6uhbuzrzANBgkqhkiG9w0BAQsFADB1
 MRgwFgYDVQQKDA9SaXNldXAgTmV0d29ya3MxGzAZBgNVBAsMEmh0dHBzOi8vcmlz
 ZXVwLm5ldDE8MDoGA1UEAwwzUmlzZXVwIE5ldHdvcmtzIFJvb3QgQ0EgKGNsaWVu
-dCBjZXJ0aWZpY2F0ZXMgb25seSEpMB4XDTIyMDQxNzAwMDAwMFoXDTIyMDcxNzAw
-MDAwMFowLTErMCkGA1UEAwwiVU5MSU1JVEVEN2ZsNjdmcmZ6NnF3aWs2eG95emht
-bzV2eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL17zhgSXjWX875C
-4BG7pwNvY/868RrQ8UMB0NqABJaUMmX8xbJh82ukOKNWrnQB/4ayxeGdyN40WxrL
-ofNaauxgjLGi9fwtsVpTjhx+vs5Y3Sx76/wjsFTriiFEdfciCKM3AWgqd5rwwjAB
-/nBdLiz8P3H7OC3tIGqbTd593+YxZxcRLN3w15wIFD+0D78ZuVpeTDNhwTSnMDzS
-wNvVa4EbSejiVrSt62gdUtQ9yL/TjAGLQOXQqUTGG1dIAXMXNGEbJpS8vLN2SnSh
-d2qomXzeEf3S86psrCAFUoH76fL2aUWQ87krRPn4kx+DBBaVE0Om8G41fYYevjOV
-DtWj2FMCAwEAAaNvMG0wHQYDVR0OBBYEFASbEXiXvCseE07xGzDXVzZqRWYkMAsG
+dCBjZXJ0aWZpY2F0ZXMgb25seSEpMB4XDTIyMDYxODAwMDAwMFoXDTIyMDkxODAw
+MDAwMFowLTErMCkGA1UEAwwiVU5MSU1JVEVENnZteWZ1MHpsdmlucmprdTN3Y2hp
+OTZsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLaqkm07AfyXIT6
++NSnUsk1nxvqgcUX26mMOYcfFcc7lTT5+JxJipuCm7RIWS09ypNMiWvvV91AVZHk
+6yOiGUJrCtbNZavWE3MI7K8s2v/8bcOoDO1nfF/BWjJ2mDwQUaWllov/0bKy5s7Z
+tJElNaSW4Ei9VSbJ4BiJlj3JwD74T0uCBulw/+Ay8qIOx8oNMrmcgX+g870FDBYf
+wfUpvqIGPJxvrxGqDf0Wip9uTPrgujQtr1/vcHKi8kHodCbCANt36MslpQNrFtvm
+neFVnyNw6V8GApwriWZQ9yWaCz/DqEGnJT7ASJZfp+inlXBOx+2n9gpDYpxWvtAo
+DGLb6YECAwEAAaNvMG0wHQYDVR0OBBYEFGy9LFCeTCtyoVbQYY18zgpX0N98MAsG
 A1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjAJBgNVHRMEAjAAMB8GA1Ud
-IwQYMBaAFBf0G9XlKgEBTWuiXTYKKQmWZYBGMA0GCSqGSIb3DQEBCwUAA4ICAQA6
-P4z8srFEo/LhaAdOTHjvi4t8OVR7WuD6Tit68UabZpbFwPmXVbzYATKmNepYjXqR
-TDW416M7QWja5nyFSXaLzk95osE1IxqcqgZ5vKHLPFE5J8eBtkVoFN6+9F6olx6s
-8UYbewU1Cm2rN2Y1xXNxAFz9wNqLjGdhuExdfxE+4/Y2uh40yC2rhiJLiSrsdfCU
-QsBQJy7Z76dAtbp2087aqikHmiqm/lkIKXE3jNgb8JCT3oJutedBA/CknDyM/7N/
-x83mS5Iu6vRQIBFN6wfsxxUWOh9oSnivcWBF5IO7a71nuiEEaZpG1tSsQTYk9ENW
-Sx5cP4NnF7uZyMhYASWpVRBsx0gz6cmGWTIO8v9CX4D8HMK7uKeJkMenmwiwnhkI
-+H+9U8sHCX0UGUZqiJshM7ySf7lhHI+UgrE2qCR0GFoRfP9Yz6tsJ0bNKBUkl6UH
-BmXtH1Z7QVSfbkheNA3LNaFB2Gz20+s1kF6N0VGE1DQCsgM2gkciEhYAz13OBT70
-j6PPargWi51B/hsg9b3LE44dk052/vVnklnJ+rjdgrrmwIlN4xyEbc851knLOqxn
-7Xjnl1Qx4sJkm06E+AuKy0OXy2f/mIOiTmA0jlXtYPSV6rYxtUzJeOlqwsu3ImNg
-x3DRSmjZfW1BOCSqLvlJyKeFKxwJlWFGsKk7uBonwA==
+IwQYMBaAFBf0G9XlKgEBTWuiXTYKKQmWZYBGMA0GCSqGSIb3DQEBCwUAA4ICAQBy
+MezxBB08bn5L5ye3pTOvENyM0DLGdoy1N+oEHhjMW/QmxPuXzKviyxNEtFCbyZeT
+n+uQPY3zwhj4vF5PZoUXI22USISMo+bPHHo4dTfXfzln7CuPuXnUR1bFKSFGU7+B
+6TZb5qmFkWfCiZ8KE1ogKXLX2mwmnIKVpPiu07pp6msR+pxfQHBBbrzafLs5PSa8
+kTxW900eozF4KJYwcryu6A/tdkTrQqsji/NrwqJRnFqzzDV0x7iFpnp0J9xRi1oa
+nkETZXMSHkDkqL3RdTwg11RX+bnYS/GK+//z3G17iwB/rGIi9O2qN6uMhX/ZFwom
+AAqbSAzOnSU2ERaSuc7a0t9c9cNnusbYiDaNISAi7bOGs5tCbLRBwSznvIo9Dfx8
+aRnDucYp+I6Vl7xW2mM155/44laemiWn4SPRbvBgZgBWObptnuIqu9Nipwp69z/Q
+x/BBcnNu+PbdkuC9zO+OtwosK3WVkL+QiKWbT4fxXNqJV90NM1R+CteDWvixs+Bn
+xVGCH4c6+svnBmyRhDYID7ZmoeE/gnPkceh63igZ6V+w0UAnGtT9cfLK9cLawfZO
+GnO7P8YTawjRoVz9FmhUnirghq8xk0MCdGHWzT+FqGS+l270F+bbD4eUD2nQhV4J
+QJ0J3BGyzELKzFtIBIpnzPVDJDSIQkPTT/yP7gAEPg==
 -----END CERTIFICATE-----
 \ No newline at end of file
author	cyberta <cyberta@riseup.net>	2022-07-18 21:57:07 +0000
committer	cyberta <cyberta@riseup.net>	2022-07-18 21:57:07 +0000
commit	abd8c8d06f01cc5b794a18779c2ea36b9317b4e3 (patch)
tree	3bf4274594bc45c879093adbab58c2ec7a142146
parent	f90e72fb3e90d561a433278f251ee27297b42001 (diff)
parent	6ad47f6665312cfbc5c9b9e9bae1088d91b8dc99 (diff)