commit 8f89fe12d7bb4f36494b80515bf76ef2ce4538b6 Author: Martin Donnelly Date: Wed Apr 4 22:13:47 2018 +0100 init diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000..ee8c001 Binary files /dev/null and b/.DS_Store differ diff --git a/README.md b/README.md new file mode 100644 index 0000000..0558c60 --- /dev/null +++ b/README.md @@ -0,0 +1,122 @@ +# Summary +This directory contains scripts for starting a VM running MongoDB, configured in a similar way +to the one on the real servers. This readme contains various sections that should be read +and understood to start and stop the server. + +The sections are: + +* **Connection Information**: The connection details for the database that is created +* **Setup**: Steps required for setup +* **Maintenance**: How to bring mongo up again if the VM wasn't suspended properly +* **Robo3T connection setup guide**: How to connect to the MongoDB using Robo3T + +Note, the information on connecting a local server to the MongoDB is contained in the top-level README.md. + +# Connection information: + +* ip address: `172.16.0.20` (machine local only) +* username/password: `mdbadmin`/`abc123` (full control) +* Authentication Database: `MDB` (case sensitive) +* SSL: Enabled +* SSL Keys: `path/to/bridge-local-dev/mongodb/mongo/keys/mongodb.pem` (generated on first run) + +There is also a root user on the `admin` database as `admin`/`abc123`. + +# Setup + +## Pre-requisites + +1. Install [Virtual Box](https://www.virtualbox.org/). +2. Install [Vagrant](https://www.vagrantup.com/). +3. [Optional] Download a copy of the dev server database to devdump/dump using mongodump. + WARNING: delete the `SystemLog` backup as they always seem to fail to restore. + +## To Start + +1. `vagrant up` from the shell/console + +The first time, This will create and start an entirely new VM, download and install all packages, etc. +After that, this will only start up the suspended VM again. + +NOTE: if the PC is rebooted without suspending the VM, the VM will be "powered down" and will not +have mongodb running next time it is resumed with `mongo up`. See *Maintenance* section below for +how to bring MongoDB up again. + +## To Stop + +1. `vagrant suspend` + +This will suspend the VM, retaining all data. + +## To Reset + +1. `vagrant destroy` +2. `vagrant up` + +This will entirely reset the VM, losing all previous data. You have been warned! + +# Maintenance +Login to the VM from the host using: + +1. `vagrant ssh` + +## Restarting MongoDB + +### Checking mongo is not working + +Once Vagrant is working + +1. `ps -a` or `ps -ax` + - You will be able to find a line similar to: "mongod --port: xxx ... " +If there is no line, then mongo isn't running. + +### Starting mongo again + +1. `more /vagrant/mongo/initdb.sh` or go to your MongoDB initdb.sh file +2. Copy the last line starting `mongod` printed in your terminal, if you run the line. If you opened the file, copy the last line of the file starting `mongod`. +3. Sudo the line, it should look something like: + - `sudo mongod --port 27017 --dbpath /var/lib/mongodb/ --smallfiles --oplogSize 128 --sslMode requireSSL --sslPEMKeyFile /vagrant/mongo/keys/mongodb.pem &` +4. `ps -a` + - mongo should appear running now + +# Robo3T connection setup guide + +Basic setup info to get a connection working through Mongo3T. + +Create a new Connection with the following configuration: + +### Connection Tab + +* Type: Direct Connection +* Name: Local Dev +* Address: 172.16.0.20 +* Port: 27017 + +### Authentication Tab + +* Perform authentication: TRUE +* Database: MDB +* User Name: mdbadmin +* Auth Mechanism: SCRAM-SHA-1 + +### SSH Tab + +* Use SSH tunnel: FALSE + +### SSL Tab + +* Use SSL protocol: TRUE +* Authentication Method: Self-signed Certificate +* Use PEM Cert./Key: TRUE +* PEM Certificate/Key: path/to/bridge-local-dev/mongodb/mongo/keys/mongodb.pem [1] +* Passphrase: +* Ask for passphrase each time: FALSE +* Advanced Options: FALSE + +[1]: MongoDB as configured doesn't verify the CA of the client cert provided, so actually *any* pem + file will do, but this is an easy one to get. +### Advanced Tab + +* Default Database: + +Note: It defaults to MDB due to the Authentication database setting above. diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..1b2e6d2 --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,45 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure(2) do |config| + # + # Mongo box definition + # + config.vm.define "mongo" do |mongo| + # Every Vagrant development environment requires a box. You can search for + # boxes at https://atlas.hashicorp.com/search. + mongo.vm.box = "ubuntu/trusty64" + + config.vm.provider "virtualbox" do |v| + v.memory = 2048 + v.cpus = 2 + end + + # MongoDB ports forwarded to local machine + mongo.vm.network "forwarded_port", guest: 27017, host: 27018 + mongo.vm.network "forwarded_port", guest: 28017, host: 28018 + + # Create a private network, which allows host-only access to the machine + mongo.vm.network "private_network", ip: "172.16.0.20" + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # mongo.vm.synced_folder "./data", "/vagrant_data" + + # Enable provisioning with a shell script. Additional provisioners such as + # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the + # documentation for more information about their specific syntax and use. + # config.vm.provision "shell", inline: <<-SHELL + # sudo apt-get update + # sudo apt-get install -y apache2 + # SHELL + mongo.vm.provision :shell, path: "mongo/bootstrap.sh" + end + +end diff --git a/mongo/bootstrap.sh b/mongo/bootstrap.sh new file mode 100755 index 0000000..2460cc3 --- /dev/null +++ b/mongo/bootstrap.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash + +#if []; then + # Import the MongoDB public key (was #7F0CEB10) (3.2.0 = EA312927) + apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927 + + # Set up the list files + echo "deb http://repo.mongodb.org/apt/ubuntu "$(lsb_release -sc)"/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list + + # Update to get the MongoDB packages + apt-get update + + # Install specific version of mongodb + apt-get install -y mongodb-org=3.2.1 mongodb-org-server=3.2.1 mongodb-org-shell=3.2.1 mongodb-org-mongos=3.2.1 mongodb-org-tools=3.2.1 + + # Pin that specific version so it doesn't get updated by apt-get + echo "mongodb-org hold" | dpkg --set-selections + echo "mongodb-org-server hold" | dpkg --set-selections + echo "mongodb-org-shell hold" | dpkg --set-selections + echo "mongodb-org-mongos hold" | dpkg --set-selections + echo "mongodb-org-tools hold" | dpkg --set-selections + + # Generate our trial certificates + mkdir /vagrant/mongo/keys + openssl req -subj '/CN=Comcarde-Developer/O=Comcarde Engineer Developer Cert/C=UK' -newkey rsa:2048 -new -x509 -days 365 -nodes -out /vagrant/mongo/keys/mongodb-cert.crt -keyout /vagrant/mongo/keys/mongodb-cert.key + cat /vagrant/mongo/keys/mongodb-cert.key /vagrant/mongo/keys/mongodb-cert.crt > /vagrant/mongo/keys/mongodb.pem +#fi + + +# Call the script to setup the data +chmod a+x /vagrant/mongo/initdb.sh +/vagrant/mongo/initdb.sh diff --git a/mongo/initdb.sh b/mongo/initdb.sh new file mode 100755 index 0000000..bbd8073 --- /dev/null +++ b/mongo/initdb.sh @@ -0,0 +1,51 @@ +#!/usr/bin/env bash + +# Stop the mongo service, and start a custom one with our config +service mongod stop +killall mongod +sleep 5 + +rm -rf /var/lib/mongodb/* + +# Start up main mongo +echo "=================== STARTING MAIN MONGODs =================================" +mongod --port 27017 --dbpath /var/lib/mongodb/ --smallfiles --oplogSize 128 & +sleep 10 + +# +# Create the user using mongo shell +# +echo "=================== ADDING ADMIN USER =================================" +mongo --port 27017 --eval "db = db.getSiblingDB('admin'); db.createUser({user: 'admin', pwd: 'abc123', roles:[{role: 'root', db: 'admin'}]})" +mongo --port 27017 --eval "db = db.getSiblingDB('MDB'); db.createUser({user: 'mdbadmin', pwd: 'abc123', roles:[{role: 'dbOwner', db: 'MDB'}]})" + +# +# Restore the data to the database +# +if [ -d /vagrant/devdump/dump/MDB/ ]; +then + echo "=================== RESTORE STARTING =================================" + + mongorestore --host localhost:27017 -u mdbadmin -p abc123 --authenticationDatabase MDB --db=MDB --drop --numInsertionWorkersPerCollection=2 /vagrant/devdump/dump/MDB/ + sleep 5 + echo "=================== RESTORE DONE =================================" +else + echo "=================== NO BACKUP DATA TO RESTORE ===================" + echo "Initialise database." + mongo /vagrant/mongo/initialise_fresh_db.js --host localhost:27017 -u mdbadmin -p abc123 --authenticationDatabase MDB +fi + +# +# Kill and restart the databases +# +killall mongod +sleep 5 + +# +# Restart the main mongo, plus 2 others for the replicaset +# +echo "================== STARTING MONGODs AGAIN WITH SSL ===============================" +mongod --port 27017 --dbpath /var/lib/mongodb/ --smallfiles --oplogSize 128 --sslMode requireSSL --sslPEMKeyFile /vagrant/mongo/keys/mongodb.pem & +sleep 5 + +echo "=================== DATABASE INITIALISATION DONE =================================" diff --git a/mongo/initialise_fresh_db.js b/mongo/initialise_fresh_db.js new file mode 100644 index 0000000..11db8d9 --- /dev/null +++ b/mongo/initialise_fresh_db.js @@ -0,0 +1,103 @@ +print('------------------- Initialising Database Collections and Indexes --------------------------------'); +/** + * Mongo shell defaults to the 'test' database unless told otherwise. So explictly choose the MDB database. + */ +db = db.getSiblingDB('MDB'); +print('Creating collections in:'); +printjson(db); +print('Existing collections:'); +printjson(db.getCollectionNames()); + +print('Adding collections. This may take some time...'); + +db.createCollection('Account'); +db.Account.dropIndexes(); +db.Account.createIndex({'ClientID':1},{'unique':false,'sparse':true,'name':'getAccountByClientID'}); + +db.createCollection('AccountArchive'); +db.AccountArchive.dropIndexes(); +db.AccountArchive.createIndex({'ClientID':1},{'unique':false,'sparse':true,'name':'getAccountByClientID'}); + +db.createCollection('Address'); +db.Address.dropIndexes(); +db.Address.createIndex({'ClientID':1},{'unique':false,'sparse':true,'name':'getAddressesForClientID'}); +db.Address.createIndex({'_id':1,'ClientID':1},{'unique':true,'sparse':true,'name':'getAddressForClientID'}); + +db.createCollection('AddressArchive'); +db.AddressArchive.dropIndexes(); +db.AddressArchive.createIndex({'ClientID':1},{'unique':false,'sparse':true,'name':'getAddressArchiveForClientID'}); + +db.createCollection('BridgeLogin'); +db.BridgeLogin.dropIndexes(); + +db.createCollection('Client'); +db.Client.dropIndexes(); +db.Client.createIndex({'ClientID':1},{'unique':true,'sparse':true,'name':'getClientByClientID'}); +db.Client.createIndex({'ClientName':1},{'unique':true,'sparse':true,'name':'getClientByClientName'}); + +db.createCollection('ClientArchive'); +db.ClientArchive.dropIndexes(); +db.ClientArchive.createIndex({'ClientID':1},{'unique':false,'sparse':true,'name':'getClientByClientID'}); + +db.createCollection('Device'); +db.Device.dropIndexes(); +db.Device.createIndex({'DeviceToken':1},{'unique':true,'name':'getDevicesByToken'}); +db.Device.createIndex({'DeviceNumber':1},{'unique':true,'sparse':true,'name':'getDevicesByNumber'}); +db.Device.createIndex({'ClientID':1},{'unique':false,'name':'getDevicesByClientID'}); + +db.createCollection('DeviceArchive'); +db.DeviceArchive.dropIndexes(); +db.DeviceArchive.createIndex({'ClientID':1},{'unique':false,'name':'getDevicesByClientID'}); + +db.createCollection('Images'); +db.Images.dropIndexes(); +db.Images.createIndex({'ClientID':1},{'unique':false,'sparse':true,'name':'getImagesByClientID'}); + +db.createCollection('Items'); +db.Items.dropIndexes(); +db.Items.createIndex({'ClientID':1},{'unique':false,'sparse':true,'name':'getItemsByClientID'}); + +db.createCollection('Messages'); +db.Messages.dropIndexes(); +db.Messages.createIndex({'ClientID':1,'TimeFilter':1},{'unique':false,'sparse':true,'name':'getMessagesByClientIDandTime'}); + +db.createCollection('MessagesArchive'); +db.MessagesArchive.dropIndexes(); +db.MessagesArchive.createIndex({'ClientID':1},{'unique':false,'sparse':true,'name':'getMessagesByClientID'}); + +db.createCollection('PayCode'); +db.PayCode.dropIndexes(); +db.PayCode.createIndex({'PayCode':1},{'unique':true,'sparse':true,'name':'getCurrentPayCodes'}); +db.PayCode.createIndex({'Expiry':1},{expireAfterSeconds:0,'name':'payCodeTTL'}); + +db.createCollection('SystemLog'); +db.SystemLog.dropIndexes(); +db.SystemLog.createIndex({'DateTime':-1},{'unique':false,'sparse':true,'name':'getEntryByTime'}); + +db.createCollection('Transaction'); +db.Transaction.dropIndexes(); +db.Transaction.createIndex({'MerchantInvoiceNumber.InvoiceNumber':-1,'MerchantInvoiceNumber.MerchantID':-1,'MerchantInvoiceNumber.MerchantIndex':1},{'unique':true,partialFilterExpression:{MerchantInvoiceNumber:{$exists:true}},name:'MerchantInvoiceNumberIndex'}); + +db.createCollection('TransactionArchive'); +db.TransactionArchive.dropIndexes(); +db.TransactionArchive.createIndex({'CustomerClientID':1},{'unique':false,'sparse':true,'name':'getTransactionsByClientID'}); + +db.createCollection('TransactionHistory'); +db.TransactionHistory.dropIndexes(); +db.TransactionHistory.createIndex({'ClientID':1,'AccountID':1,'SaleTime':1},{'unique':false,'sparse':true,'name':'getHistoryByClient'}); +db.TransactionHistory.createIndex({'AccountID':1},{'unique':false,'sparse':true,'name':'getHistoryByAccount'}); +db.TransactionHistory.createIndex({'OtherImage':1},{'unique':false,'sparse':true,'name':'findImage'}); + +db.createCollection('TwoFARequests'); +db.TwoFARequests.dropIndexes(); +db.TwoFARequests.createIndex({'RequestExpiry':1},{'unique':false,expireAfterSeconds:0,'name':'requestTTL'}); + +db.createCollection('WebConsoleSessions'); +db.WebConsoleSessions.dropIndexes(); +db.WebConsoleSessions.createIndex({'expires': 1}, {expireAfterSeconds: 60, 'name': 'webConsoleSessionsTTL'}); + +print('Collections added.'); +print('Updated Collections:'); +printjson(db.getCollectionNames()); + +print('------------------- DONE Initialising Database --------------------------------'); diff --git a/mongo/keys/mongodb-cert.crt b/mongo/keys/mongodb-cert.crt new file mode 100644 index 0000000..645a414 --- /dev/null +++ b/mongo/keys/mongodb-cert.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfTCCAmWgAwIBAgIJALauR/O3nldtMA0GCSqGSIb3DQEBCwUAMFUxGzAZBgNV +BAMMEkNvbWNhcmRlLURldmVsb3BlcjEpMCcGA1UECgwgQ29tY2FyZGUgRW5naW5l +ZXIgRGV2ZWxvcGVyIENlcnQxCzAJBgNVBAYTAlVLMB4XDTE4MDMxNDE0NDEzNloX +DTE5MDMxNDE0NDEzNlowVTEbMBkGA1UEAwwSQ29tY2FyZGUtRGV2ZWxvcGVyMSkw +JwYDVQQKDCBDb21jYXJkZSBFbmdpbmVlciBEZXZlbG9wZXIgQ2VydDELMAkGA1UE +BhMCVUswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHl24E4QWOuXNY +XQJERg+AQY737tfxkIsTZHNtGBoZyLYilEHBXUdqHUODDtSTIFHkayZnsy5NliBk +dr5XZlMqvsA8VKIXpWyy4NqUrypt0GlHuIZ6YKnugE/u6r7YxswpqtwvZh5wG1r0 +e5Lca3WGEfdmIdJCJatO3VT8KXMi0/14FK/8uLbumgXAAK9ehAiKV2KAkx9Dm1tR +5jbBOeoyDDflUQsysim2MfZLt6Xz6aEsv5RIaaix2skQ1QcCEYCrWG3t46xqIv5r +HjsoZmB40EzxCwTAafMwIBRF5qCCQGBny1O6vDOC0s4hG+v8xsZujfnQ7E/NBd5h +Yn11FeVzAgMBAAGjUDBOMB0GA1UdDgQWBBT+da0Ume6t/7a3MV9WsCitwj57IjAf +BgNVHSMEGDAWgBT+da0Ume6t/7a3MV9WsCitwj57IjAMBgNVHRMEBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQCfkiFUSUNWxE6Nw4IJqGjgwIskn4GvBMJM9MAs2fDZ +6cg5ujGFvTsXHxWRPYkKFNrBfuokvfEQG+SvQT2yL9mufTmX6G6gCnkJeXrHy27d +MpqRPhoV0RzG59qh1XIGfSZi84qBYuYMD3NuLD8nOTNunPIl0r21K60Lfy1krZEL +mVdHhlv1kSdY8N9RLDXuThKkbr8r1SB9Qeyi52VWpER3SteFm8kt5QbspvUzsqfE +L9sdZw9s9J2aOzjkioxg3O3ZmXdriC0zvbjRTgwWqT9DdBgB3Mx/Zux4heMasKDl +6BUkHwEdNtFetPi1Zf5K7H9M6zxrha9rra1w/Pxmj6rH +-----END CERTIFICATE----- diff --git a/mongo/keys/mongodb-cert.key b/mongo/keys/mongodb-cert.key new file mode 100644 index 0000000..6a09a3b --- /dev/null +++ b/mongo/keys/mongodb-cert.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDHl24E4QWOuXNY +XQJERg+AQY737tfxkIsTZHNtGBoZyLYilEHBXUdqHUODDtSTIFHkayZnsy5NliBk +dr5XZlMqvsA8VKIXpWyy4NqUrypt0GlHuIZ6YKnugE/u6r7YxswpqtwvZh5wG1r0 +e5Lca3WGEfdmIdJCJatO3VT8KXMi0/14FK/8uLbumgXAAK9ehAiKV2KAkx9Dm1tR +5jbBOeoyDDflUQsysim2MfZLt6Xz6aEsv5RIaaix2skQ1QcCEYCrWG3t46xqIv5r +HjsoZmB40EzxCwTAafMwIBRF5qCCQGBny1O6vDOC0s4hG+v8xsZujfnQ7E/NBd5h +Yn11FeVzAgMBAAECggEBAI0BcnyH7ME0S0T2EI/jXzghGLwYRP8oOtjsco90I5xr +rCEp1HqjR7y0B+ojJBL9Fl3lRTCl6eRuV1wid76PT9o3AOCeehVyjSSirkm0pqkG +QBqnRnpWqDcS92W2+jVz3PDjAMOLxZ019kAavVpzoIejUcEZy81nh2sj+tJbBjhn +g7PmlP+rr+7r8h3Seg6+IAHGQ6FgkYYvV/eDRLk3gErySIfhQXk1qiOL6eNfJGBn +m/xuGGUmVopDXBlpJpJA/bHMRhmRTm408YMxaqj9qAU5kRsfs9zc9/WuDKiScwiH +Cp88hyOYjNyvNEbsE5Z1/lSR7nnW4d3FpBeCEYKJgOECgYEA863sdA2YcZBQKkEa +25+b4QF2zarDh+i6PX8jC5KK3U1zjazD1Mz1tqK2PunztTdcoGKiBpHXE0xDeZXP +/8AfFREzBRjm6eC/KqDZMtQe9okGSDyLWjVM3Ubay5RnSjDXnV+/QWYH1DhR0eq4 +Fx1QZVkWhWvCEOwuYZW2N9AGOk8CgYEA0a7aRJ0MJaN9+wY0OzNZk09AOmFSTnzS +1uEkdVvd6DtvIf4cDmtFIkcA8GFiOwG1prr55aGGSdfVxuJMIiebxISG/Rd5JNNf +oG8+V9M/sIRcIUxNguKaN4k0/kGi7M4is3iJe1ywvhkjoCa6vGuEry+EwIWaRJpW +LvBO6YDn7Z0CgYEAzhLUt2RT+h4gHUvHqdn12jgBv3ZdO0+OSLl+6qd4NiTsxvBH +AGyAk35Q/y2cgzEZbS1cdo/ZQiGpomYWa+OOpaNQ8UuY5ErDgApdBEYtFTLWFDrX +YmdW5H6qQ6XyH+TkQtuZA3aEwm0KjKqiGjIZLkxD5ns1uFfz9WTFn7eVvLMCgYAf +cb1BtNtxeYcW8eM7TYQNV0EmgBm7s3RazQCOqOwqO197FYRXlTaU4Vj+s1vrxWHc +UwXOrd5ZjIh+fsk0BgSR/93Oboq4PwqEIKqUuRU//1lhlPO6wQinc2gDCQzJvk/t +4hGb8lZ+634wMh6myujm7JVX2bE8wHhUKa1rzuz48QKBgQDXlgo/8Pvtk9uy5gCG +7JaF/iMqfMQ5yhA7MLSH5oN1JkSnBUoRqM88FHv3GxUAqMKqYqpd8tj0EfQLpgti +hh59tpFyLN5uOvGwtHtPBANXb6pBn8EX2Isps2DZiH87cst57iMQqHpmu+Ed18ho +eZMk5PqnH0jOsjDyxxPlrR1IJQ== +-----END PRIVATE KEY----- diff --git a/mongo/keys/mongodb.pem b/mongo/keys/mongodb.pem new file mode 100644 index 0000000..d9b7545 --- /dev/null +++ b/mongo/keys/mongodb.pem @@ -0,0 +1,49 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDHl24E4QWOuXNY +XQJERg+AQY737tfxkIsTZHNtGBoZyLYilEHBXUdqHUODDtSTIFHkayZnsy5NliBk +dr5XZlMqvsA8VKIXpWyy4NqUrypt0GlHuIZ6YKnugE/u6r7YxswpqtwvZh5wG1r0 +e5Lca3WGEfdmIdJCJatO3VT8KXMi0/14FK/8uLbumgXAAK9ehAiKV2KAkx9Dm1tR +5jbBOeoyDDflUQsysim2MfZLt6Xz6aEsv5RIaaix2skQ1QcCEYCrWG3t46xqIv5r +HjsoZmB40EzxCwTAafMwIBRF5qCCQGBny1O6vDOC0s4hG+v8xsZujfnQ7E/NBd5h +Yn11FeVzAgMBAAECggEBAI0BcnyH7ME0S0T2EI/jXzghGLwYRP8oOtjsco90I5xr +rCEp1HqjR7y0B+ojJBL9Fl3lRTCl6eRuV1wid76PT9o3AOCeehVyjSSirkm0pqkG +QBqnRnpWqDcS92W2+jVz3PDjAMOLxZ019kAavVpzoIejUcEZy81nh2sj+tJbBjhn +g7PmlP+rr+7r8h3Seg6+IAHGQ6FgkYYvV/eDRLk3gErySIfhQXk1qiOL6eNfJGBn +m/xuGGUmVopDXBlpJpJA/bHMRhmRTm408YMxaqj9qAU5kRsfs9zc9/WuDKiScwiH +Cp88hyOYjNyvNEbsE5Z1/lSR7nnW4d3FpBeCEYKJgOECgYEA863sdA2YcZBQKkEa +25+b4QF2zarDh+i6PX8jC5KK3U1zjazD1Mz1tqK2PunztTdcoGKiBpHXE0xDeZXP +/8AfFREzBRjm6eC/KqDZMtQe9okGSDyLWjVM3Ubay5RnSjDXnV+/QWYH1DhR0eq4 +Fx1QZVkWhWvCEOwuYZW2N9AGOk8CgYEA0a7aRJ0MJaN9+wY0OzNZk09AOmFSTnzS +1uEkdVvd6DtvIf4cDmtFIkcA8GFiOwG1prr55aGGSdfVxuJMIiebxISG/Rd5JNNf +oG8+V9M/sIRcIUxNguKaN4k0/kGi7M4is3iJe1ywvhkjoCa6vGuEry+EwIWaRJpW +LvBO6YDn7Z0CgYEAzhLUt2RT+h4gHUvHqdn12jgBv3ZdO0+OSLl+6qd4NiTsxvBH +AGyAk35Q/y2cgzEZbS1cdo/ZQiGpomYWa+OOpaNQ8UuY5ErDgApdBEYtFTLWFDrX +YmdW5H6qQ6XyH+TkQtuZA3aEwm0KjKqiGjIZLkxD5ns1uFfz9WTFn7eVvLMCgYAf +cb1BtNtxeYcW8eM7TYQNV0EmgBm7s3RazQCOqOwqO197FYRXlTaU4Vj+s1vrxWHc +UwXOrd5ZjIh+fsk0BgSR/93Oboq4PwqEIKqUuRU//1lhlPO6wQinc2gDCQzJvk/t +4hGb8lZ+634wMh6myujm7JVX2bE8wHhUKa1rzuz48QKBgQDXlgo/8Pvtk9uy5gCG +7JaF/iMqfMQ5yhA7MLSH5oN1JkSnBUoRqM88FHv3GxUAqMKqYqpd8tj0EfQLpgti +hh59tpFyLN5uOvGwtHtPBANXb6pBn8EX2Isps2DZiH87cst57iMQqHpmu+Ed18ho +eZMk5PqnH0jOsjDyxxPlrR1IJQ== +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDfTCCAmWgAwIBAgIJALauR/O3nldtMA0GCSqGSIb3DQEBCwUAMFUxGzAZBgNV +BAMMEkNvbWNhcmRlLURldmVsb3BlcjEpMCcGA1UECgwgQ29tY2FyZGUgRW5naW5l +ZXIgRGV2ZWxvcGVyIENlcnQxCzAJBgNVBAYTAlVLMB4XDTE4MDMxNDE0NDEzNloX +DTE5MDMxNDE0NDEzNlowVTEbMBkGA1UEAwwSQ29tY2FyZGUtRGV2ZWxvcGVyMSkw +JwYDVQQKDCBDb21jYXJkZSBFbmdpbmVlciBEZXZlbG9wZXIgQ2VydDELMAkGA1UE +BhMCVUswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHl24E4QWOuXNY +XQJERg+AQY737tfxkIsTZHNtGBoZyLYilEHBXUdqHUODDtSTIFHkayZnsy5NliBk +dr5XZlMqvsA8VKIXpWyy4NqUrypt0GlHuIZ6YKnugE/u6r7YxswpqtwvZh5wG1r0 +e5Lca3WGEfdmIdJCJatO3VT8KXMi0/14FK/8uLbumgXAAK9ehAiKV2KAkx9Dm1tR +5jbBOeoyDDflUQsysim2MfZLt6Xz6aEsv5RIaaix2skQ1QcCEYCrWG3t46xqIv5r +HjsoZmB40EzxCwTAafMwIBRF5qCCQGBny1O6vDOC0s4hG+v8xsZujfnQ7E/NBd5h +Yn11FeVzAgMBAAGjUDBOMB0GA1UdDgQWBBT+da0Ume6t/7a3MV9WsCitwj57IjAf +BgNVHSMEGDAWgBT+da0Ume6t/7a3MV9WsCitwj57IjAMBgNVHRMEBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQCfkiFUSUNWxE6Nw4IJqGjgwIskn4GvBMJM9MAs2fDZ +6cg5ujGFvTsXHxWRPYkKFNrBfuokvfEQG+SvQT2yL9mufTmX6G6gCnkJeXrHy27d +MpqRPhoV0RzG59qh1XIGfSZi84qBYuYMD3NuLD8nOTNunPIl0r21K60Lfy1krZEL +mVdHhlv1kSdY8N9RLDXuThKkbr8r1SB9Qeyi52VWpER3SteFm8kt5QbspvUzsqfE +L9sdZw9s9J2aOzjkioxg3O3ZmXdriC0zvbjRTgwWqT9DdBgB3Mx/Zux4heMasKDl +6BUkHwEdNtFetPi1Zf5K7H9M6zxrha9rra1w/Pxmj6rH +-----END CERTIFICATE-----