diff options
Diffstat (limited to 'app')
6 files changed, 104 insertions, 81 deletions
diff --git a/app/assets/fronts b/app/assets/fronts index cd850e2e..60c56333 100644 --- a/app/assets/fronts +++ b/app/assets/fronts @@ -1,3 +1,4 @@ -snowflake-target https://snowflake-broker.azureedge.net -snowflake-front ajax.aspnetcdn.com -snowflake-stun stun:stun.stunprotocol.org:3478,stun:stun.voip.blackberry.com:3478,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 +snowflake-target https://1098762253.rsc.cdn77.org +snowflake-fronts www.cdn77.com,www.phpmyadmin.net +snowflake-stun stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 +utls-imitate hellorandomizedalpn
\ No newline at end of file diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java index 506b04a6..9e778fae 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java @@ -187,7 +187,8 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac mProcessThread = null; } VpnStatus.removeByteCountListener(this); - unregisterDeviceStateReceiver(); + unregisterDeviceStateReceiver(mDeviceStateReceiver); + mDeviceStateReceiver = null; mOpenVPNThread = null; if (!mStarting) { stopForeground(!mNotificationAlwaysVisible); @@ -200,35 +201,31 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac firewallManager.stop(); } - synchronized void registerDeviceStateReceiver(OpenVPNManagement magnagement) { + synchronized void registerDeviceStateReceiver(DeviceStateReceiver newDeviceStateReceiver) { // Registers BroadcastReceiver to track network connection changes. IntentFilter filter = new IntentFilter(); filter.addAction(ConnectivityManager.CONNECTIVITY_ACTION); filter.addAction(Intent.ACTION_SCREEN_OFF); filter.addAction(Intent.ACTION_SCREEN_ON); - mDeviceStateReceiver = new DeviceStateReceiver(magnagement); // Fetch initial network state - mDeviceStateReceiver.networkStateChange(this); - - registerReceiver(mDeviceStateReceiver, filter); - VpnStatus.addByteCountListener(mDeviceStateReceiver); + newDeviceStateReceiver.networkStateChange(this); + registerReceiver(newDeviceStateReceiver, filter); + VpnStatus.addByteCountListener(newDeviceStateReceiver); } - synchronized void unregisterDeviceStateReceiver() { + synchronized void unregisterDeviceStateReceiver(DeviceStateReceiver deviceStateReceiver) { if (mDeviceStateReceiver != null) try { - VpnStatus.removeByteCountListener(mDeviceStateReceiver); - this.unregisterReceiver(mDeviceStateReceiver); + VpnStatus.removeByteCountListener(deviceStateReceiver); + this.unregisterReceiver(deviceStateReceiver); } catch (IllegalArgumentException iae) { // I don't know why this happens: // java.lang.IllegalArgumentException: Receiver not registered: de.blinkt.openvpn.NetworkSateReceiver@41a61a10 // Ignore for now ... iae.printStackTrace(); } - mDeviceStateReceiver = null; - } @Override @@ -469,14 +466,16 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac mProcessThread.start(); } - new Handler(getMainLooper()).post(() -> { - if (mDeviceStateReceiver != null) { - unregisterDeviceStateReceiver(); - } - registerDeviceStateReceiver(mManagement); - } + final DeviceStateReceiver oldDeviceStateReceiver = mDeviceStateReceiver; + final DeviceStateReceiver newDeviceStateReceiver = new DeviceStateReceiver(mManagement); - ); + guiHandler.post(() -> { + if (oldDeviceStateReceiver != null) + unregisterDeviceStateReceiver(oldDeviceStateReceiver); + + registerDeviceStateReceiver(newDeviceStateReceiver); + mDeviceStateReceiver = newDeviceStateReceiver; + }); } private void stopOldOpenVPNProcess() { @@ -538,6 +537,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac @Override public void onCreate() { super.onCreate(); + guiHandler = new Handler(getMainLooper()); notificationManager = new VpnNotificationManager(this); firewallManager = new FirewallManager(this, true); } diff --git a/app/src/main/java/se/leap/bitmaskclient/providersetup/fragments/ConfigureProviderFragment.java b/app/src/main/java/se/leap/bitmaskclient/providersetup/fragments/ConfigureProviderFragment.java index cdb255fc..f20bc9b6 100644 --- a/app/src/main/java/se/leap/bitmaskclient/providersetup/fragments/ConfigureProviderFragment.java +++ b/app/src/main/java/se/leap/bitmaskclient/providersetup/fragments/ConfigureProviderFragment.java @@ -223,8 +223,10 @@ public class ConfigureProviderFragment extends BaseSetupFragment implements Prop setupActivityCallback.onProviderSelected(provider); handler.postDelayed(() -> { if (!ProviderSetupObservable.isCanceled()) { - if (setupActivityCallback != null) { + try { setupActivityCallback.onConfigurationSuccess(); + } catch (NullPointerException npe) { + // callback disappeared in the meanwhile } } }, 750); diff --git a/app/src/main/java/se/leap/bitmaskclient/tor/ClientTransportPlugin.java b/app/src/main/java/se/leap/bitmaskclient/tor/ClientTransportPlugin.java index f13eb70e..b7909865 100644 --- a/app/src/main/java/se/leap/bitmaskclient/tor/ClientTransportPlugin.java +++ b/app/src/main/java/se/leap/bitmaskclient/tor/ClientTransportPlugin.java @@ -1,6 +1,6 @@ package se.leap.bitmaskclient.tor; /** - * Copyright (c) 2021 LEAP Encryption Access Project and contributors + * Copyright (c) 2024 LEAP Encryption Access Project and contributors * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -66,6 +66,7 @@ public class ClientTransportPlugin implements ClientTransportPluginInterface, Pr this.contextRef = new WeakReference<>(context); handlerThread = new HandlerThread("clientTransportPlugin", Thread.MIN_PRIORITY); loadCdnFronts(context); + IPtProxy.setStateLocation(context.getApplicationContext().getCacheDir() + "/pt_state"); } @Override @@ -96,18 +97,39 @@ public class ClientTransportPlugin implements ClientTransportPluginInterface, Pr private void startConnectionAttempt(boolean useAmpCache, @NonNull String logfilePath) { //this is using the current, default Tor snowflake infrastructure String target = getCdnFront("snowflake-target"); - String front = getCdnFront("snowflake-front"); + String fronts = getCdnFront("snowflake-fronts"); String stunServer = getCdnFront("snowflake-stun"); String ampCache = null; if (useAmpCache) { target = "https://snowflake-broker.torproject.net/"; ampCache = "https://cdn.ampproject.org/"; - front = "www.google.com"; + fronts = "www.google.com"; } - snowflakePort = IPtProxy.startSnowflake(stunServer, target, front, ampCache, logfilePath, false, false, true, 5); + + snowflakePort = startSnowflake(stunServer, target, fronts, ampCache, null, null, logfilePath, false, false, false, 5); Log.d(TAG, "startSnowflake running on port: " + snowflakePort); } +/** + StartSnowflake - Start IPtProxy's Snowflake client. + @param ice Comma-separated list of ICE servers. + @param url URL of signaling broker. + @param fronts Comma-separated list of front domains. + @param ampCache OPTIONAL. URL of AMP cache to use as a proxy for signaling. + Only needed when you want to do the rendezvous over AMP instead of a domain fronted server. + @param sqsQueueURL OPTIONAL. URL of SQS Queue to use as a proxy for signaling. + @param sqsCredsStr OPTIONAL. Credentials to access SQS Queue + @param logFile Name of log file. OPTIONAL. Defaults to no log. + @param logToStateDir Resolve the log file relative to Tor's PT state dir. + @param keepLocalAddresses Keep local LAN address ICE candidates. + @param unsafeLogging Prevent logs from being scrubbed. + @param maxPeers Capacity for number of multiplexed WebRTC peers. DEFAULTs to 1 if less than that. + @return Port number where Snowflake will listen on, if no error happens during start up. + */ + private long startSnowflake(String ice, String url, String fronts, String ampCache, String sqsQueueURL, String sqsCredsStr, String logFile, boolean logToStateDir, boolean keepLocalAddresses, boolean unsafeLogging, long maxPeers) { + return IPtProxy.startSnowflake(ice, url, fronts, ampCache, sqsQueueURL, sqsCredsStr, logFile, logToStateDir, keepLocalAddresses, unsafeLogging, maxPeers); + } + private void retryConnectionAttempt(boolean useAmpCache) { Log.d(TAG, ">> retryConnectionAttempt - " + (useAmpCache ? "amp cache" : "http domain fronting")); stopConnectionAttempt(); diff --git a/app/src/main/res/values/untranslatable.xml b/app/src/main/res/values/untranslatable.xml index 957788a5..13d0204a 100644 --- a/app/src/main/res/values/untranslatable.xml +++ b/app/src/main/res/values/untranslatable.xml @@ -1,14 +1,13 @@ <?xml version="1.0" encoding="utf-8"?> <resources> <string name="notifcation_title_bitmask" translatable="false">%s - %s</string> - <string name="copyright_leapgui" translatable="false">Copyright (c) 2012-2022\nLEAP Encryption Access Project <info@leap.se></string> - <string name="opevpn_copyright" translatable="false">Copyright (c) 2002-2019 OpenVPN Technologies, Inc. <sales@openvpn.net>\n - "OpenVPN" is a trademark of OpenVPN Technologies, Inc.</string> - <string name="lzo_copyright" translatable="false">Copyright (c) 1996 - 2011 Markus Franz Xaver Johannes Oberhumer</string> - <string name="copyright_openssl" translatable="false"> Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.\n\n + <string name="copyright_leapgui" translatable="false">Copyright (c) 2012-2024\nLEAP Encryption Access Project <info@leap.se></string> + <string name="opevpn_copyright" translatable="false">Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net></string> + <string name="lzo_copyright" translatable="false">Copyright (c) 1996 - 2011 Markus Franz Xaver Johannes Oberhumer.\nCopyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net></string> + <string name="copyright_openssl" translatable="false"> Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.\n\n This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)\n Copyright 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.</string> - <string name="copyright_okhttp" translatable="false">Copyright (c) 2022 Square, Inc.</string> + <string name="copyright_okhttp" translatable="false">Copyright (c) 2024 Square, Inc.</string> <string name="okhttp" translatable="false">OkHttp</string> <string name="openvpn" translatable="false">OpenVPN</string> <string name="lzo" translatable="false">LZO</string> @@ -18,12 +17,11 @@ https://github.com/schwabe/polarssl/blob/icsopenvpn_270/apache-2.0.txt </string> <string name="asio" translatable="false">Asio</string> - <string name="copyright_asio" translatable="false">Copyright (c) 2003-2018 Christopher M. Kohlhoff (chris at kohlhoff dot com).\n\nDistributed under the Boost Software License, Version 1.0.</string> + <string name="copyright_asio" translatable="false">Copyright (c) 2003-2024 Christopher M. Kohlhoff (chris at kohlhoff dot com).\n\nDistributed under the Boost Software License, Version 1.0.</string> <string name="openvpn3" translatable="false">OpenVPN 3</string> - <string name="copyright_openvpn3" translatable="false">GNU AFFERO GENERAL PUBLIC LICENSE\n - Version 3, 19 November 2007</string> + <string name="copyright_openvpn3" translatable="false">Copyright (C) 2012-2024 OpenVPN Inc.</string> <string name="unknown_state" translatable="false">Unknown state</string> - <string name="copyright_blinktgui" translatable="false">Copyright (c) 2012-2022 Arne Schwabe <arne@rfc2549.org></string> + <string name="copyright_blinktgui" translatable="false">Copyright (c) 2012-2024 Arne Schwabe <arne@rfc2549.org></string> <string name="defaultserver" translatable="false">openvpn.uni-paderborn.de</string> <string name="defaultport" translatable="false">1194</string> <string name="copyright_file_dialog" translatable="false">File Dialog based on work by Alexander Ponomarev</string> @@ -36,21 +34,21 @@ <string name="state_user_vpn_password_cancelled" translatable="false">VPN password input dialog cancelled</string> <string name="state_user_vpn_permission_cancelled" translatable="false">VPN API permission dialog cancelled</string> <string name="shapeshifter_library" translatable="false">Shapeshifter Library</string> - <string name="copyright_shapeshifter_library" translatable="false">Copyright (c) 2022, LEAP Encryption Access Project (info@leap.se)</string> + <string name="copyright_shapeshifter_library" translatable="false">Copyright (c) 2024, LEAP Encryption Access Project (info@leap.se)</string> <string name="shapeshifter_transports" translatable="false">Shapeshifter Transports</string> - <string name="copyright_shapeshifter_transports" translatable="false">Copyright (c) 2020 Operator Foundation. Distributed under MIT license.</string> + <string name="copyright_shapeshifter_transports" translatable="false">Copyright (c) 2024 Operator Foundation. Distributed under MIT license.</string> <string name="obfs4" translatable="false">obfs4 - The obfourscator</string> <string name="copyright_obfs4" translatable="false">Copyright (c) 2014, Yawning Angel \n yawning at schwanenlied dot me \n All rights reserved.</string> <string name="snowflake" translatable="false">Snowflake</string> - <string name="copyright_snowflake" translatable="false">Copyright (c) 2016, Serene Han, Arlo Breault \n Copyright (c) 2019-2020, The Tor Project, Inc.\nDistributed under 3-clause BSD license.</string> + <string name="copyright_snowflake" translatable="false">Copyright (c) 2016, Serene Han, Arlo Breault \n Copyright (c) 2019-2024, The Tor Project, Inc.\nDistributed under 3-clause BSD license.</string> <string name="iptproxy" translatable="false">IPtProxy</string> - <string name="copyright_iptproxy" translatable="false">Copyright (c) 2020 - 2021 Benjamin Erhart (berhart@netzarchitekten.com). Distributed under the MIT License</string> + <string name="copyright_iptproxy" translatable="false">Copyright (c) 2020 - 2024 Benjamin Erhart (berhart@netzarchitekten.com). Distributed under the MIT License</string> <string name="tor" translatable="false">Tor</string> - <string name="copyright_tor" translatable="false">Copyright (c) 2001-2004, Roger Dingledine \n Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson \n Copyright (c) 2007-2019, The Tor Project, Inc. \n Distributed under the 3-clause BSD license</string> + <string name="copyright_tor" translatable="false">Copyright (c) 2001-2004, Roger Dingledine \n Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson \n Copyright (c) 2007-2024, The Tor Project, Inc. \n Distributed under the 3-clause BSD license</string> <string name="tor_android" translatable="false">Tor Android</string> <string name="copyright_tor_android" translatable="false">Copyright (c) 2009-2010, Nathan Freitas, The Guardian Project. Distributed under the 3-clause BSD license.</string> <string name="circleImageView" translatable="false">CircleImageView</string> - <string name="copyright_circleImageView" translatable="false">Copyright 2014 - 2022 Henning Dodenhof. Licensed under the Apache License, Version 2.0 </string> + <string name="copyright_circleImageView" translatable="false">Copyright 2014 - 2024 Henning Dodenhof. Licensed under the Apache License, Version 2.0 </string> <!-- gateway selector, move to strings.xml, once the wording is clear --> <string name="no_location" translatable="false">---</string> diff --git a/app/src/test/resources/v4/riseup.net.cert b/app/src/test/resources/v4/riseup.net.cert index 5181a66b..68f1a31d 100644 --- a/app/src/test/resources/v4/riseup.net.cert +++ b/app/src/test/resources/v4/riseup.net.cert @@ -1,43 +1,43 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAoubdIK609+1LgeOFWDt++yaizzQRgmYWGfV7MtK3H5FB4BG9 -dE0Y6Psfs1T9wgtZ1qf4gI0njpS7m5PlwDFkBCbbQ+frhSVwi9tJoQo8Npvc9VU8 -+0h1JTyySPNgKKrXzOTtkRgnVenf5HLJoBsMOyqlFkcoV3Rw3ca+n/pw87iriCyY -HdQkh/i/psCG46s+p1O/C41dRoO4DQonCB68K0kA/EUM9KpTHxAw0f2Ug0X31st/ -z1apnCJn2LdzlW3qcgkrJgWJ0VkX1tImjuepfqYHme0m1yalavgUW27Hargl/MjY -420BDA+hVyxfq0BpXCDUb8JmHvL5j7g+7SR4BwIDAQABAoIBABI3oSkDgKdtORF4 -gTQBy0yI4JItb3vWsMgMZM+lMudr1iMZuMclzBBZ7QygB5TIsi5IMIknv/G4/lYC -ryHUJCw2sDSi3frQ2go55r0EqQEuYwJomt47Fyan6AQye2Fw4Zs/SrX8LoH0Gp6w -m421GKQRO88G/CLzmZ+jlzPKzRDkO06RBK0kt2d6c2avOsk5KCLy/VhvLyMrbORe -dSM+xHGIj1y83vgqy6mHFnDxRQrKTRskMrlZ04wIFf+ewke7eE7pBREki4ZPOGfi -/CIpI0G6i5B3QnoJxdQcpFIYOYFu/ty3wsDEzfsRqEc+VPcgzGkvRGG1ewsrgIQ7 -bQQQGRkCgYEAxSxKPb1rVb5blIP+Mq8TqK7TeLL8ZXzkclIhtVh4lcCNTJpRN0Yk -SnhlScWDg3gJ8Zb79pYz1PEiFjW0xK34VLXAWGeR2+YB8FUM1DpAJ1MEob1dA5ka -fifc865AQLRB6bkM9xSqdTb7pQp5E88CE5w3ZCyQlPuBPGuS/zblLU0CgYEA04EA -zaOZuaX0q/OvzLtsQqjbXHoCrd0pxEC2KZn+88sRvX0nk2sv8B58PMzYTrpKUHWg -dJhwqGHNJVI5+v+1kyMtDgyIi0Yqqe5IqBzuk24ts0znODCXP4rVz9u5WdcIpofl -Hhzg1svDtHPexswCaWF5HqHtyFA9dcENR0ZLIKMCgYEAvxAF+QHeSr4lXCrzXgXN -VP3kKee3MFjvvd/cji/m2aY2xe4bmSY88HTuIahlojXl3Ndj3TT7kPMBBuiP/K5g -HyXn90KVUrL1Wf/waI7xr6mAqYIn6d6oj2rtbqyB0rFZ1bPd3meGLgNTokAdx5Ym -+v27pzSP/e4g832CehClz1kCgYEAoTeNCDKzQ7qHVObMUy9t5yXVB5mNH0AczRZS -hEV4/BYHMLwMhadHhC2In8O5AdGoQcpXg2iLPx5FhDQ4M+XkXwKKHlJZZmgWry8N -vO9Iv6JVPX3aJY+MSogmUGl40E1Dr8SYVarHi5MIWy2TW084a2E8NKhTmsPnBTIh -T/n53CcCgYBuDeK4NoLne7h8q6TpSk/1p7fDkE/G5ueCcBOOrZBHan8y+VkUH1ZM -rPkO8MprbJ+q/wBBfUvurycdHxtOQaahv7ZwIfKsXxGHShrhZseOTi1Wkkfw9kt2 -CE2U7O5Pn9KBKUwuPihaEqCtSjiSJKZr02UapFjS9R0FTAbf7LwYNg== +MIIEowIBAAKCAQEA0OFWdcdiZtUfFQuADyIZyuFcIS5HIJIVaVY+D9g5bNqeqp6S +xvtxTxykmm4A68Huwp99J20FWVUeNcPkscjtDxyWAcN9QcDFpgiYd0cQAsSDWX86 +sFd9pTzrWzO19kDfoHyMRlOEh0PAND5g/qTUPCDQzBudnf+0KwsxsoZUguRpWl7J +jApGSWkuVH9gUmHSZFTX4U5jTgs3OVs9uih8aGtUlJPrH+1vlcQPMCSFopnziwq8 +OlTrunwUl7E2JN8E304vxZb6OrVo3VBqaVcY0emI0BFgqLDRokeDfhJfeLFV9IzX +mI+e7K9e18Wx/8Ne8z2NfZx1usDEzT0PKZVHqQIDAQABAoIBAHHY388CBVgXAQHv +arTU2UoC2rwbBRlzhcgMAXeRWntCDQjhtQ5PLcr4yZ6CJm5ZHVFmrEg425l9EyIq +yxM7eDmsUvZTHoogD5oXRUJ9sPRRN2YoOkyy4wCU25Kx9JNreHd4atxJ2QoAm1ne +Re+E10iOej9FLftXy1NKnqO3I4jTCKK6aUj3gayT7ot9Kr4v09S7G7gtgklbDqHY +7Y88YNgb4E/P7j36BawiHE6tLT4ssrV8BpA5c9Tfc4208Z8s7PO9hOmr4VowJGk1 +JStWhZI4OBdTWFX3qYiKI1mDN1B7B02DYXz5g0zsA0ItLstTpY3/8dFNw0Ki0FoD +EkF3MAECgYEA/Okk6yV/d7cRdnN6IKI6tMPSPRO254OWB21aJgLZEmprkVqtxDL5 +7hw7le7duZt+xmVlo7QqfRuVC4dbCO11+iTcS7FTe2ZnIYY3rdibqqSmGIFtuwI6 +B5ZRbl+sTpLp3QdVlazpyokwX4qtMkpJda95pBo4jU03CHIV+QF168ECgYEA026C +bQaALllPyJ/56L6VLyOHIYQxwQCLJWJW3qquwuLnOGRh5QFq9yOW+eigU224ueNu +p/IDL58qZpjnlSKNBMK9oCSn3fYuEQjSzLr2In1RlXaiY1yd5SomgKcYXxNmoqmZ +TqVyzLeNydIb/US9C0ChObSUUrlKiAg41Gsi9ekCgYB81yDwKdxX3bfy/mGEhk/w +NtEqcPbSJPQDyoi7RqCcJIfggiBQPtF8JdeL1RMBsa3MhPS88AwhIWJbBH99Uqnv +xg4wFuIcgZnaxIPrfoaonwmWAx2FOD4ozJx5nSRSzNY/0oT+kxH8dee44Z1Iu76z +JuEmjgLoTPsjYh1SgtQQgQKBgG8rbQKcZ2t3ZF7t1r5M7y4Q9S1nT63WdlNayKhd +gHRSUBczmNGLlE2L9gdDDIGxcG61Keq+cnRosSevAB1HRHSbXI9Glsk7du9X/1bM +ezyZPftjnHC4MwFaz1HYChV7ovymRki274y6eqACjNr3eJrhCaTI0TBJ4ulxwUfX +aVN5AoGBAOAOfg8N2u+uZ1xrAKOoEkyYFzrkn2pq7e/9ewELoQEOCfF/Ad35Vz8h +7cjmCkyZaTls6onJNHodK2H/O6DOZE/A1onUlyimScrfKiuwErCFSRMdulqFLEH+ +/i462yddISZFriuuWH/Q4HktO+kWVtl5eLNAXUj8+8s82cN/O9or -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIICdjCCAh2gAwIBAgIQEvFlsBeZpYERAhfR59N3ijAKBggqhkjOPQQDAjAzMTEw +MIICdzCCAh2gAwIBAgIQAh39shpuOn8d0h0Ce/7QdDAKBggqhkjOPQQDAjAzMTEw LwYDVQQDDChMRUFQIFJvb3QgQ0EgKGNsaWVudCBjZXJ0aWZpY2F0ZXMgb25seSEp -MB4XDTI0MDIxNzE2MDgxNVoXDTI0MDMyMzE2MDgxNVowFDESMBAGA1UEAxMJVU5M -SU1JVEVEMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoubdIK609+1L -geOFWDt++yaizzQRgmYWGfV7MtK3H5FB4BG9dE0Y6Psfs1T9wgtZ1qf4gI0njpS7 -m5PlwDFkBCbbQ+frhSVwi9tJoQo8Npvc9VU8+0h1JTyySPNgKKrXzOTtkRgnVenf -5HLJoBsMOyqlFkcoV3Rw3ca+n/pw87iriCyYHdQkh/i/psCG46s+p1O/C41dRoO4 -DQonCB68K0kA/EUM9KpTHxAw0f2Ug0X31st/z1apnCJn2LdzlW3qcgkrJgWJ0VkX -1tImjuepfqYHme0m1yalavgUW27Hargl/MjY420BDA+hVyxfq0BpXCDUb8JmHvL5 -j7g+7SR4BwIDAQABo2cwZTAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB -BQUHAwIwHQYDVR0OBBYEFIPsBEktjxealc2usc6QdNNK2xHFMB8GA1UdIwQYMBaA -FH1KYtj/K0nEebaisdyOPmMHXKj+MAoGCCqGSM49BAMCA0cAMEQCIHMF70zfZQ7Y -lcz0IDjFbHO/Xd+Mh0QSdcz6lU4OdXO4AiABPaZ/DUa2qBX8AWO4itwTEQYroeF8 -0onH42V60UWxEA== +MB4XDTI0MDQwODEwNDI0OFoXDTI0MDUxMzEwNDI0OFowFDESMBAGA1UEAxMJVU5M +SU1JVEVEMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0OFWdcdiZtUf +FQuADyIZyuFcIS5HIJIVaVY+D9g5bNqeqp6SxvtxTxykmm4A68Huwp99J20FWVUe +NcPkscjtDxyWAcN9QcDFpgiYd0cQAsSDWX86sFd9pTzrWzO19kDfoHyMRlOEh0PA +ND5g/qTUPCDQzBudnf+0KwsxsoZUguRpWl7JjApGSWkuVH9gUmHSZFTX4U5jTgs3 +OVs9uih8aGtUlJPrH+1vlcQPMCSFopnziwq8OlTrunwUl7E2JN8E304vxZb6OrVo +3VBqaVcY0emI0BFgqLDRokeDfhJfeLFV9IzXmI+e7K9e18Wx/8Ne8z2NfZx1usDE +zT0PKZVHqQIDAQABo2cwZTAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB +BQUHAwIwHQYDVR0OBBYEFETwjXTp5v7YT0/Xp9Nt2HpZcOzfMB8GA1UdIwQYMBaA +FH1KYtj/K0nEebaisdyOPmMHXKj+MAoGCCqGSM49BAMCA0gAMEUCIQCMavb+KPlg +gdx7YX0wllm3hP/06rdnGsljxCwJAtBztgIgd1EHzAYmWQ2pmcW3/8utGdCj+41x +fOUCgjLYY1ww/Sw= -----END CERTIFICATE----- |