Implement code header for interactions through use of EDC

README.md

@@ -40,6 +40,7 @@ The rest of this README is structured as follows:
   - [Using the REST API](#using-the-rest-api)
   - [Using the Java API](#using-the-java-api)
 - [Performance benchmark](#performance-benchmark)
+- [Current development](#current-development)
 - [Developer information](#developer-information)
   - [Components](#components)
   - [Release steps](#release-steps)
@@ -167,7 +168,7 @@ In the [`Java API Example` module](./examples/java-api), the Java API is used to
 Another knowledge base receives those bindings through a REACT knowledge interaction an prints them to the console.
 
 # Performance benchmark
-A preliminary performence benchmark of the Knowledge Engine is available in [this repository](https://github.com/faclc4/YCSB-KE/tree/master).
+A preliminary performance benchmark of the Knowledge Engine is available in [this repository](https://github.com/faclc4/YCSB-KE/tree/master).
 
 Based on this benchmark, the minimum requirements for the Knowledge Engine are:
 - i3-3040 Intel processor at 3.4 GHz
@@ -177,6 +178,11 @@ Based on this benchmark, the minimum requirements for the Knowledge Engine are:
 Of course, it highly depends on how you want to use the Knowledge Engine, because the reasoner, for example, increases these requirements.
 
 
+# Current development
+The Knowledge Engine currently still undergoes further development.
+An integration with [Eclipse Dataspace Components (EDC)](https://eclipse-edc.github.io/documentation/) is among the features in development, which is not stable in its current form and cannot be guaranteed to not crash frequently and contain bugs. It will be subject to many changes in the future. However, an example on the intended (future) use of this functionality is detailed in the [example](./examples/edc-example/README.md) with a description of the setup and instructions on parameters to set and how to execute it.
+
+
 # Developer information
 
 This section gives more detailed information about the project's structure, and is targeted towards developers who contribute code to the project.

examples/edc-example/README.md

@@ -0,0 +1,90 @@
+# TKE-EDC Example
+This example uses EDC-IDS Connectors for communication between two Knowledge Engine Runtimes (KERs).
+All messages that are sent contain an authentication code.
+If a message is received, the authentication code is validated unless it is a meta Knowledge Interaction.
+
+## Introduction to the Knowledge Engine
+The Knowledge Engine is a system for seamlessly connecting data sources.
+Each data source, which can provide and/or consume information, is also called a Knowledge Base.
+Multiple Knowledge Bases that communicate together form a network.
+To communicate with such a network, each Knowledge Base uses a component called a Smart Connector.
+This Smart Connector takes care of all communication between a Knowledge Base and others in the network.
+The Smart Connectors are part of the Knowledge Engine solution and should not be confused with the EDC-IDS Connectors.
+
+
+![A single Knowledge Base communicates with a network through a Smart Connector.](./single-kb.png)
+
+Within a network, each Knowledge Base announces what information it wants to _receive_, and what information it can _provide_ through its Smart Connector.
+The Knowledge Engine will determine who to contact for each information request.
+
+There are 4 types of information requests, also called Knowledge Interactions, in the Knowledge Engine: Ask, Answer, Post, React.
+Ask is to request information. An answer provides an Answer to a request for information, i.e. Ask.
+Post is to announce information. 
+A React gives you the ability to subscribe to information and thus react to information that is announced through a Post.
+
+These Knowledge Interactions are first registered at the Smart Connector. 
+After they have been registered, they can be executed.
+
+For more information on the Knowledge Engine, check out the [documentation](https://docs.knowledge-engine.eu/).
+
+## About the Integration with EDC-IDS
+The current integration between the Knowledge Engine and EDC-IDS focuses on the authentication of messages.
+All messages that are sent contain an authentication code.
+This authentication code is validated whenever the message is received.
+This way we can be sure that the message was sent by the correct party, thus it establishes trust within the network.
+
+We currently use the standard EDC-IDS Connector without any modifications.
+We use the Connector to establish and check the identity of all parties in the network.
+The communication between KERs is still direct, meaning that messages that are sent do not go through the Connector.
+
+The authentication tokens are valid for a limited amount of time.
+You can set the duration of validity of authentication tokens in the EDC Connector properties file (`edc.transfer.proxy.token.validity.seconds`).
+While tokens can expire in the current implementation, there is not yet a mechanism to renew them.
+That's why we currently advise you to set it to a high number.
+
+
+## Running the TKE-EDC example
+This example uses 3 knowledge bases as depicted below.
+
+![Picture with 3 knowledge bases. Each knowledge base uses a Smart Connector to communicate with the other knowledge bases.](./illustration-example-situation.png)
+
+One knowledge base asks for information and the other two provide an answer to the question.
+
+### Executing the example
+Execute the following steps to run the example:
+1. In this project, execute a `mvn clean install`.
+2. In the `knowledge-directory` directory in this project, execute `docker build . -t testkd:1.3.3-SNAPSHOT`.
+3. In the `smart-connector-rest-dist` directory in this project, execute `docker build . -t testsc:1.3.3-SNAPSHOT`.
+4. In the `examples/edc-example` directory in this project, execute `docker compose build`. 
+5. In the `examples/edc-example` directory in this project, execute `docker compose up -d tke-edc-one tke-edc-two tke-edc-three`. This starts three EDC-IDS Connectors.
+6. Wait around 10 seconds to give the EDC Connectors time to finish setting up. Then, execute `docker compose up -d` to start three KERs, three linked Knowledge Bases and a Knowledge Directory.
+
+You can inspect the logs with `docker compose logs -f`.
+After a moment (+-30 seconds), the logs will stabilise when the connectors have finished initiating the various data flows.
+You can then see that one KER (`runtime-1`) asks for information, a second KER (`runtime-2`) answers with `http://example.org/Math, http://example.org/Science` and the third (`runtime-3`) answers with `http://example.org/Magazines, http://example.org/Books`.
+
+To stop the example, execute `docker compose down`.
+
+## Adding another participant to the network
+For each additional KER with an EDC-IDS Connector, we need the following files in the `examples/edc-example` directory:
+- `connector/configuration/ker-configuration.properties` contains settings for the EDC-IDS Connector
+- `connector/configuration/ker-vault.properties` contains a public key
+
+The `docker-compose.yml` in `examples/edc-example/` should also be modified to include:
+- An additional KER (currently named `runtime-1`, `runtime-2`, ...)
+  - The `image` setting refers to the image build in the execution steps of this document.
+  - The `depends_on` setting refers to the Docker component for the EDC-IDS Connector
+  - The `KE_RUNTIME_EXPOSED_URL` is a unique URL for the new KER.
+  - The EDC related environment variables are:
+    - `KE_RUNTIME_USE_EDC` -> Turn EDC functionality on or off.
+    - `KE_EDC_PROTOCOL_URL` -> URL of the protocal API of the associated EDC-IDS connector.
+    - `KE_EDC_MANAGEMENT_URL` -> URL of the management API of the associated EDC-IDS connector.
+    - `KE_EDC_DATAPLANE_CONTROL_URL` -> URL of the dataplane control API of the associated EDC-IDS connector.
+    - `KE_EDC_DATAPLANE_PUBLIC_URL` -> URL of the dataplane public API of the associated EDC-IDS connector.
+    - `KE_EDC_TOKEN_VALIDATION_ENDPOINT` -> URL of the token validation endpoint of the associated EDC-IDS connector.
+- An additional EDC-IDS Connector (currently named `tke-edc-one`, `tke-edc-two`, ...)
+  - Requires 4 ports to be forwarded
+  - The `command` used to start this connector refers to the previously mentioned configuration files and thus the names of those files should be modified if you copy the command from another EDC-IDS Connector.
+  - The `hostname` is used in the properties files to refer to this entity
+- An additional knowledge base (`kb1`, `kb2`, ...)
+  - The `KE_URL` refers to the `KE_RUNTIME_EXPOSED_URL` of the KER Docker component (`runtime-1`, `runtime-2`, ...)

examples/edc-example/connector/certs/cert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDazCCAlOgAwIBAgIUZ3/sZXYzW4PjmOXKrZn6WBmUJ+4wDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjAyMjMxNTA2MDNaFw0zMjAy
+MjExNTA2MDNaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDBl6XaJnXTL+6DWip3aBhU+MzmY4d1V9hbTm1tiZ3g
+E0VbUrvGO3LoYaxpPv6zFmsg3uJv6JxVAde7EddidN0ITHB9cQNdAfdUJ5njmsGS
+PbdQuOQTHw0aG7/QvTI/nsvfEE6e0lbV/0e7DHacZT/+OztBH1RwkG2ymM94Hf8H
+I6x7q6yfRTAZOqeOMrPCYTcluAgE9NskoPvjX5qASakBtXISKIsOU84N0/2HDN3W
+EGMXvoHUQu6vrij6BwiwxKaw1AKwWENKoga775bPXN3M+JTSaIKE7dZbKzvx0Zi0
+h5X+bxc3BJi3Z/CsUBCzE+Y0SFetOiYmyl/2YmnneYoVAgMBAAGjUzBRMB0GA1Ud
+DgQWBBTvK1wVERwjni4B2vdH7KtEJeVWFzAfBgNVHSMEGDAWgBTvK1wVERwjni4B
+2vdH7KtEJeVWFzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBn
+QHiPA7OBYukHd9gS7c0HXE+fsWcS3GZeLqcHfQQnV3pte1vTmu9//IVW71wNCJ1/
+rySRyODPQoPehxEcyHwupNZSzXK//nPlTdSgjMfFxscvt1YndyQLQYCfyOJMixAe
+Aqrb14GTFHUUrdor0PyElhkULjkOXUrSIsdBrfWrwLTkelE8NK3tb5ZG8KPzD9Jy
++NwEPPr9d+iHkUkM7EFWw/cl56wka9ryBb97RI7DqbO6/j6OXHMk4GByxKv7DSIR
+IvF9/Dw20qytajtaHV0pluFcOBuFc0NfiDvCaQlbTsfjzbc6UmZWbOi9YOJl3VQ/
+g3h+15GuzbsSzOCOEYOT
+-----END CERTIFICATE-----

examples/edc-example/connector/certs/key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBl6XaJnXTL+6D
+Wip3aBhU+MzmY4d1V9hbTm1tiZ3gE0VbUrvGO3LoYaxpPv6zFmsg3uJv6JxVAde7
+EddidN0ITHB9cQNdAfdUJ5njmsGSPbdQuOQTHw0aG7/QvTI/nsvfEE6e0lbV/0e7
+DHacZT/+OztBH1RwkG2ymM94Hf8HI6x7q6yfRTAZOqeOMrPCYTcluAgE9NskoPvj
+X5qASakBtXISKIsOU84N0/2HDN3WEGMXvoHUQu6vrij6BwiwxKaw1AKwWENKoga7
+75bPXN3M+JTSaIKE7dZbKzvx0Zi0h5X+bxc3BJi3Z/CsUBCzE+Y0SFetOiYmyl/2
+YmnneYoVAgMBAAECggEBAJHXiN6bctAyn+DcoHlsNkhtVw+Jk5bXIutGXjHTJtiU
+K//siAGC78IZMyXmi0KndPVCdBwShROVW8xWWIiXuZxy2Zvm872xqX4Ah3JsN7/Q
+NrXdVBUDo38zwIGkxqIfIz9crZ4An+J/eq5zaTfRHzCLtswMqjRS2hFeBY5cKrBY
+4bkSDGTP/c5cP7xS/UwaiTR2Ptd41f4zTyd4l5rl30TYHpazQNlbdxcOV4jh2Rnp
+E0+cFEvEfeagVq7RmfBScKG5pk4qcRG0q2QHMyK5y00hdYvhdRjSgN7xIDkeO5B8
+s8/tSLU78nCl2gA9IKxTXYLitpISwZ81Q04mEAKRRtECgYEA+6lKnhn//aXerkLo
+ZOLOjWQZhh005jHdNxX7DZqLpTrrfxc8v15KWUkAK1H0QHqYvfPrbbsBV1MY1xXt
+sKmkeu/k8fJQzCIvFN4K2J5W5kMfq9PSw5d3XPeDaQuXUVaxBVp0gzPEPHmkKRbA
+AkUqY0oJwA9gMKf8dK+flmLZfbsCgYEAxO4Roj2G46/Oox1GEZGxdLpiMpr9rEdR
+JlSZ9kMGfddNLV7sFp6yPXDcyc/AOqeNj7tw1MyoT3Ar454+V0q83EZzCXvs4U6f
+jUrfFcoVWIwf9AV/J4KWzMIzfqPIeNwqymZKd6BrZgcXXvAEPWt27mwO4a1GhC4G
+oZv0t3lAsm8CgYAQ8C0IhSF4tgBN5Ez19VoHpDQflbmowLRt77nNCZjajyOokyzQ
+iI0ig0pSoBp7eITtTAyNfyew8/PZDi3IVTKv35OeQTv08VwP4H4EZGve5aetDf3C
+kmBDTpl2qYQOwnH5tUPgTMypcVp+NXzI6lTXB/WuCprjy3qvc96e5ZpT3wKBgQC8
+Xny/k9rTL/eYTwgXBiWYYjBL97VudUlKQOKEjNhIxwkrvQBXIrWbz7lh0Tcu49al
+BcaHxru4QLO6pkM7fGHq0fh3ufJ8EZjMrjF1xjdk26Q05o0aXe+hLKHVIRVBhlfo
+ArB4fRo+HcpdJXjox0KcDQCvHe+1v9DYBTWvymv4QQKBgBy3YH7hKz35DcXvA2r4
+Kis9a4ycuZqTXockO4rkcIwC6CJp9JbHDIRzig8HYOaRqmZ4a+coqLmddXr2uOF1
+7+iAxxG1KzdT6uFNd+e/j2cdUjnqcSmz49PRtdDswgyYhoDT+W4yVGNQ4VuKg6a3
+Z3pC+KTdoHSKeA2FyAGnSUpD
+-----END PRIVATE KEY-----

examples/edc-example/connector/configuration/consumer-configuration.properties

@@ -0,0 +1,25 @@
+edc.participant.id=http://runtime-2:8081
+# communication between the docker containers using the hostname of the container
+edc.dsp.callback.address=http://two:29194/protocol
+web.http.port=29191
+web.http.path=/api
+web.http.management.port=29193
+web.http.management.path=/management
+web.http.protocol.port=29194
+web.http.protocol.path=/protocol
+
+# use: host.docker.internal if the docker container needs access localhost
+edc.receiver.http.endpoint=http://runtime-2:8081/token
+edc.public.key.alias=public-key
+edc.transfer.dataplane.token.signer.privatekey.alias=1
+edc.transfer.proxy.token.signer.privatekey.alias=1
+edc.transfer.proxy.token.verifier.publickey.alias=public-key
+web.http.public.port=29291
+web.http.public.path=/public
+web.http.control.port=29192
+web.http.control.path=/control
+edc.dataplane.token.validation.endpoint=http://two:29192/control/token
+
+# authCode token expiration in seconds
+edc.transfer.proxy.token.validity.seconds=999999
+#edc.transfer.proxy.token.validity.seconds=120

examples/edc-example/connector/configuration/consumer-vault.properties

@@ -0,0 +1 @@
+public-key=-----BEGIN CERTIFICATE-----\r\nMIIDazCCAlOgAwIBAgIUZ3/sZXYzW4PjmOXKrZn6WBmUJ+4wDQYJKoZIhvcNAQEL\r\nBQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM\r\nGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjAyMjMxNTA2MDNaFw0zMjAy\r\nMjExNTA2MDNaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw\r\nHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB\r\nAQUAA4IBDwAwggEKAoIBAQDBl6XaJnXTL+6DWip3aBhU+MzmY4d1V9hbTm1tiZ3g\r\nE0VbUrvGO3LoYaxpPv6zFmsg3uJv6JxVAde7EddidN0ITHB9cQNdAfdUJ5njmsGS\r\nPbdQuOQTHw0aG7/QvTI/nsvfEE6e0lbV/0e7DHacZT/+OztBH1RwkG2ymM94Hf8H\r\nI6x7q6yfRTAZOqeOMrPCYTcluAgE9NskoPvjX5qASakBtXISKIsOU84N0/2HDN3W\r\nEGMXvoHUQu6vrij6BwiwxKaw1AKwWENKoga775bPXN3M+JTSaIKE7dZbKzvx0Zi0\r\nh5X+bxc3BJi3Z/CsUBCzE+Y0SFetOiYmyl/2YmnneYoVAgMBAAGjUzBRMB0GA1Ud\r\nDgQWBBTvK1wVERwjni4B2vdH7KtEJeVWFzAfBgNVHSMEGDAWgBTvK1wVERwjni4B\r\n2vdH7KtEJeVWFzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBn\r\nQHiPA7OBYukHd9gS7c0HXE+fsWcS3GZeLqcHfQQnV3pte1vTmu9//IVW71wNCJ1/\r\nrySRyODPQoPehxEcyHwupNZSzXK//nPlTdSgjMfFxscvt1YndyQLQYCfyOJMixAe\r\nAqrb14GTFHUUrdor0PyElhkULjkOXUrSIsdBrfWrwLTkelE8NK3tb5ZG8KPzD9Jy\r\n+NwEPPr9d+iHkUkM7EFWw/cl56wka9ryBb97RI7DqbO6/j6OXHMk4GByxKv7DSIR\r\nIvF9/Dw20qytajtaHV0pluFcOBuFc0NfiDvCaQlbTsfjzbc6UmZWbOi9YOJl3VQ/\r\ng3h+15GuzbsSzOCOEYOT\r\n-----END CERTIFICATE-----

examples/edc-example/connector/configuration/provider-configuration.properties

@@ -0,0 +1,25 @@
+edc.participant.id=http://runtime-1:8081
+# communication between the docker containers using the hostname of the container
+edc.dsp.callback.address=http://one:19194/protocol
+web.http.port=19191
+web.http.path=/api
+web.http.management.port=19193
+web.http.management.path=/management
+web.http.protocol.port=19194
+web.http.protocol.path=/protocol
+
+# use: host.docker.internal if the docker container needs access localhost
+edc.receiver.http.endpoint=http://runtime-1:8081/token
+edc.public.key.alias=public-key
+edc.transfer.dataplane.token.signer.privatekey.alias=1
+edc.transfer.proxy.token.signer.privatekey.alias=1
+edc.transfer.proxy.token.verifier.publickey.alias=public-key
+web.http.public.port=19291
+web.http.public.path=/public
+web.http.control.port=19192
+web.http.control.path=/control
+edc.dataplane.token.validation.endpoint=http://one:19192/control/token
+
+# authCode token expiration in seconds
+edc.transfer.proxy.token.validity.seconds=999999
+#edc.transfer.proxy.token.validity.seconds=120

examples/edc-example/connector/configuration/provider-vault.properties

@@ -0,0 +1 @@
+public-key=-----BEGIN CERTIFICATE-----\r\nMIIDazCCAlOgAwIBAgIUZ3/sZXYzW4PjmOXKrZn6WBmUJ+4wDQYJKoZIhvcNAQEL\r\nBQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM\r\nGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjAyMjMxNTA2MDNaFw0zMjAy\r\nMjExNTA2MDNaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw\r\nHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB\r\nAQUAA4IBDwAwggEKAoIBAQDBl6XaJnXTL+6DWip3aBhU+MzmY4d1V9hbTm1tiZ3g\r\nE0VbUrvGO3LoYaxpPv6zFmsg3uJv6JxVAde7EddidN0ITHB9cQNdAfdUJ5njmsGS\r\nPbdQuOQTHw0aG7/QvTI/nsvfEE6e0lbV/0e7DHacZT/+OztBH1RwkG2ymM94Hf8H\r\nI6x7q6yfRTAZOqeOMrPCYTcluAgE9NskoPvjX5qASakBtXISKIsOU84N0/2HDN3W\r\nEGMXvoHUQu6vrij6BwiwxKaw1AKwWENKoga775bPXN3M+JTSaIKE7dZbKzvx0Zi0\r\nh5X+bxc3BJi3Z/CsUBCzE+Y0SFetOiYmyl/2YmnneYoVAgMBAAGjUzBRMB0GA1Ud\r\nDgQWBBTvK1wVERwjni4B2vdH7KtEJeVWFzAfBgNVHSMEGDAWgBTvK1wVERwjni4B\r\n2vdH7KtEJeVWFzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBn\r\nQHiPA7OBYukHd9gS7c0HXE+fsWcS3GZeLqcHfQQnV3pte1vTmu9//IVW71wNCJ1/\r\nrySRyODPQoPehxEcyHwupNZSzXK//nPlTdSgjMfFxscvt1YndyQLQYCfyOJMixAe\r\nAqrb14GTFHUUrdor0PyElhkULjkOXUrSIsdBrfWrwLTkelE8NK3tb5ZG8KPzD9Jy\r\n+NwEPPr9d+iHkUkM7EFWw/cl56wka9ryBb97RI7DqbO6/j6OXHMk4GByxKv7DSIR\r\nIvF9/Dw20qytajtaHV0pluFcOBuFc0NfiDvCaQlbTsfjzbc6UmZWbOi9YOJl3VQ/\r\ng3h+15GuzbsSzOCOEYOT\r\n-----END CERTIFICATE-----

examples/edc-example/connector/configuration/three-configuration.properties

@@ -0,0 +1,25 @@
+edc.participant.id=http://runtime-3:8081
+# communication between the docker containers using the hostname of the container
+edc.dsp.callback.address=http://three:39194/protocol
+web.http.port=39191
+web.http.path=/api
+web.http.management.port=39193
+web.http.management.path=/management
+web.http.protocol.port=39194
+web.http.protocol.path=/protocol
+
+# use: host.docker.internal if the docker container needs access localhost
+edc.receiver.http.endpoint=http://runtime-3:8081/token
+edc.public.key.alias=public-key
+edc.transfer.dataplane.token.signer.privatekey.alias=1
+edc.transfer.proxy.token.signer.privatekey.alias=1
+edc.transfer.proxy.token.verifier.publickey.alias=public-key
+web.http.public.port=39291
+web.http.public.path=/public
+web.http.control.port=39192
+web.http.control.path=/control
+edc.dataplane.token.validation.endpoint=http://three:39192/control/token
+
+# authCode token expiration in seconds
+edc.transfer.proxy.token.validity.seconds=999999
+

examples/edc-example/connector/configuration/three-vault.properties

@@ -0,0 +1 @@
+public-key=-----BEGIN CERTIFICATE-----\r\nMIIDazCCAlOgAwIBAgIUZ3/sZXYzW4PjmOXKrZn6WBmUJ+4wDQYJKoZIhvcNAQEL\r\nBQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM\r\nGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjAyMjMxNTA2MDNaFw0zMjAy\r\nMjExNTA2MDNaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw\r\nHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB\r\nAQUAA4IBDwAwggEKAoIBAQDBl6XaJnXTL+6DWip3aBhU+MzmY4d1V9hbTm1tiZ3g\r\nE0VbUrvGO3LoYaxpPv6zFmsg3uJv6JxVAde7EddidN0ITHB9cQNdAfdUJ5njmsGS\r\nPbdQuOQTHw0aG7/QvTI/nsvfEE6e0lbV/0e7DHacZT/+OztBH1RwkG2ymM94Hf8H\r\nI6x7q6yfRTAZOqeOMrPCYTcluAgE9NskoPvjX5qASakBtXISKIsOU84N0/2HDN3W\r\nEGMXvoHUQu6vrij6BwiwxKaw1AKwWENKoga775bPXN3M+JTSaIKE7dZbKzvx0Zi0\r\nh5X+bxc3BJi3Z/CsUBCzE+Y0SFetOiYmyl/2YmnneYoVAgMBAAGjUzBRMB0GA1Ud\r\nDgQWBBTvK1wVERwjni4B2vdH7KtEJeVWFzAfBgNVHSMEGDAWgBTvK1wVERwjni4B\r\n2vdH7KtEJeVWFzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBn\r\nQHiPA7OBYukHd9gS7c0HXE+fsWcS3GZeLqcHfQQnV3pte1vTmu9//IVW71wNCJ1/\r\nrySRyODPQoPehxEcyHwupNZSzXK//nPlTdSgjMfFxscvt1YndyQLQYCfyOJMixAe\r\nAqrb14GTFHUUrdor0PyElhkULjkOXUrSIsdBrfWrwLTkelE8NK3tb5ZG8KPzD9Jy\r\n+NwEPPr9d+iHkUkM7EFWw/cl56wka9ryBb97RI7DqbO6/j6OXHMk4GByxKv7DSIR\r\nIvF9/Dw20qytajtaHV0pluFcOBuFc0NfiDvCaQlbTsfjzbc6UmZWbOi9YOJl3VQ/\r\ng3h+15GuzbsSzOCOEYOT\r\n-----END CERTIFICATE-----