diff --git a/.circleci/config.yml b/.circleci/config.yml index 76964e39..8f357497 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -14,7 +14,6 @@ defaults: &defaults command: | echo $GOARCH go version - google-chrome --version printf "quic.clemente.io certificate valid until: " && openssl x509 -in example/fullchain.pem -enddate -noout | cut -d = -f 2 - run: name: "Run benchmark tests" @@ -25,12 +24,6 @@ defaults: &defaults - run: name: "Run tools tests" command: ginkgo -r -v -randomizeAllSpecs -trace integrationtests/tools - - run: - name: "Run Chrome integration tests" - command: ginkgo -v -randomizeAllSpecs -trace integrationtests/chrome - - run: - name: "Run integration tests using the gQUIC toy server / client" - command: ginkgo -v -randomizeAllSpecs -trace integrationtests/gquic - run: name: "Run self integration tests" command: ginkgo -v -randomizeAllSpecs -trace integrationtests/self diff --git a/.travis/script.sh b/.travis/script.sh index 5fa6db88..cd101757 100755 --- a/.travis/script.sh +++ b/.travis/script.sh @@ -22,5 +22,5 @@ if [ ${TESTMODE} == "integration" ]; then ginkgo -race -randomizeAllSpecs -randomizeSuites -trace benchmark -- -samples=1 -size=10 fi # run integration tests - ginkgo -r -v -randomizeAllSpecs -randomizeSuites -trace -skipPackage chrome integrationtests + ginkgo -r -v -randomizeAllSpecs -randomizeSuites -trace -skipPackage integrationtests fi diff --git a/README.md b/README.md index 58d65bd3..ae1fa9cd 100644 --- a/README.md +++ b/README.md @@ -8,12 +8,19 @@ [![Windows Build Status](https://img.shields.io/appveyor/ci/lucas-clemente/quic-go/master.svg?style=flat-square&label=windows+build)](https://ci.appveyor.com/project/lucas-clemente/quic-go/branch/master) [![Code Coverage](https://img.shields.io/codecov/c/github/lucas-clemente/quic-go/master.svg?style=flat-square)](https://codecov.io/gh/lucas-clemente/quic-go/) -quic-go is an implementation of the [QUIC](https://en.wikipedia.org/wiki/QUIC) protocol in Go. +quic-go is an implementation of the [QUIC](https://en.wikipedia.org/wiki/QUIC) protocol in Go. It roughly implements the [IETF QUIC draft](https://github.com/quicwg/base-drafts), although we don't fully support any of the draft versions at the moment. -## Roadmap +## Version compatibility -quic-go is compatible with the current version(s) of Google Chrome and QUIC as deployed on Google's servers. We're actively tracking the development of the Chrome code to ensure compatibility as the protocol evolves. In that process, we're dropping support for old QUIC versions. -As Google's QUIC versions are expected to converge towards the [IETF QUIC draft](https://github.com/quicwg/base-drafts), quic-go will eventually implement that draft. +Since quic-go is under active development, there's no guarantee that two builds of different commits are interoperable. The QUIC version used in the *master* branch is just a placeholder, and should not be considered stable. + +If you want to use quic-go as a library in other projects, please consider using a [tagged release](https://github.com/lucas-clemente/quic-go/releases). These releases expose [experimental QUIC versions](https://github.com/quicwg/base-drafts/wiki/QUIC-Versions), which are guaranteed to be stable. + +## Google QUIC + +quic-go used to support both the QUIC versions supported by Google Chrome and QUIC as deployed on Google's servers, as well as IETF QUIC. Due to the divergence of the two protocols, we decided to not support both versions any more. + +The *master* branch **only** supports IETF QUIC. For Google QUIC support, please refer to the [gquic branch](https://github.com/lucas-clemente/quic-go/tree/gquic). ## Guides @@ -27,31 +34,19 @@ Running tests: go test ./... -### Running the example server +### HTTP mapping - go run example/main.go -www /var/www/ - -Using the `quic_client` from chromium: - - quic_client --host=127.0.0.1 --port=6121 --v=1 https://quic.clemente.io - -Using Chrome: - - /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --user-data-dir=/tmp/chrome --no-proxy-server --enable-quic --origin-to-force-quic-on=quic.clemente.io:443 --host-resolver-rules='MAP quic.clemente.io:443 127.0.0.1:6121' https://quic.clemente.io +We're currently not implementing the HTTP mapping as described in the [QUIC over HTTP draft](https://quicwg.org/base-drafts/draft-ietf-quic-http.html). The HTTP mapping here is a leftover from Google QUIC. ### QUIC without HTTP/2 Take a look at [this echo example](example/echo/echo.go). -### Using the example client - - go run example/client/main.go https://clemente.io - ## Usage ### As a server -See the [example server](example/main.go) or try out [Caddy](https://github.com/mholt/caddy) (from version 0.9, [instructions here](https://github.com/mholt/caddy/wiki/QUIC)). Starting a QUIC server is very similar to the standard lib http in go: +See the [example server](example/main.go). Starting a QUIC server is very similar to the standard lib http in go: ```go http.Handle("/", http.FileServer(http.Dir(wwwDir))) diff --git a/client.go b/client.go index 6ec86ef3..a7a84d1f 100644 --- a/client.go +++ b/client.go @@ -1,7 +1,6 @@ package quic import ( - "bytes" "context" "crypto/tls" "errors" @@ -123,13 +122,6 @@ func dialContext( createdPacketConn bool, ) (Session, error) { config = populateClientConfig(config, createdPacketConn) - if !createdPacketConn { - for _, v := range config.Versions { - if v == protocol.Version44 { - return nil, errors.New("Cannot multiplex connections using gQUIC 44, see https://groups.google.com/a/chromium.org/forum/#!topic/proto-quic/pE9NlLLjizE. Please disable gQUIC 44 in the quic.Config, or use DialAddr") - } - } - } packetHandlers, err := getMultiplexer().AddConn(pconn, config.ConnectionIDLength) if err != nil { return nil, err @@ -234,17 +226,11 @@ func populateClientConfig(config *Config, createdPacketConn bool) *Config { if connIDLen == 0 && !createdPacketConn { connIDLen = protocol.DefaultConnectionIDLength } - for _, v := range versions { - if v == protocol.Version44 { - connIDLen = 0 - } - } return &Config{ Versions: versions, HandshakeTimeout: handshakeTimeout, IdleTimeout: idleTimeout, - RequestConnectionIDOmission: config.RequestConnectionIDOmission, ConnectionIDLength: connIDLen, MaxReceiveStreamFlowControlWindow: maxReceiveStreamFlowControlWindow, MaxReceiveConnectionFlowControlWindow: maxReceiveConnectionFlowControlWindow, @@ -255,53 +241,22 @@ func populateClientConfig(config *Config, createdPacketConn bool) *Config { } func (c *client) generateConnectionIDs() error { - connIDLen := protocol.ConnectionIDLenGQUIC - if c.version.UsesTLS() { - connIDLen = c.config.ConnectionIDLength - } - srcConnID, err := generateConnectionID(connIDLen) + srcConnID, err := generateConnectionID(c.config.ConnectionIDLength) if err != nil { return err } - destConnID := srcConnID - if c.version.UsesTLS() { - destConnID, err = generateConnectionIDForInitial() - if err != nil { - return err - } + destConnID, err := generateConnectionIDForInitial() + if err != nil { + return err } c.srcConnID = srcConnID c.destConnID = destConnID - if c.version == protocol.Version44 { - c.srcConnID = nil - } return nil } func (c *client) dial(ctx context.Context) error { c.logger.Infof("Starting new connection to %s (%s -> %s), source connection ID %s, destination connection ID %s, version %s", c.tlsConf.ServerName, c.conn.LocalAddr(), c.conn.RemoteAddr(), c.srcConnID, c.destConnID, c.version) - var err error - if c.version.UsesTLS() { - err = c.dialTLS(ctx) - } else { - err = c.dialGQUIC(ctx) - } - return err -} - -func (c *client) dialGQUIC(ctx context.Context) error { - if err := c.createNewGQUICSession(); err != nil { - return err - } - err := c.establishSecureConnection(ctx) - if err == errCloseSessionForNewVersion { - return c.dial(ctx) - } - return err -} - -func (c *client) dialTLS(ctx context.Context) error { if err := c.createNewTLSSession(c.version); err != nil { return err } @@ -315,9 +270,9 @@ func (c *client) dialTLS(ctx context.Context) error { // establishSecureConnection runs the session, and tries to establish a secure connection // It returns: // - errCloseSessionForNewVersion when the server sends a version negotiation packet -// - handshake.ErrCloseSessionForRetry when the server performs a stateless retry (for IETF QUIC) +// - handshake.ErrCloseSessionForRetry when the server performs a stateless retry // - any other error that might occur -// - when the connection is secure (for gQUIC), or forward-secure (for IETF QUIC) +// - when the connection is forward-secure func (c *client) establishSecureConnection(ctx context.Context) error { errorChan := make(chan error, 1) @@ -362,24 +317,9 @@ func (c *client) handlePacketImpl(p *receivedPacket) error { return err } - if !c.version.UsesIETFHeaderFormat() { - connID := p.header.DestConnectionID - // reject packets with truncated connection id if we didn't request truncation - if !c.config.RequestConnectionIDOmission && connID.Len() == 0 { - return errors.New("received packet with truncated connection ID, but didn't request truncation") - } - // reject packets with the wrong connection ID - if connID.Len() > 0 && !connID.Equal(c.srcConnID) { - return fmt.Errorf("received a packet with an unexpected connection ID (%s, expected %s)", connID, c.srcConnID) - } - if p.header.ResetFlag { - return c.handlePublicReset(p) - } - } else { - // reject packets with the wrong connection ID - if !p.header.DestConnectionID.Equal(c.srcConnID) { - return fmt.Errorf("received a packet with an unexpected connection ID (%s, expected %s)", p.header.DestConnectionID, c.srcConnID) - } + // reject packets with the wrong connection ID + if !p.header.DestConnectionID.Equal(c.srcConnID) { + return fmt.Errorf("received a packet with an unexpected connection ID (%s, expected %s)", p.header.DestConnectionID, c.srcConnID) } if p.header.Type == protocol.PacketTypeRetry { @@ -397,22 +337,6 @@ func (c *client) handlePacketImpl(p *receivedPacket) error { return nil } -func (c *client) handlePublicReset(p *receivedPacket) error { - cr := c.conn.RemoteAddr() - // check if the remote address and the connection ID match - // otherwise this might be an attacker trying to inject a PUBLIC_RESET to kill the connection - if cr.Network() != p.remoteAddr.Network() || cr.String() != p.remoteAddr.String() || !p.header.DestConnectionID.Equal(c.srcConnID) { - return errors.New("Received a spoofed Public Reset") - } - pr, err := wire.ParsePublicReset(bytes.NewReader(p.data)) - if err != nil { - return fmt.Errorf("Received a Public Reset. An error occurred parsing the packet: %s", err) - } - c.session.closeRemote(qerr.Error(qerr.PublicReset, fmt.Sprintf("Received a Public Reset for packet number %#x", pr.RejectedPacketNumber))) - c.logger.Infof("Received Public Reset, rejected packet number: %#x", pr.RejectedPacketNumber) - return nil -} - func (c *client) handleVersionNegotiationPacket(hdr *wire.Header) error { // ignore delayed / duplicated version negotiation packets if c.receivedVersionNegotiationPacket || c.versionNegotiated { @@ -471,42 +395,11 @@ func (c *client) handleRetryPacket(hdr *wire.Header) { c.session.destroy(errCloseSessionForRetry) } -func (c *client) createNewGQUICSession() error { - c.mutex.Lock() - defer c.mutex.Unlock() - runner := &runner{ - onHandshakeCompleteImpl: func(_ Session) { close(c.handshakeChan) }, - removeConnectionIDImpl: c.closeCallback, - } - sess, err := newClientSession( - c.conn, - runner, - c.version, - c.destConnID, - c.srcConnID, - c.tlsConf, - c.config, - c.initialVersion, - c.negotiatedVersions, - c.logger, - ) - if err != nil { - return err - } - c.session = sess - c.packetHandlers.Add(c.srcConnID, c) - if c.config.RequestConnectionIDOmission { - c.packetHandlers.Add(protocol.ConnectionID{}, c) - } - return nil -} - func (c *client) createNewTLSSession(version protocol.VersionNumber) error { params := &handshake.TransportParameters{ StreamFlowControlWindow: protocol.ReceiveStreamFlowControlWindow, ConnectionFlowControlWindow: protocol.ReceiveConnectionFlowControlWindow, IdleTimeout: c.config.IdleTimeout, - OmitConnectionID: c.config.RequestConnectionIDOmission, MaxBidiStreams: uint16(c.config.MaxIncomingStreams), MaxUniStreams: uint16(c.config.MaxIncomingUniStreams), DisableMigration: true, @@ -518,7 +411,7 @@ func (c *client) createNewTLSSession(version protocol.VersionNumber) error { onHandshakeCompleteImpl: func(_ Session) { close(c.handshakeChan) }, removeConnectionIDImpl: c.closeCallback, } - sess, err := newTLSClientSession( + sess, err := newClientSession( c.conn, runner, c.token, diff --git a/client_test.go b/client_test.go index ed89d121..51c9a9a4 100644 --- a/client_test.go +++ b/client_test.go @@ -30,9 +30,20 @@ var _ = Describe("Client", func() { mockMultiplexer *MockMultiplexer origMultiplexer multiplexer - supportedVersionsWithoutGQUIC44 []protocol.VersionNumber - - originalClientSessConstructor func(connection, sessionRunner, protocol.VersionNumber, protocol.ConnectionID, protocol.ConnectionID, *tls.Config, *Config, protocol.VersionNumber, []protocol.VersionNumber, utils.Logger) (quicSession, error) + originalClientSessConstructor func( + conn connection, + runner sessionRunner, + token []byte, + destConnID protocol.ConnectionID, + srcConnID protocol.ConnectionID, + conf *Config, + tlsConf *tls.Config, + params *handshake.TransportParameters, + initialVersion protocol.VersionNumber, + initialPacketNumber protocol.PacketNumber, + logger utils.Logger, + v protocol.VersionNumber, + ) (quicSession, error) ) // generate a packet sent by the server that accepts the QUIC version suggested by the client @@ -79,12 +90,6 @@ var _ = Describe("Client", func() { mockMultiplexer = NewMockMultiplexer(mockCtrl) origMultiplexer = connMuxer connMuxer = mockMultiplexer - for _, v := range protocol.SupportedVersions { - if v != protocol.Version44 { - supportedVersionsWithoutGQUIC44 = append(supportedVersionsWithoutGQUIC44, v) - } - } - Expect(supportedVersionsWithoutGQUIC44).ToNot(BeEmpty()) }) AfterEach(func() { @@ -131,14 +136,16 @@ var _ = Describe("Client", func() { newClientSession = func( conn connection, _ sessionRunner, - _ protocol.VersionNumber, + _ []byte, // token _ protocol.ConnectionID, _ protocol.ConnectionID, - _ *tls.Config, _ *Config, + _ *tls.Config, + _ *handshake.TransportParameters, _ protocol.VersionNumber, - _ []protocol.VersionNumber, + _ protocol.PacketNumber, _ utils.Logger, + _ protocol.VersionNumber, ) (quicSession, error) { remoteAddrChan <- conn.RemoteAddr().String() sess := NewMockQuicSession(mockCtrl) @@ -159,14 +166,16 @@ var _ = Describe("Client", func() { newClientSession = func( _ connection, _ sessionRunner, - _ protocol.VersionNumber, + _ []byte, // token _ protocol.ConnectionID, _ protocol.ConnectionID, - tlsConf *tls.Config, _ *Config, + tlsConf *tls.Config, + _ *handshake.TransportParameters, _ protocol.VersionNumber, - _ []protocol.VersionNumber, + _ protocol.PacketNumber, _ utils.Logger, + _ protocol.VersionNumber, ) (quicSession, error) { hostnameChan <- tlsConf.ServerName sess := NewMockQuicSession(mockCtrl) @@ -187,14 +196,16 @@ var _ = Describe("Client", func() { newClientSession = func( _ connection, runner sessionRunner, - _ protocol.VersionNumber, + _ []byte, // token _ protocol.ConnectionID, _ protocol.ConnectionID, - _ *tls.Config, _ *Config, + _ *tls.Config, + _ *handshake.TransportParameters, _ protocol.VersionNumber, - _ []protocol.VersionNumber, + _ protocol.PacketNumber, _ utils.Logger, + _ protocol.VersionNumber, ) (quicSession, error) { sess := NewMockQuicSession(mockCtrl) sess.EXPECT().run().Do(func() { close(run) }) @@ -206,25 +217,13 @@ var _ = Describe("Client", func() { addr, "quic.clemente.io:1337", nil, - &Config{Versions: supportedVersionsWithoutGQUIC44}, + &Config{}, ) Expect(err).ToNot(HaveOccurred()) Expect(s).ToNot(BeNil()) Eventually(run).Should(BeClosed()) }) - It("refuses to multiplex gQUIC 44", func() { - _, err := Dial( - packetConn, - addr, - "quic.clemente.io:1337", - nil, - &Config{Versions: []protocol.VersionNumber{protocol.Version44}}, - ) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("Cannot multiplex connections using gQUIC 44")) - }) - It("returns an error that occurs while waiting for the connection to become secure", func() { manager := NewMockPacketHandlerManager(mockCtrl) manager.EXPECT().Add(gomock.Any(), gomock.Any()) @@ -232,16 +231,18 @@ var _ = Describe("Client", func() { testErr := errors.New("early handshake error") newClientSession = func( - conn connection, + _ connection, _ sessionRunner, - _ protocol.VersionNumber, + _ []byte, // token _ protocol.ConnectionID, _ protocol.ConnectionID, - _ *tls.Config, _ *Config, + _ *tls.Config, + _ *handshake.TransportParameters, _ protocol.VersionNumber, - _ []protocol.VersionNumber, + _ protocol.PacketNumber, _ utils.Logger, + _ protocol.VersionNumber, ) (quicSession, error) { sess := NewMockQuicSession(mockCtrl) sess.EXPECT().run().Return(testErr) @@ -253,7 +254,7 @@ var _ = Describe("Client", func() { addr, "quic.clemente.io:1337", nil, - &Config{Versions: supportedVersionsWithoutGQUIC44}, + &Config{}, ) Expect(err).To(MatchError(testErr)) }) @@ -270,16 +271,18 @@ var _ = Describe("Client", func() { <-sessionRunning }) newClientSession = func( - conn connection, + _ connection, _ sessionRunner, - _ protocol.VersionNumber, + _ []byte, // token _ protocol.ConnectionID, _ protocol.ConnectionID, - _ *tls.Config, _ *Config, + _ *tls.Config, + _ *handshake.TransportParameters, _ protocol.VersionNumber, - _ []protocol.VersionNumber, + _ protocol.PacketNumber, _ utils.Logger, + _ protocol.VersionNumber, ) (quicSession, error) { return sess, nil } @@ -293,7 +296,7 @@ var _ = Describe("Client", func() { addr, "quic.clemnte.io:1337", nil, - &Config{Versions: supportedVersionsWithoutGQUIC44}, + &Config{}, ) Expect(err).To(MatchError(context.Canceled)) close(dialed) @@ -313,16 +316,18 @@ var _ = Describe("Client", func() { var runner sessionRunner sess := NewMockQuicSession(mockCtrl) newClientSession = func( - conn connection, + _ connection, runnerP sessionRunner, - _ protocol.VersionNumber, + _ []byte, // token _ protocol.ConnectionID, _ protocol.ConnectionID, - _ *tls.Config, _ *Config, + _ *tls.Config, + _ *handshake.TransportParameters, _ protocol.VersionNumber, - _ []protocol.VersionNumber, + _ protocol.PacketNumber, _ utils.Logger, + _ protocol.VersionNumber, ) (quicSession, error) { runner = runnerP return sess, nil @@ -337,7 +342,7 @@ var _ = Describe("Client", func() { addr, "quic.clemnte.io:1337", nil, - &Config{Versions: supportedVersionsWithoutGQUIC44}, + &Config{}, ) Expect(err).ToNot(HaveOccurred()) }) @@ -354,14 +359,16 @@ var _ = Describe("Client", func() { newClientSession = func( connP connection, _ sessionRunner, - _ protocol.VersionNumber, + _ []byte, // token _ protocol.ConnectionID, _ protocol.ConnectionID, - _ *tls.Config, _ *Config, + _ *tls.Config, + _ *handshake.TransportParameters, _ protocol.VersionNumber, - _ []protocol.VersionNumber, + _ protocol.PacketNumber, _ utils.Logger, + _ protocol.VersionNumber, ) (quicSession, error) { conn = connP close(sessionCreated) @@ -397,39 +404,20 @@ var _ = Describe("Client", func() { Context("quic.Config", func() { It("setups with the right values", func() { config := &Config{ - HandshakeTimeout: 1337 * time.Minute, - IdleTimeout: 42 * time.Hour, - RequestConnectionIDOmission: true, - MaxIncomingStreams: 1234, - MaxIncomingUniStreams: 4321, - ConnectionIDLength: 13, - Versions: supportedVersionsWithoutGQUIC44, + HandshakeTimeout: 1337 * time.Minute, + IdleTimeout: 42 * time.Hour, + MaxIncomingStreams: 1234, + MaxIncomingUniStreams: 4321, + ConnectionIDLength: 13, } c := populateClientConfig(config, false) Expect(c.HandshakeTimeout).To(Equal(1337 * time.Minute)) Expect(c.IdleTimeout).To(Equal(42 * time.Hour)) - Expect(c.RequestConnectionIDOmission).To(BeTrue()) Expect(c.MaxIncomingStreams).To(Equal(1234)) Expect(c.MaxIncomingUniStreams).To(Equal(4321)) Expect(c.ConnectionIDLength).To(Equal(13)) }) - It("uses a 0 byte connection IDs if gQUIC 44 is supported", func() { - config := &Config{ - Versions: []protocol.VersionNumber{protocol.Version43, protocol.Version44}, - ConnectionIDLength: 13, - } - c := populateClientConfig(config, false) - Expect(c.Versions).To(Equal([]protocol.VersionNumber{protocol.Version43, protocol.Version44})) - Expect(c.ConnectionIDLength).To(BeZero()) - }) - - It("doesn't use 0-byte connection IDs when dialing an address", func() { - config := &Config{Versions: supportedVersionsWithoutGQUIC44} - c := populateClientConfig(config, false) - Expect(c.ConnectionIDLength).To(Equal(protocol.DefaultConnectionIDLength)) - }) - It("errors when the Config contains an invalid version", func() { manager := NewMockPacketHandlerManager(mockCtrl) mockMultiplexer.EXPECT().AddConn(packetConn, gomock.Any()).Return(manager, nil) @@ -470,194 +458,160 @@ var _ = Describe("Client", func() { Expect(c.Versions).To(Equal(protocol.SupportedVersions)) Expect(c.HandshakeTimeout).To(Equal(protocol.DefaultHandshakeTimeout)) Expect(c.IdleTimeout).To(Equal(protocol.DefaultIdleTimeout)) - Expect(c.RequestConnectionIDOmission).To(BeFalse()) }) }) - Context("gQUIC", func() { - It("errors if it can't create a session", func() { - manager := NewMockPacketHandlerManager(mockCtrl) - mockMultiplexer.EXPECT().AddConn(packetConn, gomock.Any()).Return(manager, nil) + It("creates new TLS sessions with the right parameters", func() { + manager := NewMockPacketHandlerManager(mockCtrl) + manager.EXPECT().Add(connID, gomock.Any()) + mockMultiplexer.EXPECT().AddConn(packetConn, gomock.Any()).Return(manager, nil) - testErr := errors.New("error creating session") - newClientSession = func( - _ connection, - _ sessionRunner, - _ protocol.VersionNumber, - _ protocol.ConnectionID, - _ protocol.ConnectionID, - _ *tls.Config, - _ *Config, - _ protocol.VersionNumber, - _ []protocol.VersionNumber, - _ utils.Logger, - ) (quicSession, error) { - return nil, testErr - } - _, err := Dial( - packetConn, - addr, - "quic.clemente.io:1337", - nil, - &Config{Versions: supportedVersionsWithoutGQUIC44}, - ) - Expect(err).To(MatchError(testErr)) - }) - }) - - Context("IETF QUIC", func() { - It("creates new TLS sessions with the right parameters", func() { - manager := NewMockPacketHandlerManager(mockCtrl) - manager.EXPECT().Add(connID, gomock.Any()) - mockMultiplexer.EXPECT().AddConn(packetConn, gomock.Any()).Return(manager, nil) - - config := &Config{Versions: []protocol.VersionNumber{protocol.VersionTLS}} - c := make(chan struct{}) - var cconn connection - var version protocol.VersionNumber - var conf *Config - newTLSClientSession = func( - connP connection, - _ sessionRunner, - tokenP []byte, - _ protocol.ConnectionID, - _ protocol.ConnectionID, - configP *Config, - _ *tls.Config, - params *handshake.TransportParameters, - _ protocol.VersionNumber, /* initial version */ - _ protocol.PacketNumber, - _ utils.Logger, - versionP protocol.VersionNumber, - ) (quicSession, error) { - cconn = connP - version = versionP - conf = configP - close(c) - // TODO: check connection IDs? - sess := NewMockQuicSession(mockCtrl) - sess.EXPECT().run() - return sess, nil - } - _, err := Dial(packetConn, addr, "quic.clemente.io:1337", nil, config) - Expect(err).ToNot(HaveOccurred()) - Eventually(c).Should(BeClosed()) - Expect(cconn.(*conn).pconn).To(Equal(packetConn)) - Expect(version).To(Equal(config.Versions[0])) - Expect(conf.Versions).To(Equal(config.Versions)) - }) - - It("creates a new session when the server performs a retry", func() { - manager := NewMockPacketHandlerManager(mockCtrl) - manager.EXPECT().Add(gomock.Any(), gomock.Any()).Do(func(id protocol.ConnectionID, handler packetHandler) { - go handler.handlePacket(&receivedPacket{ - header: &wire.Header{ - IsLongHeader: true, - Type: protocol.PacketTypeRetry, - Token: []byte("foobar"), - DestConnectionID: id, - OrigDestConnectionID: connID, - }, - }) - }) - manager.EXPECT().Add(gomock.Any(), gomock.Any()) - mockMultiplexer.EXPECT().AddConn(packetConn, gomock.Any()).Return(manager, nil) - - config := &Config{Versions: []protocol.VersionNumber{protocol.VersionTLS}} - cl.config = config - run1 := make(chan error) - sess1 := NewMockQuicSession(mockCtrl) - sess1.EXPECT().run().DoAndReturn(func() error { - return <-run1 - }) - sess1.EXPECT().destroy(errCloseSessionForRetry).Do(func(e error) { - run1 <- e - }) - sess2 := NewMockQuicSession(mockCtrl) - sess2.EXPECT().run() - sessions := make(chan quicSession, 2) - sessions <- sess1 - sessions <- sess2 - newTLSClientSession = func( - _ connection, - _ sessionRunner, - _ []byte, - _ protocol.ConnectionID, - _ protocol.ConnectionID, - _ *Config, - _ *tls.Config, - _ *handshake.TransportParameters, - _ protocol.VersionNumber, /* initial version */ - _ protocol.PacketNumber, - _ utils.Logger, - _ protocol.VersionNumber, - ) (quicSession, error) { - return <-sessions, nil - } - _, err := Dial(packetConn, addr, "quic.clemente.io:1337", nil, config) - Expect(err).ToNot(HaveOccurred()) - Expect(sessions).To(BeEmpty()) - }) - - It("only accepts a single retry", func() { - manager := NewMockPacketHandlerManager(mockCtrl) - manager.EXPECT().Add(gomock.Any(), gomock.Any()).Do(func(id protocol.ConnectionID, handler packetHandler) { - go handler.handlePacket(&receivedPacket{ - header: &wire.Header{ - IsLongHeader: true, - Type: protocol.PacketTypeRetry, - Token: []byte("foobar"), - SrcConnectionID: protocol.ConnectionID{1, 2, 3, 4}, - DestConnectionID: id, - OrigDestConnectionID: connID, - Version: protocol.VersionTLS, - }, - }) - }).AnyTimes() - manager.EXPECT().Add(gomock.Any(), gomock.Any()).AnyTimes() - mockMultiplexer.EXPECT().AddConn(packetConn, gomock.Any()).Return(manager, nil) - - config := &Config{Versions: []protocol.VersionNumber{protocol.VersionTLS}} - cl.config = config - - sessions := make(chan quicSession, 2) - run := make(chan error) + config := &Config{Versions: []protocol.VersionNumber{protocol.VersionTLS}} + c := make(chan struct{}) + var cconn connection + var version protocol.VersionNumber + var conf *Config + newClientSession = func( + connP connection, + _ sessionRunner, + tokenP []byte, + _ protocol.ConnectionID, + _ protocol.ConnectionID, + configP *Config, + _ *tls.Config, + params *handshake.TransportParameters, + _ protocol.VersionNumber, /* initial version */ + _ protocol.PacketNumber, + _ utils.Logger, + versionP protocol.VersionNumber, + ) (quicSession, error) { + cconn = connP + version = versionP + conf = configP + close(c) + // TODO: check connection IDs? sess := NewMockQuicSession(mockCtrl) - sess.EXPECT().run().DoAndReturn(func() error { - defer GinkgoRecover() - var err error - Eventually(run).Should(Receive(&err)) - return err - }) - sess.EXPECT().destroy(gomock.Any()).Do(func(e error) { - run <- e - }) - sessions <- sess - doneErr := errors.New("nothing to do") - sess = NewMockQuicSession(mockCtrl) - sess.EXPECT().run().Return(doneErr) - sessions <- sess + sess.EXPECT().run() + return sess, nil + } + _, err := Dial(packetConn, addr, "quic.clemente.io:1337", nil, config) + Expect(err).ToNot(HaveOccurred()) + Eventually(c).Should(BeClosed()) + Expect(cconn.(*conn).pconn).To(Equal(packetConn)) + Expect(version).To(Equal(config.Versions[0])) + Expect(conf.Versions).To(Equal(config.Versions)) + }) - newTLSClientSession = func( - _ connection, - _ sessionRunner, - _ []byte, - _ protocol.ConnectionID, - _ protocol.ConnectionID, - _ *Config, - _ *tls.Config, - _ *handshake.TransportParameters, - _ protocol.VersionNumber, /* initial version */ - _ protocol.PacketNumber, - _ utils.Logger, - _ protocol.VersionNumber, - ) (quicSession, error) { - return <-sessions, nil - } - _, err := Dial(packetConn, addr, "quic.clemente.io:1337", nil, config) - Expect(err).To(MatchError(doneErr)) - Expect(sessions).To(BeEmpty()) + It("creates a new session when the server performs a retry", func() { + manager := NewMockPacketHandlerManager(mockCtrl) + manager.EXPECT().Add(gomock.Any(), gomock.Any()).Do(func(id protocol.ConnectionID, handler packetHandler) { + go handler.handlePacket(&receivedPacket{ + header: &wire.Header{ + IsLongHeader: true, + Type: protocol.PacketTypeRetry, + Token: []byte("foobar"), + DestConnectionID: id, + OrigDestConnectionID: connID, + }, + }) }) + manager.EXPECT().Add(gomock.Any(), gomock.Any()) + mockMultiplexer.EXPECT().AddConn(packetConn, gomock.Any()).Return(manager, nil) + + config := &Config{Versions: []protocol.VersionNumber{protocol.VersionTLS}} + cl.config = config + run1 := make(chan error) + sess1 := NewMockQuicSession(mockCtrl) + sess1.EXPECT().run().DoAndReturn(func() error { + return <-run1 + }) + sess1.EXPECT().destroy(errCloseSessionForRetry).Do(func(e error) { + run1 <- e + }) + sess2 := NewMockQuicSession(mockCtrl) + sess2.EXPECT().run() + sessions := make(chan quicSession, 2) + sessions <- sess1 + sessions <- sess2 + newClientSession = func( + conn connection, + _ sessionRunner, + _ []byte, // token + _ protocol.ConnectionID, + _ protocol.ConnectionID, + _ *Config, + _ *tls.Config, + _ *handshake.TransportParameters, + _ protocol.VersionNumber, + _ protocol.PacketNumber, + _ utils.Logger, + _ protocol.VersionNumber, + ) (quicSession, error) { + return <-sessions, nil + } + _, err := Dial(packetConn, addr, "quic.clemente.io:1337", nil, config) + Expect(err).ToNot(HaveOccurred()) + Expect(sessions).To(BeEmpty()) + }) + + It("only accepts a single retry", func() { + manager := NewMockPacketHandlerManager(mockCtrl) + manager.EXPECT().Add(gomock.Any(), gomock.Any()).Do(func(id protocol.ConnectionID, handler packetHandler) { + go handler.handlePacket(&receivedPacket{ + header: &wire.Header{ + IsLongHeader: true, + Type: protocol.PacketTypeRetry, + Token: []byte("foobar"), + SrcConnectionID: protocol.ConnectionID{1, 2, 3, 4}, + DestConnectionID: id, + OrigDestConnectionID: connID, + Version: protocol.VersionTLS, + }, + }) + }).AnyTimes() + manager.EXPECT().Add(gomock.Any(), gomock.Any()).AnyTimes() + mockMultiplexer.EXPECT().AddConn(packetConn, gomock.Any()).Return(manager, nil) + + config := &Config{Versions: []protocol.VersionNumber{protocol.VersionTLS}} + cl.config = config + + sessions := make(chan quicSession, 2) + run := make(chan error) + sess := NewMockQuicSession(mockCtrl) + sess.EXPECT().run().DoAndReturn(func() error { + defer GinkgoRecover() + var err error + Eventually(run).Should(Receive(&err)) + return err + }) + sess.EXPECT().destroy(gomock.Any()).Do(func(e error) { + run <- e + }) + sessions <- sess + doneErr := errors.New("nothing to do") + sess = NewMockQuicSession(mockCtrl) + sess.EXPECT().run().Return(doneErr) + sessions <- sess + + newClientSession = func( + conn connection, + _ sessionRunner, + _ []byte, // token + _ protocol.ConnectionID, + _ protocol.ConnectionID, + _ *Config, + _ *tls.Config, + _ *handshake.TransportParameters, + _ protocol.VersionNumber, + _ protocol.PacketNumber, + _ utils.Logger, + _ protocol.VersionNumber, + ) (quicSession, error) { + return <-sessions, nil + } + _, err := Dial(packetConn, addr, "quic.clemente.io:1337", nil, config) + Expect(err).To(MatchError(doneErr)) + Expect(sessions).To(BeEmpty()) }) Context("version negotiation", func() { @@ -681,14 +635,16 @@ var _ = Describe("Client", func() { newClientSession = func( conn connection, _ sessionRunner, - _ protocol.VersionNumber, + _ []byte, // token _ protocol.ConnectionID, _ protocol.ConnectionID, - _ *tls.Config, _ *Config, + _ *tls.Config, + _ *handshake.TransportParameters, _ protocol.VersionNumber, - _ []protocol.VersionNumber, + _ protocol.PacketNumber, _ utils.Logger, + _ protocol.VersionNumber, ) (quicSession, error) { Expect(conn.Write([]byte("0 fake CHLO"))).To(Succeed()) sess := NewMockQuicSession(mockCtrl) @@ -700,7 +656,7 @@ var _ = Describe("Client", func() { addr, "quic.clemente.io:1337", nil, - &Config{Versions: supportedVersionsWithoutGQUIC44}, + &Config{}, ) Expect(err).To(MatchError(testErr)) }) @@ -721,103 +677,6 @@ var _ = Describe("Client", func() { Expect(cl.versionNegotiated).To(BeTrue()) }) - It("changes the version after receiving a Version Negotiation Packet", func() { - phm := NewMockPacketHandlerManager(mockCtrl) - phm.EXPECT().Add(connID, gomock.Any()).Times(2) - cl.packetHandlers = phm - - version1 := protocol.Version39 - version2 := protocol.Version39 + 1 - Expect(version2.UsesTLS()).To(BeFalse()) - sess1 := NewMockQuicSession(mockCtrl) - run1 := make(chan struct{}) - sess1.EXPECT().run().Do(func() { <-run1 }).Return(errCloseSessionForNewVersion) - sess1.EXPECT().destroy(errCloseSessionForNewVersion).Do(func(error) { close(run1) }) - sess2 := NewMockQuicSession(mockCtrl) - sess2.EXPECT().run() - sessionChan := make(chan *MockQuicSession, 2) - sessionChan <- sess1 - sessionChan <- sess2 - newClientSession = func( - _ connection, - _ sessionRunner, - _ protocol.VersionNumber, - _ protocol.ConnectionID, - _ protocol.ConnectionID, - _ *tls.Config, - _ *Config, - _ protocol.VersionNumber, - _ []protocol.VersionNumber, - _ utils.Logger, - ) (quicSession, error) { - return <-sessionChan, nil - } - - cl.tlsConf = &tls.Config{} - cl.config = &Config{Versions: []protocol.VersionNumber{version1, version2}} - dialed := make(chan struct{}) - go func() { - defer GinkgoRecover() - err := cl.dial(context.Background()) - Expect(err).ToNot(HaveOccurred()) - close(dialed) - }() - Eventually(sessionChan).Should(HaveLen(1)) - cl.handlePacket(composeVersionNegotiationPacket(connID, []protocol.VersionNumber{version2})) - Eventually(sessionChan).Should(BeEmpty()) - }) - - It("only accepts one version negotiation packet", func() { - phm := NewMockPacketHandlerManager(mockCtrl) - phm.EXPECT().Add(connID, gomock.Any()).Times(2) - cl.packetHandlers = phm - version1 := protocol.Version39 - version2 := protocol.Version39 + 1 - version3 := protocol.Version39 + 2 - Expect(version2.UsesTLS()).To(BeFalse()) - Expect(version3.UsesTLS()).To(BeFalse()) - sess1 := NewMockQuicSession(mockCtrl) - run1 := make(chan struct{}) - sess1.EXPECT().run().Do(func() { <-run1 }).Return(errCloseSessionForNewVersion) - sess1.EXPECT().destroy(errCloseSessionForNewVersion).Do(func(error) { close(run1) }) - sess2 := NewMockQuicSession(mockCtrl) - sess2.EXPECT().run() - sessionChan := make(chan *MockQuicSession, 2) - sessionChan <- sess1 - sessionChan <- sess2 - newClientSession = func( - _ connection, - _ sessionRunner, - _ protocol.VersionNumber, - _ protocol.ConnectionID, - _ protocol.ConnectionID, - _ *tls.Config, - _ *Config, - _ protocol.VersionNumber, - _ []protocol.VersionNumber, - _ utils.Logger, - ) (quicSession, error) { - return <-sessionChan, nil - } - - cl.tlsConf = &tls.Config{} - cl.config = &Config{Versions: []protocol.VersionNumber{version1, version2, version3}} - dialed := make(chan struct{}) - go func() { - defer GinkgoRecover() - err := cl.dial(context.Background()) - Expect(err).ToNot(HaveOccurred()) - close(dialed) - }() - Eventually(sessionChan).Should(HaveLen(1)) - cl.handlePacket(composeVersionNegotiationPacket(connID, []protocol.VersionNumber{version2})) - Eventually(sessionChan).Should(BeEmpty()) - Expect(cl.version).To(Equal(version2)) - cl.handlePacket(composeVersionNegotiationPacket(connID, []protocol.VersionNumber{version3})) - Eventually(dialed).Should(BeClosed()) - Expect(cl.version).To(Equal(version2)) - }) - It("errors if no matching version is found", func() { sess := NewMockQuicSession(mockCtrl) sess.EXPECT().destroy(qerr.InvalidVersion) @@ -863,26 +722,8 @@ var _ = Describe("Client", func() { Expect(cl.GetVersion()).To(Equal(cl.version)) }) - It("ignores packets without connection id, if it didn't request connection id trunctation", func() { - cl.version = versionGQUICFrames - cl.session = NewMockQuicSession(mockCtrl) // don't EXPECT any handlePacket calls - cl.config = &Config{RequestConnectionIDOmission: false} - hdr := &wire.Header{ - IsPublicHeader: true, - PacketNumber: 1, - PacketNumberLen: 1, - } - err := cl.handlePacketImpl(&receivedPacket{ - remoteAddr: addr, - header: hdr, - }) - Expect(err).To(MatchError("received packet with truncated connection ID, but didn't request truncation")) - }) - It("ignores packets with the wrong destination connection ID", func() { cl.session = NewMockQuicSession(mockCtrl) // don't EXPECT any handlePacket calls - cl.version = versionIETFFrames - cl.config = &Config{RequestConnectionIDOmission: false} connID2 := protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1} Expect(connID).ToNot(Equal(connID2)) hdr := &wire.Header{ @@ -890,7 +731,6 @@ var _ = Describe("Client", func() { SrcConnectionID: connID, PacketNumber: 1, PacketNumberLen: protocol.PacketNumberLen1, - Version: versionIETFFrames, } err := cl.handlePacketImpl(&receivedPacket{ remoteAddr: addr, @@ -898,110 +738,4 @@ var _ = Describe("Client", func() { }) Expect(err).To(MatchError(fmt.Sprintf("received a packet with an unexpected connection ID (0x0807060504030201, expected %s)", connID))) }) - - It("creates new gQUIC sessions with the right parameters", func() { - manager := NewMockPacketHandlerManager(mockCtrl) - manager.EXPECT().Add(gomock.Any(), gomock.Any()) - mockMultiplexer.EXPECT().AddConn(packetConn, gomock.Any()).Return(manager, nil) - - c := make(chan struct{}) - var cconn connection - var hostname string - var version protocol.VersionNumber - var conf *Config - newClientSession = func( - connP connection, - _ sessionRunner, - versionP protocol.VersionNumber, - connIDP protocol.ConnectionID, - _ protocol.ConnectionID, - tlsConf *tls.Config, - configP *Config, - _ protocol.VersionNumber, - _ []protocol.VersionNumber, - _ utils.Logger, - ) (quicSession, error) { - cconn = connP - hostname = tlsConf.ServerName - version = versionP - conf = configP - connID = connIDP - close(c) - sess := NewMockQuicSession(mockCtrl) - sess.EXPECT().run() - return sess, nil - } - - config := &Config{Versions: supportedVersionsWithoutGQUIC44} - _, err := Dial( - packetConn, - addr, - "quic.clemente.io:1337", - nil, - config, - ) - Expect(err).ToNot(HaveOccurred()) - Eventually(c).Should(BeClosed()) - Expect(cconn.(*conn).pconn).To(Equal(packetConn)) - Expect(hostname).To(Equal("quic.clemente.io")) - Expect(version).To(Equal(config.Versions[0])) - Expect(conf.Versions).To(Equal(config.Versions)) - }) - - Context("Public Reset handling", func() { - var ( - pr []byte - hdr *wire.Header - hdrLen int - ) - - BeforeEach(func() { - cl.config = &Config{} - - pr = wire.WritePublicReset(cl.destConnID, 1, 0) - r := bytes.NewReader(pr) - iHdr, err := wire.ParseInvariantHeader(r, 0) - Expect(err).ToNot(HaveOccurred()) - hdr, err = iHdr.Parse(r, protocol.PerspectiveServer, versionGQUICFrames) - Expect(err).ToNot(HaveOccurred()) - hdrLen = r.Len() - }) - - It("closes the session when receiving a Public Reset", func() { - cl.version = versionGQUICFrames - sess := NewMockQuicSession(mockCtrl) - sess.EXPECT().closeRemote(gomock.Any()).Do(func(err error) { - Expect(err.(*qerr.QuicError).ErrorCode).To(Equal(qerr.PublicReset)) - }) - cl.session = sess - cl.handlePacketImpl(&receivedPacket{ - remoteAddr: addr, - header: hdr, - data: pr[len(pr)-hdrLen:], - }) - }) - - It("ignores Public Resets from the wrong remote address", func() { - cl.version = versionGQUICFrames - cl.session = NewMockQuicSession(mockCtrl) // don't EXPECT any calls - spoofedAddr := &net.UDPAddr{IP: net.IPv4(1, 2, 3, 4), Port: 5678} - err := cl.handlePacketImpl(&receivedPacket{ - remoteAddr: spoofedAddr, - header: hdr, - data: pr[len(pr)-hdrLen:], - }) - Expect(err).To(MatchError("Received a spoofed Public Reset")) - }) - - It("ignores unparseable Public Resets", func() { - cl.version = versionGQUICFrames - cl.session = NewMockQuicSession(mockCtrl) // don't EXPECT any calls - err := cl.handlePacketImpl(&receivedPacket{ - remoteAddr: addr, - header: hdr, - data: pr[len(pr)-hdrLen : len(pr)-5], // cut off the last 5 bytes - }) - Expect(err.Error()).To(ContainSubstring("Received a Public Reset. An error occurred parsing the packet")) - }) - }) }) diff --git a/example/client/main.go b/example/client/main.go index 825b5ab7..bec0bc3e 100644 --- a/example/client/main.go +++ b/example/client/main.go @@ -7,15 +7,12 @@ import ( "net/http" "sync" - quic "github.com/lucas-clemente/quic-go" "github.com/lucas-clemente/quic-go/h2quic" - "github.com/lucas-clemente/quic-go/internal/protocol" "github.com/lucas-clemente/quic-go/internal/utils" ) func main() { verbose := flag.Bool("v", false, "verbose") - tls := flag.Bool("tls", false, "activate support for IETF QUIC (work in progress)") quiet := flag.Bool("q", false, "don't print the data") flag.Parse() urls := flag.Args() @@ -29,14 +26,7 @@ func main() { } logger.SetLogTimeFormat("") - versions := protocol.SupportedVersions - if *tls { - versions = append([]protocol.VersionNumber{protocol.VersionTLS}, versions...) - } - - roundTripper := &h2quic.RoundTripper{ - QuicConfig: &quic.Config{Versions: versions}, - } + roundTripper := &h2quic.RoundTripper{} defer roundTripper.Close() hclient := &http.Client{ Transport: roundTripper, diff --git a/example/main.go b/example/main.go index e83fb870..f008badc 100644 --- a/example/main.go +++ b/example/main.go @@ -17,9 +17,7 @@ import ( _ "net/http/pprof" - quic "github.com/lucas-clemente/quic-go" "github.com/lucas-clemente/quic-go/h2quic" - "github.com/lucas-clemente/quic-go/internal/protocol" "github.com/lucas-clemente/quic-go/internal/utils" ) @@ -123,7 +121,6 @@ func main() { certPath := flag.String("certpath", getBuildDir(), "certificate directory") www := flag.String("www", "/var/www", "www data") tcp := flag.Bool("tcp", false, "also listen on TCP") - tls := flag.Bool("tls", false, "activate support for IETF QUIC (work in progress)") flag.Parse() logger := utils.DefaultLogger @@ -135,11 +132,6 @@ func main() { } logger.SetLogTimeFormat("") - versions := protocol.SupportedVersions - if *tls { - versions = append([]protocol.VersionNumber{protocol.VersionTLS}, versions...) - } - certFile := *certPath + "/fullchain.pem" keyFile := *certPath + "/privkey.pem" @@ -159,8 +151,7 @@ func main() { err = h2quic.ListenAndServe(bCap, certFile, keyFile, nil) } else { server := h2quic.Server{ - Server: &http.Server{Addr: bCap}, - QuicConfig: &quic.Config{Versions: versions}, + Server: &http.Server{Addr: bCap}, } err = server.ListenAndServeTLS(certFile, keyFile) } diff --git a/h2quic/client.go b/h2quic/client.go index dddc0d23..10366d22 100644 --- a/h2quic/client.go +++ b/h2quic/client.go @@ -52,10 +52,7 @@ type client struct { var _ http.RoundTripper = &client{} -var defaultQuicConfig = &quic.Config{ - RequestConnectionIDOmission: true, - KeepAlive: true, -} +var defaultQuicConfig = &quic.Config{KeepAlive: true} // newClient creates a new client func newClient( diff --git a/integrationtests/chrome/chrome_suite_test.go b/integrationtests/chrome/chrome_suite_test.go deleted file mode 100644 index d54edfd1..00000000 --- a/integrationtests/chrome/chrome_suite_test.go +++ /dev/null @@ -1,210 +0,0 @@ -package chrome_test - -import ( - "bytes" - "fmt" - "io" - "io/ioutil" - "net/http" - "os" - "os/exec" - "runtime" - "strconv" - "strings" - "sync/atomic" - - "github.com/lucas-clemente/quic-go/integrationtests/tools/testserver" - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/utils" - - _ "github.com/lucas-clemente/quic-go/integrationtests/tools/testlog" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - "github.com/onsi/gomega/gexec" - - "testing" -) - -const ( - dataLen = 500 * 1024 // 500 KB - dataLongLen = 50 * 1024 * 1024 // 50 MB -) - -var ( - nFilesUploaded int32 // should be used atomically - doneCalled utils.AtomicBool -) - -func TestChrome(t *testing.T) { - RegisterFailHandler(Fail) - RunSpecs(t, "Chrome Suite") -} - -func init() { - // Requires the len & num GET parameters, e.g. /uploadtest?len=100&num=1 - http.HandleFunc("/uploadtest", func(w http.ResponseWriter, r *http.Request) { - defer GinkgoRecover() - response := uploadHTML - response = strings.Replace(response, "LENGTH", r.URL.Query().Get("len"), -1) - response = strings.Replace(response, "NUM", r.URL.Query().Get("num"), -1) - _, err := io.WriteString(w, response) - Expect(err).NotTo(HaveOccurred()) - }) - - // Requires the len & num GET parameters, e.g. /downloadtest?len=100&num=1 - http.HandleFunc("/downloadtest", func(w http.ResponseWriter, r *http.Request) { - defer GinkgoRecover() - response := downloadHTML - response = strings.Replace(response, "LENGTH", r.URL.Query().Get("len"), -1) - response = strings.Replace(response, "NUM", r.URL.Query().Get("num"), -1) - _, err := io.WriteString(w, response) - Expect(err).NotTo(HaveOccurred()) - }) - - http.HandleFunc("/uploadhandler", func(w http.ResponseWriter, r *http.Request) { - defer GinkgoRecover() - - l, err := strconv.Atoi(r.URL.Query().Get("len")) - Expect(err).NotTo(HaveOccurred()) - - defer r.Body.Close() - actual, err := ioutil.ReadAll(r.Body) - Expect(err).NotTo(HaveOccurred()) - - Expect(bytes.Equal(actual, testserver.GeneratePRData(l))).To(BeTrue()) - - atomic.AddInt32(&nFilesUploaded, 1) - }) - - http.HandleFunc("/done", func(w http.ResponseWriter, r *http.Request) { - doneCalled.Set(true) - }) -} - -var _ = AfterEach(func() { - testserver.StopQuicServer() - - atomic.StoreInt32(&nFilesUploaded, 0) - doneCalled.Set(false) -}) - -func getChromePath() string { - if runtime.GOOS == "darwin" { - return "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" - } - if path, err := exec.LookPath("google-chrome"); err == nil { - return path - } - if path, err := exec.LookPath("chromium-browser"); err == nil { - return path - } - Fail("No Chrome executable found.") - return "" -} - -func chromeTest(version protocol.VersionNumber, url string, blockUntilDone func()) { - userDataDir, err := ioutil.TempDir("", "quic-go-test-chrome-dir") - Expect(err).NotTo(HaveOccurred()) - defer os.RemoveAll(userDataDir) - path := getChromePath() - args := []string{ - "--disable-gpu", - "--no-first-run=true", - "--no-default-browser-check=true", - "--user-data-dir=" + userDataDir, - "--enable-quic=true", - "--no-proxy-server=true", - "--no-sandbox", - "--origin-to-force-quic-on=quic.clemente.io:443", - fmt.Sprintf(`--host-resolver-rules=MAP quic.clemente.io:443 127.0.0.1:%s`, testserver.Port()), - fmt.Sprintf("--quic-version=QUIC_VERSION_%s", version.ToAltSvc()), - url, - } - utils.DefaultLogger.Infof("Running chrome: %s '%s'", getChromePath(), strings.Join(args, "' '")) - command := exec.Command(path, args...) - session, err := gexec.Start(command, nil, nil) - Expect(err).NotTo(HaveOccurred()) - defer session.Kill() - blockUntilDone() -} - -func waitForDone() { - Eventually(func() bool { return doneCalled.Get() }, 60).Should(BeTrue()) -} - -func waitForNUploaded(expected int) func() { - return func() { - Eventually(func() int32 { - return atomic.LoadInt32(&nFilesUploaded) - }, 60).Should(BeEquivalentTo(expected)) - } -} - -const commonJS = ` -var buf = new ArrayBuffer(LENGTH); -var prng = new Uint8Array(buf); -var seed = 1; -for (var i = 0; i < LENGTH; i++) { - // https://en.wikipedia.org/wiki/Lehmer_random_number_generator - seed = seed * 48271 % 2147483647; - prng[i] = seed; -} -` - -const uploadHTML = ` - - - - - -` - -const downloadHTML = ` - - - - - -` diff --git a/integrationtests/chrome/chrome_test.go b/integrationtests/chrome/chrome_test.go deleted file mode 100644 index ff7cf640..00000000 --- a/integrationtests/chrome/chrome_test.go +++ /dev/null @@ -1,71 +0,0 @@ -package chrome_test - -import ( - "fmt" - - "github.com/lucas-clemente/quic-go/integrationtests/tools/testserver" - "github.com/lucas-clemente/quic-go/internal/protocol" - - . "github.com/onsi/ginkgo" -) - -var _ = Describe("Chrome tests", func() { - for i := range protocol.SupportedVersions { - version := protocol.SupportedVersions[i] - - Context(fmt.Sprintf("with version %s", version), func() { - JustBeforeEach(func() { - testserver.StartQuicServer([]protocol.VersionNumber{version}) - }) - - It("downloads a small file", func() { - chromeTest( - version, - fmt.Sprintf("https://quic.clemente.io/downloadtest?num=1&len=%d", dataLen), - waitForDone, - ) - }) - - It("downloads a large file", func() { - chromeTest( - version, - fmt.Sprintf("https://quic.clemente.io/downloadtest?num=1&len=%d", dataLongLen), - waitForDone, - ) - }) - - It("loads a large number of files", func() { - chromeTest( - version, - "https://quic.clemente.io/downloadtest?num=4&len=100", - waitForDone, - ) - }) - - It("uploads a small file", func() { - chromeTest( - version, - fmt.Sprintf("https://quic.clemente.io/uploadtest?num=1&len=%d", dataLen), - waitForNUploaded(1), - ) - }) - - It("uploads a large file", func() { - chromeTest( - version, - fmt.Sprintf("https://quic.clemente.io/uploadtest?num=1&len=%d", dataLongLen), - waitForNUploaded(1), - ) - }) - - It("uploads many small files", func() { - num := protocol.DefaultMaxIncomingStreams + 20 - chromeTest( - version, - fmt.Sprintf("https://quic.clemente.io/uploadtest?num=%d&len=%d", num, dataLen), - waitForNUploaded(num), - ) - }) - }) - } -}) diff --git a/integrationtests/gquic/drop_test.go b/integrationtests/gquic/drop_test.go deleted file mode 100644 index 4bb7e51e..00000000 --- a/integrationtests/gquic/drop_test.go +++ /dev/null @@ -1,137 +0,0 @@ -package gquic_test - -import ( - "bytes" - "fmt" - mrand "math/rand" - "os/exec" - "strconv" - - _ "github.com/lucas-clemente/quic-clients" // download clients - "github.com/lucas-clemente/quic-go/integrationtests/tools/proxy" - "github.com/lucas-clemente/quic-go/integrationtests/tools/testserver" - "github.com/lucas-clemente/quic-go/internal/protocol" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - . "github.com/onsi/gomega/gbytes" - . "github.com/onsi/gomega/gexec" -) - -var directions = []quicproxy.Direction{quicproxy.DirectionIncoming, quicproxy.DirectionOutgoing, quicproxy.DirectionBoth} - -var _ = Describe("Drop tests", func() { - var proxy *quicproxy.QuicProxy - - startProxy := func(dropCallback quicproxy.DropCallback, version protocol.VersionNumber) { - var err error - proxy, err = quicproxy.NewQuicProxy("localhost:0", version, &quicproxy.Opts{ - RemoteAddr: "localhost:" + testserver.Port(), - DropPacket: dropCallback, - }) - Expect(err).ToNot(HaveOccurred()) - } - - downloadFile := func(version protocol.VersionNumber) { - command := exec.Command( - clientPath, - "--quic-version="+version.ToAltSvc(), - "--host=127.0.0.1", - "--port="+strconv.Itoa(proxy.LocalPort()), - "https://quic.clemente.io/prdata", - ) - session, err := Start(command, nil, GinkgoWriter) - Expect(err).NotTo(HaveOccurred()) - defer session.Kill() - Eventually(session, 20).Should(Exit(0)) - Expect(bytes.Contains(session.Out.Contents(), testserver.PRData)).To(BeTrue()) - } - - downloadHello := func(version protocol.VersionNumber) { - command := exec.Command( - clientPath, - "--quic-version="+version.ToAltSvc(), - "--host=127.0.0.1", - "--port="+strconv.Itoa(proxy.LocalPort()), - "https://quic.clemente.io/hello", - ) - session, err := Start(command, nil, GinkgoWriter) - Expect(err).NotTo(HaveOccurred()) - defer session.Kill() - Eventually(session, 20).Should(Exit(0)) - Expect(session.Out).To(Say(":status 200")) - Expect(session.Out).To(Say("body: Hello, World!\n")) - } - - deterministicDropper := func(p, interval, dropInARow uint64) bool { - return (p % interval) < dropInARow - } - - stochasticDropper := func(freq int) bool { - return mrand.Int63n(int64(freq)) == 0 - } - - AfterEach(func() { - Expect(proxy.Close()).To(Succeed()) - }) - - for _, v := range protocol.SupportedVersions { - version := v - - Context(fmt.Sprintf("with QUIC version %s", version), func() { - Context("during the crypto handshake", func() { - for _, d := range directions { - direction := d - - It(fmt.Sprintf("establishes a connection when the first packet is lost in %s direction", d), func() { - startProxy(func(d quicproxy.Direction, p uint64) bool { - return p == 1 && d.Is(direction) - }, version) - downloadHello(version) - }) - - It(fmt.Sprintf("establishes a connection when the second packet is lost in %s direction", d), func() { - startProxy(func(d quicproxy.Direction, p uint64) bool { - return p == 2 && d.Is(direction) - }, version) - downloadHello(version) - }) - - It(fmt.Sprintf("establishes a connection when 1/5 of the packets are lost in %s direction", d), func() { - startProxy(func(d quicproxy.Direction, p uint64) bool { - return d.Is(direction) && stochasticDropper(5) - }, version) - downloadHello(version) - }) - } - }) - - Context("after the crypto handshake", func() { - for _, d := range directions { - direction := d - - It(fmt.Sprintf("downloads a file when every 5th packet is dropped in %s direction", d), func() { - startProxy(func(d quicproxy.Direction, p uint64) bool { - return p >= 10 && d.Is(direction) && deterministicDropper(p, 5, 1) - }, version) - downloadFile(version) - }) - - It(fmt.Sprintf("downloads a file when 1/5th of all packet are dropped randomly in %s direction", d), func() { - startProxy(func(d quicproxy.Direction, p uint64) bool { - return p >= 10 && d.Is(direction) && stochasticDropper(5) - }, version) - downloadFile(version) - }) - - It(fmt.Sprintf("downloads a file when 10 packets every 100 packet are dropped in %s direction", d), func() { - startProxy(func(d quicproxy.Direction, p uint64) bool { - return p >= 10 && d.Is(direction) && deterministicDropper(p, 100, 10) - }, version) - downloadFile(version) - }) - } - }) - }) - } -}) diff --git a/integrationtests/gquic/gquic_suite_test.go b/integrationtests/gquic/gquic_suite_test.go deleted file mode 100644 index f8183fdd..00000000 --- a/integrationtests/gquic/gquic_suite_test.go +++ /dev/null @@ -1,45 +0,0 @@ -package gquic_test - -import ( - "fmt" - "math/rand" - "path/filepath" - "runtime" - - _ "github.com/lucas-clemente/quic-go/integrationtests/tools/testlog" - "github.com/lucas-clemente/quic-go/integrationtests/tools/testserver" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - - "testing" -) - -var ( - clientPath string - serverPath string -) - -func TestIntegration(t *testing.T) { - RegisterFailHandler(Fail) - RunSpecs(t, "GQuic Tests Suite") -} - -var _ = BeforeSuite(func() { - rand.Seed(GinkgoRandomSeed()) -}) - -var _ = JustBeforeEach(func() { - testserver.StartQuicServer(nil) -}) - -var _ = AfterEach(testserver.StopQuicServer) - -func init() { - _, thisfile, _, ok := runtime.Caller(0) - if !ok { - panic("Failed to get current path") - } - clientPath = filepath.Join(thisfile, fmt.Sprintf("../../../../quic-clients/client-%s-debug", runtime.GOOS)) - serverPath = filepath.Join(thisfile, fmt.Sprintf("../../../../quic-clients/server-%s-debug", runtime.GOOS)) -} diff --git a/integrationtests/gquic/integration_test.go b/integrationtests/gquic/integration_test.go deleted file mode 100644 index 595a5582..00000000 --- a/integrationtests/gquic/integration_test.go +++ /dev/null @@ -1,98 +0,0 @@ -package gquic_test - -import ( - "bytes" - "fmt" - "os/exec" - "sync" - - "github.com/lucas-clemente/quic-go/integrationtests/tools/testserver" - "github.com/lucas-clemente/quic-go/internal/protocol" - - _ "github.com/lucas-clemente/quic-clients" // download clients - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - . "github.com/onsi/gomega/gbytes" - . "github.com/onsi/gomega/gexec" -) - -var _ = Describe("Integration tests", func() { - for i := range protocol.SupportedVersions { - version := protocol.SupportedVersions[i] - - Context(fmt.Sprintf("with QUIC version %s", version), func() { - It("gets a simple file", func() { - command := exec.Command( - clientPath, - "--quic-version="+version.ToAltSvc(), - "--host=127.0.0.1", - "--port="+testserver.Port(), - "https://quic.clemente.io/hello", - ) - session, err := Start(command, nil, GinkgoWriter) - Expect(err).NotTo(HaveOccurred()) - defer session.Kill() - Eventually(session, 5).Should(Exit(0)) - Expect(session.Out).To(Say(":status 200")) - Expect(session.Out).To(Say("body: Hello, World!\n")) - }) - - It("posts and reads a body", func() { - command := exec.Command( - clientPath, - "--quic-version="+version.ToAltSvc(), - "--host=127.0.0.1", - "--port="+testserver.Port(), - "--body=foo", - "https://quic.clemente.io/echo", - ) - session, err := Start(command, nil, GinkgoWriter) - Expect(err).NotTo(HaveOccurred()) - defer session.Kill() - Eventually(session, 5).Should(Exit(0)) - Expect(session.Out).To(Say(":status 200")) - Expect(session.Out).To(Say("body: foo\n")) - }) - - It("gets a file", func() { - command := exec.Command( - clientPath, - "--quic-version="+version.ToAltSvc(), - "--host=127.0.0.1", - "--port="+testserver.Port(), - "https://quic.clemente.io/prdata", - ) - session, err := Start(command, nil, GinkgoWriter) - Expect(err).NotTo(HaveOccurred()) - defer session.Kill() - Eventually(session, 10).Should(Exit(0)) - Expect(bytes.Contains(session.Out.Contents(), testserver.PRData)).To(BeTrue()) - }) - - It("gets many copies of a file in parallel", func() { - wg := sync.WaitGroup{} - for i := 0; i < 10; i++ { - wg.Add(1) - go func() { - defer wg.Done() - defer GinkgoRecover() - command := exec.Command( - clientPath, - "--quic-version="+version.ToAltSvc(), - "--host=127.0.0.1", - "--port="+testserver.Port(), - "https://quic.clemente.io/prdata", - ) - session, err := Start(command, nil, GinkgoWriter) - Expect(err).NotTo(HaveOccurred()) - defer session.Kill() - Eventually(session, 20).Should(Exit(0)) - Expect(bytes.Contains(session.Out.Contents(), testserver.PRData)).To(BeTrue()) - }() - } - wg.Wait() - }) - }) - } -}) diff --git a/integrationtests/gquic/random_rtt_test.go b/integrationtests/gquic/random_rtt_test.go deleted file mode 100644 index f51aa8d1..00000000 --- a/integrationtests/gquic/random_rtt_test.go +++ /dev/null @@ -1,95 +0,0 @@ -package gquic_test - -import ( - "bytes" - "fmt" - "math/rand" - "os/exec" - "strconv" - "time" - - _ "github.com/lucas-clemente/quic-clients" // download clients - "github.com/lucas-clemente/quic-go/integrationtests/tools/proxy" - "github.com/lucas-clemente/quic-go/integrationtests/tools/testserver" - "github.com/lucas-clemente/quic-go/internal/protocol" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - . "github.com/onsi/gomega/gexec" -) - -// get a random duration between min and max -func getRandomDuration(min, max time.Duration) time.Duration { - return min + time.Duration(rand.Int63n(int64(max-min))) -} - -var _ = Describe("Random Duration Generator", func() { - It("gets a random RTT", func() { - var min time.Duration = time.Hour - var max time.Duration - - var sum time.Duration - rep := 10000 - for i := 0; i < rep; i++ { - val := getRandomDuration(100*time.Millisecond, 500*time.Millisecond) - sum += val - if val < min { - min = val - } - if val > max { - max = val - } - } - avg := sum / time.Duration(rep) - Expect(avg).To(BeNumerically("~", 300*time.Millisecond, 5*time.Millisecond)) - Expect(min).To(BeNumerically(">=", 100*time.Millisecond)) - Expect(min).To(BeNumerically("<", 105*time.Millisecond)) - Expect(max).To(BeNumerically(">", 495*time.Millisecond)) - Expect(max).To(BeNumerically("<=", 500*time.Millisecond)) - }) -}) - -var _ = Describe("Random RTT", func() { - var proxy *quicproxy.QuicProxy - - runRTTTest := func(minRtt, maxRtt time.Duration, version protocol.VersionNumber) { - var err error - proxy, err = quicproxy.NewQuicProxy("localhost:", version, &quicproxy.Opts{ - RemoteAddr: "localhost:" + testserver.Port(), - DelayPacket: func(_ quicproxy.Direction, _ uint64) time.Duration { - return getRandomDuration(minRtt, maxRtt) - }, - }) - Expect(err).ToNot(HaveOccurred()) - - command := exec.Command( - clientPath, - "--quic-version="+version.ToAltSvc(), - "--host=127.0.0.1", - "--port="+strconv.Itoa(proxy.LocalPort()), - "https://quic.clemente.io/prdata", - ) - - session, err := Start(command, nil, GinkgoWriter) - Expect(err).NotTo(HaveOccurred()) - defer session.Kill() - Eventually(session, 20).Should(Exit(0)) - Expect(bytes.Contains(session.Out.Contents(), testserver.PRData)).To(BeTrue()) - } - - AfterEach(func() { - err := proxy.Close() - Expect(err).ToNot(HaveOccurred()) - time.Sleep(time.Millisecond) - }) - - for i := range protocol.SupportedVersions { - version := protocol.SupportedVersions[i] - - Context(fmt.Sprintf("with QUIC version %s", version), func() { - It("gets a file a random RTT between 10ms and 30ms", func() { - runRTTTest(10*time.Millisecond, 30*time.Millisecond, version) - }) - }) - } -}) diff --git a/integrationtests/gquic/rtt_test.go b/integrationtests/gquic/rtt_test.go deleted file mode 100644 index 669200ee..00000000 --- a/integrationtests/gquic/rtt_test.go +++ /dev/null @@ -1,66 +0,0 @@ -package gquic_test - -import ( - "bytes" - "fmt" - "os/exec" - "strconv" - "time" - - _ "github.com/lucas-clemente/quic-clients" // download clients - "github.com/lucas-clemente/quic-go/integrationtests/tools/proxy" - "github.com/lucas-clemente/quic-go/integrationtests/tools/testserver" - "github.com/lucas-clemente/quic-go/internal/protocol" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - . "github.com/onsi/gomega/gexec" -) - -var _ = Describe("non-zero RTT", func() { - var proxy *quicproxy.QuicProxy - - runRTTTest := func(rtt time.Duration, version protocol.VersionNumber) { - var err error - proxy, err = quicproxy.NewQuicProxy("localhost:", version, &quicproxy.Opts{ - RemoteAddr: "localhost:" + testserver.Port(), - DelayPacket: func(_ quicproxy.Direction, _ uint64) time.Duration { - return rtt / 2 - }, - }) - Expect(err).ToNot(HaveOccurred()) - - command := exec.Command( - clientPath, - "--quic-version="+version.ToAltSvc(), - "--host=127.0.0.1", - "--port="+strconv.Itoa(proxy.LocalPort()), - "https://quic.clemente.io/prdata", - ) - - session, err := Start(command, nil, GinkgoWriter) - Expect(err).NotTo(HaveOccurred()) - defer session.Kill() - Eventually(session, 20).Should(Exit(0)) - Expect(bytes.Contains(session.Out.Contents(), testserver.PRData)).To(BeTrue()) - } - - AfterEach(func() { - err := proxy.Close() - Expect(err).ToNot(HaveOccurred()) - time.Sleep(time.Millisecond) - }) - - for i := range protocol.SupportedVersions { - version := protocol.SupportedVersions[i] - - Context(fmt.Sprintf("with QUIC version %s", version), func() { - roundTrips := [...]int{10, 50, 100, 200} - for _, rtt := range roundTrips { - It(fmt.Sprintf("gets a 500kB file with %dms RTT", rtt), func() { - runRTTTest(time.Duration(rtt)*time.Millisecond, version) - }) - } - }) - } -}) diff --git a/integrationtests/gquic/server_test.go b/integrationtests/gquic/server_test.go deleted file mode 100644 index 993ebd03..00000000 --- a/integrationtests/gquic/server_test.go +++ /dev/null @@ -1,218 +0,0 @@ -package gquic_test - -import ( - "crypto/rand" - "crypto/rsa" - "crypto/tls" - "crypto/x509" - "crypto/x509/pkix" - "encoding/asn1" - "encoding/pem" - "fmt" - "io/ioutil" - "math/big" - mrand "math/rand" - "net/http" - "os" - "os/exec" - "path/filepath" - "strconv" - "time" - - quic "github.com/lucas-clemente/quic-go" - "github.com/lucas-clemente/quic-go/h2quic" - "github.com/lucas-clemente/quic-go/integrationtests/tools/testserver" - "github.com/lucas-clemente/quic-go/internal/protocol" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - "github.com/onsi/gomega/gbytes" - . "github.com/onsi/gomega/gexec" -) - -var _ = Describe("Server tests", func() { - for i := range protocol.SupportedVersions { - version := protocol.SupportedVersions[i] - - var ( - serverPort string - tmpDir string - session *Session - client *http.Client - ) - - generateCA := func() (*rsa.PrivateKey, *x509.Certificate) { - key, err := rsa.GenerateKey(rand.Reader, 1024) - Expect(err).ToNot(HaveOccurred()) - - templateRoot := &x509.Certificate{ - SerialNumber: big.NewInt(1), - NotBefore: time.Now().Add(-time.Hour), - NotAfter: time.Now().Add(time.Hour), - IsCA: true, - BasicConstraintsValid: true, - } - certDER, err := x509.CreateCertificate(rand.Reader, templateRoot, templateRoot, &key.PublicKey, key) - Expect(err).ToNot(HaveOccurred()) - cert, err := x509.ParseCertificate(certDER) - Expect(err).ToNot(HaveOccurred()) - return key, cert - } - - // prepare the file such that it can be by the quic_server - // some HTTP headers neeed to be prepended, see https://www.chromium.org/quic/playing-with-quic - createDownloadFile := func(filename string, data []byte) { - dataDir := filepath.Join(tmpDir, "quic.clemente.io") - err := os.Mkdir(dataDir, 0777) - Expect(err).ToNot(HaveOccurred()) - f, err := os.Create(filepath.Join(dataDir, filename)) - Expect(err).ToNot(HaveOccurred()) - defer f.Close() - _, err = f.Write([]byte("HTTP/1.1 200 OK\n")) - Expect(err).ToNot(HaveOccurred()) - _, err = f.Write([]byte("Content-Type: text/html\n")) - Expect(err).ToNot(HaveOccurred()) - _, err = f.Write([]byte("X-Original-Url: https://quic.clemente.io:" + serverPort + "/" + filename + "\n")) - Expect(err).ToNot(HaveOccurred()) - _, err = f.Write([]byte("Content-Length: " + strconv.Itoa(len(data)) + "\n\n")) - Expect(err).ToNot(HaveOccurred()) - _, err = f.Write(data) - Expect(err).ToNot(HaveOccurred()) - } - - // download files must be create *before* the quic_server is started - // the quic_server reads its data dir on startup, and only serves those files that were already present then - startServer := func(version protocol.VersionNumber) { - defer GinkgoRecover() - var err error - command := exec.Command( - serverPath, - "--quic_response_cache_dir="+filepath.Join(tmpDir, "quic.clemente.io"), - "--key_file="+filepath.Join(tmpDir, "key.pkcs8"), - "--certificate_file="+filepath.Join(tmpDir, "cert.pem"), - "--quic-version="+strconv.Itoa(int(version)), - "--port="+serverPort, - ) - session, err = Start(command, nil, GinkgoWriter) - Expect(err).NotTo(HaveOccurred()) - } - - stopServer := func() { - session.Kill() - } - - BeforeEach(func() { - serverPort = strconv.Itoa(20000 + int(mrand.Int31n(10000))) - - var err error - tmpDir, err = ioutil.TempDir("", "quic-server-certs") - Expect(err).ToNot(HaveOccurred()) - - // generate an RSA key pair for the server - key, err := rsa.GenerateKey(rand.Reader, 1024) - Expect(err).ToNot(HaveOccurred()) - - // save the private key in PKCS8 format to disk (required by quic_server) - pkcs8key, err := asn1.Marshal(struct { // copied from the x509 package - Version int - Algo pkix.AlgorithmIdentifier - PrivateKey []byte - }{ - PrivateKey: x509.MarshalPKCS1PrivateKey(key), - Algo: pkix.AlgorithmIdentifier{ - Algorithm: asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}, - Parameters: asn1.RawValue{Tag: 5}, - }, - }) - Expect(err).ToNot(HaveOccurred()) - f, err := os.Create(filepath.Join(tmpDir, "key.pkcs8")) - Expect(err).ToNot(HaveOccurred()) - _, err = f.Write(pkcs8key) - Expect(err).ToNot(HaveOccurred()) - f.Close() - - // generate a Certificate Authority - // this CA is used to sign the server's key - // it is set as a valid CA in the QUIC client - rootKey, CACert := generateCA() - // generate the server certificate - template := &x509.Certificate{ - SerialNumber: big.NewInt(1), - NotBefore: time.Now().Add(-30 * time.Minute), - NotAfter: time.Now().Add(30 * time.Minute), - Subject: pkix.Name{CommonName: "quic.clemente.io"}, - } - certDER, err := x509.CreateCertificate(rand.Reader, template, CACert, &key.PublicKey, rootKey) - Expect(err).ToNot(HaveOccurred()) - // save the certificate to disk - certOut, err := os.Create(filepath.Join(tmpDir, "cert.pem")) - Expect(err).ToNot(HaveOccurred()) - pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: certDER}) - certOut.Close() - - // prepare the h2quic.client - certPool := x509.NewCertPool() - certPool.AddCert(CACert) - client = &http.Client{ - Transport: &h2quic.RoundTripper{ - TLSClientConfig: &tls.Config{RootCAs: certPool}, - QuicConfig: &quic.Config{ - Versions: []protocol.VersionNumber{version}, - }, - }, - } - }) - - AfterEach(func() { - Expect(tmpDir).ToNot(BeEmpty()) - err := os.RemoveAll(tmpDir) - Expect(err).ToNot(HaveOccurred()) - tmpDir = "" - }) - - Context(fmt.Sprintf("with QUIC version %s", version), func() { - It("downloads a hello", func() { - data := []byte("Hello world!\n") - createDownloadFile("hello", data) - - startServer(version) - defer stopServer() - - rsp, err := client.Get("https://quic.clemente.io:" + serverPort + "/hello") - Expect(err).ToNot(HaveOccurred()) - Expect(rsp.StatusCode).To(Equal(200)) - body, err := ioutil.ReadAll(gbytes.TimeoutReader(rsp.Body, 5*time.Second)) - Expect(err).ToNot(HaveOccurred()) - Expect(body).To(Equal(data)) - }) - - It("downloads a small file", func() { - createDownloadFile("file.dat", testserver.PRData) - - startServer(version) - defer stopServer() - - rsp, err := client.Get("https://quic.clemente.io:" + serverPort + "/file.dat") - Expect(err).ToNot(HaveOccurred()) - Expect(rsp.StatusCode).To(Equal(200)) - body, err := ioutil.ReadAll(gbytes.TimeoutReader(rsp.Body, 5*time.Second)) - Expect(err).ToNot(HaveOccurred()) - Expect(body).To(Equal(testserver.PRData)) - }) - - It("downloads a large file", func() { - createDownloadFile("file.dat", testserver.PRDataLong) - - startServer(version) - defer stopServer() - - rsp, err := client.Get("https://quic.clemente.io:" + serverPort + "/file.dat") - Expect(err).ToNot(HaveOccurred()) - Expect(rsp.StatusCode).To(Equal(200)) - body, err := ioutil.ReadAll(gbytes.TimeoutReader(rsp.Body, 20*time.Second)) - Expect(err).ToNot(HaveOccurred()) - Expect(body).To(Equal(testserver.PRDataLong)) - }) - }) - } -}) diff --git a/integrationtests/self/client_test.go b/integrationtests/self/client_test.go index fcb9cb5a..2dd7f350 100644 --- a/integrationtests/self/client_test.go +++ b/integrationtests/self/client_test.go @@ -13,6 +13,7 @@ import ( "github.com/lucas-clemente/quic-go/h2quic" "github.com/lucas-clemente/quic-go/integrationtests/tools/testserver" "github.com/lucas-clemente/quic-go/internal/protocol" + . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" "github.com/onsi/gomega/gbytes" @@ -21,8 +22,7 @@ import ( var _ = Describe("Client tests", func() { var client *http.Client - // also run some tests with the TLS handshake - versions := append(protocol.SupportedVersions, protocol.VersionTLS) + versions := protocol.SupportedVersions BeforeEach(func() { err := os.Setenv("HOSTALIASES", "quic.clemente.io 127.0.0.1") diff --git a/integrationtests/self/conn_id_test.go b/integrationtests/self/conn_id_test.go index 991154f2..ee393075 100644 --- a/integrationtests/self/conn_id_test.go +++ b/integrationtests/self/conn_id_test.go @@ -60,42 +60,32 @@ var _ = Describe("Connection ID lengths tests", func() { Expect(data).To(Equal(testserver.PRData)) } - Context("IETF QUIC", func() { - It("downloads a file using a 0-byte connection ID for the client", func() { - serverConf := &quic.Config{ - ConnectionIDLength: randomConnIDLen(), - Versions: []protocol.VersionNumber{protocol.VersionTLS}, - } - clientConf := &quic.Config{ - Versions: []protocol.VersionNumber{protocol.VersionTLS}, - } + It("downloads a file using a 0-byte connection ID for the client", func() { + serverConf := &quic.Config{ + ConnectionIDLength: randomConnIDLen(), + Versions: []protocol.VersionNumber{protocol.VersionTLS}, + } + clientConf := &quic.Config{ + Versions: []protocol.VersionNumber{protocol.VersionTLS}, + } - ln := runServer(serverConf) - defer ln.Close() - runClient(ln.Addr(), clientConf) - }) - - It("downloads a file when both client and server use a random connection ID length", func() { - serverConf := &quic.Config{ - ConnectionIDLength: randomConnIDLen(), - Versions: []protocol.VersionNumber{protocol.VersionTLS}, - } - clientConf := &quic.Config{ - ConnectionIDLength: randomConnIDLen(), - Versions: []protocol.VersionNumber{protocol.VersionTLS}, - } - - ln := runServer(serverConf) - defer ln.Close() - runClient(ln.Addr(), clientConf) - }) + ln := runServer(serverConf) + defer ln.Close() + runClient(ln.Addr(), clientConf) }) - Context("gQUIC", func() { - It("downloads a file using a 0-byte connection ID for the client", func() { - ln := runServer(&quic.Config{}) - defer ln.Close() - runClient(ln.Addr(), &quic.Config{RequestConnectionIDOmission: true}) - }) + It("downloads a file when both client and server use a random connection ID length", func() { + serverConf := &quic.Config{ + ConnectionIDLength: randomConnIDLen(), + Versions: []protocol.VersionNumber{protocol.VersionTLS}, + } + clientConf := &quic.Config{ + ConnectionIDLength: randomConnIDLen(), + Versions: []protocol.VersionNumber{protocol.VersionTLS}, + } + + ln := runServer(serverConf) + defer ln.Close() + runClient(ln.Addr(), clientConf) }) }) diff --git a/integrationtests/self/handshake_rtt_test.go b/integrationtests/self/handshake_rtt_test.go index f58878a1..b93e985a 100644 --- a/integrationtests/self/handshake_rtt_test.go +++ b/integrationtests/self/handshake_rtt_test.go @@ -87,128 +87,57 @@ var _ = Describe("Handshake RTT tests", func() { expectDurationInRTTs(1) }) - Context("gQUIC", func() { - // 1 RTT for verifying the source address - // 1 RTT to become secure - // 1 RTT to become forward-secure - It("is forward-secure after 3 RTTs", func() { - runServerAndProxy() - _, err := quic.DialAddr(proxy.LocalAddr().String(), &tls.Config{InsecureSkipVerify: true}, nil) - Expect(err).ToNot(HaveOccurred()) - expectDurationInRTTs(3) - }) + var clientConfig *quic.Config + var clientTLSConfig *tls.Config - It("does version negotiation in 1 RTT, IETF QUIC => gQUIC", func() { - clientConfig := &quic.Config{ - Versions: []protocol.VersionNumber{protocol.VersionTLS, protocol.SupportedVersions[0]}, - } - runServerAndProxy() - _, err := quic.DialAddr( - proxy.LocalAddr().String(), - &tls.Config{InsecureSkipVerify: true}, - clientConfig, - ) - Expect(err).ToNot(HaveOccurred()) - expectDurationInRTTs(4) - }) - - It("is forward-secure after 2 RTTs when the server doesn't require a Cookie", func() { - serverConfig.AcceptCookie = func(_ net.Addr, _ *quic.Cookie) bool { - return true - } - runServerAndProxy() - _, err := quic.DialAddr(proxy.LocalAddr().String(), &tls.Config{InsecureSkipVerify: true}, nil) - Expect(err).ToNot(HaveOccurred()) - expectDurationInRTTs(2) - }) - - It("doesn't complete the handshake when the server never accepts the Cookie", func() { - serverConfig.AcceptCookie = func(_ net.Addr, _ *quic.Cookie) bool { - return false - } - runServerAndProxy() - _, err := quic.DialAddr(proxy.LocalAddr().String(), &tls.Config{InsecureSkipVerify: true}, nil) - Expect(err).To(HaveOccurred()) - Expect(err.(*qerr.QuicError).ErrorCode).To(Equal(qerr.CryptoTooManyRejects)) - }) - - It("doesn't complete the handshake when the handshake timeout is too short", func() { - serverConfig.HandshakeTimeout = 2 * rtt - runServerAndProxy() - _, err := quic.DialAddr(proxy.LocalAddr().String(), &tls.Config{InsecureSkipVerify: true}, nil) - Expect(err).To(HaveOccurred()) - Expect(err.(*qerr.QuicError).ErrorCode).To(Equal(qerr.HandshakeTimeout)) - // 2 RTTs during the timeout - // plus 1 RTT: the timer starts 0.5 RTTs after sending the first packet, and the CONNECTION_CLOSE needs another 0.5 RTTs to reach the client - expectDurationInRTTs(3) - }) + BeforeEach(func() { + serverConfig.Versions = []protocol.VersionNumber{protocol.VersionTLS} + clientConfig = &quic.Config{Versions: []protocol.VersionNumber{protocol.VersionTLS}} + clientTLSConfig = &tls.Config{ + InsecureSkipVerify: true, + ServerName: "quic.clemente.io", + } }) - Context("IETF QUIC", func() { - var clientConfig *quic.Config - var clientTLSConfig *tls.Config + // 1 RTT for verifying the source address + // 1 RTT for the TLS handshake + It("is forward-secure after 2 RTTs", func() { + runServerAndProxy() + _, err := quic.DialAddr( + proxy.LocalAddr().String(), + clientTLSConfig, + clientConfig, + ) + Expect(err).ToNot(HaveOccurred()) + expectDurationInRTTs(2) + }) - BeforeEach(func() { - serverConfig.Versions = []protocol.VersionNumber{protocol.VersionTLS} - clientConfig = &quic.Config{Versions: []protocol.VersionNumber{protocol.VersionTLS}} - clientTLSConfig = &tls.Config{ - InsecureSkipVerify: true, - ServerName: "quic.clemente.io", - } - }) + It("is forward-secure after 1 RTTs when the server doesn't require a Cookie", func() { + serverConfig.AcceptCookie = func(_ net.Addr, _ *quic.Cookie) bool { + return true + } + runServerAndProxy() + _, err := quic.DialAddr( + proxy.LocalAddr().String(), + clientTLSConfig, + clientConfig, + ) + Expect(err).ToNot(HaveOccurred()) + expectDurationInRTTs(1) + }) - // 1 RTT for verifying the source address - // 1 RTT for the TLS handshake - It("is forward-secure after 2 RTTs", func() { - runServerAndProxy() - _, err := quic.DialAddr( - proxy.LocalAddr().String(), - clientTLSConfig, - clientConfig, - ) - Expect(err).ToNot(HaveOccurred()) - expectDurationInRTTs(2) - }) - - It("does version negotiation in 1 RTT, gQUIC => IETF QUIC", func() { - clientConfig.Versions = []protocol.VersionNumber{protocol.SupportedVersions[0], protocol.VersionTLS} - runServerAndProxy() - _, err := quic.DialAddr( - proxy.LocalAddr().String(), - clientTLSConfig, - clientConfig, - ) - Expect(err).ToNot(HaveOccurred()) - expectDurationInRTTs(3) - }) - - It("is forward-secure after 1 RTTs when the server doesn't require a Cookie", func() { - serverConfig.AcceptCookie = func(_ net.Addr, _ *quic.Cookie) bool { - return true - } - runServerAndProxy() - _, err := quic.DialAddr( - proxy.LocalAddr().String(), - clientTLSConfig, - clientConfig, - ) - Expect(err).ToNot(HaveOccurred()) - expectDurationInRTTs(1) - }) - - It("doesn't complete the handshake when the server never accepts the Cookie", func() { - serverConfig.AcceptCookie = func(_ net.Addr, _ *quic.Cookie) bool { - return false - } - clientConfig.HandshakeTimeout = 500 * time.Millisecond - runServerAndProxy() - _, err := quic.DialAddr( - proxy.LocalAddr().String(), - clientTLSConfig, - clientConfig, - ) - Expect(err).To(HaveOccurred()) - Expect(err.(*qerr.QuicError).ErrorCode).To(Equal(qerr.HandshakeTimeout)) - }) + It("doesn't complete the handshake when the server never accepts the Cookie", func() { + serverConfig.AcceptCookie = func(_ net.Addr, _ *quic.Cookie) bool { + return false + } + clientConfig.HandshakeTimeout = 500 * time.Millisecond + runServerAndProxy() + _, err := quic.DialAddr( + proxy.LocalAddr().String(), + clientTLSConfig, + clientConfig, + ) + Expect(err).To(HaveOccurred()) + Expect(err.(*qerr.QuicError).ErrorCode).To(Equal(qerr.HandshakeTimeout)) }) }) diff --git a/integrationtests/self/handshake_test.go b/integrationtests/self/handshake_test.go index 389e5b10..32556b02 100644 --- a/integrationtests/self/handshake_test.go +++ b/integrationtests/self/handshake_test.go @@ -91,7 +91,7 @@ var _ = Describe("Handshake tests", func() { }) Context("Certifiate validation", func() { - for _, v := range []protocol.VersionNumber{protocol.Version39, protocol.VersionTLS} { + for _, v := range protocol.SupportedVersions { version := v Context(fmt.Sprintf("using %s", version), func() { diff --git a/integrationtests/self/multiplex_test.go b/integrationtests/self/multiplex_test.go index 0960f49b..be06fc6b 100644 --- a/integrationtests/self/multiplex_test.go +++ b/integrationtests/self/multiplex_test.go @@ -18,15 +18,9 @@ import ( ) var _ = Describe("Multiplexing", func() { - for _, v := range append(protocol.SupportedVersions, protocol.VersionTLS) { + for _, v := range protocol.SupportedVersions { version := v - // gQUIC 44 uses 0 byte connection IDs for packets sent to the client - // It's not possible to do demultiplexing. - if v == protocol.Version44 { - continue - } - Context(fmt.Sprintf("with QUIC version %s", version), func() { runServer := func(ln quic.Listener) { go func() { @@ -143,10 +137,6 @@ var _ = Describe("Multiplexing", func() { Context("multiplexing server and client on the same conn", func() { It("connects to itself", func() { - if version != protocol.VersionTLS { - Skip("Connecting to itself only works with IETF QUIC.") - } - addr, err := net.ResolveUDPAddr("udp", "localhost:0") Expect(err).ToNot(HaveOccurred()) conn, err := net.ListenUDP("udp", addr) diff --git a/integrationtests/self/rtt_test.go b/integrationtests/self/rtt_test.go index 40cca5b9..383a3b4b 100644 --- a/integrationtests/self/rtt_test.go +++ b/integrationtests/self/rtt_test.go @@ -18,7 +18,7 @@ import ( ) var _ = Describe("non-zero RTT", func() { - for _, v := range append(protocol.SupportedVersions, protocol.VersionTLS) { + for _, v := range protocol.SupportedVersions { version := v Context(fmt.Sprintf("with QUIC version %s", version), func() { diff --git a/interface.go b/interface.go index c30bab2a..f9e4f06e 100644 --- a/interface.go +++ b/interface.go @@ -16,15 +16,6 @@ type StreamID = protocol.StreamID // A VersionNumber is a QUIC version number. type VersionNumber = protocol.VersionNumber -const ( - // VersionGQUIC39 is gQUIC version 39. - VersionGQUIC39 = protocol.Version39 - // VersionGQUIC43 is gQUIC version 43. - VersionGQUIC43 = protocol.Version43 - // VersionGQUIC44 is gQUIC version 44. - VersionGQUIC44 = protocol.Version44 -) - // A Cookie can be used to verify the ownership of the client address. type Cookie = handshake.Cookie @@ -164,11 +155,7 @@ type Config struct { // If not set, it uses all versions available. // Warning: This API should not be considered stable and will change soon. Versions []VersionNumber - // Ask the server to omit the connection ID sent in the Public Header. - // This saves 8 bytes in the Public Header in every packet. However, if the IP address of the server changes, the connection cannot be migrated. - // Currently only valid for the client. - RequestConnectionIDOmission bool - // The length of the connection ID in bytes. Only valid for IETF QUIC. + // The length of the connection ID in bytes. // It can be 0, or any value between 4 and 18. // If not set, the interpretation depends on where the Config is used: // If used for dialing an address, a 0 byte connection ID will be used. @@ -201,7 +188,6 @@ type Config struct { // Values larger than 65535 (math.MaxUint16) are invalid. MaxIncomingStreams int // MaxIncomingUniStreams is the maximum number of concurrent unidirectional streams that a peer is allowed to open. - // This value doesn't have any effect in Google QUIC. // If not set, it will default to 100. // If set to a negative value, it doesn't allow any unidirectional streams. // Values larger than 65535 (math.MaxUint16) are invalid. diff --git a/internal/ackhandler/interfaces.go b/internal/ackhandler/interfaces.go index 1924cdc9..8545a93c 100644 --- a/internal/ackhandler/interfaces.go +++ b/internal/ackhandler/interfaces.go @@ -27,7 +27,6 @@ type SentPacketHandler interface { // Before sending any packet, SendingAllowed() must be called to learn if we can actually send it. ShouldSendNumPackets() int - GetStopWaitingFrame(force bool) *wire.StopWaitingFrame GetLowestPacketNotConfirmedAcked() protocol.PacketNumber DequeuePacketForRetransmission() *Packet DequeueProbePacket() (*Packet, error) diff --git a/internal/ackhandler/retransmittable.go b/internal/ackhandler/retransmittable.go index e6ce46f8..ae622afd 100644 --- a/internal/ackhandler/retransmittable.go +++ b/internal/ackhandler/retransmittable.go @@ -16,8 +16,6 @@ func stripNonRetransmittableFrames(fs []wire.Frame) []wire.Frame { // IsFrameRetransmittable returns true if the frame should be retransmitted. func IsFrameRetransmittable(f wire.Frame) bool { switch f.(type) { - case *wire.StopWaitingFrame: - return false case *wire.AckFrame: return false default: diff --git a/internal/ackhandler/retransmittable_test.go b/internal/ackhandler/retransmittable_test.go index 63d0a589..3659a055 100644 --- a/internal/ackhandler/retransmittable_test.go +++ b/internal/ackhandler/retransmittable_test.go @@ -11,10 +11,8 @@ import ( var _ = Describe("retransmittable frames", func() { for fl, el := range map[wire.Frame]bool{ &wire.AckFrame{}: false, - &wire.StopWaitingFrame{}: false, &wire.BlockedFrame{}: true, &wire.ConnectionCloseFrame{}: true, - &wire.GoawayFrame{}: true, &wire.PingFrame{}: true, &wire.RstStreamFrame{}: true, &wire.StreamFrame{}: true, diff --git a/internal/ackhandler/sent_packet_handler.go b/internal/ackhandler/sent_packet_handler.go index 7ff35c29..356c8581 100644 --- a/internal/ackhandler/sent_packet_handler.go +++ b/internal/ackhandler/sent_packet_handler.go @@ -45,8 +45,7 @@ type sentPacketHandler struct { lowestPacketNotConfirmedAcked protocol.PacketNumber largestSentBeforeRTO protocol.PacketNumber - packetHistory *sentPacketHistory - stopWaitingManager stopWaitingManager + packetHistory *sentPacketHistory retransmissionQueue []*Packet @@ -90,12 +89,11 @@ func NewSentPacketHandler(rttStats *congestion.RTTStats, logger utils.Logger, ve ) return &sentPacketHandler{ - packetHistory: newSentPacketHistory(), - stopWaitingManager: stopWaitingManager{}, - rttStats: rttStats, - congestion: congestion, - logger: logger, - version: version, + packetHistory: newSentPacketHistory(), + rttStats: rttStats, + congestion: congestion, + logger: logger, + version: version, } } @@ -110,15 +108,13 @@ func (h *sentPacketHandler) SetHandshakeComplete() { h.logger.Debugf("Handshake complete. Discarding all outstanding handshake packets.") var queue []*Packet for _, packet := range h.retransmissionQueue { - if packet.EncryptionLevel == protocol.EncryptionForwardSecure || - packet.EncryptionLevel == protocol.Encryption1RTT { + if packet.EncryptionLevel == protocol.Encryption1RTT { queue = append(queue, packet) } } var handshakePackets []*Packet h.packetHistory.Iterate(func(p *Packet) (bool, error) { - if p.EncryptionLevel != protocol.EncryptionForwardSecure && - p.EncryptionLevel != protocol.Encryption1RTT { + if p.EncryptionLevel != protocol.Encryption1RTT { handshakePackets = append(handshakePackets, p) } return true, nil @@ -169,8 +165,7 @@ func (h *sentPacketHandler) sentPacketImpl(packet *Packet) bool /* isRetransmitt isRetransmittable := len(packet.Frames) != 0 if isRetransmittable { - if packet.EncryptionLevel != protocol.EncryptionForwardSecure && - packet.EncryptionLevel != protocol.Encryption1RTT { + if packet.EncryptionLevel != protocol.Encryption1RTT { h.lastSentHandshakePacketTime = packet.SendTime } h.lastSentRetransmittablePacketTime = packet.SendTime @@ -217,12 +212,11 @@ func (h *sentPacketHandler) ReceivedAck(ackFrame *wire.AckFrame, withPacketNumbe priorInFlight := h.bytesInFlight for _, p := range ackedPackets { - // TODO(#1534): also check the encryption level for IETF QUIC - if !h.version.UsesTLS() { - if encLevel < p.EncryptionLevel { - return fmt.Errorf("Received ACK with encryption level %s that acks a packet %d (encryption level %s)", encLevel, p.PacketNumber, p.EncryptionLevel) - } - } + // TODO(#1534): check the encryption level + // if encLevel < p.EncryptionLevel { + // return fmt.Errorf("Received ACK with encryption level %s that acks a packet %d (encryption level %s)", encLevel, p.PacketNumber, p.EncryptionLevel) + // } + // largestAcked == 0 either means that the packet didn't contain an ACK, or it just acked packet 0 // It is safe to ignore the corner case of packets that just acked packet 0, because // the lowestPacketNotConfirmedAcked is only used to limit the number of ACK ranges we will send. @@ -243,8 +237,6 @@ func (h *sentPacketHandler) ReceivedAck(ackFrame *wire.AckFrame, withPacketNumbe h.updateLossDetectionAlarm() h.garbageCollectSkippedPackets() - h.stopWaitingManager.ReceivedAck(ackFrame) - return nil } @@ -530,10 +522,6 @@ func (h *sentPacketHandler) GetPacketNumberLen(p protocol.PacketNumber) protocol return protocol.GetPacketNumberLengthForHeader(p, h.lowestUnacked(), h.version) } -func (h *sentPacketHandler) GetStopWaitingFrame(force bool) *wire.StopWaitingFrame { - return h.stopWaitingManager.GetStopWaitingFrame(force) -} - func (h *sentPacketHandler) SendMode() SendMode { numTrackedPackets := len(h.retransmissionQueue) + h.packetHistory.Len() @@ -592,9 +580,7 @@ func (h *sentPacketHandler) ShouldSendNumPackets() int { func (h *sentPacketHandler) queueHandshakePacketsForRetransmission() error { var handshakePackets []*Packet h.packetHistory.Iterate(func(p *Packet) (bool, error) { - if p.canBeRetransmitted && - p.EncryptionLevel != protocol.EncryptionForwardSecure && - p.EncryptionLevel != protocol.Encryption1RTT { + if p.canBeRetransmitted && p.EncryptionLevel != protocol.Encryption1RTT { handshakePackets = append(handshakePackets, p) } return true, nil @@ -616,7 +602,6 @@ func (h *sentPacketHandler) queuePacketForRetransmission(p *Packet) error { return err } h.retransmissionQueue = append(h.retransmissionQueue, p) - h.stopWaitingManager.QueuedRetransmissionForPacketNumber(p.PacketNumber) return nil } diff --git a/internal/ackhandler/sent_packet_handler_test.go b/internal/ackhandler/sent_packet_handler_test.go index 32a1def7..c22a4c72 100644 --- a/internal/ackhandler/sent_packet_handler_test.go +++ b/internal/ackhandler/sent_packet_handler_test.go @@ -15,7 +15,7 @@ import ( func retransmittablePacket(p *Packet) *Packet { if p.EncryptionLevel == protocol.EncryptionUnspecified { - p.EncryptionLevel = protocol.EncryptionForwardSecure + p.EncryptionLevel = protocol.Encryption1RTT } if p.Length == 0 { p.Length = 1 @@ -37,7 +37,7 @@ func nonRetransmittablePacket(p *Packet) *Packet { func handshakePacket(p *Packet) *Packet { p = retransmittablePacket(p) - p.EncryptionLevel = protocol.EncryptionUnencrypted + p.EncryptionLevel = protocol.EncryptionInitial return p } @@ -123,8 +123,8 @@ var _ = Describe("SentPacketHandler", func() { It("stores the sent time of handshake packets", func() { sendTime := time.Now().Add(-time.Minute) - handler.SentPacket(retransmittablePacket(&Packet{PacketNumber: 1, SendTime: sendTime, EncryptionLevel: protocol.EncryptionUnencrypted})) - handler.SentPacket(retransmittablePacket(&Packet{PacketNumber: 2, SendTime: sendTime.Add(time.Hour), EncryptionLevel: protocol.EncryptionForwardSecure})) + handler.SentPacket(retransmittablePacket(&Packet{PacketNumber: 1, SendTime: sendTime, EncryptionLevel: protocol.EncryptionInitial})) + handler.SentPacket(retransmittablePacket(&Packet{PacketNumber: 2, SendTime: sendTime.Add(time.Hour), EncryptionLevel: protocol.Encryption1RTT})) Expect(handler.lastSentHandshakePacketTime).To(Equal(sendTime)) }) @@ -205,7 +205,7 @@ var _ = Describe("SentPacketHandler", func() { ack := &wire.AckFrame{ AckRanges: []wire.AckRange{{Smallest: 10, Largest: 12}}, } - err := handler.ReceivedAck(ack, 1337, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1337, protocol.Encryption1RTT, time.Now()) Expect(err).To(MatchError("InvalidAckData: Received an ACK for a skipped packet number")) }) @@ -216,7 +216,7 @@ var _ = Describe("SentPacketHandler", func() { {Smallest: 10, Largest: 10}, }, } - err := handler.ReceivedAck(ack, 1337, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1337, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.largestAcked).ToNot(BeZero()) }) @@ -237,7 +237,7 @@ var _ = Describe("SentPacketHandler", func() { Context("ACK validation", func() { It("accepts ACKs sent in packet 0", func() { ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 0, Largest: 5}}} - err := handler.ReceivedAck(ack, 0, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 0, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.largestAcked).To(Equal(protocol.PacketNumber(5))) }) @@ -245,12 +245,12 @@ var _ = Describe("SentPacketHandler", func() { It("rejects duplicate ACKs", func() { ack1 := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 0, Largest: 3}}} ack2 := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 0, Largest: 4}}} - err := handler.ReceivedAck(ack1, 1337, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack1, 1337, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.largestAcked).To(Equal(protocol.PacketNumber(3))) // this wouldn't happen in practice // for testing purposes, we pretend send a different ACK frame in a duplicated packet, to be able to verify that it actually doesn't get processed - err = handler.ReceivedAck(ack2, 1337, protocol.EncryptionForwardSecure, time.Now()) + err = handler.ReceivedAck(ack2, 1337, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.largestAcked).To(Equal(protocol.PacketNumber(3))) }) @@ -259,28 +259,28 @@ var _ = Describe("SentPacketHandler", func() { // acks packets 0, 1, 2, 3 ack1 := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 0, Largest: 3}}} ack2 := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 0, Largest: 4}}} - err := handler.ReceivedAck(ack1, 1337, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack1, 1337, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) // this wouldn't happen in practive // a receiver wouldn't send an ACK for a lower largest acked in a packet sent later - err = handler.ReceivedAck(ack2, 1337-1, protocol.EncryptionForwardSecure, time.Now()) + err = handler.ReceivedAck(ack2, 1337-1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.largestAcked).To(Equal(protocol.PacketNumber(3))) }) It("rejects ACKs with a too high LargestAcked packet number", func() { ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 0, Largest: 9999}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now()) Expect(err).To(MatchError("InvalidAckData: Received ACK for an unsent package")) Expect(handler.bytesInFlight).To(Equal(protocol.ByteCount(10))) }) It("ignores repeated ACKs", func() { ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 3}}} - err := handler.ReceivedAck(ack, 1337, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1337, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.bytesInFlight).To(Equal(protocol.ByteCount(7))) - err = handler.ReceivedAck(ack, 1337+1, protocol.EncryptionForwardSecure, time.Now()) + err = handler.ReceivedAck(ack, 1337+1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.largestAcked).To(Equal(protocol.PacketNumber(3))) Expect(handler.bytesInFlight).To(Equal(protocol.ByteCount(7))) @@ -290,7 +290,7 @@ var _ = Describe("SentPacketHandler", func() { Context("acks and nacks the right packets", func() { It("adjusts the LargestAcked, and adjusts the bytes in flight", func() { ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 0, Largest: 5}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.largestAcked).To(Equal(protocol.PacketNumber(5))) expectInPacketHistory([]protocol.PacketNumber{6, 7, 8, 9}) @@ -299,7 +299,7 @@ var _ = Describe("SentPacketHandler", func() { It("acks packet 0", func() { ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 0, Largest: 0}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(getPacket(0)).To(BeNil()) expectInPacketHistory([]protocol.PacketNumber{1, 2, 3, 4, 5, 6, 7, 8, 9}) @@ -312,14 +312,14 @@ var _ = Describe("SentPacketHandler", func() { {Smallest: 1, Largest: 3}, }, } - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) expectInPacketHistory([]protocol.PacketNumber{0, 4, 5}) }) It("does not ack packets below the LowestAcked", func() { ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 3, Largest: 8}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) expectInPacketHistory([]protocol.PacketNumber{0, 1, 2, 9}) }) @@ -333,7 +333,7 @@ var _ = Describe("SentPacketHandler", func() { {Smallest: 1, Largest: 1}, }, } - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) expectInPacketHistory([]protocol.PacketNumber{0, 2, 4, 5, 8}) }) @@ -345,12 +345,12 @@ var _ = Describe("SentPacketHandler", func() { {Smallest: 1, Largest: 2}, }, } - err := handler.ReceivedAck(ack1, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack1, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) expectInPacketHistory([]protocol.PacketNumber{0, 3, 7, 8, 9}) Expect(handler.bytesInFlight).To(Equal(protocol.ByteCount(5))) ack2 := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 6}}} // now ack 3 - err = handler.ReceivedAck(ack2, 2, protocol.EncryptionForwardSecure, time.Now()) + err = handler.ReceivedAck(ack2, 2, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) expectInPacketHistory([]protocol.PacketNumber{0, 7, 8, 9}) Expect(handler.bytesInFlight).To(Equal(protocol.ByteCount(4))) @@ -363,12 +363,12 @@ var _ = Describe("SentPacketHandler", func() { {Smallest: 0, Largest: 2}, }, } - err := handler.ReceivedAck(ack1, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack1, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) expectInPacketHistory([]protocol.PacketNumber{3, 7, 8, 9}) Expect(handler.bytesInFlight).To(Equal(protocol.ByteCount(4))) ack2 := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 7}}} - err = handler.ReceivedAck(ack2, 2, protocol.EncryptionForwardSecure, time.Now()) + err = handler.ReceivedAck(ack2, 2, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.bytesInFlight).To(Equal(protocol.ByteCount(2))) expectInPacketHistory([]protocol.PacketNumber{8, 9}) @@ -376,7 +376,7 @@ var _ = Describe("SentPacketHandler", func() { It("processes an ACK that contains old ACK ranges", func() { ack1 := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 6}}} - err := handler.ReceivedAck(ack1, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack1, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) expectInPacketHistory([]protocol.PacketNumber{0, 7, 8, 9}) Expect(handler.bytesInFlight).To(Equal(protocol.ByteCount(4))) @@ -387,7 +387,7 @@ var _ = Describe("SentPacketHandler", func() { {Smallest: 1, Largest: 1}, }, } - err = handler.ReceivedAck(ack2, 2, protocol.EncryptionForwardSecure, time.Now()) + err = handler.ReceivedAck(ack2, 2, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) expectInPacketHistory([]protocol.PacketNumber{0, 7, 9}) Expect(handler.bytesInFlight).To(Equal(protocol.ByteCount(3))) @@ -403,15 +403,15 @@ var _ = Describe("SentPacketHandler", func() { getPacket(6).SendTime = now.Add(-1 * time.Minute) // Now, check that the proper times are used when calculating the deltas ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 1}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now()) Expect(err).NotTo(HaveOccurred()) Expect(handler.rttStats.LatestRTT()).To(BeNumerically("~", 10*time.Minute, 1*time.Second)) ack = &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 2}}} - err = handler.ReceivedAck(ack, 2, protocol.EncryptionForwardSecure, time.Now()) + err = handler.ReceivedAck(ack, 2, protocol.Encryption1RTT, time.Now()) Expect(err).NotTo(HaveOccurred()) Expect(handler.rttStats.LatestRTT()).To(BeNumerically("~", 5*time.Minute, 1*time.Second)) ack = &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 6}}} - err = handler.ReceivedAck(ack, 3, protocol.EncryptionForwardSecure, time.Now()) + err = handler.ReceivedAck(ack, 3, protocol.Encryption1RTT, time.Now()) Expect(err).NotTo(HaveOccurred()) Expect(handler.rttStats.LatestRTT()).To(BeNumerically("~", 1*time.Minute, 1*time.Second)) }) @@ -425,7 +425,7 @@ var _ = Describe("SentPacketHandler", func() { AckRanges: []wire.AckRange{{Smallest: 1, Largest: 1}}, DelayTime: 5 * time.Minute, } - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now()) Expect(err).NotTo(HaveOccurred()) Expect(handler.rttStats.LatestRTT()).To(BeNumerically("~", 5*time.Minute, 1*time.Second)) }) @@ -446,27 +446,27 @@ var _ = Describe("SentPacketHandler", func() { }) It("determines which ACK we have received an ACK for", func() { - err := handler.ReceivedAck(&wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 13, Largest: 15}}}, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(&wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 13, Largest: 15}}}, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.GetLowestPacketNotConfirmedAcked()).To(Equal(protocol.PacketNumber(201))) }) It("doesn't do anything when the acked packet didn't contain an ACK", func() { ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 13, Largest: 13}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.GetLowestPacketNotConfirmedAcked()).To(Equal(protocol.PacketNumber(101))) ack = &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 15, Largest: 15}}} - err = handler.ReceivedAck(ack, 2, protocol.EncryptionForwardSecure, time.Now()) + err = handler.ReceivedAck(ack, 2, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.GetLowestPacketNotConfirmedAcked()).To(Equal(protocol.PacketNumber(101))) }) It("doesn't decrease the value", func() { - err := handler.ReceivedAck(&wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 14, Largest: 14}}}, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(&wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 14, Largest: 14}}}, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.GetLowestPacketNotConfirmedAcked()).To(Equal(protocol.PacketNumber(201))) - err = handler.ReceivedAck(&wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 13, Largest: 13}}}, 2, protocol.EncryptionForwardSecure, time.Now()) + err = handler.ReceivedAck(&wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 13, Largest: 13}}}, 2, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.GetLowestPacketNotConfirmedAcked()).To(Equal(protocol.PacketNumber(201))) }) @@ -492,7 +492,7 @@ var _ = Describe("SentPacketHandler", func() { Expect(handler.bytesInFlight).To(Equal(protocol.ByteCount(11))) // ack 5 ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 5, Largest: 5}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) expectInPacketHistory([]protocol.PacketNumber{6}) Expect(handler.bytesInFlight).To(Equal(protocol.ByteCount(11))) @@ -510,36 +510,16 @@ var _ = Describe("SentPacketHandler", func() { {Smallest: 5, Largest: 5}, }, } - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.packetHistory.Len()).To(BeZero()) Expect(handler.bytesInFlight).To(BeZero()) }) }) - Context("Retransmission handling", func() { - It("does not dequeue a packet if no ack has been received", func() { - handler.SentPacket(&Packet{PacketNumber: 1}) - Expect(handler.DequeuePacketForRetransmission()).To(BeNil()) - }) - - Context("STOP_WAITINGs", func() { - It("gets a STOP_WAITING frame", func() { - handler.SentPacket(retransmittablePacket(&Packet{PacketNumber: 1})) - handler.SentPacket(retransmittablePacket(&Packet{PacketNumber: 2})) - handler.SentPacket(retransmittablePacket(&Packet{PacketNumber: 3})) - ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 3, Largest: 3}}} - err := handler.ReceivedAck(ack, 2, protocol.EncryptionForwardSecure, time.Now()) - Expect(err).ToNot(HaveOccurred()) - Expect(handler.GetStopWaitingFrame(false)).To(Equal(&wire.StopWaitingFrame{LeastUnacked: 4})) - }) - - It("gets a STOP_WAITING frame after queueing a retransmission", func() { - handler.SentPacket(retransmittablePacket(&Packet{PacketNumber: 5})) - handler.queuePacketForRetransmission(getPacket(5)) - Expect(handler.GetStopWaitingFrame(false)).To(Equal(&wire.StopWaitingFrame{LeastUnacked: 6})) - }) - }) + It("does not dequeue a packet if no ack has been received", func() { + handler.SentPacket(&Packet{PacketNumber: 1}) + Expect(handler.DequeuePacketForRetransmission()).To(BeNil()) }) Context("congestion", func() { @@ -580,7 +560,7 @@ var _ = Describe("SentPacketHandler", func() { handler.SentPacket(retransmittablePacket(&Packet{PacketNumber: 2})) handler.SentPacket(retransmittablePacket(&Packet{PacketNumber: 3})) ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 2}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, rcvTime) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, rcvTime) Expect(err).NotTo(HaveOccurred()) }) @@ -618,7 +598,7 @@ var _ = Describe("SentPacketHandler", func() { ) handler.SentPacket(retransmittablePacket(&Packet{PacketNumber: 5})) ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 5, Largest: 5}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, rcvTime) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, rcvTime) Expect(err).ToNot(HaveOccurred()) }) @@ -641,7 +621,7 @@ var _ = Describe("SentPacketHandler", func() { cong.EXPECT().OnPacketLost(protocol.PacketNumber(1), protocol.ByteCount(1), protocol.ByteCount(3)), ) ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 2, Largest: 2}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) }) @@ -657,11 +637,11 @@ var _ = Describe("SentPacketHandler", func() { cong.EXPECT().OnPacketLost(protocol.PacketNumber(1), protocol.ByteCount(1), protocol.ByteCount(2)), ) ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 2, Largest: 2}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) // don't EXPECT any further calls to the congestion controller ack = &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 2}}} - err = handler.ReceivedAck(ack, 2, protocol.EncryptionForwardSecure, time.Now()) + err = handler.ReceivedAck(ack, 2, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) }) @@ -679,7 +659,7 @@ var _ = Describe("SentPacketHandler", func() { cong.EXPECT().OnPacketLost(protocol.PacketNumber(1), protocol.ByteCount(1), protocol.ByteCount(4)), ) ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 2, Largest: 2}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now().Add(-30*time.Minute)) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now().Add(-30*time.Minute)) Expect(err).ToNot(HaveOccurred()) // receive the second ACK gomock.InOrder( @@ -688,7 +668,7 @@ var _ = Describe("SentPacketHandler", func() { cong.EXPECT().OnPacketLost(protocol.PacketNumber(3), protocol.ByteCount(1), protocol.ByteCount(2)), ) ack = &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 4, Largest: 4}}} - err = handler.ReceivedAck(ack, 2, protocol.EncryptionForwardSecure, time.Now()) + err = handler.ReceivedAck(ack, 2, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) }) @@ -778,7 +758,7 @@ var _ = Describe("SentPacketHandler", func() { handler.SentPacket(retransmittablePacket(&Packet{PacketNumber: 10})) handler.SentPacket(retransmittablePacket(&Packet{PacketNumber: 11})) ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 10, Largest: 11}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.GetAlarmTimeout()).To(BeZero()) }) @@ -906,7 +886,7 @@ var _ = Describe("SentPacketHandler", func() { // This verifies the RTO. handler.SentPacket(retransmittablePacket(&Packet{PacketNumber: 3})) ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 3, Largest: 3}}} - err = handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now()) + err = handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.packetHistory.Len()).To(BeZero()) Expect(handler.bytesInFlight).To(BeZero()) @@ -945,7 +925,7 @@ var _ = Describe("SentPacketHandler", func() { // This verifies the RTO. handler.SentPacket(retransmittablePacket(&Packet{PacketNumber: 6})) ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 6, Largest: 6}}} - err = handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now()) + err = handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) Expect(handler.packetHistory.Len()).To(BeZero()) Expect(handler.bytesInFlight).To(BeZero()) @@ -960,7 +940,7 @@ var _ = Describe("SentPacketHandler", func() { handler.OnAlarm() // RTO handler.SentPacketsAsRetransmission([]*Packet{retransmittablePacket(&Packet{PacketNumber: 6})}, 5) ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 5, Largest: 5}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, time.Now()) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, time.Now()) Expect(err).ToNot(HaveOccurred()) err = handler.OnAlarm() Expect(err).ToNot(HaveOccurred()) @@ -984,7 +964,7 @@ var _ = Describe("SentPacketHandler", func() { Expect(handler.lossTime.IsZero()).To(BeTrue()) ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 2, Largest: 2}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, now) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, now) Expect(err).NotTo(HaveOccurred()) Expect(handler.DequeuePacketForRetransmission()).ToNot(BeNil()) Expect(handler.DequeuePacketForRetransmission()).To(BeNil()) @@ -1001,7 +981,7 @@ var _ = Describe("SentPacketHandler", func() { Expect(handler.lossTime.IsZero()).To(BeTrue()) ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 2, Largest: 2}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, now.Add(-time.Second)) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, now.Add(-time.Second)) Expect(err).NotTo(HaveOccurred()) Expect(handler.rttStats.SmoothedRTT()).To(Equal(time.Second)) @@ -1033,7 +1013,7 @@ var _ = Describe("SentPacketHandler", func() { handler.SentPacket(handshakePacket(&Packet{PacketNumber: 3, SendTime: sendTime})) ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 1}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionForwardSecure, now) + err := handler.ReceivedAck(ack, 1, protocol.Encryption1RTT, now) // RTT is now 1 minute Expect(handler.rttStats.SmoothedRTT()).To(Equal(time.Minute)) Expect(err).NotTo(HaveOccurred()) @@ -1055,19 +1035,19 @@ var _ = Describe("SentPacketHandler", func() { PIt("rejects an ACK that acks packets with a higher encryption level", func() { handler.SentPacket(&Packet{ PacketNumber: 13, - EncryptionLevel: protocol.EncryptionForwardSecure, + EncryptionLevel: protocol.Encryption1RTT, Frames: []wire.Frame{&streamFrame}, Length: 1, }) ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 13, Largest: 13}}} - err := handler.ReceivedAck(ack, 1, protocol.EncryptionSecure, time.Now()) + err := handler.ReceivedAck(ack, 1, protocol.EncryptionHandshake, time.Now()) Expect(err).To(MatchError("Received ACK with encryption level encrypted (not forward-secure) that acks a packet 13 (encryption level forward-secure)")) }) - It("deletes non forward-secure packets when the handshake completes", func() { + It("deletes non handshake packets when the handshake completes", func() { for i := protocol.PacketNumber(1); i <= 6; i++ { p := retransmittablePacket(&Packet{PacketNumber: i}) - p.EncryptionLevel = protocol.EncryptionSecure + p.EncryptionLevel = protocol.EncryptionHandshake handler.SentPacket(p) } handler.queuePacketForRetransmission(getPacket(1)) diff --git a/internal/ackhandler/sent_packet_history.go b/internal/ackhandler/sent_packet_history.go index cf372ef5..de4eae4c 100644 --- a/internal/ackhandler/sent_packet_history.go +++ b/internal/ackhandler/sent_packet_history.go @@ -35,8 +35,7 @@ func (h *sentPacketHistory) sentPacketImpl(p *Packet) *PacketElement { } if p.canBeRetransmitted { h.numOutstandingPackets++ - if p.EncryptionLevel != protocol.EncryptionForwardSecure && - p.EncryptionLevel != protocol.Encryption1RTT { + if p.EncryptionLevel != protocol.Encryption1RTT { h.numOutstandingHandshakePackets++ } } @@ -107,8 +106,7 @@ func (h *sentPacketHistory) MarkCannotBeRetransmitted(pn protocol.PacketNumber) if h.numOutstandingPackets < 0 { panic("numOutstandingHandshakePackets negative") } - if el.Value.EncryptionLevel != protocol.EncryptionForwardSecure && - el.Value.EncryptionLevel != protocol.Encryption1RTT { + if el.Value.EncryptionLevel != protocol.Encryption1RTT { h.numOutstandingHandshakePackets-- if h.numOutstandingHandshakePackets < 0 { panic("numOutstandingHandshakePackets negative") @@ -149,8 +147,7 @@ func (h *sentPacketHistory) Remove(p protocol.PacketNumber) error { if h.numOutstandingPackets < 0 { panic("numOutstandingHandshakePackets negative") } - if el.Value.EncryptionLevel != protocol.EncryptionForwardSecure && - el.Value.EncryptionLevel != protocol.Encryption1RTT { + if el.Value.EncryptionLevel != protocol.Encryption1RTT { h.numOutstandingHandshakePackets-- if h.numOutstandingHandshakePackets < 0 { panic("numOutstandingHandshakePackets negative") diff --git a/internal/ackhandler/sent_packet_history_test.go b/internal/ackhandler/sent_packet_history_test.go index dc6ed5dd..f2fe0b98 100644 --- a/internal/ackhandler/sent_packet_history_test.go +++ b/internal/ackhandler/sent_packet_history_test.go @@ -202,7 +202,7 @@ var _ = Describe("SentPacketHistory", func() { It("says if it has outstanding handshake packets", func() { Expect(hist.HasOutstandingHandshakePackets()).To(BeFalse()) hist.SentPacket(&Packet{ - EncryptionLevel: protocol.EncryptionUnencrypted, + EncryptionLevel: protocol.EncryptionInitial, canBeRetransmitted: true, }) Expect(hist.HasOutstandingHandshakePackets()).To(BeTrue()) @@ -212,7 +212,7 @@ var _ = Describe("SentPacketHistory", func() { Expect(hist.HasOutstandingHandshakePackets()).To(BeFalse()) Expect(hist.HasOutstandingPackets()).To(BeFalse()) hist.SentPacket(&Packet{ - EncryptionLevel: protocol.EncryptionForwardSecure, + EncryptionLevel: protocol.Encryption1RTT, canBeRetransmitted: true, }) Expect(hist.HasOutstandingHandshakePackets()).To(BeFalse()) @@ -221,7 +221,7 @@ var _ = Describe("SentPacketHistory", func() { It("doesn't consider non-retransmittable packets as outstanding", func() { hist.SentPacket(&Packet{ - EncryptionLevel: protocol.EncryptionUnencrypted, + EncryptionLevel: protocol.EncryptionInitial, }) Expect(hist.HasOutstandingHandshakePackets()).To(BeFalse()) Expect(hist.HasOutstandingPackets()).To(BeFalse()) @@ -230,7 +230,7 @@ var _ = Describe("SentPacketHistory", func() { It("accounts for deleted handshake packets", func() { hist.SentPacket(&Packet{ PacketNumber: 5, - EncryptionLevel: protocol.EncryptionSecure, + EncryptionLevel: protocol.EncryptionHandshake, canBeRetransmitted: true, }) Expect(hist.HasOutstandingHandshakePackets()).To(BeTrue()) @@ -242,7 +242,7 @@ var _ = Describe("SentPacketHistory", func() { It("accounts for deleted packets", func() { hist.SentPacket(&Packet{ PacketNumber: 10, - EncryptionLevel: protocol.EncryptionForwardSecure, + EncryptionLevel: protocol.Encryption1RTT, canBeRetransmitted: true, }) Expect(hist.HasOutstandingPackets()).To(BeTrue()) @@ -254,7 +254,7 @@ var _ = Describe("SentPacketHistory", func() { It("doesn't count handshake packets marked as non-retransmittable", func() { hist.SentPacket(&Packet{ PacketNumber: 5, - EncryptionLevel: protocol.EncryptionUnencrypted, + EncryptionLevel: protocol.EncryptionInitial, canBeRetransmitted: true, }) Expect(hist.HasOutstandingHandshakePackets()).To(BeTrue()) @@ -266,7 +266,7 @@ var _ = Describe("SentPacketHistory", func() { It("doesn't count packets marked as non-retransmittable", func() { hist.SentPacket(&Packet{ PacketNumber: 10, - EncryptionLevel: protocol.EncryptionForwardSecure, + EncryptionLevel: protocol.Encryption1RTT, canBeRetransmitted: true, }) Expect(hist.HasOutstandingPackets()).To(BeTrue()) @@ -278,12 +278,12 @@ var _ = Describe("SentPacketHistory", func() { It("counts the number of packets", func() { hist.SentPacket(&Packet{ PacketNumber: 10, - EncryptionLevel: protocol.EncryptionForwardSecure, + EncryptionLevel: protocol.Encryption1RTT, canBeRetransmitted: true, }) hist.SentPacket(&Packet{ PacketNumber: 11, - EncryptionLevel: protocol.EncryptionForwardSecure, + EncryptionLevel: protocol.Encryption1RTT, canBeRetransmitted: true, }) err := hist.Remove(11) diff --git a/internal/ackhandler/stop_waiting_manager.go b/internal/ackhandler/stop_waiting_manager.go deleted file mode 100644 index 40ad88cd..00000000 --- a/internal/ackhandler/stop_waiting_manager.go +++ /dev/null @@ -1,43 +0,0 @@ -package ackhandler - -import ( - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/wire" -) - -// This stopWaitingManager is not supposed to satisfy the StopWaitingManager interface, which is a remnant of the legacy AckHandler, and should be remove once we drop support for QUIC 33 -type stopWaitingManager struct { - largestLeastUnackedSent protocol.PacketNumber - nextLeastUnacked protocol.PacketNumber - - lastStopWaitingFrame *wire.StopWaitingFrame -} - -func (s *stopWaitingManager) GetStopWaitingFrame(force bool) *wire.StopWaitingFrame { - if s.nextLeastUnacked <= s.largestLeastUnackedSent { - if force { - return s.lastStopWaitingFrame - } - return nil - } - - s.largestLeastUnackedSent = s.nextLeastUnacked - swf := &wire.StopWaitingFrame{ - LeastUnacked: s.nextLeastUnacked, - } - s.lastStopWaitingFrame = swf - return swf -} - -func (s *stopWaitingManager) ReceivedAck(ack *wire.AckFrame) { - largestAcked := ack.LargestAcked() - if largestAcked >= s.nextLeastUnacked { - s.nextLeastUnacked = largestAcked + 1 - } -} - -func (s *stopWaitingManager) QueuedRetransmissionForPacketNumber(p protocol.PacketNumber) { - if p >= s.nextLeastUnacked { - s.nextLeastUnacked = p + 1 - } -} diff --git a/internal/ackhandler/stop_waiting_manager_test.go b/internal/ackhandler/stop_waiting_manager_test.go deleted file mode 100644 index c549bee8..00000000 --- a/internal/ackhandler/stop_waiting_manager_test.go +++ /dev/null @@ -1,55 +0,0 @@ -package ackhandler - -import ( - "github.com/lucas-clemente/quic-go/internal/wire" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("StopWaitingManager", func() { - var manager *stopWaitingManager - BeforeEach(func() { - manager = &stopWaitingManager{} - }) - - It("returns nil in the beginning", func() { - Expect(manager.GetStopWaitingFrame(false)).To(BeNil()) - Expect(manager.GetStopWaitingFrame(true)).To(BeNil()) - }) - - It("returns a StopWaitingFrame, when a new ACK arrives", func() { - manager.ReceivedAck(&wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 10}}}) - Expect(manager.GetStopWaitingFrame(false)).To(Equal(&wire.StopWaitingFrame{LeastUnacked: 11})) - }) - - It("does not decrease the LeastUnacked", func() { - manager.ReceivedAck(&wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 10}}}) - manager.ReceivedAck(&wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 9}}}) - Expect(manager.GetStopWaitingFrame(false)).To(Equal(&wire.StopWaitingFrame{LeastUnacked: 11})) - }) - - It("does not send the same StopWaitingFrame twice", func() { - manager.ReceivedAck(&wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 10}}}) - Expect(manager.GetStopWaitingFrame(false)).ToNot(BeNil()) - Expect(manager.GetStopWaitingFrame(false)).To(BeNil()) - }) - - It("gets the same StopWaitingFrame twice, if forced", func() { - manager.ReceivedAck(&wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 10}}}) - Expect(manager.GetStopWaitingFrame(false)).ToNot(BeNil()) - Expect(manager.GetStopWaitingFrame(true)).ToNot(BeNil()) - Expect(manager.GetStopWaitingFrame(true)).ToNot(BeNil()) - }) - - It("increases the LeastUnacked when a retransmission is queued", func() { - manager.ReceivedAck(&wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 10}}}) - manager.QueuedRetransmissionForPacketNumber(20) - Expect(manager.GetStopWaitingFrame(false)).To(Equal(&wire.StopWaitingFrame{LeastUnacked: 21})) - }) - - It("does not decrease the LeastUnacked when a retransmission is queued", func() { - manager.ReceivedAck(&wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 10}}}) - manager.QueuedRetransmissionForPacketNumber(9) - Expect(manager.GetStopWaitingFrame(false)).To(Equal(&wire.StopWaitingFrame{LeastUnacked: 11})) - }) -}) diff --git a/internal/crypto/aesgcm12_aead.go b/internal/crypto/aesgcm12_aead.go deleted file mode 100644 index 55e45be6..00000000 --- a/internal/crypto/aesgcm12_aead.go +++ /dev/null @@ -1,72 +0,0 @@ -package crypto - -import ( - "crypto/cipher" - "encoding/binary" - "errors" - - "github.com/lucas-clemente/aes12" - - "github.com/lucas-clemente/quic-go/internal/protocol" -) - -type aeadAESGCM12 struct { - otherIV []byte - myIV []byte - encrypter cipher.AEAD - decrypter cipher.AEAD -} - -var _ AEAD = &aeadAESGCM12{} - -// NewAEADAESGCM12 creates a AEAD using AES-GCM with 12 bytes tag size -// -// AES-GCM support is a bit hacky, since the go stdlib does not support 12 byte -// tag size, and couples the cipher and aes packages closely. -// See https://github.com/lucas-clemente/aes12. -func NewAEADAESGCM12(otherKey []byte, myKey []byte, otherIV []byte, myIV []byte) (AEAD, error) { - if len(myKey) != 16 || len(otherKey) != 16 || len(myIV) != 4 || len(otherIV) != 4 { - return nil, errors.New("AES-GCM: expected 16-byte keys and 4-byte IVs") - } - encrypterCipher, err := aes12.NewCipher(myKey) - if err != nil { - return nil, err - } - encrypter, err := aes12.NewGCM(encrypterCipher) - if err != nil { - return nil, err - } - decrypterCipher, err := aes12.NewCipher(otherKey) - if err != nil { - return nil, err - } - decrypter, err := aes12.NewGCM(decrypterCipher) - if err != nil { - return nil, err - } - return &aeadAESGCM12{ - otherIV: otherIV, - myIV: myIV, - encrypter: encrypter, - decrypter: decrypter, - }, nil -} - -func (aead *aeadAESGCM12) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error) { - return aead.decrypter.Open(dst, aead.makeNonce(aead.otherIV, packetNumber), src, associatedData) -} - -func (aead *aeadAESGCM12) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte { - return aead.encrypter.Seal(dst, aead.makeNonce(aead.myIV, packetNumber), src, associatedData) -} - -func (aead *aeadAESGCM12) makeNonce(iv []byte, packetNumber protocol.PacketNumber) []byte { - res := make([]byte, 12) - copy(res[0:4], iv) - binary.LittleEndian.PutUint64(res[4:12], uint64(packetNumber)) - return res -} - -func (aead *aeadAESGCM12) Overhead() int { - return aead.encrypter.Overhead() -} diff --git a/internal/crypto/aesgcm12_aead_test.go b/internal/crypto/aesgcm12_aead_test.go deleted file mode 100644 index 6b896a52..00000000 --- a/internal/crypto/aesgcm12_aead_test.go +++ /dev/null @@ -1,69 +0,0 @@ -package crypto - -import ( - "crypto/rand" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("AES-GCM", func() { - var ( - alice, bob AEAD - keyAlice, keyBob, ivAlice, ivBob []byte - ) - - BeforeEach(func() { - keyAlice = make([]byte, 16) - keyBob = make([]byte, 16) - ivAlice = make([]byte, 4) - ivBob = make([]byte, 4) - rand.Reader.Read(keyAlice) - rand.Reader.Read(keyBob) - rand.Reader.Read(ivAlice) - rand.Reader.Read(ivBob) - var err error - alice, err = NewAEADAESGCM12(keyBob, keyAlice, ivBob, ivAlice) - Expect(err).ToNot(HaveOccurred()) - bob, err = NewAEADAESGCM12(keyAlice, keyBob, ivAlice, ivBob) - Expect(err).ToNot(HaveOccurred()) - }) - - It("seals and opens", func() { - b := alice.Seal(nil, []byte("foobar"), 42, []byte("aad")) - text, err := bob.Open(nil, b, 42, []byte("aad")) - Expect(err).ToNot(HaveOccurred()) - Expect(text).To(Equal([]byte("foobar"))) - }) - - It("seals and opens reverse", func() { - b := bob.Seal(nil, []byte("foobar"), 42, []byte("aad")) - text, err := alice.Open(nil, b, 42, []byte("aad")) - Expect(err).ToNot(HaveOccurred()) - Expect(text).To(Equal([]byte("foobar"))) - }) - - It("has the proper length", func() { - b := bob.Seal(nil, []byte("foobar"), 42, []byte("aad")) - Expect(b).To(HaveLen(6 + bob.Overhead())) - }) - - It("fails with wrong aad", func() { - b := alice.Seal(nil, []byte("foobar"), 42, []byte("aad")) - _, err := bob.Open(nil, b, 42, []byte("aad2")) - Expect(err).To(HaveOccurred()) - }) - - It("rejects wrong key and iv sizes", func() { - var err error - e := "AES-GCM: expected 16-byte keys and 4-byte IVs" - _, err = NewAEADAESGCM12(keyBob[1:], keyAlice, ivBob, ivAlice) - Expect(err).To(MatchError(e)) - _, err = NewAEADAESGCM12(keyBob, keyAlice[1:], ivBob, ivAlice) - Expect(err).To(MatchError(e)) - _, err = NewAEADAESGCM12(keyBob, keyAlice, ivBob[1:], ivAlice) - Expect(err).To(MatchError(e)) - _, err = NewAEADAESGCM12(keyBob, keyAlice, ivBob, ivAlice[1:]) - Expect(err).To(MatchError(e)) - }) -}) diff --git a/internal/crypto/cert_cache.go b/internal/crypto/cert_cache.go deleted file mode 100644 index d8e8d8f3..00000000 --- a/internal/crypto/cert_cache.go +++ /dev/null @@ -1,48 +0,0 @@ -package crypto - -import ( - "fmt" - "hash/fnv" - - "github.com/hashicorp/golang-lru" - "github.com/lucas-clemente/quic-go/internal/protocol" -) - -var ( - compressedCertsCache *lru.Cache -) - -func getCompressedCert(chain [][]byte, pCommonSetHashes, pCachedHashes []byte) ([]byte, error) { - // Hash all inputs - hasher := fnv.New64a() - for _, v := range chain { - hasher.Write(v) - } - hasher.Write(pCommonSetHashes) - hasher.Write(pCachedHashes) - hash := hasher.Sum64() - - var result []byte - - resultI, isCached := compressedCertsCache.Get(hash) - if isCached { - result = resultI.([]byte) - } else { - var err error - result, err = compressChain(chain, pCommonSetHashes, pCachedHashes) - if err != nil { - return nil, err - } - compressedCertsCache.Add(hash, result) - } - - return result, nil -} - -func init() { - var err error - compressedCertsCache, err = lru.New(protocol.NumCachedCertificates) - if err != nil { - panic(fmt.Sprintf("fatal error in quic-go: could not create lru cache: %s", err.Error())) - } -} diff --git a/internal/crypto/cert_cache_test.go b/internal/crypto/cert_cache_test.go deleted file mode 100644 index 1ecc26f6..00000000 --- a/internal/crypto/cert_cache_test.go +++ /dev/null @@ -1,51 +0,0 @@ -package crypto - -import ( - lru "github.com/hashicorp/golang-lru" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Certificate cache", func() { - BeforeEach(func() { - var err error - compressedCertsCache, err = lru.New(2) - Expect(err).NotTo(HaveOccurred()) - }) - - It("gives a compressed cert", func() { - chain := [][]byte{{0xde, 0xca, 0xfb, 0xad}} - expected, err := compressChain(chain, nil, nil) - Expect(err).NotTo(HaveOccurred()) - compressed, err := getCompressedCert(chain, nil, nil) - Expect(err).ToNot(HaveOccurred()) - Expect(compressed).To(Equal(expected)) - }) - - It("gets the same result multiple times", func() { - chain := [][]byte{{0xde, 0xca, 0xfb, 0xad}} - compressed, err := getCompressedCert(chain, nil, nil) - Expect(err).NotTo(HaveOccurred()) - compressed2, err := getCompressedCert(chain, nil, nil) - Expect(err).NotTo(HaveOccurred()) - Expect(compressed).To(Equal(compressed2)) - }) - - It("stores cached values", func() { - chain := [][]byte{{0xde, 0xca, 0xfb, 0xad}} - _, err := getCompressedCert(chain, nil, nil) - Expect(err).NotTo(HaveOccurred()) - Expect(compressedCertsCache.Len()).To(Equal(1)) - Expect(compressedCertsCache.Contains(uint64(3838929964809501833))).To(BeTrue()) - }) - - It("evicts old values", func() { - _, err := getCompressedCert([][]byte{{0x00}}, nil, nil) - Expect(err).NotTo(HaveOccurred()) - _, err = getCompressedCert([][]byte{{0x01}}, nil, nil) - Expect(err).NotTo(HaveOccurred()) - _, err = getCompressedCert([][]byte{{0x02}}, nil, nil) - Expect(err).NotTo(HaveOccurred()) - Expect(compressedCertsCache.Len()).To(Equal(2)) - }) -}) diff --git a/internal/crypto/cert_chain.go b/internal/crypto/cert_chain.go deleted file mode 100644 index 0c728fd2..00000000 --- a/internal/crypto/cert_chain.go +++ /dev/null @@ -1,113 +0,0 @@ -package crypto - -import ( - "crypto/tls" - "errors" - "strings" -) - -// A CertChain holds a certificate and a private key -type CertChain interface { - SignServerProof(sni string, chlo []byte, serverConfigData []byte) ([]byte, error) - GetCertsCompressed(sni string, commonSetHashes, cachedHashes []byte) ([]byte, error) - GetLeafCert(sni string) ([]byte, error) -} - -// proofSource stores a key and a certificate for the server proof -type certChain struct { - config *tls.Config -} - -var _ CertChain = &certChain{} - -var errNoMatchingCertificate = errors.New("no matching certificate found") - -// NewCertChain loads the key and cert from files -func NewCertChain(tlsConfig *tls.Config) CertChain { - return &certChain{config: tlsConfig} -} - -// SignServerProof signs CHLO and server config for use in the server proof -func (c *certChain) SignServerProof(sni string, chlo []byte, serverConfigData []byte) ([]byte, error) { - cert, err := c.getCertForSNI(sni) - if err != nil { - return nil, err - } - - return signServerProof(cert, chlo, serverConfigData) -} - -// GetCertsCompressed gets the certificate in the format described by the QUIC crypto doc -func (c *certChain) GetCertsCompressed(sni string, pCommonSetHashes, pCachedHashes []byte) ([]byte, error) { - cert, err := c.getCertForSNI(sni) - if err != nil { - return nil, err - } - return getCompressedCert(cert.Certificate, pCommonSetHashes, pCachedHashes) -} - -// GetLeafCert gets the leaf certificate -func (c *certChain) GetLeafCert(sni string) ([]byte, error) { - cert, err := c.getCertForSNI(sni) - if err != nil { - return nil, err - } - return cert.Certificate[0], nil -} - -func (c *certChain) getCertForSNI(sni string) (*tls.Certificate, error) { - conf := c.config - conf, err := maybeGetConfigForClient(conf, sni) - if err != nil { - return nil, err - } - // The rest of this function is mostly copied from crypto/tls.getCertificate - - if conf.GetCertificate != nil { - cert, err := conf.GetCertificate(&tls.ClientHelloInfo{ServerName: sni}) - if cert != nil || err != nil { - return cert, err - } - } - - if len(conf.Certificates) == 0 { - return nil, errNoMatchingCertificate - } - - if len(conf.Certificates) == 1 || conf.NameToCertificate == nil { - // There's only one choice, so no point doing any work. - return &conf.Certificates[0], nil - } - - name := strings.ToLower(sni) - for len(name) > 0 && name[len(name)-1] == '.' { - name = name[:len(name)-1] - } - - if cert, ok := conf.NameToCertificate[name]; ok { - return cert, nil - } - - // try replacing labels in the name with wildcards until we get a - // match. - labels := strings.Split(name, ".") - for i := range labels { - labels[i] = "*" - candidate := strings.Join(labels, ".") - if cert, ok := conf.NameToCertificate[candidate]; ok { - return cert, nil - } - } - - // If nothing matches, return the first certificate. - return &conf.Certificates[0], nil -} - -func maybeGetConfigForClient(c *tls.Config, sni string) (*tls.Config, error) { - if c.GetConfigForClient == nil { - return c, nil - } - return c.GetConfigForClient(&tls.ClientHelloInfo{ - ServerName: sni, - }) -} diff --git a/internal/crypto/cert_chain_test.go b/internal/crypto/cert_chain_test.go deleted file mode 100644 index fd60a46a..00000000 --- a/internal/crypto/cert_chain_test.go +++ /dev/null @@ -1,148 +0,0 @@ -package crypto - -import ( - "bytes" - "compress/flate" - "compress/zlib" - "crypto/tls" - "reflect" - - "github.com/lucas-clemente/quic-go/internal/testdata" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Proof", func() { - var ( - cc *certChain - config *tls.Config - cert tls.Certificate - ) - - BeforeEach(func() { - cert = testdata.GetCertificate() - config = &tls.Config{} - cc = NewCertChain(config).(*certChain) - }) - - Context("certificate compression", func() { - It("compresses certs", func() { - cert := []byte{0xde, 0xca, 0xfb, 0xad} - certZlib := &bytes.Buffer{} - z, err := zlib.NewWriterLevelDict(certZlib, flate.BestCompression, certDictZlib) - Expect(err).ToNot(HaveOccurred()) - z.Write([]byte{0x04, 0x00, 0x00, 0x00}) - z.Write(cert) - z.Close() - kd := &certChain{ - config: &tls.Config{ - Certificates: []tls.Certificate{ - {Certificate: [][]byte{cert}}, - }, - }, - } - certCompressed, err := kd.GetCertsCompressed("", nil, nil) - Expect(err).ToNot(HaveOccurred()) - Expect(certCompressed).To(Equal(append([]byte{ - 0x01, 0x00, - 0x08, 0x00, 0x00, 0x00, - }, certZlib.Bytes()...))) - }) - - It("errors when it can't retrieve a certificate", func() { - _, err := cc.GetCertsCompressed("invalid domain", nil, nil) - Expect(err).To(MatchError(errNoMatchingCertificate)) - }) - }) - - Context("signing server configs", func() { - It("errors when it can't retrieve a certificate for the requested SNI", func() { - _, err := cc.SignServerProof("invalid", []byte("chlo"), []byte("scfg")) - Expect(err).To(MatchError(errNoMatchingCertificate)) - }) - - It("signs the server config", func() { - config.Certificates = []tls.Certificate{cert} - proof, err := cc.SignServerProof("", []byte("chlo"), []byte("scfg")) - Expect(err).ToNot(HaveOccurred()) - Expect(proof).ToNot(BeEmpty()) - }) - }) - - Context("retrieving certificates", func() { - It("errors without certificates", func() { - _, err := cc.getCertForSNI("") - Expect(err).To(MatchError(errNoMatchingCertificate)) - }) - - It("uses first certificate in config.Certificates", func() { - config.Certificates = []tls.Certificate{cert} - cert, err := cc.getCertForSNI("") - Expect(err).ToNot(HaveOccurred()) - Expect(cert.PrivateKey).ToNot(BeNil()) - Expect(cert.Certificate[0]).ToNot(BeNil()) - }) - - It("uses NameToCertificate entries", func() { - config.Certificates = []tls.Certificate{cert, cert} // two entries so the long path is used - config.NameToCertificate = map[string]*tls.Certificate{ - "quic.clemente.io": &cert, - } - cert, err := cc.getCertForSNI("quic.clemente.io") - Expect(err).ToNot(HaveOccurred()) - Expect(cert.PrivateKey).ToNot(BeNil()) - Expect(cert.Certificate[0]).ToNot(BeNil()) - }) - - It("uses NameToCertificate entries with wildcard", func() { - config.Certificates = []tls.Certificate{cert, cert} // two entries so the long path is used - config.NameToCertificate = map[string]*tls.Certificate{ - "*.clemente.io": &cert, - } - cert, err := cc.getCertForSNI("quic.clemente.io") - Expect(err).ToNot(HaveOccurred()) - Expect(cert.PrivateKey).ToNot(BeNil()) - Expect(cert.Certificate[0]).ToNot(BeNil()) - }) - - It("uses GetCertificate", func() { - config.GetCertificate = func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) { - Expect(clientHello.ServerName).To(Equal("quic.clemente.io")) - return &cert, nil - } - cert, err := cc.getCertForSNI("quic.clemente.io") - Expect(err).ToNot(HaveOccurred()) - Expect(cert.PrivateKey).ToNot(BeNil()) - Expect(cert.Certificate[0]).ToNot(BeNil()) - }) - - It("gets leaf certificates", func() { - config.Certificates = []tls.Certificate{cert} - cert2, err := cc.GetLeafCert("") - Expect(err).ToNot(HaveOccurred()) - Expect(cert2).To(Equal(cert.Certificate[0])) - }) - - It("errors when it can't retrieve a leaf certificate", func() { - _, err := cc.GetLeafCert("invalid domain") - Expect(err).To(MatchError(errNoMatchingCertificate)) - }) - - It("respects GetConfigForClient", func() { - if !reflect.ValueOf(tls.Config{}).FieldByName("GetConfigForClient").IsValid() { - // Pre 1.8, we don't have to do anything - return - } - nestedConfig := &tls.Config{Certificates: []tls.Certificate{cert}} - l := func(chi *tls.ClientHelloInfo) (*tls.Config, error) { - Expect(chi.ServerName).To(Equal("quic.clemente.io")) - return nestedConfig, nil - } - reflect.ValueOf(config).Elem().FieldByName("GetConfigForClient").Set(reflect.ValueOf(l)) - resultCert, err := cc.getCertForSNI("quic.clemente.io") - Expect(err).NotTo(HaveOccurred()) - Expect(*resultCert).To(Equal(cert)) - }) - }) -}) diff --git a/internal/crypto/cert_compression.go b/internal/crypto/cert_compression.go deleted file mode 100644 index 908b7ce9..00000000 --- a/internal/crypto/cert_compression.go +++ /dev/null @@ -1,272 +0,0 @@ -package crypto - -import ( - "bytes" - "compress/flate" - "compress/zlib" - "encoding/binary" - "errors" - "fmt" - "hash/fnv" - - "github.com/lucas-clemente/quic-go/internal/utils" -) - -type entryType uint8 - -const ( - entryCompressed entryType = 1 - entryCached entryType = 2 - entryCommon entryType = 3 -) - -type entry struct { - t entryType - h uint64 // set hash - i uint32 // index -} - -func compressChain(chain [][]byte, pCommonSetHashes, pCachedHashes []byte) ([]byte, error) { - res := &bytes.Buffer{} - - cachedHashes, err := splitHashes(pCachedHashes) - if err != nil { - return nil, err - } - - setHashes, err := splitHashes(pCommonSetHashes) - if err != nil { - return nil, err - } - - chainHashes := make([]uint64, len(chain)) - for i := range chain { - chainHashes[i] = HashCert(chain[i]) - } - - entries := buildEntries(chain, chainHashes, cachedHashes, setHashes) - - totalUncompressedLen := 0 - for i, e := range entries { - res.WriteByte(uint8(e.t)) - switch e.t { - case entryCached: - utils.LittleEndian.WriteUint64(res, e.h) - case entryCommon: - utils.LittleEndian.WriteUint64(res, e.h) - utils.LittleEndian.WriteUint32(res, e.i) - case entryCompressed: - totalUncompressedLen += 4 + len(chain[i]) - } - } - res.WriteByte(0) // end of list - - if totalUncompressedLen > 0 { - gz, err := zlib.NewWriterLevelDict(res, flate.BestCompression, buildZlibDictForEntries(entries, chain)) - if err != nil { - return nil, fmt.Errorf("cert compression failed: %s", err.Error()) - } - - utils.LittleEndian.WriteUint32(res, uint32(totalUncompressedLen)) - - for i, e := range entries { - if e.t != entryCompressed { - continue - } - lenCert := len(chain[i]) - gz.Write([]byte{ - byte(lenCert & 0xff), - byte((lenCert >> 8) & 0xff), - byte((lenCert >> 16) & 0xff), - byte((lenCert >> 24) & 0xff), - }) - gz.Write(chain[i]) - } - - gz.Close() - } - - return res.Bytes(), nil -} - -func decompressChain(data []byte) ([][]byte, error) { - var chain [][]byte - var entries []entry - r := bytes.NewReader(data) - - var numCerts int - var hasCompressedCerts bool - for { - entryTypeByte, err := r.ReadByte() - if entryTypeByte == 0 { - break - } - - et := entryType(entryTypeByte) - if err != nil { - return nil, err - } - - numCerts++ - - switch et { - case entryCached: - // we're not sending any certificate hashes in the CHLO, so there shouldn't be any cached certificates in the chain - return nil, errors.New("unexpected cached certificate") - case entryCommon: - e := entry{t: entryCommon} - e.h, err = utils.LittleEndian.ReadUint64(r) - if err != nil { - return nil, err - } - e.i, err = utils.LittleEndian.ReadUint32(r) - if err != nil { - return nil, err - } - certSet, ok := certSets[e.h] - if !ok { - return nil, errors.New("unknown certSet") - } - if e.i >= uint32(len(certSet)) { - return nil, errors.New("certificate not found in certSet") - } - entries = append(entries, e) - chain = append(chain, certSet[e.i]) - case entryCompressed: - hasCompressedCerts = true - entries = append(entries, entry{t: entryCompressed}) - chain = append(chain, nil) - default: - return nil, errors.New("unknown entryType") - } - } - - if numCerts == 0 { - return make([][]byte, 0), nil - } - - if hasCompressedCerts { - uncompressedLength, err := utils.LittleEndian.ReadUint32(r) - if err != nil { - fmt.Println(4) - return nil, err - } - - zlibDict := buildZlibDictForEntries(entries, chain) - gz, err := zlib.NewReaderDict(r, zlibDict) - if err != nil { - return nil, err - } - defer gz.Close() - - var totalLength uint32 - var certIndex int - for totalLength < uncompressedLength { - lenBytes := make([]byte, 4) - _, err := gz.Read(lenBytes) - if err != nil { - return nil, err - } - certLen := binary.LittleEndian.Uint32(lenBytes) - - cert := make([]byte, certLen) - n, err := gz.Read(cert) - if uint32(n) != certLen && err != nil { - return nil, err - } - - for { - if certIndex >= len(entries) { - return nil, errors.New("CertCompression BUG: no element to save uncompressed certificate") - } - if entries[certIndex].t == entryCompressed { - chain[certIndex] = cert - certIndex++ - break - } - certIndex++ - } - - totalLength += 4 + certLen - } - } - - return chain, nil -} - -func buildEntries(chain [][]byte, chainHashes, cachedHashes, setHashes []uint64) []entry { - res := make([]entry, len(chain)) -chainLoop: - for i := range chain { - // Check if hash is in cachedHashes - for j := range cachedHashes { - if chainHashes[i] == cachedHashes[j] { - res[i] = entry{t: entryCached, h: chainHashes[i]} - continue chainLoop - } - } - - // Go through common sets and check if it's in there - for _, setHash := range setHashes { - set, ok := certSets[setHash] - if !ok { - // We don't have this set - continue - } - // We have this set, check if chain[i] is in the set - pos := set.findCertInSet(chain[i]) - if pos >= 0 { - // Found - res[i] = entry{t: entryCommon, h: setHash, i: uint32(pos)} - continue chainLoop - } - } - - res[i] = entry{t: entryCompressed} - } - return res -} - -func buildZlibDictForEntries(entries []entry, chain [][]byte) []byte { - var dict bytes.Buffer - - // First the cached and common in reverse order - for i := len(entries) - 1; i >= 0; i-- { - if entries[i].t == entryCompressed { - continue - } - dict.Write(chain[i]) - } - - dict.Write(certDictZlib) - return dict.Bytes() -} - -func splitHashes(hashes []byte) ([]uint64, error) { - if len(hashes)%8 != 0 { - return nil, errors.New("expected a multiple of 8 bytes for CCS / CCRT hashes") - } - n := len(hashes) / 8 - res := make([]uint64, n) - for i := 0; i < n; i++ { - res[i] = binary.LittleEndian.Uint64(hashes[i*8 : (i+1)*8]) - } - return res, nil -} - -func getCommonCertificateHashes() []byte { - ccs := make([]byte, 8*len(certSets)) - i := 0 - for certSetHash := range certSets { - binary.LittleEndian.PutUint64(ccs[i*8:(i+1)*8], certSetHash) - i++ - } - return ccs -} - -// HashCert calculates the FNV1a hash of a certificate -func HashCert(cert []byte) uint64 { - h := fnv.New64a() - h.Write(cert) - return h.Sum64() -} diff --git a/internal/crypto/cert_compression_test.go b/internal/crypto/cert_compression_test.go deleted file mode 100644 index 74744d2d..00000000 --- a/internal/crypto/cert_compression_test.go +++ /dev/null @@ -1,294 +0,0 @@ -package crypto - -import ( - "bytes" - "compress/flate" - "compress/zlib" - "encoding/binary" - "errors" - "hash/fnv" - - "github.com/lucas-clemente/quic-go-certificates" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -func byteHash(d []byte) []byte { - h := fnv.New64a() - h.Write(d) - s := h.Sum64() - res := make([]byte, 8) - binary.LittleEndian.PutUint64(res, s) - return res -} - -var _ = Describe("Cert compression and decompression", func() { - var certSetsOld map[uint64]certSet - - BeforeEach(func() { - certSetsOld = make(map[uint64]certSet) - for s := range certSets { - certSetsOld[s] = certSets[s] - } - }) - - AfterEach(func() { - certSets = certSetsOld - }) - - It("compresses empty", func() { - compressed, err := compressChain(nil, nil, nil) - Expect(err).ToNot(HaveOccurred()) - Expect(compressed).To(Equal([]byte{0})) - }) - - It("decompresses empty", func() { - compressed, err := compressChain(nil, nil, nil) - Expect(err).ToNot(HaveOccurred()) - uncompressed, err := decompressChain(compressed) - Expect(err).ToNot(HaveOccurred()) - Expect(uncompressed).To(BeEmpty()) - }) - - It("gives correct single cert", func() { - cert := []byte{0xde, 0xca, 0xfb, 0xad} - certZlib := &bytes.Buffer{} - z, err := zlib.NewWriterLevelDict(certZlib, flate.BestCompression, certDictZlib) - Expect(err).ToNot(HaveOccurred()) - z.Write([]byte{0x04, 0x00, 0x00, 0x00}) - z.Write(cert) - z.Close() - chain := [][]byte{cert} - compressed, err := compressChain(chain, nil, nil) - Expect(err).ToNot(HaveOccurred()) - Expect(compressed).To(Equal(append([]byte{ - 0x01, 0x00, - 0x08, 0x00, 0x00, 0x00, - }, certZlib.Bytes()...))) - }) - - It("decompresses a single cert", func() { - cert := []byte{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe} - chain := [][]byte{cert} - compressed, err := compressChain(chain, nil, nil) - Expect(err).ToNot(HaveOccurred()) - uncompressed, err := decompressChain(compressed) - Expect(err).ToNot(HaveOccurred()) - Expect(uncompressed).To(Equal(chain)) - }) - - It("gives correct cert and intermediate", func() { - cert1 := []byte{0xde, 0xca, 0xfb, 0xad} - cert2 := []byte{0xde, 0xad, 0xbe, 0xef} - certZlib := &bytes.Buffer{} - z, err := zlib.NewWriterLevelDict(certZlib, flate.BestCompression, certDictZlib) - Expect(err).ToNot(HaveOccurred()) - z.Write([]byte{0x04, 0x00, 0x00, 0x00}) - z.Write(cert1) - z.Write([]byte{0x04, 0x00, 0x00, 0x00}) - z.Write(cert2) - z.Close() - chain := [][]byte{cert1, cert2} - compressed, err := compressChain(chain, nil, nil) - Expect(err).ToNot(HaveOccurred()) - Expect(compressed).To(Equal(append([]byte{ - 0x01, 0x01, 0x00, - 0x10, 0x00, 0x00, 0x00, - }, certZlib.Bytes()...))) - }) - - It("decompresses the chain with a cert and an intermediate", func() { - cert1 := []byte{0xde, 0xca, 0xfb, 0xad} - cert2 := []byte{0xde, 0xad, 0xbe, 0xef} - chain := [][]byte{cert1, cert2} - compressed, err := compressChain(chain, nil, nil) - Expect(err).ToNot(HaveOccurred()) - decompressed, err := decompressChain(compressed) - Expect(err).ToNot(HaveOccurred()) - Expect(decompressed).To(Equal(chain)) - }) - - It("uses cached certificates", func() { - cert := []byte{0xde, 0xca, 0xfb, 0xad} - certHash := byteHash(cert) - chain := [][]byte{cert} - compressed, err := compressChain(chain, nil, certHash) - Expect(err).ToNot(HaveOccurred()) - expected := append([]byte{0x02}, certHash...) - expected = append(expected, 0x00) - Expect(compressed).To(Equal(expected)) - }) - - It("uses cached certificates and compressed combined", func() { - cert1 := []byte{0xde, 0xca, 0xfb, 0xad} - cert2 := []byte{0xde, 0xad, 0xbe, 0xef} - cert2Hash := byteHash(cert2) - certZlib := &bytes.Buffer{} - z, err := zlib.NewWriterLevelDict(certZlib, flate.BestCompression, append(cert2, certDictZlib...)) - Expect(err).ToNot(HaveOccurred()) - z.Write([]byte{0x04, 0x00, 0x00, 0x00}) - z.Write(cert1) - z.Close() - chain := [][]byte{cert1, cert2} - compressed, err := compressChain(chain, nil, cert2Hash) - Expect(err).ToNot(HaveOccurred()) - expected := []byte{0x01, 0x02} - expected = append(expected, cert2Hash...) - expected = append(expected, 0x00) - expected = append(expected, []byte{0x08, 0, 0, 0}...) - expected = append(expected, certZlib.Bytes()...) - Expect(compressed).To(Equal(expected)) - }) - - It("uses common certificate sets", func() { - cert := certsets.CertSet3[42] - setHash := make([]byte, 8) - binary.LittleEndian.PutUint64(setHash, certsets.CertSet3Hash) - chain := [][]byte{cert} - compressed, err := compressChain(chain, setHash, nil) - Expect(err).ToNot(HaveOccurred()) - expected := []byte{0x03} - expected = append(expected, setHash...) - expected = append(expected, []byte{42, 0, 0, 0}...) - expected = append(expected, 0x00) - Expect(compressed).To(Equal(expected)) - }) - - It("decompresses a single cert form a common certificate set", func() { - cert := certsets.CertSet3[42] - setHash := make([]byte, 8) - binary.LittleEndian.PutUint64(setHash, certsets.CertSet3Hash) - chain := [][]byte{cert} - compressed, err := compressChain(chain, setHash, nil) - Expect(err).ToNot(HaveOccurred()) - decompressed, err := decompressChain(compressed) - Expect(err).ToNot(HaveOccurred()) - Expect(decompressed).To(Equal(chain)) - }) - - It("decompresses multiple certs form common certificate sets", func() { - cert1 := certsets.CertSet3[42] - cert2 := certsets.CertSet2[24] - setHash := make([]byte, 16) - binary.LittleEndian.PutUint64(setHash[0:8], certsets.CertSet3Hash) - binary.LittleEndian.PutUint64(setHash[8:16], certsets.CertSet2Hash) - chain := [][]byte{cert1, cert2} - compressed, err := compressChain(chain, setHash, nil) - Expect(err).ToNot(HaveOccurred()) - decompressed, err := decompressChain(compressed) - Expect(err).ToNot(HaveOccurred()) - Expect(decompressed).To(Equal(chain)) - }) - - It("ignores uncommon certificate sets", func() { - cert := []byte{0xde, 0xca, 0xfb, 0xad} - setHash := make([]byte, 8) - binary.LittleEndian.PutUint64(setHash, 0xdeadbeef) - chain := [][]byte{cert} - compressed, err := compressChain(chain, setHash, nil) - Expect(err).ToNot(HaveOccurred()) - certZlib := &bytes.Buffer{} - z, err := zlib.NewWriterLevelDict(certZlib, flate.BestCompression, certDictZlib) - Expect(err).ToNot(HaveOccurred()) - z.Write([]byte{0x04, 0x00, 0x00, 0x00}) - z.Write(cert) - z.Close() - Expect(compressed).To(Equal(append([]byte{ - 0x01, 0x00, - 0x08, 0x00, 0x00, 0x00, - }, certZlib.Bytes()...))) - }) - - It("errors if a common set does not exist", func() { - cert := certsets.CertSet3[42] - setHash := make([]byte, 8) - binary.LittleEndian.PutUint64(setHash, certsets.CertSet3Hash) - chain := [][]byte{cert} - compressed, err := compressChain(chain, setHash, nil) - Expect(err).ToNot(HaveOccurred()) - delete(certSets, certsets.CertSet3Hash) - _, err = decompressChain(compressed) - Expect(err).To(MatchError(errors.New("unknown certSet"))) - }) - - It("errors if a cert in a common set does not exist", func() { - certSet := [][]byte{ - {0x1, 0x2, 0x3, 0x4}, - {0x5, 0x6, 0x7, 0x8}, - } - certSets[0x1337] = certSet - cert := certSet[1] - setHash := make([]byte, 8) - binary.LittleEndian.PutUint64(setHash, 0x1337) - chain := [][]byte{cert} - compressed, err := compressChain(chain, setHash, nil) - Expect(err).ToNot(HaveOccurred()) - certSets[0x1337] = certSet[:1] // delete the last certificate from the certSet - _, err = decompressChain(compressed) - Expect(err).To(MatchError(errors.New("certificate not found in certSet"))) - }) - - It("uses common certificates and compressed combined", func() { - cert1 := []byte{0xde, 0xca, 0xfb, 0xad} - cert2 := certsets.CertSet3[42] - setHash := make([]byte, 8) - binary.LittleEndian.PutUint64(setHash, certsets.CertSet3Hash) - certZlib := &bytes.Buffer{} - z, err := zlib.NewWriterLevelDict(certZlib, flate.BestCompression, append(cert2, certDictZlib...)) - Expect(err).ToNot(HaveOccurred()) - z.Write([]byte{0x04, 0x00, 0x00, 0x00}) - z.Write(cert1) - z.Close() - chain := [][]byte{cert1, cert2} - compressed, err := compressChain(chain, setHash, nil) - Expect(err).ToNot(HaveOccurred()) - expected := []byte{0x01, 0x03} - expected = append(expected, setHash...) - expected = append(expected, []byte{42, 0, 0, 0}...) - expected = append(expected, 0x00) - expected = append(expected, []byte{0x08, 0, 0, 0}...) - expected = append(expected, certZlib.Bytes()...) - Expect(compressed).To(Equal(expected)) - }) - - It("decompresses a certficate from a common set and a compressed cert combined", func() { - cert1 := []byte{0xde, 0xca, 0xfb, 0xad} - cert2 := certsets.CertSet3[42] - setHash := make([]byte, 8) - binary.LittleEndian.PutUint64(setHash, certsets.CertSet3Hash) - chain := [][]byte{cert1, cert2} - compressed, err := compressChain(chain, setHash, nil) - Expect(err).ToNot(HaveOccurred()) - decompressed, err := decompressChain(compressed) - Expect(err).ToNot(HaveOccurred()) - Expect(decompressed).To(Equal(chain)) - }) - - It("rejects invalid CCS / CCRT hashes", func() { - cert := []byte{0xde, 0xca, 0xfb, 0xad} - chain := [][]byte{cert} - _, err := compressChain(chain, []byte("foo"), nil) - Expect(err).To(MatchError("expected a multiple of 8 bytes for CCS / CCRT hashes")) - _, err = compressChain(chain, nil, []byte("foo")) - Expect(err).To(MatchError("expected a multiple of 8 bytes for CCS / CCRT hashes")) - }) - - Context("common certificate hashes", func() { - It("gets the hashes", func() { - ccs := getCommonCertificateHashes() - Expect(ccs).ToNot(BeEmpty()) - hashes, err := splitHashes(ccs) - Expect(err).ToNot(HaveOccurred()) - for _, hash := range hashes { - Expect(certSets).To(HaveKey(hash)) - } - }) - - It("returns an empty slice if there are not common sets", func() { - certSets = make(map[uint64]certSet) - ccs := getCommonCertificateHashes() - Expect(ccs).ToNot(BeNil()) - Expect(ccs).To(HaveLen(0)) - }) - }) -}) diff --git a/internal/crypto/cert_dict.go b/internal/crypto/cert_dict.go deleted file mode 100644 index 300ec713..00000000 --- a/internal/crypto/cert_dict.go +++ /dev/null @@ -1,128 +0,0 @@ -package crypto - -var certDictZlib = []byte{ - 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, - 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, - 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, - 0x5f, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x04, 0x01, - 0x06, 0x06, 0x0b, 0x60, 0x86, 0x48, 0x01, 0x86, 0xfd, 0x6d, 0x01, 0x07, - 0x17, 0x01, 0x30, 0x33, 0x20, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, - 0x64, 0x20, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x20, 0x53, 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, 0x34, - 0x20, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, - 0x32, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, 0x30, 0x2d, 0x61, 0x69, 0x61, 0x2e, - 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x45, 0x2d, 0x63, 0x72, 0x6c, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, - 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x45, 0x2e, 0x63, 0x65, - 0x72, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x4a, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, - 0x2f, 0x63, 0x70, 0x73, 0x20, 0x28, 0x63, 0x29, 0x30, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x7b, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x1d, 0x0e, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd2, - 0x6f, 0x64, 0x6f, 0x63, 0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, - 0x04, 0x14, 0xb4, 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x73, 0x69, - 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x30, 0x0b, 0x06, 0x03, - 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, - 0x81, 0xca, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, - 0x13, 0x07, 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31, 0x13, 0x30, - 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63, 0x6f, 0x74, - 0x74, 0x73, 0x64, 0x61, 0x6c, 0x65, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, - 0x55, 0x04, 0x0a, 0x13, 0x11, 0x47, 0x6f, 0x44, 0x61, 0x64, 0x64, 0x79, - 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x33, - 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, - 0x6f, 0x72, 0x79, 0x31, 0x30, 0x30, 0x2e, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x27, 0x47, 0x6f, 0x20, 0x44, 0x61, 0x64, 0x64, 0x79, 0x20, 0x53, - 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, - 0x04, 0x05, 0x13, 0x08, 0x30, 0x37, 0x39, 0x36, 0x39, 0x32, 0x38, 0x37, - 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x0c, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, - 0x30, 0x1d, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, - 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x03, 0x02, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, - 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x33, 0x06, 0x03, 0x55, 0x1d, - 0x1f, 0x04, 0x2c, 0x30, 0x2a, 0x30, 0x28, 0xa0, 0x26, 0xa0, 0x24, 0x86, - 0x22, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, - 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x67, 0x64, 0x73, 0x31, 0x2d, 0x32, 0x30, 0x2a, 0x30, 0x28, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1c, 0x68, 0x74, - 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x76, 0x65, - 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, - 0x70, 0x73, 0x30, 0x34, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, - 0x0d, 0x31, 0x33, 0x30, 0x35, 0x30, 0x39, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x2d, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x73, 0x30, 0x39, 0x30, 0x37, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x02, 0x30, 0x44, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, - 0x3d, 0x30, 0x3b, 0x30, 0x39, 0x06, 0x0b, 0x60, 0x86, 0x48, 0x01, 0x86, - 0xf8, 0x45, 0x01, 0x07, 0x17, 0x06, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x1b, 0x53, 0x31, 0x17, - 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, - 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, - 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x56, 0x65, - 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, - 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x3b, 0x30, 0x39, - 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x32, 0x54, 0x65, 0x72, 0x6d, 0x73, - 0x20, 0x6f, 0x66, 0x20, 0x75, 0x73, 0x65, 0x20, 0x61, 0x74, 0x20, 0x68, - 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x76, - 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x72, 0x70, 0x61, 0x20, 0x28, 0x63, 0x29, 0x30, 0x31, 0x10, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x53, 0x31, 0x13, 0x30, 0x11, - 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0a, 0x47, 0x31, 0x13, 0x30, 0x11, - 0x06, 0x0b, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x3c, 0x02, 0x01, - 0x03, 0x13, 0x02, 0x55, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x14, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x0f, 0x13, 0x14, 0x50, - 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x20, 0x4f, 0x72, 0x67, 0x61, 0x6e, - 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x12, 0x31, 0x21, 0x30, - 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x18, 0x44, 0x6f, 0x6d, 0x61, - 0x69, 0x6e, 0x20, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x20, 0x56, - 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x64, 0x31, 0x14, 0x31, 0x31, - 0x30, 0x2f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x28, 0x53, 0x65, 0x65, - 0x20, 0x77, 0x77, 0x77, 0x2e, 0x72, 0x3a, 0x2f, 0x2f, 0x73, 0x65, 0x63, - 0x75, 0x72, 0x65, 0x2e, 0x67, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, - 0x69, 0x67, 0x6e, 0x31, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x41, - 0x2e, 0x63, 0x72, 0x6c, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, - 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x45, 0x63, 0x72, - 0x6c, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x73, 0x2f, 0x73, 0x64, 0x31, 0x1a, - 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x45, 0x56, 0x49, 0x6e, 0x74, 0x6c, 0x2d, 0x63, 0x63, 0x72, - 0x74, 0x2e, 0x67, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x69, 0x63, 0x65, 0x72, - 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x31, 0x6f, 0x63, 0x73, 0x70, 0x2e, - 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x39, 0x72, 0x61, 0x70, 0x69, 0x64, 0x73, 0x73, 0x6c, 0x2e, 0x63, - 0x6f, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, - 0x79, 0x2f, 0x30, 0x81, 0x80, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x01, 0x01, 0x04, 0x74, 0x30, 0x72, 0x30, 0x24, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x6f, 0x64, - 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x30, 0x4a, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, - 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, - 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, 0x67, 0x64, 0x5f, 0x69, 0x6e, 0x74, - 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x2e, 0x63, 0x72, - 0x74, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, - 0x80, 0x14, 0xfd, 0xac, 0x61, 0x32, 0x93, 0x6c, 0x45, 0xd6, 0xe2, 0xee, - 0x85, 0x5f, 0x9a, 0xba, 0xe7, 0x76, 0x99, 0x68, 0xcc, 0xe7, 0x30, 0x27, - 0x86, 0x29, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x86, 0x30, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x73, -} diff --git a/internal/crypto/cert_manager.go b/internal/crypto/cert_manager.go deleted file mode 100644 index 8b8c9faa..00000000 --- a/internal/crypto/cert_manager.go +++ /dev/null @@ -1,135 +0,0 @@ -package crypto - -import ( - "crypto/tls" - "crypto/x509" - "errors" - "hash/fnv" - "time" - - "github.com/lucas-clemente/quic-go/qerr" -) - -// CertManager manages the certificates sent by the server -type CertManager interface { - SetData([]byte) error - GetCommonCertificateHashes() []byte - GetLeafCert() []byte - GetLeafCertHash() (uint64, error) - VerifyServerProof(proof, chlo, serverConfigData []byte) bool - Verify(hostname string) error - GetChain() []*x509.Certificate -} - -type certManager struct { - chain []*x509.Certificate - config *tls.Config -} - -var _ CertManager = &certManager{} - -var errNoCertificateChain = errors.New("CertManager BUG: No certicifate chain loaded") - -// NewCertManager creates a new CertManager -func NewCertManager(tlsConfig *tls.Config) CertManager { - return &certManager{config: tlsConfig} -} - -// SetData takes the byte-slice sent in the SHLO and decompresses it into the certificate chain -func (c *certManager) SetData(data []byte) error { - byteChain, err := decompressChain(data) - if err != nil { - return qerr.Error(qerr.InvalidCryptoMessageParameter, "Certificate data invalid") - } - - chain := make([]*x509.Certificate, len(byteChain)) - for i, data := range byteChain { - cert, err := x509.ParseCertificate(data) - if err != nil { - return err - } - chain[i] = cert - } - - c.chain = chain - return nil -} - -func (c *certManager) GetChain() []*x509.Certificate { - return c.chain -} - -func (c *certManager) GetCommonCertificateHashes() []byte { - return getCommonCertificateHashes() -} - -// GetLeafCert returns the leaf certificate of the certificate chain -// it returns nil if the certificate chain has not yet been set -func (c *certManager) GetLeafCert() []byte { - if len(c.chain) == 0 { - return nil - } - return c.chain[0].Raw -} - -// GetLeafCertHash calculates the FNV1a_64 hash of the leaf certificate -func (c *certManager) GetLeafCertHash() (uint64, error) { - leafCert := c.GetLeafCert() - if leafCert == nil { - return 0, errNoCertificateChain - } - - h := fnv.New64a() - _, err := h.Write(leafCert) - if err != nil { - return 0, err - } - return h.Sum64(), nil -} - -// VerifyServerProof verifies the signature of the server config -// it should only be called after the certificate chain has been set, otherwise it returns false -func (c *certManager) VerifyServerProof(proof, chlo, serverConfigData []byte) bool { - if len(c.chain) == 0 { - return false - } - - return verifyServerProof(proof, c.chain[0], chlo, serverConfigData) -} - -// Verify verifies the certificate chain -func (c *certManager) Verify(hostname string) error { - if len(c.chain) == 0 { - return errNoCertificateChain - } - - if c.config != nil && c.config.InsecureSkipVerify { - return nil - } - - leafCert := c.chain[0] - - var opts x509.VerifyOptions - if c.config != nil { - opts.Roots = c.config.RootCAs - if c.config.Time == nil { - opts.CurrentTime = time.Now() - } else { - opts.CurrentTime = c.config.Time() - } - } - // we don't need to care about the tls.Config.ServerName here, since hostname has already been set to that value in the session setup - opts.DNSName = hostname - - // the first certificate is the leaf certificate, all others are intermediates - if len(c.chain) > 1 { - intermediates := x509.NewCertPool() - for i := 1; i < len(c.chain); i++ { - intermediates.AddCert(c.chain[i]) - } - opts.Intermediates = intermediates - } - - _, err := leafCert.Verify(opts) - return err -} diff --git a/internal/crypto/cert_manager_test.go b/internal/crypto/cert_manager_test.go deleted file mode 100644 index 25a49bc7..00000000 --- a/internal/crypto/cert_manager_test.go +++ /dev/null @@ -1,348 +0,0 @@ -package crypto - -import ( - "crypto/rand" - "crypto/rsa" - "crypto/tls" - "crypto/x509" - "crypto/x509/pkix" - "encoding/asn1" - "math/big" - "runtime" - "time" - - "github.com/lucas-clemente/quic-go/internal/testdata" - "github.com/lucas-clemente/quic-go/qerr" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Cert Manager", func() { - var cm *certManager - var key1, key2 *rsa.PrivateKey - var cert1, cert2 []byte - - BeforeEach(func() { - var err error - cm = NewCertManager(nil).(*certManager) - key1, err = rsa.GenerateKey(rand.Reader, 768) - Expect(err).ToNot(HaveOccurred()) - key2, err = rsa.GenerateKey(rand.Reader, 768) - Expect(err).ToNot(HaveOccurred()) - template := &x509.Certificate{SerialNumber: big.NewInt(1)} - cert1, err = x509.CreateCertificate(rand.Reader, template, template, &key1.PublicKey, key1) - Expect(err).ToNot(HaveOccurred()) - cert2, err = x509.CreateCertificate(rand.Reader, template, template, &key2.PublicKey, key2) - Expect(err).ToNot(HaveOccurred()) - }) - - It("saves a client TLS config", func() { - tlsConf := &tls.Config{ServerName: "quic.clemente.io"} - cm = NewCertManager(tlsConf).(*certManager) - Expect(cm.config.ServerName).To(Equal("quic.clemente.io")) - }) - - It("errors when given invalid data", func() { - err := cm.SetData([]byte("foobar")) - Expect(err).To(MatchError(qerr.Error(qerr.InvalidCryptoMessageParameter, "Certificate data invalid"))) - }) - - It("gets the common certificate hashes", func() { - ccs := cm.GetCommonCertificateHashes() - Expect(ccs).ToNot(BeEmpty()) - }) - - Context("setting the data", func() { - It("decompresses a certificate chain", func() { - chain := [][]byte{cert1, cert2} - compressed, err := compressChain(chain, nil, nil) - Expect(err).ToNot(HaveOccurred()) - err = cm.SetData(compressed) - Expect(err).ToNot(HaveOccurred()) - Expect(cm.chain[0].Raw).To(Equal(cert1)) - Expect(cm.chain[1].Raw).To(Equal(cert2)) - }) - - It("errors if it can't decompress the chain", func() { - err := cm.SetData([]byte("invalid data")) - Expect(err).To(MatchError(qerr.Error(qerr.InvalidCryptoMessageParameter, "Certificate data invalid"))) - }) - - It("errors if it can't parse a certificate", func() { - chain := [][]byte{[]byte("cert1"), []byte("cert2")} - compressed, err := compressChain(chain, nil, nil) - Expect(err).ToNot(HaveOccurred()) - err = cm.SetData(compressed) - _, ok := err.(asn1.StructuralError) - Expect(ok).To(BeTrue()) - }) - }) - - Context("getting the leaf cert", func() { - It("gets it", func() { - xcert1, err := x509.ParseCertificate(cert1) - Expect(err).ToNot(HaveOccurred()) - xcert2, err := x509.ParseCertificate(cert2) - Expect(err).ToNot(HaveOccurred()) - cm.chain = []*x509.Certificate{xcert1, xcert2} - leafCert := cm.GetLeafCert() - Expect(leafCert).To(Equal(cert1)) - }) - - It("returns nil if the chain hasn't been set yet", func() { - leafCert := cm.GetLeafCert() - Expect(leafCert).To(BeNil()) - }) - }) - - Context("getting the leaf cert hash", func() { - It("calculates the FVN1a 64 hash", func() { - cm.chain = make([]*x509.Certificate, 1) - cm.chain[0] = &x509.Certificate{ - Raw: []byte("test fnv hash"), - } - hash, err := cm.GetLeafCertHash() - Expect(err).ToNot(HaveOccurred()) - // hash calculated on http://www.nitrxgen.net/hashgen/ - Expect(hash).To(Equal(uint64(0x4770f6141fa0f5ad))) - }) - - It("errors if the certificate chain is not loaded", func() { - _, err := cm.GetLeafCertHash() - Expect(err).To(MatchError(errNoCertificateChain)) - }) - }) - - Context("verifying the server config signature", func() { - It("returns false when the chain hasn't been set yet", func() { - valid := cm.VerifyServerProof([]byte("proof"), []byte("chlo"), []byte("scfg")) - Expect(valid).To(BeFalse()) - }) - - It("verifies the signature", func() { - chlo := []byte("client hello") - scfg := []byte("server config data") - xcert1, err := x509.ParseCertificate(cert1) - Expect(err).ToNot(HaveOccurred()) - cm.chain = []*x509.Certificate{xcert1} - proof, err := signServerProof(&tls.Certificate{PrivateKey: key1}, chlo, scfg) - Expect(err).ToNot(HaveOccurred()) - valid := cm.VerifyServerProof(proof, chlo, scfg) - Expect(valid).To(BeTrue()) - }) - - It("rejects an invalid signature", func() { - xcert1, err := x509.ParseCertificate(cert1) - Expect(err).ToNot(HaveOccurred()) - cm.chain = []*x509.Certificate{xcert1} - valid := cm.VerifyServerProof([]byte("invalid proof"), []byte("chlo"), []byte("scfg")) - Expect(valid).To(BeFalse()) - }) - }) - - Context("verifying the certificate chain", func() { - generateCertificate := func(template, parent *x509.Certificate, pubKey *rsa.PublicKey, privKey *rsa.PrivateKey) *x509.Certificate { - certDER, err := x509.CreateCertificate(rand.Reader, template, parent, pubKey, privKey) - Expect(err).ToNot(HaveOccurred()) - cert, err := x509.ParseCertificate(certDER) - Expect(err).ToNot(HaveOccurred()) - return cert - } - - getCertificate := func(template *x509.Certificate) (*rsa.PrivateKey, *x509.Certificate) { - key, err := rsa.GenerateKey(rand.Reader, 1024) - Expect(err).ToNot(HaveOccurred()) - return key, generateCertificate(template, template, &key.PublicKey, key) - } - - It("accepts a valid certificate", func() { - cc := NewCertChain(testdata.GetTLSConfig()).(*certChain) - tlsCert, err := cc.getCertForSNI("quic.clemente.io") - Expect(err).ToNot(HaveOccurred()) - for _, data := range tlsCert.Certificate { - var cert *x509.Certificate - cert, err = x509.ParseCertificate(data) - Expect(err).ToNot(HaveOccurred()) - cm.chain = append(cm.chain, cert) - } - err = cm.Verify("quic.clemente.io") - Expect(err).ToNot(HaveOccurred()) - }) - - It("doesn't accept an expired certificate", func() { - if runtime.GOOS == "windows" { - // certificate validation works different on windows, see https://golang.org/src/crypto/x509/verify.go line 238 - Skip("windows") - } - - template := &x509.Certificate{ - SerialNumber: big.NewInt(1), - NotBefore: time.Now().Add(-25 * time.Hour), - NotAfter: time.Now().Add(-time.Hour), - } - _, leafCert := getCertificate(template) - - cm.chain = []*x509.Certificate{leafCert} - err := cm.Verify("") - Expect(err).To(HaveOccurred()) - Expect(err.(x509.CertificateInvalidError).Reason).To(Equal(x509.Expired)) - }) - - It("doesn't accept a certificate that is not yet valid", func() { - if runtime.GOOS == "windows" { - // certificate validation works different on windows, see https://golang.org/src/crypto/x509/verify.go line 238 - Skip("windows") - } - - template := &x509.Certificate{ - SerialNumber: big.NewInt(1), - NotBefore: time.Now().Add(time.Hour), - NotAfter: time.Now().Add(25 * time.Hour), - } - _, leafCert := getCertificate(template) - - cm.chain = []*x509.Certificate{leafCert} - err := cm.Verify("") - Expect(err).To(HaveOccurred()) - Expect(err.(x509.CertificateInvalidError).Reason).To(Equal(x509.Expired)) - }) - - It("doesn't accept an certificate for the wrong hostname", func() { - if runtime.GOOS == "windows" { - // certificate validation works different on windows, see https://golang.org/src/crypto/x509/verify.go line 238 - Skip("windows") - } - - template := &x509.Certificate{ - SerialNumber: big.NewInt(1), - NotBefore: time.Now().Add(-time.Hour), - NotAfter: time.Now().Add(time.Hour), - Subject: pkix.Name{CommonName: "google.com"}, - } - _, leafCert := getCertificate(template) - - cm.chain = []*x509.Certificate{leafCert} - err := cm.Verify("quic.clemente.io") - Expect(err).To(HaveOccurred()) - _, ok := err.(x509.HostnameError) - Expect(ok).To(BeTrue()) - }) - - It("errors if the chain hasn't been set yet", func() { - err := cm.Verify("example.com") - Expect(err).To(HaveOccurred()) - }) - - // this tests relies on LetsEncrypt not being contained in the Root CAs - It("rejects valid certificate with missing certificate chain", func() { - if runtime.GOOS == "windows" { - Skip("LetsEncrypt Root CA is included in Windows") - } - - cert := testdata.GetCertificate() - xcert, err := x509.ParseCertificate(cert.Certificate[0]) - Expect(err).ToNot(HaveOccurred()) - cm.chain = []*x509.Certificate{xcert} - err = cm.Verify("quic.clemente.io") - _, ok := err.(x509.UnknownAuthorityError) - Expect(ok).To(BeTrue()) - }) - - It("doesn't do any certificate verification if InsecureSkipVerify is set", func() { - if runtime.GOOS == "windows" { - // certificate validation works different on windows, see https://golang.org/src/crypto/x509/verify.go line 238 - Skip("windows") - } - - template := &x509.Certificate{ - SerialNumber: big.NewInt(1), - } - - _, leafCert := getCertificate(template) - cm.config = &tls.Config{ - InsecureSkipVerify: true, - } - cm.chain = []*x509.Certificate{leafCert} - err := cm.Verify("quic.clemente.io") - Expect(err).ToNot(HaveOccurred()) - }) - - It("uses the time specified in a client TLS config", func() { - if runtime.GOOS == "windows" { - // certificate validation works different on windows, see https://golang.org/src/crypto/x509/verify.go line 238 - Skip("windows") - } - - template := &x509.Certificate{ - SerialNumber: big.NewInt(1), - NotBefore: time.Now().Add(-25 * time.Hour), - NotAfter: time.Now().Add(-23 * time.Hour), - Subject: pkix.Name{CommonName: "quic.clemente.io"}, - } - _, leafCert := getCertificate(template) - cm.chain = []*x509.Certificate{leafCert} - cm.config = &tls.Config{ - Time: func() time.Time { return time.Now().Add(-24 * time.Hour) }, - } - err := cm.Verify("quic.clemente.io") - _, ok := err.(x509.UnknownAuthorityError) - Expect(ok).To(BeTrue()) - }) - - It("rejects certificates that are expired at the time specified in a client TLS config", func() { - if runtime.GOOS == "windows" { - // certificate validation works different on windows, see https://golang.org/src/crypto/x509/verify.go line 238 - Skip("windows") - } - - template := &x509.Certificate{ - SerialNumber: big.NewInt(1), - NotBefore: time.Now().Add(-time.Hour), - NotAfter: time.Now().Add(time.Hour), - } - _, leafCert := getCertificate(template) - cm.chain = []*x509.Certificate{leafCert} - cm.config = &tls.Config{ - Time: func() time.Time { return time.Now().Add(-24 * time.Hour) }, - } - err := cm.Verify("quic.clemente.io") - Expect(err.(x509.CertificateInvalidError).Reason).To(Equal(x509.Expired)) - }) - - It("uses the Root CA given in the client config", func() { - if runtime.GOOS == "windows" { - // certificate validation works different on windows, see https://golang.org/src/crypto/x509/verify.go line 238 - Skip("windows") - } - - templateRoot := &x509.Certificate{ - SerialNumber: big.NewInt(1), - NotBefore: time.Now().Add(-time.Hour), - NotAfter: time.Now().Add(time.Hour), - IsCA: true, - BasicConstraintsValid: true, - } - rootKey, rootCert := getCertificate(templateRoot) - template := &x509.Certificate{ - SerialNumber: big.NewInt(1), - NotBefore: time.Now().Add(-time.Hour), - NotAfter: time.Now().Add(time.Hour), - Subject: pkix.Name{CommonName: "google.com"}, - } - key, err := rsa.GenerateKey(rand.Reader, 1024) - Expect(err).ToNot(HaveOccurred()) - leafCert := generateCertificate(template, rootCert, &key.PublicKey, rootKey) - - rootCAPool := x509.NewCertPool() - rootCAPool.AddCert(rootCert) - - cm.chain = []*x509.Certificate{leafCert} - cm.config = &tls.Config{ - RootCAs: rootCAPool, - } - err = cm.Verify("google.com") - Expect(err).ToNot(HaveOccurred()) - }) - }) -}) diff --git a/internal/crypto/cert_sets.go b/internal/crypto/cert_sets.go deleted file mode 100644 index 1552668c..00000000 --- a/internal/crypto/cert_sets.go +++ /dev/null @@ -1,24 +0,0 @@ -package crypto - -import ( - "bytes" - - "github.com/lucas-clemente/quic-go-certificates" -) - -type certSet [][]byte - -var certSets = map[uint64]certSet{ - certsets.CertSet2Hash: certsets.CertSet2, - certsets.CertSet3Hash: certsets.CertSet3, -} - -// findCertInSet searches for the cert in the set. Negative return value means not found. -func (s *certSet) findCertInSet(cert []byte) int { - for i, c := range *s { - if bytes.Equal(c, cert) { - return i - } - } - return -1 -} diff --git a/internal/crypto/chacha20poly1305_aead.go b/internal/crypto/chacha20poly1305_aead.go deleted file mode 100644 index 5d2e36f9..00000000 --- a/internal/crypto/chacha20poly1305_aead.go +++ /dev/null @@ -1,61 +0,0 @@ -// +build ignore - -package crypto - -import ( - "crypto/cipher" - "encoding/binary" - "errors" - - "github.com/aead/chacha20" - - "github.com/lucas-clemente/quic-go/internal/protocol" -) - -type aeadChacha20Poly1305 struct { - otherIV []byte - myIV []byte - encrypter cipher.AEAD - decrypter cipher.AEAD -} - -// NewAEADChacha20Poly1305 creates a AEAD using chacha20poly1305 -func NewAEADChacha20Poly1305(otherKey []byte, myKey []byte, otherIV []byte, myIV []byte) (AEAD, error) { - if len(myKey) != 32 || len(otherKey) != 32 || len(myIV) != 4 || len(otherIV) != 4 { - return nil, errors.New("chacha20poly1305: expected 32-byte keys and 4-byte IVs") - } - // copy because ChaCha20Poly1305 expects array pointers - var MyKey, OtherKey [32]byte - copy(MyKey[:], myKey) - copy(OtherKey[:], otherKey) - - encrypter, err := chacha20.NewChaCha20Poly1305WithTagSize(&MyKey, 12) - if err != nil { - return nil, err - } - decrypter, err := chacha20.NewChaCha20Poly1305WithTagSize(&OtherKey, 12) - if err != nil { - return nil, err - } - return &aeadChacha20Poly1305{ - otherIV: otherIV, - myIV: myIV, - encrypter: encrypter, - decrypter: decrypter, - }, nil -} - -func (aead *aeadChacha20Poly1305) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error) { - return aead.decrypter.Open(dst, aead.makeNonce(aead.otherIV, packetNumber), src, associatedData) -} - -func (aead *aeadChacha20Poly1305) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte { - return aead.encrypter.Seal(dst, aead.makeNonce(aead.myIV, packetNumber), src, associatedData) -} - -func (aead *aeadChacha20Poly1305) makeNonce(iv []byte, packetNumber protocol.PacketNumber) []byte { - res := make([]byte, 12) - copy(res[0:4], iv) - binary.LittleEndian.PutUint64(res[4:12], uint64(packetNumber)) - return res -} diff --git a/internal/crypto/chacha20poly1305_aead_test.go b/internal/crypto/chacha20poly1305_aead_test.go deleted file mode 100644 index 9d5197bd..00000000 --- a/internal/crypto/chacha20poly1305_aead_test.go +++ /dev/null @@ -1,71 +0,0 @@ -// +build ignore - -package crypto - -import ( - "crypto/rand" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Chacha20poly1305", func() { - var ( - alice, bob AEAD - keyAlice, keyBob, ivAlice, ivBob []byte - ) - - BeforeEach(func() { - keyAlice = make([]byte, 32) - keyBob = make([]byte, 32) - ivAlice = make([]byte, 4) - ivBob = make([]byte, 4) - rand.Reader.Read(keyAlice) - rand.Reader.Read(keyBob) - rand.Reader.Read(ivAlice) - rand.Reader.Read(ivBob) - var err error - alice, err = NewAEADChacha20Poly1305(keyBob, keyAlice, ivBob, ivAlice) - Expect(err).ToNot(HaveOccurred()) - bob, err = NewAEADChacha20Poly1305(keyAlice, keyBob, ivAlice, ivBob) - Expect(err).ToNot(HaveOccurred()) - }) - - It("seals and opens", func() { - b := alice.Seal(nil, []byte("foobar"), 42, []byte("aad")) - text, err := bob.Open(nil, b, 42, []byte("aad")) - Expect(err).ToNot(HaveOccurred()) - Expect(text).To(Equal([]byte("foobar"))) - }) - - It("seals and opens reverse", func() { - b := bob.Seal(nil, []byte("foobar"), 42, []byte("aad")) - text, err := alice.Open(nil, b, 42, []byte("aad")) - Expect(err).ToNot(HaveOccurred()) - Expect(text).To(Equal([]byte("foobar"))) - }) - - It("has the proper length", func() { - b := bob.Seal(nil, []byte("foobar"), 42, []byte("aad")) - Expect(b).To(HaveLen(6 + 12)) - }) - - It("fails with wrong aad", func() { - b := alice.Seal(nil, []byte("foobar"), 42, []byte("aad")) - _, err := bob.Open(nil, b, 42, []byte("aad2")) - Expect(err).To(HaveOccurred()) - }) - - It("rejects wrong key and iv sizes", func() { - var err error - e := "chacha20poly1305: expected 32-byte keys and 4-byte IVs" - _, err = NewAEADChacha20Poly1305(keyBob[1:], keyAlice, ivBob, ivAlice) - Expect(err).To(MatchError(e)) - _, err = NewAEADChacha20Poly1305(keyBob, keyAlice[1:], ivBob, ivAlice) - Expect(err).To(MatchError(e)) - _, err = NewAEADChacha20Poly1305(keyBob, keyAlice, ivBob[1:], ivAlice) - Expect(err).To(MatchError(e)) - _, err = NewAEADChacha20Poly1305(keyBob, keyAlice, ivBob, ivAlice[1:]) - Expect(err).To(MatchError(e)) - }) -}) diff --git a/internal/crypto/curve_25519.go b/internal/crypto/curve_25519.go deleted file mode 100644 index fd25b00f..00000000 --- a/internal/crypto/curve_25519.go +++ /dev/null @@ -1,41 +0,0 @@ -package crypto - -import ( - "crypto/rand" - "errors" - - "golang.org/x/crypto/curve25519" -) - -// KeyExchange manages the exchange of keys -type curve25519KEX struct { - secret [32]byte - public [32]byte -} - -var _ KeyExchange = &curve25519KEX{} - -// NewCurve25519KEX creates a new KeyExchange using Curve25519, see https://cr.yp.to/ecdh.html -func NewCurve25519KEX() (KeyExchange, error) { - c := &curve25519KEX{} - if _, err := rand.Read(c.secret[:]); err != nil { - return nil, errors.New("Curve25519: could not create private key") - } - curve25519.ScalarBaseMult(&c.public, &c.secret) - return c, nil -} - -func (c *curve25519KEX) PublicKey() []byte { - return c.public[:] -} - -func (c *curve25519KEX) CalculateSharedKey(otherPublic []byte) ([]byte, error) { - if len(otherPublic) != 32 { - return nil, errors.New("Curve25519: expected public key of 32 byte") - } - var res [32]byte - var otherPublicArray [32]byte - copy(otherPublicArray[:], otherPublic) - curve25519.ScalarMult(&res, &c.secret, &otherPublicArray) - return res[:], nil -} diff --git a/internal/crypto/curve_25519_test.go b/internal/crypto/curve_25519_test.go deleted file mode 100644 index 44d1d11f..00000000 --- a/internal/crypto/curve_25519_test.go +++ /dev/null @@ -1,27 +0,0 @@ -package crypto - -import ( - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("ProofRsa", func() { - It("works", func() { - a, err := NewCurve25519KEX() - Expect(err).ToNot(HaveOccurred()) - b, err := NewCurve25519KEX() - Expect(err).ToNot(HaveOccurred()) - sA, err := a.CalculateSharedKey(b.PublicKey()) - Expect(err).ToNot(HaveOccurred()) - sB, err := b.CalculateSharedKey(a.PublicKey()) - Expect(err).ToNot(HaveOccurred()) - Expect(sA).To(Equal(sB)) - }) - - It("rejects short public keys", func() { - a, err := NewCurve25519KEX() - Expect(err).ToNot(HaveOccurred()) - _, err = a.CalculateSharedKey(nil) - Expect(err).To(MatchError("Curve25519: expected public key of 32 byte")) - }) -}) diff --git a/internal/crypto/key_derivation_quic_crypto.go b/internal/crypto/key_derivation_quic_crypto.go deleted file mode 100644 index 6c294178..00000000 --- a/internal/crypto/key_derivation_quic_crypto.go +++ /dev/null @@ -1,100 +0,0 @@ -package crypto - -import ( - "bytes" - "crypto/sha256" - "io" - - "github.com/lucas-clemente/quic-go/internal/protocol" - - "golang.org/x/crypto/hkdf" -) - -// DeriveKeysChacha20 derives the client and server keys and creates a matching chacha20poly1305 AEAD instance -// func DeriveKeysChacha20(version protocol.VersionNumber, forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte) (AEAD, error) { -// otherKey, myKey, otherIV, myIV, err := deriveKeys(version, forwardSecure, sharedSecret, nonces, connID, chlo, scfg, cert, divNonce, 32) -// if err != nil { -// return nil, err -// } -// return NewAEADChacha20Poly1305(otherKey, myKey, otherIV, myIV) -// } - -// DeriveQuicCryptoAESKeys derives the client and server keys and creates a matching AES-GCM AEAD instance -func DeriveQuicCryptoAESKeys(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte, pers protocol.Perspective) (AEAD, error) { - var swap bool - if pers == protocol.PerspectiveClient { - swap = true - } - otherKey, myKey, otherIV, myIV, err := deriveKeys(forwardSecure, sharedSecret, nonces, connID, chlo, scfg, cert, divNonce, 16, swap) - if err != nil { - return nil, err - } - return NewAEADAESGCM12(otherKey, myKey, otherIV, myIV) -} - -// deriveKeys derives the keys and the IVs -// swap should be set true if generating the values for the client, and false for the server -func deriveKeys(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo, scfg, cert, divNonce []byte, keyLen int, swap bool) ([]byte, []byte, []byte, []byte, error) { - var info bytes.Buffer - if forwardSecure { - info.Write([]byte("QUIC forward secure key expansion\x00")) - } else { - info.Write([]byte("QUIC key expansion\x00")) - } - info.Write(connID) - info.Write(chlo) - info.Write(scfg) - info.Write(cert) - - r := hkdf.New(sha256.New, sharedSecret, nonces, info.Bytes()) - - s := make([]byte, 2*keyLen+2*4) - if _, err := io.ReadFull(r, s); err != nil { - return nil, nil, nil, nil, err - } - - key1 := s[:keyLen] - key2 := s[keyLen : 2*keyLen] - iv1 := s[2*keyLen : 2*keyLen+4] - iv2 := s[2*keyLen+4:] - - var otherKey, myKey []byte - var otherIV, myIV []byte - - if !forwardSecure { - if err := diversify(key2, iv2, divNonce); err != nil { - return nil, nil, nil, nil, err - } - } - - if swap { - otherKey = key2 - myKey = key1 - otherIV = iv2 - myIV = iv1 - } else { - otherKey = key1 - myKey = key2 - otherIV = iv1 - myIV = iv2 - } - - return otherKey, myKey, otherIV, myIV, nil -} - -func diversify(key, iv, divNonce []byte) error { - secret := make([]byte, len(key)+len(iv)) - copy(secret, key) - copy(secret[len(key):], iv) - - r := hkdf.New(sha256.New, secret, divNonce, []byte("QUIC key diversification")) - - if _, err := io.ReadFull(r, key); err != nil { - return err - } - if _, err := io.ReadFull(r, iv); err != nil { - return err - } - - return nil -} diff --git a/internal/crypto/key_derivation_quic_crypto_test.go b/internal/crypto/key_derivation_quic_crypto_test.go deleted file mode 100644 index d866121c..00000000 --- a/internal/crypto/key_derivation_quic_crypto_test.go +++ /dev/null @@ -1,197 +0,0 @@ -package crypto - -import ( - "github.com/lucas-clemente/quic-go/internal/protocol" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("QUIC Crypto Key Derivation", func() { - // Context("chacha20poly1305", func() { - // It("derives non-fs keys", func() { - // aead, err := DeriveKeysChacha20( - // protocol.Version32, - // false, - // []byte("0123456789012345678901"), - // []byte("nonce"), - // protocol.ConnectionID(42), - // []byte("chlo"), - // []byte("scfg"), - // []byte("cert"), - // nil, - // ) - // Expect(err).ToNot(HaveOccurred()) - // chacha := aead.(*aeadChacha20Poly1305) - // // If the IVs match, the keys will match too, since the keys are read earlier - // Expect(chacha.myIV).To(Equal([]byte{0xf0, 0xf5, 0x4c, 0xa8})) - // Expect(chacha.otherIV).To(Equal([]byte{0x75, 0xd8, 0xa2, 0x8d})) - // }) - // - // It("derives fs keys", func() { - // aead, err := DeriveKeysChacha20( - // protocol.Version32, - // true, - // []byte("0123456789012345678901"), - // []byte("nonce"), - // protocol.ConnectionID(42), - // []byte("chlo"), - // []byte("scfg"), - // []byte("cert"), - // nil, - // ) - // Expect(err).ToNot(HaveOccurred()) - // chacha := aead.(*aeadChacha20Poly1305) - // // If the IVs match, the keys will match too, since the keys are read earlier - // Expect(chacha.myIV).To(Equal([]byte{0xf5, 0x73, 0x11, 0x79})) - // Expect(chacha.otherIV).To(Equal([]byte{0xf7, 0x26, 0x4d, 0x2c})) - // }) - // - // It("does not use diversification nonces in FS key derivation", func() { - // aead, err := DeriveKeysChacha20( - // protocol.Version33, - // true, - // []byte("0123456789012345678901"), - // []byte("nonce"), - // protocol.ConnectionID(42), - // []byte("chlo"), - // []byte("scfg"), - // []byte("cert"), - // []byte("divnonce"), - // ) - // Expect(err).ToNot(HaveOccurred()) - // chacha := aead.(*aeadChacha20Poly1305) - // // If the IVs match, the keys will match too, since the keys are read earlier - // Expect(chacha.myIV).To(Equal([]byte{0xf5, 0x73, 0x11, 0x79})) - // Expect(chacha.otherIV).To(Equal([]byte{0xf7, 0x26, 0x4d, 0x2c})) - // }) - // - // It("uses diversification nonces in initial key derivation", func() { - // aead, err := DeriveKeysChacha20( - // protocol.Version33, - // false, - // []byte("0123456789012345678901"), - // []byte("nonce"), - // protocol.ConnectionID(42), - // []byte("chlo"), - // []byte("scfg"), - // []byte("cert"), - // []byte("divnonce"), - // ) - // Expect(err).ToNot(HaveOccurred()) - // chacha := aead.(*aeadChacha20Poly1305) - // // If the IVs match, the keys will match too, since the keys are read earlier - // Expect(chacha.myIV).To(Equal([]byte{0xc4, 0x12, 0x25, 0x64})) - // Expect(chacha.otherIV).To(Equal([]byte{0x75, 0xd8, 0xa2, 0x8d})) - // }) - // }) - - Context("AES-GCM", func() { - It("derives non-forward secure keys", func() { - aead, err := DeriveQuicCryptoAESKeys( - false, - []byte("0123456789012345678901"), - []byte("nonce"), - protocol.ConnectionID([]byte{42, 0, 0, 0, 0, 0, 0, 0}), - []byte("chlo"), - []byte("scfg"), - []byte("cert"), - []byte("divnonce"), - protocol.PerspectiveServer, - ) - Expect(err).ToNot(HaveOccurred()) - aesgcm := aead.(*aeadAESGCM12) - // If the IVs match, the keys will match too, since the keys are read earlier - Expect(aesgcm.myIV).To(Equal([]byte{0x1c, 0xec, 0xac, 0x9b})) - Expect(aesgcm.otherIV).To(Equal([]byte{0x64, 0xef, 0x3c, 0x9})) - }) - - It("uses the diversification nonce when generating non-forwared secure keys", func() { - aead1, err := DeriveQuicCryptoAESKeys( - false, - []byte("0123456789012345678901"), - []byte("nonce"), - protocol.ConnectionID([]byte{42, 0, 0, 0, 0, 0, 0, 0}), - []byte("chlo"), - []byte("scfg"), - []byte("cert"), - []byte("divnonce"), - protocol.PerspectiveServer, - ) - Expect(err).ToNot(HaveOccurred()) - aead2, err := DeriveQuicCryptoAESKeys( - false, - []byte("0123456789012345678901"), - []byte("nonce"), - protocol.ConnectionID([]byte{42, 0, 0, 0, 0, 0, 0, 0}), - []byte("chlo"), - []byte("scfg"), - []byte("cert"), - []byte("ecnonvid"), - protocol.PerspectiveServer, - ) - Expect(err).ToNot(HaveOccurred()) - aesgcm1 := aead1.(*aeadAESGCM12) - aesgcm2 := aead2.(*aeadAESGCM12) - Expect(aesgcm1.myIV).ToNot(Equal(aesgcm2.myIV)) - Expect(aesgcm1.otherIV).To(Equal(aesgcm2.otherIV)) - }) - - It("derives non-forward secure keys, for the other side", func() { - aead, err := DeriveQuicCryptoAESKeys( - false, - []byte("0123456789012345678901"), - []byte("nonce"), - protocol.ConnectionID([]byte{42, 0, 0, 0, 0, 0, 0, 0}), - []byte("chlo"), - []byte("scfg"), - []byte("cert"), - []byte("divnonce"), - protocol.PerspectiveClient, - ) - Expect(err).ToNot(HaveOccurred()) - aesgcm := aead.(*aeadAESGCM12) - // If the IVs match, the keys will match too, since the keys are read earlier - Expect(aesgcm.otherIV).To(Equal([]byte{0x1c, 0xec, 0xac, 0x9b})) - Expect(aesgcm.myIV).To(Equal([]byte{0x64, 0xef, 0x3c, 0x9})) - }) - - It("derives forward secure keys", func() { - aead, err := DeriveQuicCryptoAESKeys( - true, - []byte("0123456789012345678901"), - []byte("nonce"), - protocol.ConnectionID([]byte{42, 0, 0, 0, 0, 0, 0, 0}), - []byte("chlo"), - []byte("scfg"), - []byte("cert"), - nil, - protocol.PerspectiveServer, - ) - Expect(err).ToNot(HaveOccurred()) - aesgcm := aead.(*aeadAESGCM12) - // If the IVs match, the keys will match too, since the keys are read earlier - Expect(aesgcm.myIV).To(Equal([]byte{0x7, 0xad, 0xab, 0xb8})) - Expect(aesgcm.otherIV).To(Equal([]byte{0xf2, 0x7a, 0xcc, 0x42})) - }) - - It("does not use div-nonce for FS key derivation", func() { - aead, err := DeriveQuicCryptoAESKeys( - true, - []byte("0123456789012345678901"), - []byte("nonce"), - protocol.ConnectionID([]byte{42, 0, 0, 0, 0, 0, 0, 0}), - []byte("chlo"), - []byte("scfg"), - []byte("cert"), - []byte("divnonce"), - protocol.PerspectiveServer, - ) - Expect(err).ToNot(HaveOccurred()) - aesgcm := aead.(*aeadAESGCM12) - // If the IVs match, the keys will match too, since the keys are read earlier - Expect(aesgcm.myIV).To(Equal([]byte{0x7, 0xad, 0xab, 0xb8})) - Expect(aesgcm.otherIV).To(Equal([]byte{0xf2, 0x7a, 0xcc, 0x42})) - }) - }) -}) diff --git a/internal/crypto/key_exchange.go b/internal/crypto/key_exchange.go deleted file mode 100644 index d240b9c9..00000000 --- a/internal/crypto/key_exchange.go +++ /dev/null @@ -1,7 +0,0 @@ -package crypto - -// KeyExchange manages the exchange of keys -type KeyExchange interface { - PublicKey() []byte - CalculateSharedKey(otherPublic []byte) ([]byte, error) -} diff --git a/internal/crypto/null_aead.go b/internal/crypto/null_aead.go deleted file mode 100644 index 27158bee..00000000 --- a/internal/crypto/null_aead.go +++ /dev/null @@ -1,11 +0,0 @@ -package crypto - -import "github.com/lucas-clemente/quic-go/internal/protocol" - -// NewNullAEAD creates a NullAEAD -func NewNullAEAD(p protocol.Perspective, connID protocol.ConnectionID, v protocol.VersionNumber) (AEAD, error) { - if v.UsesTLS() { - return newNullAEADAESGCM(connID, p) - } - return &nullAEADFNV128a{perspective: p}, nil -} diff --git a/internal/crypto/null_aead_aesgcm.go b/internal/crypto/null_aead_aesgcm.go index 17dad016..7ef52f63 100644 --- a/internal/crypto/null_aead_aesgcm.go +++ b/internal/crypto/null_aead_aesgcm.go @@ -8,7 +8,8 @@ import ( var quicVersion1Salt = []byte{0x9c, 0x10, 0x8f, 0x98, 0x52, 0x0a, 0x5c, 0x5c, 0x32, 0x96, 0x8e, 0x95, 0x0e, 0x8a, 0x2c, 0x5f, 0xe0, 0x6d, 0x6c, 0x38} -func newNullAEADAESGCM(connectionID protocol.ConnectionID, pers protocol.Perspective) (AEAD, error) { +// NewNullAEAD creates a NullAEAD +func NewNullAEAD(connectionID protocol.ConnectionID, pers protocol.Perspective) (AEAD, error) { clientSecret, serverSecret := computeSecrets(connectionID) var mySecret, otherSecret []byte diff --git a/internal/crypto/null_aead_aesgcm_test.go b/internal/crypto/null_aead_aesgcm_test.go index 980348b7..a181cbf7 100644 --- a/internal/crypto/null_aead_aesgcm_test.go +++ b/internal/crypto/null_aead_aesgcm_test.go @@ -56,9 +56,9 @@ var _ = Describe("NullAEAD using AES-GCM", func() { It("seals and opens", func() { connectionID := protocol.ConnectionID([]byte{0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef}) - clientAEAD, err := newNullAEADAESGCM(connectionID, protocol.PerspectiveClient) + clientAEAD, err := NewNullAEAD(connectionID, protocol.PerspectiveClient) Expect(err).ToNot(HaveOccurred()) - serverAEAD, err := newNullAEADAESGCM(connectionID, protocol.PerspectiveServer) + serverAEAD, err := NewNullAEAD(connectionID, protocol.PerspectiveServer) Expect(err).ToNot(HaveOccurred()) clientMessage := clientAEAD.Seal(nil, []byte("foobar"), 42, []byte("aad")) @@ -74,9 +74,9 @@ var _ = Describe("NullAEAD using AES-GCM", func() { It("doesn't work if initialized with different connection IDs", func() { c1 := protocol.ConnectionID([]byte{0, 0, 0, 0, 0, 0, 0, 1}) c2 := protocol.ConnectionID([]byte{0, 0, 0, 0, 0, 0, 0, 2}) - clientAEAD, err := newNullAEADAESGCM(c1, protocol.PerspectiveClient) + clientAEAD, err := NewNullAEAD(c1, protocol.PerspectiveClient) Expect(err).ToNot(HaveOccurred()) - serverAEAD, err := newNullAEADAESGCM(c2, protocol.PerspectiveServer) + serverAEAD, err := NewNullAEAD(c2, protocol.PerspectiveServer) Expect(err).ToNot(HaveOccurred()) clientMessage := clientAEAD.Seal(nil, []byte("foobar"), 42, []byte("aad")) diff --git a/internal/crypto/null_aead_fnv128a.go b/internal/crypto/null_aead_fnv128a.go deleted file mode 100644 index 6c50ab90..00000000 --- a/internal/crypto/null_aead_fnv128a.go +++ /dev/null @@ -1,79 +0,0 @@ -package crypto - -import ( - "bytes" - "errors" - "fmt" - "hash/fnv" - - "github.com/lucas-clemente/quic-go/internal/protocol" -) - -// nullAEAD handles not-yet encrypted packets -type nullAEADFNV128a struct { - perspective protocol.Perspective -} - -var _ AEAD = &nullAEADFNV128a{} - -// Open and verify the ciphertext -func (n *nullAEADFNV128a) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error) { - if len(src) < 12 { - return nil, errors.New("NullAEAD: ciphertext cannot be less than 12 bytes long") - } - - hash := fnv.New128a() - hash.Write(associatedData) - hash.Write(src[12:]) - if n.perspective == protocol.PerspectiveServer { - hash.Write([]byte("Client")) - } else { - hash.Write([]byte("Server")) - } - sum := make([]byte, 0, 16) - sum = hash.Sum(sum) - // The tag is written in little endian, so we need to reverse the slice. - reverse(sum) - - if !bytes.Equal(sum[:12], src[:12]) { - return nil, fmt.Errorf("NullAEAD: failed to authenticate received data (%#v vs %#v)", sum[:12], src[:12]) - } - return src[12:], nil -} - -// Seal writes hash and ciphertext to the buffer -func (n *nullAEADFNV128a) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte { - if cap(dst) < 12+len(src) { - dst = make([]byte, 12+len(src)) - } else { - dst = dst[:12+len(src)] - } - - hash := fnv.New128a() - hash.Write(associatedData) - hash.Write(src) - - if n.perspective == protocol.PerspectiveServer { - hash.Write([]byte("Server")) - } else { - hash.Write([]byte("Client")) - } - sum := make([]byte, 0, 16) - sum = hash.Sum(sum) - // The tag is written in little endian, so we need to reverse the slice. - reverse(sum) - - copy(dst[12:], src) - copy(dst, sum[:12]) - return dst -} - -func (n *nullAEADFNV128a) Overhead() int { - return 12 -} - -func reverse(a []byte) { - for left, right := 0, len(a)-1; left < right; left, right = left+1, right-1 { - a[left], a[right] = a[right], a[left] - } -} diff --git a/internal/crypto/null_aead_fnv128a_test.go b/internal/crypto/null_aead_fnv128a_test.go deleted file mode 100644 index 1a8fcc6a..00000000 --- a/internal/crypto/null_aead_fnv128a_test.go +++ /dev/null @@ -1,55 +0,0 @@ -package crypto - -import ( - "github.com/lucas-clemente/quic-go/internal/protocol" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("NullAEAD using FNV128a", func() { - aad := []byte("All human beings are born free and equal in dignity and rights.") - plainText := []byte("They are endowed with reason and conscience and should act towards one another in a spirit of brotherhood.") - hash36 := []byte{0x98, 0x9b, 0x33, 0x3f, 0xe8, 0xde, 0x32, 0x5c, 0xa6, 0x7f, 0x9c, 0xf7} - - var aeadServer AEAD - var aeadClient AEAD - - BeforeEach(func() { - aeadServer = &nullAEADFNV128a{protocol.PerspectiveServer} - aeadClient = &nullAEADFNV128a{protocol.PerspectiveClient} - }) - - It("seals and opens, client => server", func() { - cipherText := aeadClient.Seal(nil, plainText, 0, aad) - res, err := aeadServer.Open(nil, cipherText, 0, aad) - Expect(err).ToNot(HaveOccurred()) - Expect(res).To(Equal([]byte("They are endowed with reason and conscience and should act towards one another in a spirit of brotherhood."))) - }) - - It("seals and opens, server => client", func() { - cipherText := aeadServer.Seal(nil, plainText, 0, aad) - res, err := aeadClient.Open(nil, cipherText, 0, aad) - Expect(err).ToNot(HaveOccurred()) - Expect(res).To(Equal([]byte("They are endowed with reason and conscience and should act towards one another in a spirit of brotherhood."))) - }) - - It("rejects short ciphertexts", func() { - _, err := aeadServer.Open(nil, nil, 0, nil) - Expect(err).To(MatchError("NullAEAD: ciphertext cannot be less than 12 bytes long")) - }) - - It("seals in-place", func() { - buf := make([]byte, 6, 12+6) - copy(buf, []byte("foobar")) - res := aeadServer.Seal(buf[0:0], buf, 0, nil) - buf = buf[:12+6] - Expect(buf[12:]).To(Equal([]byte("foobar"))) - Expect(res[12:]).To(Equal([]byte("foobar"))) - }) - - It("fails", func() { - cipherText := append(append(hash36, plainText...), byte(0x42)) - _, err := aeadClient.Open(nil, cipherText, 0, aad) - Expect(err).To(HaveOccurred()) - }) -}) diff --git a/internal/crypto/null_aead_test.go b/internal/crypto/null_aead_test.go deleted file mode 100644 index ce3a12a0..00000000 --- a/internal/crypto/null_aead_test.go +++ /dev/null @@ -1,17 +0,0 @@ -package crypto - -import ( - "github.com/lucas-clemente/quic-go/internal/protocol" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("NullAEAD", func() { - It("selects the right FVN variant", func() { - connID := protocol.ConnectionID([]byte{0x42, 0, 0, 0, 0, 0, 0, 0}) - Expect(NewNullAEAD(protocol.PerspectiveClient, connID, protocol.Version39)).To(Equal(&nullAEADFNV128a{ - perspective: protocol.PerspectiveClient, - })) - Expect(NewNullAEAD(protocol.PerspectiveClient, connID, protocol.VersionTLS)).To(BeAssignableToTypeOf(&aeadAESGCM{})) - }) -}) diff --git a/internal/crypto/server_proof.go b/internal/crypto/server_proof.go deleted file mode 100644 index 456ad32d..00000000 --- a/internal/crypto/server_proof.go +++ /dev/null @@ -1,66 +0,0 @@ -package crypto - -import ( - "crypto" - "crypto/ecdsa" - "crypto/rand" - "crypto/rsa" - "crypto/sha256" - "crypto/tls" - "crypto/x509" - "encoding/asn1" - "errors" - "math/big" -) - -type ecdsaSignature struct { - R, S *big.Int -} - -// signServerProof signs CHLO and server config for use in the server proof -func signServerProof(cert *tls.Certificate, chlo []byte, serverConfigData []byte) ([]byte, error) { - hash := sha256.New() - hash.Write([]byte("QUIC CHLO and server config signature\x00")) - chloHash := sha256.Sum256(chlo) - hash.Write([]byte{32, 0, 0, 0}) - hash.Write(chloHash[:]) - hash.Write(serverConfigData) - - key, ok := cert.PrivateKey.(crypto.Signer) - if !ok { - return nil, errors.New("expected PrivateKey to implement crypto.Signer") - } - - opts := crypto.SignerOpts(crypto.SHA256) - - if _, ok = key.(*rsa.PrivateKey); ok { - opts = &rsa.PSSOptions{SaltLength: 32, Hash: crypto.SHA256} - } - - return key.Sign(rand.Reader, hash.Sum(nil), opts) -} - -// verifyServerProof verifies the server proof signature -func verifyServerProof(proof []byte, cert *x509.Certificate, chlo []byte, serverConfigData []byte) bool { - hash := sha256.New() - hash.Write([]byte("QUIC CHLO and server config signature\x00")) - chloHash := sha256.Sum256(chlo) - hash.Write([]byte{32, 0, 0, 0}) - hash.Write(chloHash[:]) - hash.Write(serverConfigData) - - // RSA - if cert.PublicKeyAlgorithm == x509.RSA { - opts := &rsa.PSSOptions{SaltLength: 32, Hash: crypto.SHA256} - err := rsa.VerifyPSS(cert.PublicKey.(*rsa.PublicKey), crypto.SHA256, hash.Sum(nil), proof, opts) - return err == nil - } - - // ECDSA - signature := &ecdsaSignature{} - rest, err := asn1.Unmarshal(proof, signature) - if err != nil || len(rest) != 0 { - return false - } - return ecdsa.Verify(cert.PublicKey.(*ecdsa.PublicKey), hash.Sum(nil), signature.R, signature.S) -} diff --git a/internal/crypto/server_proof_test.go b/internal/crypto/server_proof_test.go deleted file mode 100644 index aecd63e3..00000000 --- a/internal/crypto/server_proof_test.go +++ /dev/null @@ -1,127 +0,0 @@ -package crypto - -import ( - "crypto" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" - "crypto/rsa" - "crypto/tls" - "crypto/x509" - "encoding/asn1" - "math/big" - - "github.com/lucas-clemente/quic-go/internal/testdata" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Proof", func() { - It("gives valid signatures with the key in internal/testdata", func() { - key := &testdata.GetTLSConfig().Certificates[0] - signature, err := signServerProof(key, []byte{'C', 'H', 'L', 'O'}, []byte{'S', 'C', 'F', 'G'}) - Expect(err).ToNot(HaveOccurred()) - // Generated with: - // ruby -e 'require "digest"; p Digest::SHA256.digest("QUIC CHLO and server config signature\x00" + "\x20\x00\x00\x00" + Digest::SHA256.digest("CHLO") + "SCFG")' - data := []byte("W\xA6\xFC\xDE\xC7\xD2>c\xE6\xB5\xF6\tq\x9E|<~1\xA33\x01\xCA=\x19\xBD\xC1\xE4\xB0\xBA\x9B\x16%") - err = rsa.VerifyPSS(key.PrivateKey.(*rsa.PrivateKey).Public().(*rsa.PublicKey), crypto.SHA256, data, signature, &rsa.PSSOptions{SaltLength: 32}) - Expect(err).ToNot(HaveOccurred()) - }) - - Context("when using RSA", func() { - generateCert := func() (*rsa.PrivateKey, *x509.Certificate) { - key, err := rsa.GenerateKey(rand.Reader, 1024) - Expect(err).NotTo(HaveOccurred()) - - certTemplate := x509.Certificate{SerialNumber: big.NewInt(1)} - certDER, err := x509.CreateCertificate(rand.Reader, &certTemplate, &certTemplate, &key.PublicKey, key) - Expect(err).ToNot(HaveOccurred()) - cert, err := x509.ParseCertificate(certDER) - Expect(err).ToNot(HaveOccurred()) - - return key, cert - } - - It("verifies a signature", func() { - key, cert := generateCert() - chlo := []byte("chlo") - scfg := []byte("scfg") - signature, err := signServerProof(&tls.Certificate{PrivateKey: key}, chlo, scfg) - Expect(err).ToNot(HaveOccurred()) - Expect(verifyServerProof(signature, cert, chlo, scfg)).To(BeTrue()) - }) - - It("rejects invalid signatures", func() { - key, cert := generateCert() - chlo := []byte("client hello") - scfg := []byte("sever config") - signature, err := signServerProof(&tls.Certificate{PrivateKey: key}, chlo, scfg) - Expect(err).ToNot(HaveOccurred()) - Expect(verifyServerProof(append(signature, byte(0x99)), cert, chlo, scfg)).To(BeFalse()) - Expect(verifyServerProof(signature, cert, chlo[:len(chlo)-2], scfg)).To(BeFalse()) - Expect(verifyServerProof(signature, cert, chlo, scfg[:len(scfg)-2])).To(BeFalse()) - }) - }) - - Context("when using ECDSA", func() { - generateCert := func() (*ecdsa.PrivateKey, *x509.Certificate) { - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - Expect(err).NotTo(HaveOccurred()) - - certTemplate := x509.Certificate{SerialNumber: big.NewInt(1)} - certDER, err := x509.CreateCertificate(rand.Reader, &certTemplate, &certTemplate, &key.PublicKey, key) - Expect(err).ToNot(HaveOccurred()) - cert, err := x509.ParseCertificate(certDER) - Expect(err).ToNot(HaveOccurred()) - - return key, cert - } - - It("gives valid signatures", func() { - key, _ := generateCert() - signature, err := signServerProof(&tls.Certificate{PrivateKey: key}, []byte{'C', 'H', 'L', 'O'}, []byte{'S', 'C', 'F', 'G'}) - Expect(err).ToNot(HaveOccurred()) - // Generated with: - // ruby -e 'require "digest"; p Digest::SHA256.digest("QUIC CHLO and server config signature\x00" + "\x20\x00\x00\x00" + Digest::SHA256.digest("CHLO") + "SCFG")' - data := []byte("W\xA6\xFC\xDE\xC7\xD2>c\xE6\xB5\xF6\tq\x9E|<~1\xA33\x01\xCA=\x19\xBD\xC1\xE4\xB0\xBA\x9B\x16%") - s := &ecdsaSignature{} - _, err = asn1.Unmarshal(signature, s) - Expect(err).NotTo(HaveOccurred()) - b := ecdsa.Verify(key.Public().(*ecdsa.PublicKey), data, s.R, s.S) - Expect(b).To(BeTrue()) - }) - - It("verifies a signature", func() { - key, cert := generateCert() - chlo := []byte("chlo") - scfg := []byte("server config") - signature, err := signServerProof(&tls.Certificate{PrivateKey: key}, chlo, scfg) - Expect(err).ToNot(HaveOccurred()) - Expect(verifyServerProof(signature, cert, chlo, scfg)).To(BeTrue()) - }) - - It("rejects invalid signatures", func() { - key, cert := generateCert() - chlo := []byte("client hello") - scfg := []byte("server config") - signature, err := signServerProof(&tls.Certificate{PrivateKey: key}, chlo, scfg) - Expect(err).ToNot(HaveOccurred()) - Expect(verifyServerProof(append(signature, byte(0x99)), cert, chlo, scfg)).To(BeFalse()) - Expect(verifyServerProof(signature, cert, chlo[:len(chlo)-2], scfg)).To(BeFalse()) - Expect(verifyServerProof(signature, cert, chlo, scfg[:len(scfg)-2])).To(BeFalse()) - }) - - It("rejects signatures generated with a different certificate", func() { - key1, cert1 := generateCert() - key2, cert2 := generateCert() - Expect(key1.PublicKey).ToNot(Equal(key2)) - Expect(cert1.Equal(cert2)).To(BeFalse()) - chlo := []byte("chlo") - scfg := []byte("sfcg") - signature, err := signServerProof(&tls.Certificate{PrivateKey: key1}, chlo, scfg) - Expect(err).ToNot(HaveOccurred()) - Expect(verifyServerProof(signature, cert2, chlo, scfg)).To(BeFalse()) - }) - }) -}) diff --git a/internal/flowcontrol/stream_flow_controller.go b/internal/flowcontrol/stream_flow_controller.go index d9878606..2048e9bf 100644 --- a/internal/flowcontrol/stream_flow_controller.go +++ b/internal/flowcontrol/stream_flow_controller.go @@ -16,8 +16,7 @@ type streamFlowController struct { queueWindowUpdate func() - connection connectionFlowControllerI - contributesToConnection bool // does the stream contribute to connection level flow control + connection connectionFlowControllerI receivedFinalOffset bool } @@ -27,7 +26,6 @@ var _ StreamFlowController = &streamFlowController{} // NewStreamFlowController gets a new flow controller for a stream func NewStreamFlowController( streamID protocol.StreamID, - contributesToConnection bool, cfc ConnectionFlowController, receiveWindow protocol.ByteCount, maxReceiveWindow protocol.ByteCount, @@ -37,10 +35,9 @@ func NewStreamFlowController( logger utils.Logger, ) StreamFlowController { return &streamFlowController{ - streamID: streamID, - contributesToConnection: contributesToConnection, - connection: cfc.(connectionFlowControllerI), - queueWindowUpdate: func() { queueWindowUpdate(streamID) }, + streamID: streamID, + connection: cfc.(connectionFlowControllerI), + queueWindowUpdate: func() { queueWindowUpdate(streamID) }, baseFlowController: baseFlowController{ rttStats: rttStats, receiveWindow: receiveWindow, @@ -87,32 +84,21 @@ func (c *streamFlowController) UpdateHighestReceived(byteOffset protocol.ByteCou if c.checkFlowControlViolation() { return qerr.Error(qerr.FlowControlReceivedTooMuchData, fmt.Sprintf("Received %d bytes on stream %d, allowed %d bytes", byteOffset, c.streamID, c.receiveWindow)) } - if c.contributesToConnection { - return c.connection.IncrementHighestReceived(increment) - } - return nil + return c.connection.IncrementHighestReceived(increment) } func (c *streamFlowController) AddBytesRead(n protocol.ByteCount) { c.baseFlowController.AddBytesRead(n) - if c.contributesToConnection { - c.connection.AddBytesRead(n) - } + c.connection.AddBytesRead(n) } func (c *streamFlowController) AddBytesSent(n protocol.ByteCount) { c.baseFlowController.AddBytesSent(n) - if c.contributesToConnection { - c.connection.AddBytesSent(n) - } + c.connection.AddBytesSent(n) } func (c *streamFlowController) SendWindowSize() protocol.ByteCount { - window := c.baseFlowController.sendWindowSize() - if c.contributesToConnection { - window = utils.MinByteCount(window, c.connection.SendWindowSize()) - } - return window + return utils.MinByteCount(c.baseFlowController.sendWindowSize(), c.connection.SendWindowSize()) } func (c *streamFlowController) MaybeQueueWindowUpdate() { @@ -122,9 +108,7 @@ func (c *streamFlowController) MaybeQueueWindowUpdate() { if hasWindowUpdate { c.queueWindowUpdate() } - if c.contributesToConnection { - c.connection.MaybeQueueWindowUpdate() - } + c.connection.MaybeQueueWindowUpdate() } func (c *streamFlowController) GetWindowUpdate() protocol.ByteCount { @@ -140,9 +124,7 @@ func (c *streamFlowController) GetWindowUpdate() protocol.ByteCount { offset := c.baseFlowController.getWindowUpdate() if c.receiveWindowSize > oldWindowSize { // auto-tuning enlarged the window size c.logger.Debugf("Increasing receive flow control window for stream %d to %d kB", c.streamID, c.receiveWindowSize/(1<<10)) - if c.contributesToConnection { - c.connection.EnsureMinimumWindowSize(protocol.ByteCount(float64(c.receiveWindowSize) * protocol.ConnectionFlowControlMultiplier)) - } + c.connection.EnsureMinimumWindowSize(protocol.ByteCount(float64(c.receiveWindowSize) * protocol.ConnectionFlowControlMultiplier)) } c.mutex.Unlock() return offset diff --git a/internal/flowcontrol/stream_flow_controller_test.go b/internal/flowcontrol/stream_flow_controller_test.go index 83dcbb0e..3c364005 100644 --- a/internal/flowcontrol/stream_flow_controller_test.go +++ b/internal/flowcontrol/stream_flow_controller_test.go @@ -40,12 +40,11 @@ var _ = Describe("Stream Flow controller", func() { It("sets the send and receive windows", func() { cc := NewConnectionFlowController(0, 0, nil, nil, utils.DefaultLogger) - fc := NewStreamFlowController(5, true, cc, receiveWindow, maxReceiveWindow, sendWindow, nil, rttStats, utils.DefaultLogger).(*streamFlowController) + fc := NewStreamFlowController(5, cc, receiveWindow, maxReceiveWindow, sendWindow, nil, rttStats, utils.DefaultLogger).(*streamFlowController) Expect(fc.streamID).To(Equal(protocol.StreamID(5))) Expect(fc.receiveWindow).To(Equal(receiveWindow)) Expect(fc.maxReceiveWindowSize).To(Equal(maxReceiveWindow)) Expect(fc.sendWindow).To(Equal(sendWindow)) - Expect(fc.contributesToConnection).To(BeTrue()) }) It("queues window updates with the correction stream ID", func() { @@ -56,7 +55,7 @@ var _ = Describe("Stream Flow controller", func() { } cc := NewConnectionFlowController(0, 0, nil, nil, utils.DefaultLogger) - fc := NewStreamFlowController(5, true, cc, receiveWindow, maxReceiveWindow, sendWindow, queueWindowUpdate, rttStats, utils.DefaultLogger).(*streamFlowController) + fc := NewStreamFlowController(5, cc, receiveWindow, maxReceiveWindow, sendWindow, queueWindowUpdate, rttStats, utils.DefaultLogger).(*streamFlowController) fc.AddBytesRead(receiveWindow) fc.MaybeQueueWindowUpdate() Expect(queued).To(BeTrue()) @@ -82,21 +81,12 @@ var _ = Describe("Stream Flow controller", func() { It("informs the connection flow controller about received data", func() { controller.highestReceived = 10 - controller.contributesToConnection = true controller.connection.(*connectionFlowController).highestReceived = 100 err := controller.UpdateHighestReceived(20, false) Expect(err).ToNot(HaveOccurred()) Expect(controller.connection.(*connectionFlowController).highestReceived).To(Equal(protocol.ByteCount(100 + 10))) }) - It("doesn't informs the connection flow controller about received data if it doesn't contribute", func() { - controller.highestReceived = 10 - controller.connection.(*connectionFlowController).highestReceived = 100 - err := controller.UpdateHighestReceived(20, false) - Expect(err).ToNot(HaveOccurred()) - Expect(controller.connection.(*connectionFlowController).highestReceived).To(Equal(protocol.ByteCount(100))) - }) - It("does not decrease the highestReceived", func() { controller.highestReceived = 1337 err := controller.UpdateHighestReceived(1000, false) @@ -111,6 +101,7 @@ var _ = Describe("Stream Flow controller", func() { }) It("does not give a flow control violation when using the window completely", func() { + controller.connection.(*connectionFlowController).receiveWindow = receiveWindow err := controller.UpdateHighestReceived(receiveWindow, false) Expect(err).ToNot(HaveOccurred()) }) @@ -163,19 +154,10 @@ var _ = Describe("Stream Flow controller", func() { }) }) - Context("registering data read", func() { - It("saves when data is read, on a stream not contributing to the connection", func() { - controller.AddBytesRead(100) - Expect(controller.bytesRead).To(Equal(protocol.ByteCount(100))) - Expect(controller.connection.(*connectionFlowController).bytesRead).To(BeZero()) - }) - - It("saves when data is read, on a stream not contributing to the connection", func() { - controller.contributesToConnection = true - controller.AddBytesRead(200) - Expect(controller.bytesRead).To(Equal(protocol.ByteCount(200))) - Expect(controller.connection.(*connectionFlowController).bytesRead).To(Equal(protocol.ByteCount(200))) - }) + It("saves when data is read", func() { + controller.AddBytesRead(200) + Expect(controller.bytesRead).To(Equal(protocol.ByteCount(200))) + Expect(controller.connection.(*connectionFlowController).bytesRead).To(Equal(protocol.ByteCount(200))) }) Context("generating window updates", func() { @@ -209,7 +191,6 @@ var _ = Describe("Stream Flow controller", func() { }) It("queues connection-level window updates", func() { - controller.contributesToConnection = true controller.MaybeQueueWindowUpdate() Expect(queuedConnWindowUpdate).To(BeFalse()) controller.AddBytesRead(60) @@ -219,7 +200,6 @@ var _ = Describe("Stream Flow controller", func() { It("tells the connection flow controller when the window was autotuned", func() { oldOffset := controller.bytesRead - controller.contributesToConnection = true setRtt(scaleDuration(20 * time.Millisecond)) controller.epochStartOffset = oldOffset controller.epochStartTime = time.Now().Add(-time.Millisecond) @@ -230,19 +210,6 @@ var _ = Describe("Stream Flow controller", func() { Expect(controller.connection.(*connectionFlowController).receiveWindowSize).To(Equal(protocol.ByteCount(float64(controller.receiveWindowSize) * protocol.ConnectionFlowControlMultiplier))) }) - It("doesn't tell the connection flow controller if it doesn't contribute", func() { - oldOffset := controller.bytesRead - controller.contributesToConnection = false - setRtt(scaleDuration(20 * time.Millisecond)) - controller.epochStartOffset = oldOffset - controller.epochStartTime = time.Now().Add(-time.Millisecond) - controller.AddBytesRead(55) - offset := controller.GetWindowUpdate() - Expect(offset).ToNot(BeZero()) - Expect(controller.receiveWindowSize).To(Equal(2 * oldWindowSize)) - Expect(controller.connection.(*connectionFlowController).receiveWindowSize).To(Equal(protocol.ByteCount(2 * oldWindowSize))) // unchanged - }) - It("doesn't increase the window after a final offset was already received", func() { controller.AddBytesRead(30) err := controller.UpdateHighestReceived(90, true) @@ -257,20 +224,13 @@ var _ = Describe("Stream Flow controller", func() { Context("sending data", func() { It("gets the size of the send window", func() { + controller.connection.UpdateSendWindow(1000) controller.UpdateSendWindow(15) controller.AddBytesSent(5) Expect(controller.SendWindowSize()).To(Equal(protocol.ByteCount(10))) }) - It("doesn't care about the connection-level window, if it doesn't contribute", func() { - controller.UpdateSendWindow(15) - controller.connection.UpdateSendWindow(1) - controller.AddBytesSent(5) - Expect(controller.SendWindowSize()).To(Equal(protocol.ByteCount(10))) - }) - It("makes sure that it doesn't overflow the connection-level window", func() { - controller.contributesToConnection = true controller.connection.UpdateSendWindow(12) controller.UpdateSendWindow(20) controller.AddBytesSent(10) @@ -278,7 +238,6 @@ var _ = Describe("Stream Flow controller", func() { }) It("doesn't say that it's blocked, if only the connection is blocked", func() { - controller.contributesToConnection = true controller.connection.UpdateSendWindow(50) controller.UpdateSendWindow(100) controller.AddBytesSent(50) diff --git a/internal/handshake/crypto_setup_tls.go b/internal/handshake/crypto_setup.go similarity index 87% rename from internal/handshake/crypto_setup_tls.go rename to internal/handshake/crypto_setup.go index ee8ee823..b68e3413 100644 --- a/internal/handshake/crypto_setup_tls.go +++ b/internal/handshake/crypto_setup.go @@ -46,7 +46,7 @@ func (m messageType) String() string { } } -type cryptoSetupTLS struct { +type cryptoSetup struct { tlsConf *qtls.Config messageChan chan []byte @@ -92,8 +92,8 @@ type cryptoSetupTLS struct { perspective protocol.Perspective } -var _ qtls.RecordLayer = &cryptoSetupTLS{} -var _ CryptoSetupTLS = &cryptoSetupTLS{} +var _ qtls.RecordLayer = &cryptoSetup{} +var _ CryptoSetup = &cryptoSetup{} type versionInfo struct { initialVersion protocol.VersionNumber @@ -101,8 +101,8 @@ type versionInfo struct { currentVersion protocol.VersionNumber } -// NewCryptoSetupTLSClient creates a new TLS crypto setup for the client -func NewCryptoSetupTLSClient( +// NewCryptoSetupClient creates a new crypto setup for the client +func NewCryptoSetupClient( initialStream io.Writer, handshakeStream io.Writer, connID protocol.ConnectionID, @@ -114,8 +114,8 @@ func NewCryptoSetupTLSClient( currentVersion protocol.VersionNumber, logger utils.Logger, perspective protocol.Perspective, -) (CryptoSetupTLS, <-chan struct{} /* ClientHello written */, error) { - return newCryptoSetupTLS( +) (CryptoSetup, <-chan struct{} /* ClientHello written */, error) { + return newCryptoSetup( initialStream, handshakeStream, connID, @@ -132,8 +132,8 @@ func NewCryptoSetupTLSClient( ) } -// NewCryptoSetupTLSServer creates a new TLS crypto setup for the server -func NewCryptoSetupTLSServer( +// NewCryptoSetupServer creates a new crypto setup for the server +func NewCryptoSetupServer( initialStream io.Writer, handshakeStream io.Writer, connID protocol.ConnectionID, @@ -144,8 +144,8 @@ func NewCryptoSetupTLSServer( currentVersion protocol.VersionNumber, logger utils.Logger, perspective protocol.Perspective, -) (CryptoSetupTLS, error) { - cs, _, err := newCryptoSetupTLS( +) (CryptoSetup, error) { + cs, _, err := newCryptoSetup( initialStream, handshakeStream, connID, @@ -162,7 +162,7 @@ func NewCryptoSetupTLSServer( return cs, err } -func newCryptoSetupTLS( +func newCryptoSetup( initialStream io.Writer, handshakeStream io.Writer, connID protocol.ConnectionID, @@ -172,12 +172,12 @@ func newCryptoSetupTLS( versionInfo versionInfo, logger utils.Logger, perspective protocol.Perspective, -) (CryptoSetupTLS, <-chan struct{} /* ClientHello written */, error) { - initialAEAD, err := crypto.NewNullAEAD(perspective, connID, protocol.VersionTLS) +) (CryptoSetup, <-chan struct{} /* ClientHello written */, error) { + initialAEAD, err := crypto.NewNullAEAD(connID, perspective) if err != nil { return nil, nil, err } - cs := &cryptoSetupTLS{ + cs := &cryptoSetup{ initialStream: initialStream, initialAEAD: initialAEAD, handshakeStream: handshakeStream, @@ -221,7 +221,7 @@ func newCryptoSetupTLS( return cs, cs.clientHelloWrittenChan, nil } -func (h *cryptoSetupTLS) RunHandshake() error { +func (h *cryptoSetup) RunHandshake() error { var conn *qtls.Conn switch h.perspective { case protocol.PerspectiveClient: @@ -264,7 +264,7 @@ func (h *cryptoSetupTLS) RunHandshake() error { } } -func (h *cryptoSetupTLS) Close() error { +func (h *cryptoSetup) Close() error { close(h.closeChan) // wait until qtls.Handshake() actually returned <-h.handshakeDone @@ -274,7 +274,7 @@ func (h *cryptoSetupTLS) Close() error { // handleMessage handles a TLS handshake message. // It is called by the crypto streams when a new message is available. // It returns if it is done with messages on the same encryption level. -func (h *cryptoSetupTLS) HandleMessage(data []byte, encLevel protocol.EncryptionLevel) bool /* stream finished */ { +func (h *cryptoSetup) HandleMessage(data []byte, encLevel protocol.EncryptionLevel) bool /* stream finished */ { msgType := messageType(data[0]) h.logger.Debugf("Received %s message (%d bytes, encryption level: %s)", msgType, len(data), encLevel) if err := h.checkEncryptionLevel(msgType, encLevel); err != nil { @@ -292,7 +292,7 @@ func (h *cryptoSetupTLS) HandleMessage(data []byte, encLevel protocol.Encryption } } -func (h *cryptoSetupTLS) checkEncryptionLevel(msgType messageType, encLevel protocol.EncryptionLevel) error { +func (h *cryptoSetup) checkEncryptionLevel(msgType messageType, encLevel protocol.EncryptionLevel) error { var expected protocol.EncryptionLevel switch msgType { case typeClientHello, @@ -313,7 +313,7 @@ func (h *cryptoSetupTLS) checkEncryptionLevel(msgType messageType, encLevel prot return nil } -func (h *cryptoSetupTLS) handleMessageForServer(msgType messageType) bool { +func (h *cryptoSetup) handleMessageForServer(msgType messageType) bool { switch msgType { case typeClientHello: select { @@ -358,7 +358,7 @@ func (h *cryptoSetupTLS) handleMessageForServer(msgType messageType) bool { } } -func (h *cryptoSetupTLS) handleMessageForClient(msgType messageType) bool { +func (h *cryptoSetup) handleMessageForClient(msgType messageType) bool { switch msgType { case typeServerHello: // get the handshake read key @@ -408,7 +408,7 @@ func (h *cryptoSetupTLS) handleMessageForClient(msgType messageType) bool { // ReadHandshakeMessage is called by TLS. // It blocks until a new handshake message is available. -func (h *cryptoSetupTLS) ReadHandshakeMessage() ([]byte, error) { +func (h *cryptoSetup) ReadHandshakeMessage() ([]byte, error) { // TODO: add some error handling here (when the session is closed) msg, ok := <-h.messageChan if !ok { @@ -417,7 +417,7 @@ func (h *cryptoSetupTLS) ReadHandshakeMessage() ([]byte, error) { return msg, nil } -func (h *cryptoSetupTLS) SetReadKey(suite *qtls.CipherSuite, trafficSecret []byte) { +func (h *cryptoSetup) SetReadKey(suite *qtls.CipherSuite, trafficSecret []byte) { key := crypto.HkdfExpandLabel(suite.Hash(), trafficSecret, "key", suite.KeyLen()) iv := crypto.HkdfExpandLabel(suite.Hash(), trafficSecret, "iv", suite.IVLen()) opener := newOpener(suite.AEAD(key, iv), iv) @@ -437,7 +437,7 @@ func (h *cryptoSetupTLS) SetReadKey(suite *qtls.CipherSuite, trafficSecret []byt h.receivedReadKey <- struct{}{} } -func (h *cryptoSetupTLS) SetWriteKey(suite *qtls.CipherSuite, trafficSecret []byte) { +func (h *cryptoSetup) SetWriteKey(suite *qtls.CipherSuite, trafficSecret []byte) { key := crypto.HkdfExpandLabel(suite.Hash(), trafficSecret, "key", suite.KeyLen()) iv := crypto.HkdfExpandLabel(suite.Hash(), trafficSecret, "iv", suite.IVLen()) sealer := newSealer(suite.AEAD(key, iv), iv) @@ -458,7 +458,7 @@ func (h *cryptoSetupTLS) SetWriteKey(suite *qtls.CipherSuite, trafficSecret []by } // WriteRecord is called when TLS writes data -func (h *cryptoSetupTLS) WriteRecord(p []byte) (int, error) { +func (h *cryptoSetup) WriteRecord(p []byte) (int, error) { switch h.writeEncLevel { case protocol.EncryptionInitial: // assume that the first WriteRecord call contains the ClientHello @@ -475,7 +475,7 @@ func (h *cryptoSetupTLS) WriteRecord(p []byte) (int, error) { } } -func (h *cryptoSetupTLS) GetSealer() (protocol.EncryptionLevel, Sealer) { +func (h *cryptoSetup) GetSealer() (protocol.EncryptionLevel, Sealer) { if h.sealer != nil { return protocol.Encryption1RTT, h.sealer } @@ -485,7 +485,7 @@ func (h *cryptoSetupTLS) GetSealer() (protocol.EncryptionLevel, Sealer) { return protocol.EncryptionInitial, h.initialAEAD } -func (h *cryptoSetupTLS) GetSealerWithEncryptionLevel(level protocol.EncryptionLevel) (Sealer, error) { +func (h *cryptoSetup) GetSealerWithEncryptionLevel(level protocol.EncryptionLevel) (Sealer, error) { errNoSealer := fmt.Errorf("CryptoSetup: no sealer with encryption level %s", level.String()) switch level { @@ -506,25 +506,25 @@ func (h *cryptoSetupTLS) GetSealerWithEncryptionLevel(level protocol.EncryptionL } } -func (h *cryptoSetupTLS) OpenInitial(dst, src []byte, pn protocol.PacketNumber, ad []byte) ([]byte, error) { +func (h *cryptoSetup) OpenInitial(dst, src []byte, pn protocol.PacketNumber, ad []byte) ([]byte, error) { return h.initialAEAD.Open(dst, src, pn, ad) } -func (h *cryptoSetupTLS) OpenHandshake(dst, src []byte, pn protocol.PacketNumber, ad []byte) ([]byte, error) { +func (h *cryptoSetup) OpenHandshake(dst, src []byte, pn protocol.PacketNumber, ad []byte) ([]byte, error) { if h.handshakeOpener == nil { return nil, errors.New("no handshake opener") } return h.handshakeOpener.Open(dst, src, pn, ad) } -func (h *cryptoSetupTLS) Open1RTT(dst, src []byte, pn protocol.PacketNumber, ad []byte) ([]byte, error) { +func (h *cryptoSetup) Open1RTT(dst, src []byte, pn protocol.PacketNumber, ad []byte) ([]byte, error) { if h.opener == nil { return nil, errors.New("no 1-RTT opener") } return h.opener.Open(dst, src, pn, ad) } -func (h *cryptoSetupTLS) ConnectionState() ConnectionState { +func (h *cryptoSetup) ConnectionState() ConnectionState { // TODO: return the connection state return ConnectionState{} } diff --git a/internal/handshake/crypto_setup_client.go b/internal/handshake/crypto_setup_client.go deleted file mode 100644 index 8edf5b7c..00000000 --- a/internal/handshake/crypto_setup_client.go +++ /dev/null @@ -1,545 +0,0 @@ -package handshake - -import ( - "bytes" - "crypto/rand" - "crypto/tls" - "encoding/binary" - "errors" - "fmt" - "io" - "sync" - "time" - - "github.com/lucas-clemente/quic-go/internal/crypto" - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/utils" - "github.com/lucas-clemente/quic-go/qerr" -) - -type cryptoSetupClient struct { - mutex sync.RWMutex - - hostname string - connID protocol.ConnectionID - version protocol.VersionNumber - initialVersion protocol.VersionNumber - negotiatedVersions []protocol.VersionNumber - - cryptoStream io.ReadWriter - - serverConfig *serverConfigClient - - stk []byte - sno []byte - nonc []byte - proof []byte - chloForSignature []byte - lastSentCHLO []byte - certManager crypto.CertManager - - divNonceChan chan struct{} - diversificationNonce []byte - - clientHelloCounter int - serverVerified bool // has the certificate chain and the proof already been verified - keyDerivation QuicCryptoKeyDerivationFunction - - receivedSecurePacket bool - nullAEAD crypto.AEAD - secureAEAD crypto.AEAD - forwardSecureAEAD crypto.AEAD - - paramsChan chan<- TransportParameters - handshakeEvent chan<- struct{} - handshakeComplete chan<- struct{} - - params *TransportParameters - - logger utils.Logger -} - -var _ CryptoSetup = &cryptoSetupClient{} - -var ( - errNoObitForClientNonce = errors.New("CryptoSetup BUG: No OBIT for client nonce available") - errClientNonceAlreadyExists = errors.New("CryptoSetup BUG: A client nonce was already generated") - errConflictingDiversificationNonces = errors.New("Received two different diversification nonces") -) - -// NewCryptoSetupClient creates a new CryptoSetup instance for a client -func NewCryptoSetupClient( - cryptoStream io.ReadWriter, - connID protocol.ConnectionID, - version protocol.VersionNumber, - tlsConf *tls.Config, - params *TransportParameters, - paramsChan chan<- TransportParameters, - handshakeEvent chan<- struct{}, - handshakeComplete chan<- struct{}, - initialVersion protocol.VersionNumber, - negotiatedVersions []protocol.VersionNumber, - logger utils.Logger, -) (CryptoSetup, error) { - nullAEAD, err := crypto.NewNullAEAD(protocol.PerspectiveClient, connID, version) - if err != nil { - return nil, err - } - divNonceChan := make(chan struct{}) - cs := &cryptoSetupClient{ - cryptoStream: cryptoStream, - hostname: tlsConf.ServerName, - connID: connID, - version: version, - certManager: crypto.NewCertManager(tlsConf), - params: params, - keyDerivation: crypto.DeriveQuicCryptoAESKeys, - nullAEAD: nullAEAD, - paramsChan: paramsChan, - handshakeEvent: handshakeEvent, - handshakeComplete: handshakeComplete, - initialVersion: initialVersion, - // The server might have sent greased versions in the Version Negotiation packet. - // We need strip those from the list, since they won't be included in the handshake tag. - negotiatedVersions: protocol.StripGreasedVersions(negotiatedVersions), - divNonceChan: divNonceChan, - logger: logger, - } - return cs, nil -} - -func (h *cryptoSetupClient) RunHandshake() error { - messageChan := make(chan HandshakeMessage) - errorChan := make(chan error, 1) - - go func() { - for { - message, err := ParseHandshakeMessage(h.cryptoStream) - if err != nil { - errorChan <- qerr.Error(qerr.HandshakeFailed, err.Error()) - return - } - messageChan <- message - } - }() - - for { - if err := h.maybeUpgradeCrypto(); err != nil { - return err - } - - h.mutex.RLock() - sendCHLO := h.secureAEAD == nil - h.mutex.RUnlock() - if sendCHLO { - if err := h.sendCHLO(); err != nil { - return err - } - } - - var message HandshakeMessage - select { - case <-h.divNonceChan: - // there's no message to process, but we should try upgrading the crypto again - continue - case message = <-messageChan: - case err := <-errorChan: - return err - } - - h.logger.Debugf("Got %s", message) - switch message.Tag { - case TagREJ: - if err := h.handleREJMessage(message.Data); err != nil { - return err - } - case TagSHLO: - params, err := h.handleSHLOMessage(message.Data) - if err != nil { - return err - } - // blocks until the session has received the parameters - h.paramsChan <- *params - h.handshakeEvent <- struct{}{} - close(h.handshakeComplete) - default: - return qerr.InvalidCryptoMessageType - } - } -} - -func (h *cryptoSetupClient) handleREJMessage(cryptoData map[Tag][]byte) error { - var err error - - if stk, ok := cryptoData[TagSTK]; ok { - h.stk = stk - } - - if sno, ok := cryptoData[TagSNO]; ok { - h.sno = sno - } - - // TODO: what happens if the server sends a different server config in two packets? - if scfg, ok := cryptoData[TagSCFG]; ok { - h.serverConfig, err = parseServerConfig(scfg) - if err != nil { - return err - } - - if h.serverConfig.IsExpired() { - return qerr.CryptoServerConfigExpired - } - - // now that we have a server config, we can use its OBIT value to generate a client nonce - if len(h.nonc) == 0 { - err = h.generateClientNonce() - if err != nil { - return err - } - } - } - - if proof, ok := cryptoData[TagPROF]; ok { - h.proof = proof - h.chloForSignature = h.lastSentCHLO - } - - if crt, ok := cryptoData[TagCERT]; ok { - err := h.certManager.SetData(crt) - if err != nil { - return qerr.Error(qerr.InvalidCryptoMessageParameter, "Certificate data invalid") - } - - err = h.certManager.Verify(h.hostname) - if err != nil { - h.logger.Infof("Certificate validation failed: %s", err.Error()) - return qerr.ProofInvalid - } - } - - if h.serverConfig != nil && len(h.proof) != 0 && h.certManager.GetLeafCert() != nil { - validProof := h.certManager.VerifyServerProof(h.proof, h.chloForSignature, h.serverConfig.Get()) - if !validProof { - h.logger.Infof("Server proof verification failed") - return qerr.ProofInvalid - } - - h.serverVerified = true - } - - return nil -} - -func (h *cryptoSetupClient) handleSHLOMessage(cryptoData map[Tag][]byte) (*TransportParameters, error) { - h.mutex.Lock() - defer h.mutex.Unlock() - - if !h.receivedSecurePacket { - return nil, qerr.Error(qerr.CryptoEncryptionLevelIncorrect, "unencrypted SHLO message") - } - - if sno, ok := cryptoData[TagSNO]; ok { - h.sno = sno - } - - serverPubs, ok := cryptoData[TagPUBS] - if !ok { - return nil, qerr.Error(qerr.CryptoMessageParameterNotFound, "PUBS") - } - - verTag, ok := cryptoData[TagVER] - if !ok { - return nil, qerr.Error(qerr.InvalidCryptoMessageParameter, "server hello missing version list") - } - if !h.validateVersionList(verTag) { - return nil, qerr.Error(qerr.VersionNegotiationMismatch, "Downgrade attack detected") - } - - nonce := append(h.nonc, h.sno...) - - ephermalSharedSecret, err := h.serverConfig.kex.CalculateSharedKey(serverPubs) - if err != nil { - return nil, err - } - - leafCert := h.certManager.GetLeafCert() - - h.forwardSecureAEAD, err = h.keyDerivation( - true, - ephermalSharedSecret, - nonce, - h.connID, - h.lastSentCHLO, - h.serverConfig.Get(), - leafCert, - nil, - protocol.PerspectiveClient, - ) - if err != nil { - return nil, err - } - h.logger.Debugf("Creating AEAD for forward-secure encryption. Stopping to accept all lower encryption levels.") - - params, err := readHelloMap(cryptoData) - if err != nil { - return nil, qerr.InvalidCryptoMessageParameter - } - return params, nil -} - -func (h *cryptoSetupClient) validateVersionList(verTags []byte) bool { - numNegotiatedVersions := len(h.negotiatedVersions) - if numNegotiatedVersions == 0 { - return true - } - if len(verTags)%4 != 0 || len(verTags)/4 != numNegotiatedVersions { - return false - } - - b := bytes.NewReader(verTags) - for i := 0; i < numNegotiatedVersions; i++ { - v, err := utils.BigEndian.ReadUint32(b) - if err != nil { // should never occur, since the length was already checked - return false - } - if protocol.VersionNumber(v) != h.negotiatedVersions[i] { - return false - } - } - return true -} - -func (h *cryptoSetupClient) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel, error) { - h.mutex.RLock() - defer h.mutex.RUnlock() - - if h.forwardSecureAEAD != nil { - data, err := h.forwardSecureAEAD.Open(dst, src, packetNumber, associatedData) - if err == nil { - return data, protocol.EncryptionForwardSecure, nil - } - return nil, protocol.EncryptionUnspecified, err - } - - if h.secureAEAD != nil { - data, err := h.secureAEAD.Open(dst, src, packetNumber, associatedData) - if err == nil { - h.logger.Debugf("Received first secure packet. Stopping to accept unencrypted packets.") - h.receivedSecurePacket = true - return data, protocol.EncryptionSecure, nil - } - if h.receivedSecurePacket { - return nil, protocol.EncryptionUnspecified, err - } - } - res, err := h.nullAEAD.Open(dst, src, packetNumber, associatedData) - if err != nil { - return nil, protocol.EncryptionUnspecified, err - } - return res, protocol.EncryptionUnencrypted, nil -} - -func (h *cryptoSetupClient) GetSealer() (protocol.EncryptionLevel, Sealer) { - h.mutex.RLock() - defer h.mutex.RUnlock() - if h.forwardSecureAEAD != nil { - return protocol.EncryptionForwardSecure, h.forwardSecureAEAD - } else if h.secureAEAD != nil { - return protocol.EncryptionSecure, h.secureAEAD - } else { - return protocol.EncryptionUnencrypted, h.nullAEAD - } -} - -func (h *cryptoSetupClient) GetSealerForCryptoStream() (protocol.EncryptionLevel, Sealer) { - return protocol.EncryptionUnencrypted, h.nullAEAD -} - -func (h *cryptoSetupClient) GetSealerWithEncryptionLevel(encLevel protocol.EncryptionLevel) (Sealer, error) { - h.mutex.RLock() - defer h.mutex.RUnlock() - - switch encLevel { - case protocol.EncryptionUnencrypted: - return h.nullAEAD, nil - case protocol.EncryptionSecure: - if h.secureAEAD == nil { - return nil, errors.New("CryptoSetupClient: no secureAEAD") - } - return h.secureAEAD, nil - case protocol.EncryptionForwardSecure: - if h.forwardSecureAEAD == nil { - return nil, errors.New("CryptoSetupClient: no forwardSecureAEAD") - } - return h.forwardSecureAEAD, nil - } - return nil, errors.New("CryptoSetupClient: no encryption level specified") -} - -func (h *cryptoSetupClient) ConnectionState() ConnectionState { - h.mutex.Lock() - defer h.mutex.Unlock() - return ConnectionState{ - HandshakeComplete: h.forwardSecureAEAD != nil, - PeerCertificates: h.certManager.GetChain(), - } -} - -func (h *cryptoSetupClient) SetDiversificationNonce(divNonce []byte) error { - h.mutex.Lock() - if len(h.diversificationNonce) > 0 { - defer h.mutex.Unlock() - if !bytes.Equal(h.diversificationNonce, divNonce) { - return errConflictingDiversificationNonces - } - return nil - } - h.diversificationNonce = divNonce - h.mutex.Unlock() - h.divNonceChan <- struct{}{} - return nil -} - -func (h *cryptoSetupClient) sendCHLO() error { - h.clientHelloCounter++ - if h.clientHelloCounter > protocol.MaxClientHellos { - return qerr.Error(qerr.CryptoTooManyRejects, fmt.Sprintf("More than %d rejects", protocol.MaxClientHellos)) - } - - b := &bytes.Buffer{} - - tags, err := h.getTags() - if err != nil { - return err - } - h.addPadding(tags) - message := HandshakeMessage{ - Tag: TagCHLO, - Data: tags, - } - - h.logger.Debugf("Sending %s", message) - message.Write(b) - - _, err = h.cryptoStream.Write(b.Bytes()) - if err != nil { - return err - } - - h.lastSentCHLO = b.Bytes() - return nil -} - -func (h *cryptoSetupClient) getTags() (map[Tag][]byte, error) { - tags := h.params.getHelloMap() - tags[TagSNI] = []byte(h.hostname) - tags[TagPDMD] = []byte("X509") - - ccs := h.certManager.GetCommonCertificateHashes() - if len(ccs) > 0 { - tags[TagCCS] = ccs - } - - versionTag := make([]byte, 4) - binary.BigEndian.PutUint32(versionTag, uint32(h.initialVersion)) - tags[TagVER] = versionTag - - if len(h.stk) > 0 { - tags[TagSTK] = h.stk - } - if len(h.sno) > 0 { - tags[TagSNO] = h.sno - } - - if h.serverConfig != nil { - tags[TagSCID] = h.serverConfig.ID - - leafCert := h.certManager.GetLeafCert() - if leafCert != nil { - certHash, _ := h.certManager.GetLeafCertHash() - xlct := make([]byte, 8) - binary.LittleEndian.PutUint64(xlct, certHash) - - tags[TagNONC] = h.nonc - tags[TagXLCT] = xlct - tags[TagKEXS] = []byte("C255") - tags[TagAEAD] = []byte("AESG") - tags[TagPUBS] = h.serverConfig.kex.PublicKey() // TODO: check if 3 bytes need to be prepended - } - } - - return tags, nil -} - -// add a TagPAD to a tagMap, such that the total size will be bigger than the ClientHelloMinimumSize -func (h *cryptoSetupClient) addPadding(tags map[Tag][]byte) { - var size int - for _, tag := range tags { - size += 8 + len(tag) // 4 bytes for the tag + 4 bytes for the offset + the length of the data - } - paddingSize := protocol.MinClientHelloSize - size - if paddingSize > 0 { - tags[TagPAD] = bytes.Repeat([]byte{0}, paddingSize) - } -} - -func (h *cryptoSetupClient) maybeUpgradeCrypto() error { - if !h.serverVerified { - return nil - } - - h.mutex.Lock() - defer h.mutex.Unlock() - - leafCert := h.certManager.GetLeafCert() - if h.secureAEAD == nil && (h.serverConfig != nil && len(h.serverConfig.sharedSecret) > 0 && len(h.nonc) > 0 && len(leafCert) > 0 && len(h.diversificationNonce) > 0 && len(h.lastSentCHLO) > 0) { - var err error - var nonce []byte - if h.sno == nil { - nonce = h.nonc - } else { - nonce = append(h.nonc, h.sno...) - } - - h.secureAEAD, err = h.keyDerivation( - false, - h.serverConfig.sharedSecret, - nonce, - h.connID, - h.lastSentCHLO, - h.serverConfig.Get(), - leafCert, - h.diversificationNonce, - protocol.PerspectiveClient, - ) - if err != nil { - return err - } - h.logger.Debugf("Creating AEAD for secure encryption.") - h.handshakeEvent <- struct{}{} - } - return nil -} - -func (h *cryptoSetupClient) generateClientNonce() error { - if len(h.nonc) > 0 { - return errClientNonceAlreadyExists - } - - nonc := make([]byte, 32) - binary.BigEndian.PutUint32(nonc, uint32(time.Now().Unix())) - - if len(h.serverConfig.obit) != 8 { - return errNoObitForClientNonce - } - - copy(nonc[4:12], h.serverConfig.obit) - - _, err := rand.Read(nonc[12:]) - if err != nil { - return err - } - - h.nonc = nonc - return nil -} diff --git a/internal/handshake/crypto_setup_client_test.go b/internal/handshake/crypto_setup_client_test.go deleted file mode 100644 index d8f51dde..00000000 --- a/internal/handshake/crypto_setup_client_test.go +++ /dev/null @@ -1,1014 +0,0 @@ -package handshake - -import ( - "bytes" - "crypto/tls" - "crypto/x509" - "encoding/binary" - "errors" - "fmt" - "time" - - "github.com/lucas-clemente/quic-go/internal/crypto" - "github.com/lucas-clemente/quic-go/internal/mocks/crypto" - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/testdata" - "github.com/lucas-clemente/quic-go/internal/utils" - "github.com/lucas-clemente/quic-go/qerr" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -type keyDerivationValues struct { - forwardSecure bool - sharedSecret []byte - nonces []byte - connID protocol.ConnectionID - chlo []byte - scfg []byte - cert []byte - divNonce []byte - pers protocol.Perspective -} - -type mockCertManager struct { - setDataCalledWith []byte - setDataError error - - commonCertificateHashes []byte - - chain []*x509.Certificate - - leafCert []byte - leafCertHash uint64 - leafCertHashError error - - verifyServerProofResult bool - verifyServerProofCalled bool - - verifyError error - verifyCalled bool -} - -var _ crypto.CertManager = &mockCertManager{} - -func (m *mockCertManager) SetData(data []byte) error { - m.setDataCalledWith = data - return m.setDataError -} - -func (m *mockCertManager) GetCommonCertificateHashes() []byte { - return m.commonCertificateHashes -} - -func (m *mockCertManager) GetLeafCert() []byte { - return m.leafCert -} - -func (m *mockCertManager) GetLeafCertHash() (uint64, error) { - return m.leafCertHash, m.leafCertHashError -} - -func (m *mockCertManager) VerifyServerProof(proof, chlo, serverConfigData []byte) bool { - m.verifyServerProofCalled = true - return m.verifyServerProofResult -} - -func (m *mockCertManager) Verify(hostname string) error { - m.verifyCalled = true - return m.verifyError -} - -func (m *mockCertManager) GetChain() []*x509.Certificate { - return m.chain -} - -var _ = Describe("Client Crypto Setup", func() { - var ( - cs *cryptoSetupClient - certManager *mockCertManager - stream *mockStream - keyDerivationCalledWith *keyDerivationValues - shloMap map[Tag][]byte - handshakeEvent chan struct{} - handshakeComplete chan struct{} - paramsChan chan TransportParameters - ) - - BeforeEach(func() { - shloMap = map[Tag][]byte{ - TagPUBS: {0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, - TagVER: {}, - } - keyDerivation := func(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte, pers protocol.Perspective) (crypto.AEAD, error) { - keyDerivationCalledWith = &keyDerivationValues{ - forwardSecure: forwardSecure, - sharedSecret: sharedSecret, - nonces: nonces, - connID: connID, - chlo: chlo, - scfg: scfg, - cert: cert, - divNonce: divNonce, - pers: pers, - } - return mockcrypto.NewMockAEAD(mockCtrl), nil - } - - stream = newMockStream() - certManager = &mockCertManager{} - version := protocol.Version39 - // use a buffered channel here, so that we can parse a SHLO without having to receive the TransportParameters to avoid blocking - paramsChan = make(chan TransportParameters, 1) - handshakeEvent = make(chan struct{}, 2) - handshakeComplete = make(chan struct{}) - csInt, err := NewCryptoSetupClient( - stream, - protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - version, - &tls.Config{ServerName: "hostname"}, - &TransportParameters{IdleTimeout: protocol.DefaultIdleTimeout}, - paramsChan, - handshakeEvent, - handshakeComplete, - protocol.Version39, - nil, - utils.DefaultLogger, - ) - Expect(err).ToNot(HaveOccurred()) - cs = csInt.(*cryptoSetupClient) - cs.certManager = certManager - cs.keyDerivation = keyDerivation - cs.nullAEAD = mockcrypto.NewMockAEAD(mockCtrl) - cs.cryptoStream = stream - }) - - Context("Reading REJ", func() { - var tagMap map[Tag][]byte - - BeforeEach(func() { - tagMap = make(map[Tag][]byte) - }) - - It("rejects handshake messages with the wrong message tag", func() { - HandshakeMessage{Tag: TagCHLO, Data: tagMap}.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.InvalidCryptoMessageType)) - }) - - It("errors on invalid handshake messages", func() { - stream.dataToRead.Write([]byte("invalid message")) - err := cs.RunHandshake() - Expect(err).To(HaveOccurred()) - Expect(err.(*qerr.QuicError).ErrorCode).To(Equal(qerr.HandshakeFailed)) - }) - - It("passes the message on for parsing, and reads the source address token", func() { - stk := []byte("foobar") - tagMap[TagSTK] = stk - HandshakeMessage{Tag: TagREJ, Data: tagMap}.Write(&stream.dataToRead) - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.Error(qerr.HandshakeFailed, errMockStreamClosing.Error()))) - close(done) - }() - Eventually(func() []byte { return cs.stk }).Should(Equal(stk)) - // make the go routine return - stream.close() - Eventually(done).Should(BeClosed()) - }) - - It("saves the proof", func() { - proof := []byte("signature for the server config") - tagMap[TagPROF] = proof - err := cs.handleREJMessage(tagMap) - Expect(err).ToNot(HaveOccurred()) - Expect(cs.proof).To(Equal(proof)) - }) - - It("saves the last sent CHLO for signature validation, when receiving the proof", func() { - chlo := []byte("last sent CHLO") - cs.lastSentCHLO = chlo - err := cs.handleREJMessage(tagMap) - Expect(err).ToNot(HaveOccurred()) - Expect(cs.chloForSignature).To(BeEmpty()) - tagMap[TagPROF] = []byte("signature") - err = cs.handleREJMessage(tagMap) - Expect(err).ToNot(HaveOccurred()) - Expect(cs.chloForSignature).To(Equal(chlo)) - }) - - It("saves the server nonce", func() { - nonc := []byte("servernonce") - tagMap[TagSNO] = nonc - err := cs.handleREJMessage(tagMap) - Expect(err).ToNot(HaveOccurred()) - Expect(cs.sno).To(Equal(nonc)) - }) - - Context("validating the Version list", func() { - It("doesn't care about the version list if there was no version negotiation", func() { - Expect(cs.validateVersionList([]byte{0})).To(BeTrue()) - }) - - It("detects a downgrade attack if the number of versions is not equal", func() { - cs.negotiatedVersions = []protocol.VersionNumber{protocol.VersionWhatever} - Expect(cs.validateVersionList(bytes.Repeat([]byte{'f'}, 2*4))).To(BeFalse()) - }) - - It("detects a downgrade attack", func() { - cs.negotiatedVersions = []protocol.VersionNumber{12} - b := &bytes.Buffer{} - utils.BigEndian.WriteUint32(b, 11) - Expect(cs.validateVersionList(b.Bytes())).To(BeFalse()) - }) - - It("errors if the version tags are invalid", func() { - cs.negotiatedVersions = []protocol.VersionNumber{protocol.VersionWhatever} - Expect(cs.validateVersionList([]byte{0, 1, 2})).To(BeFalse()) // 1 byte too short - }) - - It("returns the right error when detecting a downgrade attack", func() { - cs.negotiatedVersions = []protocol.VersionNumber{protocol.VersionWhatever} - cs.receivedSecurePacket = true - _, err := cs.handleSHLOMessage(map[Tag][]byte{ - TagPUBS: {0}, - TagVER: {0, 1}, - }) - Expect(err).To(MatchError(qerr.Error(qerr.VersionNegotiationMismatch, "Downgrade attack detected"))) - }) - }) - - Context("Certificates", func() { - BeforeEach(func() { - cs.serverConfig = &serverConfigClient{} - }) - - It("passes the certificates to the CertManager", func() { - tagMap[TagCERT] = []byte("cert") - err := cs.handleREJMessage(tagMap) - Expect(err).ToNot(HaveOccurred()) - Expect(certManager.setDataCalledWith).To(Equal(tagMap[TagCERT])) - }) - - It("returns an InvalidCryptoMessageParameter error if it can't parse the cert chain", func() { - tagMap[TagCERT] = []byte("cert") - certManager.setDataError = errors.New("can't parse") - err := cs.handleREJMessage(tagMap) - Expect(err).To(MatchError(qerr.Error(qerr.InvalidCryptoMessageParameter, "Certificate data invalid"))) - }) - - Context("verifying the certificate chain", func() { - It("returns a ProofInvalid error if the certificate chain is not valid", func() { - tagMap[TagCERT] = []byte("cert") - certManager.verifyError = errors.New("invalid") - err := cs.handleREJMessage(tagMap) - Expect(err).To(MatchError(qerr.ProofInvalid)) - }) - - It("verifies the certificate", func() { - certManager.verifyServerProofResult = true - tagMap[TagCERT] = []byte("cert") - err := cs.handleREJMessage(tagMap) - Expect(err).ToNot(HaveOccurred()) - Expect(certManager.verifyCalled).To(BeTrue()) - }) - }) - - Context("verifying the signature", func() { - BeforeEach(func() { - tagMap[TagCERT] = []byte("cert") - tagMap[TagPROF] = []byte("proof") - certManager.leafCert = []byte("leafcert") - }) - - It("rejects wrong signature", func() { - certManager.verifyServerProofResult = false - err := cs.handleREJMessage(tagMap) - Expect(err).To(MatchError(qerr.ProofInvalid)) - Expect(certManager.verifyServerProofCalled).To(BeTrue()) - }) - - It("accepts correct signatures", func() { - certManager.verifyServerProofResult = true - err := cs.handleREJMessage(tagMap) - Expect(err).ToNot(HaveOccurred()) - Expect(certManager.verifyServerProofCalled).To(BeTrue()) - }) - - It("doesn't try to verify the signature if the certificate is missing", func() { - delete(tagMap, TagCERT) - certManager.leafCert = nil - err := cs.handleREJMessage(tagMap) - Expect(err).ToNot(HaveOccurred()) - Expect(certManager.verifyServerProofCalled).To(BeFalse()) - }) - - It("doesn't try to verify the signature if the server config is missing", func() { - cs.serverConfig = nil - err := cs.handleREJMessage(tagMap) - Expect(err).ToNot(HaveOccurred()) - Expect(certManager.verifyServerProofCalled).To(BeFalse()) - }) - - It("doesn't try to verify the signature if the signature is missing", func() { - delete(tagMap, TagPROF) - err := cs.handleREJMessage(tagMap) - Expect(err).ToNot(HaveOccurred()) - Expect(certManager.verifyServerProofCalled).To(BeFalse()) - }) - }) - }) - - Context("Reading server configs", func() { - It("reads a server config", func() { - b := &bytes.Buffer{} - scfg := getDefaultServerConfigClient() - HandshakeMessage{Tag: TagSCFG, Data: scfg}.Write(b) - tagMap[TagSCFG] = b.Bytes() - err := cs.handleREJMessage(tagMap) - Expect(err).ToNot(HaveOccurred()) - Expect(cs.serverConfig).ToNot(BeNil()) - Expect(cs.serverConfig.ID).To(Equal(scfg[TagSCID])) - }) - - It("rejects expired server configs", func() { - b := &bytes.Buffer{} - scfg := getDefaultServerConfigClient() - scfg[TagEXPY] = []byte{0x80, 0x54, 0x72, 0x4F, 0, 0, 0, 0} // 2012-03-28 - HandshakeMessage{Tag: TagSCFG, Data: scfg}.Write(b) - tagMap[TagSCFG] = b.Bytes() - // make sure we actually set TagEXPY correct - serverConfig, err := parseServerConfig(b.Bytes()) - Expect(err).ToNot(HaveOccurred()) - Expect(serverConfig.expiry.Year()).To(Equal(2012)) - // now try to read this server config in the crypto setup - err = cs.handleREJMessage(tagMap) - Expect(err).To(MatchError(qerr.CryptoServerConfigExpired)) - }) - - It("generates a client nonce after reading a server config", func() { - b := &bytes.Buffer{} - HandshakeMessage{Tag: TagSCFG, Data: getDefaultServerConfigClient()}.Write(b) - tagMap[TagSCFG] = b.Bytes() - err := cs.handleREJMessage(tagMap) - Expect(err).ToNot(HaveOccurred()) - Expect(cs.nonc).To(HaveLen(32)) - }) - - It("only generates a client nonce once, when reading multiple server configs", func() { - b := &bytes.Buffer{} - HandshakeMessage{Tag: TagSCFG, Data: getDefaultServerConfigClient()}.Write(b) - tagMap[TagSCFG] = b.Bytes() - err := cs.handleREJMessage(tagMap) - Expect(err).ToNot(HaveOccurred()) - nonc := cs.nonc - Expect(nonc).ToNot(BeEmpty()) - err = cs.handleREJMessage(tagMap) - Expect(err).ToNot(HaveOccurred()) - Expect(cs.nonc).To(Equal(nonc)) - }) - - It("passes on errors from reading the server config", func() { - b := &bytes.Buffer{} - HandshakeMessage{Tag: TagSHLO, Data: make(map[Tag][]byte)}.Write(b) - tagMap[TagSCFG] = b.Bytes() - _, origErr := parseServerConfig(b.Bytes()) - err := cs.handleREJMessage(tagMap) - Expect(err).To(HaveOccurred()) - Expect(err).To(MatchError(origErr)) - }) - }) - }) - - Context("Reading SHLO", func() { - BeforeEach(func() { - kex, err := crypto.NewCurve25519KEX() - Expect(err).ToNot(HaveOccurred()) - serverConfig := &serverConfigClient{ - kex: kex, - } - cs.serverConfig = serverConfig - cs.receivedSecurePacket = true - }) - - It("rejects unencrypted SHLOs", func() { - cs.receivedSecurePacket = false - _, err := cs.handleSHLOMessage(shloMap) - Expect(err).To(MatchError(qerr.Error(qerr.CryptoEncryptionLevelIncorrect, "unencrypted SHLO message"))) - Expect(handshakeEvent).ToNot(Receive()) - Expect(handshakeEvent).ToNot(BeClosed()) - }) - - It("rejects SHLOs without a PUBS", func() { - delete(shloMap, TagPUBS) - _, err := cs.handleSHLOMessage(shloMap) - Expect(err).To(MatchError(qerr.Error(qerr.CryptoMessageParameterNotFound, "PUBS"))) - Expect(handshakeEvent).ToNot(BeClosed()) - }) - - It("rejects SHLOs without a version list", func() { - delete(shloMap, TagVER) - _, err := cs.handleSHLOMessage(shloMap) - Expect(err).To(MatchError(qerr.Error(qerr.InvalidCryptoMessageParameter, "server hello missing version list"))) - Expect(handshakeEvent).ToNot(BeClosed()) - }) - - It("accepts a SHLO after a version negotiation", func() { - ver := protocol.SupportedVersions[0] - cs.negotiatedVersions = []protocol.VersionNumber{ver} - cs.receivedSecurePacket = true - b := &bytes.Buffer{} - utils.BigEndian.WriteUint32(b, uint32(ver)) - shloMap[TagVER] = b.Bytes() - _, err := cs.handleSHLOMessage(shloMap) - Expect(err).ToNot(HaveOccurred()) - }) - - It("reads the server nonce, if set", func() { - shloMap[TagSNO] = []byte("server nonce") - _, err := cs.handleSHLOMessage(shloMap) - Expect(err).ToNot(HaveOccurred()) - Expect(cs.sno).To(Equal(shloMap[TagSNO])) - }) - - It("creates a forwardSecureAEAD", func() { - shloMap[TagSNO] = []byte("server nonce") - _, err := cs.handleSHLOMessage(shloMap) - Expect(err).ToNot(HaveOccurred()) - Expect(cs.forwardSecureAEAD).ToNot(BeNil()) - }) - - It("reads the connection parameters", func() { - shloMap[TagICSL] = []byte{13, 0, 0, 0} // 13 seconds - params, err := cs.handleSHLOMessage(shloMap) - Expect(err).ToNot(HaveOccurred()) - Expect(params.IdleTimeout).To(Equal(13 * time.Second)) - }) - - It("closes the handshakeComplete chan when receiving an SHLO", func() { - HandshakeMessage{Tag: TagSHLO, Data: shloMap}.Write(&stream.dataToRead) - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.Error(qerr.HandshakeFailed, errMockStreamClosing.Error()))) - close(done) - }() - Eventually(handshakeEvent).Should(Receive()) - Eventually(handshakeComplete).Should(BeClosed()) - // make the go routine return - stream.close() - Eventually(done).Should(BeClosed()) - }) - - It("passes the transport parameters on the channel", func() { - shloMap[TagSFCW] = []byte{0x0d, 0x00, 0xdf, 0xba} - HandshakeMessage{Tag: TagSHLO, Data: shloMap}.Write(&stream.dataToRead) - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.Error(qerr.HandshakeFailed, errMockStreamClosing.Error()))) - close(done) - }() - var params TransportParameters - Eventually(paramsChan).Should(Receive(¶ms)) - Expect(params.StreamFlowControlWindow).To(Equal(protocol.ByteCount(0xbadf000d))) - // make the go routine return - stream.close() - Eventually(done).Should(BeClosed()) - }) - - It("errors if it can't read a connection parameter", func() { - shloMap[TagICSL] = []byte{3, 0, 0} // 1 byte too short - _, err := cs.handleSHLOMessage(shloMap) - Expect(err).To(MatchError(qerr.InvalidCryptoMessageParameter)) - }) - }) - - Context("CHLO generation", func() { - It("is longer than the miminum client hello size", func() { - err := cs.sendCHLO() - Expect(err).ToNot(HaveOccurred()) - Expect(cs.cryptoStream.(*mockStream).dataWritten.Len()).To(BeNumerically(">", protocol.MinClientHelloSize)) - }) - - It("doesn't overflow the packet with padding", func() { - tagMap := make(map[Tag][]byte) - tagMap[TagSCID] = bytes.Repeat([]byte{0}, protocol.MinClientHelloSize*6/10) - cs.addPadding(tagMap) - Expect(len(tagMap[TagPAD])).To(BeNumerically("<", protocol.MinClientHelloSize/2)) - }) - - It("saves the last sent CHLO", func() { - // send first CHLO - err := cs.sendCHLO() - Expect(err).ToNot(HaveOccurred()) - Expect(cs.cryptoStream.(*mockStream).dataWritten.Bytes()).To(Equal(cs.lastSentCHLO)) - cs.cryptoStream.(*mockStream).dataWritten.Reset() - firstCHLO := cs.lastSentCHLO - // send second CHLO - cs.sno = []byte("foobar") - err = cs.sendCHLO() - Expect(err).ToNot(HaveOccurred()) - Expect(cs.cryptoStream.(*mockStream).dataWritten.Bytes()).To(Equal(cs.lastSentCHLO)) - Expect(cs.lastSentCHLO).ToNot(Equal(firstCHLO)) - }) - - It("has the right values for an inchoate CHLO", func() { - cs.version = cs.initialVersion - 1 - cs.hostname = "sni-hostname" - certManager.commonCertificateHashes = []byte("common certs") - tags, err := cs.getTags() - Expect(err).ToNot(HaveOccurred()) - Expect(string(tags[TagSNI])).To(Equal(cs.hostname)) - Expect(tags[TagPDMD]).To(Equal([]byte("X509"))) - Expect(tags[TagVER]).To(Equal([]byte("Q039"))) - Expect(tags[TagCCS]).To(Equal(certManager.commonCertificateHashes)) - Expect(tags).ToNot(HaveKey(TagTCID)) - }) - - It("requests to omit the connection ID", func() { - cs.params.OmitConnectionID = true - tags, err := cs.getTags() - Expect(err).ToNot(HaveOccurred()) - Expect(tags).To(HaveKeyWithValue(TagTCID, []byte{0, 0, 0, 0})) - }) - - It("adds the tags returned from the connectionParametersManager to the CHLO", func() { - pnTags := cs.params.getHelloMap() - Expect(pnTags).ToNot(BeEmpty()) - tags, err := cs.getTags() - Expect(err).ToNot(HaveOccurred()) - for t := range pnTags { - Expect(tags).To(HaveKey(t)) - } - }) - - It("doesn't send a CCS if there are no common certificate sets available", func() { - certManager.commonCertificateHashes = nil - tags, err := cs.getTags() - Expect(err).ToNot(HaveOccurred()) - Expect(tags).ToNot(HaveKey(TagCCS)) - }) - - It("includes the server config id, if available", func() { - id := []byte("foobar") - cs.serverConfig = &serverConfigClient{ID: id} - tags, err := cs.getTags() - Expect(err).ToNot(HaveOccurred()) - Expect(tags[TagSCID]).To(Equal(id)) - }) - - It("includes the source address token, if available", func() { - cs.stk = []byte("sourceaddresstoken") - tags, err := cs.getTags() - Expect(err).ToNot(HaveOccurred()) - Expect(tags[TagSTK]).To(Equal(cs.stk)) - }) - - It("includes the server nonce, if available", func() { - cs.sno = []byte("foobar") - tags, err := cs.getTags() - Expect(err).ToNot(HaveOccurred()) - Expect(tags[TagSNO]).To(Equal(cs.sno)) - }) - - It("doesn't include optional values, if not available", func() { - tags, err := cs.getTags() - Expect(err).ToNot(HaveOccurred()) - Expect(tags).ToNot(HaveKey(TagSCID)) - Expect(tags).ToNot(HaveKey(TagSNO)) - Expect(tags).ToNot(HaveKey(TagSTK)) - }) - - It("doesn't change any values after reading the certificate, if the server config is missing", func() { - tags, err := cs.getTags() - Expect(err).ToNot(HaveOccurred()) - certManager.leafCert = []byte("leafcert") - Expect(cs.getTags()).To(Equal(tags)) - }) - - It("sends a the values needed for a full CHLO after reading the certificate and the server config", func() { - certManager.leafCert = []byte("leafcert") - cs.nonc = []byte("client-nonce") - kex, err := crypto.NewCurve25519KEX() - Expect(err).ToNot(HaveOccurred()) - cs.serverConfig = &serverConfigClient{kex: kex} - xlct := []byte{0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8} - certManager.leafCertHash = binary.LittleEndian.Uint64(xlct) - tags, err := cs.getTags() - Expect(err).ToNot(HaveOccurred()) - Expect(tags[TagNONC]).To(Equal(cs.nonc)) - Expect(tags[TagPUBS]).To(Equal(kex.PublicKey())) - Expect(tags[TagXLCT]).To(Equal(xlct)) - Expect(tags[TagKEXS]).To(Equal([]byte("C255"))) - Expect(tags[TagAEAD]).To(Equal([]byte("AESG"))) - }) - - It("doesn't send more than MaxClientHellos CHLOs", func() { - Expect(cs.clientHelloCounter).To(BeZero()) - for i := 1; i <= protocol.MaxClientHellos; i++ { - err := cs.sendCHLO() - Expect(err).ToNot(HaveOccurred()) - Expect(cs.clientHelloCounter).To(Equal(i)) - } - err := cs.sendCHLO() - Expect(err).To(MatchError(qerr.Error(qerr.CryptoTooManyRejects, fmt.Sprintf("More than %d rejects", protocol.MaxClientHellos)))) - }) - }) - - Context("escalating crypto", func() { - doCompleteREJ := func() { - cs.serverVerified = true - err := cs.maybeUpgradeCrypto() - Expect(err).ToNot(HaveOccurred()) - Expect(cs.secureAEAD).ToNot(BeNil()) - } - - doSHLO := func() { - cs.receivedSecurePacket = true - _, err := cs.handleSHLOMessage(shloMap) - Expect(err).ToNot(HaveOccurred()) - } - - // sets all values necessary for escalating to secureAEAD - BeforeEach(func() { - kex, err := crypto.NewCurve25519KEX() - Expect(err).ToNot(HaveOccurred()) - cs.serverConfig = &serverConfigClient{ - kex: kex, - obit: []byte("obit"), - sharedSecret: []byte("sharedSecret"), - raw: []byte("rawserverconfig"), - } - cs.lastSentCHLO = []byte("lastSentCHLO") - cs.nonc = []byte("nonc") - cs.diversificationNonce = []byte("divnonce") - certManager.leafCert = []byte("leafCert") - }) - - It("creates a secureAEAD once it has all necessary values", func() { - cs.serverVerified = true - err := cs.maybeUpgradeCrypto() - Expect(err).ToNot(HaveOccurred()) - Expect(cs.secureAEAD).ToNot(BeNil()) - Expect(keyDerivationCalledWith.forwardSecure).To(BeFalse()) - Expect(keyDerivationCalledWith.sharedSecret).To(Equal(cs.serverConfig.sharedSecret)) - Expect(keyDerivationCalledWith.nonces).To(Equal(cs.nonc)) - Expect(keyDerivationCalledWith.connID).To(Equal(cs.connID)) - Expect(keyDerivationCalledWith.chlo).To(Equal(cs.lastSentCHLO)) - Expect(keyDerivationCalledWith.scfg).To(Equal(cs.serverConfig.Get())) - Expect(keyDerivationCalledWith.cert).To(Equal(certManager.leafCert)) - Expect(keyDerivationCalledWith.divNonce).To(Equal(cs.diversificationNonce)) - Expect(keyDerivationCalledWith.pers).To(Equal(protocol.PerspectiveClient)) - Expect(handshakeEvent).To(Receive()) - Expect(handshakeEvent).ToNot(Receive()) - Expect(handshakeEvent).ToNot(BeClosed()) - }) - - It("uses the server nonce, if the server sent one", func() { - cs.serverVerified = true - cs.sno = []byte("server nonce") - err := cs.maybeUpgradeCrypto() - Expect(err).ToNot(HaveOccurred()) - Expect(cs.secureAEAD).ToNot(BeNil()) - Expect(keyDerivationCalledWith.nonces).To(Equal(append(cs.nonc, cs.sno...))) - Expect(handshakeEvent).To(Receive()) - Expect(handshakeEvent).ToNot(Receive()) - Expect(handshakeEvent).ToNot(BeClosed()) - }) - - It("doesn't create a secureAEAD if the certificate is not yet verified, even if it has all necessary values", func() { - err := cs.maybeUpgradeCrypto() - Expect(err).ToNot(HaveOccurred()) - Expect(cs.secureAEAD).To(BeNil()) - Expect(handshakeEvent).ToNot(Receive()) - cs.serverVerified = true - // make sure we really had all necessary values before, and only serverVerified was missing - err = cs.maybeUpgradeCrypto() - Expect(err).ToNot(HaveOccurred()) - Expect(cs.secureAEAD).ToNot(BeNil()) - Expect(handshakeEvent).To(Receive()) - Expect(handshakeEvent).ToNot(Receive()) - Expect(handshakeEvent).ToNot(BeClosed()) - }) - - It("tries to escalate before reading a handshake message", func() { - Expect(cs.secureAEAD).To(BeNil()) - cs.serverVerified = true - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.Error(qerr.HandshakeFailed, errMockStreamClosing.Error()))) - close(done) - }() - Eventually(handshakeEvent).Should(Receive()) - Expect(cs.secureAEAD).ToNot(BeNil()) - Expect(handshakeEvent).ToNot(Receive()) - Expect(handshakeEvent).ToNot(BeClosed()) - // make the go routine return - stream.close() - Eventually(done).Should(BeClosed()) - }) - - It("tries to escalate the crypto after receiving a diversification nonce", func() { - done := make(chan struct{}) - cs.diversificationNonce = nil - cs.serverVerified = true - go func() { - defer GinkgoRecover() - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.Error(qerr.HandshakeFailed, errMockStreamClosing.Error()))) - close(done) - }() - Expect(cs.secureAEAD).To(BeNil()) - Expect(cs.SetDiversificationNonce([]byte("div"))).To(Succeed()) - Eventually(handshakeEvent).Should(Receive()) - Expect(cs.secureAEAD).ToNot(BeNil()) - Expect(handshakeEvent).ToNot(Receive()) - Expect(handshakeEvent).ToNot(BeClosed()) - // make the go routine return - stream.close() - Eventually(done).Should(BeClosed()) - }) - - Context("null encryption", func() { - It("is used initially", func() { - cs.nullAEAD.(*mockcrypto.MockAEAD).EXPECT().Seal(nil, []byte("foobar"), protocol.PacketNumber(10), []byte{}).Return([]byte("foobar unencrypted")) - enc, sealer := cs.GetSealer() - Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) - d := sealer.Seal(nil, []byte("foobar"), 10, []byte{}) - Expect(d).To(Equal([]byte("foobar unencrypted"))) - }) - - It("is used for the crypto stream", func() { - cs.nullAEAD.(*mockcrypto.MockAEAD).EXPECT().Seal(nil, []byte("foobar"), protocol.PacketNumber(1), []byte{}).Return([]byte("foobar unencrypted")) - enc, sealer := cs.GetSealerForCryptoStream() - Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) - d := sealer.Seal(nil, []byte("foobar"), 1, []byte{}) - Expect(d).To(Equal([]byte("foobar unencrypted"))) - }) - - It("is accepted initially", func() { - cs.nullAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("unencrypted"), protocol.PacketNumber(1), []byte{}).Return([]byte("decrypted"), nil) - d, enc, err := cs.Open(nil, []byte("unencrypted"), 1, []byte{}) - Expect(err).ToNot(HaveOccurred()) - Expect(d).To(Equal([]byte("decrypted"))) - Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) - }) - - It("is accepted before the server sent an encrypted packet", func() { - doCompleteREJ() - cs.secureAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("unencrypted"), protocol.PacketNumber(1), []byte{}).Return(nil, errors.New("authentication failed")) - cs.nullAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("unencrypted"), protocol.PacketNumber(1), []byte{}).Return([]byte("decrypted"), nil) - cs.receivedSecurePacket = false - Expect(cs.secureAEAD).ToNot(BeNil()) - d, enc, err := cs.Open(nil, []byte("unencrypted"), 1, []byte{}) - Expect(err).ToNot(HaveOccurred()) - Expect(d).To(Equal([]byte("decrypted"))) - Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) - }) - - It("is not accepted after the server sent an encrypted packet", func() { - doCompleteREJ() - cs.secureAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("unencrypted"), protocol.PacketNumber(3), []byte{}).Return(nil, errors.New("authentication failed")) - cs.receivedSecurePacket = true - _, enc, err := cs.Open(nil, []byte("unencrypted"), 3, []byte{}) - Expect(err).To(MatchError("authentication failed")) - Expect(enc).To(Equal(protocol.EncryptionUnspecified)) - }) - - It("errors if the has the wrong hash", func() { - cs.nullAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("not unencrypted"), protocol.PacketNumber(3), []byte{}).Return(nil, errors.New("authentication failed")) - _, enc, err := cs.Open(nil, []byte("not unencrypted"), 3, []byte{}) - Expect(err).To(MatchError("authentication failed")) - Expect(enc).To(Equal(protocol.EncryptionUnspecified)) - }) - }) - - Context("initial encryption", func() { - It("is used immediately when available", func() { - doCompleteREJ() - cs.secureAEAD.(*mockcrypto.MockAEAD).EXPECT().Seal(nil, []byte("foobar"), protocol.PacketNumber(1), []byte{}).Return([]byte("foobar secure")) - cs.receivedSecurePacket = false - enc, sealer := cs.GetSealer() - Expect(enc).To(Equal(protocol.EncryptionSecure)) - d := sealer.Seal(nil, []byte("foobar"), 1, []byte{}) - Expect(d).To(Equal([]byte("foobar secure"))) - }) - - It("is accepted", func() { - doCompleteREJ() - cs.secureAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("encrypted"), protocol.PacketNumber(3), []byte{}).Return([]byte("decrypted"), nil) - d, enc, err := cs.Open(nil, []byte("encrypted"), 3, []byte{}) - Expect(err).ToNot(HaveOccurred()) - Expect(d).To(Equal([]byte("decrypted"))) - Expect(enc).To(Equal(protocol.EncryptionSecure)) - Expect(cs.receivedSecurePacket).To(BeTrue()) - }) - - It("is not used after receiving the SHLO", func() { - doSHLO() - cs.forwardSecureAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("encrypted"), protocol.PacketNumber(30), []byte{}).Return(nil, errors.New("authentication failed")) - _, enc, err := cs.Open(nil, []byte("encrypted"), 30, []byte{}) - Expect(err).To(MatchError("authentication failed")) - Expect(enc).To(Equal(protocol.EncryptionUnspecified)) - }) - - It("is not used for the crypto stream", func() { - doCompleteREJ() - cs.nullAEAD.(*mockcrypto.MockAEAD).EXPECT().Seal(nil, []byte("foobar"), protocol.PacketNumber(3), []byte{}).Return([]byte("foobar unencrypted")) - enc, sealer := cs.GetSealerForCryptoStream() - Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) - d := sealer.Seal(nil, []byte("foobar"), 3, []byte{}) - Expect(d).To(Equal([]byte("foobar unencrypted"))) - }) - }) - - Context("forward-secure encryption", func() { - It("is used after receiving the SHLO", func() { - doSHLO() - cs.forwardSecureAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("shlo"), protocol.PacketNumber(4), []byte{}) - cs.forwardSecureAEAD.(*mockcrypto.MockAEAD).EXPECT().Seal(nil, []byte("foobar"), protocol.PacketNumber(10), []byte{}).Return([]byte("foobar forward sec")) - _, enc, err := cs.Open(nil, []byte("shlo"), 4, []byte{}) - Expect(err).ToNot(HaveOccurred()) - Expect(enc).To(Equal(protocol.EncryptionForwardSecure)) - enc, sealer := cs.GetSealer() - Expect(enc).To(Equal(protocol.EncryptionForwardSecure)) - d := sealer.Seal(nil, []byte("foobar"), 10, []byte{}) - Expect(d).To(Equal([]byte("foobar forward sec"))) - }) - - It("is not used for the crypto stream", func() { - doSHLO() - cs.nullAEAD.(*mockcrypto.MockAEAD).EXPECT().Seal(nil, []byte("foobar"), protocol.PacketNumber(3), []byte{}).Return([]byte("foobar unencrypted")) - enc, sealer := cs.GetSealerForCryptoStream() - Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) - d := sealer.Seal(nil, []byte("foobar"), 3, []byte{}) - Expect(d).To(Equal([]byte("foobar unencrypted"))) - }) - }) - - Context("reporting the connection state", func() { - It("reports the connection state before the handshake completes", func() { - chain := []*x509.Certificate{testdata.GetCertificate().Leaf} - certManager.chain = chain - state := cs.ConnectionState() - Expect(state.HandshakeComplete).To(BeFalse()) - Expect(state.PeerCertificates).To(Equal(chain)) - }) - - It("reports the connection state after the handshake completes", func() { - doSHLO() - state := cs.ConnectionState() - Expect(state.HandshakeComplete).To(BeTrue()) - }) - }) - - Context("forcing encryption levels", func() { - It("forces null encryption", func() { - cs.nullAEAD.(*mockcrypto.MockAEAD).EXPECT().Seal(nil, []byte("foobar"), protocol.PacketNumber(4), []byte{}).Return([]byte("foobar unencrypted")) - sealer, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionUnencrypted) - Expect(err).ToNot(HaveOccurred()) - d := sealer.Seal(nil, []byte("foobar"), 4, []byte{}) - Expect(d).To(Equal([]byte("foobar unencrypted"))) - }) - - It("forces initial encryption", func() { - doCompleteREJ() - cs.secureAEAD.(*mockcrypto.MockAEAD).EXPECT().Seal(nil, []byte("foobar"), protocol.PacketNumber(3), []byte{}).Return([]byte("foobar secure")) - sealer, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionSecure) - Expect(err).ToNot(HaveOccurred()) - d := sealer.Seal(nil, []byte("foobar"), 3, []byte{}) - Expect(d).To(Equal([]byte("foobar secure"))) - }) - - It("errors of no AEAD for initial encryption is available", func() { - sealer, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionSecure) - Expect(err).To(MatchError("CryptoSetupClient: no secureAEAD")) - Expect(sealer).To(BeNil()) - }) - - It("forces forward-secure encryption", func() { - doSHLO() - cs.forwardSecureAEAD.(*mockcrypto.MockAEAD).EXPECT().Seal(nil, []byte("foobar"), protocol.PacketNumber(4), []byte{}).Return([]byte("foobar forward sec")) - sealer, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionForwardSecure) - Expect(err).ToNot(HaveOccurred()) - d := sealer.Seal(nil, []byte("foobar"), 4, []byte{}) - Expect(d).To(Equal([]byte("foobar forward sec"))) - }) - - It("errors of no AEAD for forward-secure encryption is available", func() { - sealer, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionForwardSecure) - Expect(err).To(MatchError("CryptoSetupClient: no forwardSecureAEAD")) - Expect(sealer).To(BeNil()) - }) - - It("errors if no encryption level is specified", func() { - sealer, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionUnspecified) - Expect(err).To(MatchError("CryptoSetupClient: no encryption level specified")) - Expect(sealer).To(BeNil()) - }) - }) - }) - - Context("Diversification Nonces", func() { - It("sets a diversification nonce", func() { - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.Error(qerr.HandshakeFailed, errMockStreamClosing.Error()))) - close(done) - }() - nonce := []byte("foobar") - Expect(cs.SetDiversificationNonce(nonce)).To(Succeed()) - Eventually(func() []byte { return cs.diversificationNonce }).Should(Equal(nonce)) - // make the go routine return - stream.close() - Eventually(done).Should(BeClosed()) - }) - - It("doesn't do anything when called multiple times with the same nonce", func() { - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.Error(qerr.HandshakeFailed, errMockStreamClosing.Error()))) - close(done) - }() - nonce := []byte("foobar") - Expect(cs.SetDiversificationNonce(nonce)).To(Succeed()) - Expect(cs.SetDiversificationNonce(nonce)).To(Succeed()) - Eventually(func() []byte { return cs.diversificationNonce }).Should(Equal(nonce)) - // make the go routine return - stream.close() - Eventually(done).Should(BeClosed()) - }) - - It("rejects a different diversification nonce", func() { - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.Error(qerr.HandshakeFailed, errMockStreamClosing.Error()))) - close(done) - }() - nonce1 := []byte("foobar") - nonce2 := []byte("raboof") - err := cs.SetDiversificationNonce(nonce1) - Expect(err).ToNot(HaveOccurred()) - err = cs.SetDiversificationNonce(nonce2) - Expect(err).To(MatchError(errConflictingDiversificationNonces)) - // make the go routine return - stream.close() - Eventually(done).Should(BeClosed()) - }) - }) - - Context("Client Nonce generation", func() { - BeforeEach(func() { - cs.serverConfig = &serverConfigClient{} - cs.serverConfig.obit = []byte{0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8} - }) - - It("generates a client nonce", func() { - now := time.Now() - err := cs.generateClientNonce() - Expect(cs.nonc).To(HaveLen(32)) - Expect(err).ToNot(HaveOccurred()) - Expect(time.Unix(int64(binary.BigEndian.Uint32(cs.nonc[0:4])), 0)).To(BeTemporally("~", now, 1*time.Second)) - Expect(cs.nonc[4:12]).To(Equal(cs.serverConfig.obit)) - }) - - It("uses random values for the last 20 bytes", func() { - err := cs.generateClientNonce() - Expect(err).ToNot(HaveOccurred()) - nonce1 := cs.nonc - cs.nonc = []byte{} - err = cs.generateClientNonce() - Expect(err).ToNot(HaveOccurred()) - nonce2 := cs.nonc - Expect(nonce1[4:12]).To(Equal(nonce2[4:12])) - Expect(nonce1[12:]).ToNot(Equal(nonce2[12:])) - }) - - It("errors if a client nonce has already been generated", func() { - err := cs.generateClientNonce() - Expect(err).ToNot(HaveOccurred()) - err = cs.generateClientNonce() - Expect(err).To(MatchError(errClientNonceAlreadyExists)) - }) - - It("errors if no OBIT value is available", func() { - cs.serverConfig.obit = []byte{} - err := cs.generateClientNonce() - Expect(err).To(MatchError(errNoObitForClientNonce)) - }) - }) -}) diff --git a/internal/handshake/crypto_setup_server.go b/internal/handshake/crypto_setup_server.go deleted file mode 100644 index f91bb4f8..00000000 --- a/internal/handshake/crypto_setup_server.go +++ /dev/null @@ -1,470 +0,0 @@ -package handshake - -import ( - "bytes" - "crypto/rand" - "encoding/binary" - "errors" - "io" - "net" - "sync" - - "github.com/lucas-clemente/quic-go/internal/crypto" - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/utils" - "github.com/lucas-clemente/quic-go/qerr" -) - -// QuicCryptoKeyDerivationFunction is used for key derivation -type QuicCryptoKeyDerivationFunction func(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte, pers protocol.Perspective) (crypto.AEAD, error) - -// KeyExchangeFunction is used to make a new KEX -type KeyExchangeFunction func() (crypto.KeyExchange, error) - -// The CryptoSetupServer handles all things crypto for the Session -type cryptoSetupServer struct { - mutex sync.RWMutex - - connID protocol.ConnectionID - remoteAddr net.Addr - scfg *ServerConfig - diversificationNonce []byte - - version protocol.VersionNumber - supportedVersions []protocol.VersionNumber - - acceptSTKCallback func(net.Addr, *Cookie) bool - - nullAEAD crypto.AEAD - secureAEAD crypto.AEAD - forwardSecureAEAD crypto.AEAD - receivedForwardSecurePacket bool - receivedSecurePacket bool - sentSHLO chan struct{} // this channel is closed as soon as the SHLO has been written - - receivedParams bool - paramsChan chan<- TransportParameters - handshakeEvent chan<- struct{} - handshakeComplete chan<- struct{} - - keyDerivation QuicCryptoKeyDerivationFunction - keyExchange KeyExchangeFunction - - cryptoStream io.ReadWriter - - params *TransportParameters - - sni string // need to fill out the ConnectionState - - logger utils.Logger -} - -var _ CryptoSetup = &cryptoSetupServer{} - -// ErrNSTPExperiment is returned when the client sends the NSTP tag in the CHLO. -// This is an experiment implemented by Chrome in QUIC 38, which we don't support at this point. -var ErrNSTPExperiment = qerr.Error(qerr.InvalidCryptoMessageParameter, "NSTP experiment. Unsupported") - -// NewCryptoSetup creates a new CryptoSetup instance for a server -func NewCryptoSetup( - cryptoStream io.ReadWriter, - connID protocol.ConnectionID, - remoteAddr net.Addr, - version protocol.VersionNumber, - divNonce []byte, - scfg *ServerConfig, - params *TransportParameters, - supportedVersions []protocol.VersionNumber, - acceptSTK func(net.Addr, *Cookie) bool, - paramsChan chan<- TransportParameters, - handshakeEvent chan<- struct{}, - handshakeComplete chan<- struct{}, - logger utils.Logger, -) (CryptoSetup, error) { - nullAEAD, err := crypto.NewNullAEAD(protocol.PerspectiveServer, connID, version) - if err != nil { - return nil, err - } - return &cryptoSetupServer{ - cryptoStream: cryptoStream, - connID: connID, - remoteAddr: remoteAddr, - version: version, - supportedVersions: supportedVersions, - diversificationNonce: divNonce, - scfg: scfg, - keyDerivation: crypto.DeriveQuicCryptoAESKeys, - keyExchange: getEphermalKEX, - nullAEAD: nullAEAD, - params: params, - acceptSTKCallback: acceptSTK, - sentSHLO: make(chan struct{}), - paramsChan: paramsChan, - handshakeEvent: handshakeEvent, - handshakeComplete: handshakeComplete, - logger: logger, - }, nil -} - -// HandleCryptoStream reads and writes messages on the crypto stream -func (h *cryptoSetupServer) RunHandshake() error { - for { - var chloData bytes.Buffer - message, err := ParseHandshakeMessage(io.TeeReader(h.cryptoStream, &chloData)) - if err != nil { - return qerr.HandshakeFailed - } - if message.Tag != TagCHLO { - return qerr.InvalidCryptoMessageType - } - - h.logger.Debugf("Got %s", message) - done, err := h.handleMessage(chloData.Bytes(), message.Data) - if err != nil { - return err - } - if done { - return nil - } - } -} - -func (h *cryptoSetupServer) handleMessage(chloData []byte, cryptoData map[Tag][]byte) (bool, error) { - if _, isNSTPExperiment := cryptoData[TagNSTP]; isNSTPExperiment { - return false, ErrNSTPExperiment - } - - sniSlice, ok := cryptoData[TagSNI] - if !ok { - return false, qerr.Error(qerr.CryptoMessageParameterNotFound, "SNI required") - } - sni := string(sniSlice) - if sni == "" { - return false, qerr.Error(qerr.CryptoMessageParameterNotFound, "SNI required") - } - h.sni = sni - - // prevent version downgrade attacks - // see https://groups.google.com/a/chromium.org/forum/#!topic/proto-quic/N-de9j63tCk for a discussion and examples - verSlice, ok := cryptoData[TagVER] - if !ok { - return false, qerr.Error(qerr.InvalidCryptoMessageParameter, "client hello missing version tag") - } - if len(verSlice) != 4 { - return false, qerr.Error(qerr.InvalidCryptoMessageParameter, "incorrect version tag") - } - ver := protocol.VersionNumber(binary.BigEndian.Uint32(verSlice)) - // If the client's preferred version is not the version we are currently speaking, then the client went through a version negotiation. In this case, we need to make sure that we actually do not support this version and that it wasn't a downgrade attack. - if ver != h.version && protocol.IsSupportedVersion(h.supportedVersions, ver) { - return false, qerr.Error(qerr.VersionNegotiationMismatch, "Downgrade attack detected") - } - - var reply []byte - var err error - - certUncompressed, err := h.scfg.certChain.GetLeafCert(sni) - if err != nil { - return false, err - } - - params, err := readHelloMap(cryptoData) - if err != nil { - return false, err - } - // blocks until the session has received the parameters - if !h.receivedParams { - h.receivedParams = true - h.paramsChan <- *params - } - - if !h.isInchoateCHLO(cryptoData, certUncompressed) { - // We have a CHLO with a proper server config ID, do a 0-RTT handshake - reply, err = h.handleCHLO(sni, chloData, cryptoData) - if err != nil { - return false, err - } - if _, err := h.cryptoStream.Write(reply); err != nil { - return false, err - } - h.handshakeEvent <- struct{}{} - close(h.sentSHLO) - return true, nil - } - - // We have an inchoate or non-matching CHLO, we now send a rejection - reply, err = h.handleInchoateCHLO(sni, chloData, cryptoData) - if err != nil { - return false, err - } - _, err = h.cryptoStream.Write(reply) - return false, err -} - -// Open a message -func (h *cryptoSetupServer) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel, error) { - h.mutex.RLock() - defer h.mutex.RUnlock() - - if h.forwardSecureAEAD != nil { - res, err := h.forwardSecureAEAD.Open(dst, src, packetNumber, associatedData) - if err == nil { - if !h.receivedForwardSecurePacket { // this is the first forward secure packet we receive from the client - h.logger.Debugf("Received first forward-secure packet. Stopping to accept all lower encryption levels.") - h.receivedForwardSecurePacket = true - // wait for the send on the handshakeEvent chan - <-h.sentSHLO - close(h.handshakeComplete) - } - return res, protocol.EncryptionForwardSecure, nil - } - if h.receivedForwardSecurePacket { - return nil, protocol.EncryptionUnspecified, err - } - } - if h.secureAEAD != nil { - res, err := h.secureAEAD.Open(dst, src, packetNumber, associatedData) - if err == nil { - h.logger.Debugf("Received first secure packet. Stopping to accept unencrypted packets.") - h.receivedSecurePacket = true - return res, protocol.EncryptionSecure, nil - } - if h.receivedSecurePacket { - return nil, protocol.EncryptionUnspecified, err - } - } - res, err := h.nullAEAD.Open(dst, src, packetNumber, associatedData) - if err != nil { - return res, protocol.EncryptionUnspecified, err - } - return res, protocol.EncryptionUnencrypted, err -} - -func (h *cryptoSetupServer) GetSealer() (protocol.EncryptionLevel, Sealer) { - h.mutex.RLock() - defer h.mutex.RUnlock() - if h.forwardSecureAEAD != nil { - return protocol.EncryptionForwardSecure, h.forwardSecureAEAD - } - return protocol.EncryptionUnencrypted, h.nullAEAD -} - -func (h *cryptoSetupServer) GetSealerForCryptoStream() (protocol.EncryptionLevel, Sealer) { - h.mutex.RLock() - defer h.mutex.RUnlock() - if h.secureAEAD != nil { - return protocol.EncryptionSecure, h.secureAEAD - } - return protocol.EncryptionUnencrypted, h.nullAEAD -} - -func (h *cryptoSetupServer) GetSealerWithEncryptionLevel(encLevel protocol.EncryptionLevel) (Sealer, error) { - h.mutex.RLock() - defer h.mutex.RUnlock() - - switch encLevel { - case protocol.EncryptionUnencrypted: - return h.nullAEAD, nil - case protocol.EncryptionSecure: - if h.secureAEAD == nil { - return nil, errors.New("CryptoSetupServer: no secureAEAD") - } - return h.secureAEAD, nil - case protocol.EncryptionForwardSecure: - if h.forwardSecureAEAD == nil { - return nil, errors.New("CryptoSetupServer: no forwardSecureAEAD") - } - return h.forwardSecureAEAD, nil - } - return nil, errors.New("CryptoSetupServer: no encryption level specified") -} - -func (h *cryptoSetupServer) isInchoateCHLO(cryptoData map[Tag][]byte, cert []byte) bool { - if _, ok := cryptoData[TagPUBS]; !ok { - return true - } - scid, ok := cryptoData[TagSCID] - if !ok || !bytes.Equal(h.scfg.ID, scid) { - return true - } - xlctTag, ok := cryptoData[TagXLCT] - if !ok || len(xlctTag) != 8 { - return true - } - xlct := binary.LittleEndian.Uint64(xlctTag) - if crypto.HashCert(cert) != xlct { - return true - } - return !h.acceptSTK(cryptoData[TagSTK]) -} - -func (h *cryptoSetupServer) acceptSTK(token []byte) bool { - stk, err := h.scfg.cookieGenerator.DecodeToken(token) - if err != nil { - h.logger.Debugf("STK invalid: %s", err.Error()) - return false - } - return h.acceptSTKCallback(h.remoteAddr, stk) -} - -func (h *cryptoSetupServer) handleInchoateCHLO(sni string, chlo []byte, cryptoData map[Tag][]byte) ([]byte, error) { - token, err := h.scfg.cookieGenerator.NewToken(h.remoteAddr) - if err != nil { - return nil, err - } - - replyMap := map[Tag][]byte{ - TagSCFG: h.scfg.Get(), - TagSTK: token, - TagSVID: []byte("quic-go"), - } - - if h.acceptSTK(cryptoData[TagSTK]) { - proof, err := h.scfg.Sign(sni, chlo) - if err != nil { - return nil, err - } - - commonSetHashes := cryptoData[TagCCS] - cachedCertsHashes := cryptoData[TagCCRT] - - certCompressed, err := h.scfg.GetCertsCompressed(sni, commonSetHashes, cachedCertsHashes) - if err != nil { - return nil, err - } - // Token was valid, send more details - replyMap[TagPROF] = proof - replyMap[TagCERT] = certCompressed - } - - message := HandshakeMessage{ - Tag: TagREJ, - Data: replyMap, - } - - var serverReply bytes.Buffer - message.Write(&serverReply) - h.logger.Debugf("Sending %s", message) - return serverReply.Bytes(), nil -} - -func (h *cryptoSetupServer) handleCHLO(sni string, data []byte, cryptoData map[Tag][]byte) ([]byte, error) { - // We have a CHLO matching our server config, we can continue with the 0-RTT handshake - sharedSecret, err := h.scfg.kex.CalculateSharedKey(cryptoData[TagPUBS]) - if err != nil { - return nil, err - } - - h.mutex.Lock() - defer h.mutex.Unlock() - - certUncompressed, err := h.scfg.certChain.GetLeafCert(sni) - if err != nil { - return nil, err - } - - serverNonce := make([]byte, 32) - if _, err = rand.Read(serverNonce); err != nil { - return nil, err - } - - clientNonce := cryptoData[TagNONC] - err = h.validateClientNonce(clientNonce) - if err != nil { - return nil, err - } - - aead := cryptoData[TagAEAD] - if !bytes.Equal(aead, []byte("AESG")) { - return nil, qerr.Error(qerr.CryptoNoSupport, "Unsupported AEAD or KEXS") - } - - kexs := cryptoData[TagKEXS] - if !bytes.Equal(kexs, []byte("C255")) { - return nil, qerr.Error(qerr.CryptoNoSupport, "Unsupported AEAD or KEXS") - } - - h.secureAEAD, err = h.keyDerivation( - false, - sharedSecret, - clientNonce, - h.connID, - data, - h.scfg.Get(), - certUncompressed, - h.diversificationNonce, - protocol.PerspectiveServer, - ) - if err != nil { - return nil, err - } - h.logger.Debugf("Creating AEAD for secure encryption.") - h.handshakeEvent <- struct{}{} - - // Generate a new curve instance to derive the forward secure key - var fsNonce bytes.Buffer - fsNonce.Write(clientNonce) - fsNonce.Write(serverNonce) - ephermalKex, err := h.keyExchange() - if err != nil { - return nil, err - } - ephermalSharedSecret, err := ephermalKex.CalculateSharedKey(cryptoData[TagPUBS]) - if err != nil { - return nil, err - } - - h.forwardSecureAEAD, err = h.keyDerivation( - true, - ephermalSharedSecret, - fsNonce.Bytes(), - h.connID, - data, - h.scfg.Get(), - certUncompressed, - nil, - protocol.PerspectiveServer, - ) - if err != nil { - return nil, err - } - h.logger.Debugf("Creating AEAD for forward-secure encryption.") - - replyMap := h.params.getHelloMap() - // add crypto parameters - verTag := &bytes.Buffer{} - for _, v := range h.supportedVersions { - utils.BigEndian.WriteUint32(verTag, uint32(v)) - } - replyMap[TagPUBS] = ephermalKex.PublicKey() - replyMap[TagSNO] = serverNonce - replyMap[TagVER] = verTag.Bytes() - - // note that the SHLO *has* to fit into one packet - message := HandshakeMessage{ - Tag: TagSHLO, - Data: replyMap, - } - var reply bytes.Buffer - message.Write(&reply) - h.logger.Debugf("Sending %s", message) - return reply.Bytes(), nil -} - -func (h *cryptoSetupServer) ConnectionState() ConnectionState { - h.mutex.Lock() - defer h.mutex.Unlock() - return ConnectionState{ - ServerName: h.sni, - HandshakeComplete: h.receivedForwardSecurePacket, - } -} - -func (h *cryptoSetupServer) validateClientNonce(nonce []byte) error { - if len(nonce) != 32 { - return qerr.Error(qerr.InvalidCryptoMessageParameter, "invalid client nonce length") - } - if !bytes.Equal(nonce[4:12], h.scfg.obit) { - return qerr.Error(qerr.InvalidCryptoMessageParameter, "OBIT not matching") - } - return nil -} diff --git a/internal/handshake/crypto_setup_server_test.go b/internal/handshake/crypto_setup_server_test.go deleted file mode 100644 index 0b82e0ac..00000000 --- a/internal/handshake/crypto_setup_server_test.go +++ /dev/null @@ -1,734 +0,0 @@ -package handshake - -import ( - "bytes" - "encoding/binary" - "errors" - "io" - "net" - "time" - - "github.com/lucas-clemente/quic-go/internal/crypto" - "github.com/lucas-clemente/quic-go/internal/mocks/crypto" - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/utils" - "github.com/lucas-clemente/quic-go/qerr" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -type mockKEX struct { - ephermal bool - sharedKeyError error -} - -func (m *mockKEX) PublicKey() []byte { - if m.ephermal { - return []byte("ephermal pub") - } - return []byte("initial public") -} - -func (m *mockKEX) CalculateSharedKey(otherPublic []byte) ([]byte, error) { - if m.sharedKeyError != nil { - return nil, m.sharedKeyError - } - if m.ephermal { - return []byte("shared ephermal"), nil - } - return []byte("shared key"), nil -} - -type mockSigner struct { - gotCHLO bool -} - -func (s *mockSigner) SignServerProof(sni string, chlo []byte, serverConfigData []byte) ([]byte, error) { - if len(chlo) > 0 { - s.gotCHLO = true - } - return []byte("proof"), nil -} -func (*mockSigner) GetCertsCompressed(sni string, common, cached []byte) ([]byte, error) { - return []byte("certcompressed"), nil -} -func (*mockSigner) GetLeafCert(sni string) ([]byte, error) { - return []byte("certuncompressed"), nil -} - -func mockQuicCryptoKeyDerivation(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte, pers protocol.Perspective) (crypto.AEAD, error) { - return mockcrypto.NewMockAEAD(mockCtrl), nil -} - -type mockStream struct { - unblockRead chan struct{} - dataToRead bytes.Buffer - dataWritten bytes.Buffer -} - -var _ io.ReadWriter = &mockStream{} - -var errMockStreamClosing = errors.New("mock stream closing") - -func newMockStream() *mockStream { - return &mockStream{unblockRead: make(chan struct{})} -} - -// call Close to make Read return -func (s *mockStream) Read(p []byte) (int, error) { - n, _ := s.dataToRead.Read(p) - if n == 0 { // block if there's no data - <-s.unblockRead - return 0, errMockStreamClosing - } - return n, nil // never return an EOF -} - -func (s *mockStream) Write(p []byte) (int, error) { - return s.dataWritten.Write(p) -} - -func (s *mockStream) close() { - close(s.unblockRead) -} - -type mockCookieProtector struct { - decodeErr error -} - -var _ cookieProtector = &mockCookieProtector{} - -func (mockCookieProtector) NewToken(sourceAddr []byte) ([]byte, error) { - return append([]byte("token "), sourceAddr...), nil -} - -func (s mockCookieProtector) DecodeToken(data []byte) ([]byte, error) { - if s.decodeErr != nil { - return nil, s.decodeErr - } - if len(data) < 6 { - return nil, errors.New("token too short") - } - return data[6:], nil -} - -var _ = Describe("Server Crypto Setup", func() { - var ( - kex *mockKEX - signer *mockSigner - scfg *ServerConfig - cs *cryptoSetupServer - stream *mockStream - paramsChan chan TransportParameters - handshakeEvent chan struct{} - handshakeComplete chan struct{} - nonce32 []byte - versionTag []byte - validSTK []byte - aead []byte - kexs []byte - version protocol.VersionNumber - supportedVersions []protocol.VersionNumber - sourceAddrValid bool - ) - - const ( - expectedInitialNonceLen = 32 - expectedFSNonceLen = 64 - ) - - BeforeEach(func() { - var err error - remoteAddr := &net.UDPAddr{IP: net.IPv4(1, 2, 3, 4), Port: 1234} - - // use a buffered channel here, so that we can parse a CHLO without having to receive the TransportParameters to avoid blocking - paramsChan = make(chan TransportParameters, 1) - handshakeEvent = make(chan struct{}, 2) - handshakeComplete = make(chan struct{}) - stream = newMockStream() - kex = &mockKEX{} - signer = &mockSigner{} - scfg, err = NewServerConfig(kex, signer) - nonce32 = make([]byte, 32) - aead = []byte("AESG") - kexs = []byte("C255") - copy(nonce32[4:12], scfg.obit) // set the OBIT value at the right position - versionTag = make([]byte, 4) - binary.BigEndian.PutUint32(versionTag, uint32(protocol.VersionWhatever)) - Expect(err).NotTo(HaveOccurred()) - version = protocol.SupportedVersions[len(protocol.SupportedVersions)-1] - supportedVersions = []protocol.VersionNumber{version, 98, 99} - csInt, err := NewCryptoSetup( - stream, - protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - remoteAddr, - version, - make([]byte, 32), // div nonce - scfg, - &TransportParameters{IdleTimeout: protocol.DefaultIdleTimeout}, - supportedVersions, - nil, - paramsChan, - handshakeEvent, - handshakeComplete, - utils.DefaultLogger, - ) - Expect(err).NotTo(HaveOccurred()) - cs = csInt.(*cryptoSetupServer) - cs.scfg.cookieGenerator.cookieProtector = &mockCookieProtector{} - validSTK, err = cs.scfg.cookieGenerator.NewToken(remoteAddr) - Expect(err).NotTo(HaveOccurred()) - sourceAddrValid = true - cs.acceptSTKCallback = func(_ net.Addr, _ *Cookie) bool { return sourceAddrValid } - cs.keyDerivation = mockQuicCryptoKeyDerivation - cs.keyExchange = func() (crypto.KeyExchange, error) { return &mockKEX{ephermal: true}, nil } - cs.nullAEAD = mockcrypto.NewMockAEAD(mockCtrl) - cs.cryptoStream = stream - }) - - Context("when responding to client messages", func() { - var cert []byte - var xlct []byte - var fullCHLO map[Tag][]byte - - BeforeEach(func() { - xlct = make([]byte, 8) - var err error - cert, err = cs.scfg.certChain.GetLeafCert("") - Expect(err).ToNot(HaveOccurred()) - binary.LittleEndian.PutUint64(xlct, crypto.HashCert(cert)) - fullCHLO = map[Tag][]byte{ - TagSCID: scfg.ID, - TagSNI: []byte("quic.clemente.io"), - TagNONC: nonce32, - TagSTK: validSTK, - TagXLCT: xlct, - TagAEAD: aead, - TagKEXS: kexs, - TagPUBS: bytes.Repeat([]byte{'e'}, 31), - TagVER: versionTag, - } - }) - - It("doesn't support Chrome's no STOP_WAITING experiment", func() { - HandshakeMessage{ - Tag: TagCHLO, - Data: map[Tag][]byte{ - TagNSTP: []byte("foobar"), - }, - }.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).To(MatchError(ErrNSTPExperiment)) - }) - - It("reads the transport parameters sent by the client", func() { - sourceAddrValid = true - fullCHLO[TagICSL] = []byte{0x37, 0x13, 0, 0} - _, err := cs.handleMessage(bytes.Repeat([]byte{'a'}, protocol.MinClientHelloSize), fullCHLO) - Expect(err).ToNot(HaveOccurred()) - var params TransportParameters - Expect(paramsChan).To(Receive(¶ms)) - Expect(params.IdleTimeout).To(Equal(0x1337 * time.Second)) - }) - - It("generates REJ messages", func() { - sourceAddrValid = false - response, err := cs.handleInchoateCHLO("", bytes.Repeat([]byte{'a'}, protocol.MinClientHelloSize), nil) - Expect(err).ToNot(HaveOccurred()) - Expect(response).To(HavePrefix("REJ")) - Expect(response).To(ContainSubstring("initial public")) - Expect(response).ToNot(ContainSubstring("certcompressed")) - Expect(response).ToNot(ContainSubstring("proof")) - Expect(signer.gotCHLO).To(BeFalse()) - }) - - It("REJ messages don't include cert or proof without STK", func() { - sourceAddrValid = false - response, err := cs.handleInchoateCHLO("", bytes.Repeat([]byte{'a'}, protocol.MinClientHelloSize), nil) - Expect(err).ToNot(HaveOccurred()) - Expect(response).To(HavePrefix("REJ")) - Expect(response).ToNot(ContainSubstring("certcompressed")) - Expect(response).ToNot(ContainSubstring("proof")) - Expect(signer.gotCHLO).To(BeFalse()) - }) - - It("REJ messages include cert and proof with valid STK", func() { - sourceAddrValid = true - response, err := cs.handleInchoateCHLO("", bytes.Repeat([]byte{'a'}, protocol.MinClientHelloSize), map[Tag][]byte{ - TagSTK: validSTK, - TagSNI: []byte("foo"), - }) - Expect(err).ToNot(HaveOccurred()) - Expect(response).To(HavePrefix("REJ")) - Expect(response).To(ContainSubstring("certcompressed")) - Expect(response).To(ContainSubstring("proof")) - Expect(signer.gotCHLO).To(BeTrue()) - }) - - It("generates SHLO messages", func() { - var checkedSecure, checkedForwardSecure bool - cs.keyDerivation = func(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte, pers protocol.Perspective) (crypto.AEAD, error) { - if forwardSecure { - Expect(nonces).To(HaveLen(expectedFSNonceLen)) - checkedForwardSecure = true - Expect(sharedSecret).To(Equal([]byte("shared ephermal"))) - } else { - Expect(nonces).To(HaveLen(expectedInitialNonceLen)) - Expect(sharedSecret).To(Equal([]byte("shared key"))) - checkedSecure = true - } - return mockcrypto.NewMockAEAD(mockCtrl), nil - } - - response, err := cs.handleCHLO("", []byte("chlo-data"), map[Tag][]byte{ - TagPUBS: []byte("pubs-c"), - TagNONC: nonce32, - TagAEAD: aead, - TagKEXS: kexs, - }) - Expect(err).ToNot(HaveOccurred()) - Expect(response).To(HavePrefix("SHLO")) - message, err := ParseHandshakeMessage(bytes.NewReader(response)) - Expect(err).ToNot(HaveOccurred()) - Expect(message.Data).To(HaveKeyWithValue(TagPUBS, []byte("ephermal pub"))) - Expect(message.Data).To(HaveKey(TagSNO)) - Expect(message.Data).To(HaveKey(TagVER)) - Expect(message.Data[TagVER]).To(HaveLen(4 * len(supportedVersions))) - for _, v := range supportedVersions { - b := &bytes.Buffer{} - utils.BigEndian.WriteUint32(b, uint32(v)) - Expect(message.Data[TagVER]).To(ContainSubstring(b.String())) - } - Expect(checkedSecure).To(BeTrue()) - Expect(checkedForwardSecure).To(BeTrue()) - }) - - It("handles long handshake", func() { - HandshakeMessage{ - Tag: TagCHLO, - Data: map[Tag][]byte{ - TagSNI: []byte("quic.clemente.io"), - TagSTK: validSTK, - TagPAD: bytes.Repeat([]byte{'a'}, protocol.MinClientHelloSize), - TagVER: versionTag, - }, - }.Write(&stream.dataToRead) - HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).NotTo(HaveOccurred()) - Expect(stream.dataWritten.Bytes()).To(HavePrefix("REJ")) - Expect(handshakeEvent).To(Receive()) // for the switch to secure - Expect(stream.dataWritten.Bytes()).To(ContainSubstring("SHLO")) - Expect(handshakeEvent).To(Receive()) // for the switch to forward secure - Expect(handshakeComplete).ToNot(BeClosed()) - }) - - It("rejects client nonces that have the wrong length", func() { - fullCHLO[TagNONC] = []byte("too short client nonce") - HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.Error(qerr.InvalidCryptoMessageParameter, "invalid client nonce length"))) - }) - - It("rejects client nonces that have the wrong OBIT value", func() { - fullCHLO[TagNONC] = make([]byte, 32) // the OBIT value is nonce[4:12] and here just initialized to 0 - HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.Error(qerr.InvalidCryptoMessageParameter, "OBIT not matching"))) - }) - - It("errors if it can't calculate a shared key", func() { - testErr := errors.New("test error") - kex.sharedKeyError = testErr - HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).To(MatchError(testErr)) - }) - - It("handles 0-RTT handshake", func() { - HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).NotTo(HaveOccurred()) - Expect(stream.dataWritten.Bytes()).To(HavePrefix("SHLO")) - Expect(stream.dataWritten.Bytes()).ToNot(ContainSubstring("REJ")) - Expect(handshakeEvent).To(Receive()) // for the switch to secure - Expect(handshakeEvent).To(Receive()) // for the switch to forward secure - Expect(handshakeComplete).ToNot(BeClosed()) - }) - - It("recognizes inchoate CHLOs missing SCID", func() { - delete(fullCHLO, TagSCID) - Expect(cs.isInchoateCHLO(fullCHLO, cert)).To(BeTrue()) - }) - - It("recognizes inchoate CHLOs missing PUBS", func() { - delete(fullCHLO, TagPUBS) - Expect(cs.isInchoateCHLO(fullCHLO, cert)).To(BeTrue()) - }) - - It("recognizes inchoate CHLOs with missing XLCT", func() { - delete(fullCHLO, TagXLCT) - Expect(cs.isInchoateCHLO(fullCHLO, cert)).To(BeTrue()) - }) - - It("recognizes inchoate CHLOs with wrong length XLCT", func() { - fullCHLO[TagXLCT] = bytes.Repeat([]byte{'f'}, 7) // should be 8 bytes - Expect(cs.isInchoateCHLO(fullCHLO, cert)).To(BeTrue()) - }) - - It("recognizes inchoate CHLOs with wrong XLCT", func() { - fullCHLO[TagXLCT] = bytes.Repeat([]byte{'f'}, 8) - Expect(cs.isInchoateCHLO(fullCHLO, cert)).To(BeTrue()) - }) - - It("recognizes inchoate CHLOs with an invalid STK", func() { - testErr := errors.New("STK invalid") - cs.scfg.cookieGenerator.cookieProtector.(*mockCookieProtector).decodeErr = testErr - Expect(cs.isInchoateCHLO(fullCHLO, cert)).To(BeTrue()) - }) - - It("recognizes proper CHLOs", func() { - Expect(cs.isInchoateCHLO(fullCHLO, cert)).To(BeFalse()) - }) - - It("rejects CHLOs without the version tag", func() { - HandshakeMessage{ - Tag: TagCHLO, - Data: map[Tag][]byte{ - TagSCID: scfg.ID, - TagSNI: []byte("quic.clemente.io"), - }, - }.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.Error(qerr.InvalidCryptoMessageParameter, "client hello missing version tag"))) - }) - - It("rejects CHLOs with a version tag that has the wrong length", func() { - fullCHLO[TagVER] = []byte{0x13, 0x37} // should be 4 bytes - HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.Error(qerr.InvalidCryptoMessageParameter, "incorrect version tag"))) - }) - - It("detects version downgrade attacks", func() { - highestSupportedVersion := supportedVersions[len(supportedVersions)-1] - lowestSupportedVersion := supportedVersions[0] - Expect(highestSupportedVersion).ToNot(Equal(lowestSupportedVersion)) - cs.version = highestSupportedVersion - b := make([]byte, 4) - binary.BigEndian.PutUint32(b, uint32(lowestSupportedVersion)) - fullCHLO[TagVER] = b - HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.Error(qerr.VersionNegotiationMismatch, "Downgrade attack detected"))) - }) - - It("accepts a non-matching version tag in the CHLO, if it is an unsupported version", func() { - supportedVersion := protocol.SupportedVersions[0] - unsupportedVersion := supportedVersion + 1000 - Expect(protocol.IsSupportedVersion(supportedVersions, unsupportedVersion)).To(BeFalse()) - cs.version = supportedVersion - b := make([]byte, 4) - binary.BigEndian.PutUint32(b, uint32(unsupportedVersion)) - fullCHLO[TagVER] = b - HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).ToNot(HaveOccurred()) - }) - - It("errors if the AEAD tag is missing", func() { - delete(fullCHLO, TagAEAD) - HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.Error(qerr.CryptoNoSupport, "Unsupported AEAD or KEXS"))) - }) - - It("errors if the AEAD tag has the wrong value", func() { - fullCHLO[TagAEAD] = []byte("wrong") - HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.Error(qerr.CryptoNoSupport, "Unsupported AEAD or KEXS"))) - }) - - It("errors if the KEXS tag is missing", func() { - delete(fullCHLO, TagKEXS) - HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.Error(qerr.CryptoNoSupport, "Unsupported AEAD or KEXS"))) - }) - - It("errors if the KEXS tag has the wrong value", func() { - fullCHLO[TagKEXS] = []byte("wrong") - HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.Error(qerr.CryptoNoSupport, "Unsupported AEAD or KEXS"))) - }) - }) - - It("errors without SNI", func() { - HandshakeMessage{ - Tag: TagCHLO, - Data: map[Tag][]byte{ - TagSTK: validSTK, - }, - }.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).To(MatchError("CryptoMessageParameterNotFound: SNI required")) - }) - - It("errors with empty SNI", func() { - HandshakeMessage{ - Tag: TagCHLO, - Data: map[Tag][]byte{ - TagSTK: validSTK, - TagSNI: nil, - }, - }.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).To(MatchError("CryptoMessageParameterNotFound: SNI required")) - }) - - It("errors with invalid message", func() { - stream.dataToRead.Write([]byte("invalid message")) - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.HandshakeFailed)) - }) - - It("errors with non-CHLO message", func() { - HandshakeMessage{Tag: TagPAD, Data: nil}.Write(&stream.dataToRead) - err := cs.RunHandshake() - Expect(err).To(MatchError(qerr.InvalidCryptoMessageType)) - }) - - Context("escalating crypto", func() { - doCHLO := func() { - _, err := cs.handleCHLO("", []byte("chlo-data"), map[Tag][]byte{ - TagPUBS: []byte("pubs-c"), - TagNONC: nonce32, - TagAEAD: aead, - TagKEXS: kexs, - }) - Expect(err).ToNot(HaveOccurred()) - Expect(handshakeEvent).To(Receive()) // for the switch to secure - close(cs.sentSHLO) - } - - Context("null encryption", func() { - It("is used initially", func() { - cs.nullAEAD.(*mockcrypto.MockAEAD).EXPECT().Seal(nil, []byte("foobar"), protocol.PacketNumber(10), []byte{}).Return([]byte("foobar signed")) - enc, sealer := cs.GetSealer() - Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) - d := sealer.Seal(nil, []byte("foobar"), 10, []byte{}) - Expect(d).To(Equal([]byte("foobar signed"))) - }) - - It("is used for the crypto stream", func() { - cs.nullAEAD.(*mockcrypto.MockAEAD).EXPECT().Seal(nil, []byte("foobar"), protocol.PacketNumber(0), []byte{}) - enc, sealer := cs.GetSealerForCryptoStream() - Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) - sealer.Seal(nil, []byte("foobar"), 0, []byte{}) - }) - - It("is accepted initially", func() { - cs.nullAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("unencrypted"), protocol.PacketNumber(5), []byte{}).Return([]byte("decrypted"), nil) - d, enc, err := cs.Open(nil, []byte("unencrypted"), 5, []byte{}) - Expect(err).ToNot(HaveOccurred()) - Expect(d).To(Equal([]byte("decrypted"))) - Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) - }) - - It("errors if the has the wrong hash", func() { - cs.nullAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("not unencrypted"), protocol.PacketNumber(5), []byte{}).Return(nil, errors.New("authentication failed")) - _, enc, err := cs.Open(nil, []byte("not unencrypted"), 5, []byte{}) - Expect(err).To(MatchError("authentication failed")) - Expect(enc).To(Equal(protocol.EncryptionUnspecified)) - }) - - It("is still accepted after CHLO", func() { - doCHLO() - // it tries forward secure and secure decryption first - cs.forwardSecureAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("unencrypted"), protocol.PacketNumber(99), []byte{}).Return(nil, errors.New("authentication failed")) - cs.secureAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("unencrypted"), protocol.PacketNumber(99), []byte{}).Return(nil, errors.New("authentication failed")) - cs.nullAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("unencrypted"), protocol.PacketNumber(99), []byte{}) - Expect(cs.secureAEAD).ToNot(BeNil()) - _, enc, err := cs.Open(nil, []byte("unencrypted"), 99, []byte{}) - Expect(err).ToNot(HaveOccurred()) - Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) - }) - - It("is not accepted after receiving secure packet", func() { - doCHLO() - // first receive a secure packet - cs.forwardSecureAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("encrypted"), protocol.PacketNumber(98), []byte{}).Return(nil, errors.New("authentication failed")) - cs.secureAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("encrypted"), protocol.PacketNumber(98), []byte{}).Return([]byte("decrypted"), nil) - d, enc, err := cs.Open(nil, []byte("encrypted"), 98, []byte{}) - Expect(enc).To(Equal(protocol.EncryptionSecure)) - Expect(err).ToNot(HaveOccurred()) - Expect(d).To(Equal([]byte("decrypted"))) - // now receive an unencrypted packet - cs.forwardSecureAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("unencrypted"), protocol.PacketNumber(99), []byte{}).Return(nil, errors.New("authentication failed")) - cs.secureAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("unencrypted"), protocol.PacketNumber(99), []byte{}).Return(nil, errors.New("authentication failed")) - _, enc, err = cs.Open(nil, []byte("unencrypted"), 99, []byte{}) - Expect(err).To(MatchError("authentication failed")) - Expect(enc).To(Equal(protocol.EncryptionUnspecified)) - }) - - It("is not used after CHLO", func() { - doCHLO() - cs.forwardSecureAEAD.(*mockcrypto.MockAEAD).EXPECT().Seal(nil, []byte("foobar"), protocol.PacketNumber(0), []byte{}) - enc, sealer := cs.GetSealer() - Expect(enc).ToNot(Equal(protocol.EncryptionUnencrypted)) - sealer.Seal(nil, []byte("foobar"), 0, []byte{}) - }) - }) - - Context("initial encryption", func() { - It("is accepted after CHLO", func() { - doCHLO() - cs.forwardSecureAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("encrypted"), protocol.PacketNumber(98), []byte{}).Return(nil, errors.New("authentication failed")) - cs.secureAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("encrypted"), protocol.PacketNumber(98), []byte{}).Return([]byte("decrypted"), nil) - d, enc, err := cs.Open(nil, []byte("encrypted"), 98, []byte{}) - Expect(enc).To(Equal(protocol.EncryptionSecure)) - Expect(err).ToNot(HaveOccurred()) - Expect(d).To(Equal([]byte("decrypted"))) - }) - - It("is not accepted after receiving forward secure packet", func() { - doCHLO() - // receive a forward secure packet - cs.forwardSecureAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("forward secure encrypted"), protocol.PacketNumber(11), []byte{}) - _, _, err := cs.Open(nil, []byte("forward secure encrypted"), 11, []byte{}) - Expect(err).ToNot(HaveOccurred()) - // receive a secure packet - cs.forwardSecureAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("encrypted"), protocol.PacketNumber(12), []byte{}).Return(nil, errors.New("authentication failed")) - _, enc, err := cs.Open(nil, []byte("encrypted"), 12, []byte{}) - Expect(err).To(MatchError("authentication failed")) - Expect(enc).To(Equal(protocol.EncryptionUnspecified)) - }) - - It("is used for the crypto stream", func() { - doCHLO() - cs.secureAEAD.(*mockcrypto.MockAEAD).EXPECT().Seal(nil, []byte("foobar"), protocol.PacketNumber(1), []byte{}).Return([]byte("foobar crypto stream")) - enc, sealer := cs.GetSealerForCryptoStream() - Expect(enc).To(Equal(protocol.EncryptionSecure)) - d := sealer.Seal(nil, []byte("foobar"), 1, []byte{}) - Expect(d).To(Equal([]byte("foobar crypto stream"))) - }) - }) - - Context("forward secure encryption", func() { - It("is used after the CHLO", func() { - doCHLO() - cs.forwardSecureAEAD.(*mockcrypto.MockAEAD).EXPECT().Seal(nil, []byte("foobar"), protocol.PacketNumber(20), []byte{}).Return([]byte("foobar forward sec")) - enc, sealer := cs.GetSealer() - Expect(enc).To(Equal(protocol.EncryptionForwardSecure)) - d := sealer.Seal(nil, []byte("foobar"), 20, []byte{}) - Expect(d).To(Equal([]byte("foobar forward sec"))) - }) - - It("regards the handshake as complete once it receives a forward encrypted packet", func() { - doCHLO() - cs.forwardSecureAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("forward secure encrypted"), protocol.PacketNumber(200), []byte{}) - _, _, err := cs.Open(nil, []byte("forward secure encrypted"), 200, []byte{}) - Expect(err).ToNot(HaveOccurred()) - Expect(handshakeComplete).To(BeClosed()) - }) - }) - - Context("reporting the connection state", func() { - It("reports before the handshake completes", func() { - cs.sni = "server name" - state := cs.ConnectionState() - Expect(state.HandshakeComplete).To(BeFalse()) - Expect(state.ServerName).To(Equal("server name")) - }) - - It("reports after the handshake completes", func() { - doCHLO() - // receive a forward secure packet - cs.forwardSecureAEAD.(*mockcrypto.MockAEAD).EXPECT().Open(nil, []byte("forward secure encrypted"), protocol.PacketNumber(11), []byte{}) - _, _, err := cs.Open(nil, []byte("forward secure encrypted"), 11, []byte{}) - Expect(err).ToNot(HaveOccurred()) - state := cs.ConnectionState() - Expect(state.HandshakeComplete).To(BeTrue()) - }) - }) - - Context("forcing encryption levels", func() { - It("forces null encryption", func() { - cs.nullAEAD.(*mockcrypto.MockAEAD).EXPECT().Seal(nil, []byte("foobar"), protocol.PacketNumber(11), []byte{}).Return([]byte("foobar unencrypted")) - sealer, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionUnencrypted) - Expect(err).ToNot(HaveOccurred()) - d := sealer.Seal(nil, []byte("foobar"), 11, []byte{}) - Expect(d).To(Equal([]byte("foobar unencrypted"))) - }) - - It("forces initial encryption", func() { - doCHLO() - cs.secureAEAD.(*mockcrypto.MockAEAD).EXPECT().Seal(nil, []byte("foobar"), protocol.PacketNumber(12), []byte{}).Return([]byte("foobar secure")) - sealer, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionSecure) - Expect(err).ToNot(HaveOccurred()) - d := sealer.Seal(nil, []byte("foobar"), 12, []byte{}) - Expect(d).To(Equal([]byte("foobar secure"))) - }) - - It("errors if no AEAD for initial encryption is available", func() { - sealer, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionSecure) - Expect(err).To(MatchError("CryptoSetupServer: no secureAEAD")) - Expect(sealer).To(BeNil()) - }) - - It("forces forward-secure encryption", func() { - doCHLO() - cs.forwardSecureAEAD.(*mockcrypto.MockAEAD).EXPECT().Seal(nil, []byte("foobar"), protocol.PacketNumber(13), []byte{}).Return([]byte("foobar forward sec")) - sealer, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionForwardSecure) - Expect(err).ToNot(HaveOccurred()) - d := sealer.Seal(nil, []byte("foobar"), 13, []byte{}) - Expect(d).To(Equal([]byte("foobar forward sec"))) - }) - - It("errors of no AEAD for forward-secure encryption is available", func() { - seal, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionForwardSecure) - Expect(err).To(MatchError("CryptoSetupServer: no forwardSecureAEAD")) - Expect(seal).To(BeNil()) - }) - - It("errors if no encryption level is specified", func() { - seal, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionUnspecified) - Expect(err).To(MatchError("CryptoSetupServer: no encryption level specified")) - Expect(seal).To(BeNil()) - }) - }) - }) - - Context("STK verification and creation", func() { - It("requires STK", func() { - sourceAddrValid = false - done, err := cs.handleMessage( - bytes.Repeat([]byte{'a'}, protocol.MinClientHelloSize), - map[Tag][]byte{ - TagSNI: []byte("foo"), - TagVER: versionTag, - }, - ) - Expect(err).ToNot(HaveOccurred()) - Expect(done).To(BeFalse()) - Expect(stream.dataWritten.Bytes()).To(ContainSubstring(string(validSTK))) - Expect(cs.sni).To(Equal("foo")) - }) - - It("works with proper STK", func() { - sourceAddrValid = true - done, err := cs.handleMessage( - bytes.Repeat([]byte{'a'}, protocol.MinClientHelloSize), - map[Tag][]byte{ - TagSNI: []byte("foo"), - TagVER: versionTag, - }, - ) - Expect(err).ToNot(HaveOccurred()) - Expect(done).To(BeFalse()) - }) - }) -}) diff --git a/internal/handshake/crypto_setup_tls_test.go b/internal/handshake/crypto_setup_test.go similarity index 96% rename from internal/handshake/crypto_setup_tls_test.go rename to internal/handshake/crypto_setup_test.go index b53678e1..741a0479 100644 --- a/internal/handshake/crypto_setup_tls_test.go +++ b/internal/handshake/crypto_setup_test.go @@ -57,7 +57,7 @@ var _ = Describe("Crypto Setup TLS", func() { It("returns Handshake() when an error occurs", func() { _, sInitialStream, sHandshakeStream := initStreams() - server, err := NewCryptoSetupTLSServer( + server, err := NewCryptoSetupServer( sInitialStream, sHandshakeStream, protocol.ConnectionID{}, @@ -87,7 +87,7 @@ var _ = Describe("Crypto Setup TLS", func() { It("returns Handshake() when handling a message fails", func() { _, sInitialStream, sHandshakeStream := initStreams() - server, err := NewCryptoSetupTLSServer( + server, err := NewCryptoSetupServer( sInitialStream, sHandshakeStream, protocol.ConnectionID{}, @@ -116,7 +116,7 @@ var _ = Describe("Crypto Setup TLS", func() { It("returns Handshake() when it is closed", func() { _, sInitialStream, sHandshakeStream := initStreams() - server, err := NewCryptoSetupTLSServer( + server, err := NewCryptoSetupServer( sInitialStream, sHandshakeStream, protocol.ConnectionID{}, @@ -162,9 +162,9 @@ var _ = Describe("Crypto Setup TLS", func() { } handshake := func( - client CryptoSetupTLS, + client CryptoSetup, cChunkChan <-chan chunk, - server CryptoSetupTLS, + server CryptoSetup, sChunkChan <-chan chunk) (error /* client error */, error /* server error */) { done := make(chan struct{}) defer close(done) @@ -195,7 +195,7 @@ var _ = Describe("Crypto Setup TLS", func() { handshakeWithTLSConf := func(clientConf, serverConf *tls.Config) (error /* client error */, error /* server error */) { cChunkChan, cInitialStream, cHandshakeStream := initStreams() - client, _, err := NewCryptoSetupTLSClient( + client, _, err := NewCryptoSetupClient( cInitialStream, cHandshakeStream, protocol.ConnectionID{}, @@ -211,7 +211,7 @@ var _ = Describe("Crypto Setup TLS", func() { Expect(err).ToNot(HaveOccurred()) sChunkChan, sInitialStream, sHandshakeStream := initStreams() - server, err := NewCryptoSetupTLSServer( + server, err := NewCryptoSetupServer( sInitialStream, sHandshakeStream, protocol.ConnectionID{}, @@ -250,7 +250,7 @@ var _ = Describe("Crypto Setup TLS", func() { It("signals when it has written the ClientHello", func() { cChunkChan, cInitialStream, cHandshakeStream := initStreams() - client, chChan, err := NewCryptoSetupTLSClient( + client, chChan, err := NewCryptoSetupClient( cInitialStream, cHandshakeStream, protocol.ConnectionID{}, @@ -289,7 +289,7 @@ var _ = Describe("Crypto Setup TLS", func() { var cTransportParametersRcvd, sTransportParametersRcvd *TransportParameters cChunkChan, cInitialStream, cHandshakeStream := initStreams() cTransportParameters := &TransportParameters{IdleTimeout: 0x42 * time.Second} - client, _, err := NewCryptoSetupTLSClient( + client, _, err := NewCryptoSetupClient( cInitialStream, cHandshakeStream, protocol.ConnectionID{}, @@ -309,7 +309,7 @@ var _ = Describe("Crypto Setup TLS", func() { IdleTimeout: 0x1337 * time.Second, StatelessResetToken: bytes.Repeat([]byte{42}, 16), } - server, err := NewCryptoSetupTLSServer( + server, err := NewCryptoSetupServer( sInitialStream, sHandshakeStream, protocol.ConnectionID{}, diff --git a/internal/handshake/data_test.go b/internal/handshake/data_test.go deleted file mode 100644 index 238f7033..00000000 --- a/internal/handshake/data_test.go +++ /dev/null @@ -1,24 +0,0 @@ -package handshake - -import "strings" - -var sampleCHLO = []byte{0x43, 0x48, 0x4c, 0x4f, 0x10, 0x0, 0x0, 0x0, 0x50, 0x41, 0x44, 0x0, 0xf8, 0x3, 0x0, 0x0, 0x53, 0x4e, 0x49, 0x0, 0x7, 0x4, 0x0, 0x0, 0x56, 0x45, 0x52, 0x0, 0xb, 0x4, 0x0, 0x0, 0x43, 0x43, 0x53, 0x0, 0x1b, 0x4, 0x0, 0x0, 0x4d, 0x53, 0x50, 0x43, 0x1f, 0x4, 0x0, 0x0, 0x55, 0x41, 0x49, 0x44, 0x4c, 0x4, 0x0, 0x0, 0x54, 0x43, 0x49, 0x44, 0x50, 0x4, 0x0, 0x0, 0x50, 0x44, 0x4d, 0x44, 0x54, 0x4, 0x0, 0x0, 0x53, 0x52, 0x42, 0x46, 0x58, 0x4, 0x0, 0x0, 0x49, 0x43, 0x53, 0x4c, 0x5c, 0x4, 0x0, 0x0, 0x4e, 0x4f, 0x4e, 0x50, 0x7c, 0x4, 0x0, 0x0, 0x53, 0x43, 0x4c, 0x53, 0x80, 0x4, 0x0, 0x0, 0x43, 0x53, 0x43, 0x54, 0x80, 0x4, 0x0, 0x0, 0x43, 0x4f, 0x50, 0x54, 0x84, 0x4, 0x0, 0x0, 0x43, 0x46, 0x43, 0x57, 0x88, 0x4, 0x0, 0x0, 0x53, 0x46, 0x43, 0x57, 0x8c, 0x4, 0x0, 0x0, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x51, 0x30, 0x33, 0x30, 0x7b, 0x26, 0xe9, 0xe7, 0xe4, 0x5c, 0x71, 0xff, 0x1, 0xe8, 0x81, 0x60, 0x92, 0x92, 0x1a, 0xe8, 0x64, 0x0, 0x0, 0x0, 0x64, 0x65, 0x76, 0x20, 0x43, 0x68, 0x72, 0x6f, 0x6d, 0x65, 0x2f, 0x35, 0x31, 0x2e, 0x30, 0x2e, 0x32, 0x37, 0x30, 0x30, 0x2e, 0x30, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x4d, 0x61, 0x63, 0x20, 0x4f, 0x53, 0x20, 0x58, 0x20, 0x31, 0x30, 0x5f, 0x31, 0x31, 0x5f, 0x34, 0x0, 0x0, 0x0, 0x0, 0x58, 0x35, 0x30, 0x39, 0x0, 0x0, 0x10, 0x0, 0x1e, 0x0, 0x0, 0x0, 0xe1, 0x84, 0x54, 0x1b, 0xe3, 0xd6, 0x7c, 0x1f, 0x69, 0xb2, 0x4e, 0x9e, 0x46, 0xf4, 0x46, 0xdd, 0xab, 0xe5, 0xde, 0x66, 0x94, 0xf6, 0xb2, 0xee, 0x1, 0xc4, 0xa5, 0x77, 0xfe, 0xc9, 0xb, 0xa3, 0x1, 0x0, 0x0, 0x0, 0x46, 0x49, 0x58, 0x44, 0x0, 0x0, 0xf0, 0x0, 0x0, 0x0, 0x60, 0x0} - -var sampleCHLOMap = map[Tag][]byte{ - TagPAD: []byte(strings.Repeat("-", 1016)), - TagSNI: []byte("www.example.org"), - TagVER: []byte("Q030"), - TagCCS: []byte("{&\xe9\xe7\xe4\\q\xff\x01\xe8\x81`\x92\x92\x1a\xe8"), - TagMSPC: []byte("d\x00\x00\x00"), - TagUAID: []byte("dev Chrome/51.0.2700.0 Intel Mac OS X 10_11_4"), - TagTCID: []byte("\x00\x00\x00\x00"), - TagSRBF: []byte("\x00\x00\x10\x00"), - TagICSL: []byte("\x1e\x00\x00\x00"), - TagNONP: []byte("\xe1\x84T\x1b\xe3\xd6|\x1fi\xb2N\x9eF\xf4Fݫ\xe5\xdef\x94\xf6\xb2\xee\x01ĥw\xfe\xc9\v\xa3"), - TagSCLS: []byte("\x01\x00\x00\x00"), - TagCSCT: {}, - TagCOPT: []byte("FIXD"), - TagSFCW: []byte("\x00\x00`\x00"), - TagCFCW: []byte("\x00\x00\xf0\x00"), - TagPDMD: []byte("X509"), -} diff --git a/internal/handshake/ephermal_cache.go b/internal/handshake/ephermal_cache.go deleted file mode 100644 index eb1824d9..00000000 --- a/internal/handshake/ephermal_cache.go +++ /dev/null @@ -1,48 +0,0 @@ -package handshake - -import ( - "sync" - "time" - - "github.com/lucas-clemente/quic-go/internal/crypto" - "github.com/lucas-clemente/quic-go/internal/protocol" -) - -var ( - kexLifetime = protocol.EphermalKeyLifetime - kexCurrent crypto.KeyExchange - kexCurrentTime time.Time - kexMutex sync.RWMutex -) - -// getEphermalKEX returns the currently active KEX, which changes every protocol.EphermalKeyLifetime -// See the explanation from the QUIC crypto doc: -// -// A single connection is the usual scope for forward security, but the security -// difference between an ephemeral key used for a single connection, and one -// used for all connections for 60 seconds is negligible. Thus we can amortise -// the Diffie-Hellman key generation at the server over all the connections in a -// small time span. -func getEphermalKEX() (crypto.KeyExchange, error) { - kexMutex.RLock() - res := kexCurrent - t := kexCurrentTime - kexMutex.RUnlock() - if res != nil && time.Since(t) < kexLifetime { - return res, nil - } - - kexMutex.Lock() - defer kexMutex.Unlock() - // Check if still unfulfilled - if kexCurrent == nil || time.Since(kexCurrentTime) >= kexLifetime { - kex, err := crypto.NewCurve25519KEX() - if err != nil { - return nil, err - } - kexCurrent = kex - kexCurrentTime = time.Now() - return kexCurrent, nil - } - return kexCurrent, nil -} diff --git a/internal/handshake/ephermal_cache_test.go b/internal/handshake/ephermal_cache_test.go deleted file mode 100644 index 69eee338..00000000 --- a/internal/handshake/ephermal_cache_test.go +++ /dev/null @@ -1,35 +0,0 @@ -package handshake - -import ( - "time" - - "github.com/lucas-clemente/quic-go/internal/protocol" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Ephermal KEX", func() { - It("has a consistent KEX", func() { - kex1, err := getEphermalKEX() - Expect(err).ToNot(HaveOccurred()) - Expect(kex1).ToNot(BeNil()) - kex2, err := getEphermalKEX() - Expect(err).ToNot(HaveOccurred()) - Expect(kex2).ToNot(BeNil()) - Expect(kex1).To(Equal(kex2)) - }) - - It("changes KEX", func() { - kexLifetime = 10 * time.Millisecond - defer func() { - kexLifetime = protocol.EphermalKeyLifetime - }() - kex, err := getEphermalKEX() - Expect(err).ToNot(HaveOccurred()) - Expect(kex).ToNot(BeNil()) - time.Sleep(kexLifetime) - kex2, err := getEphermalKEX() - Expect(err).ToNot(HaveOccurred()) - Expect(kex2).ToNot(Equal(kex)) - }) -}) diff --git a/internal/handshake/handshake_message.go b/internal/handshake/handshake_message.go deleted file mode 100644 index cfbd2193..00000000 --- a/internal/handshake/handshake_message.go +++ /dev/null @@ -1,137 +0,0 @@ -package handshake - -import ( - "bytes" - "encoding/binary" - "fmt" - "io" - "sort" - - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/utils" - "github.com/lucas-clemente/quic-go/qerr" -) - -// A HandshakeMessage is a handshake message -type HandshakeMessage struct { - Tag Tag - Data map[Tag][]byte -} - -var _ fmt.Stringer = &HandshakeMessage{} - -// ParseHandshakeMessage reads a crypto message -func ParseHandshakeMessage(r io.Reader) (HandshakeMessage, error) { - slice4 := make([]byte, 4) - - if _, err := io.ReadFull(r, slice4); err != nil { - return HandshakeMessage{}, err - } - messageTag := Tag(binary.LittleEndian.Uint32(slice4)) - - if _, err := io.ReadFull(r, slice4); err != nil { - return HandshakeMessage{}, err - } - nPairs := binary.LittleEndian.Uint32(slice4) - - if nPairs > protocol.CryptoMaxParams { - return HandshakeMessage{}, qerr.CryptoTooManyEntries - } - - index := make([]byte, nPairs*8) - if _, err := io.ReadFull(r, index); err != nil { - return HandshakeMessage{}, err - } - - resultMap := map[Tag][]byte{} - - var dataStart uint32 - for indexPos := 0; indexPos < int(nPairs)*8; indexPos += 8 { - tag := Tag(binary.LittleEndian.Uint32(index[indexPos : indexPos+4])) - dataEnd := binary.LittleEndian.Uint32(index[indexPos+4 : indexPos+8]) - - dataLen := dataEnd - dataStart - if dataLen > protocol.CryptoParameterMaxLength { - return HandshakeMessage{}, qerr.Error(qerr.CryptoInvalidValueLength, "value too long") - } - - data := make([]byte, dataLen) - if _, err := io.ReadFull(r, data); err != nil { - return HandshakeMessage{}, err - } - - resultMap[tag] = data - dataStart = dataEnd - } - - return HandshakeMessage{ - Tag: messageTag, - Data: resultMap}, nil -} - -// Write writes a crypto message -func (h HandshakeMessage) Write(b *bytes.Buffer) { - data := h.Data - utils.LittleEndian.WriteUint32(b, uint32(h.Tag)) - utils.LittleEndian.WriteUint16(b, uint16(len(data))) - utils.LittleEndian.WriteUint16(b, 0) - - // Save current position in the buffer, so that we can update the index in-place later - indexStart := b.Len() - - indexData := make([]byte, 8*len(data)) - b.Write(indexData) // Will be updated later - - offset := uint32(0) - for i, t := range h.getTagsSorted() { - v := data[t] - b.Write(v) - offset += uint32(len(v)) - binary.LittleEndian.PutUint32(indexData[i*8:], uint32(t)) - binary.LittleEndian.PutUint32(indexData[i*8+4:], offset) - } - - // Now we write the index data for real - copy(b.Bytes()[indexStart:], indexData) -} - -func (h *HandshakeMessage) getTagsSorted() []Tag { - tags := make([]Tag, len(h.Data)) - i := 0 - for t := range h.Data { - tags[i] = t - i++ - } - sort.Slice(tags, func(i, j int) bool { - return tags[i] < tags[j] - }) - return tags -} - -func (h HandshakeMessage) String() string { - var pad string - res := tagToString(h.Tag) + ":\n" - for _, tag := range h.getTagsSorted() { - if tag == TagPAD { - pad = fmt.Sprintf("\t%s: (%d bytes)\n", tagToString(tag), len(h.Data[tag])) - } else { - res += fmt.Sprintf("\t%s: %#v\n", tagToString(tag), string(h.Data[tag])) - } - } - - if len(pad) > 0 { - res += pad - } - return res -} - -func tagToString(tag Tag) string { - b := make([]byte, 4) - binary.LittleEndian.PutUint32(b, uint32(tag)) - for i := range b { - if b[i] == 0 { - b[i] = ' ' - } - } - return string(b) -} diff --git a/internal/handshake/handshake_message_test.go b/internal/handshake/handshake_message_test.go deleted file mode 100644 index fc96b120..00000000 --- a/internal/handshake/handshake_message_test.go +++ /dev/null @@ -1,71 +0,0 @@ -package handshake - -import ( - "bytes" - - "github.com/lucas-clemente/quic-go/qerr" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Handshake Message", func() { - Context("when parsing", func() { - It("parses sample CHLO message", func() { - msg, err := ParseHandshakeMessage(bytes.NewReader(sampleCHLO)) - Expect(err).ToNot(HaveOccurred()) - Expect(msg.Tag).To(Equal(TagCHLO)) - Expect(msg.Data).To(Equal(sampleCHLOMap)) - }) - - It("rejects large numbers of pairs", func() { - r := bytes.NewReader([]byte("CHLO\xff\xff\xff\xff")) - _, err := ParseHandshakeMessage(r) - Expect(err).To(MatchError(qerr.CryptoTooManyEntries)) - }) - - It("rejects too long values", func() { - r := bytes.NewReader([]byte{ - 'C', 'H', 'L', 'O', - 1, 0, 0, 0, - 0, 0, 0, 0, - 0xff, 0xff, 0xff, 0xff, - }) - _, err := ParseHandshakeMessage(r) - Expect(err).To(MatchError(qerr.Error(qerr.CryptoInvalidValueLength, "value too long"))) - }) - }) - - Context("when writing", func() { - It("writes sample message", func() { - b := &bytes.Buffer{} - HandshakeMessage{Tag: TagCHLO, Data: sampleCHLOMap}.Write(b) - Expect(b.Bytes()).To(Equal(sampleCHLO)) - }) - }) - - Context("string representation", func() { - It("has a string representation", func() { - str := HandshakeMessage{ - Tag: TagSHLO, - Data: map[Tag][]byte{ - TagAEAD: []byte("foobar"), - TagEXPY: []byte("raboof"), - }, - }.String() - Expect(str[:4]).To(Equal("SHLO")) - Expect(str).To(ContainSubstring("AEAD: \"foobar\"")) - Expect(str).To(ContainSubstring("EXPY: \"raboof\"")) - }) - - It("lists padding separately", func() { - str := HandshakeMessage{ - Tag: TagSHLO, - Data: map[Tag][]byte{ - TagPAD: bytes.Repeat([]byte{0}, 1337), - }, - }.String() - Expect(str).To(ContainSubstring("PAD")) - Expect(str).To(ContainSubstring("1337 bytes")) - }) - }) -}) diff --git a/internal/handshake/interface.go b/internal/handshake/interface.go index 3372e29f..a656df12 100644 --- a/internal/handshake/interface.go +++ b/internal/handshake/interface.go @@ -25,28 +25,17 @@ type tlsExtensionHandler interface { ReceivedExtensions(msgType uint8, exts []qtls.Extension) error } -type baseCryptoSetup interface { +// CryptoSetup handles the handshake and protecting / unprotecting packets +type CryptoSetup interface { RunHandshake() error + io.Closer + + HandleMessage([]byte, protocol.EncryptionLevel) bool ConnectionState() ConnectionState GetSealer() (protocol.EncryptionLevel, Sealer) GetSealerWithEncryptionLevel(protocol.EncryptionLevel) (Sealer, error) -} -// CryptoSetup is the crypto setup used by gQUIC -type CryptoSetup interface { - baseCryptoSetup - - GetSealerForCryptoStream() (protocol.EncryptionLevel, Sealer) - Open(dst, src []byte, pn protocol.PacketNumber, ad []byte) ([]byte, protocol.EncryptionLevel, error) -} - -// CryptoSetupTLS is the crypto setup used by IETF QUIC -type CryptoSetupTLS interface { - baseCryptoSetup - - io.Closer - HandleMessage([]byte, protocol.EncryptionLevel) bool OpenInitial(dst, src []byte, pn protocol.PacketNumber, ad []byte) ([]byte, error) OpenHandshake(dst, src []byte, pn protocol.PacketNumber, ad []byte) ([]byte, error) Open1RTT(dst, src []byte, pn protocol.PacketNumber, ad []byte) ([]byte, error) diff --git a/internal/handshake/server_config.go b/internal/handshake/server_config.go deleted file mode 100644 index b015750b..00000000 --- a/internal/handshake/server_config.go +++ /dev/null @@ -1,73 +0,0 @@ -package handshake - -import ( - "bytes" - "crypto/rand" - - "github.com/lucas-clemente/quic-go/internal/crypto" -) - -// ServerConfig is a server config -type ServerConfig struct { - kex crypto.KeyExchange - certChain crypto.CertChain - ID []byte - obit []byte - cookieGenerator *CookieGenerator -} - -// NewServerConfig creates a new server config -func NewServerConfig(kex crypto.KeyExchange, certChain crypto.CertChain) (*ServerConfig, error) { - id := make([]byte, 16) - _, err := rand.Read(id) - if err != nil { - return nil, err - } - - obit := make([]byte, 8) - if _, err = rand.Read(obit); err != nil { - return nil, err - } - - cookieGenerator, err := NewCookieGenerator() - - if err != nil { - return nil, err - } - - return &ServerConfig{ - kex: kex, - certChain: certChain, - ID: id, - obit: obit, - cookieGenerator: cookieGenerator, - }, nil -} - -// Get the server config binary representation -func (s *ServerConfig) Get() []byte { - var serverConfig bytes.Buffer - msg := HandshakeMessage{ - Tag: TagSCFG, - Data: map[Tag][]byte{ - TagSCID: s.ID, - TagKEXS: []byte("C255"), - TagAEAD: []byte("AESG"), - TagPUBS: append([]byte{0x20, 0x00, 0x00}, s.kex.PublicKey()...), - TagOBIT: s.obit, - TagEXPY: {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, - }, - } - msg.Write(&serverConfig) - return serverConfig.Bytes() -} - -// Sign the server config and CHLO with the server's keyData -func (s *ServerConfig) Sign(sni string, chlo []byte) ([]byte, error) { - return s.certChain.SignServerProof(sni, chlo, s.Get()) -} - -// GetCertsCompressed returns the certificate data -func (s *ServerConfig) GetCertsCompressed(sni string, commonSetHashes, compressedHashes []byte) ([]byte, error) { - return s.certChain.GetCertsCompressed(sni, commonSetHashes, compressedHashes) -} diff --git a/internal/handshake/server_config_client.go b/internal/handshake/server_config_client.go deleted file mode 100644 index 0d6521a4..00000000 --- a/internal/handshake/server_config_client.go +++ /dev/null @@ -1,184 +0,0 @@ -package handshake - -import ( - "bytes" - "encoding/binary" - "errors" - "math" - "time" - - "github.com/lucas-clemente/quic-go/internal/crypto" - "github.com/lucas-clemente/quic-go/internal/utils" - "github.com/lucas-clemente/quic-go/qerr" -) - -type serverConfigClient struct { - raw []byte - ID []byte - obit []byte - expiry time.Time - - kex crypto.KeyExchange - sharedSecret []byte -} - -var ( - errMessageNotServerConfig = errors.New("ServerConfig must have TagSCFG") -) - -// parseServerConfig parses a server config -func parseServerConfig(data []byte) (*serverConfigClient, error) { - message, err := ParseHandshakeMessage(bytes.NewReader(data)) - if err != nil { - return nil, err - } - if message.Tag != TagSCFG { - return nil, errMessageNotServerConfig - } - - scfg := &serverConfigClient{raw: data} - err = scfg.parseValues(message.Data) - if err != nil { - return nil, err - } - - return scfg, nil -} - -func (s *serverConfigClient) parseValues(tagMap map[Tag][]byte) error { - // SCID - scfgID, ok := tagMap[TagSCID] - if !ok { - return qerr.Error(qerr.CryptoMessageParameterNotFound, "SCID") - } - if len(scfgID) != 16 { - return qerr.Error(qerr.CryptoInvalidValueLength, "SCID") - } - s.ID = scfgID - - // KEXS - // TODO: setup Key Exchange - kexs, ok := tagMap[TagKEXS] - if !ok { - return qerr.Error(qerr.CryptoMessageParameterNotFound, "KEXS") - } - if len(kexs)%4 != 0 { - return qerr.Error(qerr.CryptoInvalidValueLength, "KEXS") - } - c255Foundat := -1 - - for i := 0; i < len(kexs)/4; i++ { - if bytes.Equal(kexs[4*i:4*i+4], []byte("C255")) { - c255Foundat = i - break - } - } - if c255Foundat < 0 { - return qerr.Error(qerr.CryptoNoSupport, "KEXS: Could not find C255, other key exchanges are not supported") - } - - // AEAD - aead, ok := tagMap[TagAEAD] - if !ok { - return qerr.Error(qerr.CryptoMessageParameterNotFound, "AEAD") - } - if len(aead)%4 != 0 { - return qerr.Error(qerr.CryptoInvalidValueLength, "AEAD") - } - var aesgFound bool - for i := 0; i < len(aead)/4; i++ { - if bytes.Equal(aead[4*i:4*i+4], []byte("AESG")) { - aesgFound = true - break - } - } - if !aesgFound { - return qerr.Error(qerr.CryptoNoSupport, "AEAD") - } - - // PUBS - pubs, ok := tagMap[TagPUBS] - if !ok { - return qerr.Error(qerr.CryptoMessageParameterNotFound, "PUBS") - } - - var pubsKexs []struct { - Length uint32 - Value []byte - } - var lastLen uint32 - for i := 0; i < len(pubs)-3; i += int(lastLen) + 3 { - // the PUBS value is always prepended by 3 byte little endian length field - - err := binary.Read(bytes.NewReader([]byte{pubs[i], pubs[i+1], pubs[i+2], 0x00}), binary.LittleEndian, &lastLen) - if err != nil { - return qerr.Error(qerr.CryptoInvalidValueLength, "PUBS not decodable") - } - if lastLen == 0 { - return qerr.Error(qerr.CryptoInvalidValueLength, "PUBS") - } - - if i+3+int(lastLen) > len(pubs) { - return qerr.Error(qerr.CryptoInvalidValueLength, "PUBS") - } - - pubsKexs = append(pubsKexs, struct { - Length uint32 - Value []byte - }{lastLen, pubs[i+3 : i+3+int(lastLen)]}) - } - - if c255Foundat >= len(pubsKexs) { - return qerr.Error(qerr.CryptoMessageParameterNotFound, "KEXS not in PUBS") - } - - if pubsKexs[c255Foundat].Length != 32 { - return qerr.Error(qerr.CryptoInvalidValueLength, "PUBS") - } - - var err error - s.kex, err = crypto.NewCurve25519KEX() - if err != nil { - return err - } - - s.sharedSecret, err = s.kex.CalculateSharedKey(pubsKexs[c255Foundat].Value) - if err != nil { - return err - } - - // OBIT - obit, ok := tagMap[TagOBIT] - if !ok { - return qerr.Error(qerr.CryptoMessageParameterNotFound, "OBIT") - } - if len(obit) != 8 { - return qerr.Error(qerr.CryptoInvalidValueLength, "OBIT") - } - s.obit = obit - - // EXPY - expy, ok := tagMap[TagEXPY] - if !ok { - return qerr.Error(qerr.CryptoMessageParameterNotFound, "EXPY") - } - if len(expy) != 8 { - return qerr.Error(qerr.CryptoInvalidValueLength, "EXPY") - } - // make sure that the value doesn't overflow an int64 - // furthermore, values close to MaxInt64 are not a valid input to time.Unix, thus set MaxInt64/2 as the maximum value here - expyTimestamp := utils.MinUint64(binary.LittleEndian.Uint64(expy), math.MaxInt64/2) - s.expiry = time.Unix(int64(expyTimestamp), 0) - - // TODO: implement VER - - return nil -} - -func (s *serverConfigClient) IsExpired() bool { - return s.expiry.Before(time.Now()) -} - -func (s *serverConfigClient) Get() []byte { - return s.raw -} diff --git a/internal/handshake/server_config_client_test.go b/internal/handshake/server_config_client_test.go deleted file mode 100644 index d298e2f4..00000000 --- a/internal/handshake/server_config_client_test.go +++ /dev/null @@ -1,266 +0,0 @@ -package handshake - -import ( - "bytes" - "time" - - "github.com/lucas-clemente/quic-go/internal/crypto" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -// This tagMap can be passed to parseValues and is garantueed to not cause any errors -func getDefaultServerConfigClient() map[Tag][]byte { - return map[Tag][]byte{ - TagSCID: bytes.Repeat([]byte{'F'}, 16), - TagKEXS: []byte("C255"), - TagAEAD: []byte("AESG"), - TagPUBS: append([]byte{0x20, 0x00, 0x00}, bytes.Repeat([]byte{0}, 32)...), - TagOBIT: bytes.Repeat([]byte{0}, 8), - TagEXPY: {0x0, 0x6c, 0x57, 0x78, 0, 0, 0, 0}, // 2033-12-24 - } -} - -var _ = Describe("Server Config", func() { - var tagMap map[Tag][]byte - - BeforeEach(func() { - tagMap = getDefaultServerConfigClient() - }) - - It("returns the parsed server config", func() { - tagMap[TagSCID] = []byte{0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf} - b := &bytes.Buffer{} - HandshakeMessage{Tag: TagSCFG, Data: tagMap}.Write(b) - scfg, err := parseServerConfig(b.Bytes()) - Expect(err).ToNot(HaveOccurred()) - Expect(scfg.ID).To(Equal(tagMap[TagSCID])) - }) - - It("saves the raw server config", func() { - b := &bytes.Buffer{} - HandshakeMessage{Tag: TagSCFG, Data: tagMap}.Write(b) - scfg, err := parseServerConfig(b.Bytes()) - Expect(err).ToNot(HaveOccurred()) - Expect(scfg.raw).To(Equal(b.Bytes())) - }) - - It("tells if a server config is expired", func() { - scfg := &serverConfigClient{} - scfg.expiry = time.Now().Add(-time.Second) - Expect(scfg.IsExpired()).To(BeTrue()) - scfg.expiry = time.Now().Add(time.Second) - Expect(scfg.IsExpired()).To(BeFalse()) - }) - - Context("parsing the server config", func() { - It("rejects a handshake message with the wrong message tag", func() { - var serverConfig bytes.Buffer - HandshakeMessage{Tag: TagCHLO, Data: make(map[Tag][]byte)}.Write(&serverConfig) - _, err := parseServerConfig(serverConfig.Bytes()) - Expect(err).To(MatchError(errMessageNotServerConfig)) - }) - - It("errors on invalid handshake messages", func() { - var serverConfig bytes.Buffer - HandshakeMessage{Tag: TagSCFG, Data: make(map[Tag][]byte)}.Write(&serverConfig) - _, err := parseServerConfig(serverConfig.Bytes()[:serverConfig.Len()-2]) - Expect(err).To(MatchError("unexpected EOF")) - }) - - It("passes on errors encountered when reading the TagMap", func() { - var serverConfig bytes.Buffer - HandshakeMessage{Tag: TagSCFG, Data: make(map[Tag][]byte)}.Write(&serverConfig) - _, err := parseServerConfig(serverConfig.Bytes()) - Expect(err).To(MatchError("CryptoMessageParameterNotFound: SCID")) - }) - - It("reads an example Handshake Message", func() { - var serverConfig bytes.Buffer - HandshakeMessage{Tag: TagSCFG, Data: tagMap}.Write(&serverConfig) - scfg, err := parseServerConfig(serverConfig.Bytes()) - Expect(err).ToNot(HaveOccurred()) - Expect(scfg.ID).To(Equal(tagMap[TagSCID])) - Expect(scfg.obit).To(Equal(tagMap[TagOBIT])) - }) - }) - - Context("Reading values from the TagMap", func() { - var scfg *serverConfigClient - - BeforeEach(func() { - scfg = &serverConfigClient{} - }) - - Context("ServerConfig ID", func() { - It("parses the ServerConfig ID", func() { - id := []byte{0xb2, 0xa4, 0xbb, 0x8f, 0xf6, 0x51, 0x28, 0xfd, 0x4d, 0xf7, 0xb3, 0x9a, 0x91, 0xe7, 0x91, 0xfb} - tagMap[TagSCID] = id - err := scfg.parseValues(tagMap) - Expect(err).ToNot(HaveOccurred()) - Expect(scfg.ID).To(Equal(id)) - }) - - It("errors if the ServerConfig ID is missing", func() { - delete(tagMap, TagSCID) - err := scfg.parseValues(tagMap) - Expect(err).To(MatchError("CryptoMessageParameterNotFound: SCID")) - }) - - It("rejects ServerConfig IDs that have the wrong length", func() { - tagMap[TagSCID] = bytes.Repeat([]byte{'F'}, 17) // 1 byte too long - err := scfg.parseValues(tagMap) - Expect(err).To(MatchError("CryptoInvalidValueLength: SCID")) - }) - }) - - Context("KEXS", func() { - It("rejects KEXS values that have the wrong length", func() { - tagMap[TagKEXS] = bytes.Repeat([]byte{'F'}, 5) // 1 byte too long - err := scfg.parseValues(tagMap) - Expect(err).To(MatchError("CryptoInvalidValueLength: KEXS")) - }) - - It("rejects KEXS values other than C255", func() { - tagMap[TagKEXS] = []byte("P256") - err := scfg.parseValues(tagMap) - Expect(err).To(MatchError("CryptoNoSupport: KEXS: Could not find C255, other key exchanges are not supported")) - }) - - It("errors if the KEXS is missing", func() { - delete(tagMap, TagKEXS) - err := scfg.parseValues(tagMap) - Expect(err).To(MatchError("CryptoMessageParameterNotFound: KEXS")) - }) - }) - - Context("AEAD", func() { - It("rejects AEAD values that have the wrong length", func() { - tagMap[TagAEAD] = bytes.Repeat([]byte{'F'}, 5) // 1 byte too long - err := scfg.parseValues(tagMap) - Expect(err).To(MatchError("CryptoInvalidValueLength: AEAD")) - }) - - It("rejects AEAD values other than AESG", func() { - tagMap[TagAEAD] = []byte("S20P") - err := scfg.parseValues(tagMap) - Expect(err).To(MatchError("CryptoNoSupport: AEAD")) - }) - - It("recognizes AESG in the list of AEADs, at the first position", func() { - tagMap[TagAEAD] = []byte("AESGS20P") - err := scfg.parseValues(tagMap) - Expect(err).ToNot(HaveOccurred()) - }) - - It("recognizes AESG in the list of AEADs, not at the first position", func() { - tagMap[TagAEAD] = []byte("S20PAESG") - err := scfg.parseValues(tagMap) - Expect(err).ToNot(HaveOccurred()) - }) - - It("errors if the AEAD is missing", func() { - delete(tagMap, TagAEAD) - err := scfg.parseValues(tagMap) - Expect(err).To(MatchError("CryptoMessageParameterNotFound: AEAD")) - }) - }) - - Context("PUBS", func() { - It("creates a Curve25519 key exchange", func() { - serverKex, err := crypto.NewCurve25519KEX() - Expect(err).ToNot(HaveOccurred()) - tagMap[TagPUBS] = append([]byte{0x20, 0x00, 0x00}, serverKex.PublicKey()...) - err = scfg.parseValues(tagMap) - Expect(err).ToNot(HaveOccurred()) - sharedSecret, err := serverKex.CalculateSharedKey(scfg.kex.PublicKey()) - Expect(err).ToNot(HaveOccurred()) - Expect(scfg.sharedSecret).To(Equal(sharedSecret)) - }) - - It("rejects PUBS values that have the wrong length", func() { - tagMap[TagPUBS] = bytes.Repeat([]byte{'F'}, 100) // completely wrong length - err := scfg.parseValues(tagMap) - Expect(err).To(MatchError("CryptoInvalidValueLength: PUBS")) - }) - - It("rejects PUBS values that have a zero length", func() { - tagMap[TagPUBS] = bytes.Repeat([]byte{0}, 100) // completely wrong length - err := scfg.parseValues(tagMap) - Expect(err).To(MatchError("CryptoInvalidValueLength: PUBS")) - }) - - It("ensure that C255 Pubs must not be at the first index", func() { - serverKex, err := crypto.NewCurve25519KEX() - Expect(err).ToNot(HaveOccurred()) - tagMap[TagKEXS] = []byte("P256C255") // have another KEXS before C255 - // 3 byte len + 1 byte empty + C255 - tagMap[TagPUBS] = append([]byte{0x01, 0x00, 0x00, 0x00}, append([]byte{0x20, 0x00, 0x00}, serverKex.PublicKey()...)...) - err = scfg.parseValues(tagMap) - Expect(err).ToNot(HaveOccurred()) - sharedSecret, err := serverKex.CalculateSharedKey(scfg.kex.PublicKey()) - Expect(err).ToNot(HaveOccurred()) - Expect(scfg.sharedSecret).To(Equal(sharedSecret)) - }) - - It("errors if the PUBS is missing", func() { - delete(tagMap, TagPUBS) - err := scfg.parseValues(tagMap) - Expect(err).To(MatchError("CryptoMessageParameterNotFound: PUBS")) - }) - }) - - Context("OBIT", func() { - It("parses the OBIT value", func() { - obit := []byte{0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8} - tagMap[TagOBIT] = obit - err := scfg.parseValues(tagMap) - Expect(err).ToNot(HaveOccurred()) - Expect(scfg.obit).To(Equal(obit)) - }) - - It("errors if the OBIT is missing", func() { - delete(tagMap, TagOBIT) - err := scfg.parseValues(tagMap) - Expect(err).To(MatchError("CryptoMessageParameterNotFound: OBIT")) - }) - - It("rejets OBIT values that have the wrong length", func() { - tagMap[TagOBIT] = bytes.Repeat([]byte{'F'}, 7) // 1 byte too short - err := scfg.parseValues(tagMap) - Expect(err).To(MatchError("CryptoInvalidValueLength: OBIT")) - }) - }) - - Context("EXPY", func() { - It("parses the expiry date", func() { - tagMap[TagEXPY] = []byte{0xdc, 0x89, 0x0e, 0x59, 0, 0, 0, 0} // UNIX Timestamp 0x590e89dc = 1494125020 - err := scfg.parseValues(tagMap) - Expect(err).ToNot(HaveOccurred()) - year, month, day := scfg.expiry.UTC().Date() - Expect(year).To(Equal(2017)) - Expect(month).To(Equal(time.Month(5))) - Expect(day).To(Equal(7)) - }) - - It("errors if the EXPY is missing", func() { - delete(tagMap, TagEXPY) - err := scfg.parseValues(tagMap) - Expect(err).To(MatchError("CryptoMessageParameterNotFound: EXPY")) - }) - - It("rejects EXPY values that have the wrong length", func() { - tagMap[TagEXPY] = bytes.Repeat([]byte{'F'}, 9) // 1 byte too long - err := scfg.parseValues(tagMap) - Expect(err).To(MatchError("CryptoInvalidValueLength: EXPY")) - }) - - It("deals with absurdly large timestamps", func() { - tagMap[TagEXPY] = bytes.Repeat([]byte{0xff}, 8) // this would overflow the int64 - err := scfg.parseValues(tagMap) - Expect(err).ToNot(HaveOccurred()) - Expect(scfg.expiry.After(time.Now())).To(BeTrue()) - }) - }) - }) -}) diff --git a/internal/handshake/server_config_test.go b/internal/handshake/server_config_test.go deleted file mode 100644 index f942b487..00000000 --- a/internal/handshake/server_config_test.go +++ /dev/null @@ -1,45 +0,0 @@ -package handshake - -import ( - "bytes" - - "github.com/lucas-clemente/quic-go/internal/crypto" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("ServerConfig", func() { - var ( - kex crypto.KeyExchange - ) - - BeforeEach(func() { - var err error - kex, err = crypto.NewCurve25519KEX() - Expect(err).NotTo(HaveOccurred()) - }) - - It("generates a random ID and OBIT", func() { - scfg1, err := NewServerConfig(kex, nil) - Expect(err).ToNot(HaveOccurred()) - scfg2, err := NewServerConfig(kex, nil) - Expect(err).ToNot(HaveOccurred()) - Expect(scfg1.ID).ToNot(Equal(scfg2.ID)) - Expect(scfg1.obit).ToNot(Equal(scfg2.obit)) - Expect(scfg1.cookieGenerator).ToNot(Equal(scfg2.cookieGenerator)) - }) - - It("gets the proper binary representation", func() { - scfg, err := NewServerConfig(kex, nil) - Expect(err).NotTo(HaveOccurred()) - expected := bytes.NewBuffer([]byte{0x53, 0x43, 0x46, 0x47, 0x6, 0x0, 0x0, 0x0, 0x41, 0x45, 0x41, 0x44, 0x4, 0x0, 0x0, 0x0, 0x53, 0x43, 0x49, 0x44, 0x14, 0x0, 0x0, 0x0, 0x50, 0x55, 0x42, 0x53, 0x37, 0x0, 0x0, 0x0, 0x4b, 0x45, 0x58, 0x53, 0x3b, 0x0, 0x0, 0x0, 0x4f, 0x42, 0x49, 0x54, 0x43, 0x0, 0x0, 0x0, 0x45, 0x58, 0x50, 0x59, 0x4b, 0x0, 0x0, 0x0, 0x41, 0x45, 0x53, 0x47}) - expected.Write(scfg.ID) - expected.Write([]byte{0x20, 0x0, 0x0}) - expected.Write(kex.PublicKey()) - expected.Write([]byte{0x43, 0x32, 0x35, 0x35}) - expected.Write(scfg.obit) - expected.Write([]byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}) - Expect(scfg.Get()).To(Equal(expected.Bytes())) - }) -}) diff --git a/internal/handshake/tags.go b/internal/handshake/tags.go deleted file mode 100644 index cf2a7562..00000000 --- a/internal/handshake/tags.go +++ /dev/null @@ -1,93 +0,0 @@ -package handshake - -// A Tag in the QUIC crypto -type Tag uint32 - -const ( - // TagCHLO is a client hello - TagCHLO Tag = 'C' + 'H'<<8 + 'L'<<16 + 'O'<<24 - // TagREJ is a server hello rejection - TagREJ Tag = 'R' + 'E'<<8 + 'J'<<16 - // TagSCFG is a server config - TagSCFG Tag = 'S' + 'C'<<8 + 'F'<<16 + 'G'<<24 - - // TagPAD is padding - TagPAD Tag = 'P' + 'A'<<8 + 'D'<<16 - // TagSNI is the server name indication - TagSNI Tag = 'S' + 'N'<<8 + 'I'<<16 - // TagVER is the QUIC version - TagVER Tag = 'V' + 'E'<<8 + 'R'<<16 - // TagCCS are the hashes of the common certificate sets - TagCCS Tag = 'C' + 'C'<<8 + 'S'<<16 - // TagCCRT are the hashes of the cached certificates - TagCCRT Tag = 'C' + 'C'<<8 + 'R'<<16 + 'T'<<24 - // TagMSPC is max streams per connection - TagMSPC Tag = 'M' + 'S'<<8 + 'P'<<16 + 'C'<<24 - // TagMIDS is max incoming dyanamic streams - TagMIDS Tag = 'M' + 'I'<<8 + 'D'<<16 + 'S'<<24 - // TagUAID is the user agent ID - TagUAID Tag = 'U' + 'A'<<8 + 'I'<<16 + 'D'<<24 - // TagSVID is the server ID (unofficial tag by us :) - TagSVID Tag = 'S' + 'V'<<8 + 'I'<<16 + 'D'<<24 - // TagTCID is truncation of the connection ID - TagTCID Tag = 'T' + 'C'<<8 + 'I'<<16 + 'D'<<24 - // TagPDMD is the proof demand - TagPDMD Tag = 'P' + 'D'<<8 + 'M'<<16 + 'D'<<24 - // TagSRBF is the socket receive buffer - TagSRBF Tag = 'S' + 'R'<<8 + 'B'<<16 + 'F'<<24 - // TagICSL is the idle connection state lifetime - TagICSL Tag = 'I' + 'C'<<8 + 'S'<<16 + 'L'<<24 - // TagNONP is the client proof nonce - TagNONP Tag = 'N' + 'O'<<8 + 'N'<<16 + 'P'<<24 - // TagSCLS is the silently close timeout - TagSCLS Tag = 'S' + 'C'<<8 + 'L'<<16 + 'S'<<24 - // TagCSCT is the signed cert timestamp (RFC6962) of leaf cert - TagCSCT Tag = 'C' + 'S'<<8 + 'C'<<16 + 'T'<<24 - // TagCOPT are the connection options - TagCOPT Tag = 'C' + 'O'<<8 + 'P'<<16 + 'T'<<24 - // TagCFCW is the initial session/connection flow control receive window - TagCFCW Tag = 'C' + 'F'<<8 + 'C'<<16 + 'W'<<24 - // TagSFCW is the initial stream flow control receive window. - TagSFCW Tag = 'S' + 'F'<<8 + 'C'<<16 + 'W'<<24 - - // TagNSTP is the no STOP_WAITING experiment - // currently unsupported by quic-go - TagNSTP Tag = 'N' + 'S'<<8 + 'T'<<16 + 'P'<<24 - - // TagSTK is the source-address token - TagSTK Tag = 'S' + 'T'<<8 + 'K'<<16 - // TagSNO is the server nonce - TagSNO Tag = 'S' + 'N'<<8 + 'O'<<16 - // TagPROF is the server proof - TagPROF Tag = 'P' + 'R'<<8 + 'O'<<16 + 'F'<<24 - - // TagNONC is the client nonce - TagNONC Tag = 'N' + 'O'<<8 + 'N'<<16 + 'C'<<24 - // TagXLCT is the expected leaf certificate - TagXLCT Tag = 'X' + 'L'<<8 + 'C'<<16 + 'T'<<24 - - // TagSCID is the server config ID - TagSCID Tag = 'S' + 'C'<<8 + 'I'<<16 + 'D'<<24 - // TagKEXS is the list of key exchange algos - TagKEXS Tag = 'K' + 'E'<<8 + 'X'<<16 + 'S'<<24 - // TagAEAD is the list of AEAD algos - TagAEAD Tag = 'A' + 'E'<<8 + 'A'<<16 + 'D'<<24 - // TagPUBS is the public value for the KEX - TagPUBS Tag = 'P' + 'U'<<8 + 'B'<<16 + 'S'<<24 - // TagOBIT is the client orbit - TagOBIT Tag = 'O' + 'B'<<8 + 'I'<<16 + 'T'<<24 - // TagEXPY is the server config expiry - TagEXPY Tag = 'E' + 'X'<<8 + 'P'<<16 + 'Y'<<24 - // TagCERT is the CERT data - TagCERT Tag = 0xff545243 - - // TagSHLO is the server hello - TagSHLO Tag = 'S' + 'H'<<8 + 'L'<<16 + 'O'<<24 - - // TagPRST is the public reset tag - TagPRST Tag = 'P' + 'R'<<8 + 'S'<<16 + 'T'<<24 - // TagRSEQ is the public reset rejected packet number - TagRSEQ Tag = 'R' + 'S'<<8 + 'E'<<16 + 'Q'<<24 - // TagRNON is the public reset nonce - TagRNON Tag = 'R' + 'N'<<8 + 'O'<<16 + 'N'<<24 -) diff --git a/internal/handshake/tls_extension_handler_client_test.go b/internal/handshake/tls_extension_handler_client_test.go index 9113498a..d191ec79 100644 --- a/internal/handshake/tls_extension_handler_client_test.go +++ b/internal/handshake/tls_extension_handler_client_test.go @@ -17,14 +17,15 @@ var _ = Describe("TLS Extension Handler, for the client", func() { handler *extensionHandlerClient paramsChan <-chan TransportParameters ) + version := protocol.VersionNumber(0x42) BeforeEach(func() { var h tlsExtensionHandler h, paramsChan = newExtensionHandlerClient( &TransportParameters{}, - protocol.VersionWhatever, + version, nil, - protocol.VersionWhatever, + version, utils.DefaultLogger, ) handler = h.(*extensionHandlerClient) @@ -57,6 +58,7 @@ var _ = Describe("TLS Extension Handler, for the client", func() { Type: quicTLSExtensionType, Data: (&encryptedExtensionsTransportParameters{ Parameters: params, + NegotiatedVersion: version, SupportedVersions: []protocol.VersionNumber{handler.version}, }).Marshal(), } diff --git a/internal/handshake/transport_parameter_test.go b/internal/handshake/transport_parameter_test.go index 4697fcbe..8444f864 100644 --- a/internal/handshake/transport_parameter_test.go +++ b/internal/handshake/transport_parameter_test.go @@ -12,260 +12,164 @@ import ( ) var _ = Describe("Transport Parameters", func() { - Context("for gQUIC", func() { - Context("parsing", func() { - It("sets all values", func() { - values := map[Tag][]byte{ - TagSFCW: {0xad, 0xfb, 0xca, 0xde}, - TagCFCW: {0xef, 0xbe, 0xad, 0xde}, - TagICSL: {0x0d, 0xf0, 0xad, 0xba}, - TagMIDS: {0xff, 0x10, 0x00, 0xc0}, - } - params, err := readHelloMap(values) - Expect(err).ToNot(HaveOccurred()) - Expect(params.StreamFlowControlWindow).To(Equal(protocol.ByteCount(0xdecafbad))) - Expect(params.ConnectionFlowControlWindow).To(Equal(protocol.ByteCount(0xdeadbeef))) - Expect(params.IdleTimeout).To(Equal(time.Duration(0xbaadf00d) * time.Second)) - Expect(params.MaxStreams).To(Equal(uint32(0xc00010ff))) - Expect(params.OmitConnectionID).To(BeFalse()) - }) + It("has a string representation", func() { + p := &TransportParameters{ + StreamFlowControlWindow: 0x1234, + ConnectionFlowControlWindow: 0x4321, + MaxBidiStreams: 1337, + MaxUniStreams: 7331, + IdleTimeout: 42 * time.Second, + } + Expect(p.String()).To(Equal("&handshake.TransportParameters{StreamFlowControlWindow: 0x1234, ConnectionFlowControlWindow: 0x4321, MaxBidiStreams: 1337, MaxUniStreams: 7331, IdleTimeout: 42s}")) + }) - It("reads if the connection ID should be omitted", func() { - values := map[Tag][]byte{TagTCID: {0, 0, 0, 0}} - params, err := readHelloMap(values) - Expect(err).ToNot(HaveOccurred()) - Expect(params.OmitConnectionID).To(BeTrue()) - }) + Context("parsing", func() { + var ( + params *TransportParameters + parameters map[transportParameterID][]byte + statelessResetToken []byte + ) - It("doesn't allow idle timeouts below the minimum remote idle timeout", func() { - t := 2 * time.Second - Expect(t).To(BeNumerically("<", protocol.MinRemoteIdleTimeout)) - values := map[Tag][]byte{ - TagICSL: {uint8(t.Seconds()), 0, 0, 0}, - } - params, err := readHelloMap(values) - Expect(err).ToNot(HaveOccurred()) - Expect(params.IdleTimeout).To(Equal(protocol.MinRemoteIdleTimeout)) - }) + marshal := func(p map[transportParameterID][]byte) []byte { + b := &bytes.Buffer{} + for id, val := range p { + utils.BigEndian.WriteUint16(b, uint16(id)) + utils.BigEndian.WriteUint16(b, uint16(len(val))) + b.Write(val) + } + return b.Bytes() + } - It("errors when given an invalid SFCW value", func() { - values := map[Tag][]byte{TagSFCW: {2, 0, 0}} // 1 byte too short - _, err := readHelloMap(values) - Expect(err).To(MatchError(errMalformedTag)) - }) - - It("errors when given an invalid CFCW value", func() { - values := map[Tag][]byte{TagCFCW: {2, 0, 0}} // 1 byte too short - _, err := readHelloMap(values) - Expect(err).To(MatchError(errMalformedTag)) - }) - - It("errors when given an invalid TCID value", func() { - values := map[Tag][]byte{TagTCID: {2, 0, 0}} // 1 byte too short - _, err := readHelloMap(values) - Expect(err).To(MatchError(errMalformedTag)) - }) - - It("errors when given an invalid ICSL value", func() { - values := map[Tag][]byte{TagICSL: {2, 0, 0}} // 1 byte too short - _, err := readHelloMap(values) - Expect(err).To(MatchError(errMalformedTag)) - }) - - It("errors when given an invalid MIDS value", func() { - values := map[Tag][]byte{TagMIDS: {2, 0, 0}} // 1 byte too short - _, err := readHelloMap(values) - Expect(err).To(MatchError(errMalformedTag)) - }) + BeforeEach(func() { + params = &TransportParameters{} + statelessResetToken = bytes.Repeat([]byte{42}, 16) + parameters = map[transportParameterID][]byte{ + initialMaxStreamDataParameterID: {0x11, 0x22, 0x33, 0x44}, + initialMaxDataParameterID: {0x22, 0x33, 0x44, 0x55}, + initialMaxBidiStreamsParameterID: {0x33, 0x44}, + initialMaxUniStreamsParameterID: {0x44, 0x55}, + idleTimeoutParameterID: {0x13, 0x37}, + maxPacketSizeParameterID: {0x73, 0x31}, + disableMigrationParameterID: {}, + statelessResetTokenParameterID: statelessResetToken, + } + }) + It("reads parameters", func() { + err := params.unmarshal(marshal(parameters)) + Expect(err).ToNot(HaveOccurred()) + Expect(params.StreamFlowControlWindow).To(Equal(protocol.ByteCount(0x11223344))) + Expect(params.ConnectionFlowControlWindow).To(Equal(protocol.ByteCount(0x22334455))) + Expect(params.MaxBidiStreams).To(Equal(uint16(0x3344))) + Expect(params.MaxUniStreams).To(Equal(uint16(0x4455))) + Expect(params.IdleTimeout).To(Equal(0x1337 * time.Second)) + Expect(params.MaxPacketSize).To(Equal(protocol.ByteCount(0x7331))) + Expect(params.DisableMigration).To(BeTrue()) + Expect(params.StatelessResetToken).To(Equal(statelessResetToken)) }) - Context("writing", func() { - It("returns all necessary parameters ", func() { - params := &TransportParameters{ - StreamFlowControlWindow: 0xdeadbeef, - ConnectionFlowControlWindow: 0xdecafbad, - IdleTimeout: 0xbaaaaaad * time.Second, - MaxStreams: 0x1337, - } - entryMap := params.getHelloMap() - Expect(entryMap).To(HaveLen(4)) - Expect(entryMap).ToNot(HaveKey(TagTCID)) - Expect(entryMap).To(HaveKeyWithValue(TagSFCW, []byte{0xef, 0xbe, 0xad, 0xde})) - Expect(entryMap).To(HaveKeyWithValue(TagCFCW, []byte{0xad, 0xfb, 0xca, 0xde})) - Expect(entryMap).To(HaveKeyWithValue(TagICSL, []byte{0xad, 0xaa, 0xaa, 0xba})) - Expect(entryMap).To(HaveKeyWithValue(TagMIDS, []byte{0x37, 0x13, 0, 0})) - }) + It("errors if a parameter is sent twice", func() { + data := marshal(parameters) + parameters = map[transportParameterID][]byte{ + maxPacketSizeParameterID: {0x73, 0x31}, + } + data = append(data, marshal(parameters)...) + err := params.unmarshal(data) + Expect(err).To(MatchError(fmt.Sprintf("received duplicate transport parameter %#x", maxPacketSizeParameterID))) + }) - It("requests omission of the connection ID", func() { - params := &TransportParameters{OmitConnectionID: true} - entryMap := params.getHelloMap() - Expect(entryMap).To(HaveKeyWithValue(TagTCID, []byte{0, 0, 0, 0})) - }) + It("doesn't allow values below the minimum remote idle timeout", func() { + t := 2 * time.Second + Expect(t).To(BeNumerically("<", protocol.MinRemoteIdleTimeout)) + parameters[idleTimeoutParameterID] = []byte{0, uint8(t.Seconds())} + err := params.unmarshal(marshal(parameters)) + Expect(err).ToNot(HaveOccurred()) + Expect(params.IdleTimeout).To(Equal(protocol.MinRemoteIdleTimeout)) + }) + + It("rejects the parameters if the initial_max_stream_data has the wrong length", func() { + parameters[initialMaxStreamDataParameterID] = []byte{0x11, 0x22, 0x33} // should be 4 bytes + err := params.unmarshal(marshal(parameters)) + Expect(err).To(MatchError("wrong length for initial_max_stream_data: 3 (expected 4)")) + }) + + It("rejects the parameters if the initial_max_data has the wrong length", func() { + parameters[initialMaxDataParameterID] = []byte{0x11, 0x22, 0x33} // should be 4 bytes + err := params.unmarshal(marshal(parameters)) + Expect(err).To(MatchError("wrong length for initial_max_data: 3 (expected 4)")) + }) + + It("rejects the parameters if the initial_max_stream_id_bidi has the wrong length", func() { + parameters[initialMaxBidiStreamsParameterID] = []byte{0x11, 0x22, 0x33} // should be 2 bytes + err := params.unmarshal(marshal(parameters)) + Expect(err).To(MatchError("wrong length for initial_max_stream_id_bidi: 3 (expected 2)")) + }) + + It("rejects the parameters if the initial_max_stream_id_bidi has the wrong length", func() { + parameters[initialMaxUniStreamsParameterID] = []byte{0x11, 0x22, 0x33} // should be 2 bytes + err := params.unmarshal(marshal(parameters)) + Expect(err).To(MatchError("wrong length for initial_max_stream_id_uni: 3 (expected 2)")) + }) + + It("rejects the parameters if the initial_idle_timeout has the wrong length", func() { + parameters[idleTimeoutParameterID] = []byte{0x11, 0x22, 0x33} // should be 2 bytes + err := params.unmarshal(marshal(parameters)) + Expect(err).To(MatchError("wrong length for idle_timeout: 3 (expected 2)")) + }) + + It("rejects the parameters if max_packet_size has the wrong length", func() { + parameters[maxPacketSizeParameterID] = []byte{0x11} // should be 2 bytes + err := params.unmarshal(marshal(parameters)) + Expect(err).To(MatchError("wrong length for max_packet_size: 1 (expected 2)")) + }) + + It("rejects max_packet_sizes smaller than 1200 bytes", func() { + parameters[maxPacketSizeParameterID] = []byte{0x4, 0xaf} // 0x4af = 1199 + err := params.unmarshal(marshal(parameters)) + Expect(err).To(MatchError("invalid value for max_packet_size: 1199 (minimum 1200)")) + }) + + It("rejects the parameters if disable_connection_migration has the wrong length", func() { + parameters[disableMigrationParameterID] = []byte{0x11} // should empty + err := params.unmarshal(marshal(parameters)) + Expect(err).To(MatchError("wrong length for disable_migration: 1 (expected empty)")) + }) + + It("rejects the parameters if the stateless_reset_token has the wrong length", func() { + parameters[statelessResetTokenParameterID] = statelessResetToken[1:] + err := params.unmarshal(marshal(parameters)) + Expect(err).To(MatchError("wrong length for stateless_reset_token: 15 (expected 16)")) + }) + + It("ignores unknown parameters", func() { + parameters[1337] = []byte{42} + err := params.unmarshal(marshal(parameters)) + Expect(err).ToNot(HaveOccurred()) }) }) - Context("for TLS", func() { - It("has a string representation", func() { - p := &TransportParameters{ - StreamFlowControlWindow: 0x1234, - ConnectionFlowControlWindow: 0x4321, - MaxBidiStreams: 1337, - MaxUniStreams: 7331, - IdleTimeout: 42 * time.Second, + Context("marshalling", func() { + It("marshals", func() { + params := &TransportParameters{ + StreamFlowControlWindow: 0xdeadbeef, + ConnectionFlowControlWindow: 0xdecafbad, + IdleTimeout: 0xcafe * time.Second, + MaxBidiStreams: 0x1234, + MaxUniStreams: 0x4321, + DisableMigration: true, + StatelessResetToken: bytes.Repeat([]byte{100}, 16), } - Expect(p.String()).To(Equal("&handshake.TransportParameters{StreamFlowControlWindow: 0x1234, ConnectionFlowControlWindow: 0x4321, MaxBidiStreams: 1337, MaxUniStreams: 7331, IdleTimeout: 42s}")) - }) + b := &bytes.Buffer{} + params.marshal(b) - Context("parsing", func() { - var ( - params *TransportParameters - parameters map[transportParameterID][]byte - statelessResetToken []byte - ) - - marshal := func(p map[transportParameterID][]byte) []byte { - b := &bytes.Buffer{} - for id, val := range p { - utils.BigEndian.WriteUint16(b, uint16(id)) - utils.BigEndian.WriteUint16(b, uint16(len(val))) - b.Write(val) - } - return b.Bytes() - } - - BeforeEach(func() { - params = &TransportParameters{} - statelessResetToken = bytes.Repeat([]byte{42}, 16) - parameters = map[transportParameterID][]byte{ - initialMaxStreamDataParameterID: {0x11, 0x22, 0x33, 0x44}, - initialMaxDataParameterID: {0x22, 0x33, 0x44, 0x55}, - initialMaxBidiStreamsParameterID: {0x33, 0x44}, - initialMaxUniStreamsParameterID: {0x44, 0x55}, - idleTimeoutParameterID: {0x13, 0x37}, - maxPacketSizeParameterID: {0x73, 0x31}, - disableMigrationParameterID: {}, - statelessResetTokenParameterID: statelessResetToken, - } - }) - - It("reads parameters", func() { - err := params.unmarshal(marshal(parameters)) - Expect(err).ToNot(HaveOccurred()) - Expect(params.StreamFlowControlWindow).To(Equal(protocol.ByteCount(0x11223344))) - Expect(params.ConnectionFlowControlWindow).To(Equal(protocol.ByteCount(0x22334455))) - Expect(params.MaxBidiStreams).To(Equal(uint16(0x3344))) - Expect(params.MaxUniStreams).To(Equal(uint16(0x4455))) - Expect(params.IdleTimeout).To(Equal(0x1337 * time.Second)) - Expect(params.OmitConnectionID).To(BeFalse()) - Expect(params.MaxPacketSize).To(Equal(protocol.ByteCount(0x7331))) - Expect(params.DisableMigration).To(BeTrue()) - Expect(params.StatelessResetToken).To(Equal(statelessResetToken)) - }) - - It("errors if a parameter is sent twice", func() { - data := marshal(parameters) - parameters = map[transportParameterID][]byte{ - maxPacketSizeParameterID: {0x73, 0x31}, - } - data = append(data, marshal(parameters)...) - err := params.unmarshal(data) - Expect(err).To(MatchError(fmt.Sprintf("received duplicate transport parameter %#x", maxPacketSizeParameterID))) - }) - - It("doesn't allow values below the minimum remote idle timeout", func() { - t := 2 * time.Second - Expect(t).To(BeNumerically("<", protocol.MinRemoteIdleTimeout)) - parameters[idleTimeoutParameterID] = []byte{0, uint8(t.Seconds())} - err := params.unmarshal(marshal(parameters)) - Expect(err).ToNot(HaveOccurred()) - Expect(params.IdleTimeout).To(Equal(protocol.MinRemoteIdleTimeout)) - }) - - It("rejects the parameters if the initial_max_stream_data has the wrong length", func() { - parameters[initialMaxStreamDataParameterID] = []byte{0x11, 0x22, 0x33} // should be 4 bytes - err := params.unmarshal(marshal(parameters)) - Expect(err).To(MatchError("wrong length for initial_max_stream_data: 3 (expected 4)")) - }) - - It("rejects the parameters if the initial_max_data has the wrong length", func() { - parameters[initialMaxDataParameterID] = []byte{0x11, 0x22, 0x33} // should be 4 bytes - err := params.unmarshal(marshal(parameters)) - Expect(err).To(MatchError("wrong length for initial_max_data: 3 (expected 4)")) - }) - - It("rejects the parameters if the initial_max_stream_id_bidi has the wrong length", func() { - parameters[initialMaxBidiStreamsParameterID] = []byte{0x11, 0x22, 0x33} // should be 2 bytes - err := params.unmarshal(marshal(parameters)) - Expect(err).To(MatchError("wrong length for initial_max_stream_id_bidi: 3 (expected 2)")) - }) - - It("rejects the parameters if the initial_max_stream_id_bidi has the wrong length", func() { - parameters[initialMaxUniStreamsParameterID] = []byte{0x11, 0x22, 0x33} // should be 2 bytes - err := params.unmarshal(marshal(parameters)) - Expect(err).To(MatchError("wrong length for initial_max_stream_id_uni: 3 (expected 2)")) - }) - - It("rejects the parameters if the initial_idle_timeout has the wrong length", func() { - parameters[idleTimeoutParameterID] = []byte{0x11, 0x22, 0x33} // should be 2 bytes - err := params.unmarshal(marshal(parameters)) - Expect(err).To(MatchError("wrong length for idle_timeout: 3 (expected 2)")) - }) - - It("rejects the parameters if max_packet_size has the wrong length", func() { - parameters[maxPacketSizeParameterID] = []byte{0x11} // should be 2 bytes - err := params.unmarshal(marshal(parameters)) - Expect(err).To(MatchError("wrong length for max_packet_size: 1 (expected 2)")) - }) - - It("rejects max_packet_sizes smaller than 1200 bytes", func() { - parameters[maxPacketSizeParameterID] = []byte{0x4, 0xaf} // 0x4af = 1199 - err := params.unmarshal(marshal(parameters)) - Expect(err).To(MatchError("invalid value for max_packet_size: 1199 (minimum 1200)")) - }) - - It("rejects the parameters if disable_connection_migration has the wrong length", func() { - parameters[disableMigrationParameterID] = []byte{0x11} // should empty - err := params.unmarshal(marshal(parameters)) - Expect(err).To(MatchError("wrong length for disable_migration: 1 (expected empty)")) - }) - - It("rejects the parameters if the stateless_reset_token has the wrong length", func() { - parameters[statelessResetTokenParameterID] = statelessResetToken[1:] - err := params.unmarshal(marshal(parameters)) - Expect(err).To(MatchError("wrong length for stateless_reset_token: 15 (expected 16)")) - }) - - It("ignores unknown parameters", func() { - parameters[1337] = []byte{42} - err := params.unmarshal(marshal(parameters)) - Expect(err).ToNot(HaveOccurred()) - }) - }) - - Context("marshalling", func() { - It("marshals", func() { - params := &TransportParameters{ - StreamFlowControlWindow: 0xdeadbeef, - ConnectionFlowControlWindow: 0xdecafbad, - IdleTimeout: 0xcafe * time.Second, - MaxBidiStreams: 0x1234, - MaxUniStreams: 0x4321, - DisableMigration: true, - StatelessResetToken: bytes.Repeat([]byte{100}, 16), - } - b := &bytes.Buffer{} - params.marshal(b) - - p := &TransportParameters{} - Expect(p.unmarshal(b.Bytes())).To(Succeed()) - Expect(p.StreamFlowControlWindow).To(Equal(params.StreamFlowControlWindow)) - Expect(p.ConnectionFlowControlWindow).To(Equal(params.ConnectionFlowControlWindow)) - Expect(p.MaxUniStreams).To(Equal(params.MaxUniStreams)) - Expect(p.MaxBidiStreams).To(Equal(params.MaxBidiStreams)) - Expect(p.IdleTimeout).To(Equal(params.IdleTimeout)) - Expect(p.DisableMigration).To(Equal(params.DisableMigration)) - Expect(p.StatelessResetToken).To(Equal(params.StatelessResetToken)) - }) + p := &TransportParameters{} + Expect(p.unmarshal(b.Bytes())).To(Succeed()) + Expect(p.StreamFlowControlWindow).To(Equal(params.StreamFlowControlWindow)) + Expect(p.ConnectionFlowControlWindow).To(Equal(params.ConnectionFlowControlWindow)) + Expect(p.MaxUniStreams).To(Equal(params.MaxUniStreams)) + Expect(p.MaxBidiStreams).To(Equal(params.MaxBidiStreams)) + Expect(p.IdleTimeout).To(Equal(params.IdleTimeout)) + Expect(p.DisableMigration).To(Equal(params.DisableMigration)) + Expect(p.StatelessResetToken).To(Equal(params.StatelessResetToken)) }) }) }) diff --git a/internal/handshake/transport_parameters.go b/internal/handshake/transport_parameters.go index c94e31f7..024c657f 100644 --- a/internal/handshake/transport_parameters.go +++ b/internal/handshake/transport_parameters.go @@ -9,12 +9,8 @@ import ( "github.com/lucas-clemente/quic-go/internal/protocol" "github.com/lucas-clemente/quic-go/internal/utils" - "github.com/lucas-clemente/quic-go/qerr" ) -// errMalformedTag is returned when the tag value cannot be read -var errMalformedTag = qerr.Error(qerr.InvalidCryptoMessageParameter, "malformed Tag value") - // TransportParameters are parameters sent to the peer during the handshake type TransportParameters struct { StreamFlowControlWindow protocol.ByteCount @@ -22,78 +18,12 @@ type TransportParameters struct { MaxPacketSize protocol.ByteCount - MaxUniStreams uint16 // only used for IETF QUIC - MaxBidiStreams uint16 // only used for IETF QUIC - MaxStreams uint32 // only used for gQUIC + MaxUniStreams uint16 + MaxBidiStreams uint16 - OmitConnectionID bool // only used for gQUIC IdleTimeout time.Duration - DisableMigration bool // only used for IETF QUIC - StatelessResetToken []byte // only used for IETF QUIC -} - -// readHelloMap reads the transport parameters from the tags sent in a gQUIC handshake message -func readHelloMap(tags map[Tag][]byte) (*TransportParameters, error) { - params := &TransportParameters{} - if value, ok := tags[TagTCID]; ok { - v, err := utils.LittleEndian.ReadUint32(bytes.NewBuffer(value)) - if err != nil { - return nil, errMalformedTag - } - params.OmitConnectionID = (v == 0) - } - if value, ok := tags[TagMIDS]; ok { - v, err := utils.LittleEndian.ReadUint32(bytes.NewBuffer(value)) - if err != nil { - return nil, errMalformedTag - } - params.MaxStreams = v - } - if value, ok := tags[TagICSL]; ok { - v, err := utils.LittleEndian.ReadUint32(bytes.NewBuffer(value)) - if err != nil { - return nil, errMalformedTag - } - params.IdleTimeout = utils.MaxDuration(protocol.MinRemoteIdleTimeout, time.Duration(v)*time.Second) - } - if value, ok := tags[TagSFCW]; ok { - v, err := utils.LittleEndian.ReadUint32(bytes.NewBuffer(value)) - if err != nil { - return nil, errMalformedTag - } - params.StreamFlowControlWindow = protocol.ByteCount(v) - } - if value, ok := tags[TagCFCW]; ok { - v, err := utils.LittleEndian.ReadUint32(bytes.NewBuffer(value)) - if err != nil { - return nil, errMalformedTag - } - params.ConnectionFlowControlWindow = protocol.ByteCount(v) - } - return params, nil -} - -// GetHelloMap gets all parameters needed for the Hello message in the gQUIC handshake. -func (p *TransportParameters) getHelloMap() map[Tag][]byte { - sfcw := bytes.NewBuffer([]byte{}) - utils.LittleEndian.WriteUint32(sfcw, uint32(p.StreamFlowControlWindow)) - cfcw := bytes.NewBuffer([]byte{}) - utils.LittleEndian.WriteUint32(cfcw, uint32(p.ConnectionFlowControlWindow)) - mids := bytes.NewBuffer([]byte{}) - utils.LittleEndian.WriteUint32(mids, p.MaxStreams) - icsl := bytes.NewBuffer([]byte{}) - utils.LittleEndian.WriteUint32(icsl, uint32(p.IdleTimeout/time.Second)) - - tags := map[Tag][]byte{ - TagICSL: icsl.Bytes(), - TagMIDS: mids.Bytes(), - TagCFCW: cfcw.Bytes(), - TagSFCW: sfcw.Bytes(), - } - if p.OmitConnectionID { - tags[TagTCID] = []byte{0, 0, 0, 0} - } - return tags + DisableMigration bool + StatelessResetToken []byte } func (p *TransportParameters) unmarshal(data []byte) error { @@ -209,7 +139,6 @@ func (p *TransportParameters) marshal(b *bytes.Buffer) { } // String returns a string representation, intended for logging. -// It should only used for IETF QUIC. func (p *TransportParameters) String() string { return fmt.Sprintf("&handshake.TransportParameters{StreamFlowControlWindow: %#x, ConnectionFlowControlWindow: %#x, MaxBidiStreams: %d, MaxUniStreams: %d, IdleTimeout: %s}", p.StreamFlowControlWindow, p.ConnectionFlowControlWindow, p.MaxBidiStreams, p.MaxUniStreams, p.IdleTimeout) } diff --git a/internal/mocks/ackhandler/sent_packet_handler.go b/internal/mocks/ackhandler/sent_packet_handler.go index aff5a1e1..45d4b000 100644 --- a/internal/mocks/ackhandler/sent_packet_handler.go +++ b/internal/mocks/ackhandler/sent_packet_handler.go @@ -98,18 +98,6 @@ func (mr *MockSentPacketHandlerMockRecorder) GetPacketNumberLen(arg0 interface{} return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetPacketNumberLen", reflect.TypeOf((*MockSentPacketHandler)(nil).GetPacketNumberLen), arg0) } -// GetStopWaitingFrame mocks base method -func (m *MockSentPacketHandler) GetStopWaitingFrame(arg0 bool) *wire.StopWaitingFrame { - ret := m.ctrl.Call(m, "GetStopWaitingFrame", arg0) - ret0, _ := ret[0].(*wire.StopWaitingFrame) - return ret0 -} - -// GetStopWaitingFrame indicates an expected call of GetStopWaitingFrame -func (mr *MockSentPacketHandlerMockRecorder) GetStopWaitingFrame(arg0 interface{}) *gomock.Call { - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetStopWaitingFrame", reflect.TypeOf((*MockSentPacketHandler)(nil).GetStopWaitingFrame), arg0) -} - // OnAlarm mocks base method func (m *MockSentPacketHandler) OnAlarm() error { ret := m.ctrl.Call(m, "OnAlarm") diff --git a/internal/mocks/crypto_setup.go b/internal/mocks/crypto_setup.go new file mode 100644 index 00000000..76b9e755 --- /dev/null +++ b/internal/mocks/crypto_setup.go @@ -0,0 +1,149 @@ +// Code generated by MockGen. DO NOT EDIT. +// Source: github.com/lucas-clemente/quic-go/internal/handshake (interfaces: CryptoSetup) + +// Package mocks is a generated GoMock package. +package mocks + +import ( + reflect "reflect" + + gomock "github.com/golang/mock/gomock" + handshake "github.com/lucas-clemente/quic-go/internal/handshake" + protocol "github.com/lucas-clemente/quic-go/internal/protocol" +) + +// MockCryptoSetup is a mock of CryptoSetup interface +type MockCryptoSetup struct { + ctrl *gomock.Controller + recorder *MockCryptoSetupMockRecorder +} + +// MockCryptoSetupMockRecorder is the mock recorder for MockCryptoSetup +type MockCryptoSetupMockRecorder struct { + mock *MockCryptoSetup +} + +// NewMockCryptoSetup creates a new mock instance +func NewMockCryptoSetup(ctrl *gomock.Controller) *MockCryptoSetup { + mock := &MockCryptoSetup{ctrl: ctrl} + mock.recorder = &MockCryptoSetupMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use +func (m *MockCryptoSetup) EXPECT() *MockCryptoSetupMockRecorder { + return m.recorder +} + +// Close mocks base method +func (m *MockCryptoSetup) Close() error { + ret := m.ctrl.Call(m, "Close") + ret0, _ := ret[0].(error) + return ret0 +} + +// Close indicates an expected call of Close +func (mr *MockCryptoSetupMockRecorder) Close() *gomock.Call { + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Close", reflect.TypeOf((*MockCryptoSetup)(nil).Close)) +} + +// ConnectionState mocks base method +func (m *MockCryptoSetup) ConnectionState() handshake.ConnectionState { + ret := m.ctrl.Call(m, "ConnectionState") + ret0, _ := ret[0].(handshake.ConnectionState) + return ret0 +} + +// ConnectionState indicates an expected call of ConnectionState +func (mr *MockCryptoSetupMockRecorder) ConnectionState() *gomock.Call { + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ConnectionState", reflect.TypeOf((*MockCryptoSetup)(nil).ConnectionState)) +} + +// GetSealer mocks base method +func (m *MockCryptoSetup) GetSealer() (protocol.EncryptionLevel, handshake.Sealer) { + ret := m.ctrl.Call(m, "GetSealer") + ret0, _ := ret[0].(protocol.EncryptionLevel) + ret1, _ := ret[1].(handshake.Sealer) + return ret0, ret1 +} + +// GetSealer indicates an expected call of GetSealer +func (mr *MockCryptoSetupMockRecorder) GetSealer() *gomock.Call { + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetSealer", reflect.TypeOf((*MockCryptoSetup)(nil).GetSealer)) +} + +// GetSealerWithEncryptionLevel mocks base method +func (m *MockCryptoSetup) GetSealerWithEncryptionLevel(arg0 protocol.EncryptionLevel) (handshake.Sealer, error) { + ret := m.ctrl.Call(m, "GetSealerWithEncryptionLevel", arg0) + ret0, _ := ret[0].(handshake.Sealer) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// GetSealerWithEncryptionLevel indicates an expected call of GetSealerWithEncryptionLevel +func (mr *MockCryptoSetupMockRecorder) GetSealerWithEncryptionLevel(arg0 interface{}) *gomock.Call { + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetSealerWithEncryptionLevel", reflect.TypeOf((*MockCryptoSetup)(nil).GetSealerWithEncryptionLevel), arg0) +} + +// HandleMessage mocks base method +func (m *MockCryptoSetup) HandleMessage(arg0 []byte, arg1 protocol.EncryptionLevel) bool { + ret := m.ctrl.Call(m, "HandleMessage", arg0, arg1) + ret0, _ := ret[0].(bool) + return ret0 +} + +// HandleMessage indicates an expected call of HandleMessage +func (mr *MockCryptoSetupMockRecorder) HandleMessage(arg0, arg1 interface{}) *gomock.Call { + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HandleMessage", reflect.TypeOf((*MockCryptoSetup)(nil).HandleMessage), arg0, arg1) +} + +// Open1RTT mocks base method +func (m *MockCryptoSetup) Open1RTT(arg0, arg1 []byte, arg2 protocol.PacketNumber, arg3 []byte) ([]byte, error) { + ret := m.ctrl.Call(m, "Open1RTT", arg0, arg1, arg2, arg3) + ret0, _ := ret[0].([]byte) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// Open1RTT indicates an expected call of Open1RTT +func (mr *MockCryptoSetupMockRecorder) Open1RTT(arg0, arg1, arg2, arg3 interface{}) *gomock.Call { + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Open1RTT", reflect.TypeOf((*MockCryptoSetup)(nil).Open1RTT), arg0, arg1, arg2, arg3) +} + +// OpenHandshake mocks base method +func (m *MockCryptoSetup) OpenHandshake(arg0, arg1 []byte, arg2 protocol.PacketNumber, arg3 []byte) ([]byte, error) { + ret := m.ctrl.Call(m, "OpenHandshake", arg0, arg1, arg2, arg3) + ret0, _ := ret[0].([]byte) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// OpenHandshake indicates an expected call of OpenHandshake +func (mr *MockCryptoSetupMockRecorder) OpenHandshake(arg0, arg1, arg2, arg3 interface{}) *gomock.Call { + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "OpenHandshake", reflect.TypeOf((*MockCryptoSetup)(nil).OpenHandshake), arg0, arg1, arg2, arg3) +} + +// OpenInitial mocks base method +func (m *MockCryptoSetup) OpenInitial(arg0, arg1 []byte, arg2 protocol.PacketNumber, arg3 []byte) ([]byte, error) { + ret := m.ctrl.Call(m, "OpenInitial", arg0, arg1, arg2, arg3) + ret0, _ := ret[0].([]byte) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// OpenInitial indicates an expected call of OpenInitial +func (mr *MockCryptoSetupMockRecorder) OpenInitial(arg0, arg1, arg2, arg3 interface{}) *gomock.Call { + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "OpenInitial", reflect.TypeOf((*MockCryptoSetup)(nil).OpenInitial), arg0, arg1, arg2, arg3) +} + +// RunHandshake mocks base method +func (m *MockCryptoSetup) RunHandshake() error { + ret := m.ctrl.Call(m, "RunHandshake") + ret0, _ := ret[0].(error) + return ret0 +} + +// RunHandshake indicates an expected call of RunHandshake +func (mr *MockCryptoSetupMockRecorder) RunHandshake() *gomock.Call { + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RunHandshake", reflect.TypeOf((*MockCryptoSetup)(nil).RunHandshake)) +} diff --git a/internal/mocks/mockgen.go b/internal/mocks/mockgen.go index 158cb339..23316502 100644 --- a/internal/mocks/mockgen.go +++ b/internal/mocks/mockgen.go @@ -1,6 +1,7 @@ package mocks //go:generate sh -c "../mockgen_internal.sh mocks sealer.go github.com/lucas-clemente/quic-go/internal/handshake Sealer" +//go:generate sh -c "../mockgen_internal.sh mocks crypto_setup.go github.com/lucas-clemente/quic-go/internal/handshake CryptoSetup" //go:generate sh -c "../mockgen_internal.sh mocks stream_flow_controller.go github.com/lucas-clemente/quic-go/internal/flowcontrol StreamFlowController" //go:generate sh -c "../mockgen_internal.sh mockackhandler ackhandler/sent_packet_handler.go github.com/lucas-clemente/quic-go/internal/ackhandler SentPacketHandler" //go:generate sh -c "../mockgen_internal.sh mockackhandler ackhandler/received_packet_handler.go github.com/lucas-clemente/quic-go/internal/ackhandler ReceivedPacketHandler" diff --git a/internal/protocol/encryption_level.go b/internal/protocol/encryption_level.go index ef001f45..4b059b3a 100644 --- a/internal/protocol/encryption_level.go +++ b/internal/protocol/encryption_level.go @@ -7,30 +7,16 @@ type EncryptionLevel int const ( // EncryptionUnspecified is a not specified encryption level EncryptionUnspecified EncryptionLevel = iota - // EncryptionUnencrypted is not encrypted, for gQUIC - EncryptionUnencrypted // EncryptionInitial is the Initial encryption level EncryptionInitial - // EncryptionSecure is encrypted, but not forward secure - EncryptionSecure // EncryptionHandshake is the Handshake encryption level EncryptionHandshake - // EncryptionForwardSecure is forward secure - EncryptionForwardSecure // Encryption1RTT is the 1-RTT encryption level Encryption1RTT ) func (e EncryptionLevel) String() string { switch e { - // gQUIC - case EncryptionUnencrypted: - return "unencrypted" - case EncryptionSecure: - return "encrypted (not forward-secure)" - case EncryptionForwardSecure: - return "forward-secure" - // IETF QUIC case EncryptionInitial: return "Initial" case EncryptionHandshake: diff --git a/internal/protocol/encryption_level_test.go b/internal/protocol/encryption_level_test.go index 79fa4532..bb1eadab 100644 --- a/internal/protocol/encryption_level_test.go +++ b/internal/protocol/encryption_level_test.go @@ -8,9 +8,6 @@ import ( var _ = Describe("Encryption Level", func() { It("has the correct string representation", func() { Expect(EncryptionUnspecified.String()).To(Equal("unknown")) - Expect(EncryptionUnencrypted.String()).To(Equal("unencrypted")) - Expect(EncryptionSecure.String()).To(Equal("encrypted (not forward-secure)")) - Expect(EncryptionForwardSecure.String()).To(Equal("forward-secure")) Expect(EncryptionInitial.String()).To(Equal("Initial")) Expect(EncryptionHandshake.String()).To(Equal("Handshake")) Expect(Encryption1RTT.String()).To(Equal("1-RTT")) diff --git a/internal/protocol/packet_number.go b/internal/protocol/packet_number.go index 41f002f5..3b749b48 100644 --- a/internal/protocol/packet_number.go +++ b/internal/protocol/packet_number.go @@ -8,17 +8,13 @@ func InferPacketNumber( version VersionNumber, ) PacketNumber { var epochDelta PacketNumber - if version.UsesVarintPacketNumbers() { - switch packetNumberLength { - case PacketNumberLen1: - epochDelta = PacketNumber(1) << 7 - case PacketNumberLen2: - epochDelta = PacketNumber(1) << 14 - case PacketNumberLen4: - epochDelta = PacketNumber(1) << 30 - } - } else { - epochDelta = PacketNumber(1) << (uint8(packetNumberLength) * 8) + switch packetNumberLength { + case PacketNumberLen1: + epochDelta = PacketNumber(1) << 7 + case PacketNumberLen2: + epochDelta = PacketNumber(1) << 14 + case PacketNumberLen4: + epochDelta = PacketNumber(1) << 30 } epoch := lastPacketNumber & ^(epochDelta - 1) prevEpochBegin := epoch - epochDelta @@ -48,8 +44,7 @@ func delta(a, b PacketNumber) PacketNumber { // it never chooses a PacketNumberLen of 1 byte, since this is too short under certain circumstances func GetPacketNumberLengthForHeader(packetNumber, leastUnacked PacketNumber, version VersionNumber) PacketNumberLen { diff := uint64(packetNumber - leastUnacked) - if version.UsesVarintPacketNumbers() && diff < (1<<(14-1)) || - !version.UsesVarintPacketNumbers() && diff < (1<<(16-1)) { + if diff < (1 << (14 - 1)) { return PacketNumberLen2 } return PacketNumberLen4 diff --git a/internal/protocol/packet_number_test.go b/internal/protocol/packet_number_test.go index ef5a5e9b..98ebbc1a 100644 --- a/internal/protocol/packet_number_test.go +++ b/internal/protocol/packet_number_test.go @@ -12,17 +12,15 @@ import ( var _ = Describe("packet number calculation", func() { Context("infering a packet number", func() { getEpoch := func(len PacketNumberLen, v VersionNumber) uint64 { - if v.UsesVarintPacketNumbers() { - switch len { - case PacketNumberLen1: - return uint64(1) << 7 - case PacketNumberLen2: - return uint64(1) << 14 - case PacketNumberLen4: - return uint64(1) << 30 - default: - Fail("invalid packet number len") - } + switch len { + case PacketNumberLen1: + return uint64(1) << 7 + case PacketNumberLen2: + return uint64(1) << 14 + case PacketNumberLen4: + return uint64(1) << 30 + default: + Fail("invalid packet number len") } return uint64(1) << (len * 8) } @@ -33,134 +31,128 @@ var _ = Describe("packet number calculation", func() { Expect(InferPacketNumber(length, PacketNumber(last), PacketNumber(wirePacketNumber), v)).To(Equal(PacketNumber(expected))) } - for _, v := range []VersionNumber{Version39, VersionTLS} { - version := v + for _, l := range []PacketNumberLen{PacketNumberLen1, PacketNumberLen2, PacketNumberLen4} { + length := l - Context(fmt.Sprintf("using varint packet numbers: %t", version.UsesVarintPacketNumbers()), func() { - for _, l := range []PacketNumberLen{PacketNumberLen1, PacketNumberLen2, PacketNumberLen4} { - length := l + Context(fmt.Sprintf("with %d bytes", length), func() { + epoch := getEpoch(length, VersionWhatever) + epochMask := epoch - 1 - Context(fmt.Sprintf("with %d bytes", length), func() { - epoch := getEpoch(length, version) - epochMask := epoch - 1 + It("works near epoch start", func() { + // A few quick manual sanity check + check(length, 1, 0, VersionWhatever) + check(length, epoch+1, epochMask, VersionWhatever) + check(length, epoch, epochMask, VersionWhatever) - It("works near epoch start", func() { - // A few quick manual sanity check - check(length, 1, 0, version) - check(length, epoch+1, epochMask, version) - check(length, epoch, epochMask, version) + // Cases where the last number was close to the start of the range. + for last := uint64(0); last < 10; last++ { + // Small numbers should not wrap (even if they're out of order). + for j := uint64(0); j < 10; j++ { + check(length, j, last, VersionWhatever) + } - // Cases where the last number was close to the start of the range. - for last := uint64(0); last < 10; last++ { - // Small numbers should not wrap (even if they're out of order). - for j := uint64(0); j < 10; j++ { - check(length, j, last, version) - } + // Large numbers should not wrap either (because we're near 0 already). + for j := uint64(0); j < 10; j++ { + check(length, epoch-1-j, last, VersionWhatever) + } + } + }) - // Large numbers should not wrap either (because we're near 0 already). - for j := uint64(0); j < 10; j++ { - check(length, epoch-1-j, last, version) - } - } - }) + It("works near epoch end", func() { + // Cases where the last number was close to the end of the range + for i := uint64(0); i < 10; i++ { + last := epoch - i - It("works near epoch end", func() { - // Cases where the last number was close to the end of the range - for i := uint64(0); i < 10; i++ { - last := epoch - i + // Small numbers should wrap. + for j := uint64(0); j < 10; j++ { + check(length, epoch+j, last, VersionWhatever) + } - // Small numbers should wrap. - for j := uint64(0); j < 10; j++ { - check(length, epoch+j, last, version) - } + // Large numbers should not (even if they're out of order). + for j := uint64(0); j < 10; j++ { + check(length, epoch-1-j, last, VersionWhatever) + } + } + }) - // Large numbers should not (even if they're out of order). - for j := uint64(0); j < 10; j++ { - check(length, epoch-1-j, last, version) - } - } - }) + // Next check where we're in a non-zero epoch to verify we handle + // reverse wrapping, too. + It("works near previous epoch", func() { + prevEpoch := 1 * epoch + curEpoch := 2 * epoch + // Cases where the last number was close to the start of the range + for i := uint64(0); i < 10; i++ { + last := curEpoch + i + // Small number should not wrap (even if they're out of order). + for j := uint64(0); j < 10; j++ { + check(length, curEpoch+j, last, VersionWhatever) + } - // Next check where we're in a non-zero epoch to verify we handle - // reverse wrapping, too. - It("works near previous epoch", func() { - prevEpoch := 1 * epoch - curEpoch := 2 * epoch - // Cases where the last number was close to the start of the range - for i := uint64(0); i < 10; i++ { - last := curEpoch + i - // Small number should not wrap (even if they're out of order). - for j := uint64(0); j < 10; j++ { - check(length, curEpoch+j, last, version) - } + // But large numbers should reverse wrap. + for j := uint64(0); j < 10; j++ { + num := epoch - 1 - j + check(length, prevEpoch+num, last, VersionWhatever) + } + } + }) - // But large numbers should reverse wrap. - for j := uint64(0); j < 10; j++ { - num := epoch - 1 - j - check(length, prevEpoch+num, last, version) - } - } - }) + It("works near next epoch", func() { + curEpoch := 2 * epoch + nextEpoch := 3 * epoch + // Cases where the last number was close to the end of the range + for i := uint64(0); i < 10; i++ { + last := nextEpoch - 1 - i - It("works near next epoch", func() { - curEpoch := 2 * epoch - nextEpoch := 3 * epoch - // Cases where the last number was close to the end of the range - for i := uint64(0); i < 10; i++ { - last := nextEpoch - 1 - i + // Small numbers should wrap. + for j := uint64(0); j < 10; j++ { + check(length, nextEpoch+j, last, VersionWhatever) + } - // Small numbers should wrap. - for j := uint64(0); j < 10; j++ { - check(length, nextEpoch+j, last, version) - } + // but large numbers should not (even if they're out of order). + for j := uint64(0); j < 10; j++ { + num := epoch - 1 - j + check(length, curEpoch+num, last, VersionWhatever) + } + } + }) - // but large numbers should not (even if they're out of order). - for j := uint64(0); j < 10; j++ { - num := epoch - 1 - j - check(length, curEpoch+num, last, version) - } - } - }) + It("works near next max", func() { + maxNumber := uint64(math.MaxUint64) + maxEpoch := maxNumber & ^epochMask - It("works near next max", func() { - maxNumber := uint64(math.MaxUint64) - maxEpoch := maxNumber & ^epochMask + // Cases where the last number was close to the end of the range + for i := uint64(0); i < 10; i++ { + // Subtract 1, because the expected next packet number is 1 more than the + // last packet number. + last := maxNumber - i - 1 - // Cases where the last number was close to the end of the range - for i := uint64(0); i < 10; i++ { - // Subtract 1, because the expected next packet number is 1 more than the - // last packet number. - last := maxNumber - i - 1 + // Small numbers should not wrap, because they have nowhere to go. + for j := uint64(0); j < 10; j++ { + check(length, maxEpoch+j, last, VersionWhatever) + } - // Small numbers should not wrap, because they have nowhere to go. - for j := uint64(0); j < 10; j++ { - check(length, maxEpoch+j, last, version) - } - - // Large numbers should not wrap either. - for j := uint64(0); j < 10; j++ { - num := epoch - 1 - j - check(length, maxEpoch+num, last, version) - } - } - }) - }) - } + // Large numbers should not wrap either. + for j := uint64(0); j < 10; j++ { + num := epoch - 1 - j + check(length, maxEpoch+num, last, VersionWhatever) + } + } + }) Context("shortening a packet number for the header", func() { Context("shortening", func() { It("sends out low packet numbers as 2 byte", func() { - length := GetPacketNumberLengthForHeader(4, 2, version) + length := GetPacketNumberLengthForHeader(4, 2, VersionWhatever) Expect(length).To(Equal(PacketNumberLen2)) }) It("sends out high packet numbers as 2 byte, if all ACKs are received", func() { - length := GetPacketNumberLengthForHeader(0xdeadbeef, 0xdeadbeef-1, version) + length := GetPacketNumberLengthForHeader(0xdeadbeef, 0xdeadbeef-1, VersionWhatever) Expect(length).To(Equal(PacketNumberLen2)) }) It("sends out higher packet numbers as 4 bytes, if a lot of ACKs are missing", func() { - length := GetPacketNumberLengthForHeader(40000, 2, version) + length := GetPacketNumberLengthForHeader(40000, 2, VersionWhatever) Expect(length).To(Equal(PacketNumberLen4)) }) }) @@ -170,10 +162,10 @@ var _ = Describe("packet number calculation", func() { for i := uint64(1); i < 10000; i++ { packetNumber := PacketNumber(i) leastUnacked := PacketNumber(1) - length := GetPacketNumberLengthForHeader(packetNumber, leastUnacked, version) + length := GetPacketNumberLengthForHeader(packetNumber, leastUnacked, VersionWhatever) wirePacketNumber := (uint64(packetNumber) << (64 - length*8)) >> (64 - length*8) - inferedPacketNumber := InferPacketNumber(length, leastUnacked, PacketNumber(wirePacketNumber), version) + inferedPacketNumber := InferPacketNumber(length, leastUnacked, PacketNumber(wirePacketNumber), VersionWhatever) Expect(inferedPacketNumber).To(Equal(packetNumber)) } }) @@ -182,28 +174,28 @@ var _ = Describe("packet number calculation", func() { for i := uint64(1); i < 10000; i++ { packetNumber := PacketNumber(i) leastUnacked := PacketNumber(i / 2) - length := GetPacketNumberLengthForHeader(packetNumber, leastUnacked, version) - epochMask := getEpoch(length, version) - 1 + length := GetPacketNumberLengthForHeader(packetNumber, leastUnacked, VersionWhatever) + epochMask := getEpoch(length, VersionWhatever) - 1 wirePacketNumber := uint64(packetNumber) & epochMask - inferedPacketNumber := InferPacketNumber(length, leastUnacked, PacketNumber(wirePacketNumber), version) + inferedPacketNumber := InferPacketNumber(length, leastUnacked, PacketNumber(wirePacketNumber), VersionWhatever) Expect(inferedPacketNumber).To(Equal(packetNumber)) } }) It("also works for larger packet numbers", func() { var increment uint64 - for i := uint64(1); i < getEpoch(PacketNumberLen4, version); i += increment { + for i := uint64(1); i < getEpoch(PacketNumberLen4, VersionWhatever); i += increment { packetNumber := PacketNumber(i) leastUnacked := PacketNumber(1) - length := GetPacketNumberLengthForHeader(packetNumber, leastUnacked, version) - epochMask := getEpoch(length, version) - 1 + length := GetPacketNumberLengthForHeader(packetNumber, leastUnacked, VersionWhatever) + epochMask := getEpoch(length, VersionWhatever) - 1 wirePacketNumber := uint64(packetNumber) & epochMask - inferedPacketNumber := InferPacketNumber(length, leastUnacked, PacketNumber(wirePacketNumber), version) + inferedPacketNumber := InferPacketNumber(length, leastUnacked, PacketNumber(wirePacketNumber), VersionWhatever) Expect(inferedPacketNumber).To(Equal(packetNumber)) - increment = getEpoch(length, version) / 8 + increment = getEpoch(length, VersionWhatever) / 8 } }) @@ -211,10 +203,10 @@ var _ = Describe("packet number calculation", func() { for i := (uint64(1) << 48); i < ((uint64(1) << 63) - 1); i += (uint64(1) << 48) { packetNumber := PacketNumber(i) leastUnacked := PacketNumber(i - 1000) - length := GetPacketNumberLengthForHeader(packetNumber, leastUnacked, version) + length := GetPacketNumberLengthForHeader(packetNumber, leastUnacked, VersionWhatever) wirePacketNumber := (uint64(packetNumber) << (64 - length*8)) >> (64 - length*8) - inferedPacketNumber := InferPacketNumber(length, leastUnacked, PacketNumber(wirePacketNumber), version) + inferedPacketNumber := InferPacketNumber(length, leastUnacked, PacketNumber(wirePacketNumber), VersionWhatever) Expect(inferedPacketNumber).To(Equal(packetNumber)) } }) diff --git a/internal/protocol/protocol.go b/internal/protocol/protocol.go index 2a52f895..327786c8 100644 --- a/internal/protocol/protocol.go +++ b/internal/protocol/protocol.go @@ -23,7 +23,7 @@ const ( PacketNumberLen6 PacketNumberLen = 6 ) -// The PacketType is the Long Header Type (only used for the IETF draft header format) +// The PacketType is the Long Header Type type PacketType uint8 const ( @@ -71,10 +71,7 @@ const MaxReceivePacketSize ByteCount = 1452 // Used in QUIC for congestion window computations in bytes. const DefaultTCPMSS ByteCount = 1460 -// MinClientHelloSize is the minimum size the server expects an inchoate CHLO to have (in gQUIC) -const MinClientHelloSize = 1024 - -// MinInitialPacketSize is the minimum size an Initial packet (in IETF QUIC) is required to have. +// MinInitialPacketSize is the minimum size an Initial packet is required to have. const MinInitialPacketSize = 1200 // MaxClientHellos is the maximum number of times we'll send a client hello @@ -83,8 +80,5 @@ const MinInitialPacketSize = 1200 // * one failure due the server's certificate chain being unavailable and the server being unwilling to send it without a valid source-address token const MaxClientHellos = 3 -// ConnectionIDLenGQUIC is the length of the source Connection ID used on gQUIC QUIC packets. -const ConnectionIDLenGQUIC = 8 - // MinConnectionIDLenInitial is the minimum length of the destination connection ID on an Initial packet. const MinConnectionIDLenInitial = 8 diff --git a/internal/protocol/server_parameters.go b/internal/protocol/server_parameters.go index 8ad8f079..9eb4ce87 100644 --- a/internal/protocol/server_parameters.go +++ b/internal/protocol/server_parameters.go @@ -24,10 +24,6 @@ const InitialCongestionWindow ByteCount = 32 * DefaultTCPMSS // session queues for later until it sends a public reset. const MaxUndecryptablePackets = 10 -// PublicResetTimeout is the time to wait before sending a Public Reset when receiving too many undecryptable packets during the handshake -// This timeout allows the Go scheduler to switch to the Go rountine that reads the crypto stream and to escalate the crypto -const PublicResetTimeout = 500 * time.Millisecond - // ReceiveStreamFlowControlWindow is the stream-level flow control window for receiving data // This is the value that Google servers are using const ReceiveStreamFlowControlWindow = (1 << 10) * 32 // 32 kB @@ -65,12 +61,6 @@ const DefaultMaxIncomingStreams = 100 // DefaultMaxIncomingUniStreams is the maximum number of unidirectional streams that a peer may open const DefaultMaxIncomingUniStreams = 100 -// MaxStreamsMultiplier is the slack the client is allowed for the maximum number of streams per connection, needed e.g. when packets are out of order or dropped. The minimum of this procentual increase and the absolute increment specified by MaxStreamsMinimumIncrement is used. -const MaxStreamsMultiplier = 1.1 - -// MaxStreamsMinimumIncrement is the slack the client is allowed for the maximum number of streams per connection, needed e.g. when packets are out of order or dropped. The minimum of this absolute increment and the procentual increase specified by MaxStreamsMultiplier is used. -const MaxStreamsMinimumIncrement = 10 - // MaxSessionUnprocessedPackets is the max number of packets stored in each session that are not yet processed. const MaxSessionUnprocessedPackets = defaultMaxCongestionWindowPackets @@ -103,20 +93,10 @@ const MaxNonRetransmittableAcks = 19 // prevents DoS attacks against the streamFrameSorter const MaxStreamFrameSorterGaps = 1000 -// CryptoMaxParams is the upper limit for the number of parameters in a crypto message. -// Value taken from Chrome. -const CryptoMaxParams = 128 - -// CryptoParameterMaxLength is the upper limit for the length of a parameter in a crypto message. -const CryptoParameterMaxLength = 4000 - // MaxCryptoStreamOffset is the maximum offset allowed on any of the crypto streams. // This limits the size of the ClientHello and Certificates that can be received. const MaxCryptoStreamOffset = 16 * (1 << 10) -// EphermalKeyLifetime is the lifetime of the ephermal key during the handshake, see handshake.getEphermalKEX. -const EphermalKeyLifetime = time.Minute - // MinRemoteIdleTimeout is the minimum value that we accept for the remote idle timeout const MinRemoteIdleTimeout = 5 * time.Second @@ -130,16 +110,13 @@ const DefaultHandshakeTimeout = 10 * time.Second // after this time all information about the old connection will be deleted const ClosedSessionDeleteTimeout = time.Minute -// NumCachedCertificates is the number of cached compressed certificate chains, each taking ~1K space -const NumCachedCertificates = 128 - // MinStreamFrameSize is the minimum size that has to be left in a packet, so that we add another STREAM frame. // This avoids splitting up STREAM frames into small pieces, which has 2 advantages: // 1. it reduces the framing overhead // 2. it reduces the head-of-line blocking, when a packet is lost const MinStreamFrameSize ByteCount = 128 -// MaxAckFrameSize is the maximum size for an (IETF QUIC) ACK frame that we write +// MaxAckFrameSize is the maximum size for an ACK frame that we write // Due to the varint encoding, ACK frames can grow (almost) indefinitely large. // The MaxAckFrameSize should be large enough to encode many ACK range, // but must ensure that a maximum size ACK frame fits into one packet. diff --git a/internal/protocol/stream_id.go b/internal/protocol/stream_id.go index 7b211c03..edf91425 100644 --- a/internal/protocol/stream_id.go +++ b/internal/protocol/stream_id.go @@ -5,7 +5,6 @@ type StreamID uint64 // MaxBidiStreamID is the highest stream ID that the peer is allowed to open, // when it is allowed to open numStreams bidirectional streams. -// It is only valid for IETF QUIC. func MaxBidiStreamID(numStreams int, pers Perspective) StreamID { if numStreams == 0 { return 0 @@ -21,7 +20,6 @@ func MaxBidiStreamID(numStreams int, pers Perspective) StreamID { // MaxUniStreamID is the highest stream ID that the peer is allowed to open, // when it is allowed to open numStreams unidirectional streams. -// It is only valid for IETF QUIC. func MaxUniStreamID(numStreams int, pers Perspective) StreamID { if numStreams == 0 { return 0 diff --git a/internal/protocol/version.go b/internal/protocol/version.go index 4339086a..9c5d3830 100644 --- a/internal/protocol/version.go +++ b/internal/protocol/version.go @@ -18,32 +18,20 @@ const ( // The version numbers, making grepping easier const ( - Version39 VersionNumber = gquicVersion0 + 3*0x100 + 0x9 - Version43 VersionNumber = gquicVersion0 + 4*0x100 + 0x3 - Version44 VersionNumber = gquicVersion0 + 4*0x100 + 0x4 VersionTLS VersionNumber = 101 - VersionWhatever VersionNumber = 0 // for when the version doesn't matter + VersionWhatever VersionNumber = 1 // for when the version doesn't matter VersionUnknown VersionNumber = math.MaxUint32 ) // SupportedVersions lists the versions that the server supports // must be in sorted descending order -var SupportedVersions = []VersionNumber{ - Version44, - Version43, - Version39, -} +var SupportedVersions = []VersionNumber{VersionTLS} // IsValidVersion says if the version is known to quic-go func IsValidVersion(v VersionNumber) bool { return v == VersionTLS || IsSupportedVersion(SupportedVersions, v) } -// UsesTLS says if this QUIC version uses TLS 1.3 for the handshake -func (vn VersionNumber) UsesTLS() bool { - return !vn.isGQUIC() -} - func (vn VersionNumber) String() string { switch vn { case VersionWhatever: @@ -62,56 +50,9 @@ func (vn VersionNumber) String() string { // ToAltSvc returns the representation of the version for the H2 Alt-Svc parameters func (vn VersionNumber) ToAltSvc() string { - if vn.isGQUIC() { - return fmt.Sprintf("%d", vn.toGQUICVersion()) - } return fmt.Sprintf("%d", vn) } -// IsCryptoStream says if a stream is the gQUIC crypto stream. -// It never returns true for IETF QUIC. -func (vn VersionNumber) IsCryptoStream(id StreamID) bool { - return vn.isGQUIC() && id == 1 -} - -// UsesIETFFrameFormat tells if this version uses the IETF frame format -func (vn VersionNumber) UsesIETFFrameFormat() bool { - return !vn.isGQUIC() -} - -// UsesIETFHeaderFormat tells if this version uses the IETF header format -func (vn VersionNumber) UsesIETFHeaderFormat() bool { - return !vn.isGQUIC() || vn >= Version44 -} - -// UsesLengthInHeader tells if this version uses the Length field in the IETF header -func (vn VersionNumber) UsesLengthInHeader() bool { - return !vn.isGQUIC() -} - -// UsesTokenInHeader tells if this version uses the Token field in the IETF header -func (vn VersionNumber) UsesTokenInHeader() bool { - return !vn.isGQUIC() -} - -// UsesStopWaitingFrames tells if this version uses STOP_WAITING frames -func (vn VersionNumber) UsesStopWaitingFrames() bool { - return vn.isGQUIC() && vn <= Version43 -} - -// UsesVarintPacketNumbers tells if this version uses 7/14/30 bit packet numbers -func (vn VersionNumber) UsesVarintPacketNumbers() bool { - return !vn.isGQUIC() -} - -// StreamContributesToConnectionFlowControl says if a stream contributes to connection-level flow control -func (vn VersionNumber) StreamContributesToConnectionFlowControl(id StreamID) bool { - if !vn.isGQUIC() { - return true - } - return id != 1 && id != 3 -} - func (vn VersionNumber) isGQUIC() bool { return vn > gquicVersion0 && vn <= maxGquicVersion } diff --git a/internal/protocol/version_test.go b/internal/protocol/version_test.go index a294f31b..a526f885 100644 --- a/internal/protocol/version_test.go +++ b/internal/protocol/version_test.go @@ -10,39 +10,18 @@ var _ = Describe("Version", func() { return v&0x0f0f0f0f == 0x0a0a0a0a } - // version numbers taken from the wiki: https://github.com/quicwg/base-drafts/wiki/QUIC-Versions - It("has the right gQUIC version number", func() { - Expect(Version39).To(BeEquivalentTo(0x51303339)) - Expect(Version43).To(BeEquivalentTo(0x51303433)) - Expect(Version44).To(BeEquivalentTo(0x51303434)) - }) - It("says if a version is valid", func() { - Expect(IsValidVersion(Version39)).To(BeTrue()) - Expect(IsValidVersion(Version43)).To(BeTrue()) - Expect(IsValidVersion(Version44)).To(BeTrue()) Expect(IsValidVersion(VersionTLS)).To(BeTrue()) Expect(IsValidVersion(VersionWhatever)).To(BeFalse()) Expect(IsValidVersion(VersionUnknown)).To(BeFalse()) Expect(IsValidVersion(1234)).To(BeFalse()) }) - It("says if a version supports TLS", func() { - Expect(Version39.UsesTLS()).To(BeFalse()) - Expect(Version43.UsesTLS()).To(BeFalse()) - Expect(Version44.UsesTLS()).To(BeFalse()) - Expect(VersionTLS.UsesTLS()).To(BeTrue()) - }) - It("versions don't have reserved version numbers", func() { - Expect(isReservedVersion(Version39)).To(BeFalse()) - Expect(isReservedVersion(Version43)).To(BeFalse()) - Expect(isReservedVersion(Version44)).To(BeFalse()) Expect(isReservedVersion(VersionTLS)).To(BeFalse()) }) It("has the right string representation", func() { - Expect(Version39.String()).To(Equal("gQUIC 39")) Expect(VersionTLS.String()).To(ContainSubstring("TLS")) Expect(VersionWhatever.String()).To(Equal("whatever")) Expect(VersionUnknown.String()).To(Equal("unknown")) @@ -55,88 +34,7 @@ var _ = Describe("Version", func() { }) It("has the right representation for the H2 Alt-Svc tag", func() { - Expect(Version39.ToAltSvc()).To(Equal("39")) - Expect(Version43.ToAltSvc()).To(Equal("43")) - Expect(Version44.ToAltSvc()).To(Equal("44")) Expect(VersionTLS.ToAltSvc()).To(Equal("101")) - // check with unsupported version numbers from the wiki - Expect(VersionNumber(0x51303133).ToAltSvc()).To(Equal("13")) - Expect(VersionNumber(0x51303235).ToAltSvc()).To(Equal("25")) - Expect(VersionNumber(0x51303438).ToAltSvc()).To(Equal("48")) - }) - - It("says if a stream is the crypto stream, for gQUIC", func() { - for _, v := range []VersionNumber{Version39, Version43, Version44} { - version := v - Expect(version.IsCryptoStream(1)).To(BeTrue()) - Expect(version.IsCryptoStream(2)).To(BeFalse()) - Expect(version.IsCryptoStream(3)).To(BeFalse()) - Expect(version.IsCryptoStream(4)).To(BeFalse()) - Expect(version.IsCryptoStream(5)).To(BeFalse()) - } - }) - - It("says if a stream is the crypto stream, for TLS", func() { - // all streams contribute to connection-level flow control - for id := StreamID(0); id < 10; id++ { - Expect(VersionTLS.IsCryptoStream(id)).To(BeFalse()) - } - }) - - It("tells if a version uses the IETF frame types", func() { - Expect(Version39.UsesIETFFrameFormat()).To(BeFalse()) - Expect(Version43.UsesIETFFrameFormat()).To(BeFalse()) - Expect(Version44.UsesIETFFrameFormat()).To(BeFalse()) - Expect(VersionTLS.UsesIETFFrameFormat()).To(BeTrue()) - }) - - It("tells if a version uses the IETF header format", func() { - Expect(Version39.UsesIETFHeaderFormat()).To(BeFalse()) - Expect(Version43.UsesIETFHeaderFormat()).To(BeFalse()) - Expect(Version44.UsesIETFHeaderFormat()).To(BeTrue()) - Expect(VersionTLS.UsesIETFHeaderFormat()).To(BeTrue()) - }) - - It("tells if a version uses varint packet numbers", func() { - Expect(Version39.UsesVarintPacketNumbers()).To(BeFalse()) - Expect(Version43.UsesVarintPacketNumbers()).To(BeFalse()) - Expect(Version44.UsesVarintPacketNumbers()).To(BeFalse()) - Expect(VersionTLS.UsesVarintPacketNumbers()).To(BeTrue()) - }) - - It("tells if a version uses the Length field in the IETF header", func() { - Expect(Version44.UsesLengthInHeader()).To(BeFalse()) - Expect(VersionTLS.UsesLengthInHeader()).To(BeTrue()) - }) - - It("tells if a version uses the Token field in the IETF header", func() { - Expect(Version44.UsesTokenInHeader()).To(BeFalse()) - Expect(VersionTLS.UsesTokenInHeader()).To(BeTrue()) - }) - - It("tells if a version uses STOP_WAITING frames", func() { - Expect(Version39.UsesStopWaitingFrames()).To(BeTrue()) - Expect(Version43.UsesStopWaitingFrames()).To(BeTrue()) - Expect(Version44.UsesStopWaitingFrames()).To(BeFalse()) - Expect(VersionTLS.UsesStopWaitingFrames()).To(BeFalse()) - }) - - It("says if a stream contributes to connection-level flowcontrol, for gQUIC", func() { - for _, v := range []VersionNumber{Version39, Version43, Version44} { - version := v - Expect(version.StreamContributesToConnectionFlowControl(1)).To(BeFalse()) - Expect(version.StreamContributesToConnectionFlowControl(2)).To(BeTrue()) - Expect(version.StreamContributesToConnectionFlowControl(3)).To(BeFalse()) - Expect(version.StreamContributesToConnectionFlowControl(4)).To(BeTrue()) - Expect(version.StreamContributesToConnectionFlowControl(5)).To(BeTrue()) - } - }) - - It("says if a stream contributes to connection-level flowcontrol, for TLS", func() { - // all streams contribute to connection-level flow control - for id := StreamID(0); id < 10; id++ { - Expect(VersionTLS.StreamContributesToConnectionFlowControl(id)).To(BeTrue()) - } }) It("recognizes supported versions", func() { diff --git a/internal/utils/atomic_bool.go b/internal/utils/atomic_bool.go deleted file mode 100644 index cf464250..00000000 --- a/internal/utils/atomic_bool.go +++ /dev/null @@ -1,22 +0,0 @@ -package utils - -import "sync/atomic" - -// An AtomicBool is an atomic bool -type AtomicBool struct { - v int32 -} - -// Set sets the value -func (a *AtomicBool) Set(value bool) { - var n int32 - if value { - n = 1 - } - atomic.StoreInt32(&a.v, n) -} - -// Get gets the value -func (a *AtomicBool) Get() bool { - return atomic.LoadInt32(&a.v) != 0 -} diff --git a/internal/utils/atomic_bool_test.go b/internal/utils/atomic_bool_test.go deleted file mode 100644 index 83a200c2..00000000 --- a/internal/utils/atomic_bool_test.go +++ /dev/null @@ -1,29 +0,0 @@ -package utils - -import ( - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Atomic Bool", func() { - var a *AtomicBool - - BeforeEach(func() { - a = &AtomicBool{} - }) - - It("has the right default value", func() { - Expect(a.Get()).To(BeFalse()) - }) - - It("sets the value to true", func() { - a.Set(true) - Expect(a.Get()).To(BeTrue()) - }) - - It("sets the value to false", func() { - a.Set(true) - a.Set(false) - Expect(a.Get()).To(BeFalse()) - }) -}) diff --git a/internal/utils/byteoder_big_endian_test.go b/internal/utils/byteoder_big_endian_test.go index dec2e841..a90bba07 100644 --- a/internal/utils/byteoder_big_endian_test.go +++ b/internal/utils/byteoder_big_endian_test.go @@ -75,27 +75,6 @@ var _ = Describe("Big Endian encoding / decoding", func() { }) }) - Context("WriteUint24", func() { - It("outputs 3 bytes", func() { - b := &bytes.Buffer{} - BigEndian.WriteUint24(b, uint32(1)) - Expect(b.Len()).To(Equal(3)) - }) - - It("outputs a big endian", func() { - num := uint32(0x010203) - b := &bytes.Buffer{} - BigEndian.WriteUint24(b, num) - Expect(b.Bytes()).To(Equal([]byte{0x01, 0x02, 0x03})) - }) - - It("panics if the value doesn't fit into 24 bits", func() { - num := uint32(0x01020304) - b := &bytes.Buffer{} - Expect(func() { BigEndian.WriteUint24(b, num) }).Should(Panic()) - }) - }) - Context("WriteUint32", func() { It("outputs 4 bytes", func() { b := &bytes.Buffer{} @@ -111,69 +90,6 @@ var _ = Describe("Big Endian encoding / decoding", func() { }) }) - Context("WriteUint40", func() { - It("outputs 5 bytes", func() { - b := &bytes.Buffer{} - BigEndian.WriteUint40(b, uint64(1)) - Expect(b.Len()).To(Equal(5)) - }) - - It("outputs a big endian", func() { - num := uint64(0xDECAFBAD42) - b := &bytes.Buffer{} - BigEndian.WriteUint40(b, num) - Expect(b.Bytes()).To(Equal([]byte{0xDE, 0xCA, 0xFB, 0xAD, 0x42})) - }) - - It("panics if the value doesn't fit into 40 bits", func() { - num := uint64(0x010203040506) - b := &bytes.Buffer{} - Expect(func() { BigEndian.WriteUint40(b, num) }).Should(Panic()) - }) - }) - - Context("WriteUint48", func() { - It("outputs 6 bytes", func() { - b := &bytes.Buffer{} - BigEndian.WriteUint48(b, uint64(1)) - Expect(b.Len()).To(Equal(6)) - }) - - It("outputs a big endian", func() { - num := uint64(0xDEADBEEFCAFE) - b := &bytes.Buffer{} - BigEndian.WriteUint48(b, num) - Expect(b.Bytes()).To(Equal([]byte{0xDE, 0xAD, 0xBE, 0xEF, 0xCA, 0xFE})) - }) - - It("panics if the value doesn't fit into 48 bits", func() { - num := uint64(0xDEADBEEFCAFE01) - b := &bytes.Buffer{} - Expect(func() { BigEndian.WriteUint48(b, num) }).Should(Panic()) - }) - }) - - Context("WriteUint56", func() { - It("outputs 7 bytes", func() { - b := &bytes.Buffer{} - BigEndian.WriteUint56(b, uint64(1)) - Expect(b.Len()).To(Equal(7)) - }) - - It("outputs a big endian", func() { - num := uint64(0xEEDDCCBBAA9988) - b := &bytes.Buffer{} - BigEndian.WriteUint56(b, num) - Expect(b.Bytes()).To(Equal([]byte{0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88})) - }) - - It("panics if the value doesn't fit into 56 bits", func() { - num := uint64(0xEEDDCCBBAA998801) - b := &bytes.Buffer{} - Expect(func() { BigEndian.WriteUint56(b, num) }).Should(Panic()) - }) - }) - Context("WriteUint64", func() { It("outputs 8 bytes", func() { b := &bytes.Buffer{} diff --git a/internal/utils/byteorder.go b/internal/utils/byteorder.go index b45800a3..b4a44517 100644 --- a/internal/utils/byteorder.go +++ b/internal/utils/byteorder.go @@ -13,13 +13,6 @@ type ByteOrder interface { ReadUint16(io.ByteReader) (uint16, error) WriteUint64(*bytes.Buffer, uint64) - WriteUint56(*bytes.Buffer, uint64) - WriteUint48(*bytes.Buffer, uint64) - WriteUint40(*bytes.Buffer, uint64) WriteUint32(*bytes.Buffer, uint32) - WriteUint24(*bytes.Buffer, uint32) WriteUint16(*bytes.Buffer, uint16) - - ReadUfloat16(io.ByteReader) (uint64, error) - WriteUfloat16(*bytes.Buffer, uint64) } diff --git a/internal/utils/byteorder_big_endian.go b/internal/utils/byteorder_big_endian.go index 9f6c9a61..8ee6e1ab 100644 --- a/internal/utils/byteorder_big_endian.go +++ b/internal/utils/byteorder_big_endian.go @@ -2,7 +2,6 @@ package utils import ( "bytes" - "fmt" "io" ) @@ -97,61 +96,12 @@ func (bigEndian) WriteUint64(b *bytes.Buffer, i uint64) { }) } -// WriteUint56 writes 56 bit of a uint64 -func (bigEndian) WriteUint56(b *bytes.Buffer, i uint64) { - if i >= (1 << 56) { - panic(fmt.Sprintf("%#x doesn't fit into 56 bits", i)) - } - b.Write([]byte{ - uint8(i >> 48), uint8(i >> 40), uint8(i >> 32), - uint8(i >> 24), uint8(i >> 16), uint8(i >> 8), uint8(i), - }) -} - -// WriteUint48 writes 48 bit of a uint64 -func (bigEndian) WriteUint48(b *bytes.Buffer, i uint64) { - if i >= (1 << 48) { - panic(fmt.Sprintf("%#x doesn't fit into 48 bits", i)) - } - b.Write([]byte{ - uint8(i >> 40), uint8(i >> 32), - uint8(i >> 24), uint8(i >> 16), uint8(i >> 8), uint8(i), - }) -} - -// WriteUint40 writes 40 bit of a uint64 -func (bigEndian) WriteUint40(b *bytes.Buffer, i uint64) { - if i >= (1 << 40) { - panic(fmt.Sprintf("%#x doesn't fit into 40 bits", i)) - } - b.Write([]byte{ - uint8(i >> 32), - uint8(i >> 24), uint8(i >> 16), uint8(i >> 8), uint8(i), - }) -} - // WriteUint32 writes a uint32 func (bigEndian) WriteUint32(b *bytes.Buffer, i uint32) { b.Write([]byte{uint8(i >> 24), uint8(i >> 16), uint8(i >> 8), uint8(i)}) } -// WriteUint24 writes 24 bit of a uint32 -func (bigEndian) WriteUint24(b *bytes.Buffer, i uint32) { - if i >= (1 << 24) { - panic(fmt.Sprintf("%#x doesn't fit into 24 bits", i)) - } - b.Write([]byte{uint8(i >> 16), uint8(i >> 8), uint8(i)}) -} - // WriteUint16 writes a uint16 func (bigEndian) WriteUint16(b *bytes.Buffer, i uint16) { b.Write([]byte{uint8(i >> 8), uint8(i)}) } - -func (l bigEndian) ReadUfloat16(b io.ByteReader) (uint64, error) { - return readUfloat16(b, l) -} - -func (l bigEndian) WriteUfloat16(b *bytes.Buffer, val uint64) { - writeUfloat16(b, l, val) -} diff --git a/internal/utils/byteorder_little_endian.go b/internal/utils/byteorder_little_endian.go deleted file mode 100644 index 71ff95d5..00000000 --- a/internal/utils/byteorder_little_endian.go +++ /dev/null @@ -1,157 +0,0 @@ -package utils - -import ( - "bytes" - "fmt" - "io" -) - -// LittleEndian is the little-endian implementation of ByteOrder. -var LittleEndian ByteOrder = littleEndian{} - -type littleEndian struct{} - -var _ ByteOrder = &littleEndian{} - -// ReadUintN reads N bytes -func (littleEndian) ReadUintN(b io.ByteReader, length uint8) (uint64, error) { - var res uint64 - for i := uint8(0); i < length; i++ { - bt, err := b.ReadByte() - if err != nil { - return 0, err - } - res ^= uint64(bt) << (i * 8) - } - return res, nil -} - -// ReadUint64 reads a uint64 -func (littleEndian) ReadUint64(b io.ByteReader) (uint64, error) { - var b1, b2, b3, b4, b5, b6, b7, b8 uint8 - var err error - if b1, err = b.ReadByte(); err != nil { - return 0, err - } - if b2, err = b.ReadByte(); err != nil { - return 0, err - } - if b3, err = b.ReadByte(); err != nil { - return 0, err - } - if b4, err = b.ReadByte(); err != nil { - return 0, err - } - if b5, err = b.ReadByte(); err != nil { - return 0, err - } - if b6, err = b.ReadByte(); err != nil { - return 0, err - } - if b7, err = b.ReadByte(); err != nil { - return 0, err - } - if b8, err = b.ReadByte(); err != nil { - return 0, err - } - return uint64(b1) + uint64(b2)<<8 + uint64(b3)<<16 + uint64(b4)<<24 + uint64(b5)<<32 + uint64(b6)<<40 + uint64(b7)<<48 + uint64(b8)<<56, nil -} - -// ReadUint32 reads a uint32 -func (littleEndian) ReadUint32(b io.ByteReader) (uint32, error) { - var b1, b2, b3, b4 uint8 - var err error - if b1, err = b.ReadByte(); err != nil { - return 0, err - } - if b2, err = b.ReadByte(); err != nil { - return 0, err - } - if b3, err = b.ReadByte(); err != nil { - return 0, err - } - if b4, err = b.ReadByte(); err != nil { - return 0, err - } - return uint32(b1) + uint32(b2)<<8 + uint32(b3)<<16 + uint32(b4)<<24, nil -} - -// ReadUint16 reads a uint16 -func (littleEndian) ReadUint16(b io.ByteReader) (uint16, error) { - var b1, b2 uint8 - var err error - if b1, err = b.ReadByte(); err != nil { - return 0, err - } - if b2, err = b.ReadByte(); err != nil { - return 0, err - } - return uint16(b1) + uint16(b2)<<8, nil -} - -// WriteUint64 writes a uint64 -func (littleEndian) WriteUint64(b *bytes.Buffer, i uint64) { - b.Write([]byte{ - uint8(i), uint8(i >> 8), uint8(i >> 16), uint8(i >> 24), - uint8(i >> 32), uint8(i >> 40), uint8(i >> 48), uint8(i >> 56), - }) -} - -// WriteUint56 writes 56 bit of a uint64 -func (littleEndian) WriteUint56(b *bytes.Buffer, i uint64) { - if i >= (1 << 56) { - panic(fmt.Sprintf("%#x doesn't fit into 56 bits", i)) - } - b.Write([]byte{ - uint8(i), uint8(i >> 8), uint8(i >> 16), uint8(i >> 24), - uint8(i >> 32), uint8(i >> 40), uint8(i >> 48), - }) -} - -// WriteUint48 writes 48 bit of a uint64 -func (littleEndian) WriteUint48(b *bytes.Buffer, i uint64) { - if i >= (1 << 48) { - panic(fmt.Sprintf("%#x doesn't fit into 48 bits", i)) - } - b.Write([]byte{ - uint8(i), uint8(i >> 8), uint8(i >> 16), uint8(i >> 24), - uint8(i >> 32), uint8(i >> 40), - }) -} - -// WriteUint40 writes 40 bit of a uint64 -func (littleEndian) WriteUint40(b *bytes.Buffer, i uint64) { - if i >= (1 << 40) { - panic(fmt.Sprintf("%#x doesn't fit into 40 bits", i)) - } - b.Write([]byte{ - uint8(i), uint8(i >> 8), uint8(i >> 16), - uint8(i >> 24), uint8(i >> 32), - }) -} - -// WriteUint32 writes a uint32 -func (littleEndian) WriteUint32(b *bytes.Buffer, i uint32) { - b.Write([]byte{uint8(i), uint8(i >> 8), uint8(i >> 16), uint8(i >> 24)}) -} - -// WriteUint24 writes 24 bit of a uint32 -func (littleEndian) WriteUint24(b *bytes.Buffer, i uint32) { - if i >= (1 << 24) { - panic(fmt.Sprintf("%#x doesn't fit into 24 bits", i)) - } - b.Write([]byte{uint8(i), uint8(i >> 8), uint8(i >> 16)}) -} - -// WriteUint16 writes a uint16 -func (littleEndian) WriteUint16(b *bytes.Buffer, i uint16) { - b.Write([]byte{uint8(i), uint8(i >> 8)}) -} - -func (l littleEndian) ReadUfloat16(b io.ByteReader) (uint64, error) { - return readUfloat16(b, l) -} - -func (l littleEndian) WriteUfloat16(b *bytes.Buffer, val uint64) { - writeUfloat16(b, l, val) -} diff --git a/internal/utils/byteorder_little_endian_test.go b/internal/utils/byteorder_little_endian_test.go deleted file mode 100644 index 60508aaf..00000000 --- a/internal/utils/byteorder_little_endian_test.go +++ /dev/null @@ -1,212 +0,0 @@ -package utils - -import ( - "bytes" - "io" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Little Endian encoding / decoding", func() { - Context("ReadUint16", func() { - It("reads a little endian", func() { - b := []byte{0x13, 0xEF} - val, err := LittleEndian.ReadUint16(bytes.NewReader(b)) - Expect(err).ToNot(HaveOccurred()) - Expect(val).To(Equal(uint16(0xEF13))) - }) - - It("throws an error if less than 2 bytes are passed", func() { - b := []byte{0x13, 0xEF} - for i := 0; i < len(b); i++ { - _, err := LittleEndian.ReadUint16(bytes.NewReader(b[:i])) - Expect(err).To(MatchError(io.EOF)) - } - }) - }) - - Context("ReadUint32", func() { - It("reads a little endian", func() { - b := []byte{0x12, 0x35, 0xAB, 0xFF} - val, err := LittleEndian.ReadUint32(bytes.NewReader(b)) - Expect(err).ToNot(HaveOccurred()) - Expect(val).To(Equal(uint32(0xFFAB3512))) - }) - - It("throws an error if less than 4 bytes are passed", func() { - b := []byte{0x12, 0x35, 0xAB, 0xFF} - for i := 0; i < len(b); i++ { - _, err := LittleEndian.ReadUint32(bytes.NewReader(b[:i])) - Expect(err).To(MatchError(io.EOF)) - } - }) - }) - - Context("ReadUint64", func() { - It("reads a little endian", func() { - b := []byte{0x12, 0x35, 0xAB, 0xFF, 0xEF, 0xBE, 0xAD, 0xDE} - val, err := LittleEndian.ReadUint64(bytes.NewReader(b)) - Expect(err).ToNot(HaveOccurred()) - Expect(val).To(Equal(uint64(0xDEADBEEFFFAB3512))) - }) - - It("throws an error if less than 8 bytes are passed", func() { - b := []byte{0x12, 0x35, 0xAB, 0xFF, 0xEF, 0xBE, 0xAD, 0xDE} - for i := 0; i < len(b); i++ { - _, err := LittleEndian.ReadUint64(bytes.NewReader(b[:i])) - Expect(err).To(MatchError(io.EOF)) - } - }) - }) - - Context("WriteUint16", func() { - It("outputs 2 bytes", func() { - b := &bytes.Buffer{} - LittleEndian.WriteUint16(b, uint16(1)) - Expect(b.Len()).To(Equal(2)) - }) - - It("outputs a little endian", func() { - num := uint16(0xFF11) - b := &bytes.Buffer{} - LittleEndian.WriteUint16(b, num) - Expect(b.Bytes()).To(Equal([]byte{0x11, 0xFF})) - }) - }) - - Context("WriteUint24", func() { - It("outputs 3 bytes", func() { - b := &bytes.Buffer{} - LittleEndian.WriteUint24(b, uint32(1)) - Expect(b.Len()).To(Equal(3)) - }) - - It("outputs a little endian", func() { - num := uint32(0x010203) - b := &bytes.Buffer{} - LittleEndian.WriteUint24(b, num) - Expect(b.Bytes()).To(Equal([]byte{0x03, 0x02, 0x01})) - }) - - It("panics if the value doesn't fit into 24 bits", func() { - num := uint32(0x01020304) - b := &bytes.Buffer{} - Expect(func() { LittleEndian.WriteUint24(b, num) }).Should(Panic()) - }) - }) - - Context("WriteUint32", func() { - It("outputs 4 bytes", func() { - b := &bytes.Buffer{} - LittleEndian.WriteUint32(b, uint32(1)) - Expect(b.Len()).To(Equal(4)) - }) - - It("outputs a little endian", func() { - num := uint32(0xEFAC3512) - b := &bytes.Buffer{} - LittleEndian.WriteUint32(b, num) - Expect(b.Bytes()).To(Equal([]byte{0x12, 0x35, 0xAC, 0xEF})) - }) - }) - - Context("WriteUint40", func() { - It("outputs 5 bytes", func() { - b := &bytes.Buffer{} - LittleEndian.WriteUint40(b, uint64(1)) - Expect(b.Len()).To(Equal(5)) - }) - - It("outputs a little endian", func() { - num := uint64(0x0102030405) - b := &bytes.Buffer{} - LittleEndian.WriteUint40(b, num) - Expect(b.Bytes()).To(Equal([]byte{0x05, 0x04, 0x03, 0x02, 0x01})) - }) - - It("panics if the value doesn't fit into 40 bits", func() { - num := uint64(0x010203040506) - b := &bytes.Buffer{} - Expect(func() { LittleEndian.WriteUint40(b, num) }).Should(Panic()) - }) - }) - - Context("WriteUint48", func() { - It("outputs 6 bytes", func() { - b := &bytes.Buffer{} - LittleEndian.WriteUint48(b, uint64(1)) - Expect(b.Len()).To(Equal(6)) - }) - - It("outputs a little endian", func() { - num := uint64(0xDEADBEEFCAFE) - b := &bytes.Buffer{} - LittleEndian.WriteUint48(b, num) - Expect(b.Bytes()).To(Equal([]byte{0xFE, 0xCA, 0xEF, 0xBE, 0xAD, 0xDE})) - }) - - It("panics if the value doesn't fit into 48 bits", func() { - num := uint64(0xDEADBEEFCAFE01) - b := &bytes.Buffer{} - Expect(func() { LittleEndian.WriteUint48(b, num) }).Should(Panic()) - }) - }) - - Context("WriteUint56", func() { - It("outputs 7 bytes", func() { - b := &bytes.Buffer{} - LittleEndian.WriteUint56(b, uint64(1)) - Expect(b.Len()).To(Equal(7)) - }) - - It("outputs a little endian", func() { - num := uint64(0xEEDDCCBBAA9988) - b := &bytes.Buffer{} - LittleEndian.WriteUint56(b, num) - Expect(b.Bytes()).To(Equal([]byte{0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE})) - }) - - It("panics if the value doesn't fit into 56 bits", func() { - num := uint64(0xEEDDCCBBAA998801) - b := &bytes.Buffer{} - Expect(func() { LittleEndian.WriteUint56(b, num) }).Should(Panic()) - }) - }) - - Context("WriteUint64", func() { - It("outputs 8 bytes", func() { - b := &bytes.Buffer{} - LittleEndian.WriteUint64(b, uint64(1)) - Expect(b.Len()).To(Equal(8)) - }) - - It("outputs a little endian", func() { - num := uint64(0xFFEEDDCCBBAA9988) - b := &bytes.Buffer{} - LittleEndian.WriteUint64(b, num) - Expect(b.Bytes()).To(Equal([]byte{0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF})) - }) - }) - - Context("ReadUintN", func() { - It("reads n bytes", func() { - m := map[uint8]uint64{ - 0: 0x0, 1: 0x01, 2: 0x0201, 3: 0x030201, 4: 0x04030201, 5: 0x0504030201, - 6: 0x060504030201, 7: 0x07060504030201, 8: 0x0807060504030201, - } - for n, expected := range m { - b := bytes.NewReader([]byte{0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8}) - i, err := LittleEndian.ReadUintN(b, n) - Expect(err).ToNot(HaveOccurred()) - Expect(i).To(Equal(expected)) - } - }) - - It("errors", func() { - b := bytes.NewReader([]byte{0x1, 0x2}) - _, err := LittleEndian.ReadUintN(b, 3) - Expect(err).To(HaveOccurred()) - }) - }) -}) diff --git a/internal/utils/float16.go b/internal/utils/float16.go deleted file mode 100644 index 8e2ca1bc..00000000 --- a/internal/utils/float16.go +++ /dev/null @@ -1,86 +0,0 @@ -package utils - -import ( - "bytes" - "io" - "math" -) - -// We define an unsigned 16-bit floating point value, inspired by IEEE floats -// (http://en.wikipedia.org/wiki/Half_precision_floating-point_format), -// with 5-bit exponent (bias 1), 11-bit mantissa (effective 12 with hidden -// bit) and denormals, but without signs, transfinites or fractions. Wire format -// 16 bits (little-endian byte order) are split into exponent (high 5) and -// mantissa (low 11) and decoded as: -// uint64_t value; -// if (exponent == 0) value = mantissa; -// else value = (mantissa | 1 << 11) << (exponent - 1) -const uFloat16ExponentBits = 5 -const uFloat16MaxExponent = (1 << uFloat16ExponentBits) - 2 // 30 -const uFloat16MantissaBits = 16 - uFloat16ExponentBits // 11 -const uFloat16MantissaEffectiveBits = uFloat16MantissaBits + 1 // 12 -const uFloat16MaxValue = ((uint64(1) << uFloat16MantissaEffectiveBits) - 1) << uFloat16MaxExponent // 0x3FFC0000000 - -// readUfloat16 reads a float in the QUIC-float16 format and returns its uint64 representation -func readUfloat16(b io.ByteReader, byteOrder ByteOrder) (uint64, error) { - val, err := byteOrder.ReadUint16(b) - if err != nil { - return 0, err - } - - res := uint64(val) - - if res < (1 << uFloat16MantissaEffectiveBits) { - // Fast path: either the value is denormalized (no hidden bit), or - // normalized (hidden bit set, exponent offset by one) with exponent zero. - // Zero exponent offset by one sets the bit exactly where the hidden bit is. - // So in both cases the value encodes itself. - return res, nil - } - - exponent := val >> uFloat16MantissaBits // No sign extend on uint! - // After the fast pass, the exponent is at least one (offset by one). - // Un-offset the exponent. - exponent-- - // Here we need to clear the exponent and set the hidden bit. We have already - // decremented the exponent, so when we subtract it, it leaves behind the - // hidden bit. - res -= uint64(exponent) << uFloat16MantissaBits - res <<= exponent - return res, nil -} - -// writeUfloat16 writes a float in the QUIC-float16 format from its uint64 representation -func writeUfloat16(b *bytes.Buffer, byteOrder ByteOrder, value uint64) { - var result uint16 - if value < (uint64(1) << uFloat16MantissaEffectiveBits) { - // Fast path: either the value is denormalized, or has exponent zero. - // Both cases are represented by the value itself. - result = uint16(value) - } else if value >= uFloat16MaxValue { - // Value is out of range; clamp it to the maximum representable. - result = math.MaxUint16 - } else { - // The highest bit is between position 13 and 42 (zero-based), which - // corresponds to exponent 1-30. In the output, mantissa is from 0 to 10, - // hidden bit is 11 and exponent is 11 to 15. Shift the highest bit to 11 - // and count the shifts. - exponent := uint16(0) - for offset := uint16(16); offset > 0; offset /= 2 { - // Right-shift the value until the highest bit is in position 11. - // For offset of 16, 8, 4, 2 and 1 (binary search over 1-30), - // shift if the bit is at or above 11 + offset. - if value >= (uint64(1) << (uFloat16MantissaBits + offset)) { - exponent += offset - value >>= offset - } - } - - // Hidden bit (position 11) is set. We should remove it and increment the - // exponent. Equivalently, we just add it to the exponent. - // This hides the bit. - result = (uint16(value) + (exponent << uFloat16MantissaBits)) - } - - byteOrder.WriteUint16(b, result) -} diff --git a/internal/utils/float16_test.go b/internal/utils/float16_test.go deleted file mode 100644 index 319fad24..00000000 --- a/internal/utils/float16_test.go +++ /dev/null @@ -1,161 +0,0 @@ -package utils - -import ( - "bytes" - "fmt" - "io" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("float16", func() { - for _, v := range []ByteOrder{LittleEndian, BigEndian} { - bo := v - name := "little endian" - if bo == BigEndian { - name = "big endian" - } - - Context(fmt.Sprintf("in %s", name), func() { - It("reads", func() { - testcases := []struct { - expected uint64 - binary uint16 - }{ - // There are fewer decoding test cases because encoding truncates, and - // decoding returns the smallest expansion. - // Small numbers represent themselves. - {0, 0}, - {1, 1}, - {2, 2}, - {3, 3}, - {4, 4}, - {5, 5}, - {6, 6}, - {7, 7}, - {15, 15}, - {31, 31}, - {42, 42}, - {123, 123}, - {1234, 1234}, - // Check transition through 2^11. - {2046, 2046}, - {2047, 2047}, - {2048, 2048}, - {2049, 2049}, - // Running out of mantissa at 2^12. - {4094, 4094}, - {4095, 4095}, - {4096, 4096}, - {4098, 4097}, - {4100, 4098}, - // Check transition through 2^13. - {8190, 6143}, - {8192, 6144}, - {8196, 6145}, - // Half-way through the exponents. - {0x7FF8000, 0x87FF}, - {0x8000000, 0x8800}, - {0xFFF0000, 0x8FFF}, - {0x10000000, 0x9000}, - // Transition into the largest exponent. - {0x1FFE0000000, 0xF7FF}, - {0x20000000000, 0xF800}, - {0x20040000000, 0xF801}, - // Transition into the max value. - {0x3FF80000000, 0xFFFE}, - {0x3FFC0000000, 0xFFFF}, - } - for _, testcase := range testcases { - b := &bytes.Buffer{} - bo.WriteUint16(b, testcase.binary) - val, err := bo.ReadUfloat16(b) - Expect(err).NotTo(HaveOccurred()) - Expect(val).To(Equal(testcase.expected)) - } - }) - - It("errors on eof", func() { - _, err := bo.ReadUfloat16(&bytes.Buffer{}) - Expect(err).To(MatchError(io.EOF)) - }) - - It("writes", func() { - testcases := []struct { - decoded uint64 - encoded uint16 - }{ - // Small numbers represent themselves. - {0, 0}, - {1, 1}, - {2, 2}, - {3, 3}, - {4, 4}, - {5, 5}, - {6, 6}, - {7, 7}, - {15, 15}, - {31, 31}, - {42, 42}, - {123, 123}, - {1234, 1234}, - // Check transition through 2^11. - {2046, 2046}, - {2047, 2047}, - {2048, 2048}, - {2049, 2049}, - // Running out of mantissa at 2^12. - {4094, 4094}, - {4095, 4095}, - {4096, 4096}, - {4097, 4096}, - {4098, 4097}, - {4099, 4097}, - {4100, 4098}, - {4101, 4098}, - // Check transition through 2^13. - {8190, 6143}, - {8191, 6143}, - {8192, 6144}, - {8193, 6144}, - {8194, 6144}, - {8195, 6144}, - {8196, 6145}, - {8197, 6145}, - // Half-way through the exponents. - {0x7FF8000, 0x87FF}, - {0x7FFFFFF, 0x87FF}, - {0x8000000, 0x8800}, - {0xFFF0000, 0x8FFF}, - {0xFFFFFFF, 0x8FFF}, - {0x10000000, 0x9000}, - // Transition into the largest exponent. - {0x1FFFFFFFFFE, 0xF7FF}, - {0x1FFFFFFFFFF, 0xF7FF}, - {0x20000000000, 0xF800}, - {0x20000000001, 0xF800}, - {0x2003FFFFFFE, 0xF800}, - {0x2003FFFFFFF, 0xF800}, - {0x20040000000, 0xF801}, - {0x20040000001, 0xF801}, - // Transition into the max value and clamping. - {0x3FF80000000, 0xFFFE}, - {0x3FFBFFFFFFF, 0xFFFE}, - {0x3FFC0000000, 0xFFFF}, - {0x3FFC0000001, 0xFFFF}, - {0x3FFFFFFFFFF, 0xFFFF}, - {0x40000000000, 0xFFFF}, - {0xFFFFFFFFFFFFFFFF, 0xFFFF}, - } - for _, testcase := range testcases { - b := &bytes.Buffer{} - bo.WriteUfloat16(b, testcase.decoded) - val, err := bo.ReadUint16(b) - Expect(err).NotTo(HaveOccurred()) - Expect(val).To(Equal(testcase.encoded)) - } - }) - }) - } -}) diff --git a/internal/wire/ack_frame.go b/internal/wire/ack_frame.go index 8eeb4001..e6870baa 100644 --- a/internal/wire/ack_frame.go +++ b/internal/wire/ack_frame.go @@ -13,6 +13,8 @@ import ( // TODO: use the value sent in the transport parameters const ackDelayExponent = 3 +var errInvalidAckRanges = errors.New("AckFrame: ACK frame contains invalid ACK ranges") + // An AckFrame is an ACK frame type AckFrame struct { AckRanges []AckRange // has to be ordered. The highest ACK range goes first, the lowest ACK range goes last @@ -21,10 +23,6 @@ type AckFrame struct { // parseAckFrame reads an ACK frame func parseAckFrame(r *bytes.Reader, version protocol.VersionNumber) (*AckFrame, error) { - if !version.UsesIETFFrameFormat() { - return parseAckFrameLegacy(r, version) - } - typeByte, err := r.ReadByte() if err != nil { return nil, err @@ -104,10 +102,6 @@ func parseAckFrame(r *bytes.Reader, version protocol.VersionNumber) (*AckFrame, // Write writes an ACK frame. func (f *AckFrame) Write(b *bytes.Buffer, version protocol.VersionNumber) error { - if !version.UsesIETFFrameFormat() { - return f.writeLegacy(b, version) - } - b.WriteByte(0x1a) utils.WriteVarInt(b, uint64(f.LargestAcked())) utils.WriteVarInt(b, encodeAckDelay(f.DelayTime)) @@ -130,10 +124,6 @@ func (f *AckFrame) Write(b *bytes.Buffer, version protocol.VersionNumber) error // Length of a written frame func (f *AckFrame) Length(version protocol.VersionNumber) protocol.ByteCount { - if !version.UsesIETFFrameFormat() { - return f.lengthLegacy(version) - } - largestAcked := f.AckRanges[0].Largest numRanges := f.numEncodableAckRanges() diff --git a/internal/wire/ack_frame_legacy.go b/internal/wire/ack_frame_legacy.go deleted file mode 100644 index c2a71e0b..00000000 --- a/internal/wire/ack_frame_legacy.go +++ /dev/null @@ -1,364 +0,0 @@ -package wire - -import ( - "bytes" - "errors" - "time" - - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/utils" -) - -var errInvalidAckRanges = errors.New("AckFrame: ACK frame contains invalid ACK ranges") - -func parseAckFrameLegacy(r *bytes.Reader, _ protocol.VersionNumber) (*AckFrame, error) { - frame := &AckFrame{} - - typeByte, err := r.ReadByte() - if err != nil { - return nil, err - } - - hasMissingRanges := typeByte&0x20 == 0x20 - largestAckedLen := 2 * ((typeByte & 0x0C) >> 2) - if largestAckedLen == 0 { - largestAckedLen = 1 - } - - missingSequenceNumberDeltaLen := 2 * (typeByte & 0x03) - if missingSequenceNumberDeltaLen == 0 { - missingSequenceNumberDeltaLen = 1 - } - - la, err := utils.BigEndian.ReadUintN(r, largestAckedLen) - if err != nil { - return nil, err - } - largestAcked := protocol.PacketNumber(la) - - delay, err := utils.BigEndian.ReadUfloat16(r) - if err != nil { - return nil, err - } - frame.DelayTime = time.Duration(delay) * time.Microsecond - - var numAckBlocks uint8 - if hasMissingRanges { - numAckBlocks, err = r.ReadByte() - if err != nil { - return nil, err - } - } - - if hasMissingRanges && numAckBlocks == 0 { - return nil, errInvalidAckRanges - } - - abl, err := utils.BigEndian.ReadUintN(r, missingSequenceNumberDeltaLen) - if err != nil { - return nil, err - } - ackBlockLength := protocol.PacketNumber(abl) - if largestAcked > 0 && ackBlockLength < 1 { - return nil, errors.New("invalid first ACK range") - } - - if ackBlockLength > largestAcked+1 { - return nil, errInvalidAckRanges - } - - if hasMissingRanges { - ackRange := AckRange{ - Smallest: largestAcked - ackBlockLength + 1, - Largest: largestAcked, - } - frame.AckRanges = append(frame.AckRanges, ackRange) - - var inLongBlock bool - var lastRangeComplete bool - for i := uint8(0); i < numAckBlocks; i++ { - var gap uint8 - gap, err = r.ReadByte() - if err != nil { - return nil, err - } - - abl, err := utils.BigEndian.ReadUintN(r, missingSequenceNumberDeltaLen) - if err != nil { - return nil, err - } - ackBlockLength := protocol.PacketNumber(abl) - - if inLongBlock { - frame.AckRanges[len(frame.AckRanges)-1].Smallest -= protocol.PacketNumber(gap) + ackBlockLength - frame.AckRanges[len(frame.AckRanges)-1].Largest -= protocol.PacketNumber(gap) - } else { - lastRangeComplete = false - ackRange := AckRange{ - Largest: frame.AckRanges[len(frame.AckRanges)-1].Smallest - protocol.PacketNumber(gap) - 1, - } - ackRange.Smallest = ackRange.Largest - ackBlockLength + 1 - frame.AckRanges = append(frame.AckRanges, ackRange) - } - - if ackBlockLength > 0 { - lastRangeComplete = true - } - inLongBlock = (ackBlockLength == 0) - } - - // if the last range was not complete, First and Last make no sense - // remove the range from frame.AckRanges - if !lastRangeComplete { - frame.AckRanges = frame.AckRanges[:len(frame.AckRanges)-1] - } - } else { - frame.AckRanges = make([]AckRange, 1) - if largestAcked != 0 { - frame.AckRanges[0].Largest = largestAcked - frame.AckRanges[0].Smallest = largestAcked + 1 - ackBlockLength - } - } - - if !frame.validateAckRanges() { - return nil, errInvalidAckRanges - } - - var numTimestamp byte - numTimestamp, err = r.ReadByte() - if err != nil { - return nil, err - } - - if numTimestamp > 0 { - // Delta Largest acked - _, err = r.ReadByte() - if err != nil { - return nil, err - } - // First Timestamp - _, err = utils.BigEndian.ReadUint32(r) - if err != nil { - return nil, err - } - - for i := 0; i < int(numTimestamp)-1; i++ { - // Delta Largest acked - _, err = r.ReadByte() - if err != nil { - return nil, err - } - - // Time Since Previous Timestamp - _, err = utils.BigEndian.ReadUint16(r) - if err != nil { - return nil, err - } - } - } - return frame, nil -} - -func (f *AckFrame) writeLegacy(b *bytes.Buffer, _ protocol.VersionNumber) error { - largestAcked := f.LargestAcked() - largestAckedLen := protocol.GetPacketNumberLength(largestAcked) - - typeByte := uint8(0x40) - - if largestAckedLen != protocol.PacketNumberLen1 { - typeByte ^= (uint8(largestAckedLen / 2)) << 2 - } - - missingSequenceNumberDeltaLen := f.getMissingSequenceNumberDeltaLen() - if missingSequenceNumberDeltaLen != protocol.PacketNumberLen1 { - typeByte ^= (uint8(missingSequenceNumberDeltaLen / 2)) - } - - if f.HasMissingRanges() { - typeByte |= 0x20 - } - - b.WriteByte(typeByte) - - switch largestAckedLen { - case protocol.PacketNumberLen1: - b.WriteByte(uint8(largestAcked)) - case protocol.PacketNumberLen2: - utils.BigEndian.WriteUint16(b, uint16(largestAcked)) - case protocol.PacketNumberLen4: - utils.BigEndian.WriteUint32(b, uint32(largestAcked)) - case protocol.PacketNumberLen6: - utils.BigEndian.WriteUint48(b, uint64(largestAcked)&(1<<48-1)) - } - - utils.BigEndian.WriteUfloat16(b, uint64(f.DelayTime/time.Microsecond)) - - var numRanges uint64 - var numRangesWritten uint64 - if f.HasMissingRanges() { - numRanges = f.numWritableNackRanges() - if numRanges > 0xFF { - panic("AckFrame: Too many ACK ranges") - } - b.WriteByte(uint8(numRanges - 1)) - } - - var firstAckBlockLength protocol.PacketNumber - if !f.HasMissingRanges() { - firstAckBlockLength = largestAcked - f.LowestAcked() + 1 - } else { - firstAckBlockLength = largestAcked - f.AckRanges[0].Smallest + 1 - numRangesWritten++ - } - - switch missingSequenceNumberDeltaLen { - case protocol.PacketNumberLen1: - b.WriteByte(uint8(firstAckBlockLength)) - case protocol.PacketNumberLen2: - utils.BigEndian.WriteUint16(b, uint16(firstAckBlockLength)) - case protocol.PacketNumberLen4: - utils.BigEndian.WriteUint32(b, uint32(firstAckBlockLength)) - case protocol.PacketNumberLen6: - utils.BigEndian.WriteUint48(b, uint64(firstAckBlockLength)&(1<<48-1)) - } - - for i, ackRange := range f.AckRanges { - if i == 0 { - continue - } - - length := ackRange.Largest - ackRange.Smallest + 1 - gap := f.AckRanges[i-1].Smallest - ackRange.Largest - 1 - - num := gap/0xFF + 1 - if gap%0xFF == 0 { - num-- - } - - if num == 1 { - b.WriteByte(uint8(gap)) - switch missingSequenceNumberDeltaLen { - case protocol.PacketNumberLen1: - b.WriteByte(uint8(length)) - case protocol.PacketNumberLen2: - utils.BigEndian.WriteUint16(b, uint16(length)) - case protocol.PacketNumberLen4: - utils.BigEndian.WriteUint32(b, uint32(length)) - case protocol.PacketNumberLen6: - utils.BigEndian.WriteUint48(b, uint64(length)&(1<<48-1)) - } - numRangesWritten++ - } else { - for i := 0; i < int(num); i++ { - var lengthWritten uint64 - var gapWritten uint8 - - if i == int(num)-1 { // last block - lengthWritten = uint64(length) - gapWritten = uint8(1 + ((gap - 1) % 255)) - } else { - lengthWritten = 0 - gapWritten = 0xFF - } - - b.WriteByte(gapWritten) - switch missingSequenceNumberDeltaLen { - case protocol.PacketNumberLen1: - b.WriteByte(uint8(lengthWritten)) - case protocol.PacketNumberLen2: - utils.BigEndian.WriteUint16(b, uint16(lengthWritten)) - case protocol.PacketNumberLen4: - utils.BigEndian.WriteUint32(b, uint32(lengthWritten)) - case protocol.PacketNumberLen6: - utils.BigEndian.WriteUint48(b, lengthWritten&(1<<48-1)) - } - - numRangesWritten++ - } - } - - // this is needed if not all AckRanges can be written to the ACK frame (if there are more than 0xFF) - if numRangesWritten >= numRanges { - break - } - } - - if numRanges != numRangesWritten { - return errors.New("BUG: Inconsistent number of ACK ranges written") - } - - b.WriteByte(0) // no timestamps - return nil -} - -func (f *AckFrame) lengthLegacy(_ protocol.VersionNumber) protocol.ByteCount { - length := protocol.ByteCount(1 + 2 + 1) // 1 TypeByte, 2 ACK delay time, 1 Num Timestamp - length += protocol.ByteCount(protocol.GetPacketNumberLength(f.LargestAcked())) - - missingSequenceNumberDeltaLen := protocol.ByteCount(f.getMissingSequenceNumberDeltaLen()) - - if f.HasMissingRanges() { - length += (1 + missingSequenceNumberDeltaLen) * protocol.ByteCount(f.numWritableNackRanges()) - } else { - length += missingSequenceNumberDeltaLen - } - // we don't write - return length -} - -// numWritableNackRanges calculates the number of ACK blocks that are about to be written -// this number is different from len(f.AckRanges) for the case of long gaps (> 255 packets) -func (f *AckFrame) numWritableNackRanges() uint64 { - if len(f.AckRanges) == 0 { - return 0 - } - - var numRanges uint64 - for i, ackRange := range f.AckRanges { - if i == 0 { - continue - } - - lastAckRange := f.AckRanges[i-1] - gap := lastAckRange.Smallest - ackRange.Largest - 1 - rangeLength := 1 + uint64(gap)/0xFF - if uint64(gap)%0xFF == 0 { - rangeLength-- - } - - if numRanges+rangeLength < 0xFF { - numRanges += rangeLength - } else { - break - } - } - - return numRanges + 1 -} - -func (f *AckFrame) getMissingSequenceNumberDeltaLen() protocol.PacketNumberLen { - var maxRangeLength protocol.PacketNumber - - if f.HasMissingRanges() { - for _, ackRange := range f.AckRanges { - rangeLength := ackRange.Largest - ackRange.Smallest + 1 - if rangeLength > maxRangeLength { - maxRangeLength = rangeLength - } - } - } else { - maxRangeLength = f.LargestAcked() - f.LowestAcked() + 1 - } - - if maxRangeLength <= 0xFF { - return protocol.PacketNumberLen1 - } - if maxRangeLength <= 0xFFFF { - return protocol.PacketNumberLen2 - } - if maxRangeLength <= 0xFFFFFFFF { - return protocol.PacketNumberLen4 - } - - return protocol.PacketNumberLen6 -} diff --git a/internal/wire/ack_frame_legacy_test.go b/internal/wire/ack_frame_legacy_test.go deleted file mode 100644 index 3be341a2..00000000 --- a/internal/wire/ack_frame_legacy_test.go +++ /dev/null @@ -1,1045 +0,0 @@ -package wire - -import ( - "bytes" - "io" - "time" - - "github.com/lucas-clemente/quic-go/internal/protocol" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("ACK Frame (for gQUIC)", func() { - Context("when parsing", func() { - It("accepts a sample frame", func() { - b := bytes.NewReader([]byte{0x40, - 0x1c, // largest acked - 0x0, 0x0, // delay time - 0x1c, // block length - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0x1c))) - Expect(frame.LowestAcked()).To(Equal(protocol.PacketNumber(1))) - Expect(frame.HasMissingRanges()).To(BeFalse()) - Expect(b.Len()).To(BeZero()) - }) - - It("parses a frame that acks packet number 0", func() { - b := bytes.NewReader([]byte{0x40, - 0x0, // largest acked - 0x0, 0x0, // delay time - 0x1, // block length - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0))) - Expect(frame.LowestAcked()).To(Equal(protocol.PacketNumber(0))) - Expect(frame.HasMissingRanges()).To(BeFalse()) - Expect(b.Len()).To(BeZero()) - }) - - It("parses a frame with 1 ACKed packet", func() { - b := bytes.NewReader([]byte{0x40, - 0x10, // largest acked - 0x0, 0x0, // delay time - 0x1, // block length - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0x10))) - Expect(frame.LowestAcked()).To(Equal(protocol.PacketNumber(0x10))) - Expect(frame.HasMissingRanges()).To(BeFalse()) - Expect(b.Len()).To(BeZero()) - }) - - It("parses a frame that acks multiple packets, starting with 0", func() { - b := bytes.NewReader([]byte{0x40, - 0x10, // largest acked - 0x0, 0x0, // delay time - 0x11, // block length - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0x10))) - Expect(frame.LowestAcked()).To(Equal(protocol.PacketNumber(0))) - Expect(frame.HasMissingRanges()).To(BeFalse()) - Expect(b.Len()).To(BeZero()) - }) - - It("parses a frame with multiple timestamps", func() { - b := bytes.NewReader([]byte{0x40, - 0x10, // largest acked - 0x0, 0x0, // timestamp - 0x10, // block length - 0x4, // num timestamps - 0x1, 0x6b, 0x26, 0x4, 0x0, // 1st timestamp - 0x3, 0, 0, // 2nd timestamp - 0x2, 0, 0, // 3rd timestamp - 0x1, 0, 0, // 4th timestamp - }) - _, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Len()).To(BeZero()) - }) - - It("errors when the ACK range is too large", func() { - // LargestAcked: 0x1c - // Length: 0x1d => LowestAcked would be -1 - b := bytes.NewReader([]byte{0x40, - 0x1c, // largest acked - 0x0, 0x0, // delay time - 0x1e, // block length - 0, - }) - _, err := parseAckFrame(b, versionBigEndian) - Expect(err).To(MatchError(errInvalidAckRanges)) - }) - - It("errors when the first ACK range is empty", func() { - b := bytes.NewReader([]byte{0x40, - 0x9, // largest acked - 0x0, 0x0, // delay time - 0x0, // block length - 0, - }) - _, err := parseAckFrame(b, versionBigEndian) - Expect(err).To(MatchError("invalid first ACK range")) - }) - - It("parses the delay time", func() { - b := bytes.NewReader([]byte{0x40, - 0x3, // largest acked - 0x0, 0x8e, // delay time - 0x3, // block length - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(3))) - Expect(frame.DelayTime).To(Equal(142 * time.Microsecond)) - }) - - It("errors on EOFs", func() { - data := []byte{0x60 ^ 0x4 ^ 0x1, - 0x9, 0x66, // largest acked - 0x23, 0x1, // delay time - 0x7, // num ACk blocks - 0x0, 0x7, // 1st block - 0xff, 0x0, 0x0, // 2nd block - 0xf5, 0x2, 0x8a, // 3rd block - 0xc8, 0x0, 0xe6, // 4th block - 0xff, 0x0, 0x0, // 5th block - 0xff, 0x0, 0x0, // 6th block - 0xff, 0x0, 0x0, // 7th block - 0x23, 0x0, 0x13, // 8th blocks - 0x2, // num timestamps - 0x1, 0x13, 0xae, 0xb, 0x0, // 1st timestamp - 0x0, 0x80, 0x5, // 2nd timestamp - } - _, err := parseAckFrame(bytes.NewReader(data), versionBigEndian) - Expect(err).NotTo(HaveOccurred()) - for i := range data { - _, err := parseAckFrame(bytes.NewReader(data[0:i]), versionBigEndian) - Expect(err).To(MatchError(io.EOF)) - } - }) - - Context("largest acked length", func() { - It("parses a frame with a 2 byte packet number", func() { - b := bytes.NewReader([]byte{0x40 | 0x4, - 0x13, 0x37, // largest acked - 0x0, 0x0, // delay time - 0x9, // block length - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0x1337))) - Expect(frame.LowestAcked()).To(Equal(protocol.PacketNumber(0x1337 - 0x9 + 1))) - Expect(frame.HasMissingRanges()).To(BeFalse()) - Expect(b.Len()).To(BeZero()) - }) - - It("parses a frame with a 4 byte packet number", func() { - b := bytes.NewReader([]byte{0x40 | 0x8, - 0xde, 0xca, 0xfb, 0xad, // largest acked - 0x0, 0x0, // timesatmp - 0x5, // block length - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0xdecafbad))) - Expect(frame.LowestAcked()).To(Equal(protocol.PacketNumber(0xdecafbad - 5 + 1))) - Expect(frame.HasMissingRanges()).To(BeFalse()) - Expect(b.Len()).To(BeZero()) - }) - - It("parses a frame with a 6 byte packet number", func() { - b := bytes.NewReader([]byte{0x4 | 0xc, - 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, // largest acked - 0x0, 0x0, // delay time - 0x5, // block length - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0xdeadbeefcafe))) - Expect(frame.LowestAcked()).To(Equal(protocol.PacketNumber(0xdeadbeefcafe - 5 + 1))) - Expect(frame.HasMissingRanges()).To(BeFalse()) - Expect(b.Len()).To(BeZero()) - }) - }) - - Context("ACK blocks", func() { - It("parses a frame with two ACK blocks", func() { - b := bytes.NewReader([]byte{0x60, - 0x18, // largest acked - 0x0, 0x0, // delay time - 0x1, // num ACK blocks - 0x3, // 1st block - 0x2, 0x10, // 2nd block - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0x18))) - Expect(frame.HasMissingRanges()).To(BeTrue()) - Expect(frame.AckRanges).To(HaveLen(2)) - Expect(frame.AckRanges[0]).To(Equal(AckRange{Smallest: 0x18 - 0x3 + 1, Largest: 0x18})) - Expect(frame.AckRanges[1]).To(Equal(AckRange{Smallest: (0x18 - 0x3 + 1) - (0x2 + 1) - (0x10 - 1), Largest: (0x18 - 0x3 + 1) - (0x2 + 1)})) - Expect(frame.LowestAcked()).To(Equal(protocol.PacketNumber(4))) - Expect(b.Len()).To(BeZero()) - }) - - It("rejects a frame with invalid ACK ranges", func() { - // like the test before, but increased the last ACK range, such that the First would be negative - b := bytes.NewReader([]byte{0x60, - 0x18, // largest acked - 0x0, 0x0, // delay time - 0x1, // num ACK blocks - 0x3, // 1st block - 0x2, 0x15, // 2nd block - 0, - }) - _, err := parseAckFrame(b, versionBigEndian) - Expect(err).To(MatchError(errInvalidAckRanges)) - }) - - It("rejects a frame that says it has ACK blocks in the typeByte, but doesn't have any", func() { - b := bytes.NewReader([]byte{0x60 ^ 0x3, - 0x4, // largest acked - 0x0, 0x0, // delay time - 0, // num ACK blocks - 0, - }) - _, err := parseAckFrame(b, versionBigEndian) - Expect(err).To(MatchError(errInvalidAckRanges)) - }) - - It("parses a frame with multiple single packets missing", func() { - b := bytes.NewReader([]byte{0x60, - 0x27, // largest acked - 0x0, 0x0, // delay time - 0x6, // num ACK blocks - 0x9, // 1st block - 0x1, 0x1, // 2nd block - 0x1, 0x1, // 3rd block - 0x1, 0x1, // 4th block - 0x1, 0x1, // 5th block - 0x1, 0x1, // 6th block - 0x1, 0x13, // 7th block - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0x27))) - Expect(frame.HasMissingRanges()).To(BeTrue()) - Expect(frame.AckRanges).To(HaveLen(7)) - Expect(frame.AckRanges[0]).To(Equal(AckRange{Smallest: 31, Largest: 0x27})) - Expect(frame.AckRanges[1]).To(Equal(AckRange{Smallest: 29, Largest: 29})) - Expect(frame.AckRanges[2]).To(Equal(AckRange{Smallest: 27, Largest: 27})) - Expect(frame.AckRanges[3]).To(Equal(AckRange{Smallest: 25, Largest: 25})) - Expect(frame.AckRanges[4]).To(Equal(AckRange{Smallest: 23, Largest: 23})) - Expect(frame.AckRanges[5]).To(Equal(AckRange{Smallest: 21, Largest: 21})) - Expect(frame.AckRanges[6]).To(Equal(AckRange{Smallest: 1, Largest: 19})) - Expect(frame.LowestAcked()).To(Equal(protocol.PacketNumber(1))) - Expect(b.Len()).To(BeZero()) - }) - - It("parses a frame with multiple longer ACK blocks", func() { - b := bytes.NewReader([]byte{0x60, - 0x52, // largest acked - 0xd1, 0x0, //delay time - 0x3, // num ACK blocks - 0x17, // 1st block - 0xa, 0x10, // 2nd block - 0x4, 0x8, // 3rd block - 0x2, 0x12, // 4th block - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0x52))) - Expect(frame.HasMissingRanges()).To(BeTrue()) - Expect(frame.AckRanges).To(HaveLen(4)) - Expect(frame.AckRanges[0]).To(Equal(AckRange{Smallest: 60, Largest: 0x52})) - Expect(frame.AckRanges[1]).To(Equal(AckRange{Smallest: 34, Largest: 49})) - Expect(frame.AckRanges[2]).To(Equal(AckRange{Smallest: 22, Largest: 29})) - Expect(frame.AckRanges[3]).To(Equal(AckRange{Smallest: 2, Largest: 19})) - Expect(frame.LowestAcked()).To(Equal(protocol.PacketNumber(2))) - Expect(b.Len()).To(BeZero()) - }) - - Context("more than 256 lost packets in a row", func() { - // 255 missing packets fit into a single ACK block - It("parses a frame with a range of 255 missing packets", func() { - b := bytes.NewReader([]byte{0x60 ^ 0x4, - 0x1, 0x15, // largest acked - 0x0, 0x0, // delay time - 0x1, // num ACK blocks - 0x3, // 1st block - 0xff, 0x13, // 2nd block - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0x115))) - Expect(frame.HasMissingRanges()).To(BeTrue()) - Expect(frame.AckRanges).To(HaveLen(2)) - Expect(frame.AckRanges[0]).To(Equal(AckRange{Smallest: 20 + 255, Largest: 0x115})) - Expect(frame.AckRanges[1]).To(Equal(AckRange{Smallest: 1, Largest: 19})) - Expect(frame.LowestAcked()).To(Equal(protocol.PacketNumber(1))) - Expect(b.Len()).To(BeZero()) - }) - - // 256 missing packets fit into two ACK blocks - It("parses a frame with a range of 256 missing packets", func() { - b := bytes.NewReader([]byte{0x60 ^ 0x4, - 0x1, 0x14, // largest acked - 0x0, 0x0, // delay time - 0x2, // num ACK blocks - 0x1, // 1st block - 0xff, 0x0, // 2nd block - 0x1, 0x13, // 3rd block - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0x114))) - Expect(frame.HasMissingRanges()).To(BeTrue()) - Expect(frame.AckRanges).To(HaveLen(2)) - Expect(frame.AckRanges[0]).To(Equal(AckRange{Smallest: 20 + 256, Largest: 0x114})) - Expect(frame.AckRanges[1]).To(Equal(AckRange{Smallest: 1, Largest: 19})) - Expect(frame.LowestAcked()).To(Equal(protocol.PacketNumber(1))) - Expect(b.Len()).To(BeZero()) - }) - - It("parses a frame with an incomplete range at the end", func() { - // this is a modified ACK frame that has 5 instead of originally 6 written ranges - // each gap is 300 packets and thus takes 2 ranges - // the last range is incomplete, and should be completely ignored - b := bytes.NewReader([]byte{0x60 ^ 0x4, - 0x3, 0x9b, // largest acked - 0x0, 0x0, // delay time - 0x5, // num ACK blocks, instead of 0x6 - 0x1, // 1st block - 0xff, 0x0, // 2nd block - 0x2d, 0x1, // 3rd block - 0xff, 0x0, // 4th block - 0x2d, 0x1, // 5th block - 0xff, 0x0, /*0x2d, 0x14,*/ // 6th block - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0x39b))) - Expect(frame.HasMissingRanges()).To(BeTrue()) - Expect(frame.AckRanges).To(HaveLen(3)) - Expect(frame.AckRanges[0]).To(Equal(AckRange{Smallest: 20 + 3*301, Largest: 20 + 3*301})) - Expect(frame.AckRanges[1]).To(Equal(AckRange{Smallest: 20 + 2*301, Largest: 20 + 2*301})) - Expect(frame.AckRanges[2]).To(Equal(AckRange{Smallest: 20 + 1*301, Largest: 20 + 1*301})) - Expect(b.Len()).To(BeZero()) - }) - - It("parses a frame with one long range, spanning 2 blocks, of missing packets", func() { - // 280 missing packets - b := bytes.NewReader([]byte{0x60 ^ 0x4, - 0x1, 0x44, // largest acked - 0x0, 0x0, // delay time - 0x2, // num ACK blocks - 0x19, // 1st block - 0xff, 0x0, // 2nd block - 0x19, 0x13, // 3rd block - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0x144))) - Expect(frame.HasMissingRanges()).To(BeTrue()) - Expect(frame.AckRanges).To(HaveLen(2)) - Expect(frame.AckRanges[0]).To(Equal(AckRange{Smallest: 300, Largest: 0x144})) - Expect(frame.AckRanges[1]).To(Equal(AckRange{Smallest: 1, Largest: 19})) - Expect(frame.LowestAcked()).To(Equal(protocol.PacketNumber(1))) - Expect(b.Len()).To(BeZero()) - }) - - It("parses a frame with one long range, spanning multiple blocks, of missing packets", func() { - // 2345 missing packets - b := bytes.NewReader([]byte{0x60 ^ 0x4, - 0x9, 0x5b, // largest acked - 0x0, 0x0, // delay time - 0xa, // num ACK blocks - 0x1f, // 1st block - 0xff, 0x0, // 2nd block - 0xff, 0x0, // 3rd block - 0xff, 0x0, // 4th block - 0xff, 0x0, // 5th block - 0xff, 0x0, // 6th block - 0xff, 0x0, // 7th block - 0xff, 0x0, // 8th block - 0xff, 0x0, // 9th block - 0xff, 0x0, // 10th block - 0x32, 0x13, // 11th block - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0x95b))) - Expect(frame.HasMissingRanges()).To(BeTrue()) - Expect(frame.AckRanges).To(HaveLen(2)) - Expect(frame.AckRanges[0]).To(Equal(AckRange{Smallest: 2365, Largest: 0x95b})) - Expect(frame.AckRanges[1]).To(Equal(AckRange{Smallest: 1, Largest: 19})) - Expect(frame.LowestAcked()).To(Equal(protocol.PacketNumber(1))) - Expect(b.Len()).To(BeZero()) - }) - - It("parses a frame with multiple 2 byte long ranges of missing packets", func() { - b := bytes.NewReader([]byte{0x60 ^ 0x4 ^ 0x1, - 0x9, 0x66, // largest acked - 0x0, 0x0, // delay time - 0x7, // num ACK blocks - 0x0, 0x7, // 1st block - 0xff, 0x0, 0x0, // 2nd block - 0xf5, 0x2, 0x8a, // 3rd block - 0xc8, 0x0, 0xe6, // 4th block - 0xff, 0x0, 0x0, // 5th block - 0xff, 0x0, 0x0, // 6th block - 0xff, 0x0, 0x0, // 7th block - 0x23, 0x0, 0x13, // 8th block - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0x966))) - Expect(frame.HasMissingRanges()).To(BeTrue()) - Expect(frame.AckRanges).To(HaveLen(4)) - Expect(frame.AckRanges[0]).To(Equal(AckRange{Smallest: 2400, Largest: 0x966})) - Expect(frame.AckRanges[1]).To(Equal(AckRange{Smallest: 1250, Largest: 1899})) - Expect(frame.AckRanges[2]).To(Equal(AckRange{Smallest: 820, Largest: 1049})) - Expect(frame.AckRanges[3]).To(Equal(AckRange{Smallest: 1, Largest: 19})) - Expect(frame.LowestAcked()).To(Equal(protocol.PacketNumber(1))) - Expect(b.Len()).To(BeZero()) - }) - - It("parses a frame with with a 4 byte ack block length", func() { - b := bytes.NewReader([]byte{0x60 ^ 0xc ^ 0x2, - 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, // largest acked - 0x0, 0x0, // delay time - 0x1, // num ACK blocks - 0, 0, 0x13, 0x37, // 1st block - 0x20, 0x12, 0x34, 0x56, 0x78, // 2nd block - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0xdeadbeefcafe))) - Expect(frame.HasMissingRanges()).To(BeTrue()) - Expect(frame.AckRanges).To(HaveLen(2)) - Expect(frame.AckRanges[0]).To(Equal(AckRange{Smallest: 0xdeadbeefcafe - 0x1337 + 1, Largest: 0xdeadbeefcafe})) - Expect(frame.AckRanges[1]).To(Equal(AckRange{Smallest: (0xdeadbeefcafe - 0x1337 + 1) - (0x20 + 1) - (0x12345678 - 1), Largest: (0xdeadbeefcafe - 0x1337 + 1) - (0x20 + 1)})) - }) - - It("parses a frame with with a 6 byte ack block length", func() { - b := bytes.NewReader([]byte{0x60 ^ 0xc ^ 0x3, - 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, // largest acked - 0x0, 0x0, // delay time - 0x1, // num ACk blocks - 0, 0, 0, 0, 0x13, 0x37, // 1st block - 0x20, 0x0, 0xab, 0x12, 0x34, 0x56, 0x78, // 2nd block - 0, - }) - frame, err := parseAckFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(protocol.PacketNumber(0xdeadbeefcafe))) - Expect(frame.HasMissingRanges()).To(BeTrue()) - Expect(frame.AckRanges).To(HaveLen(2)) - Expect(frame.AckRanges[0]).To(Equal(AckRange{Smallest: 0xdeadbeefcafe - 0x1337 + 1, Largest: 0xdeadbeefcafe})) - Expect(frame.AckRanges[1]).To(Equal(AckRange{Smallest: (0xdeadbeefcafe - 0x1337 + 1) - (0x20 + 1) - (0xab12345678 - 1), Largest: (0xdeadbeefcafe - 0x1337 + 1) - (0x20 + 1)})) - }) - }) - }) - }) - - Context("when writing", func() { - var b *bytes.Buffer - - BeforeEach(func() { - b = &bytes.Buffer{} - }) - - Context("self-consistency", func() { - It("writes a simple ACK frame", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{{Smallest: 1, Largest: 1}}, - DelayTime: 876 * time.Microsecond, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.HasMissingRanges()).To(BeFalse()) - Expect(frame.DelayTime).To(Equal(frameOrig.DelayTime)) - Expect(r.Len()).To(BeZero()) - }) - - It("writes an ACK that also acks packet 0", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{{Smallest: 0, Largest: 1}}, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.HasMissingRanges()).To(BeFalse()) - Expect(r.Len()).To(BeZero()) - }) - - It("writes the correct block length in a simple ACK frame", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{{Smallest: 10, Largest: 20}}, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.LowestAcked()).To(Equal(frameOrig.LowestAcked())) - Expect(frame.HasMissingRanges()).To(BeFalse()) - Expect(r.Len()).To(BeZero()) - }) - - It("writes a simple ACK frame with a high packet number", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{{Smallest: 0xdeadbeefcafe, Largest: 0xdeadbeefcafe}}, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.HasMissingRanges()).To(BeFalse()) - Expect(r.Len()).To(BeZero()) - }) - - It("writes an ACK frame with one packet missing", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 25, Largest: 40}, - {Smallest: 0, Largest: 23}, - }, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.LowestAcked()).To(Equal(frameOrig.LowestAcked())) - Expect(frame.AckRanges).To(Equal(frameOrig.AckRanges)) - Expect(r.Len()).To(BeZero()) - }) - - It("writes an ACK frame with multiple missing packets", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 22, Largest: 25}, - {Smallest: 15, Largest: 18}, - {Smallest: 13, Largest: 13}, - {Smallest: 1, Largest: 10}, - }, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.LowestAcked()).To(Equal(frameOrig.LowestAcked())) - Expect(frame.AckRanges).To(Equal(frameOrig.AckRanges)) - Expect(r.Len()).To(BeZero()) - }) - - Context("longer gaps between ACK blocks", func() { - It("only writes one block for 254 lost packets", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 20 + 254, Largest: 300}, - {Smallest: 1, Largest: 19}, - }, - } - Expect(frameOrig.numWritableNackRanges()).To(Equal(uint64(2))) - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.AckRanges).To(Equal(frameOrig.AckRanges)) - }) - - It("only writes one block for 255 lost packets", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 20 + 255, Largest: 300}, - {Smallest: 1, Largest: 19}, - }, - } - Expect(frameOrig.numWritableNackRanges()).To(Equal(uint64(2))) - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.AckRanges).To(Equal(frameOrig.AckRanges)) - }) - - It("writes two blocks for 256 lost packets", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 20 + 256, Largest: 300}, - {Smallest: 1, Largest: 19}, - }, - } - Expect(frameOrig.numWritableNackRanges()).To(Equal(uint64(3))) - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.AckRanges).To(Equal(frameOrig.AckRanges)) - }) - - It("writes two blocks for 510 lost packets", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 20 + 510, Largest: 600}, - {Smallest: 1, Largest: 19}, - }, - } - Expect(frameOrig.numWritableNackRanges()).To(Equal(uint64(3))) - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.AckRanges).To(Equal(frameOrig.AckRanges)) - }) - - It("writes three blocks for 511 lost packets", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 20 + 511, Largest: 600}, - {Smallest: 1, Largest: 19}, - }, - } - Expect(frameOrig.numWritableNackRanges()).To(Equal(uint64(4))) - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.AckRanges).To(Equal(frameOrig.AckRanges)) - }) - - It("writes three blocks for 512 lost packets", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 20 + 512, Largest: 600}, - {Smallest: 1, Largest: 19}, - }, - } - Expect(frameOrig.numWritableNackRanges()).To(Equal(uint64(4))) - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.AckRanges).To(Equal(frameOrig.AckRanges)) - }) - - It("writes multiple blocks for a lot of lost packets", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 2900, Largest: 3000}, - {Smallest: 1, Largest: 19}, - }, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.AckRanges).To(Equal(frameOrig.AckRanges)) - }) - - It("writes multiple longer blocks for 256 lost packets", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 2900, Largest: 3600}, - {Smallest: 1000, Largest: 2500}, - {Smallest: 1, Largest: 19}, - }, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.AckRanges).To(Equal(frameOrig.AckRanges)) - }) - }) - - Context("largest acked length", func() { - It("writes a 1 largest acked", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{{Smallest: 1, Largest: 200}}, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x3).To(Equal(byte(0x0))) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.LowestAcked()).To(Equal(frameOrig.LowestAcked())) - Expect(r.Len()).To(BeZero()) - }) - - It("writes a 2 byte largest acked", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{{Smallest: 1, Largest: 0x100}}, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x3).To(Equal(byte(0x1))) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.LowestAcked()).To(Equal(frameOrig.LowestAcked())) - Expect(r.Len()).To(BeZero()) - }) - - It("writes a 4 byte largest acked", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{{Smallest: 1, Largest: 0x10000}}, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x3).To(Equal(byte(0x2))) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.LowestAcked()).To(Equal(frameOrig.LowestAcked())) - Expect(r.Len()).To(BeZero()) - }) - - It("writes a 6 byte largest acked", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{{Smallest: 1, Largest: 0x100000000}}, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x3).To(Equal(byte(0x3))) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.LowestAcked()).To(Equal(frameOrig.LowestAcked())) - Expect(r.Len()).To(BeZero()) - }) - }) - - Context("ack block length", func() { - It("writes a 1 byte ack block length, if all ACK blocks are short", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 5000, Largest: 5001}, - {Smallest: 250, Largest: 300}, - {Smallest: 1, Largest: 200}, - }, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x3).To(Equal(byte(0x0))) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.LowestAcked()).To(Equal(frameOrig.LowestAcked())) - Expect(frame.AckRanges).To(Equal(frameOrig.AckRanges)) - Expect(r.Len()).To(BeZero()) - }) - - It("writes a 2 byte ack block length, for a frame with one ACK block", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 9990, Largest: 10000}, - {Smallest: 1, Largest: 9988}, - }, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x3).To(Equal(byte(0x1))) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.LowestAcked()).To(Equal(frameOrig.LowestAcked())) - Expect(frame.AckRanges).To(Equal(frameOrig.AckRanges)) - Expect(r.Len()).To(BeZero()) - }) - - It("writes a 2 byte ack block length, for a frame with multiple ACK blocks", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 9990, Largest: 10000}, - {Smallest: 1, Largest: 256}, - }, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x3).To(Equal(byte(0x1))) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.LowestAcked()).To(Equal(frameOrig.LowestAcked())) - Expect(frame.AckRanges).To(Equal(frameOrig.AckRanges)) - Expect(r.Len()).To(BeZero()) - }) - - It("writes a 4 byte ack block length, for a frame with single ACK blocks", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 9990, Largest: 0xdeadbeef}, - {Smallest: 1, Largest: 9988}, - }, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x3).To(Equal(byte(0x2))) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.LowestAcked()).To(Equal(frameOrig.LowestAcked())) - Expect(frame.AckRanges).To(Equal(frameOrig.AckRanges)) - Expect(r.Len()).To(BeZero()) - }) - - It("writes a 4 byte ack block length, for a frame with multiple ACK blocks", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 9990, Largest: 0xdeadbeef}, - {Smallest: 1, Largest: 256}, - }, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x3).To(Equal(byte(0x2))) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.LowestAcked()).To(Equal(frameOrig.LowestAcked())) - Expect(frame.AckRanges).To(Equal(frameOrig.AckRanges)) - Expect(r.Len()).To(BeZero()) - }) - - It("writes a 6 byte ack block length, for a frame with a single ACK blocks", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 9990, Largest: 0xdeadbeefcafe}, - {Smallest: 1, Largest: 9988}, - }, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x3).To(Equal(byte(0x3))) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.LowestAcked()).To(Equal(frameOrig.LowestAcked())) - Expect(frame.AckRanges).To(Equal(frameOrig.AckRanges)) - Expect(r.Len()).To(BeZero()) - }) - - It("writes a 6 byte ack block length, for a frame with multiple ACK blocks", func() { - frameOrig := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 9990, Largest: 0xdeadbeefcafe}, - {Smallest: 1, Largest: 256}, - }, - } - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x3).To(Equal(byte(0x3))) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.LowestAcked()).To(Equal(frameOrig.LowestAcked())) - Expect(frame.AckRanges).To(Equal(frameOrig.AckRanges)) - Expect(r.Len()).To(BeZero()) - }) - }) - - Context("too many ACK blocks", func() { - It("skips the lowest ACK ranges, if there are more than 255 AckRanges", func() { - ackRanges := make([]AckRange, 300) - for i := 1; i <= 300; i++ { - ackRanges[300-i] = AckRange{Smallest: protocol.PacketNumber(3 * i), Largest: protocol.PacketNumber(3*i + 1)} - } - frameOrig := &AckFrame{AckRanges: ackRanges} - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.LowestAcked()).To(Equal(ackRanges[254].Smallest)) - Expect(frame.AckRanges).To(HaveLen(0xFF)) - Expect(frame.validateAckRanges()).To(BeTrue()) - }) - - It("skips the lowest ACK ranges, if the gaps are large", func() { - ackRanges := make([]AckRange, 100) - // every AckRange will take 4 written ACK ranges - for i := 1; i <= 100; i++ { - ackRanges[100-i] = AckRange{Smallest: protocol.PacketNumber(1000 * i), Largest: protocol.PacketNumber(1000*i + 1)} - } - frameOrig := &AckFrame{AckRanges: ackRanges} - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.LowestAcked()).To(Equal(ackRanges[255/4].Smallest)) - Expect(frame.validateAckRanges()).To(BeTrue()) - }) - - It("works with huge gaps", func() { - ackRanges := []AckRange{ - {Smallest: 2 * 255 * 200, Largest: 2*255*200 + 1}, - {Smallest: 1 * 255 * 200, Largest: 1*255*200 + 1}, - {Smallest: 1, Largest: 2}, - } - frameOrig := &AckFrame{AckRanges: ackRanges} - err := frameOrig.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - r := bytes.NewReader(b.Bytes()) - frame, err := parseAckFrame(r, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LargestAcked()).To(Equal(frameOrig.LargestAcked())) - Expect(frame.AckRanges).To(HaveLen(2)) - Expect(frame.LowestAcked()).To(Equal(ackRanges[1].Smallest)) - Expect(frame.validateAckRanges()).To(BeTrue()) - }) - }) - }) - - Context("min length", func() { - It("has proper min length", func() { - f := &AckFrame{ - AckRanges: []AckRange{{Smallest: 1, Largest: 1}}, - } - err := f.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(f.Length(versionBigEndian)).To(Equal(protocol.ByteCount(b.Len()))) - }) - - It("has proper min length with a large LargestObserved", func() { - f := &AckFrame{ - AckRanges: []AckRange{{Smallest: 1, Largest: 0xdeadbeefcafe}}, - } - err := f.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(f.Length(versionBigEndian)).To(Equal(protocol.ByteCount(b.Len()))) - }) - - It("has the proper min length for an ACK with missing packets", func() { - f := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 1000, Largest: 2000}, - {Smallest: 50, Largest: 900}, - {Smallest: 10, Largest: 23}, - }, - } - err := f.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(f.Length(versionBigEndian)).To(Equal(protocol.ByteCount(b.Len()))) - }) - - It("has the proper min length for an ACK with long gaps of missing packets", func() { - f := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 1500, Largest: 2000}, - {Smallest: 290, Largest: 295}, - {Smallest: 1, Largest: 19}, - }, - } - err := f.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(f.Length(versionBigEndian)).To(Equal(protocol.ByteCount(b.Len()))) - }) - - It("has the proper min length for an ACK with a long ACK range", func() { - largestAcked := protocol.PacketNumber(2 + 0xFFFFFF) - f := &AckFrame{ - AckRanges: []AckRange{ - {Smallest: 1500, Largest: largestAcked}, - {Smallest: 290, Largest: 295}, - {Smallest: 1, Largest: 19}, - }, - } - err := f.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(f.Length(versionBigEndian)).To(Equal(protocol.ByteCount(b.Len()))) - }) - }) - }) -}) diff --git a/internal/wire/blocked_frame.go b/internal/wire/blocked_frame.go index 1d3e56e5..5552b399 100644 --- a/internal/wire/blocked_frame.go +++ b/internal/wire/blocked_frame.go @@ -27,9 +27,6 @@ func parseBlockedFrame(r *bytes.Reader, _ protocol.VersionNumber) (*BlockedFrame } func (f *BlockedFrame) Write(b *bytes.Buffer, version protocol.VersionNumber) error { - if !version.UsesIETFFrameFormat() { - return (&blockedFrameLegacy{}).Write(b, version) - } typeByte := uint8(0x08) b.WriteByte(typeByte) utils.WriteVarInt(b, uint64(f.Offset)) @@ -38,8 +35,5 @@ func (f *BlockedFrame) Write(b *bytes.Buffer, version protocol.VersionNumber) er // Length of a written frame func (f *BlockedFrame) Length(version protocol.VersionNumber) protocol.ByteCount { - if !version.UsesIETFFrameFormat() { - return 1 + 4 - } return 1 + utils.VarIntLen(uint64(f.Offset)) } diff --git a/internal/wire/blocked_frame_legacy.go b/internal/wire/blocked_frame_legacy.go deleted file mode 100644 index 9943e166..00000000 --- a/internal/wire/blocked_frame_legacy.go +++ /dev/null @@ -1,37 +0,0 @@ -package wire - -import ( - "bytes" - - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/utils" -) - -type blockedFrameLegacy struct { - StreamID protocol.StreamID -} - -// parseBlockedFrameLegacy parses a BLOCKED frame (in gQUIC format) -// The frame returned is -// * a STREAM_BLOCKED frame, if the BLOCKED applies to a stream -// * a BLOCKED frame, if the BLOCKED applies to the connection -func parseBlockedFrameLegacy(r *bytes.Reader, _ protocol.VersionNumber) (Frame, error) { - if _, err := r.ReadByte(); err != nil { // read the TypeByte - return nil, err - } - streamID, err := utils.BigEndian.ReadUint32(r) - if err != nil { - return nil, err - } - if streamID == 0 { - return &BlockedFrame{}, nil - } - return &StreamBlockedFrame{StreamID: protocol.StreamID(streamID)}, nil -} - -//Write writes a BLOCKED frame -func (f *blockedFrameLegacy) Write(b *bytes.Buffer, _ protocol.VersionNumber) error { - b.WriteByte(0x05) - utils.BigEndian.WriteUint32(b, uint32(f.StreamID)) - return nil -} diff --git a/internal/wire/blocked_frame_legacy_test.go b/internal/wire/blocked_frame_legacy_test.go deleted file mode 100644 index 6bd5abcf..00000000 --- a/internal/wire/blocked_frame_legacy_test.go +++ /dev/null @@ -1,65 +0,0 @@ -package wire - -import ( - "bytes" - - "github.com/lucas-clemente/quic-go/internal/protocol" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("legacy BLOCKED Frame", func() { - Context("when parsing", func() { - It("accepts sample frame for a stream", func() { - b := bytes.NewReader([]byte{0x5, 0xde, 0xad, 0xbe, 0xef}) - f, err := parseBlockedFrameLegacy(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(f).To(BeAssignableToTypeOf(&StreamBlockedFrame{})) - frame := f.(*StreamBlockedFrame) - Expect(frame.StreamID).To(Equal(protocol.StreamID(0xdeadbeef))) - }) - - It("accepts sample frame for the connection", func() { - b := bytes.NewReader([]byte{0x5, 0x0, 0x0, 0x0, 0x0}) - f, err := parseBlockedFrameLegacy(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(f).To(BeAssignableToTypeOf(&BlockedFrame{})) - }) - }) - - It("errors on EOFs", func() { - data := []byte{0x5, 0xef, 0xbe, 0xad, 0xde} - _, err := parseBlockedFrameLegacy(bytes.NewReader(data), protocol.VersionWhatever) - Expect(err).NotTo(HaveOccurred()) - for i := range data { - _, err := parseBlockedFrameLegacy(bytes.NewReader(data[0:i]), protocol.VersionWhatever) - Expect(err).To(HaveOccurred()) - } - }) - - Context("when writing", func() { - It("writes a BLOCKED frame for a stream", func() { - b := &bytes.Buffer{} - frame := StreamBlockedFrame{StreamID: 0x1337} - frame.Write(b, versionBigEndian) - Expect(b.Bytes()).To(Equal([]byte{0x5, 0x0, 0x0, 0x13, 0x37})) - }) - - It("has the correct min length for a BLOCKED frame for a stream", func() { - frame := StreamBlockedFrame{StreamID: 3} - Expect(frame.Length(versionBigEndian)).To(Equal(protocol.ByteCount(5))) - }) - - It("writes a BLOCKED frame for the connection", func() { - b := &bytes.Buffer{} - frame := BlockedFrame{} - frame.Write(b, versionBigEndian) - Expect(b.Bytes()).To(Equal([]byte{0x5, 0x0, 0x0, 0x0, 0x0})) - }) - - It("has the correct min length for a BLOCKED frame for the connection", func() { - frame := BlockedFrame{} - Expect(frame.Length(versionBigEndian)).To(Equal(protocol.ByteCount(5))) - }) - }) -}) diff --git a/internal/wire/connection_close_frame.go b/internal/wire/connection_close_frame.go index 667ded74..473f3dce 100644 --- a/internal/wire/connection_close_frame.go +++ b/internal/wire/connection_close_frame.go @@ -25,27 +25,14 @@ func parseConnectionCloseFrame(r *bytes.Reader, version protocol.VersionNumber) var errorCode qerr.ErrorCode var reasonPhraseLen uint64 - if version.UsesIETFFrameFormat() { - ec, err := utils.BigEndian.ReadUint16(r) - if err != nil { - return nil, err - } - errorCode = qerr.ErrorCode(ec) - reasonPhraseLen, err = utils.ReadVarInt(r) - if err != nil { - return nil, err - } - } else { - ec, err := utils.BigEndian.ReadUint32(r) - if err != nil { - return nil, err - } - errorCode = qerr.ErrorCode(ec) - length, err := utils.BigEndian.ReadUint16(r) - if err != nil { - return nil, err - } - reasonPhraseLen = uint64(length) + ec, err := utils.BigEndian.ReadUint16(r) + if err != nil { + return nil, err + } + errorCode = qerr.ErrorCode(ec) + reasonPhraseLen, err = utils.ReadVarInt(r) + if err != nil { + return nil, err } // shortcut to prevent the unnecessary allocation of dataLen bytes @@ -69,10 +56,7 @@ func parseConnectionCloseFrame(r *bytes.Reader, version protocol.VersionNumber) // Length of a written frame func (f *ConnectionCloseFrame) Length(version protocol.VersionNumber) protocol.ByteCount { - if version.UsesIETFFrameFormat() { - return 1 + 2 + utils.VarIntLen(uint64(len(f.ReasonPhrase))) + protocol.ByteCount(len(f.ReasonPhrase)) - } - return 1 + 4 + 2 + protocol.ByteCount(len(f.ReasonPhrase)) + return 1 + 2 + utils.VarIntLen(uint64(len(f.ReasonPhrase))) + protocol.ByteCount(len(f.ReasonPhrase)) } // Write writes an CONNECTION_CLOSE frame. @@ -83,13 +67,8 @@ func (f *ConnectionCloseFrame) Write(b *bytes.Buffer, version protocol.VersionNu return errors.New("ConnectionFrame: ReasonPhrase too long") } - if version.UsesIETFFrameFormat() { - utils.BigEndian.WriteUint16(b, uint16(f.ErrorCode)) - utils.WriteVarInt(b, uint64(len(f.ReasonPhrase))) - } else { - utils.BigEndian.WriteUint32(b, uint32(f.ErrorCode)) - utils.BigEndian.WriteUint16(b, uint16(len(f.ReasonPhrase))) - } + utils.BigEndian.WriteUint16(b, uint16(f.ErrorCode)) + utils.WriteVarInt(b, uint64(len(f.ReasonPhrase))) b.WriteString(f.ReasonPhrase) return nil diff --git a/internal/wire/connection_close_frame_test.go b/internal/wire/connection_close_frame_test.go index c43095da..c2198091 100644 --- a/internal/wire/connection_close_frame_test.go +++ b/internal/wire/connection_close_frame_test.go @@ -12,185 +12,89 @@ import ( var _ = Describe("CONNECTION_CLOSE Frame", func() { Context("when parsing", func() { - Context("in varint encoding", func() { - It("accepts sample frame", func() { - data := []byte{0x2, 0x0, 0x19} - data = append(data, encodeVarInt(0x1b)...) // reason phrase length - data = append(data, []byte{ - 'N', 'o', ' ', 'r', 'e', 'c', 'e', 'n', 't', ' ', 'n', 'e', 't', 'w', 'o', 'r', 'k', ' ', 'a', 'c', 't', 'i', 'v', 'i', 't', 'y', '.', - }...) - b := bytes.NewReader(data) - frame, err := parseConnectionCloseFrame(b, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.ErrorCode).To(Equal(qerr.ErrorCode(0x19))) - Expect(frame.ReasonPhrase).To(Equal("No recent network activity.")) - Expect(b.Len()).To(BeZero()) - }) - - It("rejects long reason phrases", func() { - data := []byte{0x2, 0xca, 0xfe} - data = append(data, encodeVarInt(0xffff)...) // reason phrase length - b := bytes.NewReader(data) - _, err := parseConnectionCloseFrame(b, versionIETFFrames) - Expect(err).To(MatchError(io.EOF)) - }) - - It("errors on EOFs", func() { - data := []byte{0x2, 0x0, 0x19} - data = append(data, encodeVarInt(0x1b)...) // reason phrase length - data = append(data, []byte{ - 'N', 'o', ' ', 'r', 'e', 'c', 'e', 'n', 't', ' ', 'n', 'e', 't', 'w', 'o', 'r', 'k', ' ', 'a', 'c', 't', 'i', 'v', 'i', 't', 'y', '.', - }...) - _, err := parseConnectionCloseFrame(bytes.NewReader(data), versionIETFFrames) - Expect(err).NotTo(HaveOccurred()) - for i := range data { - _, err := parseConnectionCloseFrame(bytes.NewReader(data[0:i]), versionIETFFrames) - Expect(err).To(HaveOccurred()) - } - }) - - It("parses a frame without a reason phrase", func() { - data := []byte{0x2, 0xca, 0xfe} - data = append(data, encodeVarInt(0)...) - b := bytes.NewReader(data) - frame, err := parseConnectionCloseFrame(b, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.ReasonPhrase).To(BeEmpty()) - Expect(b.Len()).To(BeZero()) - }) + It("accepts sample frame", func() { + data := []byte{0x2, 0x0, 0x19} + data = append(data, encodeVarInt(0x1b)...) // reason phrase length + data = append(data, []byte{ + 'N', 'o', ' ', 'r', 'e', 'c', 'e', 'n', 't', ' ', 'n', 'e', 't', 'w', 'o', 'r', 'k', ' ', 'a', 'c', 't', 'i', 'v', 'i', 't', 'y', '.', + }...) + b := bytes.NewReader(data) + frame, err := parseConnectionCloseFrame(b, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(frame.ErrorCode).To(Equal(qerr.ErrorCode(0x19))) + Expect(frame.ReasonPhrase).To(Equal("No recent network activity.")) + Expect(b.Len()).To(BeZero()) }) - Context("in big endian", func() { - It("accepts sample frame", func() { - b := bytes.NewReader([]byte{0x2, - 0x0, 0x0, 0x0, 0x19, // error code - 0x0, 0x1b, // reason phrase length - 'N', 'o', ' ', 'r', 'e', 'c', 'e', 'n', 't', ' ', 'n', 'e', 't', 'w', 'o', 'r', 'k', ' ', 'a', 'c', 't', 'i', 'v', 'i', 't', 'y', '.', - }) - frame, err := parseConnectionCloseFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.ErrorCode).To(Equal(qerr.ErrorCode(0x19))) - Expect(frame.ReasonPhrase).To(Equal("No recent network activity.")) - Expect(b.Len()).To(BeZero()) - }) + It("rejects long reason phrases", func() { + data := []byte{0x2, 0xca, 0xfe} + data = append(data, encodeVarInt(0xffff)...) // reason phrase length + b := bytes.NewReader(data) + _, err := parseConnectionCloseFrame(b, versionIETFFrames) + Expect(err).To(MatchError(io.EOF)) + }) - It("rejects long reason phrases", func() { - b := bytes.NewReader([]byte{0x2, - 0xad, 0xfb, 0xca, 0xde, // error code - 0xff, 0x0, // reason phrase length - }) - _, err := parseConnectionCloseFrame(b, versionBigEndian) - Expect(err).To(MatchError(io.EOF)) - }) + It("errors on EOFs", func() { + data := []byte{0x2, 0x0, 0x19} + data = append(data, encodeVarInt(0x1b)...) // reason phrase length + data = append(data, []byte{ + 'N', 'o', ' ', 'r', 'e', 'c', 'e', 'n', 't', ' ', 'n', 'e', 't', 'w', 'o', 'r', 'k', ' ', 'a', 'c', 't', 'i', 'v', 'i', 't', 'y', '.', + }...) + _, err := parseConnectionCloseFrame(bytes.NewReader(data), versionIETFFrames) + Expect(err).NotTo(HaveOccurred()) + for i := range data { + _, err := parseConnectionCloseFrame(bytes.NewReader(data[0:i]), versionIETFFrames) + Expect(err).To(HaveOccurred()) + } + }) - It("errors on EOFs", func() { - data := []byte{0x40, - 0x19, 0x0, 0x0, 0x0, // error code - 0x0, 0x1b, // reason phrase length - 'N', 'o', ' ', 'r', 'e', 'c', 'e', 'n', 't', ' ', 'n', 'e', 't', 'w', 'o', 'r', 'k', ' ', 'a', 'c', 't', 'i', 'v', 'i', 't', 'y', '.', - } - _, err := parseConnectionCloseFrame(bytes.NewReader(data), versionBigEndian) - Expect(err).NotTo(HaveOccurred()) - for i := range data { - _, err := parseConnectionCloseFrame(bytes.NewReader(data[0:i]), versionBigEndian) - Expect(err).To(HaveOccurred()) - } - }) - - It("parses a frame without a reason phrase", func() { - b := bytes.NewReader([]byte{0x2, - 0xad, 0xfb, 0xca, 0xde, // error code - 0x0, 0x0, // reason phrase length - }) - frame, err := parseConnectionCloseFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.ReasonPhrase).To(BeEmpty()) - Expect(b.Len()).To(BeZero()) - }) + It("parses a frame without a reason phrase", func() { + data := []byte{0x2, 0xca, 0xfe} + data = append(data, encodeVarInt(0)...) + b := bytes.NewReader(data) + frame, err := parseConnectionCloseFrame(b, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(frame.ReasonPhrase).To(BeEmpty()) + Expect(b.Len()).To(BeZero()) }) }) Context("when writing", func() { - Context("in varint encoding", func() { - It("writes a frame without a ReasonPhrase", func() { - b := &bytes.Buffer{} - frame := &ConnectionCloseFrame{ - ErrorCode: 0xbeef, - } - err := frame.Write(b, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - expected := []byte{0x2, 0xbe, 0xef} - expected = append(expected, encodeVarInt(0)...) - Expect(b.Bytes()).To(Equal(expected)) - }) - - It("writes a frame with a ReasonPhrase", func() { - b := &bytes.Buffer{} - frame := &ConnectionCloseFrame{ - ErrorCode: 0xdead, - ReasonPhrase: "foobar", - } - err := frame.Write(b, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - expected := []byte{0x2, 0xde, 0xad} - expected = append(expected, encodeVarInt(6)...) - expected = append(expected, []byte{'f', 'o', 'o', 'b', 'a', 'r'}...) - Expect(b.Bytes()).To(Equal(expected)) - }) - - It("has proper min length", func() { - b := &bytes.Buffer{} - f := &ConnectionCloseFrame{ - ErrorCode: 0xcafe, - ReasonPhrase: "foobar", - } - err := f.Write(b, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(f.Length(versionIETFFrames)).To(Equal(protocol.ByteCount(b.Len()))) - }) + It("writes a frame without a ReasonPhrase", func() { + b := &bytes.Buffer{} + frame := &ConnectionCloseFrame{ + ErrorCode: 0xbeef, + } + err := frame.Write(b, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + expected := []byte{0x2, 0xbe, 0xef} + expected = append(expected, encodeVarInt(0)...) + Expect(b.Bytes()).To(Equal(expected)) }) - Context("in big endian", func() { - It("writes a frame without a ReasonPhrase", func() { - b := &bytes.Buffer{} - frame := &ConnectionCloseFrame{ - ErrorCode: 0xdeadbeef, - } - err := frame.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Len()).To(Equal(1 + 2 + 4)) - Expect(b.Bytes()).To(Equal([]byte{0x2, - 0xde, 0xad, 0xbe, 0xef, // error code - 0x0, 0x0, // reason phrase length - })) - }) + It("writes a frame with a ReasonPhrase", func() { + b := &bytes.Buffer{} + frame := &ConnectionCloseFrame{ + ErrorCode: 0xdead, + ReasonPhrase: "foobar", + } + err := frame.Write(b, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + expected := []byte{0x2, 0xde, 0xad} + expected = append(expected, encodeVarInt(6)...) + expected = append(expected, []byte{'f', 'o', 'o', 'b', 'a', 'r'}...) + Expect(b.Bytes()).To(Equal(expected)) + }) - It("writes a frame with a ReasonPhrase", func() { - b := &bytes.Buffer{} - frame := &ConnectionCloseFrame{ - ErrorCode: 0xdeadbeef, - ReasonPhrase: "foobar", - } - err := frame.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Len()).To(Equal(1 + 2 + 4 + len(frame.ReasonPhrase))) - Expect(b.Bytes()).To(Equal([]byte{0x2, - 0xde, 0xad, 0xbe, 0xef, // error code - 0x0, 0x6, // reason phrase length - 'f', 'o', 'o', 'b', 'a', 'r', - })) - }) - - It("has proper min length", func() { - b := &bytes.Buffer{} - f := &ConnectionCloseFrame{ - ErrorCode: 0xcafe, - ReasonPhrase: "foobar", - } - err := f.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(f.Length(versionBigEndian)).To(Equal(protocol.ByteCount(b.Len()))) - }) + It("has proper min length", func() { + b := &bytes.Buffer{} + f := &ConnectionCloseFrame{ + ErrorCode: 0xcafe, + ReasonPhrase: "foobar", + } + err := f.Write(b, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(f.Length(versionIETFFrames)).To(Equal(protocol.ByteCount(b.Len()))) }) }) }) diff --git a/internal/wire/frame_parser.go b/internal/wire/frame_parser.go index a44d704d..ed69c01f 100644 --- a/internal/wire/frame_parser.go +++ b/internal/wire/frame_parser.go @@ -2,7 +2,6 @@ package wire import ( "bytes" - "errors" "fmt" "github.com/lucas-clemente/quic-go/internal/protocol" @@ -19,15 +18,12 @@ func ParseNextFrame(r *bytes.Reader, hdr *Header, v protocol.VersionNumber) (Fra } r.UnreadByte() - if !v.UsesIETFFrameFormat() { - return parseGQUICFrame(r, typeByte, hdr, v) - } - return parseIETFFrame(r, typeByte, v) + return parseFrame(r, typeByte, v) } return nil, nil } -func parseIETFFrame(r *bytes.Reader, typeByte byte, v protocol.VersionNumber) (Frame, error) { +func parseFrame(r *bytes.Reader, typeByte byte, v protocol.VersionNumber) (Frame, error) { var frame Frame var err error if typeByte&0xf8 == 0x10 { @@ -111,62 +107,3 @@ func parseIETFFrame(r *bytes.Reader, typeByte byte, v protocol.VersionNumber) (F } return frame, err } - -func parseGQUICFrame(r *bytes.Reader, typeByte byte, hdr *Header, v protocol.VersionNumber) (Frame, error) { - var frame Frame - var err error - if typeByte&0x80 == 0x80 { - frame, err = parseStreamFrame(r, v) - if err != nil { - err = qerr.Error(qerr.InvalidStreamData, err.Error()) - } - return frame, err - } else if typeByte&0xc0 == 0x40 { - frame, err = parseAckFrame(r, v) - if err != nil { - err = qerr.Error(qerr.InvalidAckData, err.Error()) - } - return frame, err - } - switch typeByte { - case 0x1: - frame, err = parseRstStreamFrame(r, v) - if err != nil { - err = qerr.Error(qerr.InvalidRstStreamData, err.Error()) - } - case 0x2: - frame, err = parseConnectionCloseFrame(r, v) - if err != nil { - err = qerr.Error(qerr.InvalidConnectionCloseData, err.Error()) - } - case 0x3: - frame, err = parseGoawayFrame(r, v) - if err != nil { - err = qerr.Error(qerr.InvalidGoawayData, err.Error()) - } - case 0x4: - frame, err = parseWindowUpdateFrame(r, v) - if err != nil { - err = qerr.Error(qerr.InvalidWindowUpdateData, err.Error()) - } - case 0x5: - frame, err = parseBlockedFrameLegacy(r, v) - if err != nil { - err = qerr.Error(qerr.InvalidBlockedData, err.Error()) - } - case 0x6: - if !v.UsesStopWaitingFrames() { - err = errors.New("STOP_WAITING frames not supported by this QUIC version") - break - } - frame, err = parseStopWaitingFrame(r, hdr.PacketNumber, hdr.PacketNumberLen, v) - if err != nil { - err = qerr.Error(qerr.InvalidStopWaitingData, err.Error()) - } - case 0x7: - frame, err = parsePingFrame(r, v) - default: - err = qerr.Error(qerr.InvalidFrameData, fmt.Sprintf("unknown type byte 0x%x", typeByte)) - } - return frame, err -} diff --git a/internal/wire/frame_parser_test.go b/internal/wire/frame_parser_test.go index e757eba9..9e771dd4 100644 --- a/internal/wire/frame_parser_test.go +++ b/internal/wire/frame_parser_test.go @@ -38,335 +38,177 @@ var _ = Describe("Frame parsing", func() { Expect(r.Len()).To(BeZero()) }) - Context("for gQUIC frames", func() { - It("unpacks RST_STREAM frames", func() { - f := &RstStreamFrame{ - StreamID: 0xdeadbeef, - ByteOffset: 0xdecafbad11223344, - ErrorCode: 0x1337, - } - err := f.Write(buf, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(Equal(f)) - }) - - It("unpacks CONNECTION_CLOSE frames", func() { - f := &ConnectionCloseFrame{ReasonPhrase: "foo"} - err := f.Write(buf, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(Equal(f)) - }) - - It("unpacks GOAWAY frames", func() { - f := &GoawayFrame{ - ErrorCode: 1, - LastGoodStream: 2, - ReasonPhrase: "foo", - } - err := f.Write(buf, 0) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(Equal(f)) - }) - - It("unpacks a stream-level WINDOW_UPDATE frame", func() { - f := &MaxStreamDataFrame{ - StreamID: 0xdeadbeef, - ByteOffset: 0xcafe000000001337, - } - buf := &bytes.Buffer{} - err := f.Write(buf, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(Equal(f)) - }) - - It("unpacks a connection-level WINDOW_UPDATE frame", func() { - f := &MaxDataFrame{ - ByteOffset: 0xcafe000000001337, - } - err := f.Write(buf, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(Equal(f)) - }) - - It("unpacks connection-level BLOCKED frames", func() { - f := &BlockedFrame{} - err := f.Write(buf, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(Equal(f)) - }) - - It("unpacks stream-level BLOCKED frames", func() { - f := &StreamBlockedFrame{StreamID: 0xdeadbeef} - err := f.Write(buf, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(Equal(f)) - }) - - It("unpacks STOP_WAITING frames", func() { - hdr := &Header{ - PacketNumber: 0x1338, - PacketNumberLen: protocol.PacketNumberLen4, - } - f := &StopWaitingFrame{ - LeastUnacked: 0x1337, - PacketNumber: hdr.PacketNumber, - PacketNumberLen: hdr.PacketNumberLen, - } - err := f.Write(buf, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), hdr, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(BeAssignableToTypeOf(f)) - Expect(frame.(*StopWaitingFrame).LeastUnacked).To(Equal(protocol.PacketNumber(0x1337))) - }) - - It("errors on STOP_WAITING frames in QUIC 44", func() { - Expect(protocol.Version44.UsesStopWaitingFrames()).To(BeFalse()) - hdr := &Header{ - PacketNumber: 0x1338, - PacketNumberLen: protocol.PacketNumberLen4, - } - f := &StopWaitingFrame{ - LeastUnacked: 0x1337, - PacketNumber: hdr.PacketNumber, - PacketNumberLen: hdr.PacketNumberLen, - } - err := f.Write(buf, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - _, err = ParseNextFrame(bytes.NewReader(buf.Bytes()), hdr, protocol.Version44) - Expect(err).To(MatchError("STOP_WAITING frames not supported by this QUIC version")) - }) - - It("unpacks PING frames", func() { - f := &PingFrame{} - err := f.Write(buf, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(Equal(f)) - }) - - It("unpacks ACK frames", func() { - f := &AckFrame{AckRanges: []AckRange{{Smallest: 1, Largest: 0x13}}} - err := f.Write(buf, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).ToNot(BeNil()) - Expect(frame).To(BeAssignableToTypeOf(f)) - Expect(frame.(*AckFrame).LargestAcked()).To(Equal(protocol.PacketNumber(0x13))) - }) - - It("errors on invalid type", func() { - _, err := ParseNextFrame(bytes.NewReader([]byte{0xf}), nil, versionBigEndian) - Expect(err).To(MatchError("InvalidFrameData: unknown type byte 0xf")) - }) - - It("errors on invalid frames", func() { - for b, e := range map[byte]qerr.ErrorCode{ - 0x80: qerr.InvalidStreamData, - 0x40: qerr.InvalidAckData, - 0x01: qerr.InvalidRstStreamData, - 0x02: qerr.InvalidConnectionCloseData, - 0x03: qerr.InvalidGoawayData, - 0x04: qerr.InvalidWindowUpdateData, - 0x05: qerr.InvalidBlockedData, - 0x06: qerr.InvalidStopWaitingData, - } { - _, err := ParseNextFrame(bytes.NewReader([]byte{b}), &Header{PacketNumberLen: 2}, versionBigEndian) - Expect(err).To(HaveOccurred()) - Expect(err.(*qerr.QuicError).ErrorCode).To(Equal(e)) - } - }) + It("unpacks RST_STREAM frames", func() { + f := &RstStreamFrame{ + StreamID: 0xdeadbeef, + ByteOffset: 0xdecafbad1234, + ErrorCode: 0x1337, + } + err := f.Write(buf, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(frame).To(Equal(f)) }) - Context("for IETF draft frames", func() { - It("unpacks RST_STREAM frames", func() { - f := &RstStreamFrame{ - StreamID: 0xdeadbeef, - ByteOffset: 0xdecafbad1234, - ErrorCode: 0x1337, - } - err := f.Write(buf, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(Equal(f)) - }) + It("unpacks CONNECTION_CLOSE frames", func() { + f := &ConnectionCloseFrame{ReasonPhrase: "foo"} + err := f.Write(buf, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(frame).To(Equal(f)) + }) - It("unpacks CONNECTION_CLOSE frames", func() { - f := &ConnectionCloseFrame{ReasonPhrase: "foo"} - err := f.Write(buf, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(Equal(f)) - }) + It("unpacks MAX_DATA frames", func() { + f := &MaxDataFrame{ + ByteOffset: 0xcafe, + } + buf := &bytes.Buffer{} + err := f.Write(buf, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(frame).To(Equal(f)) + }) - It("unpacks MAX_DATA frames", func() { - f := &MaxDataFrame{ - ByteOffset: 0xcafe, - } - buf := &bytes.Buffer{} - err := f.Write(buf, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(Equal(f)) - }) + It("unpacks MAX_STREAM_DATA frames", func() { + f := &MaxStreamDataFrame{ + StreamID: 0xdeadbeef, + ByteOffset: 0xdecafbad, + } + buf := &bytes.Buffer{} + err := f.Write(buf, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(frame).To(Equal(f)) + }) - It("unpacks MAX_STREAM_DATA frames", func() { - f := &MaxStreamDataFrame{ - StreamID: 0xdeadbeef, - ByteOffset: 0xdecafbad, - } - buf := &bytes.Buffer{} - err := f.Write(buf, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(Equal(f)) - }) + It("unpacks MAX_STREAM_ID frames", func() { + f := &MaxStreamIDFrame{StreamID: 0x1337} + buf := &bytes.Buffer{} + err := f.Write(buf, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(frame).To(Equal(f)) + }) - It("unpacks MAX_STREAM_ID frames", func() { - f := &MaxStreamIDFrame{StreamID: 0x1337} - buf := &bytes.Buffer{} - err := f.Write(buf, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(Equal(f)) - }) + It("unpacks connection-level BLOCKED frames", func() { + f := &BlockedFrame{Offset: 0x1234} + buf := &bytes.Buffer{} + err := f.Write(buf, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(frame).To(Equal(f)) + }) - It("unpacks connection-level BLOCKED frames", func() { - f := &BlockedFrame{Offset: 0x1234} - buf := &bytes.Buffer{} - err := f.Write(buf, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(Equal(f)) - }) + It("unpacks stream-level BLOCKED frames", func() { + f := &StreamBlockedFrame{ + StreamID: 0xdeadbeef, + Offset: 0xdead, + } + buf := &bytes.Buffer{} + err := f.Write(buf, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(frame).To(Equal(f)) + }) - It("unpacks stream-level BLOCKED frames", func() { - f := &StreamBlockedFrame{ - StreamID: 0xdeadbeef, - Offset: 0xdead, - } - buf := &bytes.Buffer{} - err := f.Write(buf, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(Equal(f)) - }) + It("unpacks STREAM_ID_BLOCKED frames", func() { + f := &StreamIDBlockedFrame{StreamID: 0x1234567} + buf := &bytes.Buffer{} + err := f.Write(buf, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(frame).To(Equal(f)) + }) - It("unpacks STREAM_ID_BLOCKED frames", func() { - f := &StreamIDBlockedFrame{StreamID: 0x1234567} - buf := &bytes.Buffer{} - err := f.Write(buf, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(Equal(f)) - }) + It("unpacks STOP_SENDING frames", func() { + f := &StopSendingFrame{StreamID: 0x42} + buf := &bytes.Buffer{} + err := f.Write(buf, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(frame).To(Equal(f)) + }) - It("unpacks STOP_SENDING frames", func() { - f := &StopSendingFrame{StreamID: 0x42} - buf := &bytes.Buffer{} - err := f.Write(buf, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).To(Equal(f)) - }) + It("unpacks ACK frames", func() { + f := &AckFrame{AckRanges: []AckRange{{Smallest: 1, Largest: 0x13}}} + err := f.Write(buf, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(frame).ToNot(BeNil()) + Expect(frame).To(BeAssignableToTypeOf(f)) + Expect(frame.(*AckFrame).LargestAcked()).To(Equal(protocol.PacketNumber(0x13))) + }) - It("unpacks ACK frames", func() { - f := &AckFrame{AckRanges: []AckRange{{Smallest: 1, Largest: 0x13}}} - err := f.Write(buf, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).ToNot(BeNil()) - Expect(frame).To(BeAssignableToTypeOf(f)) - Expect(frame.(*AckFrame).LargestAcked()).To(Equal(protocol.PacketNumber(0x13))) - }) + It("unpacks PATH_CHALLENGE frames", func() { + f := &PathChallengeFrame{Data: [8]byte{1, 2, 3, 4, 5, 6, 7, 8}} + err := f.Write(buf, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(frame).ToNot(BeNil()) + Expect(frame).To(BeAssignableToTypeOf(f)) + Expect(frame.(*PathChallengeFrame).Data).To(Equal([8]byte{1, 2, 3, 4, 5, 6, 7, 8})) + }) - It("unpacks PATH_CHALLENGE frames", func() { - f := &PathChallengeFrame{Data: [8]byte{1, 2, 3, 4, 5, 6, 7, 8}} - err := f.Write(buf, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).ToNot(BeNil()) - Expect(frame).To(BeAssignableToTypeOf(f)) - Expect(frame.(*PathChallengeFrame).Data).To(Equal([8]byte{1, 2, 3, 4, 5, 6, 7, 8})) - }) + It("unpacks PATH_RESPONSE frames", func() { + f := &PathResponseFrame{Data: [8]byte{1, 2, 3, 4, 5, 6, 7, 8}} + err := f.Write(buf, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(frame).ToNot(BeNil()) + Expect(frame).To(BeAssignableToTypeOf(f)) + Expect(frame.(*PathResponseFrame).Data).To(Equal([8]byte{1, 2, 3, 4, 5, 6, 7, 8})) + }) - It("unpacks PATH_RESPONSE frames", func() { - f := &PathResponseFrame{Data: [8]byte{1, 2, 3, 4, 5, 6, 7, 8}} - err := f.Write(buf, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).ToNot(BeNil()) - Expect(frame).To(BeAssignableToTypeOf(f)) - Expect(frame.(*PathResponseFrame).Data).To(Equal([8]byte{1, 2, 3, 4, 5, 6, 7, 8})) - }) + It("unpacks CRYPTO frames", func() { + f := &CryptoFrame{ + Offset: 0x1337, + Data: []byte("lorem ipsum"), + } + err := f.Write(buf, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(frame).ToNot(BeNil()) + Expect(frame).To(Equal(f)) + }) - It("unpacks CRYPTO frames", func() { - f := &CryptoFrame{ - Offset: 0x1337, - Data: []byte("lorem ipsum"), - } - err := f.Write(buf, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - frame, err := ParseNextFrame(bytes.NewReader(buf.Bytes()), nil, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(frame).ToNot(BeNil()) - Expect(frame).To(Equal(f)) - }) + It("errors on invalid type", func() { + _, err := ParseNextFrame(bytes.NewReader([]byte{0x42}), nil, versionIETFFrames) + Expect(err).To(MatchError("InvalidFrameData: unknown type byte 0x42")) + }) - It("errors on invalid type", func() { - _, err := ParseNextFrame(bytes.NewReader([]byte{0x42}), nil, versionIETFFrames) - Expect(err).To(MatchError("InvalidFrameData: unknown type byte 0x42")) - }) - - It("errors on invalid frames", func() { - for b, e := range map[byte]qerr.ErrorCode{ - 0x01: qerr.InvalidRstStreamData, - 0x02: qerr.InvalidConnectionCloseData, - 0x04: qerr.InvalidWindowUpdateData, - 0x05: qerr.InvalidWindowUpdateData, - 0x06: qerr.InvalidFrameData, - 0x08: qerr.InvalidBlockedData, - 0x09: qerr.InvalidBlockedData, - 0x0a: qerr.InvalidFrameData, - 0x0c: qerr.InvalidFrameData, - 0x0e: qerr.InvalidFrameData, - 0x0f: qerr.InvalidFrameData, - 0x10: qerr.InvalidStreamData, - 0x1a: qerr.InvalidAckData, - 0x1b: qerr.InvalidAckData, - } { - _, err := ParseNextFrame(bytes.NewReader([]byte{b}), nil, versionIETFFrames) - Expect(err).To(HaveOccurred()) - Expect(err.(*qerr.QuicError).ErrorCode).To(Equal(e)) - } - }) + It("errors on invalid frames", func() { + for b, e := range map[byte]qerr.ErrorCode{ + 0x01: qerr.InvalidRstStreamData, + 0x02: qerr.InvalidConnectionCloseData, + 0x04: qerr.InvalidWindowUpdateData, + 0x05: qerr.InvalidWindowUpdateData, + 0x06: qerr.InvalidFrameData, + 0x08: qerr.InvalidBlockedData, + 0x09: qerr.InvalidBlockedData, + 0x0a: qerr.InvalidFrameData, + 0x0c: qerr.InvalidFrameData, + 0x0e: qerr.InvalidFrameData, + 0x0f: qerr.InvalidFrameData, + 0x10: qerr.InvalidStreamData, + 0x1a: qerr.InvalidAckData, + 0x1b: qerr.InvalidAckData, + } { + _, err := ParseNextFrame(bytes.NewReader([]byte{b}), nil, versionIETFFrames) + Expect(err).To(HaveOccurred()) + Expect(err.(*qerr.QuicError).ErrorCode).To(Equal(e)) + } }) }) diff --git a/internal/wire/goaway_frame.go b/internal/wire/goaway_frame.go deleted file mode 100644 index 86bf2b43..00000000 --- a/internal/wire/goaway_frame.go +++ /dev/null @@ -1,68 +0,0 @@ -package wire - -import ( - "bytes" - "io" - - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/utils" - "github.com/lucas-clemente/quic-go/qerr" -) - -// A GoawayFrame is a GOAWAY frame -type GoawayFrame struct { - ErrorCode qerr.ErrorCode - LastGoodStream protocol.StreamID - ReasonPhrase string -} - -// parseGoawayFrame parses a GOAWAY frame -func parseGoawayFrame(r *bytes.Reader, _ protocol.VersionNumber) (*GoawayFrame, error) { - frame := &GoawayFrame{} - - if _, err := r.ReadByte(); err != nil { - return nil, err - } - - errorCode, err := utils.BigEndian.ReadUint32(r) - if err != nil { - return nil, err - } - frame.ErrorCode = qerr.ErrorCode(errorCode) - - lastGoodStream, err := utils.BigEndian.ReadUint32(r) - if err != nil { - return nil, err - } - frame.LastGoodStream = protocol.StreamID(lastGoodStream) - - reasonPhraseLen, err := utils.BigEndian.ReadUint16(r) - if err != nil { - return nil, err - } - - if reasonPhraseLen > uint16(protocol.MaxReceivePacketSize) { - return nil, qerr.Error(qerr.InvalidGoawayData, "reason phrase too long") - } - - reasonPhrase := make([]byte, reasonPhraseLen) - if _, err := io.ReadFull(r, reasonPhrase); err != nil { - return nil, err - } - frame.ReasonPhrase = string(reasonPhrase) - return frame, nil -} - -func (f *GoawayFrame) Write(b *bytes.Buffer, _ protocol.VersionNumber) error { - b.WriteByte(0x03) - utils.BigEndian.WriteUint32(b, uint32(f.ErrorCode)) - utils.BigEndian.WriteUint32(b, uint32(f.LastGoodStream)) - utils.BigEndian.WriteUint16(b, uint16(len(f.ReasonPhrase))) - b.WriteString(f.ReasonPhrase) - return nil -} - -// Length of a written frame -func (f *GoawayFrame) Length(version protocol.VersionNumber) protocol.ByteCount { - return protocol.ByteCount(1 + 4 + 4 + 2 + len(f.ReasonPhrase)) -} diff --git a/internal/wire/goaway_frame_test.go b/internal/wire/goaway_frame_test.go deleted file mode 100644 index 61127649..00000000 --- a/internal/wire/goaway_frame_test.go +++ /dev/null @@ -1,87 +0,0 @@ -package wire - -import ( - "bytes" - - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/qerr" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("GoawayFrame", func() { - Context("when parsing", func() { - Context("in big endian", func() { - It("accepts sample frame", func() { - b := bytes.NewReader([]byte{0x3, - 0x0, 0x0, 0x13, 0x37, // error code - 0x0, 0x0, 0x12, 0x34, // last good stream id - 0x0, 0x3, // reason phrase length - 'f', 'o', 'o', - }) - frame, err := parseGoawayFrame(b, versionBigEndian) - Expect(frame).To(Equal(&GoawayFrame{ - ErrorCode: 0x1337, - LastGoodStream: 0x1234, - ReasonPhrase: "foo", - })) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Len()).To(BeZero()) - }) - - It("errors on EOFs", func() { - data := []byte{0x3, - 0x0, 0x0, 0x0, 0x1, // error code - 0x0, 0x0, 0x0, 0x2, // last good stream id - 0x0, 0x3, // reason phrase length - 'f', 'o', 'o', - } - _, err := parseGoawayFrame(bytes.NewReader(data), versionBigEndian) - Expect(err).NotTo(HaveOccurred()) - for i := range data { - _, err := parseGoawayFrame(bytes.NewReader(data[0:i]), versionBigEndian) - Expect(err).To(HaveOccurred()) - } - }) - }) - - It("rejects long reason phrases", func() { - b := bytes.NewReader([]byte{0x3, - 0x1, 0x0, 0x0, 0x0, // error code - 0x2, 0x0, 0x0, 0x0, // last good stream id - 0xff, 0xff, // reason phrase length - }) - _, err := parseGoawayFrame(b, protocol.VersionWhatever) - Expect(err).To(MatchError(qerr.Error(qerr.InvalidGoawayData, "reason phrase too long"))) - }) - }) - - Context("when writing", func() { - Context("in big endian", func() { - It("writes a sample frame", func() { - b := &bytes.Buffer{} - frame := GoawayFrame{ - ErrorCode: 0x1337, - LastGoodStream: 2, - ReasonPhrase: "foo", - } - err := frame.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()).To(Equal([]byte{0x3, - 0x0, 0x0, 0x13, 0x37, // reason code - 0x0, 0x0, 0x0, 0x2, // last good stream id - 0x0, 0x3, // reason phrase length - 'f', 'o', 'o', - })) - }) - }) - - It("has the correct min length", func() { - frame := GoawayFrame{ - ReasonPhrase: "foo", - } - Expect(frame.Length(0)).To(Equal(protocol.ByteCount(14))) - }) - }) -}) diff --git a/internal/wire/header.go b/internal/wire/header.go index 41a322b8..2e53e5ef 100644 --- a/internal/wire/header.go +++ b/internal/wire/header.go @@ -3,7 +3,6 @@ package wire import ( "bytes" "crypto/rand" - "errors" "fmt" "github.com/lucas-clemente/quic-go/internal/protocol" @@ -11,10 +10,7 @@ import ( ) // Header is the header of a QUIC packet. -// It contains fields that are only needed for the gQUIC Public Header and the IETF draft Header. type Header struct { - IsPublicHeader bool - Raw []byte Version protocol.VersionNumber @@ -29,12 +25,6 @@ type Header struct { IsVersionNegotiation bool SupportedVersions []protocol.VersionNumber // Version Number sent in a Version Negotiation Packet by the server - // only needed for the gQUIC Public Header - VersionFlag bool - ResetFlag bool - DiversificationNonce []byte - - // only needed for the IETF Header Type protocol.PacketType IsLongHeader bool KeyPhase int @@ -42,15 +32,8 @@ type Header struct { Token []byte } -var errInvalidPacketNumberLen = errors.New("invalid packet number length") - // Write writes the Header. func (h *Header) Write(b *bytes.Buffer, pers protocol.Perspective, ver protocol.VersionNumber) error { - if !ver.UsesIETFHeaderFormat() { - h.IsPublicHeader = true // save that this is a Public Header, so we can log it correctly later - return h.writePublicHeader(b, pers, ver) - } - // write an IETF QUIC header if h.IsLongHeader { return h.writeLongHeader(b, ver) } @@ -69,7 +52,7 @@ func (h *Header) writeLongHeader(b *bytes.Buffer, v protocol.VersionNumber) erro b.Write(h.DestConnectionID.Bytes()) b.Write(h.SrcConnectionID.Bytes()) - if h.Type == protocol.PacketTypeInitial && v.UsesTokenInHeader() { + if h.Type == protocol.PacketTypeInitial { utils.WriteVarInt(b, uint64(len(h.Token))) b.Write(h.Token) } @@ -89,135 +72,26 @@ func (h *Header) writeLongHeader(b *bytes.Buffer, v protocol.VersionNumber) erro return nil } - if v.UsesLengthInHeader() { - utils.WriteVarInt(b, uint64(h.PayloadLen)) - } - if v.UsesVarintPacketNumbers() { - return utils.WriteVarIntPacketNumber(b, h.PacketNumber, h.PacketNumberLen) - } - utils.BigEndian.WriteUint32(b, uint32(h.PacketNumber)) - if h.Type == protocol.PacketType0RTT && v == protocol.Version44 { - if len(h.DiversificationNonce) != 32 { - return errors.New("invalid diversification nonce length") - } - b.Write(h.DiversificationNonce) - } - return nil + utils.WriteVarInt(b, uint64(h.PayloadLen)) + return utils.WriteVarIntPacketNumber(b, h.PacketNumber, h.PacketNumberLen) } func (h *Header) writeShortHeader(b *bytes.Buffer, v protocol.VersionNumber) error { typeByte := byte(0x30) typeByte |= byte(h.KeyPhase << 6) - if !v.UsesVarintPacketNumbers() { - switch h.PacketNumberLen { - case protocol.PacketNumberLen1: - case protocol.PacketNumberLen2: - typeByte |= 0x1 - case protocol.PacketNumberLen4: - typeByte |= 0x2 - default: - return errInvalidPacketNumberLen - } - } b.WriteByte(typeByte) b.Write(h.DestConnectionID.Bytes()) - - if !v.UsesVarintPacketNumbers() { - switch h.PacketNumberLen { - case protocol.PacketNumberLen1: - b.WriteByte(uint8(h.PacketNumber)) - case protocol.PacketNumberLen2: - utils.BigEndian.WriteUint16(b, uint16(h.PacketNumber)) - case protocol.PacketNumberLen4: - utils.BigEndian.WriteUint32(b, uint32(h.PacketNumber)) - } - return nil - } return utils.WriteVarIntPacketNumber(b, h.PacketNumber, h.PacketNumberLen) } -// writePublicHeader writes a Public Header. -func (h *Header) writePublicHeader(b *bytes.Buffer, pers protocol.Perspective, _ protocol.VersionNumber) error { - if h.ResetFlag || (h.VersionFlag && pers == protocol.PerspectiveServer) { - return errors.New("PublicHeader: Can only write regular packets") - } - if h.SrcConnectionID.Len() != 0 { - return errors.New("PublicHeader: SrcConnectionID must not be set") - } - if len(h.DestConnectionID) != 0 && len(h.DestConnectionID) != 8 { - return fmt.Errorf("PublicHeader: wrong length for Connection ID: %d (expected 8)", len(h.DestConnectionID)) - } - - publicFlagByte := uint8(0x00) - if h.VersionFlag { - publicFlagByte |= 0x01 - } - if h.DestConnectionID.Len() > 0 { - publicFlagByte |= 0x08 - } - if len(h.DiversificationNonce) > 0 { - if len(h.DiversificationNonce) != 32 { - return errors.New("invalid diversification nonce length") - } - publicFlagByte |= 0x04 - } - switch h.PacketNumberLen { - case protocol.PacketNumberLen1: - publicFlagByte |= 0x00 - case protocol.PacketNumberLen2: - publicFlagByte |= 0x10 - case protocol.PacketNumberLen4: - publicFlagByte |= 0x20 - } - b.WriteByte(publicFlagByte) - - if h.DestConnectionID.Len() > 0 { - b.Write(h.DestConnectionID) - } - if h.VersionFlag && pers == protocol.PerspectiveClient { - utils.BigEndian.WriteUint32(b, uint32(h.Version)) - } - if len(h.DiversificationNonce) > 0 { - b.Write(h.DiversificationNonce) - } - - switch h.PacketNumberLen { - case protocol.PacketNumberLen1: - b.WriteByte(uint8(h.PacketNumber)) - case protocol.PacketNumberLen2: - utils.BigEndian.WriteUint16(b, uint16(h.PacketNumber)) - case protocol.PacketNumberLen4: - utils.BigEndian.WriteUint32(b, uint32(h.PacketNumber)) - case protocol.PacketNumberLen6: - return errInvalidPacketNumberLen - default: - return errors.New("PublicHeader: PacketNumberLen not set") - } - - return nil -} - // GetLength determines the length of the Header. func (h *Header) GetLength(v protocol.VersionNumber) (protocol.ByteCount, error) { - if !v.UsesIETFHeaderFormat() { - return h.getPublicHeaderLength() - } - return h.getHeaderLength(v) -} - -func (h *Header) getHeaderLength(v protocol.VersionNumber) (protocol.ByteCount, error) { if h.IsLongHeader { - length := 1 /* type byte */ + 4 /* version */ + 1 /* conn id len byte */ + protocol.ByteCount(h.DestConnectionID.Len()+h.SrcConnectionID.Len()) + protocol.ByteCount(h.PacketNumberLen) - if v.UsesLengthInHeader() { - length += utils.VarIntLen(uint64(h.PayloadLen)) - } - if h.Type == protocol.PacketTypeInitial && v.UsesTokenInHeader() { + length := 1 /* type byte */ + 4 /* version */ + 1 /* conn id len byte */ + protocol.ByteCount(h.DestConnectionID.Len()+h.SrcConnectionID.Len()) + protocol.ByteCount(h.PacketNumberLen) + utils.VarIntLen(uint64(h.PayloadLen)) + if h.Type == protocol.PacketTypeInitial { length += utils.VarIntLen(uint64(len(h.Token))) + protocol.ByteCount(len(h.Token)) } - if h.Type == protocol.PacketType0RTT && v == protocol.Version44 { - length += protocol.ByteCount(len(h.DiversificationNonce)) - } return length, nil } @@ -229,36 +103,8 @@ func (h *Header) getHeaderLength(v protocol.VersionNumber) (protocol.ByteCount, return length, nil } -// getPublicHeaderLength gets the length of the publicHeader in bytes. -// It can only be called for regular packets. -func (h *Header) getPublicHeaderLength() (protocol.ByteCount, error) { - length := protocol.ByteCount(1) // 1 byte for public flags - if h.PacketNumberLen == protocol.PacketNumberLen6 { - return 0, errInvalidPacketNumberLen - } - if h.PacketNumberLen != protocol.PacketNumberLen1 && h.PacketNumberLen != protocol.PacketNumberLen2 && h.PacketNumberLen != protocol.PacketNumberLen4 { - return 0, errPacketNumberLenNotSet - } - length += protocol.ByteCount(h.PacketNumberLen) - length += protocol.ByteCount(h.DestConnectionID.Len()) - // Version Number in packets sent by the client - if h.VersionFlag { - length += 4 - } - length += protocol.ByteCount(len(h.DiversificationNonce)) - return length, nil -} - // Log logs the Header func (h *Header) Log(logger utils.Logger) { - if h.IsPublicHeader { - h.logPublicHeader(logger) - } else { - h.logHeader(logger) - } -} - -func (h *Header) logHeader(logger utils.Logger) { if h.IsLongHeader { if h.Version == 0 { logger.Debugf("\tVersionNegotiationPacket{DestConnectionID: %s, SrcConnectionID: %s, SupportedVersions: %s}", h.DestConnectionID, h.SrcConnectionID, h.SupportedVersions) @@ -275,14 +121,6 @@ func (h *Header) logHeader(logger utils.Logger) { logger.Debugf("\tLong Header{Type: %s, DestConnectionID: %s, SrcConnectionID: %s, %sOrigDestConnectionID: %s, Version: %s}", h.Type, h.DestConnectionID, h.SrcConnectionID, token, h.OrigDestConnectionID, h.Version) return } - if h.Version == protocol.Version44 { - var divNonce string - if h.Type == protocol.PacketType0RTT { - divNonce = fmt.Sprintf("Diversification Nonce: %#x, ", h.DiversificationNonce) - } - logger.Debugf("\tLong Header{Type: %s, DestConnectionID: %s, SrcConnectionID: %s, PacketNumber: %#x, PacketNumberLen: %d, %sVersion: %s}", h.Type, h.DestConnectionID, h.SrcConnectionID, h.PacketNumber, h.PacketNumberLen, divNonce, h.Version) - return - } logger.Debugf("\tLong Header{Type: %s, DestConnectionID: %s, SrcConnectionID: %s, %sPacketNumber: %#x, PacketNumberLen: %d, PayloadLen: %d, Version: %s}", h.Type, h.DestConnectionID, h.SrcConnectionID, token, h.PacketNumber, h.PacketNumberLen, h.PayloadLen, h.Version) } } else { @@ -290,14 +128,6 @@ func (h *Header) logHeader(logger utils.Logger) { } } -func (h *Header) logPublicHeader(logger utils.Logger) { - ver := "(unset)" - if h.Version != 0 { - ver = h.Version.String() - } - logger.Debugf("\tPublic Header{ConnectionID: %s, PacketNumber: %#x, PacketNumberLen: %d, Version: %s, DiversificationNonce: %#v}", h.DestConnectionID, h.PacketNumber, h.PacketNumberLen, ver, h.DiversificationNonce) -} - func encodeConnIDLen(dest, src protocol.ConnectionID) (byte, error) { dcil, err := encodeSingleConnIDLen(dest) if err != nil { diff --git a/internal/wire/header_parser.go b/internal/wire/header_parser.go index 08f5b406..1e916e2e 100644 --- a/internal/wire/header_parser.go +++ b/internal/wire/header_parser.go @@ -32,22 +32,10 @@ func ParseInvariantHeader(b *bytes.Reader, shortHeaderConnIDLen int) (*Invariant // If this is not a Long Header, it could either be a Public Header or a Short Header. if !h.IsLongHeader { - // In the Public Header 0x8 is the Connection ID Flag. - // In the IETF Short Header: - // * 0x8 it is the gQUIC Demultiplexing bit, and always 0. - // * 0x20 and 0x10 are always 1. - var connIDLen int - if typeByte&0x8 > 0 { // Public Header containing a connection ID - connIDLen = 8 - } - if typeByte&0x38 == 0x30 { // Short Header - connIDLen = shortHeaderConnIDLen - } - if connIDLen > 0 { - h.DestConnectionID, err = protocol.ReadConnectionID(b, connIDLen) - if err != nil { - return nil, err - } + var err error + h.DestConnectionID, err = protocol.ReadConnectionID(b, shortHeaderConnIDLen) + if err != nil { + return nil, err } return h, nil } @@ -81,15 +69,6 @@ func (iv *InvariantHeader) Parse(b *bytes.Reader, sentBy protocol.Perspective, v } return iv.parseLongHeader(b, sentBy, ver) } - // The Public Header never uses 6 byte packet numbers. - // Therefore, the third and fourth bit will never be 11. - // For the Short Header, the third and fourth bit are always 11. - if iv.typeByte&0x30 != 0x30 { - if sentBy == protocol.PerspectiveServer && iv.typeByte&0x1 > 0 { - return iv.parseVersionNegotiationPacket(b) - } - return iv.parsePublicHeader(b, sentBy, ver) - } return iv.parseShortHeader(b, ver) } @@ -104,7 +83,6 @@ func (iv *InvariantHeader) toHeader() *Header { func (iv *InvariantHeader) parseVersionNegotiationPacket(b *bytes.Reader) (*Header, error) { h := iv.toHeader() - h.VersionFlag = true if b.Len() == 0 { return nil, qerr.Error(qerr.InvalidVersionNegotiationPacket, "empty version list") } @@ -145,7 +123,7 @@ func (iv *InvariantHeader) parseLongHeader(b *bytes.Reader, sentBy protocol.Pers return h, nil } - if h.Type == protocol.PacketTypeInitial && v.UsesTokenInHeader() { + if h.Type == protocol.PacketTypeInitial { tokenLen, err := utils.ReadVarInt(b) if err != nil { return nil, err @@ -159,37 +137,17 @@ func (iv *InvariantHeader) parseLongHeader(b *bytes.Reader, sentBy protocol.Pers } } - if v.UsesLengthInHeader() { - pl, err := utils.ReadVarInt(b) - if err != nil { - return nil, err - } - h.PayloadLen = protocol.ByteCount(pl) + pl, err := utils.ReadVarInt(b) + if err != nil { + return nil, err } - if v.UsesVarintPacketNumbers() { - pn, pnLen, err := utils.ReadVarIntPacketNumber(b) - if err != nil { - return nil, err - } - h.PacketNumber = pn - h.PacketNumberLen = pnLen - } else { - pn, err := utils.BigEndian.ReadUint32(b) - if err != nil { - return nil, err - } - h.PacketNumber = protocol.PacketNumber(pn) - h.PacketNumberLen = protocol.PacketNumberLen4 - } - if h.Type == protocol.PacketType0RTT && v == protocol.Version44 && sentBy == protocol.PerspectiveServer { - h.DiversificationNonce = make([]byte, 32) - if _, err := io.ReadFull(b, h.DiversificationNonce); err != nil { - if err == io.ErrUnexpectedEOF { - return nil, io.EOF - } - return nil, err - } + h.PayloadLen = protocol.ByteCount(pl) + pn, pnLen, err := utils.ReadVarIntPacketNumber(b) + if err != nil { + return nil, err } + h.PacketNumber = pn + h.PacketNumberLen = pnLen return h, nil } @@ -198,76 +156,12 @@ func (iv *InvariantHeader) parseShortHeader(b *bytes.Reader, v protocol.VersionN h := iv.toHeader() h.KeyPhase = int(iv.typeByte&0x40) >> 6 - if v.UsesVarintPacketNumbers() { - pn, pnLen, err := utils.ReadVarIntPacketNumber(b) - if err != nil { - return nil, err - } - h.PacketNumber = pn - h.PacketNumberLen = pnLen - } else { - switch iv.typeByte & 0x3 { - case 0x0: - h.PacketNumberLen = protocol.PacketNumberLen1 - case 0x1: - h.PacketNumberLen = protocol.PacketNumberLen2 - case 0x2: - h.PacketNumberLen = protocol.PacketNumberLen4 - default: - return nil, errInvalidPacketNumberLen - } - p, err := utils.BigEndian.ReadUintN(b, uint8(h.PacketNumberLen)) - if err != nil { - return nil, err - } - h.PacketNumber = protocol.PacketNumber(p) - } - return h, nil -} - -func (iv *InvariantHeader) parsePublicHeader(b *bytes.Reader, sentBy protocol.Perspective, ver protocol.VersionNumber) (*Header, error) { - h := iv.toHeader() - h.IsPublicHeader = true - h.ResetFlag = iv.typeByte&0x2 > 0 - if h.ResetFlag { - return h, nil - } - - h.VersionFlag = iv.typeByte&0x1 > 0 - if h.VersionFlag && sentBy == protocol.PerspectiveClient { - v, err := utils.BigEndian.ReadUint32(b) - if err != nil { - return nil, err - } - h.Version = protocol.VersionNumber(v) - } - - // Contrary to what the gQUIC wire spec says, the 0x4 bit only indicates the presence of the diversification nonce for packets sent by the server. - // It doesn't have any meaning when sent by the client. - if sentBy == protocol.PerspectiveServer && iv.typeByte&0x4 > 0 { - h.DiversificationNonce = make([]byte, 32) - if _, err := io.ReadFull(b, h.DiversificationNonce); err != nil { - if err == io.ErrUnexpectedEOF { - return nil, io.EOF - } - return nil, err - } - } - - switch iv.typeByte & 0x30 { - case 0x00: - h.PacketNumberLen = protocol.PacketNumberLen1 - case 0x10: - h.PacketNumberLen = protocol.PacketNumberLen2 - case 0x20: - h.PacketNumberLen = protocol.PacketNumberLen4 - } - - pn, err := utils.BigEndian.ReadUintN(b, uint8(h.PacketNumberLen)) + pn, pnLen, err := utils.ReadVarIntPacketNumber(b) if err != nil { return nil, err } - h.PacketNumber = protocol.PacketNumber(pn) + h.PacketNumber = pn + h.PacketNumberLen = pnLen return h, nil } diff --git a/internal/wire/header_parser_test.go b/internal/wire/header_parser_test.go index cf126674..ebe7550c 100644 --- a/internal/wire/header_parser_test.go +++ b/internal/wire/header_parser_test.go @@ -2,7 +2,6 @@ package wire import ( "bytes" - "encoding/binary" "io" "github.com/lucas-clemente/quic-go/internal/protocol" @@ -13,704 +12,371 @@ import ( ) var _ = Describe("Header Parsing", func() { - Context("IETF QUIC Header", func() { - appendPacketNumber := func(data []byte, pn protocol.PacketNumber, pnLen protocol.PacketNumberLen) []byte { - buf := &bytes.Buffer{} - utils.WriteVarIntPacketNumber(buf, pn, pnLen) - return append(data, buf.Bytes()...) - } + appendPacketNumber := func(data []byte, pn protocol.PacketNumber, pnLen protocol.PacketNumberLen) []byte { + buf := &bytes.Buffer{} + utils.WriteVarIntPacketNumber(buf, pn, pnLen) + return append(data, buf.Bytes()...) + } - Context("Version Negotiation Packets", func() { - It("parses", func() { - srcConnID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12} - destConnID := protocol.ConnectionID{9, 8, 7, 6, 5, 4, 3, 2, 1} - versions := []protocol.VersionNumber{0x22334455, 0x33445566} - data, err := ComposeVersionNegotiation(destConnID, srcConnID, versions) - Expect(err).ToNot(HaveOccurred()) - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.DestConnectionID).To(Equal(destConnID)) - Expect(iHdr.SrcConnectionID).To(Equal(srcConnID)) - Expect(iHdr.IsLongHeader).To(BeTrue()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.IsVersionNegotiation).To(BeTrue()) - Expect(hdr.Version).To(BeZero()) - Expect(hdr.DestConnectionID).To(Equal(destConnID)) - Expect(hdr.SrcConnectionID).To(Equal(srcConnID)) - for _, v := range versions { - Expect(hdr.SupportedVersions).To(ContainElement(v)) - } - }) - - It("errors if it contains versions of the wrong length", func() { - connID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8} - versions := []protocol.VersionNumber{0x22334455, 0x33445566} - data, err := ComposeVersionNegotiation(connID, connID, versions) - Expect(err).ToNot(HaveOccurred()) - b := bytes.NewReader(data[:len(data)-2]) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - _, err = iHdr.Parse(b, protocol.PerspectiveServer, versionIETFFrames) - Expect(err).To(MatchError(qerr.InvalidVersionNegotiationPacket)) - }) - - It("errors if the version list is empty", func() { - connID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8} - versions := []protocol.VersionNumber{0x22334455} - data, err := ComposeVersionNegotiation(connID, connID, versions) - Expect(err).ToNot(HaveOccurred()) - // remove 8 bytes (two versions), since ComposeVersionNegotiation also added a reserved version number - b := bytes.NewReader(data[:len(data)-8]) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - _, err = iHdr.Parse(b, protocol.PerspectiveServer, versionIETFFrames) - Expect(err).To(MatchError("InvalidVersionNegotiationPacket: empty version list")) - }) - }) - - Context("Long Headers", func() { - It("parses a Long Header", func() { - destConnID := protocol.ConnectionID{9, 8, 7, 6, 5, 4, 3, 2, 1} - srcConnID := protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef} - data := []byte{ - 0x80 ^ uint8(protocol.PacketTypeInitial), - 0x1, 0x2, 0x3, 0x4, // version number - 0x61, // connection ID lengths - } - data = append(data, destConnID...) - data = append(data, srcConnID...) - data = append(data, encodeVarInt(6)...) // token length - data = append(data, []byte("foobar")...) // token - data = append(data, encodeVarInt(0x1337)...) // payload length - // packet number - data = appendPacketNumber(data, 0xbeef, protocol.PacketNumberLen4) - - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.IsLongHeader).To(BeTrue()) - Expect(iHdr.DestConnectionID).To(Equal(destConnID)) - Expect(iHdr.SrcConnectionID).To(Equal(srcConnID)) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.Type).To(Equal(protocol.PacketTypeInitial)) - Expect(hdr.IsLongHeader).To(BeTrue()) - Expect(hdr.DestConnectionID).To(Equal(destConnID)) - Expect(hdr.SrcConnectionID).To(Equal(srcConnID)) - Expect(hdr.Token).To(Equal([]byte("foobar"))) - Expect(hdr.PayloadLen).To(Equal(protocol.ByteCount(0x1337))) - Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0xbeef))) - Expect(hdr.PacketNumberLen).To(Equal(protocol.PacketNumberLen4)) - Expect(hdr.Version).To(Equal(protocol.VersionNumber(0x1020304))) - Expect(hdr.IsVersionNegotiation).To(BeFalse()) - Expect(b.Len()).To(BeZero()) - }) - - It("parses a Long Header without a destination connection ID", func() { - data := []byte{ - 0x80 ^ uint8(protocol.PacketTypeInitial), - 0x1, 0x2, 0x3, 0x4, // version number - 0x01, // connection ID lengths - 0xde, 0xad, 0xbe, 0xef, // source connection ID - } - data = append(data, encodeVarInt(0x42)...) // payload length - data = append(data, []byte{0xde, 0xca, 0xfb, 0xad}...) - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.SrcConnectionID).To(Equal(protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef})) - Expect(iHdr.DestConnectionID).To(BeEmpty()) - }) - - It("parses a Long Header without a source connection ID", func() { - data := []byte{ - 0x80 ^ uint8(protocol.PacketTypeInitial), - 0x1, 0x2, 0x3, 0x4, // version number - 0x70, // connection ID lengths - 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, // source connection ID - } - data = append(data, encodeVarInt(0x42)...) // payload length - data = append(data, []byte{0xde, 0xca, 0xfb, 0xad}...) - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.SrcConnectionID).To(BeEmpty()) - Expect(iHdr.DestConnectionID).To(Equal(protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10})) - }) - - It("parses a Long Header with a 2 byte packet number", func() { - data := []byte{ - 0x80 ^ uint8(protocol.PacketTypeInitial), - 0x1, 0x2, 0x3, 0x4, // version number - 0x0, // connection ID lengths - } - data = append(data, encodeVarInt(0)...) // token length - data = append(data, encodeVarInt(0x42)...) // payload length - data = appendPacketNumber(data, 0x123, protocol.PacketNumberLen2) - - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0x123))) - Expect(hdr.PacketNumberLen).To(Equal(protocol.PacketNumberLen2)) - }) - - It("parses a Retry packet", func() { - data := []byte{ - 0x80 ^ uint8(protocol.PacketTypeRetry), - 0x1, 0x2, 0x3, 0x4, // version number - 0x0, // connection ID lengths - 0x97, // Orig Destination Connection ID length - 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, // source connection ID - 'f', 'o', 'o', 'b', 'a', 'r', // token - } - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.Type).To(Equal(protocol.PacketTypeRetry)) - Expect(hdr.OrigDestConnectionID).To(Equal(protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10})) - Expect(hdr.Token).To(Equal([]byte("foobar"))) - }) - - It("rejects packets sent with an unknown packet type", func() { - srcConnID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8} - buf := &bytes.Buffer{} - err := (&Header{ - IsLongHeader: true, - Type: 42, - SrcConnectionID: srcConnID, - Version: 0x10203040, - PacketNumber: 1, - PacketNumberLen: protocol.PacketNumberLen1, - }).Write(buf, protocol.PerspectiveClient, protocol.VersionTLS) - Expect(err).ToNot(HaveOccurred()) - b := bytes.NewReader(buf.Bytes()) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - _, err = iHdr.Parse(b, protocol.PerspectiveClient, versionIETFHeader) - Expect(err).To(MatchError("InvalidPacketHeader: Received packet with invalid packet type: 42")) - }) - - It("errors if the token length is too large", func() { - data := []byte{ - 0x80 ^ uint8(protocol.PacketTypeInitial), - 0x1, 0x2, 0x3, 0x4, // version number - 0x0, // connection ID lengths - } - data = append(data, encodeVarInt(4)...) // token length: 4 bytes (1 byte too long) - data = append(data, encodeVarInt(0x42)...) // payload length, 1 byte - data = appendPacketNumber(data, 0x123, protocol.PacketNumberLen2) // 2 bytes - - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - _, err = iHdr.Parse(b, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).To(MatchError(io.EOF)) - }) - - It("errors on EOF, when parsing the invariant header", func() { - data := []byte{ - 0x80 ^ uint8(protocol.PacketTypeInitial), - 0x1, 0x2, 0x3, 0x4, // version number - 0x55, // connection ID lengths - 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37, // destination connection ID - 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37, // source connection ID - } - for i := 0; i < len(data); i++ { - _, err := ParseInvariantHeader(bytes.NewReader(data[:i]), 0) - Expect(err).To(Equal(io.EOF)) - } - }) - - It("errors on EOF, when parsing the header", func() { - data := []byte{ - 0x80 ^ uint8(protocol.PacketTypeInitial), - 0x1, 0x2, 0x3, 0x4, // version number - 0x0, // connection ID lengths - } - iHdrLen := len(data) - data = append(data, encodeVarInt(0x1337)...) - data = appendPacketNumber(data, 0xdeadbeef, protocol.PacketNumberLen4) - for i := iHdrLen; i < len(data); i++ { - b := bytes.NewReader(data[:i]) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - _, err = iHdr.Parse(b, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).To(Equal(io.EOF)) - } - }) - - It("errors on EOF, for a Retry packet", func() { - data := []byte{ - 0x80 ^ uint8(protocol.PacketTypeRetry), - 0x1, 0x2, 0x3, 0x4, // version number - 0x0, // connection ID lengths - } - iHdrLen := len(data) - data = append(data, []byte{ - 0x97, // Orig Destination Connection ID length - 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, // source connection ID - }...) - for i := iHdrLen; i < len(data); i++ { - b := bytes.NewReader(data[:i]) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - _, err = iHdr.Parse(b, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).To(Equal(io.EOF)) - } - }) - }) - - Context("Short Headers", func() { - It("reads a Short Header with a 8 byte connection ID", func() { - connID := protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37} - data := append([]byte{0x30}, connID...) - data = appendPacketNumber(data, 0x42, protocol.PacketNumberLen1) - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 8) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.IsLongHeader).To(BeFalse()) - Expect(iHdr.DestConnectionID).To(Equal(connID)) - hdr, err := iHdr.Parse(b, protocol.PerspectiveClient, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.KeyPhase).To(Equal(0)) - Expect(hdr.DestConnectionID).To(Equal(connID)) - Expect(hdr.SrcConnectionID).To(BeEmpty()) - Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0x42))) - Expect(hdr.IsVersionNegotiation).To(BeFalse()) - Expect(b.Len()).To(BeZero()) - }) - - It("reads a Short Header with a 5 byte connection ID", func() { - connID := protocol.ConnectionID{1, 2, 3, 4, 5} - data := append([]byte{0x30}, connID...) - data = appendPacketNumber(data, 0x42, protocol.PacketNumberLen1) - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 5) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.IsLongHeader).To(BeFalse()) - Expect(iHdr.DestConnectionID).To(Equal(connID)) - hdr, err := iHdr.Parse(b, protocol.PerspectiveClient, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.KeyPhase).To(Equal(0)) - Expect(hdr.DestConnectionID).To(Equal(connID)) - Expect(hdr.SrcConnectionID).To(BeEmpty()) - Expect(b.Len()).To(BeZero()) - }) - - It("reads the Key Phase Bit", func() { - data := []byte{ - 0x30 ^ 0x40, - 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, // connection ID - } - data = appendPacketNumber(data, 11, protocol.PacketNumberLen1) - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 6) - Expect(err).ToNot(HaveOccurred()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.IsLongHeader).To(BeFalse()) - Expect(hdr.KeyPhase).To(Equal(1)) - Expect(b.Len()).To(BeZero()) - }) - - It("reads a header with a 2 byte packet number", func() { - data := []byte{ - 0x30 ^ 0x40 ^ 0x1, - 0xde, 0xad, 0xbe, 0xef, // connection ID - } - data = appendPacketNumber(data, 0x1337, protocol.PacketNumberLen2) - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 4) - Expect(err).ToNot(HaveOccurred()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveClient, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.IsLongHeader).To(BeFalse()) - Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0x1337))) - Expect(hdr.PacketNumberLen).To(Equal(protocol.PacketNumberLen2)) - Expect(b.Len()).To(BeZero()) - }) - - It("reads a header with a 4 byte packet number", func() { - data := []byte{ - 0x30 ^ 0x40 ^ 0x2, - 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x1, 0x2, 0x3, 0x4, // connection ID - } - data = appendPacketNumber(data, 0x99beef, protocol.PacketNumberLen4) - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 10) - Expect(err).ToNot(HaveOccurred()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.IsLongHeader).To(BeFalse()) - Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0x99beef))) - Expect(hdr.PacketNumberLen).To(Equal(protocol.PacketNumberLen4)) - Expect(b.Len()).To(BeZero()) - }) - - It("errors on EOF, when parsing the invariant header", func() { - data := []byte{ - 0x30 ^ 0x2, - 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37, // connection ID - } - for i := 0; i < len(data); i++ { - _, err := ParseInvariantHeader(bytes.NewReader(data[:i]), 8) - Expect(err).To(Equal(io.EOF)) - } - }) - - It("errors on EOF, when parsing the invariant header", func() { - data := []byte{ - 0x30 ^ 0x2, - 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, // connection ID - } - iHdrLen := len(data) - data = appendPacketNumber(data, 0xdeadbeef, protocol.PacketNumberLen4) - for i := iHdrLen; i < len(data); i++ { - b := bytes.NewReader(data[:i]) - iHdr, err := ParseInvariantHeader(b, 6) - Expect(err).ToNot(HaveOccurred()) - _, err = iHdr.Parse(b, protocol.PerspectiveClient, versionIETFHeader) - Expect(err).To(Equal(io.EOF)) - } - }) - }) - }) - - Context("gQUIC 44", func() { - Context("Long Headers", func() { - It("parses a Long Header", func() { - destConnID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8} - srcConnID := protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1} - data := []byte{ - 0x80 ^ uint8(protocol.PacketTypeInitial), - 0x1, 0x2, 0x3, 0x4, // version - 0x55, // connection ID lengths - } - data = append(data, destConnID...) - data = append(data, srcConnID...) - data = append(data, []byte{0xde, 0xad, 0xbe, 0xef}...) - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.IsLongHeader).To(BeTrue()) - Expect(iHdr.Version).To(Equal(protocol.VersionNumber(0x1020304))) - Expect(iHdr.DestConnectionID).To(Equal(destConnID)) - Expect(iHdr.SrcConnectionID).To(Equal(srcConnID)) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, protocol.Version44) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.IsPublicHeader).To(BeFalse()) - Expect(hdr.Type).To(Equal(protocol.PacketTypeInitial)) - Expect(hdr.PacketNumberLen).To(Equal(protocol.PacketNumberLen4)) - Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0xdeadbeef))) - }) - - It("parses a Long Header containing a Diversification Nonce", func() { - srcConnID := protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1} - divNonce := bytes.Repeat([]byte{'f'}, 32) - data := []byte{ - 0x80 ^ uint8(protocol.PacketType0RTT), - 0x1, 0x2, 0x3, 0x4, // version - 0x5, // connection ID lengths - } - data = append(data, srcConnID...) - data = append(data, []byte{0xde, 0xad, 0xbe, 0xef}...) - data = append(data, divNonce...) - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.IsLongHeader).To(BeTrue()) - Expect(iHdr.Version).To(Equal(protocol.VersionNumber(0x1020304))) - Expect(iHdr.SrcConnectionID).To(Equal(srcConnID)) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, protocol.Version44) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.IsPublicHeader).To(BeFalse()) - Expect(hdr.Type).To(Equal(protocol.PacketType0RTT)) - Expect(hdr.PacketNumberLen).To(Equal(protocol.PacketNumberLen4)) - Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0xdeadbeef))) - Expect(hdr.DiversificationNonce).To(Equal(divNonce)) - }) - - It("errors on EOF, for Long Headers containing a Diversification Nonce", func() { - data := []byte{ - 0x80 ^ uint8(protocol.PacketType0RTT), - 0x1, 0x2, 0x3, 0x4, // version - 0x5, - 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37, // connection ID - } - iHdrLen := len(data) - data = append(data, []byte{0xde, 0xca, 0xfb, 0xad}...) // packet number - data = append(data, bytes.Repeat([]byte{'d'}, 32)...) - for i := iHdrLen; i < len(data); i++ { - b := bytes.NewReader(data[:i]) - iHdr, err := ParseInvariantHeader(b, 8) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.IsLongHeader).To(BeTrue()) - _, err = iHdr.Parse(b, protocol.PerspectiveServer, protocol.Version44) - Expect(err).To(Equal(io.EOF)) - } - }) - }) - - Context("Short Headers", func() { - It("parses a Short Header with a 1 byte packet number", func() { - destConnID := protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1} - data := []byte{0x30} - data = append(data, destConnID...) - data = append(data, 0x42) // packet number - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 8) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.IsLongHeader).To(BeFalse()) - Expect(iHdr.DestConnectionID).To(Equal(destConnID)) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, protocol.Version44) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.IsPublicHeader).To(BeFalse()) - Expect(hdr.PacketNumberLen).To(Equal(protocol.PacketNumberLen1)) - Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0x42))) - }) - - It("parses a Short Header with a 2 byte packet number", func() { - data := []byte{0x30 ^ 0x1, 0xca, 0xfe} - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.IsLongHeader).To(BeFalse()) - Expect(iHdr.DestConnectionID.Len()).To(BeZero()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, protocol.Version44) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.IsPublicHeader).To(BeFalse()) - Expect(hdr.PacketNumberLen).To(Equal(protocol.PacketNumberLen2)) - Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0xcafe))) - }) - - It("parses a Short Header with a 4 byte packet number", func() { - data := []byte{0x30 ^ 0x2, 0xde, 0xad, 0xbe, 0xef} - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.IsLongHeader).To(BeFalse()) - Expect(iHdr.DestConnectionID.Len()).To(BeZero()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, protocol.Version44) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.IsPublicHeader).To(BeFalse()) - Expect(hdr.PacketNumberLen).To(Equal(protocol.PacketNumberLen4)) - Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0xdeadbeef))) - }) - - It("errors on an invalid packet number length flag", func() { - data := []byte{0x30 ^ 0x3, 0xde, 0xad, 0xbe, 0xef} - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.IsLongHeader).To(BeFalse()) - Expect(iHdr.DestConnectionID.Len()).To(BeZero()) - _, err = iHdr.Parse(b, protocol.PerspectiveServer, protocol.Version44) - Expect(err).To(MatchError(errInvalidPacketNumberLen)) - }) - - It("errors on EOF", func() { - data := []byte{0x30 ^ 0x2, 0xde, 0xad, 0xbe, 0xef} - iHdrLen := 1 - for i := iHdrLen; i < len(data); i++ { - b := bytes.NewReader(data[:i]) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.IsLongHeader).To(BeFalse()) - _, err = iHdr.Parse(b, protocol.PerspectiveServer, protocol.Version44) - Expect(err).To(Equal(io.EOF)) - } - }) - }) - }) - - Context("Public Header", func() { - It("accepts a sample client header", func() { - data := []byte{ - 0x9, - 0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6, - } - data = append(data, []byte{0xde, 0xad, 0xbe, 0xef}...) - data = append(data, 0x1) // packet number + Context("Version Negotiation Packets", func() { + It("parses", func() { + srcConnID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12} + destConnID := protocol.ConnectionID{9, 8, 7, 6, 5, 4, 3, 2, 1} + versions := []protocol.VersionNumber{0x22334455, 0x33445566} + data, err := ComposeVersionNegotiation(destConnID, srcConnID, versions) + Expect(err).ToNot(HaveOccurred()) b := bytes.NewReader(data) iHdr, err := ParseInvariantHeader(b, 0) Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.IsLongHeader).To(BeFalse()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveClient, versionPublicHeader) + Expect(iHdr.DestConnectionID).To(Equal(destConnID)) + Expect(iHdr.SrcConnectionID).To(Equal(srcConnID)) + Expect(iHdr.IsLongHeader).To(BeTrue()) + hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionIETFFrames) Expect(err).ToNot(HaveOccurred()) - Expect(hdr.VersionFlag).To(BeTrue()) - Expect(hdr.IsVersionNegotiation).To(BeFalse()) - Expect(hdr.ResetFlag).To(BeFalse()) - connID := protocol.ConnectionID{0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6} - Expect(hdr.DestConnectionID).To(Equal(connID)) - Expect(hdr.SrcConnectionID).To(BeEmpty()) - Expect(hdr.Version).To(Equal(protocol.VersionNumber(0xdeadbeef))) - Expect(hdr.SupportedVersions).To(BeEmpty()) - Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(1))) - Expect(b.Len()).To(BeZero()) - }) - - It("accepts an omitted connection ID", func() { - b := bytes.NewReader([]byte{0x0, 0x1}) - iHdr, err := ParseInvariantHeader(b, 8) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.IsLongHeader).To(BeFalse()) - Expect(iHdr.DestConnectionID).To(BeEmpty()) - Expect(iHdr.SrcConnectionID).To(BeEmpty()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveClient, versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(1))) - Expect(b.Len()).To(BeZero()) - }) - - It("parses a PUBLIC_RESET packet", func() { - b := bytes.NewReader([]byte{0xa, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8}) - iHdr, err := ParseInvariantHeader(b, 4) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.IsLongHeader).To(BeFalse()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.ResetFlag).To(BeTrue()) - Expect(hdr.VersionFlag).To(BeFalse()) - Expect(hdr.IsVersionNegotiation).To(BeFalse()) - connID := protocol.ConnectionID{0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8} - Expect(hdr.SrcConnectionID).To(BeEmpty()) - Expect(hdr.DestConnectionID).To(Equal(connID)) - }) - - It("reads a diversification nonce sent by the server", func() { - divNonce := []byte{0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f} - Expect(divNonce).To(HaveLen(32)) - b := bytes.NewReader(append(append([]byte{0x0c, 0xf6, 0x19, 0x86, 0x66, 0x9b, 0x9f, 0xfa, 0x4c}, divNonce...), 0x37)) - iHdr, err := ParseInvariantHeader(b, 7) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.IsLongHeader).To(BeFalse()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.DestConnectionID).ToNot(BeEmpty()) - Expect(hdr.SrcConnectionID).To(BeEmpty()) - Expect(hdr.DiversificationNonce).To(Equal(divNonce)) - Expect(b.Len()).To(BeZero()) - }) - - It("errors on EOF", func() { - data := []byte{ - 0x10 ^ 0x8 ^ 0x4, - 0xf6, 0x19, 0x86, 0x66, 0x9b, 0x9f, 0xfa, 0x4c, + Expect(hdr.IsVersionNegotiation).To(BeTrue()) + Expect(hdr.Version).To(BeZero()) + Expect(hdr.DestConnectionID).To(Equal(destConnID)) + Expect(hdr.SrcConnectionID).To(Equal(srcConnID)) + for _, v := range versions { + Expect(hdr.SupportedVersions).To(ContainElement(v)) } - iHdrLen := len(data) - data = append(data, bytes.Repeat([]byte{0}, 32)...) // add a diversification nonce - data = append(data, []byte{0x13, 37}...) // packet number - for i := iHdrLen; i < len(data); i++ { - b := bytes.NewReader(data[:i]) - iHdr, err := ParseInvariantHeader(b, 5) - Expect(err).ToNot(HaveOccurred()) - _, err = iHdr.Parse(b, protocol.PerspectiveServer, versionPublicHeader) + }) + + It("errors if it contains versions of the wrong length", func() { + connID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8} + versions := []protocol.VersionNumber{0x22334455, 0x33445566} + data, err := ComposeVersionNegotiation(connID, connID, versions) + Expect(err).ToNot(HaveOccurred()) + b := bytes.NewReader(data[:len(data)-2]) + iHdr, err := ParseInvariantHeader(b, 0) + Expect(err).ToNot(HaveOccurred()) + _, err = iHdr.Parse(b, protocol.PerspectiveServer, versionIETFFrames) + Expect(err).To(MatchError(qerr.InvalidVersionNegotiationPacket)) + }) + + It("errors if the version list is empty", func() { + connID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8} + versions := []protocol.VersionNumber{0x22334455} + data, err := ComposeVersionNegotiation(connID, connID, versions) + Expect(err).ToNot(HaveOccurred()) + // remove 8 bytes (two versions), since ComposeVersionNegotiation also added a reserved version number + b := bytes.NewReader(data[:len(data)-8]) + iHdr, err := ParseInvariantHeader(b, 0) + Expect(err).ToNot(HaveOccurred()) + _, err = iHdr.Parse(b, protocol.PerspectiveServer, versionIETFFrames) + Expect(err).To(MatchError("InvalidVersionNegotiationPacket: empty version list")) + }) + }) + + Context("Long Headers", func() { + It("parses a Long Header", func() { + destConnID := protocol.ConnectionID{9, 8, 7, 6, 5, 4, 3, 2, 1} + srcConnID := protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef} + data := []byte{ + 0x80 ^ uint8(protocol.PacketTypeInitial), + 0x1, 0x2, 0x3, 0x4, // version number + 0x61, // connection ID lengths + } + data = append(data, destConnID...) + data = append(data, srcConnID...) + data = append(data, encodeVarInt(6)...) // token length + data = append(data, []byte("foobar")...) // token + data = append(data, encodeVarInt(0x1337)...) // payload length + // packet number + data = appendPacketNumber(data, 0xbeef, protocol.PacketNumberLen4) + + b := bytes.NewReader(data) + iHdr, err := ParseInvariantHeader(b, 0) + Expect(err).ToNot(HaveOccurred()) + Expect(iHdr.IsLongHeader).To(BeTrue()) + Expect(iHdr.DestConnectionID).To(Equal(destConnID)) + Expect(iHdr.SrcConnectionID).To(Equal(srcConnID)) + hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(hdr.Type).To(Equal(protocol.PacketTypeInitial)) + Expect(hdr.IsLongHeader).To(BeTrue()) + Expect(hdr.DestConnectionID).To(Equal(destConnID)) + Expect(hdr.SrcConnectionID).To(Equal(srcConnID)) + Expect(hdr.Token).To(Equal([]byte("foobar"))) + Expect(hdr.PayloadLen).To(Equal(protocol.ByteCount(0x1337))) + Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0xbeef))) + Expect(hdr.PacketNumberLen).To(Equal(protocol.PacketNumberLen4)) + Expect(hdr.Version).To(Equal(protocol.VersionNumber(0x1020304))) + Expect(hdr.IsVersionNegotiation).To(BeFalse()) + Expect(b.Len()).To(BeZero()) + }) + + It("parses a Long Header without a destination connection ID", func() { + data := []byte{ + 0x80 ^ uint8(protocol.PacketTypeInitial), + 0x1, 0x2, 0x3, 0x4, // version number + 0x01, // connection ID lengths + 0xde, 0xad, 0xbe, 0xef, // source connection ID + } + data = append(data, encodeVarInt(0x42)...) // payload length + data = append(data, []byte{0xde, 0xca, 0xfb, 0xad}...) + b := bytes.NewReader(data) + iHdr, err := ParseInvariantHeader(b, 0) + Expect(err).ToNot(HaveOccurred()) + Expect(iHdr.SrcConnectionID).To(Equal(protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef})) + Expect(iHdr.DestConnectionID).To(BeEmpty()) + }) + + It("parses a Long Header without a source connection ID", func() { + data := []byte{ + 0x80 ^ uint8(protocol.PacketTypeInitial), + 0x1, 0x2, 0x3, 0x4, // version number + 0x70, // connection ID lengths + 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, // source connection ID + } + data = append(data, encodeVarInt(0x42)...) // payload length + data = append(data, []byte{0xde, 0xca, 0xfb, 0xad}...) + b := bytes.NewReader(data) + iHdr, err := ParseInvariantHeader(b, 0) + Expect(err).ToNot(HaveOccurred()) + Expect(iHdr.SrcConnectionID).To(BeEmpty()) + Expect(iHdr.DestConnectionID).To(Equal(protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10})) + }) + + It("parses a Long Header with a 2 byte packet number", func() { + data := []byte{ + 0x80 ^ uint8(protocol.PacketTypeInitial), + 0x1, 0x2, 0x3, 0x4, // version number + 0x0, // connection ID lengths + } + data = append(data, encodeVarInt(0)...) // token length + data = append(data, encodeVarInt(0x42)...) // payload length + data = appendPacketNumber(data, 0x123, protocol.PacketNumberLen2) + + b := bytes.NewReader(data) + iHdr, err := ParseInvariantHeader(b, 0) + Expect(err).ToNot(HaveOccurred()) + hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0x123))) + Expect(hdr.PacketNumberLen).To(Equal(protocol.PacketNumberLen2)) + }) + + It("parses a Retry packet", func() { + data := []byte{ + 0x80 ^ uint8(protocol.PacketTypeRetry), + 0x1, 0x2, 0x3, 0x4, // version number + 0x0, // connection ID lengths + 0x97, // Orig Destination Connection ID length + 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, // source connection ID + 'f', 'o', 'o', 'b', 'a', 'r', // token + } + b := bytes.NewReader(data) + iHdr, err := ParseInvariantHeader(b, 0) + Expect(err).ToNot(HaveOccurred()) + hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(hdr.Type).To(Equal(protocol.PacketTypeRetry)) + Expect(hdr.OrigDestConnectionID).To(Equal(protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10})) + Expect(hdr.Token).To(Equal([]byte("foobar"))) + }) + + It("rejects packets sent with an unknown packet type", func() { + srcConnID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8} + buf := &bytes.Buffer{} + err := (&Header{ + IsLongHeader: true, + Type: 42, + SrcConnectionID: srcConnID, + Version: 0x10203040, + PacketNumber: 1, + PacketNumberLen: protocol.PacketNumberLen1, + }).Write(buf, protocol.PerspectiveClient, protocol.VersionTLS) + Expect(err).ToNot(HaveOccurred()) + b := bytes.NewReader(buf.Bytes()) + iHdr, err := ParseInvariantHeader(b, 0) + Expect(err).ToNot(HaveOccurred()) + _, err = iHdr.Parse(b, protocol.PerspectiveClient, versionIETFFrames) + Expect(err).To(MatchError("InvalidPacketHeader: Received packet with invalid packet type: 42")) + }) + + It("errors if the token length is too large", func() { + data := []byte{ + 0x80 ^ uint8(protocol.PacketTypeInitial), + 0x1, 0x2, 0x3, 0x4, // version number + 0x0, // connection ID lengths + } + data = append(data, encodeVarInt(4)...) // token length: 4 bytes (1 byte too long) + data = append(data, encodeVarInt(0x42)...) // payload length, 1 byte + data = appendPacketNumber(data, 0x123, protocol.PacketNumberLen2) // 2 bytes + + b := bytes.NewReader(data) + iHdr, err := ParseInvariantHeader(b, 0) + Expect(err).ToNot(HaveOccurred()) + _, err = iHdr.Parse(b, protocol.PerspectiveServer, versionIETFFrames) + Expect(err).To(MatchError(io.EOF)) + }) + + It("errors on EOF, when parsing the invariant header", func() { + data := []byte{ + 0x80 ^ uint8(protocol.PacketTypeInitial), + 0x1, 0x2, 0x3, 0x4, // version number + 0x55, // connection ID lengths + 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37, // destination connection ID + 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37, // source connection ID + } + for i := 0; i < len(data); i++ { + _, err := ParseInvariantHeader(bytes.NewReader(data[:i]), 0) Expect(err).To(Equal(io.EOF)) } }) - Context("version negotiation packets", func() { - appendVersion := func(data []byte, v protocol.VersionNumber) []byte { - data = append(data, []byte{0, 0, 0, 0}...) - binary.BigEndian.PutUint32(data[len(data)-4:], uint32(v)) - return data + It("errors on EOF, when parsing the header", func() { + data := []byte{ + 0x80 ^ uint8(protocol.PacketTypeInitial), + 0x1, 0x2, 0x3, 0x4, // version number + 0x0, // connection ID lengths } - - It("parses", func() { - connID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8} - versions := []protocol.VersionNumber{0x13, 0x37} - b := bytes.NewReader(ComposeGQUICVersionNegotiation(connID, versions)) - iHdr, err := ParseInvariantHeader(b, 6) - Expect(err).ToNot(HaveOccurred()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.DestConnectionID).To(Equal(connID)) - Expect(hdr.SrcConnectionID).To(BeEmpty()) - Expect(hdr.VersionFlag).To(BeTrue()) - Expect(hdr.Version).To(BeZero()) // unitialized - Expect(hdr.IsVersionNegotiation).To(BeTrue()) - // in addition to the versions, the supported versions might contain a reserved version number - for _, version := range versions { - Expect(hdr.SupportedVersions).To(ContainElement(version)) - } - Expect(b.Len()).To(BeZero()) - }) - - It("errors if it doesn't contain any versions", func() { - b := bytes.NewReader([]byte{0x9, 0xf6, 0x19, 0x86, 0x66, 0x9b, 0x9f, 0xfa, 0x4c}) - iHdr, err := ParseInvariantHeader(b, 4) - Expect(err).ToNot(HaveOccurred()) - _, err = iHdr.Parse(b, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).To(MatchError("InvalidVersionNegotiationPacket: empty version list")) - }) - - It("reads version negotiation packets containing unsupported versions", func() { - data := []byte{0x9, 0xf6, 0x19, 0x86, 0x66, 0x9b, 0x9f, 0xfa, 0x4c} - data = appendVersion(data, 1) // unsupported version - data = appendVersion(data, protocol.SupportedVersions[0]) - data = appendVersion(data, 99) // unsupported version - b := bytes.NewReader(data) + iHdrLen := len(data) + data = append(data, encodeVarInt(0x1337)...) + data = appendPacketNumber(data, 0xdeadbeef, protocol.PacketNumberLen4) + for i := iHdrLen; i < len(data); i++ { + b := bytes.NewReader(data[:i]) iHdr, err := ParseInvariantHeader(b, 0) Expect(err).ToNot(HaveOccurred()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.VersionFlag).To(BeTrue()) - Expect(hdr.IsVersionNegotiation).To(BeTrue()) - Expect(hdr.SupportedVersions).To(Equal([]protocol.VersionNumber{1, protocol.SupportedVersions[0], 99})) - Expect(b.Len()).To(BeZero()) - }) - - It("errors on invalid version tags", func() { - data := ComposeGQUICVersionNegotiation(protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, protocol.SupportedVersions) - data = append(data, []byte{0x13, 0x37}...) - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - _, err = iHdr.Parse(b, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).To(MatchError(qerr.InvalidVersionNegotiationPacket)) - }) + _, err = iHdr.Parse(b, protocol.PerspectiveServer, versionIETFFrames) + Expect(err).To(Equal(io.EOF)) + } }) - Context("Packet Number lengths", func() { - It("accepts 1-byte packet numbers", func() { - b := bytes.NewReader([]byte{0x08, 0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6, 0xde}) + It("errors on EOF, for a Retry packet", func() { + data := []byte{ + 0x80 ^ uint8(protocol.PacketTypeRetry), + 0x1, 0x2, 0x3, 0x4, // version number + 0x0, // connection ID lengths + } + iHdrLen := len(data) + data = append(data, []byte{ + 0x97, // Orig Destination Connection ID length + 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, // source connection ID + }...) + for i := iHdrLen; i < len(data); i++ { + b := bytes.NewReader(data[:i]) iHdr, err := ParseInvariantHeader(b, 0) Expect(err).ToNot(HaveOccurred()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0xde))) - Expect(hdr.PacketNumberLen).To(Equal(protocol.PacketNumberLen1)) - Expect(b.Len()).To(BeZero()) - }) + _, err = iHdr.Parse(b, protocol.PerspectiveServer, versionIETFFrames) + Expect(err).To(Equal(io.EOF)) + } + }) + }) - It("accepts 2-byte packet numbers", func() { - b := bytes.NewReader([]byte{0x18, 0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6, 0xde, 0xca}) - iHdr, err := ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0xdeca))) - Expect(hdr.PacketNumberLen).To(Equal(protocol.PacketNumberLen2)) - Expect(b.Len()).To(BeZero()) - }) + Context("Short Headers", func() { + It("reads a Short Header with a 8 byte connection ID", func() { + connID := protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37} + data := append([]byte{0x30}, connID...) + data = appendPacketNumber(data, 0x42, protocol.PacketNumberLen1) + b := bytes.NewReader(data) + iHdr, err := ParseInvariantHeader(b, 8) + Expect(err).ToNot(HaveOccurred()) + Expect(iHdr.IsLongHeader).To(BeFalse()) + Expect(iHdr.DestConnectionID).To(Equal(connID)) + hdr, err := iHdr.Parse(b, protocol.PerspectiveClient, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(hdr.KeyPhase).To(Equal(0)) + Expect(hdr.DestConnectionID).To(Equal(connID)) + Expect(hdr.SrcConnectionID).To(BeEmpty()) + Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0x42))) + Expect(hdr.IsVersionNegotiation).To(BeFalse()) + Expect(b.Len()).To(BeZero()) + }) - It("accepts 4-byte packet numbers", func() { - b := bytes.NewReader([]byte{0x28, 0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6, 0xad, 0xfb, 0xca, 0xde}) - iHdr, err := ParseInvariantHeader(b, 0) + It("reads a Short Header with a 5 byte connection ID", func() { + connID := protocol.ConnectionID{1, 2, 3, 4, 5} + data := append([]byte{0x30}, connID...) + data = appendPacketNumber(data, 0x42, protocol.PacketNumberLen1) + b := bytes.NewReader(data) + iHdr, err := ParseInvariantHeader(b, 5) + Expect(err).ToNot(HaveOccurred()) + Expect(iHdr.IsLongHeader).To(BeFalse()) + Expect(iHdr.DestConnectionID).To(Equal(connID)) + hdr, err := iHdr.Parse(b, protocol.PerspectiveClient, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(hdr.KeyPhase).To(Equal(0)) + Expect(hdr.DestConnectionID).To(Equal(connID)) + Expect(hdr.SrcConnectionID).To(BeEmpty()) + Expect(b.Len()).To(BeZero()) + }) + + It("reads the Key Phase Bit", func() { + data := []byte{ + 0x30 ^ 0x40, + 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, // connection ID + } + data = appendPacketNumber(data, 11, protocol.PacketNumberLen1) + b := bytes.NewReader(data) + iHdr, err := ParseInvariantHeader(b, 6) + Expect(err).ToNot(HaveOccurred()) + hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(hdr.IsLongHeader).To(BeFalse()) + Expect(hdr.KeyPhase).To(Equal(1)) + Expect(b.Len()).To(BeZero()) + }) + + It("reads a header with a 2 byte packet number", func() { + data := []byte{ + 0x30 ^ 0x40 ^ 0x1, + 0xde, 0xad, 0xbe, 0xef, // connection ID + } + data = appendPacketNumber(data, 0x1337, protocol.PacketNumberLen2) + b := bytes.NewReader(data) + iHdr, err := ParseInvariantHeader(b, 4) + Expect(err).ToNot(HaveOccurred()) + hdr, err := iHdr.Parse(b, protocol.PerspectiveClient, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(hdr.IsLongHeader).To(BeFalse()) + Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0x1337))) + Expect(hdr.PacketNumberLen).To(Equal(protocol.PacketNumberLen2)) + Expect(b.Len()).To(BeZero()) + }) + + It("reads a header with a 4 byte packet number", func() { + data := []byte{ + 0x30 ^ 0x40 ^ 0x2, + 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x1, 0x2, 0x3, 0x4, // connection ID + } + data = appendPacketNumber(data, 0x99beef, protocol.PacketNumberLen4) + b := bytes.NewReader(data) + iHdr, err := ParseInvariantHeader(b, 10) + Expect(err).ToNot(HaveOccurred()) + hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(hdr.IsLongHeader).To(BeFalse()) + Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0x99beef))) + Expect(hdr.PacketNumberLen).To(Equal(protocol.PacketNumberLen4)) + Expect(b.Len()).To(BeZero()) + }) + + It("errors on EOF, when parsing the invariant header", func() { + data := []byte{ + 0x30 ^ 0x2, + 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37, // connection ID + } + for i := 0; i < len(data); i++ { + _, err := ParseInvariantHeader(bytes.NewReader(data[:i]), 8) + Expect(err).To(Equal(io.EOF)) + } + }) + + It("errors on EOF, when parsing the invariant header", func() { + data := []byte{ + 0x30 ^ 0x2, + 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, // connection ID + } + iHdrLen := len(data) + data = appendPacketNumber(data, 0xdeadbeef, protocol.PacketNumberLen4) + for i := iHdrLen; i < len(data); i++ { + b := bytes.NewReader(data[:i]) + iHdr, err := ParseInvariantHeader(b, 6) Expect(err).ToNot(HaveOccurred()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.PacketNumber).To(Equal(protocol.PacketNumber(0xadfbcade))) - Expect(hdr.PacketNumberLen).To(Equal(protocol.PacketNumberLen4)) - Expect(b.Len()).To(BeZero()) - }) + _, err = iHdr.Parse(b, protocol.PerspectiveClient, versionIETFFrames) + Expect(err).To(Equal(io.EOF)) + } }) }) }) diff --git a/internal/wire/header_test.go b/internal/wire/header_test.go index 9e796443..e782a81b 100644 --- a/internal/wire/header_test.go +++ b/internal/wire/header_test.go @@ -12,10 +12,7 @@ import ( ) var _ = Describe("Header", func() { - const ( - versionPublicHeader = protocol.Version39 // a QUIC version that uses the Public Header format - versionIETFHeader = protocol.VersionTLS // a QUIC version that uses the IETF Header format - ) + const versionIETFHeader = protocol.VersionTLS // a QUIC version that uses the IETF Header format Context("Writing", func() { var buf *bytes.Buffer @@ -24,482 +21,194 @@ var _ = Describe("Header", func() { buf = &bytes.Buffer{} }) - Context("IETF Header", func() { - appendPacketNumber := func(data []byte, pn protocol.PacketNumber, pnLen protocol.PacketNumberLen) []byte { - buf := &bytes.Buffer{} - utils.WriteVarIntPacketNumber(buf, pn, pnLen) - return append(data, buf.Bytes()...) - } + appendPacketNumber := func(data []byte, pn protocol.PacketNumber, pnLen protocol.PacketNumberLen) []byte { + buf := &bytes.Buffer{} + utils.WriteVarIntPacketNumber(buf, pn, pnLen) + return append(data, buf.Bytes()...) + } - Context("Long Header", func() { - srcConnID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8} + Context("Long Header", func() { + srcConnID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8} - It("writes", func() { - err := (&Header{ - IsLongHeader: true, - Type: 0x5, - DestConnectionID: protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe}, - SrcConnectionID: protocol.ConnectionID{0xde, 0xca, 0xfb, 0xad, 0x0, 0x0, 0x13, 0x37}, - PayloadLen: 0xcafe, - PacketNumber: 0xdecaf, - PacketNumberLen: protocol.PacketNumberLen4, - Version: 0x1020304, - }).Write(buf, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - expected := []byte{ - 0x80 ^ 0x5, - 0x1, 0x2, 0x3, 0x4, // version number - 0x35, // connection ID lengths - 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, // dest connection ID - 0xde, 0xca, 0xfb, 0xad, 0x0, 0x0, 0x13, 0x37, // source connection ID - } - expected = append(expected, encodeVarInt(0xcafe)...) // payload length - expected = appendPacketNumber(expected, 0xdecaf, protocol.PacketNumberLen4) - Expect(buf.Bytes()).To(Equal(expected)) - }) - - It("refuses to write a header with a too short connection ID", func() { - err := (&Header{ - IsLongHeader: true, - Type: 0x5, - SrcConnectionID: srcConnID, - DestConnectionID: protocol.ConnectionID{1, 2, 3}, // connection IDs must be at least 4 bytes long - PacketNumber: 0xdecafbad, - PacketNumberLen: protocol.PacketNumberLen4, - Version: 0x1020304, - }).Write(buf, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).To(MatchError("invalid connection ID length: 3 bytes")) - }) - - It("refuses to write a header with a too long connection ID", func() { - err := (&Header{ - IsLongHeader: true, - Type: 0x5, - SrcConnectionID: srcConnID, - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19}, // connection IDs must be at most 18 bytes long - PacketNumber: 0xdecafbad, - PacketNumberLen: protocol.PacketNumberLen4, - Version: 0x1020304, - }).Write(buf, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).To(MatchError("invalid connection ID length: 19 bytes")) - }) - - It("writes a header with an 18 byte connection ID", func() { - err := (&Header{ - IsLongHeader: true, - Type: 0x5, - SrcConnectionID: srcConnID, - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18}, // connection IDs must be at most 18 bytes long - PacketNumber: 0xdecafbad, - PacketNumberLen: protocol.PacketNumberLen4, - Version: 0x1020304, - }).Write(buf, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Bytes()).To(ContainSubstring(string([]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18}))) - }) - - It("writes an Initial containing a token", func() { - token := []byte("Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.") - err := (&Header{ - IsLongHeader: true, - Type: protocol.PacketTypeInitial, - Token: token, - PacketNumber: 0xdecafbad, - PacketNumberLen: protocol.PacketNumberLen4, - Version: 0x1020304, - }).Write(buf, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - expectedSubstring := append(encodeVarInt(uint64(len(token))), token...) - Expect(buf.Bytes()).To(ContainSubstring(string(expectedSubstring))) - }) - - It("writes a Retry packet", func() { - token := []byte("Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.") - err := (&Header{ - IsLongHeader: true, - Type: protocol.PacketTypeRetry, - Token: token, - OrigDestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9}, - Version: 0x1020304, - }).Write(buf, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Bytes()[:6]).To(Equal([]byte{ - 0x80 ^ uint8(protocol.PacketTypeRetry), - 0x1, 0x2, 0x3, 0x4, // version number - 0x0, // connection ID lengths)) - })) - Expect(buf.Bytes()[6] & 0xf).To(Equal(uint8(6))) - Expect(buf.Bytes()[7 : 7+9]).To(Equal([]byte{1, 2, 3, 4, 5, 6, 7, 8, 9})) // Orig Dest Connection ID - Expect(buf.Bytes()[7+9:]).To(Equal(token)) - }) - - It("refuses to write a Retry packet with an invalid Orig Destination Connection ID length", func() { - err := (&Header{ - IsLongHeader: true, - Type: protocol.PacketTypeRetry, - Token: []byte("foobar"), - OrigDestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19}, // connection IDs must be at most 18 bytes long - Version: 0x1020304, - }).Write(buf, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).To(MatchError("invalid connection ID length: 19 bytes")) - }) + It("writes", func() { + err := (&Header{ + IsLongHeader: true, + Type: 0x5, + DestConnectionID: protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe}, + SrcConnectionID: protocol.ConnectionID{0xde, 0xca, 0xfb, 0xad, 0x0, 0x0, 0x13, 0x37}, + PayloadLen: 0xcafe, + PacketNumber: 0xdecaf, + PacketNumberLen: protocol.PacketNumberLen4, + Version: 0x1020304, + }).Write(buf, protocol.PerspectiveServer, versionIETFHeader) + Expect(err).ToNot(HaveOccurred()) + expected := []byte{ + 0x80 ^ 0x5, + 0x1, 0x2, 0x3, 0x4, // version number + 0x35, // connection ID lengths + 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, // dest connection ID + 0xde, 0xca, 0xfb, 0xad, 0x0, 0x0, 0x13, 0x37, // source connection ID + } + expected = append(expected, encodeVarInt(0xcafe)...) // payload length + expected = appendPacketNumber(expected, 0xdecaf, protocol.PacketNumberLen4) + Expect(buf.Bytes()).To(Equal(expected)) }) - Context("short header", func() { - It("writes a header with connection ID", func() { - err := (&Header{ - DestConnectionID: protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37}, - PacketNumberLen: protocol.PacketNumberLen1, - PacketNumber: 0x42, - }).Write(buf, protocol.PerspectiveClient, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Bytes()).To(Equal([]byte{ - 0x30, - 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37, // connection ID - 0x42, // packet number - })) - }) + It("refuses to write a header with a too short connection ID", func() { + err := (&Header{ + IsLongHeader: true, + Type: 0x5, + SrcConnectionID: srcConnID, + DestConnectionID: protocol.ConnectionID{1, 2, 3}, // connection IDs must be at least 4 bytes long + PacketNumber: 0xdecafbad, + PacketNumberLen: protocol.PacketNumberLen4, + Version: 0x1020304, + }).Write(buf, protocol.PerspectiveServer, versionIETFHeader) + Expect(err).To(MatchError("invalid connection ID length: 3 bytes")) + }) - It("writes a header without connection ID", func() { - err := (&Header{ - PacketNumberLen: protocol.PacketNumberLen1, - PacketNumber: 0x42, - }).Write(buf, protocol.PerspectiveClient, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Bytes()).To(Equal([]byte{ - 0x30, - 0x42, // packet number - })) - }) + It("refuses to write a header with a too long connection ID", func() { + err := (&Header{ + IsLongHeader: true, + Type: 0x5, + SrcConnectionID: srcConnID, + DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19}, // connection IDs must be at most 18 bytes long + PacketNumber: 0xdecafbad, + PacketNumberLen: protocol.PacketNumberLen4, + Version: 0x1020304, + }).Write(buf, protocol.PerspectiveServer, versionIETFHeader) + Expect(err).To(MatchError("invalid connection ID length: 19 bytes")) + }) - It("writes a header with a 2 byte packet number", func() { - err := (&Header{ - PacketNumberLen: protocol.PacketNumberLen2, - PacketNumber: 0x765, - }).Write(buf, protocol.PerspectiveClient, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - expected := []byte{0x30} - expected = appendPacketNumber(expected, 0x765, protocol.PacketNumberLen2) - Expect(buf.Bytes()).To(Equal(expected)) - }) + It("writes a header with an 18 byte connection ID", func() { + err := (&Header{ + IsLongHeader: true, + Type: 0x5, + SrcConnectionID: srcConnID, + DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18}, // connection IDs must be at most 18 bytes long + PacketNumber: 0xdecafbad, + PacketNumberLen: protocol.PacketNumberLen4, + Version: 0x1020304, + }).Write(buf, protocol.PerspectiveServer, versionIETFHeader) + Expect(err).ToNot(HaveOccurred()) + Expect(buf.Bytes()).To(ContainSubstring(string([]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18}))) + }) - It("writes a header with a 4 byte packet number", func() { - err := (&Header{ - PacketNumberLen: protocol.PacketNumberLen4, - PacketNumber: 0x123456, - }).Write(buf, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - expected := []byte{0x30} - expected = appendPacketNumber(expected, 0x123456, protocol.PacketNumberLen4) - Expect(buf.Bytes()).To(Equal(expected)) - }) + It("writes an Initial containing a token", func() { + token := []byte("Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.") + err := (&Header{ + IsLongHeader: true, + Type: protocol.PacketTypeInitial, + Token: token, + PacketNumber: 0xdecafbad, + PacketNumberLen: protocol.PacketNumberLen4, + Version: 0x1020304, + }).Write(buf, protocol.PerspectiveServer, versionIETFHeader) + Expect(err).ToNot(HaveOccurred()) + expectedSubstring := append(encodeVarInt(uint64(len(token))), token...) + Expect(buf.Bytes()).To(ContainSubstring(string(expectedSubstring))) + }) - It("errors when given an invalid packet number length", func() { - err := (&Header{ - PacketNumberLen: 3, - PacketNumber: 0xdecafbad, - }).Write(buf, protocol.PerspectiveClient, versionIETFHeader) - Expect(err).To(MatchError("invalid packet number length: 3")) - }) + It("writes a Retry packet", func() { + token := []byte("Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.") + err := (&Header{ + IsLongHeader: true, + Type: protocol.PacketTypeRetry, + Token: token, + OrigDestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9}, + Version: 0x1020304, + }).Write(buf, protocol.PerspectiveServer, versionIETFHeader) + Expect(err).ToNot(HaveOccurred()) + Expect(buf.Bytes()[:6]).To(Equal([]byte{ + 0x80 ^ uint8(protocol.PacketTypeRetry), + 0x1, 0x2, 0x3, 0x4, // version number + 0x0, // connection ID lengths)) + })) + Expect(buf.Bytes()[6] & 0xf).To(Equal(uint8(6))) + Expect(buf.Bytes()[7 : 7+9]).To(Equal([]byte{1, 2, 3, 4, 5, 6, 7, 8, 9})) // Orig Dest Connection ID + Expect(buf.Bytes()[7+9:]).To(Equal(token)) + }) - It("writes the Key Phase Bit", func() { - err := (&Header{ - KeyPhase: 1, - PacketNumberLen: protocol.PacketNumberLen1, - PacketNumber: 0x42, - }).Write(buf, protocol.PerspectiveClient, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Bytes()).To(Equal([]byte{ - 0x30 | 0x40, - 0x42, // packet number - })) - }) + It("refuses to write a Retry packet with an invalid Orig Destination Connection ID length", func() { + err := (&Header{ + IsLongHeader: true, + Type: protocol.PacketTypeRetry, + Token: []byte("foobar"), + OrigDestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19}, // connection IDs must be at most 18 bytes long + Version: 0x1020304, + }).Write(buf, protocol.PerspectiveServer, versionIETFHeader) + Expect(err).To(MatchError("invalid connection ID length: 19 bytes")) }) }) - Context("gQUIC 44", func() { - Context("Long Header", func() { - It("writes", func() { - err := (&Header{ - IsLongHeader: true, - Type: protocol.PacketTypeInitial, - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - Version: 0xdeadbeef, - PacketNumberLen: protocol.PacketNumberLen4, - PacketNumber: 0xdecafbad, - }).Write(buf, protocol.PerspectiveServer, protocol.Version44) - Expect(err).ToNot(HaveOccurred()) - expected := []byte{ - 0x80 ^ uint8(protocol.PacketTypeInitial), - 0xde, 0xad, 0xbe, 0xef, // version - 0x50, // connection ID lengths - 1, 2, 3, 4, 5, 6, 7, 8, // connection ID - 0xde, 0xca, 0xfb, 0xad, // packet number - } - Expect(buf.Bytes()).To(Equal(expected)) - }) - - It("writes a 0-RTT packet with a Diversification Nonce", func() { - divNonce := bytes.Repeat([]byte{'c'}, 32) - err := (&Header{ - IsLongHeader: true, - Type: protocol.PacketType0RTT, - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - Version: 0xdeadbeef, - PacketNumberLen: protocol.PacketNumberLen4, - PacketNumber: 0xdecafbad, - DiversificationNonce: divNonce, - }).Write(buf, protocol.PerspectiveServer, protocol.Version44) - Expect(err).ToNot(HaveOccurred()) - expected := []byte{ - 0x80 ^ uint8(protocol.PacketType0RTT), - 0xde, 0xad, 0xbe, 0xef, // version - 0x50, // connection ID lengths - 1, 2, 3, 4, 5, 6, 7, 8, // connection ID - 0xde, 0xca, 0xfb, 0xad, // packet number - } - expected = append(expected, divNonce...) - Expect(buf.Bytes()).To(Equal(expected)) - }) - - It("refuses to write a 0-RTT packet with a wrong length Diversification Nonce", func() { - divNonce := bytes.Repeat([]byte{'c'}, 31) - err := (&Header{ - IsLongHeader: true, - Type: protocol.PacketType0RTT, - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - Version: 0xdeadbeef, - PacketNumberLen: protocol.PacketNumberLen4, - PacketNumber: 0xdecafbad, - DiversificationNonce: divNonce, - }).Write(buf, protocol.PerspectiveServer, protocol.Version44) - Expect(err).To(MatchError("invalid diversification nonce length")) - }) - }) - - Context("Short Header", func() { - It("writes a Short Header with a 1 byte packet number", func() { - err := (&Header{ - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - PacketNumberLen: protocol.PacketNumberLen1, - PacketNumber: 0x42, - }).Write(buf, protocol.PerspectiveServer, protocol.Version44) - Expect(err).ToNot(HaveOccurred()) - expected := []byte{ - 0x30, - 1, 2, 3, 4, 5, 6, 7, 8, // connection ID - 0x42, // packet number - } - Expect(buf.Bytes()).To(Equal(expected)) - }) - - It("writes a Short Header with a 2 byte packet number", func() { - err := (&Header{ - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - PacketNumberLen: protocol.PacketNumberLen2, - PacketNumber: 0xcafe, - }).Write(buf, protocol.PerspectiveServer, protocol.Version44) - Expect(err).ToNot(HaveOccurred()) - expected := []byte{ - 0x30 ^ 0x1, - 1, 2, 3, 4, 5, 6, 7, 8, // connection ID - 0xca, 0xfe, // packet number - } - Expect(buf.Bytes()).To(Equal(expected)) - }) - - It("writes a Short Header with a 4 byte packet number", func() { - err := (&Header{ - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - PacketNumberLen: protocol.PacketNumberLen4, - PacketNumber: 0xdeadbeef, - }).Write(buf, protocol.PerspectiveServer, protocol.Version44) - Expect(err).ToNot(HaveOccurred()) - expected := []byte{ - 0x30 ^ 0x2, - 1, 2, 3, 4, 5, 6, 7, 8, // connection ID - 0xde, 0xad, 0xbe, 0xef, // packet number - } - Expect(buf.Bytes()).To(Equal(expected)) - }) - }) - }) - - Context("Public Header", func() { - connID := protocol.ConnectionID{0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6} - - It("writes a sample header as a server", func() { - hdr := Header{ - DestConnectionID: connID, - PacketNumber: 2, - PacketNumberLen: protocol.PacketNumberLen4, - } - err := hdr.Write(buf, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Bytes()).To(Equal([]byte{ - 0x28, - 0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6, - 0, 0, 0, 2, - })) - }) - - It("writes a sample header as a client", func() { - hdr := Header{ - DestConnectionID: connID, - PacketNumber: 0x1337, - PacketNumberLen: protocol.PacketNumberLen2, - } - err := hdr.Write(buf, protocol.PerspectiveClient, versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Bytes()).To(Equal([]byte{ - 0x18, 0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6, - 0x13, 0x37, - })) - }) - - It("refuses to write a Public Header with a source connection ID", func() { - hdr := Header{ - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - SrcConnectionID: protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1}, - PacketNumber: 0x1337, - PacketNumberLen: protocol.PacketNumberLen4, - } - err := hdr.Write(buf, protocol.PerspectiveClient, versionPublicHeader) - Expect(err).To(MatchError("PublicHeader: SrcConnectionID must not be set")) - }) - - It("refuses to write a Public Header if the connection ID has the wrong length", func() { - connID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7} - hdr := Header{ - DestConnectionID: connID, - PacketNumber: 2, - PacketNumberLen: protocol.PacketNumberLen2, - } - err := hdr.Write(buf, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).To(MatchError("PublicHeader: wrong length for Connection ID: 7 (expected 8)")) - }) - - It("refuses to write a Public Header if the PacketNumberLen is not set", func() { - connID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8} - hdr := Header{ - DestConnectionID: connID, - PacketNumber: 2, - } - err := hdr.Write(buf, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).To(MatchError("PublicHeader: PacketNumberLen not set")) - }) - - It("omits the connection ID", func() { - hdr := Header{ - PacketNumberLen: protocol.PacketNumberLen1, - PacketNumber: 1, - } - err := hdr.Write(buf, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Bytes()).To(Equal([]byte{0x0, 0x1})) - }) - - It("writes diversification nonces", func() { - hdr := Header{ - DestConnectionID: connID, - PacketNumber: 0x42, - PacketNumberLen: protocol.PacketNumberLen1, - DiversificationNonce: bytes.Repeat([]byte{1}, 32), - } - err := hdr.Write(buf, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Bytes()).To(Equal([]byte{ - 0xc, - 0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 0x42, - })) - }) - - It("writes packets with Version Flag, as a client", func() { - hdr := Header{ - VersionFlag: true, - Version: 0x11223344, - DestConnectionID: connID, - PacketNumber: 0x42, + Context("short header", func() { + It("writes a header with connection ID", func() { + err := (&Header{ + DestConnectionID: protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37}, PacketNumberLen: protocol.PacketNumberLen1, - } - err := hdr.Write(buf, protocol.PerspectiveClient, versionPublicHeader) + PacketNumber: 0x42, + }).Write(buf, protocol.PerspectiveClient, versionIETFHeader) Expect(err).ToNot(HaveOccurred()) - // must be the first assertion - Expect(buf.Len()).To(Equal(1 + 8 + 4 + 1)) // 1 FlagByte + 8 ConnectionID + 4 version number + 1 PacketNumber - firstByte, _ := buf.ReadByte() - Expect(firstByte & 0x01).To(Equal(uint8(1))) - Expect(firstByte & 0x30).To(Equal(uint8(0x0))) - Expect(buf.Bytes()[8:12]).To(Equal([]byte{0x11, 0x22, 0x33, 0x44})) - Expect(buf.Bytes()[12:13]).To(Equal([]byte{0x42})) + Expect(buf.Bytes()).To(Equal([]byte{ + 0x30, + 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37, // connection ID + 0x42, // packet number + })) }) - Context("packet number length", func() { - It("doesn't write a header if the packet number length is not set", func() { - b := &bytes.Buffer{} - hdr := Header{ - DestConnectionID: connID, - PacketNumber: 0xDECAFBAD, - } - err := hdr.Write(b, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).To(MatchError("PublicHeader: PacketNumberLen not set")) - }) + It("writes a header without connection ID", func() { + err := (&Header{ + PacketNumberLen: protocol.PacketNumberLen1, + PacketNumber: 0x42, + }).Write(buf, protocol.PerspectiveClient, versionIETFHeader) + Expect(err).ToNot(HaveOccurred()) + Expect(buf.Bytes()).To(Equal([]byte{ + 0x30, + 0x42, // packet number + })) + }) - It("writes a header with a 1-byte packet number", func() { - hdr := Header{ - DestConnectionID: connID, - PacketNumber: 0xdecafbad, - PacketNumberLen: protocol.PacketNumberLen1, - } - err := hdr.Write(buf, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Bytes()).To(Equal([]byte{ - 0x8, - 0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6, - 0xad, - })) - }) + It("writes a header with a 2 byte packet number", func() { + err := (&Header{ + PacketNumberLen: protocol.PacketNumberLen2, + PacketNumber: 0x765, + }).Write(buf, protocol.PerspectiveClient, versionIETFHeader) + Expect(err).ToNot(HaveOccurred()) + expected := []byte{0x30} + expected = appendPacketNumber(expected, 0x765, protocol.PacketNumberLen2) + Expect(buf.Bytes()).To(Equal(expected)) + }) - It("writes a header with a 2-byte packet number", func() { - hdr := Header{ - DestConnectionID: connID, - PacketNumber: 0xdecafbad, - PacketNumberLen: protocol.PacketNumberLen2, - } - err := hdr.Write(buf, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Bytes()).To(Equal([]byte{ - 0x18, - 0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6, - 0xfb, 0xad, - })) - }) + It("writes a header with a 4 byte packet number", func() { + err := (&Header{ + PacketNumberLen: protocol.PacketNumberLen4, + PacketNumber: 0x123456, + }).Write(buf, protocol.PerspectiveServer, versionIETFHeader) + Expect(err).ToNot(HaveOccurred()) + expected := []byte{0x30} + expected = appendPacketNumber(expected, 0x123456, protocol.PacketNumberLen4) + Expect(buf.Bytes()).To(Equal(expected)) + }) - It("writes a header with a 4-byte packet number", func() { - hdr := Header{ - DestConnectionID: connID, - PacketNumber: 0x13decafbad, - PacketNumberLen: protocol.PacketNumberLen4, - } - err := hdr.Write(buf, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Bytes()).To(Equal([]byte{ - 0x28, - 0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6, - 0xde, 0xca, 0xfb, 0xad, - })) - }) + It("errors when given an invalid packet number length", func() { + err := (&Header{ + PacketNumberLen: 3, + PacketNumber: 0xdecafbad, + }).Write(buf, protocol.PerspectiveClient, versionIETFHeader) + Expect(err).To(MatchError("invalid packet number length: 3")) + }) - It("refuses to write a header with a 6-byte packet number", func() { - hdr := Header{ - DestConnectionID: connID, - PacketNumber: 0xbe1337decafbad, - PacketNumberLen: protocol.PacketNumberLen6, - } - err := hdr.writePublicHeader(buf, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).To(MatchError(errInvalidPacketNumberLen)) - }) + It("writes the Key Phase Bit", func() { + err := (&Header{ + KeyPhase: 1, + PacketNumberLen: protocol.PacketNumberLen1, + PacketNumber: 0x42, + }).Write(buf, protocol.PerspectiveClient, versionIETFHeader) + Expect(err).ToNot(HaveOccurred()) + Expect(buf.Bytes()).To(Equal([]byte{ + 0x30 | 0x40, + 0x42, // packet number + })) }) }) }) @@ -511,222 +220,110 @@ var _ = Describe("Header", func() { buf = &bytes.Buffer{} }) - Context("IETF QUIC", func() { - It("has the right length for the Long Header, for a short payload length", func() { - h := &Header{ - IsLongHeader: true, - PayloadLen: 1, - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - SrcConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - PacketNumberLen: protocol.PacketNumberLen1, - } - expectedLen := 1 /* type byte */ + 4 /* version */ + 1 /* conn ID len */ + 8 /* dest conn id */ + 8 /* src conn id */ + 1 /* short payload len */ + 1 /* packet number */ - Expect(h.GetLength(versionIETFHeader)).To(BeEquivalentTo(expectedLen)) - err := h.Write(buf, protocol.PerspectiveClient, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Len()).To(Equal(expectedLen)) - }) - - It("has the right length for the Long Header, for a long payload length", func() { - h := &Header{ - IsLongHeader: true, - PayloadLen: 1500, - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - SrcConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - PacketNumberLen: protocol.PacketNumberLen2, - } - expectedLen := 1 /* type byte */ + 4 /* version */ + 1 /* conn ID len */ + 8 /* dest conn id */ + 8 /* src conn id */ + 2 /* long payload len */ + 2 /* packet number */ - Expect(h.GetLength(versionIETFHeader)).To(BeEquivalentTo(expectedLen)) - err := h.Write(buf, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Len()).To(Equal(expectedLen)) - }) - - It("has the right length for an Initial not containing a Token", func() { - h := &Header{ - Type: protocol.PacketTypeInitial, - IsLongHeader: true, - PayloadLen: 1500, - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - SrcConnectionID: protocol.ConnectionID{1, 2, 3, 4}, - PacketNumberLen: protocol.PacketNumberLen2, - } - expectedLen := 1 /* type byte */ + 4 /* version */ + 1 /* conn ID len */ + 8 /* dest conn id */ + 4 /* src conn id */ + 1 /* token length */ + 2 /* long payload len */ + 2 /* packet number */ - Expect(h.GetLength(versionIETFHeader)).To(BeEquivalentTo(expectedLen)) - err := h.Write(buf, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Len()).To(Equal(expectedLen)) - }) - - It("has the right length for an Initial containing a Token", func() { - h := &Header{ - Type: protocol.PacketTypeInitial, - IsLongHeader: true, - PayloadLen: 1500, - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - SrcConnectionID: protocol.ConnectionID{1, 2, 3, 4}, - PacketNumberLen: protocol.PacketNumberLen2, - Token: []byte("foo"), - } - expectedLen := 1 /* type byte */ + 4 /* version */ + 1 /* conn ID len */ + 8 /* dest conn id */ + 4 /* src conn id */ + 1 /* token length */ + 3 /* token */ + 2 /* long payload len */ + 2 /* packet number */ - Expect(h.GetLength(versionIETFHeader)).To(BeEquivalentTo(expectedLen)) - err := h.Write(buf, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Len()).To(Equal(expectedLen)) - }) - - It("has the right length for a Short Header containing a connection ID", func() { - h := &Header{ - PacketNumberLen: protocol.PacketNumberLen1, - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - } - Expect(h.GetLength(versionIETFHeader)).To(Equal(protocol.ByteCount(1 + 8 + 1))) - err := h.Write(buf, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Len()).To(Equal(10)) - }) - - It("has the right length for a short header without a connection ID", func() { - h := &Header{PacketNumberLen: protocol.PacketNumberLen1} - Expect(h.GetLength(versionIETFHeader)).To(Equal(protocol.ByteCount(1 + 1))) - err := h.Write(buf, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Len()).To(Equal(2)) - }) - - It("has the right length for a short header with a 2 byte packet number", func() { - h := &Header{PacketNumberLen: protocol.PacketNumberLen2} - Expect(h.GetLength(versionIETFHeader)).To(Equal(protocol.ByteCount(1 + 2))) - err := h.Write(buf, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Len()).To(Equal(3)) - }) - - It("has the right length for a short header with a 5 byte packet number", func() { - h := &Header{PacketNumberLen: protocol.PacketNumberLen4} - Expect(h.GetLength(versionIETFHeader)).To(Equal(protocol.ByteCount(1 + 4))) - err := h.Write(buf, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Len()).To(Equal(5)) - }) - - It("errors when given an invalid packet number length", func() { - h := &Header{PacketNumberLen: 5} - _, err := h.GetLength(versionIETFHeader) - Expect(err).To(MatchError("invalid packet number length: 5")) - }) + It("has the right length for the Long Header, for a short payload length", func() { + h := &Header{ + IsLongHeader: true, + PayloadLen: 1, + DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, + SrcConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, + PacketNumberLen: protocol.PacketNumberLen1, + } + expectedLen := 1 /* type byte */ + 4 /* version */ + 1 /* conn ID len */ + 8 /* dest conn id */ + 8 /* src conn id */ + 1 /* short payload len */ + 1 /* packet number */ + Expect(h.GetLength(versionIETFHeader)).To(BeEquivalentTo(expectedLen)) + err := h.Write(buf, protocol.PerspectiveClient, versionIETFHeader) + Expect(err).ToNot(HaveOccurred()) + Expect(buf.Len()).To(Equal(expectedLen)) }) - Context("gQUIC 44", func() { - It("has the right length for the Long Header", func() { - h := &Header{ - IsLongHeader: true, - Type: protocol.PacketTypeInitial, - PayloadLen: 1, - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - PacketNumberLen: protocol.PacketNumberLen4, - } - expectedLen := 1 /* type byte */ + 4 /* version */ + 1 /* conn ID len */ + 8 /* dest conn id */ + 4 /* packet number */ - Expect(h.GetLength(protocol.Version44)).To(BeEquivalentTo(expectedLen)) - err := h.Write(buf, protocol.PerspectiveClient, protocol.Version44) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Len()).To(Equal(expectedLen)) - }) - - It("has the right length for the Long Header containing a Diversification Nonce", func() { - h := &Header{ - IsLongHeader: true, - Type: protocol.PacketType0RTT, - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - PacketNumberLen: protocol.PacketNumberLen4, - DiversificationNonce: bytes.Repeat([]byte{'d'}, 32), - } - expectedLen := 1 /* type byte */ + 4 /* version */ + 1 /* conn ID len */ + 8 /* dest conn id */ + 4 /* packet number */ + 32 /* div nonce */ - Expect(h.GetLength(protocol.Version44)).To(BeEquivalentTo(expectedLen)) - err := h.Write(buf, protocol.PerspectiveServer, protocol.Version44) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Len()).To(Equal(expectedLen)) - }) - - It("has the right length for a Short Header", func() { - h := &Header{ - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - PacketNumberLen: protocol.PacketNumberLen2, - } - expectedLen := 1 /*type byte*/ + 8 /* conn ID */ + 2 /* packet number */ - Expect(h.GetLength(protocol.Version44)).To(BeEquivalentTo(expectedLen)) - err := h.Write(buf, protocol.PerspectiveServer, protocol.Version44) - Expect(err).ToNot(HaveOccurred()) - Expect(buf.Len()).To(Equal(expectedLen)) - }) + It("has the right length for the Long Header, for a long payload length", func() { + h := &Header{ + IsLongHeader: true, + PayloadLen: 1500, + DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, + SrcConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, + PacketNumberLen: protocol.PacketNumberLen2, + } + expectedLen := 1 /* type byte */ + 4 /* version */ + 1 /* conn ID len */ + 8 /* dest conn id */ + 8 /* src conn id */ + 2 /* long payload len */ + 2 /* packet number */ + Expect(h.GetLength(versionIETFHeader)).To(BeEquivalentTo(expectedLen)) + err := h.Write(buf, protocol.PerspectiveServer, versionIETFHeader) + Expect(err).ToNot(HaveOccurred()) + Expect(buf.Len()).To(Equal(expectedLen)) }) - Context("Public Header", func() { - connID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8} - - It("errors when PacketNumberLen is not set", func() { - hdr := Header{ - DestConnectionID: connID, - PacketNumber: 0xdecafbad, - } - _, err := hdr.GetLength(versionPublicHeader) - Expect(err).To(MatchError(errPacketNumberLenNotSet)) - }) - - It("gets the length of a packet with longest packet number length and connectionID", func() { - hdr := Header{ - DestConnectionID: connID, - PacketNumber: 0xdecafbad, - PacketNumberLen: protocol.PacketNumberLen4, - } - length, err := hdr.GetLength(versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(length).To(Equal(protocol.ByteCount(1 + 8 + 4))) // 1 byte public flag, 8 bytes connectionID, and packet number - }) - - It("gets the lengths of a packet sent by the client with the VersionFlag set", func() { - hdr := Header{ - PacketNumber: 0xdecafbad, - PacketNumberLen: protocol.PacketNumberLen4, - VersionFlag: true, - Version: versionPublicHeader, - } - length, err := hdr.GetLength(versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(length).To(Equal(protocol.ByteCount(1 + 4 + 4))) // 1 byte public flag, 4 version number, and packet number - }) - - It("gets the length of a packet with longest packet number length and omitted connectionID", func() { - hdr := Header{ - PacketNumber: 0xDECAFBAD, - PacketNumberLen: protocol.PacketNumberLen4, - } - length, err := hdr.GetLength(versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(length).To(Equal(protocol.ByteCount(1 + 4))) // 1 byte public flag, and packet number - }) - - It("gets the length of a packet 2 byte packet number length ", func() { - hdr := Header{ - DestConnectionID: connID, - PacketNumber: 0xDECAFBAD, - PacketNumberLen: protocol.PacketNumberLen2, - } - length, err := hdr.GetLength(versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(length).To(Equal(protocol.ByteCount(1 + 8 + 2))) // 1 byte public flag, 8 byte connectionID, and packet number - }) - - It("works with diversification nonce", func() { - hdr := Header{ - DiversificationNonce: []byte("foo"), - PacketNumberLen: protocol.PacketNumberLen1, - } - length, err := hdr.GetLength(versionPublicHeader) - Expect(err).NotTo(HaveOccurred()) - Expect(length).To(Equal(protocol.ByteCount(1 + 3 + 1))) // 1 byte public flag, 3 byte DiversificationNonce, 1 byte PacketNumber - }) + It("has the right length for an Initial not containing a Token", func() { + h := &Header{ + Type: protocol.PacketTypeInitial, + IsLongHeader: true, + PayloadLen: 1500, + DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, + SrcConnectionID: protocol.ConnectionID{1, 2, 3, 4}, + PacketNumberLen: protocol.PacketNumberLen2, + } + expectedLen := 1 /* type byte */ + 4 /* version */ + 1 /* conn ID len */ + 8 /* dest conn id */ + 4 /* src conn id */ + 1 /* token length */ + 2 /* long payload len */ + 2 /* packet number */ + Expect(h.GetLength(versionIETFHeader)).To(BeEquivalentTo(expectedLen)) + err := h.Write(buf, protocol.PerspectiveServer, versionIETFHeader) + Expect(err).ToNot(HaveOccurred()) + Expect(buf.Len()).To(Equal(expectedLen)) }) + + It("has the right length for an Initial containing a Token", func() { + h := &Header{ + Type: protocol.PacketTypeInitial, + IsLongHeader: true, + PayloadLen: 1500, + DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, + SrcConnectionID: protocol.ConnectionID{1, 2, 3, 4}, + PacketNumberLen: protocol.PacketNumberLen2, + Token: []byte("foo"), + } + expectedLen := 1 /* type byte */ + 4 /* version */ + 1 /* conn ID len */ + 8 /* dest conn id */ + 4 /* src conn id */ + 1 /* token length */ + 3 /* token */ + 2 /* long payload len */ + 2 /* packet number */ + Expect(h.GetLength(versionIETFHeader)).To(BeEquivalentTo(expectedLen)) + err := h.Write(buf, protocol.PerspectiveServer, versionIETFHeader) + Expect(err).ToNot(HaveOccurred()) + Expect(buf.Len()).To(Equal(expectedLen)) + }) + + It("has the right length for a Short Header containing a connection ID", func() { + h := &Header{ + PacketNumberLen: protocol.PacketNumberLen1, + DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, + } + Expect(h.GetLength(versionIETFHeader)).To(Equal(protocol.ByteCount(1 + 8 + 1))) + err := h.Write(buf, protocol.PerspectiveServer, versionIETFHeader) + Expect(err).ToNot(HaveOccurred()) + Expect(buf.Len()).To(Equal(10)) + }) + + It("has the right length for a short header without a connection ID", func() { + h := &Header{PacketNumberLen: protocol.PacketNumberLen1} + Expect(h.GetLength(versionIETFHeader)).To(Equal(protocol.ByteCount(1 + 1))) + err := h.Write(buf, protocol.PerspectiveServer, versionIETFHeader) + Expect(err).ToNot(HaveOccurred()) + Expect(buf.Len()).To(Equal(2)) + }) + + It("has the right length for a short header with a 2 byte packet number", func() { + h := &Header{PacketNumberLen: protocol.PacketNumberLen2} + Expect(h.GetLength(versionIETFHeader)).To(Equal(protocol.ByteCount(1 + 2))) + err := h.Write(buf, protocol.PerspectiveServer, versionIETFHeader) + Expect(err).ToNot(HaveOccurred()) + Expect(buf.Len()).To(Equal(3)) + }) + + It("has the right length for a short header with a 5 byte packet number", func() { + h := &Header{PacketNumberLen: protocol.PacketNumberLen4} + Expect(h.GetLength(versionIETFHeader)).To(Equal(protocol.ByteCount(1 + 4))) + err := h.Write(buf, protocol.PerspectiveServer, versionIETFHeader) + Expect(err).ToNot(HaveOccurred()) + Expect(buf.Len()).To(Equal(5)) + }) + + It("errors when given an invalid packet number length", func() { + h := &Header{PacketNumberLen: 5} + _, err := h.GetLength(versionIETFHeader) + Expect(err).To(MatchError("invalid packet number length: 5")) + }) + }) Context("Logging", func() { @@ -746,157 +343,86 @@ var _ = Describe("Header", func() { log.SetOutput(os.Stdout) }) - Context("IETF QUIC Header", func() { - It("logs version negotiation packets", func() { - destConnID := protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37} - srcConnID := protocol.ConnectionID{0xde, 0xca, 0xfb, 0xad, 0x013, 0x37, 0x13, 0x37} - data, err := ComposeVersionNegotiation(destConnID, srcConnID, []protocol.VersionNumber{0x12345678, 0x87654321}) - Expect(err).ToNot(HaveOccurred()) - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 4) - Expect(err).ToNot(HaveOccurred()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionIETFHeader) - Expect(err).ToNot(HaveOccurred()) - hdr.Log(logger) - Expect(buf.String()).To(ContainSubstring("VersionNegotiationPacket{DestConnectionID: 0xdeadbeefcafe1337, SrcConnectionID: 0xdecafbad13371337")) - Expect(buf.String()).To(ContainSubstring("0x12345678")) - Expect(buf.String()).To(ContainSubstring("0x87654321")) - }) - - It("logs Long Headers", func() { - (&Header{ - IsLongHeader: true, - Type: protocol.PacketTypeHandshake, - PacketNumber: 0x1337, - PacketNumberLen: protocol.PacketNumberLen2, - PayloadLen: 54321, - DestConnectionID: protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37}, - SrcConnectionID: protocol.ConnectionID{0xde, 0xca, 0xfb, 0xad, 0x013, 0x37, 0x13, 0x37}, - Version: 0xfeed, - }).Log(logger) - Expect(buf.String()).To(ContainSubstring("Long Header{Type: Handshake, DestConnectionID: 0xdeadbeefcafe1337, SrcConnectionID: 0xdecafbad13371337, PacketNumber: 0x1337, PacketNumberLen: 2, PayloadLen: 54321, Version: 0xfeed}")) - }) - - It("logs Initial Packets with a Token", func() { - (&Header{ - IsLongHeader: true, - Type: protocol.PacketTypeInitial, - Token: []byte{0xde, 0xad, 0xbe, 0xef}, - PacketNumber: 0x42, - PacketNumberLen: protocol.PacketNumberLen2, - PayloadLen: 100, - DestConnectionID: protocol.ConnectionID{0xca, 0xfe, 0x13, 0x37}, - SrcConnectionID: protocol.ConnectionID{0xde, 0xca, 0xfb, 0xad}, - Version: 0xfeed, - }).Log(logger) - Expect(buf.String()).To(ContainSubstring("Long Header{Type: Initial, DestConnectionID: 0xcafe1337, SrcConnectionID: 0xdecafbad, Token: 0xdeadbeef, PacketNumber: 0x42, PacketNumberLen: 2, PayloadLen: 100, Version: 0xfeed}")) - }) - - It("logs Initial Packets without a Token", func() { - (&Header{ - IsLongHeader: true, - Type: protocol.PacketTypeInitial, - PacketNumber: 0x42, - PacketNumberLen: protocol.PacketNumberLen2, - PayloadLen: 100, - DestConnectionID: protocol.ConnectionID{0xca, 0xfe, 0x13, 0x37}, - SrcConnectionID: protocol.ConnectionID{0xde, 0xca, 0xfb, 0xad}, - Version: 0xfeed, - }).Log(logger) - Expect(buf.String()).To(ContainSubstring("Long Header{Type: Initial, DestConnectionID: 0xcafe1337, SrcConnectionID: 0xdecafbad, Token: (empty), PacketNumber: 0x42, PacketNumberLen: 2, PayloadLen: 100, Version: 0xfeed}")) - }) - - It("logs Initial Packets without a Token", func() { - (&Header{ - IsLongHeader: true, - Type: protocol.PacketTypeRetry, - DestConnectionID: protocol.ConnectionID{0xca, 0xfe, 0x13, 0x37}, - SrcConnectionID: protocol.ConnectionID{0xde, 0xca, 0xfb, 0xad}, - OrigDestConnectionID: protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef}, - Token: []byte{0x12, 0x34, 0x56}, - Version: 0xfeed, - }).Log(logger) - Expect(buf.String()).To(ContainSubstring("Long Header{Type: Retry, DestConnectionID: 0xcafe1337, SrcConnectionID: 0xdecafbad, Token: 0x123456, OrigDestConnectionID: 0xdeadbeef, Version: 0xfeed}")) - }) - - It("logs Short Headers containing a connection ID", func() { - (&Header{ - KeyPhase: 1, - PacketNumber: 0x1337, - PacketNumberLen: 4, - DestConnectionID: protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37}, - }).Log(logger) - Expect(buf.String()).To(ContainSubstring("Short Header{DestConnectionID: 0xdeadbeefcafe1337, PacketNumber: 0x1337, PacketNumberLen: 4, KeyPhase: 1}")) - }) + It("logs version negotiation packets", func() { + destConnID := protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37} + srcConnID := protocol.ConnectionID{0xde, 0xca, 0xfb, 0xad, 0x013, 0x37, 0x13, 0x37} + data, err := ComposeVersionNegotiation(destConnID, srcConnID, []protocol.VersionNumber{0x12345678, 0x87654321}) + Expect(err).ToNot(HaveOccurred()) + b := bytes.NewReader(data) + iHdr, err := ParseInvariantHeader(b, 4) + Expect(err).ToNot(HaveOccurred()) + hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionIETFHeader) + Expect(err).ToNot(HaveOccurred()) + hdr.Log(logger) + Expect(buf.String()).To(ContainSubstring("VersionNegotiationPacket{DestConnectionID: 0xdeadbeefcafe1337, SrcConnectionID: 0xdecafbad13371337")) + Expect(buf.String()).To(ContainSubstring("0x12345678")) + Expect(buf.String()).To(ContainSubstring("0x87654321")) }) - Context("gQUIC 44", func() { - It("logs Long Headers", func() { - (&Header{ - IsLongHeader: true, - Type: protocol.PacketTypeHandshake, - PacketNumber: 0x1337, - PacketNumberLen: protocol.PacketNumberLen4, - DestConnectionID: protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37}, - SrcConnectionID: protocol.ConnectionID{0xde, 0xca, 0xfb, 0xad, 0x013, 0x37, 0x13, 0x37}, - Version: protocol.Version44, - }).Log(logger) - Expect(buf.String()).To(ContainSubstring("Long Header{Type: Handshake, DestConnectionID: 0xdeadbeefcafe1337, SrcConnectionID: 0xdecafbad13371337, PacketNumber: 0x1337, PacketNumberLen: 4, Version: gQUIC 44}")) - }) - - It("logs a Long Header with a Diversification Nonce", func() { - (&Header{ - IsLongHeader: true, - Type: protocol.PacketType0RTT, - PacketNumber: 0x1337, - PacketNumberLen: protocol.PacketNumberLen4, - SrcConnectionID: protocol.ConnectionID{0xde, 0xca, 0xfb, 0xad, 0x013, 0x37, 0x13, 0x37}, - DiversificationNonce: []byte{0xde, 0xad, 0xbe, 0xef}, - Version: protocol.Version44, - }).Log(logger) - Expect(buf.String()).To(ContainSubstring("Long Header{Type: 0-RTT Protected, DestConnectionID: (empty), SrcConnectionID: 0xdecafbad13371337, PacketNumber: 0x1337, PacketNumberLen: 4, Diversification Nonce: 0xdeadbeef, Version: gQUIC 44}")) - }) + It("logs Long Headers", func() { + (&Header{ + IsLongHeader: true, + Type: protocol.PacketTypeHandshake, + PacketNumber: 0x1337, + PacketNumberLen: protocol.PacketNumberLen2, + PayloadLen: 54321, + DestConnectionID: protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37}, + SrcConnectionID: protocol.ConnectionID{0xde, 0xca, 0xfb, 0xad, 0x013, 0x37, 0x13, 0x37}, + Version: 0xfeed, + }).Log(logger) + Expect(buf.String()).To(ContainSubstring("Long Header{Type: Handshake, DestConnectionID: 0xdeadbeefcafe1337, SrcConnectionID: 0xdecafbad13371337, PacketNumber: 0x1337, PacketNumberLen: 2, PayloadLen: 54321, Version: 0xfeed}")) }) - Context("Public Header", func() { - It("logs a Public Header containing a connection ID", func() { - (&Header{ - IsPublicHeader: true, - DestConnectionID: protocol.ConnectionID{0x13, 0x37, 0, 0, 0xde, 0xca, 0xfb, 0xad}, - PacketNumber: 0x1337, - PacketNumberLen: 6, - Version: protocol.Version39, - }).Log(logger) - Expect(buf.String()).To(ContainSubstring("Public Header{ConnectionID: 0x13370000decafbad, PacketNumber: 0x1337, PacketNumberLen: 6, Version: gQUIC 39")) - }) + It("logs Initial Packets with a Token", func() { + (&Header{ + IsLongHeader: true, + Type: protocol.PacketTypeInitial, + Token: []byte{0xde, 0xad, 0xbe, 0xef}, + PacketNumber: 0x42, + PacketNumberLen: protocol.PacketNumberLen2, + PayloadLen: 100, + DestConnectionID: protocol.ConnectionID{0xca, 0xfe, 0x13, 0x37}, + SrcConnectionID: protocol.ConnectionID{0xde, 0xca, 0xfb, 0xad}, + Version: 0xfeed, + }).Log(logger) + Expect(buf.String()).To(ContainSubstring("Long Header{Type: Initial, DestConnectionID: 0xcafe1337, SrcConnectionID: 0xdecafbad, Token: 0xdeadbeef, PacketNumber: 0x42, PacketNumberLen: 2, PayloadLen: 100, Version: 0xfeed}")) + }) - It("logs a Public Header with omitted connection ID", func() { - (&Header{ - IsPublicHeader: true, - PacketNumber: 0x1337, - PacketNumberLen: 6, - Version: protocol.Version39, - }).Log(logger) - Expect(buf.String()).To(ContainSubstring("Public Header{ConnectionID: (empty)")) - }) + It("logs Initial Packets without a Token", func() { + (&Header{ + IsLongHeader: true, + Type: protocol.PacketTypeInitial, + PacketNumber: 0x42, + PacketNumberLen: protocol.PacketNumberLen2, + PayloadLen: 100, + DestConnectionID: protocol.ConnectionID{0xca, 0xfe, 0x13, 0x37}, + SrcConnectionID: protocol.ConnectionID{0xde, 0xca, 0xfb, 0xad}, + Version: 0xfeed, + }).Log(logger) + Expect(buf.String()).To(ContainSubstring("Long Header{Type: Initial, DestConnectionID: 0xcafe1337, SrcConnectionID: 0xdecafbad, Token: (empty), PacketNumber: 0x42, PacketNumberLen: 2, PayloadLen: 100, Version: 0xfeed}")) + }) - It("logs a Public Header without a version", func() { - (&Header{ - IsPublicHeader: true, - PacketNumber: 0x1337, - PacketNumberLen: 6, - }).Log(logger) - Expect(buf.String()).To(ContainSubstring("Version: (unset)")) - }) + It("logs Initial Packets with a Token", func() { + (&Header{ + IsLongHeader: true, + Type: protocol.PacketTypeRetry, + DestConnectionID: protocol.ConnectionID{0xca, 0xfe, 0x13, 0x37}, + SrcConnectionID: protocol.ConnectionID{0xde, 0xca, 0xfb, 0xad}, + OrigDestConnectionID: protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef}, + Token: []byte{0x12, 0x34, 0x56}, + Version: 0xfeed, + }).Log(logger) + Expect(buf.String()).To(ContainSubstring("Long Header{Type: Retry, DestConnectionID: 0xcafe1337, SrcConnectionID: 0xdecafbad, Token: 0x123456, OrigDestConnectionID: 0xdeadbeef, Version: 0xfeed}")) + }) - It("logs diversification nonces", func() { - (&Header{ - IsPublicHeader: true, - DestConnectionID: []byte{0x13, 0x13, 0, 0, 0xde, 0xca, 0xfb, 0xad}, - DiversificationNonce: []byte{0xba, 0xdf, 0x00, 0x0d}, - }).Log(logger) - Expect(buf.String()).To(ContainSubstring("DiversificationNonce: []byte{0xba, 0xdf, 0x0, 0xd}")) - }) + It("logs Short Headers containing a connection ID", func() { + (&Header{ + KeyPhase: 1, + PacketNumber: 0x1337, + PacketNumberLen: 4, + DestConnectionID: protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37}, + }).Log(logger) + Expect(buf.String()).To(ContainSubstring("Short Header{DestConnectionID: 0xdeadbeefcafe1337, PacketNumber: 0x1337, PacketNumberLen: 4, KeyPhase: 1}")) }) }) }) diff --git a/internal/wire/log.go b/internal/wire/log.go index 4cd74635..cf627f2f 100644 --- a/internal/wire/log.go +++ b/internal/wire/log.go @@ -23,12 +23,6 @@ func LogFrame(logger utils.Logger, frame Frame, sent bool) { logger.Debugf("\t%s &wire.CryptoFrame{Offset: 0x%x, Data length: 0x%x, Offset + Data length: 0x%x}", dir, f.Offset, dataLen, f.Offset+dataLen) case *StreamFrame: logger.Debugf("\t%s &wire.StreamFrame{StreamID: %d, FinBit: %t, Offset: 0x%x, Data length: 0x%x, Offset + Data length: 0x%x}", dir, f.StreamID, f.FinBit, f.Offset, f.DataLen(), f.Offset+f.DataLen()) - case *StopWaitingFrame: - if sent { - logger.Debugf("\t%s &wire.StopWaitingFrame{LeastUnacked: 0x%x, PacketNumberLen: 0x%x}", dir, f.LeastUnacked, f.PacketNumberLen) - } else { - logger.Debugf("\t%s &wire.StopWaitingFrame{LeastUnacked: 0x%x}", dir, f.LeastUnacked) - } case *AckFrame: if len(f.AckRanges) > 1 { ackRanges := make([]string, len(f.AckRanges)) diff --git a/internal/wire/log_test.go b/internal/wire/log_test.go index 4ecba9d4..76eb5bd0 100644 --- a/internal/wire/log_test.go +++ b/internal/wire/log_test.go @@ -6,7 +6,6 @@ import ( "os" "time" - "github.com/lucas-clemente/quic-go/internal/protocol" "github.com/lucas-clemente/quic-go/internal/utils" . "github.com/onsi/ginkgo" @@ -86,21 +85,4 @@ var _ = Describe("Frame logging", func() { LogFrame(logger, frame, false) Expect(buf.String()).To(ContainSubstring("\t<- &wire.AckFrame{LargestAcked: 0x8, LowestAcked: 0x2, AckRanges: {{Largest: 0x8, Smallest: 0x5}, {Largest: 0x3, Smallest: 0x2}}, DelayTime: 12ms}\n")) }) - - It("logs incoming StopWaiting frames", func() { - frame := &StopWaitingFrame{ - LeastUnacked: 0x1337, - } - LogFrame(logger, frame, false) - Expect(buf.Bytes()).To(ContainSubstring("\t<- &wire.StopWaitingFrame{LeastUnacked: 0x1337}\n")) - }) - - It("logs outgoing StopWaiting frames", func() { - frame := &StopWaitingFrame{ - LeastUnacked: 0x1337, - PacketNumberLen: protocol.PacketNumberLen4, - } - LogFrame(logger, frame, true) - Expect(buf.Bytes()).To(ContainSubstring("\t-> &wire.StopWaitingFrame{LeastUnacked: 0x1337, PacketNumberLen: 0x4}\n")) - }) }) diff --git a/internal/wire/max_data_frame.go b/internal/wire/max_data_frame.go index 0bca27da..1fdfd940 100644 --- a/internal/wire/max_data_frame.go +++ b/internal/wire/max_data_frame.go @@ -30,13 +30,6 @@ func parseMaxDataFrame(r *bytes.Reader, version protocol.VersionNumber) (*MaxDat //Write writes a MAX_STREAM_DATA frame func (f *MaxDataFrame) Write(b *bytes.Buffer, version protocol.VersionNumber) error { - if !version.UsesIETFFrameFormat() { - // write a gQUIC WINDOW_UPDATE frame (with stream ID 0, which means connection-level there) - return (&windowUpdateFrame{ - StreamID: 0, - ByteOffset: f.ByteOffset, - }).Write(b, version) - } b.WriteByte(0x4) utils.WriteVarInt(b, uint64(f.ByteOffset)) return nil @@ -44,8 +37,5 @@ func (f *MaxDataFrame) Write(b *bytes.Buffer, version protocol.VersionNumber) er // Length of a written frame func (f *MaxDataFrame) Length(version protocol.VersionNumber) protocol.ByteCount { - if !version.UsesIETFFrameFormat() { // writing this frame would result in a gQUIC WINDOW_UPDATE being written, which is longer - return 1 + 4 + 8 - } return 1 + utils.VarIntLen(uint64(f.ByteOffset)) } diff --git a/internal/wire/max_data_frame_test.go b/internal/wire/max_data_frame_test.go index a56d2616..0851bd75 100644 --- a/internal/wire/max_data_frame_test.go +++ b/internal/wire/max_data_frame_test.go @@ -15,7 +15,7 @@ var _ = Describe("MAX_DATA frame", func() { data := []byte{0x4} data = append(data, encodeVarInt(0xdecafbad123456)...) // byte offset b := bytes.NewReader(data) - frame, err := parseMaxDataFrame(b, versionBigEndian) + frame, err := parseMaxDataFrame(b, versionIETFFrames) Expect(err).ToNot(HaveOccurred()) Expect(frame.ByteOffset).To(Equal(protocol.ByteCount(0xdecafbad123456))) Expect(b.Len()).To(BeZero()) diff --git a/internal/wire/max_stream_data_frame.go b/internal/wire/max_stream_data_frame.go index 6d8be236..d9a73aa6 100644 --- a/internal/wire/max_stream_data_frame.go +++ b/internal/wire/max_stream_data_frame.go @@ -38,12 +38,6 @@ func parseMaxStreamDataFrame(r *bytes.Reader, version protocol.VersionNumber) (* // Write writes a MAX_STREAM_DATA frame func (f *MaxStreamDataFrame) Write(b *bytes.Buffer, version protocol.VersionNumber) error { - if !version.UsesIETFFrameFormat() { - return (&windowUpdateFrame{ - StreamID: f.StreamID, - ByteOffset: f.ByteOffset, - }).Write(b, version) - } b.WriteByte(0x5) utils.WriteVarInt(b, uint64(f.StreamID)) utils.WriteVarInt(b, uint64(f.ByteOffset)) @@ -52,9 +46,5 @@ func (f *MaxStreamDataFrame) Write(b *bytes.Buffer, version protocol.VersionNumb // Length of a written frame func (f *MaxStreamDataFrame) Length(version protocol.VersionNumber) protocol.ByteCount { - // writing this frame would result in a gQUIC WINDOW_UPDATE being written, which has a different length - if !version.UsesIETFFrameFormat() { - return 1 + 4 + 8 - } return 1 + utils.VarIntLen(uint64(f.StreamID)) + utils.VarIntLen(uint64(f.ByteOffset)) } diff --git a/internal/wire/public_reset.go b/internal/wire/public_reset.go deleted file mode 100644 index b57ea7ad..00000000 --- a/internal/wire/public_reset.go +++ /dev/null @@ -1,65 +0,0 @@ -package wire - -import ( - "bytes" - "encoding/binary" - "errors" - - "github.com/lucas-clemente/quic-go/internal/handshake" - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/utils" -) - -// A PublicReset is a PUBLIC_RESET -type PublicReset struct { - RejectedPacketNumber protocol.PacketNumber - Nonce uint64 -} - -// WritePublicReset writes a PUBLIC_RESET -func WritePublicReset(connectionID protocol.ConnectionID, rejectedPacketNumber protocol.PacketNumber, nonceProof uint64) []byte { - b := &bytes.Buffer{} - b.WriteByte(0x0a) - b.Write(connectionID) - utils.LittleEndian.WriteUint32(b, uint32(handshake.TagPRST)) - utils.LittleEndian.WriteUint32(b, 2) - utils.LittleEndian.WriteUint32(b, uint32(handshake.TagRNON)) - utils.LittleEndian.WriteUint32(b, 8) - utils.LittleEndian.WriteUint32(b, uint32(handshake.TagRSEQ)) - utils.LittleEndian.WriteUint32(b, 16) - utils.LittleEndian.WriteUint64(b, nonceProof) - utils.LittleEndian.WriteUint64(b, uint64(rejectedPacketNumber)) - return b.Bytes() -} - -// ParsePublicReset parses a PUBLIC_RESET -func ParsePublicReset(r *bytes.Reader) (*PublicReset, error) { - pr := PublicReset{} - msg, err := handshake.ParseHandshakeMessage(r) - if err != nil { - return nil, err - } - if msg.Tag != handshake.TagPRST { - return nil, errors.New("wrong public reset tag") - } - - // The RSEQ tag is mandatory according to the gQUIC wire spec. - // However, Google doesn't send RSEQ in their PUBLIC_RESETs. - // Therefore, we'll treat RSEQ as an optional field. - if rseq, ok := msg.Data[handshake.TagRSEQ]; ok { - if len(rseq) != 8 { - return nil, errors.New("invalid RSEQ tag") - } - pr.RejectedPacketNumber = protocol.PacketNumber(binary.LittleEndian.Uint64(rseq)) - } - - rnon, ok := msg.Data[handshake.TagRNON] - if !ok { - return nil, errors.New("RNON missing") - } - if len(rnon) != 8 { - return nil, errors.New("invalid RNON tag") - } - pr.Nonce = binary.LittleEndian.Uint64(rnon) - return &pr, nil -} diff --git a/internal/wire/public_reset_test.go b/internal/wire/public_reset_test.go deleted file mode 100644 index 45347df6..00000000 --- a/internal/wire/public_reset_test.go +++ /dev/null @@ -1,96 +0,0 @@ -package wire - -import ( - "bytes" - "io" - - "github.com/lucas-clemente/quic-go/internal/handshake" - "github.com/lucas-clemente/quic-go/internal/protocol" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("public reset", func() { - Context("writing", func() { - It("writes public reset packets", func() { - Expect(WritePublicReset(protocol.ConnectionID{0, 0, 0, 0, 0xde, 0xad, 0xbe, 0xef}, 0x8badf00d, 0xdecafbad)).To(Equal([]byte{ - 0x0a, - 0x0, 0x0, 0x0, 0x0, 0xde, 0xad, 0xbe, 0xef, - 'P', 'R', 'S', 'T', - 0x02, 0x00, 0x00, 0x00, - 'R', 'N', 'O', 'N', - 0x08, 0x00, 0x00, 0x00, - 'R', 'S', 'E', 'Q', - 0x10, 0x00, 0x00, 0x00, - 0xad, 0xfb, 0xca, 0xde, 0x0, 0x0, 0x0, 0x0, - 0x0d, 0xf0, 0xad, 0x8b, 0x0, 0x0, 0x0, 0x0, - })) - }) - }) - - Context("parsing", func() { - var b *bytes.Buffer - - BeforeEach(func() { - b = &bytes.Buffer{} - }) - - It("parses a public reset", func() { - packet := WritePublicReset(protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, 0x8badf00d, 0xdecafbad) - pr, err := ParsePublicReset(bytes.NewReader(packet[9:])) // 1 byte Public Flag, 8 bytes connection ID - Expect(err).ToNot(HaveOccurred()) - Expect(pr.Nonce).To(Equal(uint64(0xdecafbad))) - Expect(pr.RejectedPacketNumber).To(Equal(protocol.PacketNumber(0x8badf00d))) - }) - - It("rejects packets that it can't parse", func() { - _, err := ParsePublicReset(bytes.NewReader([]byte{})) - Expect(err).To(MatchError(io.EOF)) - }) - - It("rejects packets with the wrong tag", func() { - handshake.HandshakeMessage{Tag: handshake.TagREJ, Data: nil}.Write(b) - _, err := ParsePublicReset(bytes.NewReader(b.Bytes())) - Expect(err).To(MatchError("wrong public reset tag")) - }) - - It("rejects packets missing the nonce", func() { - data := map[handshake.Tag][]byte{ - handshake.TagRSEQ: {0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37}, - } - handshake.HandshakeMessage{Tag: handshake.TagPRST, Data: data}.Write(b) - _, err := ParsePublicReset(bytes.NewReader(b.Bytes())) - Expect(err).To(MatchError("RNON missing")) - }) - - It("rejects packets with a wrong length nonce", func() { - data := map[handshake.Tag][]byte{ - handshake.TagRSEQ: {0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37}, - handshake.TagRNON: {0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13}, - } - handshake.HandshakeMessage{Tag: handshake.TagPRST, Data: data}.Write(b) - _, err := ParsePublicReset(bytes.NewReader(b.Bytes())) - Expect(err).To(MatchError("invalid RNON tag")) - }) - - It("accepts packets missing the rejected packet number", func() { - data := map[handshake.Tag][]byte{ - handshake.TagRNON: {0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37}, - } - handshake.HandshakeMessage{Tag: handshake.TagPRST, Data: data}.Write(b) - pr, err := ParsePublicReset(bytes.NewReader(b.Bytes())) - Expect(err).ToNot(HaveOccurred()) - Expect(pr.Nonce).To(Equal(uint64(0x3713fecaefbeadde))) - }) - - It("rejects packets with a wrong length rejected packet number", func() { - data := map[handshake.Tag][]byte{ - handshake.TagRSEQ: {0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13}, - handshake.TagRNON: {0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37}, - } - handshake.HandshakeMessage{Tag: handshake.TagPRST, Data: data}.Write(b) - _, err := ParsePublicReset(bytes.NewReader(b.Bytes())) - Expect(err).To(MatchError("invalid RSEQ tag")) - }) - }) -}) diff --git a/internal/wire/rst_stream_frame.go b/internal/wire/rst_stream_frame.go index 209422c2..da47b9f3 100644 --- a/internal/wire/rst_stream_frame.go +++ b/internal/wire/rst_stream_frame.go @@ -9,9 +9,7 @@ import ( // A RstStreamFrame is a RST_STREAM frame in QUIC type RstStreamFrame struct { - StreamID protocol.StreamID - // The error code is a uint32 in gQUIC, but a uint16 in IETF QUIC. - // protocol.ApplicaitonErrorCode is a uint16, so larger values in gQUIC frames will be truncated. + StreamID protocol.StreamID ErrorCode protocol.ApplicationErrorCode ByteOffset protocol.ByteCount } @@ -25,38 +23,20 @@ func parseRstStreamFrame(r *bytes.Reader, version protocol.VersionNumber) (*RstS var streamID protocol.StreamID var errorCode uint16 var byteOffset protocol.ByteCount - if version.UsesIETFFrameFormat() { - sid, err := utils.ReadVarInt(r) - if err != nil { - return nil, err - } - streamID = protocol.StreamID(sid) - errorCode, err = utils.BigEndian.ReadUint16(r) - if err != nil { - return nil, err - } - bo, err := utils.ReadVarInt(r) - if err != nil { - return nil, err - } - byteOffset = protocol.ByteCount(bo) - } else { - sid, err := utils.BigEndian.ReadUint32(r) - if err != nil { - return nil, err - } - streamID = protocol.StreamID(sid) - bo, err := utils.BigEndian.ReadUint64(r) - if err != nil { - return nil, err - } - byteOffset = protocol.ByteCount(bo) - ec, err := utils.BigEndian.ReadUint32(r) - if err != nil { - return nil, err - } - errorCode = uint16(ec) + sid, err := utils.ReadVarInt(r) + if err != nil { + return nil, err } + streamID = protocol.StreamID(sid) + errorCode, err = utils.BigEndian.ReadUint16(r) + if err != nil { + return nil, err + } + bo, err := utils.ReadVarInt(r) + if err != nil { + return nil, err + } + byteOffset = protocol.ByteCount(bo) return &RstStreamFrame{ StreamID: streamID, @@ -68,22 +48,13 @@ func parseRstStreamFrame(r *bytes.Reader, version protocol.VersionNumber) (*RstS //Write writes a RST_STREAM frame func (f *RstStreamFrame) Write(b *bytes.Buffer, version protocol.VersionNumber) error { b.WriteByte(0x01) - if version.UsesIETFFrameFormat() { - utils.WriteVarInt(b, uint64(f.StreamID)) - utils.BigEndian.WriteUint16(b, uint16(f.ErrorCode)) - utils.WriteVarInt(b, uint64(f.ByteOffset)) - } else { - utils.BigEndian.WriteUint32(b, uint32(f.StreamID)) - utils.BigEndian.WriteUint64(b, uint64(f.ByteOffset)) - utils.BigEndian.WriteUint32(b, uint32(f.ErrorCode)) - } + utils.WriteVarInt(b, uint64(f.StreamID)) + utils.BigEndian.WriteUint16(b, uint16(f.ErrorCode)) + utils.WriteVarInt(b, uint64(f.ByteOffset)) return nil } // Length of a written frame func (f *RstStreamFrame) Length(version protocol.VersionNumber) protocol.ByteCount { - if version.UsesIETFFrameFormat() { - return 1 + utils.VarIntLen(uint64(f.StreamID)) + 2 + utils.VarIntLen(uint64(f.ByteOffset)) - } - return 1 + 4 + 8 + 4 + return 1 + utils.VarIntLen(uint64(f.StreamID)) + 2 + utils.VarIntLen(uint64(f.ByteOffset)) } diff --git a/internal/wire/rst_stream_frame_test.go b/internal/wire/rst_stream_frame_test.go index f39be0f7..68ac074e 100644 --- a/internal/wire/rst_stream_frame_test.go +++ b/internal/wire/rst_stream_frame_test.go @@ -11,118 +11,58 @@ import ( var _ = Describe("RST_STREAM frame", func() { Context("when parsing", func() { - Context("in varint encoding", func() { - It("accepts sample frame", func() { - data := []byte{0x1} - data = append(data, encodeVarInt(0xdeadbeef)...) // stream ID - data = append(data, []byte{0x13, 0x37}...) // error code - data = append(data, encodeVarInt(0x987654321)...) // byte offset - b := bytes.NewReader(data) - frame, err := parseRstStreamFrame(b, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.StreamID).To(Equal(protocol.StreamID(0xdeadbeef))) - Expect(frame.ByteOffset).To(Equal(protocol.ByteCount(0x987654321))) - Expect(frame.ErrorCode).To(Equal(protocol.ApplicationErrorCode(0x1337))) - }) - - It("errors on EOFs", func() { - data := []byte{0x1} - data = append(data, encodeVarInt(0xdeadbeef)...) // stream ID - data = append(data, []byte{0x13, 0x37}...) // error code - data = append(data, encodeVarInt(0x987654321)...) // byte offset - _, err := parseRstStreamFrame(bytes.NewReader(data), versionIETFFrames) - Expect(err).NotTo(HaveOccurred()) - for i := range data { - _, err := parseRstStreamFrame(bytes.NewReader(data[0:i]), versionIETFFrames) - Expect(err).To(HaveOccurred()) - } - }) + It("accepts sample frame", func() { + data := []byte{0x1} + data = append(data, encodeVarInt(0xdeadbeef)...) // stream ID + data = append(data, []byte{0x13, 0x37}...) // error code + data = append(data, encodeVarInt(0x987654321)...) // byte offset + b := bytes.NewReader(data) + frame, err := parseRstStreamFrame(b, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(frame.StreamID).To(Equal(protocol.StreamID(0xdeadbeef))) + Expect(frame.ByteOffset).To(Equal(protocol.ByteCount(0x987654321))) + Expect(frame.ErrorCode).To(Equal(protocol.ApplicationErrorCode(0x1337))) }) - Context("in big endian", func() { - It("accepts sample frame", func() { - b := bytes.NewReader([]byte{0x1, - 0xde, 0xad, 0xbe, 0xef, // stream id - 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, // byte offset - 0x0, 0x0, 0xca, 0xfe, // error code - }) - frame, err := parseRstStreamFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.StreamID).To(Equal(protocol.StreamID(0xdeadbeef))) - Expect(frame.ByteOffset).To(Equal(protocol.ByteCount(0x8877665544332211))) - Expect(frame.ErrorCode).To(Equal(protocol.ApplicationErrorCode(0xcafe))) - }) - - It("errors on EOFs", func() { - data := []byte{0x1, - 0xef, 0xbe, 0xad, 0xde, 0x44, // stream id - 0x33, 0x22, 0x11, 0xad, 0xfb, 0xca, 0xde, 0x34, // byte offset - 0x12, 0x37, 0x13, // error code - } - _, err := parseRstStreamFrame(bytes.NewReader(data), versionBigEndian) - Expect(err).NotTo(HaveOccurred()) - for i := range data { - _, err := parseRstStreamFrame(bytes.NewReader(data[0:i]), versionBigEndian) - Expect(err).To(HaveOccurred()) - } - }) + It("errors on EOFs", func() { + data := []byte{0x1} + data = append(data, encodeVarInt(0xdeadbeef)...) // stream ID + data = append(data, []byte{0x13, 0x37}...) // error code + data = append(data, encodeVarInt(0x987654321)...) // byte offset + _, err := parseRstStreamFrame(bytes.NewReader(data), versionIETFFrames) + Expect(err).NotTo(HaveOccurred()) + for i := range data { + _, err := parseRstStreamFrame(bytes.NewReader(data[0:i]), versionIETFFrames) + Expect(err).To(HaveOccurred()) + } }) }) Context("when writing", func() { - Context("in varint encoding", func() { - It("writes a sample frame", func() { - frame := RstStreamFrame{ - StreamID: 0x1337, - ByteOffset: 0x11223344decafbad, - ErrorCode: 0xcafe, - } - b := &bytes.Buffer{} - err := frame.Write(b, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - expected := []byte{0x1} - expected = append(expected, encodeVarInt(0x1337)...) - expected = append(expected, []byte{0xca, 0xfe}...) - expected = append(expected, encodeVarInt(0x11223344decafbad)...) - Expect(b.Bytes()).To(Equal(expected)) - }) - - It("has the correct min length", func() { - rst := RstStreamFrame{ - StreamID: 0x1337, - ByteOffset: 0x1234567, - ErrorCode: 0xde, - } - expectedLen := 1 + utils.VarIntLen(0x1337) + utils.VarIntLen(0x1234567) + 2 - Expect(rst.Length(versionIETFFrames)).To(Equal(expectedLen)) - }) + It("writes a sample frame", func() { + frame := RstStreamFrame{ + StreamID: 0x1337, + ByteOffset: 0x11223344decafbad, + ErrorCode: 0xcafe, + } + b := &bytes.Buffer{} + err := frame.Write(b, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + expected := []byte{0x1} + expected = append(expected, encodeVarInt(0x1337)...) + expected = append(expected, []byte{0xca, 0xfe}...) + expected = append(expected, encodeVarInt(0x11223344decafbad)...) + Expect(b.Bytes()).To(Equal(expected)) }) - Context("in big endian", func() { - It("writes a sample frame", func() { - frame := RstStreamFrame{ - StreamID: 0x1337, - ByteOffset: 0x11223344decafbad, - ErrorCode: 0xcafe, - } - b := &bytes.Buffer{} - err := frame.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()).To(Equal([]byte{0x01, - 0x0, 0x0, 0x13, 0x37, // stream id - 0x11, 0x22, 0x33, 0x44, 0xde, 0xca, 0xfb, 0xad, // byte offset - 0x0, 0x0, 0xca, 0xfe, // error code - })) - }) - - It("has the correct min length", func() { - rst := RstStreamFrame{ - StreamID: 0x1337, - ByteOffset: 0x1000, - ErrorCode: 0xde, - } - Expect(rst.Length(versionBigEndian)).To(Equal(protocol.ByteCount(17))) - }) + It("has the correct min length", func() { + rst := RstStreamFrame{ + StreamID: 0x1337, + ByteOffset: 0x1234567, + ErrorCode: 0xde, + } + expectedLen := 1 + utils.VarIntLen(0x1337) + utils.VarIntLen(0x1234567) + 2 + Expect(rst.Length(versionIETFFrames)).To(Equal(expectedLen)) }) }) }) diff --git a/internal/wire/stop_waiting_frame.go b/internal/wire/stop_waiting_frame.go deleted file mode 100644 index b87606ad..00000000 --- a/internal/wire/stop_waiting_frame.go +++ /dev/null @@ -1,77 +0,0 @@ -package wire - -import ( - "bytes" - "errors" - - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/utils" -) - -// A StopWaitingFrame in QUIC -type StopWaitingFrame struct { - LeastUnacked protocol.PacketNumber - PacketNumberLen protocol.PacketNumberLen - // PacketNumber is the packet number of the packet that this StopWaitingFrame will be sent with - PacketNumber protocol.PacketNumber -} - -var ( - errLeastUnackedHigherThanPacketNumber = errors.New("StopWaitingFrame: LeastUnacked can't be greater than the packet number") - errPacketNumberNotSet = errors.New("StopWaitingFrame: PacketNumber not set") - errPacketNumberLenNotSet = errors.New("StopWaitingFrame: PacketNumberLen not set") -) - -func (f *StopWaitingFrame) Write(b *bytes.Buffer, v protocol.VersionNumber) error { - if v.UsesIETFFrameFormat() { - return errors.New("STOP_WAITING not defined in IETF QUIC") - } - // make sure the PacketNumber was set - if f.PacketNumber == protocol.PacketNumber(0) { - return errPacketNumberNotSet - } - if f.LeastUnacked > f.PacketNumber { - return errLeastUnackedHigherThanPacketNumber - } - - b.WriteByte(0x06) - leastUnackedDelta := uint64(f.PacketNumber - f.LeastUnacked) - switch f.PacketNumberLen { - case protocol.PacketNumberLen1: - b.WriteByte(uint8(leastUnackedDelta)) - case protocol.PacketNumberLen2: - utils.BigEndian.WriteUint16(b, uint16(leastUnackedDelta)) - case protocol.PacketNumberLen4: - utils.BigEndian.WriteUint32(b, uint32(leastUnackedDelta)) - case protocol.PacketNumberLen6: - utils.BigEndian.WriteUint48(b, leastUnackedDelta&(1<<48-1)) - default: - return errPacketNumberLenNotSet - } - return nil -} - -// Length of a written frame -func (f *StopWaitingFrame) Length(_ protocol.VersionNumber) protocol.ByteCount { - return 1 + protocol.ByteCount(f.PacketNumberLen) -} - -// parseStopWaitingFrame parses a StopWaiting frame -func parseStopWaitingFrame(r *bytes.Reader, packetNumber protocol.PacketNumber, packetNumberLen protocol.PacketNumberLen, _ protocol.VersionNumber) (*StopWaitingFrame, error) { - frame := &StopWaitingFrame{} - - // read the TypeByte - if _, err := r.ReadByte(); err != nil { - return nil, err - } - - leastUnackedDelta, err := utils.BigEndian.ReadUintN(r, uint8(packetNumberLen)) - if err != nil { - return nil, err - } - if leastUnackedDelta > uint64(packetNumber) { - return nil, errors.New("invalid LeastUnackedDelta") - } - frame.LeastUnacked = protocol.PacketNumber(uint64(packetNumber) - leastUnackedDelta) - return frame, nil -} diff --git a/internal/wire/stop_waiting_frame_test.go b/internal/wire/stop_waiting_frame_test.go deleted file mode 100644 index 7452f06d..00000000 --- a/internal/wire/stop_waiting_frame_test.go +++ /dev/null @@ -1,208 +0,0 @@ -package wire - -import ( - "bytes" - - "github.com/lucas-clemente/quic-go/internal/protocol" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("StopWaitingFrame", func() { - Context("when parsing", func() { - Context("in big endian", func() { - It("accepts sample frame", func() { - b := bytes.NewReader([]byte{0x06, 0x12, 0x34}) - frame, err := parseStopWaitingFrame(b, 0x1337, 2, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LeastUnacked).To(Equal(protocol.PacketNumber(0x1337 - 0x1234))) - Expect(b.Len()).To(BeZero()) - }) - }) - - It("rejects frames that would have a negative LeastUnacked value", func() { - b := bytes.NewReader([]byte{0x06, 0xD}) - _, err := parseStopWaitingFrame(b, 10, 1, protocol.VersionWhatever) - Expect(err).To(HaveOccurred()) - Expect(b.Len()).To(BeZero()) - }) - - It("parses a frame with 0 as LeastUnacked", func() { - b := bytes.NewReader([]byte{0x6, 0x8}) - frame, err := parseStopWaitingFrame(b, 8, 1, protocol.VersionWhatever) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.LeastUnacked).To(Equal(protocol.PacketNumber(0))) - Expect(b.Len()).To(BeZero()) - }) - - It("rejects frames that underflow LeastUnacked", func() { - b := bytes.NewReader([]byte{0x6, 0x9}) - _, err := parseStopWaitingFrame(b, 8, 1, protocol.VersionWhatever) - Expect(err).To(MatchError("invalid LeastUnackedDelta")) - }) - - It("errors on EOFs", func() { - data := []byte{0x06, 0x03} - _, err := parseStopWaitingFrame(bytes.NewReader(data), 5, 1, protocol.VersionWhatever) - Expect(err).NotTo(HaveOccurred()) - for i := range data { - _, err := parseStopWaitingFrame(bytes.NewReader(data[0:i]), 5, 1, protocol.VersionWhatever) - Expect(err).To(HaveOccurred()) - } - }) - }) - - Context("when writing", func() { - It("writes a sample frame", func() { - b := &bytes.Buffer{} - frame := &StopWaitingFrame{ - LeastUnacked: 10, - PacketNumber: 13, - PacketNumberLen: protocol.PacketNumberLen6, - } - err := frame.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0]).To(Equal(uint8(0x06))) - Expect(b.Bytes()[1:7]).To(Equal([]byte{0, 0, 0, 0, 0, 3})) - }) - - It("writes a frame for LeastUnacked = 0", func() { - b := &bytes.Buffer{} - frame := &StopWaitingFrame{ - LeastUnacked: 0, - PacketNumber: 8, - PacketNumberLen: protocol.PacketNumberLen1, - } - err := frame.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()).To(Equal([]byte{0x6, 0x8})) - }) - - It("errors when PacketNumber was not set", func() { - b := &bytes.Buffer{} - frame := &StopWaitingFrame{ - LeastUnacked: 10, - PacketNumberLen: protocol.PacketNumberLen1, - } - err := frame.Write(b, versionBigEndian) - Expect(err).To(MatchError(errPacketNumberNotSet)) - }) - - It("errors when PacketNumberLen was not set", func() { - b := &bytes.Buffer{} - frame := &StopWaitingFrame{ - LeastUnacked: 10, - PacketNumber: 13, - } - err := frame.Write(b, versionBigEndian) - Expect(err).To(MatchError(errPacketNumberLenNotSet)) - }) - - It("errors when the LeastUnackedDelta would be negative", func() { - b := &bytes.Buffer{} - frame := &StopWaitingFrame{ - LeastUnacked: 10, - PacketNumber: 5, - PacketNumberLen: protocol.PacketNumberLen1, - } - err := frame.Write(b, versionBigEndian) - Expect(err).To(MatchError(errLeastUnackedHigherThanPacketNumber)) - }) - - It("refuses to write for IETF QUIC", func() { - b := &bytes.Buffer{} - frame := &StopWaitingFrame{ - LeastUnacked: 10, - PacketNumber: 13, - PacketNumberLen: protocol.PacketNumberLen6, - } - err := frame.Write(b, versionIETFFrames) - Expect(err).To(MatchError("STOP_WAITING not defined in IETF QUIC")) - }) - - Context("LeastUnackedDelta length", func() { - Context("in big endian", func() { - It("writes a 1-byte LeastUnackedDelta", func() { - b := &bytes.Buffer{} - frame := &StopWaitingFrame{ - LeastUnacked: 10, - PacketNumber: 13, - PacketNumberLen: protocol.PacketNumberLen1, - } - err := frame.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Len()).To(Equal(2)) - Expect(b.Bytes()[1]).To(Equal(uint8(3))) - }) - - It("writes a 2-byte LeastUnackedDelta", func() { - b := &bytes.Buffer{} - frame := &StopWaitingFrame{ - LeastUnacked: 0x10, - PacketNumber: 0x1300, - PacketNumberLen: protocol.PacketNumberLen2, - } - err := frame.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Len()).To(Equal(3)) - Expect(b.Bytes()[1:3]).To(Equal([]byte{0x12, 0xf0})) - }) - - It("writes a 4-byte LeastUnackedDelta", func() { - b := &bytes.Buffer{} - frame := &StopWaitingFrame{ - LeastUnacked: 0x1000, - PacketNumber: 0x12345678, - PacketNumberLen: protocol.PacketNumberLen4, - } - err := frame.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Len()).To(Equal(5)) - Expect(b.Bytes()[1:5]).To(Equal([]byte{0x12, 0x34, 0x46, 0x78})) - }) - - It("writes a 6-byte LeastUnackedDelta, for a delta that fits into 6 bytes", func() { - b := &bytes.Buffer{} - frame := &StopWaitingFrame{ - LeastUnacked: 0x10, - PacketNumber: 0x123456789abc, - PacketNumberLen: protocol.PacketNumberLen6, - } - err := frame.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Len()).To(Equal(7)) - Expect(b.Bytes()[1:7]).To(Equal([]byte{0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc - 0x10})) - }) - }) - }) - }) - - Context("Length", func() { - It("calculates the right length", func() { - for _, length := range []protocol.PacketNumberLen{protocol.PacketNumberLen1, protocol.PacketNumberLen2, protocol.PacketNumberLen4, protocol.PacketNumberLen6} { - frame := &StopWaitingFrame{ - LeastUnacked: 10, - PacketNumberLen: length, - } - Expect(frame.Length(protocol.VersionWhatever)).To(Equal(protocol.ByteCount(length + 1))) - } - }) - }) - - Context("self consistency", func() { - It("reads a STOP_WAITING frame that it wrote", func() { - packetNumber := protocol.PacketNumber(13) - frame := &StopWaitingFrame{ - LeastUnacked: 10, - PacketNumber: packetNumber, - PacketNumberLen: protocol.PacketNumberLen4, - } - b := &bytes.Buffer{} - err := frame.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - readframe, err := parseStopWaitingFrame(bytes.NewReader(b.Bytes()), packetNumber, protocol.PacketNumberLen4, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(readframe.LeastUnacked).To(Equal(frame.LeastUnacked)) - }) - }) -}) diff --git a/internal/wire/stream_blocked_frame.go b/internal/wire/stream_blocked_frame.go index a083a9f5..cb92a13f 100644 --- a/internal/wire/stream_blocked_frame.go +++ b/internal/wire/stream_blocked_frame.go @@ -34,9 +34,6 @@ func parseStreamBlockedFrame(r *bytes.Reader, _ protocol.VersionNumber) (*Stream // Write writes a STREAM_BLOCKED frame func (f *StreamBlockedFrame) Write(b *bytes.Buffer, version protocol.VersionNumber) error { - if !version.UsesIETFFrameFormat() { - return (&blockedFrameLegacy{StreamID: f.StreamID}).Write(b, version) - } b.WriteByte(0x09) utils.WriteVarInt(b, uint64(f.StreamID)) utils.WriteVarInt(b, uint64(f.Offset)) @@ -45,8 +42,5 @@ func (f *StreamBlockedFrame) Write(b *bytes.Buffer, version protocol.VersionNumb // Length of a written frame func (f *StreamBlockedFrame) Length(version protocol.VersionNumber) protocol.ByteCount { - if !version.UsesIETFFrameFormat() { - return 1 + 4 - } return 1 + utils.VarIntLen(uint64(f.StreamID)) + utils.VarIntLen(uint64(f.Offset)) } diff --git a/internal/wire/stream_frame.go b/internal/wire/stream_frame.go index 192319e6..2321db08 100644 --- a/internal/wire/stream_frame.go +++ b/internal/wire/stream_frame.go @@ -21,10 +21,6 @@ type StreamFrame struct { // parseStreamFrame reads a STREAM frame func parseStreamFrame(r *bytes.Reader, version protocol.VersionNumber) (*StreamFrame, error) { - if !version.UsesIETFFrameFormat() { - return parseLegacyStreamFrame(r, version) - } - frame := &StreamFrame{} typeByte, err := r.ReadByte() @@ -81,10 +77,6 @@ func parseStreamFrame(r *bytes.Reader, version protocol.VersionNumber) (*StreamF // Write writes a STREAM frame func (f *StreamFrame) Write(b *bytes.Buffer, version protocol.VersionNumber) error { - if !version.UsesIETFFrameFormat() { - return f.writeLegacy(b, version) - } - if len(f.Data) == 0 && !f.FinBit { return errors.New("StreamFrame: attempting to write empty frame without FIN") } @@ -114,9 +106,6 @@ func (f *StreamFrame) Write(b *bytes.Buffer, version protocol.VersionNumber) err // Length returns the total length of the STREAM frame func (f *StreamFrame) Length(version protocol.VersionNumber) protocol.ByteCount { - if !version.UsesIETFFrameFormat() { - return f.lengthLegacy(version) - } length := 1 + utils.VarIntLen(uint64(f.StreamID)) if f.Offset != 0 { length += utils.VarIntLen(uint64(f.Offset)) @@ -127,13 +116,14 @@ func (f *StreamFrame) Length(version protocol.VersionNumber) protocol.ByteCount return length + f.DataLen() } +// DataLen gives the length of data in bytes +func (f *StreamFrame) DataLen() protocol.ByteCount { + return protocol.ByteCount(len(f.Data)) +} + // MaxDataLen returns the maximum data length // If 0 is returned, writing will fail (a STREAM frame must contain at least 1 byte of data). func (f *StreamFrame) MaxDataLen(maxSize protocol.ByteCount, version protocol.VersionNumber) protocol.ByteCount { - if !version.UsesIETFFrameFormat() { - return f.maxDataLenLegacy(maxSize, version) - } - headerLen := 1 + utils.VarIntLen(uint64(f.StreamID)) if f.Offset != 0 { headerLen += utils.VarIntLen(uint64(f.Offset)) diff --git a/internal/wire/stream_frame_legacy.go b/internal/wire/stream_frame_legacy.go deleted file mode 100644 index a2b159dc..00000000 --- a/internal/wire/stream_frame_legacy.go +++ /dev/null @@ -1,209 +0,0 @@ -package wire - -import ( - "bytes" - "errors" - "io" - - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/utils" - "github.com/lucas-clemente/quic-go/qerr" -) - -var ( - errInvalidStreamIDLen = errors.New("StreamFrame: Invalid StreamID length") - errInvalidOffsetLen = errors.New("StreamFrame: Invalid offset length") -) - -// parseLegacyStreamFrame reads a stream frame. The type byte must not have been read yet. -func parseLegacyStreamFrame(r *bytes.Reader, _ protocol.VersionNumber) (*StreamFrame, error) { - frame := &StreamFrame{} - - typeByte, err := r.ReadByte() - if err != nil { - return nil, err - } - - frame.FinBit = typeByte&0x40 > 0 - frame.DataLenPresent = typeByte&0x20 > 0 - offsetLen := typeByte & 0x1c >> 2 - if offsetLen != 0 { - offsetLen++ - } - streamIDLen := typeByte&0x3 + 1 - - sid, err := utils.BigEndian.ReadUintN(r, streamIDLen) - if err != nil { - return nil, err - } - frame.StreamID = protocol.StreamID(sid) - - offset, err := utils.BigEndian.ReadUintN(r, offsetLen) - if err != nil { - return nil, err - } - frame.Offset = protocol.ByteCount(offset) - - var dataLen uint16 - if frame.DataLenPresent { - dataLen, err = utils.BigEndian.ReadUint16(r) - if err != nil { - return nil, err - } - } - - // shortcut to prevent the unnecessary allocation of dataLen bytes - // if the dataLen is larger than the remaining length of the packet - // reading the packet contents would result in EOF when attempting to READ - if int(dataLen) > r.Len() { - return nil, io.EOF - } - - if !frame.DataLenPresent { - // The rest of the packet is data - dataLen = uint16(r.Len()) - } - if dataLen != 0 { - frame.Data = make([]byte, dataLen) - if _, err := io.ReadFull(r, frame.Data); err != nil { - // this should never happen, since we already checked the dataLen earlier - return nil, err - } - } - - // MaxByteCount is the highest value that can be encoded with the IETF QUIC variable integer encoding (2^62-1). - // Note that this value is smaller than the maximum value that could be encoded in the gQUIC STREAM frame (2^64-1). - if frame.Offset+frame.DataLen() > protocol.MaxByteCount { - return nil, qerr.Error(qerr.InvalidStreamData, "data overflows maximum offset") - } - if !frame.FinBit && frame.DataLen() == 0 { - return nil, qerr.EmptyStreamFrameNoFin - } - return frame, nil -} - -// writeLegacy writes a stream frame. -func (f *StreamFrame) writeLegacy(b *bytes.Buffer, _ protocol.VersionNumber) error { - if len(f.Data) == 0 && !f.FinBit { - return errors.New("StreamFrame: attempting to write empty frame without FIN") - } - - typeByte := uint8(0x80) // sets the leftmost bit to 1 - if f.FinBit { - typeByte ^= 0x40 - } - if f.DataLenPresent { - typeByte ^= 0x20 - } - - offsetLength := f.getOffsetLength() - if offsetLength > 0 { - typeByte ^= (uint8(offsetLength) - 1) << 2 - } - - streamIDLen := f.calculateStreamIDLength() - typeByte ^= streamIDLen - 1 - - b.WriteByte(typeByte) - - switch streamIDLen { - case 1: - b.WriteByte(uint8(f.StreamID)) - case 2: - utils.BigEndian.WriteUint16(b, uint16(f.StreamID)) - case 3: - utils.BigEndian.WriteUint24(b, uint32(f.StreamID)) - case 4: - utils.BigEndian.WriteUint32(b, uint32(f.StreamID)) - default: - return errInvalidStreamIDLen - } - - switch offsetLength { - case 0: - case 2: - utils.BigEndian.WriteUint16(b, uint16(f.Offset)) - case 3: - utils.BigEndian.WriteUint24(b, uint32(f.Offset)) - case 4: - utils.BigEndian.WriteUint32(b, uint32(f.Offset)) - case 5: - utils.BigEndian.WriteUint40(b, uint64(f.Offset)) - case 6: - utils.BigEndian.WriteUint48(b, uint64(f.Offset)) - case 7: - utils.BigEndian.WriteUint56(b, uint64(f.Offset)) - case 8: - utils.BigEndian.WriteUint64(b, uint64(f.Offset)) - default: - return errInvalidOffsetLen - } - - if f.DataLenPresent { - utils.BigEndian.WriteUint16(b, uint16(len(f.Data))) - } - - b.Write(f.Data) - return nil -} - -func (f *StreamFrame) calculateStreamIDLength() uint8 { - if f.StreamID < (1 << 8) { - return 1 - } else if f.StreamID < (1 << 16) { - return 2 - } else if f.StreamID < (1 << 24) { - return 3 - } - return 4 -} - -func (f *StreamFrame) getOffsetLength() protocol.ByteCount { - if f.Offset == 0 { - return 0 - } - if f.Offset < (1 << 16) { - return 2 - } - if f.Offset < (1 << 24) { - return 3 - } - if f.Offset < (1 << 32) { - return 4 - } - if f.Offset < (1 << 40) { - return 5 - } - if f.Offset < (1 << 48) { - return 6 - } - if f.Offset < (1 << 56) { - return 7 - } - return 8 -} - -func (f *StreamFrame) headerLengthLegacy(_ protocol.VersionNumber) protocol.ByteCount { - length := protocol.ByteCount(1) + protocol.ByteCount(f.calculateStreamIDLength()) + f.getOffsetLength() - if f.DataLenPresent { - length += 2 - } - return length -} - -func (f *StreamFrame) lengthLegacy(version protocol.VersionNumber) protocol.ByteCount { - return f.headerLengthLegacy(version) + f.DataLen() -} - -func (f *StreamFrame) maxDataLenLegacy(maxFrameSize protocol.ByteCount, version protocol.VersionNumber) protocol.ByteCount { - headerLen := f.headerLengthLegacy(version) - if headerLen > maxFrameSize { - return 0 - } - return maxFrameSize - headerLen -} - -// DataLen gives the length of data in bytes -func (f *StreamFrame) DataLen() protocol.ByteCount { - return protocol.ByteCount(len(f.Data)) -} diff --git a/internal/wire/stream_frame_legacy_test.go b/internal/wire/stream_frame_legacy_test.go deleted file mode 100644 index 7927e92a..00000000 --- a/internal/wire/stream_frame_legacy_test.go +++ /dev/null @@ -1,515 +0,0 @@ -package wire - -import ( - "bytes" - "io" - - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/qerr" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("STREAM frame (for gQUIC)", func() { - Context("when parsing", func() { - It("accepts a sample frame", func() { - // a STREAM frame, plus 3 additional bytes, not belonging to this frame - b := bytes.NewReader([]byte{0x80 ^ 0x20, - 0x1, // stream id - 0x0, 0x6, // data length - 'f', 'o', 'o', 'b', 'a', 'r', - 'f', 'o', 'o', // additional bytes - }) - frame, err := parseStreamFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.FinBit).To(BeFalse()) - Expect(frame.StreamID).To(Equal(protocol.StreamID(1))) - Expect(frame.Offset).To(BeZero()) - Expect(frame.DataLenPresent).To(BeTrue()) - Expect(frame.Data).To(Equal([]byte("foobar"))) - Expect(b.Len()).To(Equal(3)) - }) - - It("accepts frames with offsets", func() { - b := bytes.NewReader([]byte{0x80 ^ 0x20 /* 2 byte offset */ ^ 0x4, - 0x1, // stream id - 0x0, 0x42, // offset - 0x0, 0x6, // data length - 'f', 'o', 'o', 'b', 'a', 'r', - }) - frame, err := parseStreamFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.FinBit).To(BeFalse()) - Expect(frame.StreamID).To(Equal(protocol.StreamID(1))) - Expect(frame.Offset).To(Equal(protocol.ByteCount(0x42))) - Expect(frame.DataLenPresent).To(BeTrue()) - Expect(frame.Data).To(Equal([]byte("foobar"))) - Expect(b.Len()).To(BeZero()) - }) - - It("errors on EOFs", func() { - data := []byte{0x80 ^ 0x20 ^ 0x4, - 0x1, // stream id - 0x0, 0x2a, // offset - 0x0, 0x6, // data length, - 'f', 'o', 'o', 'b', 'a', 'r', - } - _, err := parseStreamFrame(bytes.NewReader(data), versionBigEndian) - Expect(err).NotTo(HaveOccurred()) - for i := range data { - _, err := parseStreamFrame(bytes.NewReader(data[0:i]), versionBigEndian) - Expect(err).To(HaveOccurred()) - } - }) - - It("accepts frame without data length", func() { - b := bytes.NewReader([]byte{0x80, - 0x1, // stream id - 'f', 'o', 'o', 'b', 'a', 'r', - }) - frame, err := parseStreamFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.FinBit).To(BeFalse()) - Expect(frame.StreamID).To(Equal(protocol.StreamID(1))) - Expect(frame.Offset).To(BeZero()) - Expect(frame.DataLenPresent).To(BeFalse()) - Expect(frame.Data).To(Equal([]byte("foobar"))) - Expect(b.Len()).To(BeZero()) - }) - - It("accepts an empty frame with FinBit set, with data length set", func() { - // the STREAM frame, plus 3 additional bytes, not belonging to this frame - b := bytes.NewReader([]byte{0x80 ^ 0x40 ^ 0x20, - 0x1, // stream id - 0, 0, // data length - 'f', 'o', 'o', // additional bytes - }) - frame, err := parseStreamFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.FinBit).To(BeTrue()) - Expect(frame.DataLenPresent).To(BeTrue()) - Expect(frame.Data).To(BeEmpty()) - Expect(b.Len()).To(Equal(3)) - }) - - It("accepts an empty frame with the FinBit set", func() { - b := bytes.NewReader([]byte{0x80 ^ 0x40, - 0x1, // stream id - 'f', 'o', 'o', 'b', 'a', 'r', - }) - frame, err := parseStreamFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.FinBit).To(BeTrue()) - Expect(frame.DataLenPresent).To(BeFalse()) - Expect(frame.Data).To(Equal([]byte("foobar"))) - Expect(b.Len()).To(BeZero()) - }) - - It("errors on empty stream frames that don't have the FinBit set", func() { - b := bytes.NewReader([]byte{0x80 ^ 0x20, - 0x1, // stream id - 0, 0, // data length - }) - _, err := parseStreamFrame(b, versionBigEndian) - Expect(err).To(MatchError(qerr.EmptyStreamFrameNoFin)) - }) - - It("rejects frames to too large dataLen", func() { - b := bytes.NewReader([]byte{0xa0, 0x1, 0xff, 0xff}) - _, err := parseStreamFrame(b, versionBigEndian) - Expect(err).To(MatchError(io.EOF)) - }) - - It("rejects frames that overflow the offset", func() { - // Offset + len(Data) overflows MaxByteCount - f := &StreamFrame{ - StreamID: 1, - Offset: protocol.MaxByteCount, - Data: []byte{'f'}, - } - b := &bytes.Buffer{} - err := f.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - _, err = parseStreamFrame(bytes.NewReader(b.Bytes()), versionBigEndian) - Expect(err).To(MatchError(qerr.Error(qerr.InvalidStreamData, "data overflows maximum offset"))) - }) - }) - - Context("when writing", func() { - Context("in big endian", func() { - It("writes sample frame", func() { - b := &bytes.Buffer{} - err := (&StreamFrame{ - StreamID: 1, - Data: []byte("foobar"), - DataLenPresent: true, - }).Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()).To(Equal([]byte{0x80 ^ 0x20, - 0x1, // stream id - 0x0, 0x6, // data length - 'f', 'o', 'o', 'b', 'a', 'r', - })) - }) - }) - - It("sets the FinBit", func() { - b := &bytes.Buffer{} - err := (&StreamFrame{ - StreamID: 1, - Data: []byte("foobar"), - FinBit: true, - }).Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x40).To(Equal(byte(0x40))) - }) - - It("errors when length is zero and FIN is not set", func() { - b := &bytes.Buffer{} - err := (&StreamFrame{ - StreamID: 1, - }).Write(b, versionBigEndian) - Expect(err).To(MatchError("StreamFrame: attempting to write empty frame without FIN")) - }) - - It("has proper min length for a short StreamID and a short offset", func() { - b := &bytes.Buffer{} - f := &StreamFrame{ - StreamID: 1, - Data: []byte{}, - Offset: 0, - FinBit: true, - } - err := f.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(f.Length(0)).To(Equal(protocol.ByteCount(b.Len()))) - }) - - It("has proper min length for a long StreamID and a big offset", func() { - b := &bytes.Buffer{} - f := &StreamFrame{ - StreamID: 0xdecafbad, - Data: []byte{}, - Offset: 0xdeadbeefcafe, - FinBit: true, - } - err := f.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(f.Length(versionBigEndian)).To(Equal(protocol.ByteCount(b.Len()))) - }) - - Context("data length field", func() { - It("writes the data length", func() { - dataLen := 0x1337 - b := &bytes.Buffer{} - f := &StreamFrame{ - StreamID: 1, - Data: bytes.Repeat([]byte{'f'}, dataLen), - DataLenPresent: true, - Offset: 0, - } - err := f.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x20).To(Equal(uint8(0x20))) - frame, err := parseStreamFrame(bytes.NewReader(b.Bytes()), versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(frame.DataLenPresent).To(BeTrue()) - Expect(frame.DataLen()).To(Equal(protocol.ByteCount(dataLen))) - }) - }) - - It("omits the data length field", func() { - dataLen := 0x1337 - b := &bytes.Buffer{} - f := &StreamFrame{ - StreamID: 1, - Data: bytes.Repeat([]byte{'f'}, dataLen), - DataLenPresent: false, - Offset: 0, - } - err := f.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x20).To(Equal(uint8(0))) - Expect(b.Bytes()[1 : b.Len()-dataLen]).ToNot(ContainSubstring(string([]byte{0x37, 0x13}))) - length := f.Length(versionBigEndian) - f.DataLenPresent = true - lengthWithoutDataLen := f.Length(versionBigEndian) - Expect(length).To(Equal(lengthWithoutDataLen - 2)) - }) - - It("calculates the correct min-length", func() { - f := &StreamFrame{ - StreamID: 0xcafe, - Data: []byte("foobar"), - DataLenPresent: false, - Offset: 0xdeadbeef, - } - lengthWithoutDataLen := f.Length(versionBigEndian) - f.DataLenPresent = true - Expect(f.Length(versionBigEndian)).To(Equal(lengthWithoutDataLen + 2)) - }) - - Context("offset lengths", func() { - It("does not write an offset if the offset is 0", func() { - b := &bytes.Buffer{} - err := (&StreamFrame{ - StreamID: 1, - Data: []byte("foobar"), - Offset: 0, - }).Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x1c).To(Equal(uint8(0x0))) - }) - - It("writes a 2-byte offset if the offset is larger than 0", func() { - b := &bytes.Buffer{} - err := (&StreamFrame{ - StreamID: 1, - Data: []byte("foobar"), - Offset: 0x1337, - }).Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x1c).To(Equal(uint8(0x1 << 2))) - Expect(b.Bytes()[2:4]).To(Equal([]byte{0x13, 0x37})) - }) - - It("writes a 3-byte offset if the offset", func() { - b := &bytes.Buffer{} - (&StreamFrame{ - StreamID: 1, - Data: []byte("foobar"), - Offset: 0x13cafe, - }).Write(b, versionBigEndian) - Expect(b.Bytes()[0] & 0x1c).To(Equal(uint8(0x2 << 2))) - Expect(b.Bytes()[2:5]).To(Equal([]byte{0x13, 0xca, 0xfe})) - }) - - It("writes a 4-byte offset if the offset", func() { - b := &bytes.Buffer{} - err := (&StreamFrame{ - StreamID: 1, - Data: []byte("foobar"), - Offset: 0xdeadbeef, - }).Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x1c).To(Equal(uint8(0x3 << 2))) - Expect(b.Bytes()[2:6]).To(Equal([]byte{0xde, 0xad, 0xbe, 0xef})) - }) - - It("writes a 5-byte offset if the offset", func() { - b := &bytes.Buffer{} - err := (&StreamFrame{ - StreamID: 1, - Data: []byte("foobar"), - Offset: 0x13deadbeef, - }).Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x1c).To(Equal(uint8(0x4 << 2))) - Expect(b.Bytes()[2:7]).To(Equal([]byte{0x13, 0xde, 0xad, 0xbe, 0xef})) - }) - - It("writes a 6-byte offset if the offset", func() { - b := &bytes.Buffer{} - err := (&StreamFrame{ - StreamID: 1, - Data: []byte("foobar"), - Offset: 0xdeadbeefcafe, - }).Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x1c).To(Equal(uint8(0x5 << 2))) - Expect(b.Bytes()[2:8]).To(Equal([]byte{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe})) - }) - - It("writes a 7-byte offset if the offset", func() { - b := &bytes.Buffer{} - err := (&StreamFrame{ - StreamID: 1, - Data: []byte("foobar"), - Offset: 0x13deadbeefcafe, - }).Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x1c).To(Equal(uint8(0x6 << 2))) - Expect(b.Bytes()[2:9]).To(Equal([]byte{0x13, 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe})) - }) - - It("writes a 8-byte offset if the offset", func() { - b := &bytes.Buffer{} - err := (&StreamFrame{ - StreamID: 1, - Data: []byte("foobar"), - Offset: 0x1337deadbeefcafe, - }).Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x1c).To(Equal(uint8(0x7 << 2))) - Expect(b.Bytes()[2:10]).To(Equal([]byte{0x13, 0x37, 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe})) - }) - }) - - Context("lengths of StreamIDs", func() { - It("writes a 1 byte StreamID", func() { - b := &bytes.Buffer{} - err := (&StreamFrame{ - StreamID: 13, - Data: []byte("foobar"), - }).Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x3).To(Equal(uint8(0x0))) - Expect(b.Bytes()[1]).To(Equal(uint8(13))) - }) - - It("writes a 2 byte StreamID", func() { - b := &bytes.Buffer{} - err := (&StreamFrame{ - StreamID: 0xcafe, - Data: []byte("foobar"), - }).Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x3).To(Equal(uint8(0x1))) - Expect(b.Bytes()[1:3]).To(Equal([]byte{0xca, 0xfe})) - }) - - It("writes a 3 byte StreamID", func() { - b := &bytes.Buffer{} - err := (&StreamFrame{ - StreamID: 0x13beef, - Data: []byte("foobar"), - }).Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x3).To(Equal(uint8(0x2))) - Expect(b.Bytes()[1:4]).To(Equal([]byte{0x13, 0xbe, 0xef})) - }) - - It("writes a 4 byte StreamID", func() { - b := &bytes.Buffer{} - err := (&StreamFrame{ - StreamID: 0xdecafbad, - Data: []byte("foobar"), - }).Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x3).To(Equal(uint8(0x3))) - Expect(b.Bytes()[1:5]).To(Equal([]byte{0xde, 0xca, 0xfb, 0xad})) - }) - - It("writes a multiple byte StreamID, after the Stream length was already determined by MinLenght()", func() { - b := &bytes.Buffer{} - frame := &StreamFrame{ - StreamID: 0xdecafbad, - Data: []byte("foobar"), - } - err := frame.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()[0] & 0x3).To(Equal(uint8(0x3))) - Expect(b.Bytes()[1:5]).To(Equal([]byte{0xde, 0xca, 0xfb, 0xad})) - }) - }) - }) - - Context("shortening of StreamIDs", func() { - It("determines the length of a 1 byte StreamID", func() { - f := &StreamFrame{StreamID: 0xFF} - Expect(f.calculateStreamIDLength()).To(Equal(uint8(1))) - }) - - It("determines the length of a 2 byte StreamID", func() { - f := &StreamFrame{StreamID: 0xFFFF} - Expect(f.calculateStreamIDLength()).To(Equal(uint8(2))) - }) - - It("determines the length of a 3 byte StreamID", func() { - f := &StreamFrame{StreamID: 0xFFFFFF} - Expect(f.calculateStreamIDLength()).To(Equal(uint8(3))) - }) - - It("determines the length of a 4 byte StreamID", func() { - f := &StreamFrame{StreamID: 0xFFFFFFFF} - Expect(f.calculateStreamIDLength()).To(Equal(uint8(4))) - }) - }) - - Context("shortening of Offsets", func() { - It("determines length 0 of offset 0", func() { - f := &StreamFrame{Offset: 0} - Expect(f.getOffsetLength()).To(Equal(protocol.ByteCount(0))) - }) - - It("determines the length of a 2 byte offset", func() { - f := &StreamFrame{Offset: 0xFFFF} - Expect(f.getOffsetLength()).To(Equal(protocol.ByteCount(2))) - }) - - It("determines the length of a 2 byte offset, even if it would fit into 1 byte", func() { - f := &StreamFrame{Offset: 0x1} - Expect(f.getOffsetLength()).To(Equal(protocol.ByteCount(2))) - }) - - It("determines the length of a 3 byte offset", func() { - f := &StreamFrame{Offset: 0xFFFFFF} - Expect(f.getOffsetLength()).To(Equal(protocol.ByteCount(3))) - }) - - It("determines the length of a 4 byte offset", func() { - f := &StreamFrame{Offset: 0xFFFFFFFF} - Expect(f.getOffsetLength()).To(Equal(protocol.ByteCount(4))) - }) - - It("determines the length of a 5 byte offset", func() { - f := &StreamFrame{Offset: 0xFFFFFFFFFF} - Expect(f.getOffsetLength()).To(Equal(protocol.ByteCount(5))) - }) - - It("determines the length of a 6 byte offset", func() { - f := &StreamFrame{Offset: 0xFFFFFFFFFFFF} - Expect(f.getOffsetLength()).To(Equal(protocol.ByteCount(6))) - }) - - It("determines the length of a 7 byte offset", func() { - f := &StreamFrame{Offset: 0xFFFFFFFFFFFFFF} - Expect(f.getOffsetLength()).To(Equal(protocol.ByteCount(7))) - }) - - It("determines the length of an 8 byte offset", func() { - f := &StreamFrame{Offset: 0xFFFFFFFFFFFFFFFF} - Expect(f.getOffsetLength()).To(Equal(protocol.ByteCount(8))) - }) - }) - - Context("DataLen", func() { - It("determines the length of the data", func() { - frame := StreamFrame{ - Data: []byte("foobar"), - } - Expect(frame.DataLen()).To(Equal(protocol.ByteCount(6))) - }) - }) - - Context("max data length", func() { - It("always returns a data length such that the resulting frame has the right size", func() { - const maxSize = 3000 - - data := make([]byte, maxSize) - f := &StreamFrame{ - StreamID: 0x1337, - Offset: 0xdeadbeef, - DataLenPresent: true, - } - b := &bytes.Buffer{} - for i := 1; i < 3000; i++ { - b.Reset() - f.Data = nil - maxDataLen := f.MaxDataLen(protocol.ByteCount(i), versionBigEndian) - if maxDataLen == 0 { // 0 means that no valid STREAM frame can be written - // check that writing a minimal size STREAM frame (i.e. with 1 byte data) is actually larger than the desired size - f.Data = []byte{0} - err := f.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Len()).To(BeNumerically(">", i)) - continue - } - f.Data = data[:int(maxDataLen)] - err := f.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Len()).To(Equal(i)) - } - }) - }) -}) diff --git a/internal/wire/stream_frame_test.go b/internal/wire/stream_frame_test.go index e8d4c3ed..7fcf591c 100644 --- a/internal/wire/stream_frame_test.go +++ b/internal/wire/stream_frame_test.go @@ -10,7 +10,7 @@ import ( . "github.com/onsi/gomega" ) -var _ = Describe("STREAM frame (for IETF QUIC)", func() { +var _ = Describe("STREAM frame", func() { Context("when parsing", func() { It("parses a frame with OFF bit", func() { data := []byte{0x10 ^ 0x4} @@ -281,87 +281,83 @@ var _ = Describe("STREAM frame (for IETF QUIC)", func() { }) Context("splitting", func() { - for _, v := range []protocol.VersionNumber{versionBigEndian, versionIETFFrames} { - version := v + It("doesn't split if the frame is short enough", func() { + f := &StreamFrame{ + StreamID: 0x1337, + DataLenPresent: true, + Offset: 0xdeadbeef, + Data: make([]byte, 100), + } + newFrame, err := f.MaybeSplitOffFrame(f.Length(versionIETFFrames), versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(newFrame).To(BeNil()) + newFrame, err = f.MaybeSplitOffFrame(f.Length(versionIETFFrames)-1, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(newFrame).ToNot(BeNil()) + }) - It("doesn't split if the frame is short enough", func() { - f := &StreamFrame{ - StreamID: 0x1337, - DataLenPresent: true, - Offset: 0xdeadbeef, - Data: make([]byte, 100), - } - newFrame, err := f.MaybeSplitOffFrame(f.Length(version), version) - Expect(err).ToNot(HaveOccurred()) - Expect(newFrame).To(BeNil()) - newFrame, err = f.MaybeSplitOffFrame(f.Length(version)-1, version) - Expect(err).ToNot(HaveOccurred()) - Expect(newFrame).ToNot(BeNil()) - }) + It("keeps the data len", func() { + f := &StreamFrame{ + StreamID: 0x1337, + DataLenPresent: true, + Data: make([]byte, 100), + } + newFrame, err := f.MaybeSplitOffFrame(66, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(newFrame).ToNot(BeNil()) + Expect(f.DataLenPresent).To(BeTrue()) + Expect(newFrame.DataLenPresent).To(BeTrue()) + }) - It("keeps the data len", func() { - f := &StreamFrame{ - StreamID: 0x1337, - DataLenPresent: true, - Data: make([]byte, 100), - } - newFrame, err := f.MaybeSplitOffFrame(66, version) - Expect(err).ToNot(HaveOccurred()) - Expect(newFrame).ToNot(BeNil()) - Expect(f.DataLenPresent).To(BeTrue()) - Expect(newFrame.DataLenPresent).To(BeTrue()) - }) + It("adjusts the offset", func() { + f := &StreamFrame{ + StreamID: 0x1337, + Offset: 0x100, + Data: []byte("foobar"), + } + newFrame, err := f.MaybeSplitOffFrame(f.Length(versionIETFFrames)-3, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(newFrame).ToNot(BeNil()) + Expect(newFrame.Offset).To(Equal(protocol.ByteCount(0x100))) + Expect(newFrame.Data).To(Equal([]byte("foo"))) + Expect(f.Offset).To(Equal(protocol.ByteCount(0x100 + 3))) + Expect(f.Data).To(Equal([]byte("bar"))) + }) - It("adjusts the offset", func() { - f := &StreamFrame{ - StreamID: 0x1337, - Offset: 0x100, - Data: []byte("foobar"), - } - newFrame, err := f.MaybeSplitOffFrame(f.Length(version)-3, version) - Expect(err).ToNot(HaveOccurred()) - Expect(newFrame).ToNot(BeNil()) - Expect(newFrame.Offset).To(Equal(protocol.ByteCount(0x100))) - Expect(newFrame.Data).To(Equal([]byte("foo"))) - Expect(f.Offset).To(Equal(protocol.ByteCount(0x100 + 3))) - Expect(f.Data).To(Equal([]byte("bar"))) - }) + It("preserves the FIN bit", func() { + f := &StreamFrame{ + StreamID: 0x1337, + FinBit: true, + Offset: 0xdeadbeef, + Data: make([]byte, 100), + } + newFrame, err := f.MaybeSplitOffFrame(50, versionIETFFrames) + Expect(err).ToNot(HaveOccurred()) + Expect(newFrame).ToNot(BeNil()) + Expect(newFrame.Offset).To(BeNumerically("<", f.Offset)) + Expect(f.FinBit).To(BeTrue()) + Expect(newFrame.FinBit).To(BeFalse()) + }) - It("preserves the FIN bit", func() { - f := &StreamFrame{ - StreamID: 0x1337, - FinBit: true, - Offset: 0xdeadbeef, - Data: make([]byte, 100), - } - newFrame, err := f.MaybeSplitOffFrame(50, version) + It("produces frames of the correct length, without data len", func() { + const size = 1000 + f := &StreamFrame{ + StreamID: 0xdecafbad, + Offset: 0x1234, + Data: []byte{0}, + } + minFrameSize := f.Length(versionIETFFrames) + for i := protocol.ByteCount(0); i < minFrameSize; i++ { + _, err := f.MaybeSplitOffFrame(i, versionIETFFrames) + Expect(err).To(HaveOccurred()) + } + for i := minFrameSize; i < size; i++ { + f.Data = make([]byte, size) + newFrame, err := f.MaybeSplitOffFrame(i, versionIETFFrames) Expect(err).ToNot(HaveOccurred()) - Expect(newFrame).ToNot(BeNil()) - Expect(newFrame.Offset).To(BeNumerically("<", f.Offset)) - Expect(f.FinBit).To(BeTrue()) - Expect(newFrame.FinBit).To(BeFalse()) - }) - - It("produces frames of the correct length, without data len", func() { - const size = 1000 - f := &StreamFrame{ - StreamID: 0xdecafbad, - Offset: 0x1234, - Data: []byte{0}, - } - minFrameSize := f.Length(version) - for i := protocol.ByteCount(0); i < minFrameSize; i++ { - _, err := f.MaybeSplitOffFrame(i, version) - Expect(err).To(HaveOccurred()) - } - for i := minFrameSize; i < size; i++ { - f.Data = make([]byte, size) - newFrame, err := f.MaybeSplitOffFrame(i, version) - Expect(err).ToNot(HaveOccurred()) - Expect(newFrame.Length(version)).To(Equal(i)) - } - }) - } + Expect(newFrame.Length(versionIETFFrames)).To(Equal(i)) + } + }) It("produces frames of the correct length, with data len", func() { const size = 1000 diff --git a/internal/wire/version_negotiation.go b/internal/wire/version_negotiation.go index df8b1f2c..6e29d80c 100644 --- a/internal/wire/version_negotiation.go +++ b/internal/wire/version_negotiation.go @@ -8,18 +8,7 @@ import ( "github.com/lucas-clemente/quic-go/internal/utils" ) -// ComposeGQUICVersionNegotiation composes a Version Negotiation Packet for gQUIC -func ComposeGQUICVersionNegotiation(connID protocol.ConnectionID, versions []protocol.VersionNumber) []byte { - buf := bytes.NewBuffer(make([]byte, 0, 1+8+len(versions)*4)) - buf.Write([]byte{0x1 | 0x8}) // type byte - buf.Write(connID) - for _, v := range versions { - utils.BigEndian.WriteUint32(buf, uint32(v)) - } - return buf.Bytes() -} - -// ComposeVersionNegotiation composes a Version Negotiation according to the IETF draft +// ComposeVersionNegotiation composes a Version Negotiation func ComposeVersionNegotiation(destConnID, srcConnID protocol.ConnectionID, versions []protocol.VersionNumber) ([]byte, error) { greasedVersions := protocol.GetGreasedVersions(versions) expectedLen := 1 /* type byte */ + 4 /* version field */ + 1 /* connection ID length field */ + destConnID.Len() + srcConnID.Len() + len(greasedVersions)*4 diff --git a/internal/wire/version_negotiation_test.go b/internal/wire/version_negotiation_test.go index 0d53142a..2439f582 100644 --- a/internal/wire/version_negotiation_test.go +++ b/internal/wire/version_negotiation_test.go @@ -9,22 +9,7 @@ import ( ) var _ = Describe("Version Negotiation Packets", func() { - It("writes for gQUIC", func() { - connID := protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37} - versions := []protocol.VersionNumber{1001, 1003} - data := ComposeGQUICVersionNegotiation(connID, versions) - b := bytes.NewReader(data) - iHdr, err := ParseInvariantHeader(b, 4) - Expect(err).ToNot(HaveOccurred()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionPublicHeader) - Expect(err).ToNot(HaveOccurred()) - Expect(hdr.VersionFlag).To(BeTrue()) - Expect(hdr.DestConnectionID).To(Equal(connID)) - Expect(hdr.SrcConnectionID).To(BeEmpty()) - Expect(hdr.SupportedVersions).To(Equal(versions)) - }) - - It("writes in IETF draft style", func() { + It("writes", func() { srcConnID := protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37} destConnID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8} versions := []protocol.VersionNumber{1001, 1003} @@ -34,7 +19,7 @@ var _ = Describe("Version Negotiation Packets", func() { b := bytes.NewReader(data) iHdr, err := ParseInvariantHeader(b, 4) Expect(err).ToNot(HaveOccurred()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionIETFHeader) + hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionIETFFrames) Expect(err).ToNot(HaveOccurred()) Expect(hdr.IsVersionNegotiation).To(BeTrue()) Expect(hdr.DestConnectionID).To(Equal(destConnID)) diff --git a/internal/wire/window_update_frame.go b/internal/wire/window_update_frame.go deleted file mode 100644 index 606e25cf..00000000 --- a/internal/wire/window_update_frame.go +++ /dev/null @@ -1,45 +0,0 @@ -package wire - -import ( - "bytes" - - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/utils" -) - -type windowUpdateFrame struct { - StreamID protocol.StreamID - ByteOffset protocol.ByteCount -} - -// parseWindowUpdateFrame parses a WINDOW_UPDATE frame -// The frame returned is -// * a MAX_STREAM_DATA frame, if the WINDOW_UPDATE applies to a stream -// * a MAX_DATA frame, if the WINDOW_UPDATE applies to the connection -func parseWindowUpdateFrame(r *bytes.Reader, _ protocol.VersionNumber) (Frame, error) { - if _, err := r.ReadByte(); err != nil { // read the TypeByte - return nil, err - } - streamID, err := utils.BigEndian.ReadUint32(r) - if err != nil { - return nil, err - } - offset, err := utils.BigEndian.ReadUint64(r) - if err != nil { - return nil, err - } - if streamID == 0 { - return &MaxDataFrame{ByteOffset: protocol.ByteCount(offset)}, nil - } - return &MaxStreamDataFrame{ - StreamID: protocol.StreamID(streamID), - ByteOffset: protocol.ByteCount(offset), - }, nil -} - -func (f *windowUpdateFrame) Write(b *bytes.Buffer, _ protocol.VersionNumber) error { - b.WriteByte(0x4) - utils.BigEndian.WriteUint32(b, uint32(f.StreamID)) - utils.BigEndian.WriteUint64(b, uint64(f.ByteOffset)) - return nil -} diff --git a/internal/wire/window_update_frame_test.go b/internal/wire/window_update_frame_test.go deleted file mode 100644 index cc1c0819..00000000 --- a/internal/wire/window_update_frame_test.go +++ /dev/null @@ -1,98 +0,0 @@ -package wire - -import ( - "bytes" - - "github.com/lucas-clemente/quic-go/internal/protocol" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("WINDOW_UPDATE frame", func() { - Context("parsing", func() { - Context("in big endian", func() { - It("parses a stream-level WINDOW_UPDATE", func() { - b := bytes.NewReader([]byte{0x4, - 0xde, 0xad, 0xbe, 0xef, // stream id - 0xde, 0xca, 0xfb, 0xad, 0x11, 0x22, 0x33, 0x44, // byte offset - }) - f, err := parseWindowUpdateFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(f).To(BeAssignableToTypeOf(&MaxStreamDataFrame{})) - frame := f.(*MaxStreamDataFrame) - Expect(frame.ByteOffset).To(Equal(protocol.ByteCount(0xdecafbad11223344))) - Expect(frame.StreamID).To(Equal(protocol.StreamID(0xdeadbeef))) - }) - - It("parses a connection-level WINDOW_UPDATE", func() { - b := bytes.NewReader([]byte{0x4, - 0x0, 0x0, 0x0, 0x0, // stream id - 0xde, 0xca, 0xfb, 0xad, 0x11, 0x22, 0x33, 0x44, // byte offset - }) - f, err := parseWindowUpdateFrame(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(f).To(BeAssignableToTypeOf(&MaxDataFrame{})) - frame := f.(*MaxDataFrame) - Expect(frame.ByteOffset).To(Equal(protocol.ByteCount(0xdecafbad11223344))) - }) - - It("errors on EOFs", func() { - data := []byte{0x4, - 0xef, 0xbe, 0xad, 0xde, // stream id - 0x44, 0x33, 0x22, 0x11, 0xad, 0xfb, 0xca, 0xde, // byte offset - } - _, err := parseWindowUpdateFrame(bytes.NewReader(data), versionBigEndian) - Expect(err).NotTo(HaveOccurred()) - for i := range data { - _, err := parseWindowUpdateFrame(bytes.NewReader(data[0:i]), versionBigEndian) - Expect(err).To(HaveOccurred()) - } - }) - }) - }) - - Context("writing", func() { - It("has the proper min length for the stream-level WINDOW_UPDATE frame", func() { - f := &MaxDataFrame{ - ByteOffset: 0xdeadbeef, - } - Expect(f.Length(versionBigEndian)).To(Equal(protocol.ByteCount(1 + 4 + 8))) - }) - - It("has the proper min length for the connection-level WINDOW_UPDATE frame", func() { - f := &MaxDataFrame{ - ByteOffset: 0xdeadbeef, - } - Expect(f.Length(versionBigEndian)).To(Equal(protocol.ByteCount(1 + 4 + 8))) - }) - - Context("in big endian", func() { - It("writes a stream-level WINDOW_UPDATE frame", func() { - b := &bytes.Buffer{} - f := &MaxStreamDataFrame{ - StreamID: 0xdecafbad, - ByteOffset: 0xdeadbeefcafe1337, - } - err := f.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()).To(Equal([]byte{0x4, - 0xde, 0xca, 0xfb, 0xad, // stream ID 0 - 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37, // byte offset - })) - }) - - It("writes a connection-level WINDOW_UPDATE frame", func() { - b := &bytes.Buffer{} - f := &MaxDataFrame{ - ByteOffset: 0xdeadbeefcafe1337, - } - err := f.Write(b, versionBigEndian) - Expect(err).ToNot(HaveOccurred()) - Expect(b.Bytes()).To(Equal([]byte{0x4, - 0x0, 0x0, 0x0, 0x0, // stream ID 0 - 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe, 0x13, 0x37, // byte offset - })) - }) - }) - }) -}) diff --git a/internal/wire/wire_suite_test.go b/internal/wire/wire_suite_test.go index 7eda7918..f3b11d41 100644 --- a/internal/wire/wire_suite_test.go +++ b/internal/wire/wire_suite_test.go @@ -17,14 +17,8 @@ func TestWire(t *testing.T) { } const ( - // a QUIC version that uses big endian encoding - versionBigEndian = protocol.Version39 // a QUIC version that uses the IETF frame types versionIETFFrames = protocol.VersionTLS - // a QUIC version that uses the gQUIC Public Header - versionPublicHeader = protocol.Version43 - // a QUIC version that the IETF QUIC Header - versionIETFHeader = protocol.VersionTLS ) func encodeVarInt(i uint64) []byte { @@ -32,8 +26,3 @@ func encodeVarInt(i uint64) []byte { utils.WriteVarInt(b, i) return b.Bytes() } - -var _ = BeforeSuite(func() { - Expect(versionBigEndian.UsesIETFFrameFormat()).To(BeFalse()) - Expect(versionIETFFrames.UsesIETFFrameFormat()).To(BeTrue()) -}) diff --git a/mock_ack_frame_source_test.go b/mock_ack_frame_source_test.go index 1f3cd578..d1c44373 100644 --- a/mock_ack_frame_source_test.go +++ b/mock_ack_frame_source_test.go @@ -45,15 +45,3 @@ func (m *MockAckFrameSource) GetAckFrame() *wire.AckFrame { func (mr *MockAckFrameSourceMockRecorder) GetAckFrame() *gomock.Call { return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetAckFrame", reflect.TypeOf((*MockAckFrameSource)(nil).GetAckFrame)) } - -// GetStopWaitingFrame mocks base method -func (m *MockAckFrameSource) GetStopWaitingFrame(arg0 bool) *wire.StopWaitingFrame { - ret := m.ctrl.Call(m, "GetStopWaitingFrame", arg0) - ret0, _ := ret[0].(*wire.StopWaitingFrame) - return ret0 -} - -// GetStopWaitingFrame indicates an expected call of GetStopWaitingFrame -func (mr *MockAckFrameSourceMockRecorder) GetStopWaitingFrame(arg0 interface{}) *gomock.Call { - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetStopWaitingFrame", reflect.TypeOf((*MockAckFrameSource)(nil).GetStopWaitingFrame), arg0) -} diff --git a/mock_gquic_aead_test.go b/mock_gquic_aead_test.go deleted file mode 100644 index c8ac324b..00000000 --- a/mock_gquic_aead_test.go +++ /dev/null @@ -1,49 +0,0 @@ -// Code generated by MockGen. DO NOT EDIT. -// Source: github.com/lucas-clemente/quic-go (interfaces: GQUICAEAD) - -// Package quic is a generated GoMock package. -package quic - -import ( - reflect "reflect" - - gomock "github.com/golang/mock/gomock" - protocol "github.com/lucas-clemente/quic-go/internal/protocol" -) - -// MockGQUICAEAD is a mock of GQUICAEAD interface -type MockGQUICAEAD struct { - ctrl *gomock.Controller - recorder *MockGQUICAEADMockRecorder -} - -// MockGQUICAEADMockRecorder is the mock recorder for MockGQUICAEAD -type MockGQUICAEADMockRecorder struct { - mock *MockGQUICAEAD -} - -// NewMockGQUICAEAD creates a new mock instance -func NewMockGQUICAEAD(ctrl *gomock.Controller) *MockGQUICAEAD { - mock := &MockGQUICAEAD{ctrl: ctrl} - mock.recorder = &MockGQUICAEADMockRecorder{mock} - return mock -} - -// EXPECT returns an object that allows the caller to indicate expected use -func (m *MockGQUICAEAD) EXPECT() *MockGQUICAEADMockRecorder { - return m.recorder -} - -// Open mocks base method -func (m *MockGQUICAEAD) Open(arg0, arg1 []byte, arg2 protocol.PacketNumber, arg3 []byte) ([]byte, protocol.EncryptionLevel, error) { - ret := m.ctrl.Call(m, "Open", arg0, arg1, arg2, arg3) - ret0, _ := ret[0].([]byte) - ret1, _ := ret[1].(protocol.EncryptionLevel) - ret2, _ := ret[2].(error) - return ret0, ret1, ret2 -} - -// Open indicates an expected call of Open -func (mr *MockGQUICAEADMockRecorder) Open(arg0, arg1, arg2, arg3 interface{}) *gomock.Call { - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Open", reflect.TypeOf((*MockGQUICAEAD)(nil).Open), arg0, arg1, arg2, arg3) -} diff --git a/mock_sealing_manager_test.go b/mock_sealing_manager_test.go index b5a6bdc5..32ebae20 100644 --- a/mock_sealing_manager_test.go +++ b/mock_sealing_manager_test.go @@ -1,5 +1,5 @@ // Code generated by MockGen. DO NOT EDIT. -// Source: github.com/lucas-clemente/quic-go (interfaces: SealingManagerLegacy) +// Source: github.com/lucas-clemente/quic-go (interfaces: SealingManager) // Package quic is a generated GoMock package. package quic @@ -12,31 +12,31 @@ import ( protocol "github.com/lucas-clemente/quic-go/internal/protocol" ) -// MockSealingManagerLegacy is a mock of SealingManagerLegacy interface -type MockSealingManagerLegacy struct { +// MockSealingManager is a mock of SealingManager interface +type MockSealingManager struct { ctrl *gomock.Controller - recorder *MockSealingManagerLegacyMockRecorder + recorder *MockSealingManagerMockRecorder } -// MockSealingManagerLegacyMockRecorder is the mock recorder for MockSealingManagerLegacy -type MockSealingManagerLegacyMockRecorder struct { - mock *MockSealingManagerLegacy +// MockSealingManagerMockRecorder is the mock recorder for MockSealingManager +type MockSealingManagerMockRecorder struct { + mock *MockSealingManager } -// NewMockSealingManagerLegacy creates a new mock instance -func NewMockSealingManagerLegacy(ctrl *gomock.Controller) *MockSealingManagerLegacy { - mock := &MockSealingManagerLegacy{ctrl: ctrl} - mock.recorder = &MockSealingManagerLegacyMockRecorder{mock} +// NewMockSealingManager creates a new mock instance +func NewMockSealingManager(ctrl *gomock.Controller) *MockSealingManager { + mock := &MockSealingManager{ctrl: ctrl} + mock.recorder = &MockSealingManagerMockRecorder{mock} return mock } // EXPECT returns an object that allows the caller to indicate expected use -func (m *MockSealingManagerLegacy) EXPECT() *MockSealingManagerLegacyMockRecorder { +func (m *MockSealingManager) EXPECT() *MockSealingManagerMockRecorder { return m.recorder } // GetSealer mocks base method -func (m *MockSealingManagerLegacy) GetSealer() (protocol.EncryptionLevel, handshake.Sealer) { +func (m *MockSealingManager) GetSealer() (protocol.EncryptionLevel, handshake.Sealer) { ret := m.ctrl.Call(m, "GetSealer") ret0, _ := ret[0].(protocol.EncryptionLevel) ret1, _ := ret[1].(handshake.Sealer) @@ -44,25 +44,12 @@ func (m *MockSealingManagerLegacy) GetSealer() (protocol.EncryptionLevel, handsh } // GetSealer indicates an expected call of GetSealer -func (mr *MockSealingManagerLegacyMockRecorder) GetSealer() *gomock.Call { - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetSealer", reflect.TypeOf((*MockSealingManagerLegacy)(nil).GetSealer)) -} - -// GetSealerForCryptoStream mocks base method -func (m *MockSealingManagerLegacy) GetSealerForCryptoStream() (protocol.EncryptionLevel, handshake.Sealer) { - ret := m.ctrl.Call(m, "GetSealerForCryptoStream") - ret0, _ := ret[0].(protocol.EncryptionLevel) - ret1, _ := ret[1].(handshake.Sealer) - return ret0, ret1 -} - -// GetSealerForCryptoStream indicates an expected call of GetSealerForCryptoStream -func (mr *MockSealingManagerLegacyMockRecorder) GetSealerForCryptoStream() *gomock.Call { - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetSealerForCryptoStream", reflect.TypeOf((*MockSealingManagerLegacy)(nil).GetSealerForCryptoStream)) +func (mr *MockSealingManagerMockRecorder) GetSealer() *gomock.Call { + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetSealer", reflect.TypeOf((*MockSealingManager)(nil).GetSealer)) } // GetSealerWithEncryptionLevel mocks base method -func (m *MockSealingManagerLegacy) GetSealerWithEncryptionLevel(arg0 protocol.EncryptionLevel) (handshake.Sealer, error) { +func (m *MockSealingManager) GetSealerWithEncryptionLevel(arg0 protocol.EncryptionLevel) (handshake.Sealer, error) { ret := m.ctrl.Call(m, "GetSealerWithEncryptionLevel", arg0) ret0, _ := ret[0].(handshake.Sealer) ret1, _ := ret[1].(error) @@ -70,6 +57,6 @@ func (m *MockSealingManagerLegacy) GetSealerWithEncryptionLevel(arg0 protocol.En } // GetSealerWithEncryptionLevel indicates an expected call of GetSealerWithEncryptionLevel -func (mr *MockSealingManagerLegacyMockRecorder) GetSealerWithEncryptionLevel(arg0 interface{}) *gomock.Call { - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetSealerWithEncryptionLevel", reflect.TypeOf((*MockSealingManagerLegacy)(nil).GetSealerWithEncryptionLevel), arg0) +func (mr *MockSealingManagerMockRecorder) GetSealerWithEncryptionLevel(arg0 interface{}) *gomock.Call { + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetSealerWithEncryptionLevel", reflect.TypeOf((*MockSealingManager)(nil).GetSealerWithEncryptionLevel), arg0) } diff --git a/mockgen.go b/mockgen.go index d921a9f0..73add955 100644 --- a/mockgen.go +++ b/mockgen.go @@ -10,11 +10,10 @@ package quic //go:generate sh -c "./mockgen_private.sh quic mock_frame_source_test.go github.com/lucas-clemente/quic-go frameSource" //go:generate sh -c "./mockgen_private.sh quic mock_ack_frame_source_test.go github.com/lucas-clemente/quic-go ackFrameSource" //go:generate sh -c "./mockgen_private.sh quic mock_stream_manager_test.go github.com/lucas-clemente/quic-go streamManager" -//go:generate sh -c "./mockgen_private.sh quic mock_sealing_manager_test.go github.com/lucas-clemente/quic-go sealingManagerLegacy" +//go:generate sh -c "./mockgen_private.sh quic mock_sealing_manager_test.go github.com/lucas-clemente/quic-go sealingManager" //go:generate sh -c "./mockgen_private.sh quic mock_unpacker_test.go github.com/lucas-clemente/quic-go unpacker" //go:generate sh -c "./mockgen_private.sh quic mock_packer_test.go github.com/lucas-clemente/quic-go packer" //go:generate sh -c "./mockgen_private.sh quic mock_quic_aead_test.go github.com/lucas-clemente/quic-go quicAEAD" -//go:generate sh -c "./mockgen_private.sh quic mock_gquic_aead_test.go github.com/lucas-clemente/quic-go gQUICAEAD" //go:generate sh -c "./mockgen_private.sh quic mock_session_runner_test.go github.com/lucas-clemente/quic-go sessionRunner" //go:generate sh -c "./mockgen_private.sh quic mock_quic_session_test.go github.com/lucas-clemente/quic-go quicSession" //go:generate sh -c "./mockgen_private.sh quic mock_packet_handler_test.go github.com/lucas-clemente/quic-go packetHandler" diff --git a/packet_handler_map.go b/packet_handler_map.go index 35f9bdfa..fef9468e 100644 --- a/packet_handler_map.go +++ b/packet_handler_map.go @@ -180,7 +180,7 @@ func (h *packetHandlerMap) handlePacket(addr net.Addr, data []byte) error { hdr.Raw = data[:len(data)-r.Len()] packetData := data[len(data)-r.Len():] - if hdr.IsLongHeader && hdr.Version.UsesLengthInHeader() { + if hdr.IsLongHeader { if protocol.ByteCount(len(packetData)) < hdr.PayloadLen { return fmt.Errorf("packet payload (%d bytes) is smaller than the expected payload length (%d bytes)", len(packetData), hdr.PayloadLen) } diff --git a/packet_handler_map_test.go b/packet_handler_map_test.go index 4986081f..c5f1b267 100644 --- a/packet_handler_map_test.go +++ b/packet_handler_map_test.go @@ -22,9 +22,12 @@ var _ = Describe("Packet Handler Map", func() { getPacket := func(connID protocol.ConnectionID) []byte { buf := &bytes.Buffer{} err := (&wire.Header{ + IsLongHeader: true, + Type: protocol.PacketTypeHandshake, DestConnectionID: connID, PacketNumberLen: protocol.PacketNumberLen1, - }).Write(buf, protocol.PerspectiveServer, versionGQUICFrames) + Version: protocol.VersionWhatever, + }).Write(buf, protocol.PerspectiveServer, protocol.VersionWhatever) Expect(err).ToNot(HaveOccurred()) return buf.Bytes() } @@ -80,7 +83,7 @@ var _ = Describe("Packet Handler Map", func() { }) It("drops unparseable packets", func() { - err := handler.handlePacket(nil, []byte("invalid")) + err := handler.handlePacket(nil, []byte{0, 1, 2, 3}) Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("error parsing invariant header:")) }) @@ -113,7 +116,7 @@ var _ = Describe("Packet Handler Map", func() { It("errors on packets that are smaller than the Payload Length in the packet header", func() { connID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8} packetHandler := NewMockPacketHandler(mockCtrl) - packetHandler.EXPECT().GetVersion().Return(versionIETFFrames) + packetHandler.EXPECT().GetVersion().Return(protocol.VersionWhatever) packetHandler.EXPECT().GetPerspective().Return(protocol.PerspectiveClient) handler.Add(connID, packetHandler) hdr := &wire.Header{ @@ -122,10 +125,10 @@ var _ = Describe("Packet Handler Map", func() { PayloadLen: 1000, DestConnectionID: connID, PacketNumberLen: protocol.PacketNumberLen1, - Version: versionIETFFrames, + Version: protocol.VersionWhatever, } buf := &bytes.Buffer{} - Expect(hdr.Write(buf, protocol.PerspectiveServer, versionIETFFrames)).To(Succeed()) + Expect(hdr.Write(buf, protocol.PerspectiveServer, protocol.VersionWhatever)).To(Succeed()) buf.Write(bytes.Repeat([]byte{0}, 500)) err := handler.handlePacket(nil, buf.Bytes()) @@ -135,7 +138,7 @@ var _ = Describe("Packet Handler Map", func() { It("cuts packets at the Payload Length", func() { connID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8} packetHandler := NewMockPacketHandler(mockCtrl) - packetHandler.EXPECT().GetVersion().Return(versionIETFFrames) + packetHandler.EXPECT().GetVersion().Return(protocol.VersionWhatever) packetHandler.EXPECT().GetPerspective().Return(protocol.PerspectiveClient) handler.Add(connID, packetHandler) packetHandler.EXPECT().handlePacket(gomock.Any()).Do(func(p *receivedPacket) { @@ -148,10 +151,10 @@ var _ = Describe("Packet Handler Map", func() { PayloadLen: 456, DestConnectionID: connID, PacketNumberLen: protocol.PacketNumberLen1, - Version: versionIETFFrames, + Version: protocol.VersionWhatever, } buf := &bytes.Buffer{} - Expect(hdr.Write(buf, protocol.PerspectiveServer, versionIETFFrames)).To(Succeed()) + Expect(hdr.Write(buf, protocol.PerspectiveServer, protocol.VersionWhatever)).To(Succeed()) buf.Write(bytes.Repeat([]byte{0}, 500)) err := handler.handlePacket(nil, buf.Bytes()) Expect(err).ToNot(HaveOccurred()) diff --git a/packet_packer.go b/packet_packer.go index f7e75ad5..17d55a9e 100644 --- a/packet_packer.go +++ b/packet_packer.go @@ -71,7 +71,6 @@ type frameSource interface { type ackFrameSource interface { GetAckFrame() *wire.AckFrame - GetStopWaitingFrame(bool) *wire.StopWaitingFrame } type packetPacker struct { diff --git a/packet_packer_legacy.go b/packet_packer_legacy.go deleted file mode 100644 index c4c55455..00000000 --- a/packet_packer_legacy.go +++ /dev/null @@ -1,461 +0,0 @@ -package quic - -import ( - "bytes" - "errors" - "fmt" - "net" - - "github.com/lucas-clemente/quic-go/internal/ackhandler" - "github.com/lucas-clemente/quic-go/internal/handshake" - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/wire" -) - -type sealingManagerLegacy interface { - GetSealer() (protocol.EncryptionLevel, handshake.Sealer) - GetSealerForCryptoStream() (protocol.EncryptionLevel, handshake.Sealer) - GetSealerWithEncryptionLevel(protocol.EncryptionLevel) (handshake.Sealer, error) -} - -// sentAndReceivedPacketManager is only needed until STOP_WAITING is removed -type sentAndReceivedPacketManager struct { - ackhandler.SentPacketHandler - ackhandler.ReceivedPacketHandler -} - -var _ ackFrameSource = &sentAndReceivedPacketManager{} - -type packetPackerLegacy struct { - destConnID protocol.ConnectionID - srcConnID protocol.ConnectionID - - perspective protocol.Perspective - version protocol.VersionNumber - cryptoSetup sealingManagerLegacy - - divNonce []byte - - packetNumberGenerator *packetNumberGenerator - getPacketNumberLen func(protocol.PacketNumber) protocol.PacketNumberLen - cryptoStream streamI - framer frameSource - acks ackFrameSource - - omitConnectionID bool - maxPacketSize protocol.ByteCount - hasSentPacket bool // has the packetPacker already sent a packet - numNonRetransmittableAcks int -} - -var _ packer = &packetPackerLegacy{} - -func newPacketPackerLegacy( - destConnID protocol.ConnectionID, - srcConnID protocol.ConnectionID, - getPacketNumberLen func(protocol.PacketNumber) protocol.PacketNumberLen, - remoteAddr net.Addr, // only used for determining the max packet size - divNonce []byte, - cryptoStream streamI, - cryptoSetup sealingManagerLegacy, - framer frameSource, - acks ackFrameSource, - perspective protocol.Perspective, - version protocol.VersionNumber, -) *packetPackerLegacy { - return &packetPackerLegacy{ - cryptoStream: cryptoStream, - cryptoSetup: cryptoSetup, - divNonce: divNonce, - destConnID: destConnID, - srcConnID: srcConnID, - perspective: perspective, - version: version, - framer: framer, - acks: acks, - getPacketNumberLen: getPacketNumberLen, - packetNumberGenerator: newPacketNumberGenerator(1, protocol.SkipPacketAveragePeriodLength), - maxPacketSize: getMaxPacketSize(remoteAddr), - } -} - -// PackConnectionClose packs a packet that ONLY contains a ConnectionCloseFrame -func (p *packetPackerLegacy) PackConnectionClose(ccf *wire.ConnectionCloseFrame) (*packedPacket, error) { - frames := []wire.Frame{ccf} - encLevel, sealer := p.cryptoSetup.GetSealer() - header := p.getHeader(encLevel) - raw, err := p.writeAndSealPacket(header, frames, sealer) - return &packedPacket{ - header: header, - raw: raw, - frames: frames, - encryptionLevel: encLevel, - }, err -} - -func (p *packetPackerLegacy) MaybePackAckPacket() (*packedPacket, error) { - ack := p.acks.GetAckFrame() - if ack == nil { - return nil, nil - } - encLevel, sealer := p.cryptoSetup.GetSealer() - header := p.getHeader(encLevel) - frames := []wire.Frame{ack} - // add a STOP_WAITING frame, if necessary - if p.version.UsesStopWaitingFrames() { - if swf := p.acks.GetStopWaitingFrame(false); swf != nil { - swf.PacketNumber = header.PacketNumber - swf.PacketNumberLen = header.PacketNumberLen - frames = append(frames, swf) - } - } - raw, err := p.writeAndSealPacket(header, frames, sealer) - return &packedPacket{ - header: header, - raw: raw, - frames: frames, - encryptionLevel: encLevel, - }, err -} - -// PackRetransmission packs a retransmission -// For packets sent after completion of the handshake, it might happen that 2 packets have to be sent. -// This can happen e.g. when a longer packet number is used in the header. -func (p *packetPackerLegacy) PackRetransmission(packet *ackhandler.Packet) ([]*packedPacket, error) { - if packet.EncryptionLevel != protocol.EncryptionForwardSecure { - p, err := p.packHandshakeRetransmission(packet) - return []*packedPacket{p}, err - } - - var controlFrames []wire.Frame - var streamFrames []*wire.StreamFrame - for _, f := range packet.Frames { - if sf, ok := f.(*wire.StreamFrame); ok { - sf.DataLenPresent = true - streamFrames = append(streamFrames, sf) - } else { - controlFrames = append(controlFrames, f) - } - } - - var packets []*packedPacket - encLevel, sealer := p.cryptoSetup.GetSealer() - var swf *wire.StopWaitingFrame - // add a STOP_WAITING for *every* retransmission - if p.version.UsesStopWaitingFrames() { - swf = p.acks.GetStopWaitingFrame(true) - } - for len(controlFrames) > 0 || len(streamFrames) > 0 { - var frames []wire.Frame - var length protocol.ByteCount - - header := p.getHeader(encLevel) - headerLength, err := header.GetLength(p.version) - if err != nil { - return nil, err - } - maxSize := p.maxPacketSize - protocol.ByteCount(sealer.Overhead()) - headerLength - - if p.version.UsesStopWaitingFrames() { - // create a new STOP_WAIITNG Frame, since we might need to send more than one packet as a retransmission - stopWaitingFrame := &wire.StopWaitingFrame{ - LeastUnacked: swf.LeastUnacked, - PacketNumber: header.PacketNumber, - PacketNumberLen: header.PacketNumberLen, - } - length += stopWaitingFrame.Length(p.version) - frames = append(frames, stopWaitingFrame) - } - - for len(controlFrames) > 0 { - frame := controlFrames[0] - frameLen := frame.Length(p.version) - if length+frameLen > maxSize { - break - } - length += frameLen - frames = append(frames, frame) - controlFrames = controlFrames[1:] - } - - // temporarily increase the maxFrameSize by the (minimum) length of the DataLen field - // this leads to a properly sized packet in all cases, since we do all the packet length calculations with StreamFrames that have the DataLen set - // however, for the last STREAM frame in the packet, we can omit the DataLen, thus yielding a packet of exactly the correct size - maxSize += 2 - - for len(streamFrames) > 0 && length+protocol.MinStreamFrameSize < maxSize { - frame := streamFrames[0] - frameToAdd := frame - - sf, err := frame.MaybeSplitOffFrame(maxSize-length, p.version) - if err != nil { - return nil, err - } - if sf != nil { - frameToAdd = sf - } else { - streamFrames = streamFrames[1:] - } - length += frameToAdd.Length(p.version) - frames = append(frames, frameToAdd) - } - if sf, ok := frames[len(frames)-1].(*wire.StreamFrame); ok { - sf.DataLenPresent = false - } - raw, err := p.writeAndSealPacket(header, frames, sealer) - if err != nil { - return nil, err - } - packets = append(packets, &packedPacket{ - header: header, - raw: raw, - frames: frames, - encryptionLevel: encLevel, - }) - } - return packets, nil -} - -// packHandshakeRetransmission retransmits a handshake packet, that was sent with less than forward-secure encryption -func (p *packetPackerLegacy) packHandshakeRetransmission(packet *ackhandler.Packet) (*packedPacket, error) { - sealer, err := p.cryptoSetup.GetSealerWithEncryptionLevel(packet.EncryptionLevel) - if err != nil { - return nil, err - } - // make sure that the retransmission for an Initial packet is sent as an Initial packet - if packet.PacketType == protocol.PacketTypeInitial { - p.hasSentPacket = false - } - header := p.getHeader(packet.EncryptionLevel) - header.Type = packet.PacketType - var frames []wire.Frame - if p.version.UsesStopWaitingFrames() { // pack a STOP_WAITING first - swf := p.acks.GetStopWaitingFrame(true) - swf.PacketNumber = header.PacketNumber - swf.PacketNumberLen = header.PacketNumberLen - frames = append([]wire.Frame{swf}, packet.Frames...) - } else { - frames = packet.Frames - } - raw, err := p.writeAndSealPacket(header, frames, sealer) - return &packedPacket{ - header: header, - raw: raw, - frames: frames, - encryptionLevel: packet.EncryptionLevel, - }, err -} - -// PackPacket packs a new packet -// the other controlFrames are sent in the next packet, but might be queued and sent in the next packet if the packet would overflow MaxPacketSize otherwise -func (p *packetPackerLegacy) PackPacket() (*packedPacket, error) { - packet, err := p.maybePackCryptoPacket() - if err != nil { - return nil, err - } - if packet != nil { - return packet, nil - } - // if this is the first packet to be send, make sure it contains stream data - if !p.hasSentPacket && packet == nil { - return nil, nil - } - - encLevel, sealer := p.cryptoSetup.GetSealer() - - header := p.getHeader(encLevel) - headerLength, err := header.GetLength(p.version) - if err != nil { - return nil, err - } - - maxSize := p.maxPacketSize - protocol.ByteCount(sealer.Overhead()) - headerLength - frames, err := p.composeNextPacket(header, maxSize, p.canSendData(encLevel)) - if err != nil { - return nil, err - } - - // Check if we have enough frames to send - if len(frames) == 0 { - return nil, nil - } - // check if this packet only contains an ACK (and maybe a STOP_WAITING) - if !ackhandler.HasRetransmittableFrames(frames) { - if p.numNonRetransmittableAcks >= protocol.MaxNonRetransmittableAcks { - frames = append(frames, &wire.PingFrame{}) - p.numNonRetransmittableAcks = 0 - } else { - p.numNonRetransmittableAcks++ - } - } else { - p.numNonRetransmittableAcks = 0 - } - - raw, err := p.writeAndSealPacket(header, frames, sealer) - if err != nil { - return nil, err - } - return &packedPacket{ - header: header, - raw: raw, - frames: frames, - encryptionLevel: encLevel, - }, nil -} - -func (p *packetPackerLegacy) maybePackCryptoPacket() (*packedPacket, error) { - if !p.cryptoStream.hasData() { - return nil, nil - } - encLevel, sealer := p.cryptoSetup.GetSealerForCryptoStream() - header := p.getHeader(encLevel) - headerLength, err := header.GetLength(p.version) - if err != nil { - return nil, err - } - maxLen := p.maxPacketSize - protocol.ByteCount(sealer.Overhead()) - protocol.NonForwardSecurePacketSizeReduction - headerLength - sf, _ := p.cryptoStream.popStreamFrame(maxLen) - sf.DataLenPresent = false - frames := []wire.Frame{sf} - raw, err := p.writeAndSealPacket(header, frames, sealer) - if err != nil { - return nil, err - } - return &packedPacket{ - header: header, - raw: raw, - frames: frames, - encryptionLevel: encLevel, - }, nil -} - -func (p *packetPackerLegacy) composeNextPacket( - header *wire.Header, // only needed to fill in the STOP_WAITING frame - maxFrameSize protocol.ByteCount, - canSendStreamFrames bool, -) ([]wire.Frame, error) { - var length protocol.ByteCount - var frames []wire.Frame - - // STOP_WAITING and ACK will always fit - // ACKs need to go first, so that the sentPacketHandler will recognize them - if ack := p.acks.GetAckFrame(); ack != nil { - frames = append(frames, ack) - length += ack.Length(p.version) - // add a STOP_WAITING, for gQUIC - if p.version.UsesStopWaitingFrames() { - if swf := p.acks.GetStopWaitingFrame(false); swf != nil { - swf.PacketNumber = header.PacketNumber - swf.PacketNumberLen = header.PacketNumberLen - frames = append(frames, swf) - length += swf.Length(p.version) - } - } - } - - var lengthAdded protocol.ByteCount - frames, lengthAdded = p.framer.AppendControlFrames(frames, maxFrameSize-length) - length += lengthAdded - - if !canSendStreamFrames { - return frames, nil - } - - // temporarily increase the maxFrameSize by the (minimum) length of the DataLen field - // this leads to a properly sized packet in all cases, since we do all the packet length calculations with StreamFrames that have the DataLen set - // however, for the last STREAM frame in the packet, we can omit the DataLen, thus yielding a packet of exactly the correct size - maxFrameSize += 2 - - frames = p.framer.AppendStreamFrames(frames, maxFrameSize-length) - if len(frames) > 0 { - lastFrame := frames[len(frames)-1] - if sf, ok := lastFrame.(*wire.StreamFrame); ok { - sf.DataLenPresent = false - } - } - return frames, nil -} - -func (p *packetPackerLegacy) getHeader(encLevel protocol.EncryptionLevel) *wire.Header { - pnum := p.packetNumberGenerator.Peek() - packetNumberLen := p.getPacketNumberLen(pnum) - - header := &wire.Header{ - PacketNumber: pnum, - PacketNumberLen: packetNumberLen, - Version: p.version, - } - - if p.version.UsesIETFHeaderFormat() && encLevel != protocol.EncryptionForwardSecure { - header.IsLongHeader = true - header.SrcConnectionID = p.srcConnID - header.PacketNumberLen = protocol.PacketNumberLen4 - if !p.hasSentPacket && p.perspective == protocol.PerspectiveClient { - header.Type = protocol.PacketTypeInitial - } else { - header.Type = protocol.PacketTypeHandshake - } - } - - if !p.omitConnectionID || encLevel != protocol.EncryptionForwardSecure { - header.DestConnectionID = p.destConnID - } - if p.perspective == protocol.PerspectiveServer && encLevel == protocol.EncryptionSecure { - header.Type = protocol.PacketType0RTT - header.DiversificationNonce = p.divNonce - } - if p.perspective == protocol.PerspectiveClient && encLevel != protocol.EncryptionForwardSecure { - header.VersionFlag = true - } - return header -} - -func (p *packetPackerLegacy) writeAndSealPacket( - header *wire.Header, - frames []wire.Frame, - sealer handshake.Sealer, -) ([]byte, error) { - raw := *getPacketBuffer() - buffer := bytes.NewBuffer(raw[:0]) - - if err := header.Write(buffer, p.perspective, p.version); err != nil { - return nil, err - } - payloadStartIndex := buffer.Len() - - for _, frame := range frames { - if err := frame.Write(buffer, p.version); err != nil { - return nil, err - } - } - - if size := protocol.ByteCount(buffer.Len() + sealer.Overhead()); size > p.maxPacketSize { - return nil, fmt.Errorf("PacketPacker BUG: packet too large (%d bytes, allowed %d bytes)", size, p.maxPacketSize) - } - - raw = raw[0:buffer.Len()] - _ = sealer.Seal(raw[payloadStartIndex:payloadStartIndex], raw[payloadStartIndex:], header.PacketNumber, raw[:payloadStartIndex]) - raw = raw[0 : buffer.Len()+sealer.Overhead()] - - num := p.packetNumberGenerator.Pop() - if num != header.PacketNumber { - return nil, errors.New("packetPacker BUG: Peeked and Popped packet numbers do not match") - } - p.hasSentPacket = true - return raw, nil -} - -func (p *packetPackerLegacy) canSendData(encLevel protocol.EncryptionLevel) bool { - if p.perspective == protocol.PerspectiveClient { - return encLevel >= protocol.EncryptionSecure - } - return encLevel == protocol.EncryptionForwardSecure -} - -func (p *packetPackerLegacy) ChangeDestConnectionID(connID protocol.ConnectionID) { - panic("changing connection IDs not supported by gQUIC") -} - -func (p *packetPackerLegacy) HandleTransportParameters(params *handshake.TransportParameters) { - p.omitConnectionID = params.OmitConnectionID -} diff --git a/packet_packer_legacy_test.go b/packet_packer_legacy_test.go deleted file mode 100644 index 47eaae78..00000000 --- a/packet_packer_legacy_test.go +++ /dev/null @@ -1,895 +0,0 @@ -package quic - -import ( - "bytes" - "fmt" - "math/rand" - "net" - - "github.com/golang/mock/gomock" - "github.com/lucas-clemente/quic-go/internal/ackhandler" - "github.com/lucas-clemente/quic-go/internal/handshake" - "github.com/lucas-clemente/quic-go/internal/mocks" - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/wire" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Packet packer (legacy)", func() { - const maxPacketSize protocol.ByteCount = 1357 - var ( - packer *packetPackerLegacy - framer *MockFrameSource - ackFramer *MockAckFrameSource - cryptoStream *MockStreamI - sealingManager *MockSealingManagerLegacy - sealer *mocks.MockSealer - divNonce []byte - ) - - expectAppendStreamFrames := func(frames ...wire.Frame) { - framer.EXPECT().AppendStreamFrames(gomock.Any(), gomock.Any()).DoAndReturn(func(fs []wire.Frame, _ protocol.ByteCount) []wire.Frame { - return append(fs, frames...) - }) - } - - expectAppendControlFrames := func(frames ...wire.Frame) { - framer.EXPECT().AppendControlFrames(gomock.Any(), gomock.Any()).DoAndReturn(func(fs []wire.Frame, _ protocol.ByteCount) ([]wire.Frame, protocol.ByteCount) { - var length protocol.ByteCount - for _, f := range frames { - length += f.Length(packer.version) - } - return append(fs, frames...), length - }) - } - - BeforeEach(func() { - rand.Seed(GinkgoRandomSeed()) - version := versionGQUICFrames - mockSender := NewMockStreamSender(mockCtrl) - mockSender.EXPECT().onHasStreamData(gomock.Any()).AnyTimes() - cryptoStream = NewMockStreamI(mockCtrl) - framer = NewMockFrameSource(mockCtrl) - ackFramer = NewMockAckFrameSource(mockCtrl) - sealingManager = NewMockSealingManagerLegacy(mockCtrl) - sealer = mocks.NewMockSealer(mockCtrl) - sealer.EXPECT().Overhead().Return(9).AnyTimes() - sealer.EXPECT().Seal(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(dst, src []byte, pn protocol.PacketNumber, associatedData []byte) []byte { - return append(src, bytes.Repeat([]byte{0}, 9)...) - }).AnyTimes() - - divNonce = bytes.Repeat([]byte{'e'}, 32) - - packer = newPacketPackerLegacy( - protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - func(protocol.PacketNumber) protocol.PacketNumberLen { return protocol.PacketNumberLen2 }, - &net.TCPAddr{}, - divNonce, - cryptoStream, - sealingManager, - framer, - ackFramer, - protocol.PerspectiveServer, - version, - ) - packer.hasSentPacket = true - packer.version = version - packer.maxPacketSize = maxPacketSize - }) - - It("returns nil when no packet is queued", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - ackFramer.EXPECT().GetAckFrame() - cryptoStream.EXPECT().hasData() - framer.EXPECT().AppendControlFrames(nil, gomock.Any()) - framer.EXPECT().AppendStreamFrames(nil, gomock.Any()) - p, err := packer.PackPacket() - Expect(p).To(BeNil()) - Expect(err).ToNot(HaveOccurred()) - }) - - It("packs single packets", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - cryptoStream.EXPECT().hasData() - ackFramer.EXPECT().GetAckFrame() - expectAppendControlFrames() - f := &wire.StreamFrame{ - StreamID: 5, - Data: []byte{0xDE, 0xCA, 0xFB, 0xAD}, - } - expectAppendStreamFrames(f) - p, err := packer.PackPacket() - Expect(err).ToNot(HaveOccurred()) - Expect(p).ToNot(BeNil()) - b := &bytes.Buffer{} - f.Write(b, packer.version) - Expect(p.frames).To(Equal([]wire.Frame{f})) - Expect(p.raw).To(ContainSubstring(b.String())) - }) - - It("stores the encryption level a packet was sealed with", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - cryptoStream.EXPECT().hasData() - ackFramer.EXPECT().GetAckFrame() - expectAppendControlFrames() - expectAppendStreamFrames(&wire.StreamFrame{ - StreamID: 5, - Data: []byte("foobar"), - }) - p, err := packer.PackPacket() - Expect(err).ToNot(HaveOccurred()) - Expect(p.encryptionLevel).To(Equal(protocol.EncryptionForwardSecure)) - }) - - Context("generating a packet header", func() { - Context("Public Header", func() { - It("doesn't set the source connection ID", func() { - ph := packer.getHeader(protocol.EncryptionForwardSecure) - Expect(ph.SrcConnectionID).To(BeEmpty()) - }) - - It("it omits the connection ID for forward-secure packets", func() { - packer.version = protocol.Version43 - ph := packer.getHeader(protocol.EncryptionForwardSecure) - Expect(ph.DestConnectionID.Len()).ToNot(BeZero()) - packer.HandleTransportParameters(&handshake.TransportParameters{ - OmitConnectionID: true, - }) - ph = packer.getHeader(protocol.EncryptionForwardSecure) - Expect(ph.DestConnectionID.Len()).To(BeZero()) - }) - - It("doesn't omit the connection ID for non-forward-secure packets", func() { - packer.HandleTransportParameters(&handshake.TransportParameters{ - OmitConnectionID: true, - }) - ph := packer.getHeader(protocol.EncryptionSecure) - Expect(ph.DestConnectionID.Len()).ToNot(BeZero()) - }) - - It("adds the Version Flag to the Public Header before the crypto handshake is finished", func() { - packer.perspective = protocol.PerspectiveClient - ph := packer.getHeader(protocol.EncryptionSecure) - Expect(ph.VersionFlag).To(BeTrue()) - }) - - It("doesn't add the Version Flag to the Public Header for forward-secure packets", func() { - packer.perspective = protocol.PerspectiveClient - ph := packer.getHeader(protocol.EncryptionForwardSecure) - Expect(ph.VersionFlag).To(BeFalse()) - }) - - Context("diversificaton nonces", func() { - It("doesn't include a div nonce, when sending a packet with initial encryption", func() { - ph := packer.getHeader(protocol.EncryptionUnencrypted) - Expect(ph.DiversificationNonce).To(BeEmpty()) - }) - - It("includes a div nonce, when sending a packet with secure encryption", func() { - ph := packer.getHeader(protocol.EncryptionSecure) - Expect(ph.DiversificationNonce).To(Equal(divNonce)) - }) - - It("doesn't include a div nonce, when sending a packet with forward-secure encryption", func() { - ph := packer.getHeader(protocol.EncryptionForwardSecure) - Expect(ph.DiversificationNonce).To(BeEmpty()) - }) - - It("doesn't send a div nonce as a client", func() { - packer.perspective = protocol.PerspectiveClient - ph := packer.getHeader(protocol.EncryptionSecure) - Expect(ph.DiversificationNonce).To(BeEmpty()) - }) - }) - }) - - Context("Header (for gQUIC 44)", func() { - BeforeEach(func() { - packer.version = protocol.Version44 - }) - - It("sends an Initial packet as the first packets, for the client", func() { - packer.perspective = protocol.PerspectiveClient - packer.hasSentPacket = false - h := packer.getHeader(protocol.EncryptionUnencrypted) - Expect(h.IsLongHeader).To(BeTrue()) - Expect(h.Type).To(Equal(protocol.PacketTypeInitial)) - Expect(h.Version).To(Equal(protocol.Version44)) - Expect(h.DestConnectionID).To(Equal(packer.destConnID)) - Expect(h.SrcConnectionID).To(Equal(packer.srcConnID)) - Expect(h.PacketNumberLen).To(Equal(protocol.PacketNumberLen4)) - }) - - It("sends a Handshake for non-forward-secure packets, for the server", func() { - packer.perspective = protocol.PerspectiveServer - h := packer.getHeader(protocol.EncryptionUnencrypted) - Expect(h.IsLongHeader).To(BeTrue()) - Expect(h.Type).To(Equal(protocol.PacketTypeHandshake)) - Expect(h.Version).To(Equal(protocol.Version44)) - Expect(h.DestConnectionID).To(Equal(packer.destConnID)) - Expect(h.SrcConnectionID).To(Equal(packer.srcConnID)) - Expect(h.PacketNumberLen).To(Equal(protocol.PacketNumberLen4)) - }) - - It("sets the Diversification Nonce for secure packets", func() { - packer.perspective = protocol.PerspectiveServer - Expect(divNonce).ToNot(BeEmpty()) - h := packer.getHeader(protocol.EncryptionSecure) - Expect(h.IsLongHeader).To(BeTrue()) - Expect(h.Version).To(Equal(protocol.Version44)) - Expect(h.Type).To(Equal(protocol.PacketType0RTT)) - Expect(h.DiversificationNonce).To(Equal(divNonce)) - }) - - It("uses the Short Header for forward-secure packets", func() { - h := packer.getHeader(protocol.EncryptionForwardSecure) - Expect(h.IsLongHeader).To(BeFalse()) - Expect(h.IsPublicHeader).To(BeFalse()) - Expect(h.DestConnectionID).To(Equal(packer.destConnID)) - }) - }) - }) - - It("packs a CONNECTION_CLOSE", func() { - ccf := wire.ConnectionCloseFrame{ - ErrorCode: 0x1337, - ReasonPhrase: "foobar", - } - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - p, err := packer.PackConnectionClose(&ccf) - Expect(err).ToNot(HaveOccurred()) - Expect(p.frames).To(HaveLen(1)) - Expect(p.frames[0]).To(Equal(&ccf)) - }) - - It("doesn't send any other frames when sending a CONNECTION_CLOSE", func() { - // expect no framer.PopStreamFrames - ccf := &wire.ConnectionCloseFrame{ - ErrorCode: 0x1337, - ReasonPhrase: "foobar", - } - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - p, err := packer.PackConnectionClose(ccf) - Expect(err).ToNot(HaveOccurred()) - Expect(p.frames).To(Equal([]wire.Frame{ccf})) - }) - - It("packs control frames", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - cryptoStream.EXPECT().hasData() - ackFramer.EXPECT().GetAckFrame() - frames := []wire.Frame{&wire.RstStreamFrame{}, &wire.MaxDataFrame{}} - expectAppendControlFrames(frames...) - expectAppendStreamFrames() - p, err := packer.PackPacket() - Expect(p).ToNot(BeNil()) - Expect(err).ToNot(HaveOccurred()) - Expect(p.frames).To(Equal(frames)) - Expect(p.raw).NotTo(BeEmpty()) - }) - - It("increases the packet number", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer).Times(2) - cryptoStream.EXPECT().hasData().Times(2) - ackFramer.EXPECT().GetAckFrame().Times(2) - expectAppendControlFrames() - expectAppendStreamFrames(&wire.StreamFrame{Data: []byte("foobar")}) - expectAppendControlFrames() - expectAppendStreamFrames(&wire.StreamFrame{Data: []byte("raboof")}) - p1, err := packer.PackPacket() - Expect(err).ToNot(HaveOccurred()) - Expect(p1).ToNot(BeNil()) - p2, err := packer.PackPacket() - Expect(err).ToNot(HaveOccurred()) - Expect(p2).ToNot(BeNil()) - Expect(p2.header.PacketNumber).To(BeNumerically(">", p1.header.PacketNumber)) - }) - - It("packs ACKs and STOP_WAITING frames first, then control frames, then STREAM frames", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - cryptoStream.EXPECT().hasData() - ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Largest: 100}}} - swf := &wire.StopWaitingFrame{LeastUnacked: 10} - mdf := &wire.MaxDataFrame{ByteOffset: 0x1234} - sf := &wire.StreamFrame{Data: []byte("foobar")} - ackFramer.EXPECT().GetAckFrame().Return(ack) - ackFramer.EXPECT().GetStopWaitingFrame(false).Return(swf) - expectAppendControlFrames(mdf) - expectAppendStreamFrames(sf) - packer.packetNumberGenerator.next = 15 - p, err := packer.PackPacket() - Expect(err).ToNot(HaveOccurred()) - Expect(p).ToNot(BeNil()) - Expect(p.frames).To(Equal([]wire.Frame{ack, swf, mdf, sf})) - }) - - It("sets the LeastUnackedDelta length of a STOP_WAITING frame", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - cryptoStream.EXPECT().hasData() - swf := &wire.StopWaitingFrame{LeastUnacked: 0x1337 - 0x100} - ackFramer.EXPECT().GetAckFrame().Return(&wire.AckFrame{AckRanges: []wire.AckRange{{Largest: 100}}}) - ackFramer.EXPECT().GetStopWaitingFrame(false).Return(swf) - expectAppendControlFrames() - expectAppendStreamFrames() - packer.packetNumberGenerator.next = 0x1337 - p, err := packer.PackPacket() - Expect(err).ToNot(HaveOccurred()) - Expect(p.frames).To(HaveLen(2)) - Expect(p.frames[1].(*wire.StopWaitingFrame).PacketNumberLen).To(Equal(protocol.PacketNumberLen2)) - }) - - It("refuses to send a packet that doesn't contain crypto stream data, if it has never sent a packet before", func() { - cryptoStream.EXPECT().hasData() - packer.hasSentPacket = false - p, err := packer.PackPacket() - Expect(err).ToNot(HaveOccurred()) - Expect(p).To(BeNil()) - }) - - It("accounts for the space consumed by control frames", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - cryptoStream.EXPECT().hasData() - ackFramer.EXPECT().GetAckFrame() - var maxSize protocol.ByteCount - gomock.InOrder( - framer.EXPECT().AppendControlFrames(gomock.Any(), gomock.Any()).DoAndReturn(func(fs []wire.Frame, maxLen protocol.ByteCount) ([]wire.Frame, protocol.ByteCount) { - maxSize = maxLen - return fs, 444 - }), - framer.EXPECT().AppendStreamFrames(gomock.Any(), gomock.Any()).Do(func(_ []wire.Frame, maxLen protocol.ByteCount) []wire.Frame { - Expect(maxLen).To(Equal(maxSize - 444 + 2 /* data length of the STREAM frame */)) - return nil - }), - ) - _, err := packer.PackPacket() - Expect(err).ToNot(HaveOccurred()) - }) - - It("only increases the packet number when there is an actual packet to send", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer).Times(2) - ackFramer.EXPECT().GetAckFrame().Times(2) - cryptoStream.EXPECT().hasData().Times(2) - expectAppendStreamFrames() - expectAppendControlFrames() - packer.packetNumberGenerator.nextToSkip = 1000 - p, err := packer.PackPacket() - Expect(p).To(BeNil()) - Expect(err).ToNot(HaveOccurred()) - Expect(packer.packetNumberGenerator.Peek()).To(Equal(protocol.PacketNumber(1))) - expectAppendControlFrames() - expectAppendStreamFrames(&wire.StreamFrame{Data: []byte("foobar")}) - p, err = packer.PackPacket() - Expect(err).ToNot(HaveOccurred()) - Expect(p).ToNot(BeNil()) - Expect(p.header.PacketNumber).To(Equal(protocol.PacketNumber(1))) - Expect(packer.packetNumberGenerator.Peek()).To(Equal(protocol.PacketNumber(2))) - }) - - Context("making ACK packets retransmittable", func() { - sendMaxNumNonRetransmittableAcks := func() { - cryptoStream.EXPECT().hasData().Times(protocol.MaxNonRetransmittableAcks) - for i := 0; i < protocol.MaxNonRetransmittableAcks; i++ { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - ackFramer.EXPECT().GetAckFrame().Return(&wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 1}}}) - ackFramer.EXPECT().GetStopWaitingFrame(false) - expectAppendControlFrames() - expectAppendStreamFrames() - p, err := packer.PackPacket() - Expect(p).ToNot(BeNil()) - Expect(err).ToNot(HaveOccurred()) - Expect(p.frames).To(HaveLen(1)) - } - } - - It("adds a PING frame when it's supposed to send a retransmittable packet", func() { - sendMaxNumNonRetransmittableAcks() - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - cryptoStream.EXPECT().hasData() - ackFramer.EXPECT().GetAckFrame().Return(&wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 1}}}) - ackFramer.EXPECT().GetStopWaitingFrame(false) - expectAppendControlFrames() - expectAppendStreamFrames() - p, err := packer.PackPacket() - Expect(p).ToNot(BeNil()) - Expect(err).ToNot(HaveOccurred()) - Expect(p.frames).To(ContainElement(&wire.PingFrame{})) - // make sure the next packet doesn't contain another PING - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - cryptoStream.EXPECT().hasData() - ackFramer.EXPECT().GetAckFrame().Return(&wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 1}}}) - ackFramer.EXPECT().GetStopWaitingFrame(false) - expectAppendControlFrames() - expectAppendStreamFrames() - p, err = packer.PackPacket() - Expect(p).ToNot(BeNil()) - Expect(err).ToNot(HaveOccurred()) - Expect(p.frames).To(HaveLen(1)) - }) - - It("waits until there's something to send before adding a PING frame", func() { - sendMaxNumNonRetransmittableAcks() - // nothing to send - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - cryptoStream.EXPECT().hasData() - expectAppendControlFrames() - expectAppendStreamFrames() - ackFramer.EXPECT().GetAckFrame() - p, err := packer.PackPacket() - Expect(err).ToNot(HaveOccurred()) - Expect(p).To(BeNil()) - // now add some frame to send - expectAppendControlFrames() - expectAppendStreamFrames() - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - cryptoStream.EXPECT().hasData() - ackFramer.EXPECT().GetAckFrame().Return(&wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 1}}}) - ackFramer.EXPECT().GetStopWaitingFrame(false) - p, err = packer.PackPacket() - Expect(err).ToNot(HaveOccurred()) - Expect(p.frames).To(HaveLen(2)) - Expect(p.frames).To(ContainElement(&wire.PingFrame{})) - }) - - It("doesn't send a PING if it already sent another retransmittable frame", func() { - sendMaxNumNonRetransmittableAcks() - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - cryptoStream.EXPECT().hasData() - ackFramer.EXPECT().GetAckFrame() - expectAppendStreamFrames() - expectAppendControlFrames(&wire.MaxDataFrame{}) - p, err := packer.PackPacket() - Expect(p).ToNot(BeNil()) - Expect(err).ToNot(HaveOccurred()) - Expect(p.frames).ToNot(ContainElement(&wire.PingFrame{})) - }) - }) - - Context("STREAM frame handling", func() { - It("does not split a STREAM frame with maximum size", func() { - cryptoStream.EXPECT().hasData() - ackFramer.EXPECT().GetAckFrame() - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - expectAppendControlFrames() - sf := &wire.StreamFrame{ - Offset: 1, - StreamID: 5, - DataLenPresent: true, - } - framer.EXPECT().AppendStreamFrames(gomock.Any(), gomock.Any()).DoAndReturn(func(_ []wire.Frame, maxSize protocol.ByteCount) ([]wire.Frame, protocol.ByteCount) { - sf.Data = bytes.Repeat([]byte{'f'}, int(maxSize-sf.Length(packer.version))) - return []wire.Frame{sf}, sf.Length(packer.version) - }) - p, err := packer.PackPacket() - Expect(err).ToNot(HaveOccurred()) - Expect(p.frames).To(HaveLen(1)) - Expect(p.raw).To(HaveLen(int(maxPacketSize))) - Expect(p.frames[0].(*wire.StreamFrame).Data).To(HaveLen(len(sf.Data))) - Expect(p.frames[0].(*wire.StreamFrame).DataLenPresent).To(BeFalse()) - }) - - It("packs multiple small STREAM frames into single packet", func() { - f1 := &wire.StreamFrame{ - StreamID: 5, - Data: []byte("frame 1"), - DataLenPresent: true, - } - f2 := &wire.StreamFrame{ - StreamID: 5, - Data: []byte("frame 2"), - DataLenPresent: true, - } - f3 := &wire.StreamFrame{ - StreamID: 3, - Data: []byte("frame 3"), - DataLenPresent: true, - } - cryptoStream.EXPECT().hasData() - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - ackFramer.EXPECT().GetAckFrame() - expectAppendControlFrames() - expectAppendStreamFrames(f1, f2, f3) - p, err := packer.PackPacket() - Expect(p).ToNot(BeNil()) - Expect(err).ToNot(HaveOccurred()) - Expect(p.frames).To(HaveLen(3)) - Expect(p.frames[0].(*wire.StreamFrame).Data).To(Equal([]byte("frame 1"))) - Expect(p.frames[0].(*wire.StreamFrame).DataLenPresent).To(BeTrue()) - Expect(p.frames[1].(*wire.StreamFrame).Data).To(Equal([]byte("frame 2"))) - Expect(p.frames[1].(*wire.StreamFrame).DataLenPresent).To(BeTrue()) - Expect(p.frames[2].(*wire.StreamFrame).Data).To(Equal([]byte("frame 3"))) - Expect(p.frames[2].(*wire.StreamFrame).DataLenPresent).To(BeFalse()) - }) - - It("refuses to send unencrypted stream data on a data stream", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionUnencrypted, sealer) - cryptoStream.EXPECT().hasData() - ackFramer.EXPECT().GetAckFrame() - expectAppendControlFrames() - // don't expect a call to framer.PopStreamFrames - p, err := packer.PackPacket() - Expect(err).NotTo(HaveOccurred()) - Expect(p).To(BeNil()) - }) - - It("sends non forward-secure data as the client", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionSecure, sealer) - cryptoStream.EXPECT().hasData() - ackFramer.EXPECT().GetAckFrame() - expectAppendControlFrames() - f := &wire.StreamFrame{ - StreamID: 5, - Data: []byte("foobar"), - } - expectAppendStreamFrames(f) - packer.perspective = protocol.PerspectiveClient - p, err := packer.PackPacket() - Expect(err).ToNot(HaveOccurred()) - Expect(p.encryptionLevel).To(Equal(protocol.EncryptionSecure)) - Expect(p.frames).To(Equal([]wire.Frame{f})) - }) - - It("does not send non forward-secure data as the server", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionSecure, sealer) - cryptoStream.EXPECT().hasData() - ackFramer.EXPECT().GetAckFrame() - expectAppendControlFrames() - // don't expect a call to framer.PopStreamFrames - p, err := packer.PackPacket() - Expect(err).ToNot(HaveOccurred()) - Expect(p).To(BeNil()) - }) - - It("sends unencrypted stream data on the crypto stream", func() { - sealingManager.EXPECT().GetSealerForCryptoStream().Return(protocol.EncryptionUnencrypted, sealer) - f := &wire.StreamFrame{ - StreamID: 1, - Data: []byte("foobar"), - } - cryptoStream.EXPECT().hasData().Return(true) - cryptoStream.EXPECT().popStreamFrame(gomock.Any()).Return(f, false) - p, err := packer.PackPacket() - Expect(err).ToNot(HaveOccurred()) - Expect(p.frames).To(Equal([]wire.Frame{f})) - Expect(p.encryptionLevel).To(Equal(protocol.EncryptionUnencrypted)) - }) - - It("sends encrypted stream data on the crypto stream", func() { - sealingManager.EXPECT().GetSealerForCryptoStream().Return(protocol.EncryptionSecure, sealer) - f := &wire.StreamFrame{ - StreamID: 1, - Data: []byte("foobar"), - } - cryptoStream.EXPECT().hasData().Return(true) - cryptoStream.EXPECT().popStreamFrame(gomock.Any()).Return(f, false) - p, err := packer.PackPacket() - Expect(err).ToNot(HaveOccurred()) - Expect(p.frames).To(Equal([]wire.Frame{f})) - Expect(p.encryptionLevel).To(Equal(protocol.EncryptionSecure)) - }) - - It("does not pack STREAM frames if not allowed", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionUnencrypted, sealer) - cryptoStream.EXPECT().hasData() - ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Largest: 10, Smallest: 1}}} - ackFramer.EXPECT().GetAckFrame().Return(ack) - ackFramer.EXPECT().GetStopWaitingFrame(false) - expectAppendControlFrames() - // don't expect a call to framer.PopStreamFrames - p, err := packer.PackPacket() - Expect(err).ToNot(HaveOccurred()) - Expect(p.frames).To(Equal([]wire.Frame{ack})) - }) - }) - - It("packs a single ACK", func() { - cryptoStream.EXPECT().hasData() - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Largest: 42, Smallest: 1}}} - ackFramer.EXPECT().GetAckFrame().Return(ack) - ackFramer.EXPECT().GetStopWaitingFrame(false) - expectAppendControlFrames() - expectAppendStreamFrames() - p, err := packer.PackPacket() - Expect(err).NotTo(HaveOccurred()) - Expect(p).ToNot(BeNil()) - Expect(p.frames[0]).To(Equal(ack)) - }) - - Context("retransmitting of handshake packets", func() { - sf := &wire.StreamFrame{ - StreamID: 1, - Data: []byte("foobar"), - } - - It("packs a retransmission with the right encryption level", func() { - sealingManager.EXPECT().GetSealerWithEncryptionLevel(protocol.EncryptionUnencrypted).Return(sealer, nil) - swf := &wire.StopWaitingFrame{LeastUnacked: 1} - ackFramer.EXPECT().GetStopWaitingFrame(true).Return(swf) - packet := &ackhandler.Packet{ - PacketType: protocol.PacketTypeHandshake, - EncryptionLevel: protocol.EncryptionUnencrypted, - Frames: []wire.Frame{sf}, - } - p, err := packer.PackRetransmission(packet) - Expect(err).ToNot(HaveOccurred()) - Expect(p).To(HaveLen(1)) - Expect(p[0].header.Type).To(Equal(protocol.PacketTypeHandshake)) - Expect(p[0].frames).To(Equal([]wire.Frame{swf, sf})) - Expect(p[0].encryptionLevel).To(Equal(protocol.EncryptionUnencrypted)) - }) - - It("packs a retransmission for a packet sent with secure encryption", func() { - sealingManager.EXPECT().GetSealerWithEncryptionLevel(protocol.EncryptionSecure).Return(sealer, nil) - swf := &wire.StopWaitingFrame{LeastUnacked: 1} - ackFramer.EXPECT().GetStopWaitingFrame(true).Return(swf) - packet := &ackhandler.Packet{ - EncryptionLevel: protocol.EncryptionSecure, - Frames: []wire.Frame{sf}, - } - p, err := packer.PackRetransmission(packet) - Expect(err).ToNot(HaveOccurred()) - Expect(p).To(HaveLen(1)) - Expect(p[0].frames).To(Equal([]wire.Frame{swf, sf})) - Expect(p[0].encryptionLevel).To(Equal(protocol.EncryptionSecure)) - // a packet sent by the server with secure encryption contains the SHLO - // it needs to have a diversification nonce - Expect(p[0].raw).To(ContainSubstring(string(divNonce))) - }) - - // this should never happen, since non forward-secure packets are limited to a size smaller than MaxPacketSize, such that it is always possible to retransmit them without splitting the StreamFrame - // (note that the retransmitted packet needs to have enough space for the StopWaitingFrame) - It("refuses to send a packet larger than MaxPacketSize", func() { - sealingManager.EXPECT().GetSealerWithEncryptionLevel(gomock.Any()).Return(sealer, nil) - swf := &wire.StopWaitingFrame{LeastUnacked: 1} - ackFramer.EXPECT().GetStopWaitingFrame(true).Return(swf) - packet := &ackhandler.Packet{ - EncryptionLevel: protocol.EncryptionSecure, - Frames: []wire.Frame{ - &wire.StreamFrame{ - StreamID: 1, - Data: bytes.Repeat([]byte{'f'}, int(maxPacketSize-5)), - }, - }, - } - _, err := packer.PackRetransmission(packet) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("PacketPacker BUG: packet too large")) - }) - - It("packs a retransmission for an Initial packet", func() { - sealingManager.EXPECT().GetSealerWithEncryptionLevel(protocol.EncryptionUnencrypted).Return(sealer, nil) - packer.version = protocol.Version44 - packer.perspective = protocol.PerspectiveClient - packet := &ackhandler.Packet{ - PacketType: protocol.PacketTypeInitial, - EncryptionLevel: protocol.EncryptionUnencrypted, - Frames: []wire.Frame{sf}, - } - p, err := packer.PackRetransmission(packet) - Expect(err).ToNot(HaveOccurred()) - Expect(p).To(HaveLen(1)) - Expect(p[0].frames).To(Equal([]wire.Frame{sf})) - Expect(p[0].encryptionLevel).To(Equal(protocol.EncryptionUnencrypted)) - Expect(p[0].header.Type).To(Equal(protocol.PacketTypeInitial)) - }) - }) - - Context("retransmission of forward-secure packets", func() { - It("retransmits a small packet", func() { - swf := &wire.StopWaitingFrame{LeastUnacked: 7} - packer.packetNumberGenerator.next = 10 - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - ackFramer.EXPECT().GetStopWaitingFrame(true).Return(swf) - frames := []wire.Frame{ - &wire.MaxDataFrame{ByteOffset: 0x1234}, - &wire.StreamFrame{StreamID: 42, Data: []byte("foobar")}, - } - packets, err := packer.PackRetransmission(&ackhandler.Packet{ - EncryptionLevel: protocol.EncryptionForwardSecure, - Frames: frames, - }) - Expect(err).ToNot(HaveOccurred()) - Expect(packets).To(HaveLen(1)) - p := packets[0] - Expect(p.encryptionLevel).To(Equal(protocol.EncryptionForwardSecure)) - Expect(p.frames).To(HaveLen(3)) - Expect(p.frames[0]).To(BeAssignableToTypeOf(&wire.StopWaitingFrame{})) - Expect(p.frames[0].(*wire.StopWaitingFrame).LeastUnacked).To(Equal(protocol.PacketNumber(7))) - Expect(p.frames[0].(*wire.StopWaitingFrame).PacketNumber).To(Equal(p.header.PacketNumber)) - Expect(p.frames[0].(*wire.StopWaitingFrame).PacketNumberLen).To(Equal(p.header.PacketNumberLen)) - Expect(p.frames[1:]).To(Equal(frames)) - }) - - It("packs two packets for retransmission if the original packet contained many control frames", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - var frames []wire.Frame - var totalLen protocol.ByteCount - // pack a bunch of control frames, such that the packet is way bigger than a single packet - for i := 0; totalLen < maxPacketSize*3/2; i++ { - f := &wire.MaxStreamDataFrame{ - StreamID: protocol.StreamID(i), - ByteOffset: protocol.ByteCount(i), - } - frames = append(frames, f) - totalLen += f.Length(packer.version) - } - packer.packetNumberGenerator.next = 10 - swf := &wire.StopWaitingFrame{LeastUnacked: 7} - ackFramer.EXPECT().GetStopWaitingFrame(true).Return(swf) - packets, err := packer.PackRetransmission(&ackhandler.Packet{ - EncryptionLevel: protocol.EncryptionForwardSecure, - Frames: frames, - }) - Expect(err).ToNot(HaveOccurred()) - Expect(packets).To(HaveLen(2)) - Expect(len(packets[0].frames) + len(packets[1].frames)).To(Equal(len(frames) + 2)) // all frames, plus 2 STOP_WAITING frames - Expect(packets[0].frames[0]).To(BeAssignableToTypeOf(&wire.StopWaitingFrame{})) - Expect(packets[1].frames[0]).To(BeAssignableToTypeOf(&wire.StopWaitingFrame{})) - Expect(packets[0].frames[1:]).To(Equal(frames[:len(packets[0].frames)-1])) - Expect(packets[1].frames[1:]).To(Equal(frames[len(packets[0].frames)-1:])) - // check that the first packet was filled up as far as possible: - // if the first frame (after the STOP_WAITING) was packed into the first packet, it would have overflown the MaxPacketSize - Expect(len(packets[0].raw) + int(packets[1].frames[1].Length(packer.version))).To(BeNumerically(">", maxPacketSize)) - }) - - It("splits a STREAM frame that doesn't fit", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - swf := &wire.StopWaitingFrame{} - ackFramer.EXPECT().GetStopWaitingFrame(true).Return(swf) - packets, err := packer.PackRetransmission(&ackhandler.Packet{ - EncryptionLevel: protocol.EncryptionForwardSecure, - Frames: []wire.Frame{&wire.StreamFrame{ - StreamID: 42, - Offset: 1337, - Data: bytes.Repeat([]byte{'a'}, int(maxPacketSize)*3/2), - }}, - }) - Expect(err).ToNot(HaveOccurred()) - Expect(packets).To(HaveLen(2)) - Expect(packets[0].frames[0]).To(BeAssignableToTypeOf(&wire.StopWaitingFrame{})) - Expect(packets[1].frames[0]).To(BeAssignableToTypeOf(&wire.StopWaitingFrame{})) - Expect(packets[0].frames[1]).To(BeAssignableToTypeOf(&wire.StreamFrame{})) - Expect(packets[1].frames[1]).To(BeAssignableToTypeOf(&wire.StreamFrame{})) - sf1 := packets[0].frames[1].(*wire.StreamFrame) - sf2 := packets[1].frames[1].(*wire.StreamFrame) - Expect(sf1.StreamID).To(Equal(protocol.StreamID(42))) - Expect(sf1.Offset).To(Equal(protocol.ByteCount(1337))) - Expect(sf1.DataLenPresent).To(BeFalse()) - Expect(sf2.StreamID).To(Equal(protocol.StreamID(42))) - Expect(sf2.Offset).To(Equal(protocol.ByteCount(1337) + sf1.DataLen())) - Expect(sf2.DataLenPresent).To(BeFalse()) - Expect(sf1.DataLen() + sf2.DataLen()).To(Equal(maxPacketSize * 3 / 2)) - Expect(packets[0].raw).To(HaveLen(int(maxPacketSize))) - }) - - It("splits STREAM frames, if necessary", func() { - for i := 0; i < 100; i++ { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer).MaxTimes(2) - swf := &wire.StopWaitingFrame{} - ackFramer.EXPECT().GetStopWaitingFrame(true).Return(swf) - sf1 := &wire.StreamFrame{ - StreamID: 42, - Offset: 1337, - Data: bytes.Repeat([]byte{'a'}, 1+int(rand.Int31n(int32(maxPacketSize*4/5)))), - } - sf2 := &wire.StreamFrame{ - StreamID: 2, - Offset: 42, - Data: bytes.Repeat([]byte{'b'}, 1+int(rand.Int31n(int32(maxPacketSize*4/5)))), - } - expectedDataLen := sf1.DataLen() + sf2.DataLen() - fmt.Fprintf(GinkgoWriter, "STREAM frame 1: %d bytes, STREAM frame 2: %d\n", sf1.DataLen(), sf2.DataLen()) - frames := []wire.Frame{sf1, sf2} - packets, err := packer.PackRetransmission(&ackhandler.Packet{ - EncryptionLevel: protocol.EncryptionForwardSecure, - Frames: frames, - }) - Expect(err).ToNot(HaveOccurred()) - - if len(packets) > 1 { - Expect(packets[0].raw).To(HaveLen(int(maxPacketSize))) - } - - var dataLen protocol.ByteCount - for _, p := range packets { - for _, f := range p.frames { - if sf, ok := f.(*wire.StreamFrame); ok { - dataLen += sf.DataLen() - } - } - } - Expect(dataLen).To(Equal(expectedDataLen)) - } - }) - - It("packs two packets for retransmission if the original packet contained many STREAM frames", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - swf := &wire.StopWaitingFrame{} - ackFramer.EXPECT().GetStopWaitingFrame(true).Return(swf) - var frames []wire.Frame - var totalLen protocol.ByteCount - // pack a bunch of control frames, such that the packet is way bigger than a single packet - for i := 0; totalLen < maxPacketSize*3/2; i++ { - f := &wire.StreamFrame{ - StreamID: protocol.StreamID(i), - Data: []byte("foobar"), - DataLenPresent: true, - } - frames = append(frames, f) - totalLen += f.Length(packer.version) - } - packets, err := packer.PackRetransmission(&ackhandler.Packet{ - EncryptionLevel: protocol.EncryptionForwardSecure, - Frames: frames, - }) - Expect(err).ToNot(HaveOccurred()) - Expect(packets).To(HaveLen(2)) - Expect(len(packets[0].frames) + len(packets[1].frames)).To(Equal(len(frames) + 2)) // all frames, plus 2 STOP_WAITING frames - Expect(packets[0].frames[0]).To(BeAssignableToTypeOf(&wire.StopWaitingFrame{})) - Expect(packets[1].frames[0]).To(BeAssignableToTypeOf(&wire.StopWaitingFrame{})) - Expect(packets[0].frames[1:]).To(Equal(frames[:len(packets[0].frames)-1])) - Expect(packets[1].frames[1:]).To(Equal(frames[len(packets[0].frames)-1:])) - // check that the first packet was filled up as far as possible: - // if the first frame (after the STOP_WAITING) was packed into the first packet, it would have overflown the MaxPacketSize - Expect(len(packets[0].raw) + int(packets[1].frames[1].Length(packer.version))).To(BeNumerically(">", maxPacketSize-protocol.MinStreamFrameSize)) - }) - - It("correctly sets the DataLenPresent on STREAM frames", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - swf := &wire.StopWaitingFrame{} - ackFramer.EXPECT().GetStopWaitingFrame(true).Return(swf) - frames := []wire.Frame{ - &wire.StreamFrame{StreamID: 4, Data: []byte("foobar"), DataLenPresent: true}, - &wire.StreamFrame{StreamID: 5, Data: []byte("barfoo")}, - } - packets, err := packer.PackRetransmission(&ackhandler.Packet{ - EncryptionLevel: protocol.EncryptionForwardSecure, - Frames: frames, - }) - Expect(err).ToNot(HaveOccurred()) - Expect(packets).To(HaveLen(1)) - p := packets[0] - Expect(p.frames).To(HaveLen(3)) - Expect(p.frames[1]).To(BeAssignableToTypeOf(&wire.StreamFrame{})) - Expect(p.frames[2]).To(BeAssignableToTypeOf(&wire.StreamFrame{})) - sf1 := p.frames[1].(*wire.StreamFrame) - sf2 := p.frames[2].(*wire.StreamFrame) - Expect(sf1.StreamID).To(Equal(protocol.StreamID(4))) - Expect(sf1.DataLenPresent).To(BeTrue()) - Expect(sf2.StreamID).To(Equal(protocol.StreamID(5))) - Expect(sf2.DataLenPresent).To(BeFalse()) - }) - }) - - Context("packing ACK packets", func() { - It("doesn't pack a packet if there's no ACK to send", func() { - ackFramer.EXPECT().GetAckFrame() - p, err := packer.MaybePackAckPacket() - Expect(err).ToNot(HaveOccurred()) - Expect(p).To(BeNil()) - }) - - It("packs ACK packets", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 10}}} - swf := &wire.StopWaitingFrame{} - ackFramer.EXPECT().GetAckFrame().Return(ack) - ackFramer.EXPECT().GetStopWaitingFrame(false).Return(swf) - p, err := packer.MaybePackAckPacket() - Expect(err).NotTo(HaveOccurred()) - Expect(p.frames).To(Equal([]wire.Frame{ack, swf})) - }) - - It("doesn't add a STOP_WAITING frame, for gQUIC 44", func() { - sealingManager.EXPECT().GetSealer().Return(protocol.EncryptionForwardSecure, sealer) - packer.version = protocol.Version44 - ack := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 1, Largest: 10}}} - ackFramer.EXPECT().GetAckFrame().Return(ack) - p, err := packer.MaybePackAckPacket() - Expect(err).NotTo(HaveOccurred()) - Expect(p.frames).To(Equal([]wire.Frame{ack})) - }) - }) -}) diff --git a/packet_packer_test.go b/packet_packer_test.go index 5a707b3e..a5e50eb4 100644 --- a/packet_packer_test.go +++ b/packet_packer_test.go @@ -23,7 +23,7 @@ var _ = Describe("Packet packer", func() { ackFramer *MockAckFrameSource initialStream *MockCryptoStream handshakeStream *MockCryptoStream - sealingManager *MockSealingManagerLegacy + sealingManager *MockSealingManager sealer *mocks.MockSealer token []byte ) @@ -32,7 +32,7 @@ var _ = Describe("Packet packer", func() { r := bytes.NewReader(data) iHdr, err := wire.ParseInvariantHeader(r, 0) Expect(err).ToNot(HaveOccurred()) - hdr, err := iHdr.Parse(r, protocol.PerspectiveServer, versionIETFFrames) + hdr, err := iHdr.Parse(r, protocol.PerspectiveServer, protocol.VersionWhatever) Expect(err).ToNot(HaveOccurred()) ExpectWithOffset(0, hdr.PayloadLen).To(BeEquivalentTo(r.Len())) } @@ -55,14 +55,14 @@ var _ = Describe("Packet packer", func() { BeforeEach(func() { rand.Seed(GinkgoRandomSeed()) - version := versionIETFFrames + version := protocol.VersionWhatever mockSender := NewMockStreamSender(mockCtrl) mockSender.EXPECT().onHasStreamData(gomock.Any()).AnyTimes() initialStream = NewMockCryptoStream(mockCtrl) handshakeStream = NewMockCryptoStream(mockCtrl) framer = NewMockFrameSource(mockCtrl) ackFramer = NewMockAckFrameSource(mockCtrl) - sealingManager = NewMockSealingManagerLegacy(mockCtrl) + sealingManager = NewMockSealingManager(mockCtrl) sealer = mocks.NewMockSealer(mockCtrl) sealer.EXPECT().Overhead().Return(7).AnyTimes() sealer.EXPECT().Seal(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(dst, src []byte, pn protocol.PacketNumber, associatedData []byte) []byte { @@ -120,7 +120,7 @@ var _ = Describe("Packet packer", func() { destConnID := protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1} packer.srcConnID = srcConnID packer.destConnID = destConnID - h := packer.getHeader(protocol.EncryptionSecure) + h := packer.getHeader(protocol.EncryptionHandshake) Expect(h.SrcConnectionID).To(Equal(srcConnID)) Expect(h.DestConnectionID).To(Equal(destConnID)) }) @@ -675,7 +675,6 @@ var _ = Describe("Packet packer", func() { It("packs a maximum size crypto packet", func() { var f *wire.CryptoFrame - packer.version = versionIETFFrames sealingManager.EXPECT().GetSealerWithEncryptionLevel(protocol.EncryptionHandshake).Return(sealer, nil) ackFramer.EXPECT().GetAckFrame() initialStream.EXPECT().HasData() @@ -701,7 +700,6 @@ var _ = Describe("Packet packer", func() { ackFramer.EXPECT().GetAckFrame() initialStream.EXPECT().HasData().Return(true) initialStream.EXPECT().PopCryptoFrame(gomock.Any()).Return(f) - packer.version = protocol.VersionTLS packer.hasSentPacket = false packer.perspective = protocol.PerspectiveClient packet, err := packer.PackPacket() @@ -782,7 +780,6 @@ var _ = Describe("Packet packer", func() { It("packs a retransmission for an Initial packet", func() { sealingManager.EXPECT().GetSealerWithEncryptionLevel(protocol.EncryptionInitial).Return(sealer, nil) - packer.version = versionIETFFrames packer.perspective = protocol.PerspectiveClient packet := &ackhandler.Packet{ PacketType: protocol.PacketTypeInitial, diff --git a/packet_unpacker.go b/packet_unpacker.go index b7638f45..49f2b0a6 100644 --- a/packet_unpacker.go +++ b/packet_unpacker.go @@ -14,10 +14,6 @@ type unpackedPacket struct { frames []wire.Frame } -type gQUICAEAD interface { - Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel, error) -} - type quicAEAD interface { OpenInitial(dst, src []byte, pn protocol.PacketNumber, ad []byte) ([]byte, error) OpenHandshake(dst, src []byte, pn protocol.PacketNumber, ad []byte) ([]byte, error) @@ -49,40 +45,7 @@ func (u *packetUnpackerBase) parseFrames(decrypted []byte, hdr *wire.Header) ([] return fs, nil } -// The packetUnpackerGQUIC unpacks gQUIC packets. -type packetUnpackerGQUIC struct { - packetUnpackerBase - aead gQUICAEAD -} - -var _ unpacker = &packetUnpackerGQUIC{} - -func newPacketUnpackerGQUIC(aead gQUICAEAD, version protocol.VersionNumber) unpacker { - return &packetUnpackerGQUIC{ - packetUnpackerBase: packetUnpackerBase{version: version}, - aead: aead, - } -} - -func (u *packetUnpackerGQUIC) Unpack(headerBinary []byte, hdr *wire.Header, data []byte) (*unpackedPacket, error) { - decrypted, encryptionLevel, err := u.aead.Open(data[:0], data, hdr.PacketNumber, headerBinary) - if err != nil { - // Wrap err in quicError so that public reset is sent by session - return nil, qerr.Error(qerr.DecryptionFailure, err.Error()) - } - - fs, err := u.parseFrames(decrypted, hdr) - if err != nil { - return nil, err - } - - return &unpackedPacket{ - encryptionLevel: encryptionLevel, - frames: fs, - }, nil -} - -// The packetUnpacker unpacks IETF QUIC packets. +// The packetUnpacker unpacks QUIC packets. type packetUnpacker struct { packetUnpackerBase aead quicAEAD diff --git a/packet_unpacker_test.go b/packet_unpacker_test.go index 2c6a00ca..780aa4de 100644 --- a/packet_unpacker_test.go +++ b/packet_unpacker_test.go @@ -12,49 +12,7 @@ import ( . "github.com/onsi/gomega" ) -var _ = Describe("Packet Unpacker (for gQUIC)", func() { - var ( - unpacker *packetUnpackerGQUIC - hdr *wire.Header - aead *MockGQUICAEAD - ) - - BeforeEach(func() { - aead = NewMockGQUICAEAD(mockCtrl) - hdr = &wire.Header{ - PacketNumber: 10, - PacketNumberLen: 1, - Raw: []byte{0x04, 0x4c, 0x01}, - } - unpacker = newPacketUnpackerGQUIC(aead, versionGQUICFrames).(*packetUnpackerGQUIC) - }) - - It("errors if the packet doesn't contain any payload", func() { - data := []byte("foobar") - aead.EXPECT().Open(gomock.Any(), []byte("foobar"), hdr.PacketNumber, hdr.Raw).Return([]byte{}, protocol.EncryptionForwardSecure, nil) - _, err := unpacker.Unpack(hdr.Raw, hdr, data) - Expect(err).To(MatchError(qerr.MissingPayload)) - }) - - It("saves the encryption level", func() { - aead.EXPECT().Open(gomock.Any(), gomock.Any(), hdr.PacketNumber, hdr.Raw).Return([]byte{0}, protocol.EncryptionSecure, nil) - packet, err := unpacker.Unpack(hdr.Raw, hdr, nil) - Expect(err).ToNot(HaveOccurred()) - Expect(packet.encryptionLevel).To(Equal(protocol.EncryptionSecure)) - }) - - It("unpacks the frames", func() { - buf := &bytes.Buffer{} - (&wire.PingFrame{}).Write(buf, versionGQUICFrames) - (&wire.BlockedFrame{}).Write(buf, versionGQUICFrames) - aead.EXPECT().Open(gomock.Any(), gomock.Any(), hdr.PacketNumber, hdr.Raw).Return(buf.Bytes(), protocol.EncryptionForwardSecure, nil) - packet, err := unpacker.Unpack(hdr.Raw, hdr, nil) - Expect(err).ToNot(HaveOccurred()) - Expect(packet.frames).To(Equal([]wire.Frame{&wire.PingFrame{}, &wire.BlockedFrame{}})) - }) -}) - -var _ = Describe("Packet Unpacker (for IETF QUIC)", func() { +var _ = Describe("Packet Unpacker", func() { var ( unpacker *packetUnpacker hdr *wire.Header @@ -68,7 +26,7 @@ var _ = Describe("Packet Unpacker (for IETF QUIC)", func() { PacketNumberLen: 1, Raw: []byte{0x04, 0x4c, 0x01}, } - unpacker = newPacketUnpacker(aead, versionIETFFrames).(*packetUnpacker) + unpacker = newPacketUnpacker(aead, protocol.VersionWhatever).(*packetUnpacker) }) It("errors if the packet doesn't contain any payload", func() { @@ -98,8 +56,8 @@ var _ = Describe("Packet Unpacker (for IETF QUIC)", func() { It("unpacks the frames", func() { buf := &bytes.Buffer{} - (&wire.PingFrame{}).Write(buf, versionIETFFrames) - (&wire.BlockedFrame{}).Write(buf, versionIETFFrames) + (&wire.PingFrame{}).Write(buf, protocol.VersionWhatever) + (&wire.BlockedFrame{}).Write(buf, protocol.VersionWhatever) aead.EXPECT().Open1RTT(gomock.Any(), gomock.Any(), hdr.PacketNumber, hdr.Raw).Return(buf.Bytes(), nil) packet, err := unpacker.Unpack(hdr.Raw, hdr, nil) Expect(err).ToNot(HaveOccurred()) diff --git a/quic_suite_test.go b/quic_suite_test.go index 2524a09b..7059345f 100644 --- a/quic_suite_test.go +++ b/quic_suite_test.go @@ -2,7 +2,6 @@ package quic import ( "github.com/golang/mock/gomock" - "github.com/lucas-clemente/quic-go/internal/protocol" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -14,18 +13,8 @@ func TestQuicGo(t *testing.T) { RunSpecs(t, "QUIC Suite") } -const ( - versionGQUICFrames = protocol.Version39 - versionIETFFrames = protocol.VersionTLS -) - var mockCtrl *gomock.Controller -var _ = BeforeSuite(func() { - Expect(versionGQUICFrames.UsesIETFFrameFormat()).To(BeFalse()) - Expect(versionIETFFrames.UsesIETFFrameFormat()).To(BeTrue()) -}) - var _ = BeforeEach(func() { mockCtrl = gomock.NewController(GinkgoT()) }) diff --git a/receive_stream.go b/receive_stream.go index e18f064a..88833bf7 100644 --- a/receive_stream.go +++ b/receive_stream.go @@ -164,9 +164,7 @@ func (s *receiveStream) readImpl(p []byte) (bool /*stream completed */, int, err s.flowController.AddBytesRead(protocol.ByteCount(m)) } // increase the flow control window, if necessary - if !s.version.IsCryptoStream(s.streamID) { - s.flowController.MaybeQueueWindowUpdate() - } + s.flowController.MaybeQueueWindowUpdate() if s.readPosInFrame >= len(s.currentFrame) && s.currentFrameIsLast { s.finRead = true @@ -194,12 +192,10 @@ func (s *receiveStream) CancelRead(errorCode protocol.ApplicationErrorCode) erro s.canceledRead = true s.cancelReadErr = fmt.Errorf("Read on stream %d canceled with error code %d", s.streamID, errorCode) s.signalRead() - if s.version.UsesIETFFrameFormat() { - s.sender.queueControlFrame(&wire.StopSendingFrame{ - StreamID: s.streamID, - ErrorCode: errorCode, - }) - } + s.sender.queueControlFrame(&wire.StopSendingFrame{ + StreamID: s.streamID, + ErrorCode: errorCode, + }) return nil } @@ -236,12 +232,6 @@ func (s *receiveStream) handleRstStreamFrameImpl(frame *wire.RstStreamFrame) (bo if err := s.flowController.UpdateHighestReceived(frame.ByteOffset, true); err != nil { return false, err } - // In gQUIC, error code 0 has a special meaning. - // The peer will reliably continue transmitting, but is not interested in reading from the stream. - // We should therefore just continue reading from the stream, until we encounter the FIN bit. - if !s.version.UsesIETFFrameFormat() && frame.ErrorCode == 0 { - return false, nil - } // ignore duplicate RST_STREAM frames for this stream (after checking their final offset) if s.resetRemotely { @@ -260,16 +250,6 @@ func (s *receiveStream) CloseRemote(offset protocol.ByteCount) { s.handleStreamFrame(&wire.StreamFrame{FinBit: true, Offset: offset}) } -func (s *receiveStream) onClose(offset protocol.ByteCount) { - if s.canceledRead && !s.version.UsesIETFFrameFormat() { - s.sender.queueControlFrame(&wire.RstStreamFrame{ - StreamID: s.streamID, - ByteOffset: offset, - ErrorCode: 0, - }) - } -} - func (s *receiveStream) SetReadDeadline(t time.Time) error { s.mutex.Lock() defer s.mutex.Unlock() diff --git a/receive_stream_test.go b/receive_stream_test.go index 6c9b3469..55afdaa4 100644 --- a/receive_stream_test.go +++ b/receive_stream_test.go @@ -29,7 +29,7 @@ var _ = Describe("Receive Stream", func() { BeforeEach(func() { mockSender = NewMockStreamSender(mockCtrl) mockFC = mocks.NewMockStreamFlowController(mockCtrl) - str = newReceiveStream(streamID, mockSender, mockFC, versionIETFFrames) + str = newReceiveStream(streamID, mockSender, mockFC, protocol.VersionWhatever) timeout := scaleDuration(250 * time.Millisecond) strWithTimeout = gbytes.TimeoutReader(str, timeout) @@ -485,8 +485,7 @@ var _ = Describe("Receive Stream", func() { Expect(err).ToNot(HaveOccurred()) }) - It("queues a STOP_SENDING frame, for IETF QUIC", func() { - str.version = versionIETFFrames + It("queues a STOP_SENDING frame", func() { mockSender.EXPECT().queueControlFrame(&wire.StopSendingFrame{ StreamID: streamID, ErrorCode: 1234, @@ -494,13 +493,6 @@ var _ = Describe("Receive Stream", func() { err := str.CancelRead(1234) Expect(err).ToNot(HaveOccurred()) }) - - It("doesn't queue a STOP_SENDING frame, for gQUIC", func() { - str.version = versionGQUICFrames - // no calls to mockSender.queueControlFrame - err := str.CancelRead(1234) - Expect(err).ToNot(HaveOccurred()) - }) }) Context("receiving RST_STREAM frames", func() { @@ -561,66 +553,6 @@ var _ = Describe("Receive Stream", func() { err := str.handleRstStreamFrame(rst) Expect(err).ToNot(HaveOccurred()) }) - - Context("for gQUIC", func() { - BeforeEach(func() { - str.version = versionGQUICFrames - }) - - It("unblocks Read when receiving a RST_STREAM frame with non-zero error code", func() { - mockFC.EXPECT().UpdateHighestReceived(protocol.ByteCount(42), true) - readReturned := make(chan struct{}) - go func() { - defer GinkgoRecover() - _, err := strWithTimeout.Read([]byte{0}) - Expect(err).To(MatchError("Stream 1337 was reset with error code 1234")) - Expect(err).To(BeAssignableToTypeOf(streamCanceledError{})) - Expect(err.(streamCanceledError).Canceled()).To(BeTrue()) - Expect(err.(streamCanceledError).ErrorCode()).To(Equal(protocol.ApplicationErrorCode(1234))) - close(readReturned) - }() - Consistently(readReturned).ShouldNot(BeClosed()) - mockSender.EXPECT().onStreamCompleted(streamID) - err := str.handleRstStreamFrame(rst) - Expect(err).ToNot(HaveOccurred()) - Eventually(readReturned).Should(BeClosed()) - }) - - It("continues reading until the end when receiving a RST_STREAM frame with error code 0", func() { - mockFC.EXPECT().UpdateHighestReceived(protocol.ByteCount(6), true).Times(2) - gomock.InOrder( - mockFC.EXPECT().AddBytesRead(protocol.ByteCount(4)), - mockFC.EXPECT().AddBytesRead(protocol.ByteCount(2)), - mockSender.EXPECT().onStreamCompleted(streamID), - ) - mockFC.EXPECT().MaybeQueueWindowUpdate().Times(2) - readReturned := make(chan struct{}) - go func() { - defer GinkgoRecover() - n, err := strWithTimeout.Read(make([]byte, 4)) - Expect(err).ToNot(HaveOccurred()) - Expect(n).To(Equal(4)) - n, err = strWithTimeout.Read(make([]byte, 4)) - Expect(err).To(MatchError(io.EOF)) - Expect(n).To(Equal(2)) - close(readReturned) - }() - Consistently(readReturned).ShouldNot(BeClosed()) - err := str.handleStreamFrame(&wire.StreamFrame{ - StreamID: streamID, - Data: []byte("foobar"), - FinBit: true, - }) - Expect(err).ToNot(HaveOccurred()) - err = str.handleRstStreamFrame(&wire.RstStreamFrame{ - StreamID: streamID, - ByteOffset: 6, - ErrorCode: 0, - }) - Expect(err).ToNot(HaveOccurred()) - Eventually(readReturned).Should(BeClosed()) - }) - }) }) }) diff --git a/send_stream.go b/send_stream.go index 5fc04b4d..6f5b3565 100644 --- a/send_stream.go +++ b/send_stream.go @@ -195,9 +195,7 @@ func (s *sendStream) getDataForWriting(maxBytes protocol.ByteCount) ([]byte, boo return nil, s.finishedWriting && !s.finSent } - if !s.version.IsCryptoStream(s.streamID) { - maxBytes = utils.MinByteCount(maxBytes, s.flowController.SendWindowSize()) - } + maxBytes = utils.MinByteCount(maxBytes, s.flowController.SendWindowSize()) if maxBytes == 0 { return nil, false } @@ -286,9 +284,6 @@ func (s *sendStream) handleStopSendingFrameImpl(frame *wire.StopSendingFrame) bo error: fmt.Errorf("Stream %d was reset with error code %d", s.streamID, frame.ErrorCode), } errorCode := errorCodeStopping - if !s.version.UsesIETFFrameFormat() { - errorCode = errorCodeStoppingGQUIC - } completed, _ := s.cancelWriteImpl(errorCode, writeErr) return completed } diff --git a/server.go b/server.go index d9af6a43..1902f8f2 100644 --- a/server.go +++ b/server.go @@ -1,6 +1,7 @@ package quic import ( + "bytes" "crypto/tls" "errors" "fmt" @@ -9,7 +10,6 @@ import ( "sync" "time" - "github.com/lucas-clemente/quic-go/internal/crypto" "github.com/lucas-clemente/quic-go/internal/handshake" "github.com/lucas-clemente/quic-go/internal/protocol" "github.com/lucas-clemente/quic-go/internal/utils" @@ -73,14 +73,13 @@ type server struct { // If it is started with Listen, we take a packet conn as a parameter. createdPacketConn bool - supportsTLS bool - serverTLS *serverTLS - - certChain crypto.CertChain - scfg *handshake.ServerConfig + cookieGenerator *handshake.CookieGenerator sessionHandler packetHandlerManager + // set as a member, so they can be set in the tests + newSession func(connection, sessionRunner, protocol.ConnectionID /* original connection ID */, protocol.ConnectionID /* destination connection ID */, protocol.ConnectionID /* source connection ID */, protocol.PacketNumber, *Config, *tls.Config, *handshake.TransportParameters, utils.Logger, protocol.VersionNumber) (quicSession, error) + serverError error errorChan chan struct{} closed bool @@ -88,8 +87,6 @@ type server struct { sessionQueue chan Session sessionRunner sessionRunner - // set as a member, so they can be set in the tests - newSession func(connection, sessionRunner, protocol.VersionNumber, protocol.ConnectionID, protocol.ConnectionID, *handshake.ServerConfig, *tls.Config, *Config, utils.Logger) (quicSession, error) logger utils.Logger } @@ -123,27 +120,11 @@ func Listen(conn net.PacketConn, tlsConf *tls.Config, config *Config) (Listener, } func listen(conn net.PacketConn, tlsConf *tls.Config, config *Config) (*server, error) { - certChain := crypto.NewCertChain(tlsConf) - kex, err := crypto.NewCurve25519KEX() - if err != nil { - return nil, err - } - scfg, err := handshake.NewServerConfig(kex, certChain) - if err != nil { - return nil, err - } config = populateServerConfig(config) - - var supportsTLS bool for _, v := range config.Versions { if !protocol.IsValidVersion(v) { return nil, fmt.Errorf("%s is not a valid QUIC version", v) } - // check if any of the supported versions supports TLS - if v.UsesTLS() { - supportsTLS = true - break - } } sessionHandler, err := getMultiplexer().AddConn(conn, config.ConnectionIDLength) @@ -154,53 +135,30 @@ func listen(conn net.PacketConn, tlsConf *tls.Config, config *Config) (*server, conn: conn, tlsConf: tlsConf, config: config, - certChain: certChain, - scfg: scfg, - newSession: newSession, sessionHandler: sessionHandler, sessionQueue: make(chan Session, 5), errorChan: make(chan struct{}), - supportsTLS: supportsTLS, + newSession: newSession, logger: utils.DefaultLogger.WithPrefix("server"), } - s.setup() - if supportsTLS { - if err := s.setupTLS(); err != nil { - return nil, err - } + if err := s.setup(); err != nil { + return nil, err } sessionHandler.SetServer(s) s.logger.Debugf("Listening for %s connections on %s", conn.LocalAddr().Network(), conn.LocalAddr().String()) return s, nil } -func (s *server) setup() { +func (s *server) setup() error { s.sessionRunner = &runner{ onHandshakeCompleteImpl: func(sess Session) { s.sessionQueue <- sess }, removeConnectionIDImpl: s.sessionHandler.Remove, } -} - -func (s *server) setupTLS() error { - serverTLS, sessionChan, err := newServerTLS(s.conn, s.config, s.sessionRunner, s.tlsConf, s.logger) + cookieGenerator, err := handshake.NewCookieGenerator() if err != nil { return err } - s.serverTLS = serverTLS - // handle TLS connection establishment statelessly - go func() { - for { - select { - case <-s.errorChan: - return - case tlsSession := <-sessionChan: - // The connection ID is a randomly chosen value. - // It is safe to assume that it doesn't collide with other randomly chosen values. - serverSession := newServerSession(tlsSession.sess, s.config, s.logger) - s.sessionHandler.Add(tlsSession.connID, serverSession) - } - } - }() + s.cookieGenerator = cookieGenerator return nil } @@ -269,11 +227,6 @@ func populateServerConfig(config *Config) *Config { if connIDLen == 0 { connIDLen = protocol.DefaultConnectionIDLength } - for _, v := range versions { - if v == protocol.Version44 { - connIDLen = protocol.ConnectionIDLenGQUIC - } - } return &Config{ Versions: versions, @@ -350,54 +303,134 @@ func (s *server) handlePacket(p *receivedPacket) { func (s *server) handlePacketImpl(p *receivedPacket) error { hdr := p.header - if hdr.VersionFlag || hdr.IsLongHeader { + if hdr.IsLongHeader { // send a Version Negotiation Packet if the client is speaking a different protocol version if !protocol.IsSupportedVersion(s.config.Versions, hdr.Version) { return s.sendVersionNegotiationPacket(p) } } - if hdr.Type == protocol.PacketTypeInitial && hdr.Version.UsesTLS() { - go s.serverTLS.HandleInitial(p) - return nil + if hdr.Type == protocol.PacketTypeInitial { + go s.handleInitial(p) + } + // TODO(#943): send Stateless Reset + return nil +} + +func (s *server) handleInitial(p *receivedPacket) { + // TODO: add a check that DestConnID == SrcConnID + s.logger.Debugf("<- Received Initial packet.") + sess, connID, err := s.handleInitialImpl(p) + if err != nil { + s.logger.Errorf("Error occurred handling initial packet: %s", err) + return + } + if sess == nil { // a retry was done + return + } + serverSession := newServerSession(sess, s.config, s.logger) + s.sessionHandler.Add(connID, serverSession) +} + +func (s *server) handleInitialImpl(p *receivedPacket) (quicSession, protocol.ConnectionID, error) { + hdr := p.header + if len(hdr.Token) == 0 && hdr.DestConnectionID.Len() < protocol.MinConnectionIDLenInitial { + return nil, nil, errors.New("dropping Initial packet with too short connection ID") + } + if len(hdr.Raw)+len(p.data) < protocol.MinInitialPacketSize { + return nil, nil, errors.New("dropping too small Initial packet") } - // TODO(#943): send Stateless Reset, if this an IETF QUIC packet - if !hdr.VersionFlag && !hdr.Version.UsesIETFHeaderFormat() { - _, err := s.conn.WriteTo(wire.WritePublicReset(hdr.DestConnectionID, 0, 0), p.remoteAddr) - return err + var cookie *handshake.Cookie + if len(hdr.Token) > 0 { + c, err := s.cookieGenerator.DecodeToken(hdr.Token) + if err == nil { + cookie = c + } + } + if !s.config.AcceptCookie(p.remoteAddr, cookie) { + // Log the Initial packet now. + // If no Retry is sent, the packet will be logged by the session. + p.header.Log(s.logger) + return nil, nil, s.sendRetry(p.remoteAddr, hdr) } - // This is (potentially) a Client Hello. - // Make sure it has the minimum required size before spending any more ressources on it. - if len(p.data) < protocol.MinClientHelloSize { - return errors.New("dropping small packet for unknown connection") + connID, err := protocol.GenerateConnectionID(s.config.ConnectionIDLength) + if err != nil { + return nil, nil, err } + s.logger.Debugf("Changing connection ID to %s.", connID) + sess, err := s.createNewSession(p.remoteAddr, hdr.DestConnectionID, hdr.SrcConnectionID, connID, hdr.Version) + if err != nil { + return nil, nil, err + } + sess.handlePacket(p) + return sess, connID, nil +} - var destConnID, srcConnID protocol.ConnectionID - if hdr.Version.UsesIETFHeaderFormat() { - srcConnID = hdr.DestConnectionID - } else { - destConnID = hdr.DestConnectionID - srcConnID = hdr.DestConnectionID +func (s *server) createNewSession( + remoteAddr net.Addr, + origConnID protocol.ConnectionID, + destConnID protocol.ConnectionID, + srcConnID protocol.ConnectionID, + version protocol.VersionNumber, +) (quicSession, error) { + params := &handshake.TransportParameters{ + StreamFlowControlWindow: protocol.ReceiveStreamFlowControlWindow, + ConnectionFlowControlWindow: protocol.ReceiveConnectionFlowControlWindow, + IdleTimeout: s.config.IdleTimeout, + MaxBidiStreams: uint16(s.config.MaxIncomingStreams), + MaxUniStreams: uint16(s.config.MaxIncomingUniStreams), + DisableMigration: true, + // TODO(#855): generate a real token + StatelessResetToken: bytes.Repeat([]byte{42}, 16), } - s.logger.Infof("Serving new connection: %s, version %s from %v", hdr.DestConnectionID, hdr.Version, p.remoteAddr) sess, err := s.newSession( - &conn{pconn: s.conn, currentAddr: p.remoteAddr}, + &conn{pconn: s.conn, currentAddr: remoteAddr}, s.sessionRunner, - hdr.Version, + origConnID, destConnID, srcConnID, - s.scfg, - s.tlsConf, + 1, s.config, + s.tlsConf, + params, s.logger, + version, ) + if err != nil { + return nil, err + } + go sess.run() + return sess, nil +} + +func (s *server) sendRetry(remoteAddr net.Addr, hdr *wire.Header) error { + token, err := s.cookieGenerator.NewToken(remoteAddr) if err != nil { return err } - s.sessionHandler.Add(hdr.DestConnectionID, newServerSession(sess, s.config, s.logger)) - go sess.run() - sess.handlePacket(p) + connID, err := protocol.GenerateConnectionID(s.config.ConnectionIDLength) + if err != nil { + return err + } + replyHdr := &wire.Header{ + IsLongHeader: true, + Type: protocol.PacketTypeRetry, + Version: hdr.Version, + SrcConnectionID: connID, + DestConnectionID: hdr.SrcConnectionID, + OrigDestConnectionID: hdr.DestConnectionID, + Token: token, + } + s.logger.Debugf("Changing connection ID to %s.\n-> Sending Retry", connID) + replyHdr.Log(s.logger) + buf := &bytes.Buffer{} + if err := replyHdr.Write(buf, protocol.PerspectiveServer, hdr.Version); err != nil { + return err + } + if _, err := s.conn.WriteTo(buf.Bytes(), remoteAddr); err != nil { + s.logger.Debugf("Error sending Retry: %s", err) + } return nil } @@ -405,16 +438,10 @@ func (s *server) sendVersionNegotiationPacket(p *receivedPacket) error { hdr := p.header s.logger.Debugf("Client offered version %s, sending VersionNegotiationPacket", hdr.Version) - var data []byte - if hdr.IsPublicHeader { - data = wire.ComposeGQUICVersionNegotiation(hdr.DestConnectionID, s.config.Versions) - } else { - var err error - data, err = wire.ComposeVersionNegotiation(hdr.SrcConnectionID, hdr.DestConnectionID, s.config.Versions) - if err != nil { - return err - } + data, err := wire.ComposeVersionNegotiation(hdr.SrcConnectionID, hdr.DestConnectionID, s.config.Versions) + if err != nil { + return err } - _, err := s.conn.WriteTo(data, p.remoteAddr) + _, err = s.conn.WriteTo(data, p.remoteAddr) return err } diff --git a/server_session.go b/server_session.go index 8688cd05..0ba04680 100644 --- a/server_session.go +++ b/server_session.go @@ -33,20 +33,16 @@ func (s *serverSession) handlePacket(p *receivedPacket) { func (s *serverSession) handlePacketImpl(p *receivedPacket) error { hdr := p.header - // ignore all Public Reset packets - if hdr.ResetFlag { - return fmt.Errorf("Received unexpected Public Reset for connection %s", hdr.DestConnectionID) - } // Probably an old packet that was sent by the client before the version was negotiated. // It is safe to drop it. - if (hdr.VersionFlag || hdr.IsLongHeader) && hdr.Version != s.quicSession.GetVersion() { + if hdr.IsLongHeader && hdr.Version != s.quicSession.GetVersion() { return nil } if hdr.IsLongHeader { switch hdr.Type { - case protocol.PacketTypeInitial, protocol.PacketTypeHandshake, protocol.PacketType0RTT: // 0-RTT accepted for gQUIC 44 + case protocol.PacketTypeInitial, protocol.PacketTypeHandshake: // nothing to do here. Packet will be passed to the session. default: // Note that this also drops 0-RTT packets. diff --git a/server_session_test.go b/server_session_test.go index 4486d7e4..7d6fbc63 100644 --- a/server_session_test.go +++ b/server_session_test.go @@ -28,32 +28,7 @@ var _ = Describe("Server Session", func() { sess.handlePacket(p) }) - It("ignores Public Resets", func() { - p := &receivedPacket{ - header: &wire.Header{ - ResetFlag: true, - DestConnectionID: protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef}, - }, - } - err := sess.handlePacketImpl(p) - Expect(err).To(MatchError("Received unexpected Public Reset for connection 0xdeadbeef")) - }) - - It("ignores delayed packets with mismatching versions, for gQUIC", func() { - qsess.EXPECT().GetVersion().Return(protocol.VersionNumber(100)) - // don't EXPECT any calls to handlePacket() - p := &receivedPacket{ - header: &wire.Header{ - VersionFlag: true, - Version: protocol.VersionNumber(123), - DestConnectionID: protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef}, - }, - } - err := sess.handlePacketImpl(p) - Expect(err).ToNot(HaveOccurred()) - }) - - It("ignores delayed packets with mismatching versions, for IETF QUIC", func() { + It("ignores delayed packets with mismatching versions", func() { qsess.EXPECT().GetVersion().Return(protocol.VersionNumber(100)) // don't EXPECT any calls to handlePacket() p := &receivedPacket{ diff --git a/server_test.go b/server_test.go index dd418e5d..16c7eb05 100644 --- a/server_test.go +++ b/server_test.go @@ -8,10 +8,8 @@ import ( "reflect" "time" - "github.com/golang/mock/gomock" "github.com/lucas-clemente/quic-go/internal/handshake" "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/testdata" "github.com/lucas-clemente/quic-go/internal/utils" "github.com/lucas-clemente/quic-go/internal/wire" @@ -19,420 +17,17 @@ import ( . "github.com/onsi/gomega" ) -type mockSession struct { - *MockQuicSession - - connID protocol.ConnectionID - runner sessionRunner -} - -func (s *mockSession) GetPerspective() protocol.Perspective { panic("not implemented") } - var _ = Describe("Server", func() { - var ( - conn *mockPacketConn - config *Config - udpAddr = &net.UDPAddr{IP: net.IPv4(192, 168, 100, 200), Port: 1337} - ) + var conn *mockPacketConn BeforeEach(func() { conn = newMockPacketConn() conn.addr = &net.UDPAddr{} - config = &Config{Versions: protocol.SupportedVersions} - }) - - Context("quic.Config", func() { - It("setups with the right values", func() { - config := &Config{ - HandshakeTimeout: 1337 * time.Minute, - IdleTimeout: 42 * time.Hour, - RequestConnectionIDOmission: true, - MaxIncomingStreams: 1234, - MaxIncomingUniStreams: 4321, - ConnectionIDLength: 12, - Versions: []protocol.VersionNumber{VersionGQUIC43}, - } - c := populateServerConfig(config) - Expect(c.HandshakeTimeout).To(Equal(1337 * time.Minute)) - Expect(c.IdleTimeout).To(Equal(42 * time.Hour)) - Expect(c.RequestConnectionIDOmission).To(BeFalse()) - Expect(c.MaxIncomingStreams).To(Equal(1234)) - Expect(c.MaxIncomingUniStreams).To(Equal(4321)) - Expect(c.ConnectionIDLength).To(Equal(12)) - Expect(c.Versions).To(Equal([]protocol.VersionNumber{VersionGQUIC43})) - }) - - It("uses 8 byte connection IDs if gQUIC 44 is supported", func() { - config := &Config{ - Versions: []protocol.VersionNumber{protocol.Version43, protocol.Version44}, - ConnectionIDLength: 13, - } - c := populateServerConfig(config) - Expect(c.Versions).To(Equal([]protocol.VersionNumber{protocol.Version43, protocol.Version44})) - Expect(c.ConnectionIDLength).To(Equal(8)) - }) - - It("uses 4 byte connection IDs by default, if gQUIC 44 is not supported", func() { - config := &Config{ - Versions: []protocol.VersionNumber{protocol.Version39}, - } - c := populateServerConfig(config) - Expect(c.ConnectionIDLength).To(Equal(protocol.DefaultConnectionIDLength)) - }) - - It("disables bidirectional streams", func() { - config := &Config{ - MaxIncomingStreams: -1, - MaxIncomingUniStreams: 4321, - } - c := populateServerConfig(config) - Expect(c.MaxIncomingStreams).To(BeZero()) - Expect(c.MaxIncomingUniStreams).To(Equal(4321)) - }) - - It("disables unidirectional streams", func() { - config := &Config{ - MaxIncomingStreams: 1234, - MaxIncomingUniStreams: -1, - } - c := populateServerConfig(config) - Expect(c.MaxIncomingStreams).To(Equal(1234)) - Expect(c.MaxIncomingUniStreams).To(BeZero()) - }) - }) - - Context("with mock session", func() { - var ( - serv *server - firstPacket *receivedPacket - connID = protocol.ConnectionID{0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6} - sessions = make([]*MockQuicSession, 0) - sessionHandler *MockPacketHandlerManager - ) - - BeforeEach(func() { - sessionHandler = NewMockPacketHandlerManager(mockCtrl) - newMockSession := func( - _ connection, - runner sessionRunner, - _ protocol.VersionNumber, - connID protocol.ConnectionID, - _ protocol.ConnectionID, - _ *handshake.ServerConfig, - _ *tls.Config, - _ *Config, - _ utils.Logger, - ) (quicSession, error) { - ExpectWithOffset(0, sessions).ToNot(BeEmpty()) - s := &mockSession{MockQuicSession: sessions[0]} - s.connID = connID - s.runner = runner - sessions = sessions[1:] - return s, nil - } - serv = &server{ - sessionHandler: sessionHandler, - newSession: newMockSession, - conn: conn, - config: config, - sessionQueue: make(chan Session, 5), - errorChan: make(chan struct{}), - logger: utils.DefaultLogger, - } - serv.setup() - b := &bytes.Buffer{} - utils.BigEndian.WriteUint32(b, uint32(protocol.SupportedVersions[0])) - firstPacket = &receivedPacket{ - header: &wire.Header{ - VersionFlag: true, - Version: serv.config.Versions[0], - DestConnectionID: protocol.ConnectionID{0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6}, - PacketNumber: 1, - }, - data: bytes.Repeat([]byte{0}, protocol.MinClientHelloSize), - rcvTime: time.Now(), - } - }) - - AfterEach(func() { - Expect(sessions).To(BeEmpty()) - }) - - It("returns the address", func() { - conn.addr = &net.UDPAddr{ - IP: net.IPv4(192, 168, 13, 37), - Port: 1234, - } - Expect(serv.Addr().String()).To(Equal("192.168.13.37:1234")) - }) - - It("creates new sessions", func() { - s := NewMockQuicSession(mockCtrl) - s.EXPECT().handlePacket(gomock.Any()) - run := make(chan struct{}) - s.EXPECT().run().Do(func() { close(run) }) - sessions = append(sessions, s) - - sessionHandler.EXPECT().Add(connID, gomock.Any()).Do(func(cid protocol.ConnectionID, _ packetHandler) { - Expect(cid).To(Equal(connID)) - }) - Expect(serv.handlePacketImpl(firstPacket)).To(Succeed()) - Eventually(run).Should(BeClosed()) - }) - - It("accepts new TLS sessions", func() { - connID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8} - sess := NewMockQuicSession(mockCtrl) - err := serv.setupTLS() - Expect(err).ToNot(HaveOccurred()) - added := make(chan struct{}) - sessionHandler.EXPECT().Add(connID, gomock.Any()).Do(func(_ protocol.ConnectionID, ph packetHandler) { - Expect(ph.GetPerspective()).To(Equal(protocol.PerspectiveServer)) - close(added) - }) - serv.serverTLS.sessionChan <- tlsSession{ - connID: connID, - sess: sess, - } - Eventually(added).Should(BeClosed()) - }) - - It("accepts a session once the connection it is forward secure", func() { - s := NewMockQuicSession(mockCtrl) - s.EXPECT().handlePacket(gomock.Any()) - run := make(chan struct{}) - s.EXPECT().run().Do(func() { close(run) }) - sessions = append(sessions, s) - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - _, err := serv.Accept() - Expect(err).ToNot(HaveOccurred()) - close(done) - }() - sessionHandler.EXPECT().Add(connID, gomock.Any()).Do(func(_ protocol.ConnectionID, sess packetHandler) { - Consistently(done).ShouldNot(BeClosed()) - sess.(*serverSession).quicSession.(*mockSession).runner.onHandshakeComplete(sess.(Session)) - }) - err := serv.handlePacketImpl(firstPacket) - Expect(err).ToNot(HaveOccurred()) - Eventually(done).Should(BeClosed()) - Eventually(run).Should(BeClosed()) - }) - - It("doesn't accept sessions that error during the handshake", func() { - run := make(chan error, 1) - sess := NewMockQuicSession(mockCtrl) - sess.EXPECT().handlePacket(gomock.Any()) - sess.EXPECT().run().DoAndReturn(func() error { return <-run }) - sessions = append(sessions, sess) - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - serv.Accept() - close(done) - }() - sessionHandler.EXPECT().Add(connID, gomock.Any()).Do(func(protocol.ConnectionID, packetHandler) { - run <- errors.New("handshake error") - }) - Expect(serv.handlePacketImpl(firstPacket)).To(Succeed()) - Consistently(done).ShouldNot(BeClosed()) - - // make the go routine return - close(serv.errorChan) - Eventually(done).Should(BeClosed()) - }) - - It("closes the sessionHandler when Close is called", func() { - sessionHandler.EXPECT().CloseServer() - Expect(serv.Close()).To(Succeed()) - }) - - It("closes twice", func() { - sessionHandler.EXPECT().CloseServer() - Expect(serv.Close()).To(Succeed()) - Expect(serv.Close()).To(Succeed()) - }) - - It("works if no quic.Config is given", func() { - ln, err := ListenAddr("127.0.0.1:0", testdata.GetTLSConfig(), nil) - Expect(err).ToNot(HaveOccurred()) - // stop the listener - Expect(ln.Close()).To(Succeed()) - }) - - It("closes properly", func() { - ln, err := ListenAddr("127.0.0.1:0", testdata.GetTLSConfig(), config) - Expect(err).ToNot(HaveOccurred()) - - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - ln.Accept() - close(done) - }() - Expect(ln.Close()).To(Succeed()) - Eventually(done).Should(BeClosed()) - }) - - It("closes the connection when it was created with ListenAddr", func() { - addr, err := net.ResolveUDPAddr("udp", "localhost:12345") - Expect(err).ToNot(HaveOccurred()) - - serv, err := ListenAddr("localhost:0", nil, nil) - Expect(err).ToNot(HaveOccurred()) - // test that we can write on the packet conn - _, err = serv.(*server).conn.WriteTo([]byte("foobar"), addr) - Expect(err).ToNot(HaveOccurred()) - Expect(serv.Close()).To(Succeed()) - // test that we can't write any more on the packet conn - _, err = serv.(*server).conn.WriteTo([]byte("foobar"), addr) - Expect(err.Error()).To(ContainSubstring("use of closed network connection")) - }) - - It("returns Accept when it is closed", func() { - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - _, err := serv.Accept() - Expect(err).To(MatchError("server closed")) - close(done) - }() - sessionHandler.EXPECT().CloseServer() - Expect(serv.Close()).To(Succeed()) - Eventually(done).Should(BeClosed()) - }) - - It("returns Accept with the right error when closeWithError is called", func() { - testErr := errors.New("connection error") - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - _, err := serv.Accept() - Expect(err).To(MatchError(testErr)) - close(done) - }() - sessionHandler.EXPECT().CloseServer() - serv.closeWithError(testErr) - Eventually(done).Should(BeClosed()) - }) - - It("doesn't try to process a packet after sending a gQUIC Version Negotiation Packet", func() { - config.Versions = []protocol.VersionNumber{99} - p := &receivedPacket{ - header: &wire.Header{ - VersionFlag: true, - DestConnectionID: connID, - PacketNumber: 1, - PacketNumberLen: protocol.PacketNumberLen2, - }, - data: make([]byte, protocol.MinClientHelloSize), - } - Expect(serv.handlePacketImpl(p)).To(Succeed()) - Expect(conn.dataWritten.Bytes()).ToNot(BeEmpty()) - }) - - It("sends a PUBLIC_RESET for new connections that don't have the VersionFlag set", func() { - err := serv.handlePacketImpl(&receivedPacket{ - remoteAddr: udpAddr, - header: &wire.Header{ - IsPublicHeader: true, - Version: versionGQUICFrames, - }, - }) - Expect(err).ToNot(HaveOccurred()) - - Expect(conn.dataWritten.Len()).ToNot(BeZero()) - Expect(conn.dataWrittenTo).To(Equal(udpAddr)) - Expect(conn.dataWritten.Bytes()[0] & 0x02).ToNot(BeZero()) // check that the ResetFlag is set - }) - - It("sends a gQUIC Version Negotaion Packet, if the client sent a gQUIC Public Header", func() { - connID := protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1} - err := serv.handlePacketImpl(&receivedPacket{ - remoteAddr: udpAddr, - header: &wire.Header{ - IsPublicHeader: true, - VersionFlag: true, - DestConnectionID: connID, - PacketNumber: 1, - PacketNumberLen: protocol.PacketNumberLen2, - Version: protocol.Version39 - 1, - }, - }) - Expect(err).ToNot(HaveOccurred()) - - Expect(conn.dataWritten.Len()).ToNot(BeZero()) - Expect(conn.dataWrittenTo).To(Equal(udpAddr)) - r := bytes.NewReader(conn.dataWritten.Bytes()) - iHdr, err := wire.ParseInvariantHeader(r, 0) - Expect(err).ToNot(HaveOccurred()) - Expect(iHdr.IsLongHeader).To(BeFalse()) - replyHdr, err := iHdr.Parse(r, protocol.PerspectiveServer, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(replyHdr.IsVersionNegotiation).To(BeTrue()) - Expect(replyHdr.DestConnectionID).To(Equal(connID)) - Expect(r.Len()).To(BeZero()) - }) - - It("sends an IETF draft style Version Negotaion Packet, if the client sent a IETF draft style header", func() { - connID := protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1} - err := serv.handlePacketImpl(&receivedPacket{ - remoteAddr: udpAddr, - header: &wire.Header{ - Type: protocol.PacketTypeInitial, - IsLongHeader: true, - DestConnectionID: connID, - SrcConnectionID: connID, - PacketNumber: 0x55, - PacketNumberLen: protocol.PacketNumberLen1, - Version: 0x1234, - PayloadLen: protocol.MinInitialPacketSize, - }, - }) - Expect(err).ToNot(HaveOccurred()) - - Expect(conn.dataWritten.Len()).ToNot(BeZero()) - Expect(conn.dataWrittenTo).To(Equal(udpAddr)) - r := bytes.NewReader(conn.dataWritten.Bytes()) - iHdr, err := wire.ParseInvariantHeader(r, 0) - Expect(err).ToNot(HaveOccurred()) - replyHdr, err := iHdr.Parse(r, protocol.PerspectiveServer, versionIETFFrames) - Expect(err).ToNot(HaveOccurred()) - Expect(replyHdr.IsVersionNegotiation).To(BeTrue()) - Expect(replyHdr.DestConnectionID).To(Equal(connID)) - Expect(replyHdr.SrcConnectionID).To(Equal(connID)) - Expect(r.Len()).To(BeZero()) - }) - }) - - It("setups with the right values", func() { - supportedVersions := []protocol.VersionNumber{protocol.VersionTLS, protocol.Version39} - acceptCookie := func(_ net.Addr, _ *Cookie) bool { return true } - config := Config{ - Versions: supportedVersions, - AcceptCookie: acceptCookie, - HandshakeTimeout: 1337 * time.Hour, - IdleTimeout: 42 * time.Minute, - KeepAlive: true, - } - ln, err := Listen(conn, &tls.Config{}, &config) - Expect(err).ToNot(HaveOccurred()) - server := ln.(*server) - Expect(server.sessionHandler).ToNot(BeNil()) - Expect(server.scfg).ToNot(BeNil()) - Expect(server.config.Versions).To(Equal(supportedVersions)) - Expect(server.config.HandshakeTimeout).To(Equal(1337 * time.Hour)) - Expect(server.config.IdleTimeout).To(Equal(42 * time.Minute)) - Expect(reflect.ValueOf(server.config.AcceptCookie)).To(Equal(reflect.ValueOf(acceptCookie))) - Expect(server.config.KeepAlive).To(BeTrue()) - // stop the listener - Expect(ln.Close()).To(Succeed()) }) It("errors when the Config contains an invalid version", func() { version := protocol.VersionNumber(0x1234) - _, err := Listen(conn, &tls.Config{}, &Config{Versions: []protocol.VersionNumber{version}}) + _, err := Listen(nil, &tls.Config{}, &Config{Versions: []protocol.VersionNumber{version}}) Expect(err).To(MatchError("0x1234 is not a valid QUIC version")) }) @@ -449,9 +44,32 @@ var _ = Describe("Server", func() { Expect(ln.Close()).To(Succeed()) }) + It("setups with the right values", func() { + supportedVersions := []protocol.VersionNumber{protocol.VersionTLS} + acceptCookie := func(_ net.Addr, _ *Cookie) bool { return true } + config := Config{ + Versions: supportedVersions, + AcceptCookie: acceptCookie, + HandshakeTimeout: 1337 * time.Hour, + IdleTimeout: 42 * time.Minute, + KeepAlive: true, + } + ln, err := Listen(conn, &tls.Config{}, &config) + Expect(err).ToNot(HaveOccurred()) + server := ln.(*server) + Expect(server.sessionHandler).ToNot(BeNil()) + Expect(server.config.Versions).To(Equal(supportedVersions)) + Expect(server.config.HandshakeTimeout).To(Equal(1337 * time.Hour)) + Expect(server.config.IdleTimeout).To(Equal(42 * time.Minute)) + Expect(reflect.ValueOf(server.config.AcceptCookie)).To(Equal(reflect.ValueOf(acceptCookie))) + Expect(server.config.KeepAlive).To(BeTrue()) + // stop the listener + Expect(ln.Close()).To(Succeed()) + }) + It("listens on a given address", func() { addr := "127.0.0.1:13579" - ln, err := ListenAddr(addr, nil, config) + ln, err := ListenAddr(addr, nil, &Config{}) Expect(err).ToNot(HaveOccurred()) serv := ln.(*server) Expect(serv.Addr().String()).To(Equal(addr)) @@ -461,15 +79,294 @@ var _ = Describe("Server", func() { It("errors if given an invalid address", func() { addr := "127.0.0.1" - _, err := ListenAddr(addr, nil, config) + _, err := ListenAddr(addr, nil, &Config{}) Expect(err).To(BeAssignableToTypeOf(&net.AddrError{})) }) It("errors if given an invalid address", func() { addr := "1.1.1.1:1111" - _, err := ListenAddr(addr, nil, config) + _, err := ListenAddr(addr, nil, &Config{}) Expect(err).To(BeAssignableToTypeOf(&net.OpError{})) }) + + Context("handling packets", func() { + var serv *server + + BeforeEach(func() { + ln, err := Listen(conn, nil, nil) + Expect(err).ToNot(HaveOccurred()) + serv = ln.(*server) + }) + + parseHeader := func(data []byte) *wire.Header { + b := bytes.NewReader(data) + iHdr, err := wire.ParseInvariantHeader(b, 0) + Expect(err).ToNot(HaveOccurred()) + hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, protocol.VersionTLS) + Expect(err).ToNot(HaveOccurred()) + return hdr + } + + It("drops Initial packets with a too short connection ID", func() { + serv.handlePacket(&receivedPacket{ + header: &wire.Header{ + IsLongHeader: true, + Type: protocol.PacketTypeInitial, + DestConnectionID: protocol.ConnectionID{1, 2, 3, 4}, + Version: serv.config.Versions[0], + }, + }) + Expect(conn.dataWritten.Len()).To(BeZero()) + }) + + It("drops too small Initial", func() { + serv.handlePacket(&receivedPacket{ + header: &wire.Header{ + IsLongHeader: true, + Type: protocol.PacketTypeInitial, + DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, + Version: serv.config.Versions[0], + }, + data: bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize-100), + }) + Expect(conn.dataWritten.Len()).To(BeZero()) + }) + + It("drops packets with a too short connection ID", func() { + hdr := &wire.Header{ + SrcConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, + DestConnectionID: protocol.ConnectionID{1, 2, 3, 4}, + PacketNumberLen: protocol.PacketNumberLen1, + } + serv.handlePacket(&receivedPacket{ + header: hdr, + data: bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize), + }) + Expect(conn.dataWritten.Len()).To(BeZero()) + }) + + It("drops non-Initial packets", func() { + serv.logger.SetLogLevel(utils.LogLevelDebug) + serv.handlePacket(&receivedPacket{ + header: &wire.Header{Type: protocol.PacketTypeHandshake}, + data: []byte("invalid"), + }) + }) + + It("decodes the cookie from the Token field", func() { + raddr := &net.UDPAddr{ + IP: net.IPv4(192, 168, 13, 37), + Port: 1337, + } + done := make(chan struct{}) + serv.config.AcceptCookie = func(addr net.Addr, cookie *Cookie) bool { + Expect(addr).To(Equal(raddr)) + Expect(cookie).ToNot(BeNil()) + close(done) + return false + } + token, err := serv.cookieGenerator.NewToken(raddr) + Expect(err).ToNot(HaveOccurred()) + serv.handlePacket(&receivedPacket{ + remoteAddr: raddr, + header: &wire.Header{ + Type: protocol.PacketTypeInitial, + Token: token, + }, + data: bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize), + }) + Eventually(done).Should(BeClosed()) + }) + + It("passes an empty cookie to the callback, if decoding fails", func() { + raddr := &net.UDPAddr{ + IP: net.IPv4(192, 168, 13, 37), + Port: 1337, + } + done := make(chan struct{}) + serv.config.AcceptCookie = func(addr net.Addr, cookie *Cookie) bool { + Expect(addr).To(Equal(raddr)) + Expect(cookie).To(BeNil()) + close(done) + return false + } + serv.handlePacket(&receivedPacket{ + remoteAddr: raddr, + header: &wire.Header{ + Type: protocol.PacketTypeInitial, + Token: []byte("foobar"), + }, + data: bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize), + }) + Eventually(done).Should(BeClosed()) + }) + + It("sends a Version Negotiation Packet for unsupported versions", func() { + srcConnID := protocol.ConnectionID{1, 2, 3, 4, 5} + destConnID := protocol.ConnectionID{1, 2, 3, 4, 5, 6} + serv.handlePacket(&receivedPacket{ + header: &wire.Header{ + IsLongHeader: true, + SrcConnectionID: srcConnID, + DestConnectionID: destConnID, + Type: protocol.PacketTypeInitial, + Version: 0x42, + }, + }) + Expect(conn.dataWritten.Len()).ToNot(BeZero()) + hdr := parseHeader(conn.dataWritten.Bytes()) + Expect(hdr.IsVersionNegotiation).To(BeTrue()) + Expect(hdr.DestConnectionID).To(Equal(srcConnID)) + Expect(hdr.SrcConnectionID).To(Equal(destConnID)) + Expect(hdr.SupportedVersions).ToNot(ContainElement(protocol.VersionNumber(0x42))) + }) + + It("replies with a Retry packet, if a Cookie is required", func() { + serv.config.AcceptCookie = func(_ net.Addr, _ *handshake.Cookie) bool { return false } + hdr := &wire.Header{ + Type: protocol.PacketTypeInitial, + SrcConnectionID: protocol.ConnectionID{5, 4, 3, 2, 1}, + DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10}, + Version: protocol.VersionTLS, + } + serv.handleInitial(&receivedPacket{ + remoteAddr: &net.UDPAddr{}, + header: hdr, + data: bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize), + }) + Expect(conn.dataWritten.Len()).ToNot(BeZero()) + replyHdr := parseHeader(conn.dataWritten.Bytes()) + Expect(replyHdr.Type).To(Equal(protocol.PacketTypeRetry)) + Expect(replyHdr.SrcConnectionID).ToNot(Equal(hdr.DestConnectionID)) + Expect(replyHdr.DestConnectionID).To(Equal(hdr.SrcConnectionID)) + Expect(replyHdr.OrigDestConnectionID).To(Equal(hdr.DestConnectionID)) + Expect(replyHdr.Token).ToNot(BeEmpty()) + }) + + It("creates a session, if no Cookie is required", func() { + serv.config.AcceptCookie = func(_ net.Addr, _ *handshake.Cookie) bool { return true } + hdr := &wire.Header{ + Type: protocol.PacketTypeInitial, + SrcConnectionID: protocol.ConnectionID{5, 4, 3, 2, 1}, + DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10}, + Version: protocol.VersionTLS, + } + p := &receivedPacket{ + header: hdr, + data: bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize), + } + run := make(chan struct{}) + serv.newSession = func( + _ connection, + _ sessionRunner, + origConnID protocol.ConnectionID, + destConnID protocol.ConnectionID, + srcConnID protocol.ConnectionID, + _ protocol.PacketNumber, + _ *Config, + _ *tls.Config, + _ *handshake.TransportParameters, + _ utils.Logger, + _ protocol.VersionNumber, + ) (quicSession, error) { + Expect(origConnID).To(Equal(hdr.DestConnectionID)) + Expect(destConnID).To(Equal(hdr.SrcConnectionID)) + // make sure we're using a server-generated connection ID + Expect(srcConnID).ToNot(Equal(hdr.DestConnectionID)) + Expect(srcConnID).ToNot(Equal(hdr.SrcConnectionID)) + sess := NewMockQuicSession(mockCtrl) + sess.EXPECT().handlePacket(p) + sess.EXPECT().run().Do(func() { close(run) }) + return sess, nil + } + + done := make(chan struct{}) + go func() { + defer GinkgoRecover() + serv.handlePacket(p) + // the Handshake packet is written by the session + Expect(conn.dataWritten.Len()).To(BeZero()) + close(done) + }() + // make sure we're using a server-generated connection ID + Eventually(run).Should(BeClosed()) + Eventually(done).Should(BeClosed()) + }) + }) + + Context("accepting sessions", func() { + var serv *server + + BeforeEach(func() { + ln, err := Listen(conn, nil, nil) + Expect(err).ToNot(HaveOccurred()) + serv = ln.(*server) + }) + + It("returns Accept when an error occurs", func() { + testErr := errors.New("test err") + + done := make(chan struct{}) + go func() { + defer GinkgoRecover() + _, err := serv.Accept() + Expect(err).To(MatchError(testErr)) + close(done) + }() + + Expect(serv.closeWithError(testErr)).To(Succeed()) + Eventually(done).Should(BeClosed()) + }) + + It("returns immediately, if an error occurred before", func() { + testErr := errors.New("test err") + Expect(serv.closeWithError(testErr)).To(Succeed()) + for i := 0; i < 3; i++ { + _, err := serv.Accept() + Expect(err).To(MatchError(testErr)) + } + }) + + It("accepts new sessions when the handshake completes", func() { + sess := NewMockQuicSession(mockCtrl) + + done := make(chan struct{}) + go func() { + defer GinkgoRecover() + s, err := serv.Accept() + Expect(err).ToNot(HaveOccurred()) + Expect(s).To(Equal(sess)) + close(done) + }() + + completeHandshake := make(chan struct{}) + serv.newSession = func( + _ connection, + runner sessionRunner, + _ protocol.ConnectionID, + _ protocol.ConnectionID, + _ protocol.ConnectionID, + _ protocol.PacketNumber, + _ *Config, + _ *tls.Config, + _ *handshake.TransportParameters, + _ utils.Logger, + _ protocol.VersionNumber, + ) (quicSession, error) { + go func() { + <-completeHandshake + runner.onHandshakeComplete(sess) + }() + sess.EXPECT().run().Do(func() {}) + return sess, nil + } + _, err := serv.createNewSession(&net.UDPAddr{}, nil, nil, nil, protocol.VersionWhatever) + Expect(err).ToNot(HaveOccurred()) + Consistently(done).ShouldNot(BeClosed()) + close(completeHandshake) + Eventually(done).Should(BeClosed()) + }) + }) }) var _ = Describe("default source address verification", func() { diff --git a/server_tls.go b/server_tls.go deleted file mode 100644 index 794fa005..00000000 --- a/server_tls.go +++ /dev/null @@ -1,166 +0,0 @@ -package quic - -import ( - "bytes" - "crypto/tls" - "errors" - "net" - - "github.com/lucas-clemente/quic-go/internal/handshake" - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/utils" - "github.com/lucas-clemente/quic-go/internal/wire" -) - -type tlsSession struct { - connID protocol.ConnectionID - sess quicSession -} - -type serverTLS struct { - conn net.PacketConn - config *Config - tlsConf *tls.Config - params *handshake.TransportParameters - cookieGenerator *handshake.CookieGenerator - - newSession func(connection, sessionRunner, protocol.ConnectionID, protocol.ConnectionID, protocol.ConnectionID, protocol.PacketNumber, *Config, *tls.Config, *handshake.TransportParameters, utils.Logger, protocol.VersionNumber) (quicSession, error) - - sessionRunner sessionRunner - sessionChan chan<- tlsSession - - logger utils.Logger -} - -func newServerTLS( - conn net.PacketConn, - config *Config, - runner sessionRunner, - tlsConf *tls.Config, - logger utils.Logger, -) (*serverTLS, <-chan tlsSession, error) { - cookieGenerator, err := handshake.NewCookieGenerator() - if err != nil { - return nil, nil, err - } - params := &handshake.TransportParameters{ - StreamFlowControlWindow: protocol.ReceiveStreamFlowControlWindow, - ConnectionFlowControlWindow: protocol.ReceiveConnectionFlowControlWindow, - IdleTimeout: config.IdleTimeout, - MaxBidiStreams: uint16(config.MaxIncomingStreams), - MaxUniStreams: uint16(config.MaxIncomingUniStreams), - DisableMigration: true, - // TODO(#855): generate a real token - StatelessResetToken: bytes.Repeat([]byte{42}, 16), - } - - sessionChan := make(chan tlsSession) - s := &serverTLS{ - conn: conn, - config: config, - tlsConf: tlsConf, - sessionRunner: runner, - sessionChan: sessionChan, - cookieGenerator: cookieGenerator, - params: params, - newSession: newTLSServerSession, - logger: logger, - } - return s, sessionChan, nil -} - -func (s *serverTLS) HandleInitial(p *receivedPacket) { - // TODO: add a check that DestConnID == SrcConnID - s.logger.Debugf("<- Received Initial packet.") - sess, connID, err := s.handleInitialImpl(p) - if err != nil { - s.logger.Errorf("Error occurred handling initial packet: %s", err) - return - } - if sess == nil { // a stateless reset was done - return - } - s.sessionChan <- tlsSession{ - connID: connID, - sess: sess, - } -} - -func (s *serverTLS) handleInitialImpl(p *receivedPacket) (quicSession, protocol.ConnectionID, error) { - hdr := p.header - if len(hdr.Token) == 0 && hdr.DestConnectionID.Len() < protocol.MinConnectionIDLenInitial { - return nil, nil, errors.New("dropping Initial packet with too short connection ID") - } - if len(hdr.Raw)+len(p.data) < protocol.MinInitialPacketSize { - return nil, nil, errors.New("dropping too small Initial packet") - } - - var cookie *handshake.Cookie - if len(hdr.Token) > 0 { - c, err := s.cookieGenerator.DecodeToken(hdr.Token) - if err == nil { - cookie = c - } - } - if !s.config.AcceptCookie(p.remoteAddr, cookie) { - // Log the Initial packet now. - // If no Retry is sent, the packet will be logged by the session. - p.header.Log(s.logger) - return nil, nil, s.sendRetry(p.remoteAddr, hdr) - } - - connID, err := protocol.GenerateConnectionID(s.config.ConnectionIDLength) - if err != nil { - return nil, nil, err - } - s.logger.Debugf("Changing connection ID to %s.", connID) - sess, err := s.newSession( - &conn{pconn: s.conn, currentAddr: p.remoteAddr}, - s.sessionRunner, - hdr.DestConnectionID, - hdr.SrcConnectionID, - connID, - 1, - s.config, - s.tlsConf, - s.params, - s.logger, - hdr.Version, - ) - if err != nil { - return nil, nil, err - } - go sess.run() - sess.handlePacket(p) - return sess, connID, nil -} - -func (s *serverTLS) sendRetry(remoteAddr net.Addr, hdr *wire.Header) error { - token, err := s.cookieGenerator.NewToken(remoteAddr) - if err != nil { - return err - } - connID, err := protocol.GenerateConnectionID(s.config.ConnectionIDLength) - if err != nil { - return err - } - replyHdr := &wire.Header{ - IsLongHeader: true, - Type: protocol.PacketTypeRetry, - Version: hdr.Version, - SrcConnectionID: connID, - DestConnectionID: hdr.SrcConnectionID, - OrigDestConnectionID: hdr.DestConnectionID, - Token: token, - } - s.logger.Debugf("Changing connection ID to %s.\n-> Sending Retry", connID) - replyHdr.Log(s.logger) - buf := &bytes.Buffer{} - if err := replyHdr.Write(buf, protocol.PerspectiveServer, hdr.Version); err != nil { - return err - } - if _, err := s.conn.WriteTo(buf.Bytes(), remoteAddr); err != nil { - s.logger.Debugf("Error sending Retry: %s", err) - } - return nil -} diff --git a/server_tls_test.go b/server_tls_test.go deleted file mode 100644 index 7c1387c3..00000000 --- a/server_tls_test.go +++ /dev/null @@ -1,136 +0,0 @@ -package quic - -import ( - "bytes" - "crypto/tls" - "net" - - "github.com/lucas-clemente/quic-go/internal/handshake" - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/testdata" - "github.com/lucas-clemente/quic-go/internal/utils" - "github.com/lucas-clemente/quic-go/internal/wire" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Stateless TLS handling", func() { - var ( - conn *mockPacketConn - server *serverTLS - sessionChan <-chan tlsSession - ) - - BeforeEach(func() { - conn = newMockPacketConn() - config := &Config{ - Versions: []protocol.VersionNumber{protocol.VersionTLS}, - } - var err error - server, sessionChan, err = newServerTLS(conn, config, nil, testdata.GetTLSConfig(), utils.DefaultLogger) - Expect(err).ToNot(HaveOccurred()) - }) - - parseHeader := func(data []byte) *wire.Header { - b := bytes.NewReader(data) - iHdr, err := wire.ParseInvariantHeader(b, 0) - Expect(err).ToNot(HaveOccurred()) - hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, protocol.VersionTLS) - Expect(err).ToNot(HaveOccurred()) - return hdr - } - - It("drops too small packets", func() { - server.HandleInitial(&receivedPacket{ - header: &wire.Header{}, - data: bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize-1), // the packet is now 1 byte too small - }) - Expect(conn.dataWritten.Len()).To(BeZero()) - }) - - It("drops packets with a too short connection ID", func() { - hdr := &wire.Header{ - SrcConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4}, - PacketNumberLen: protocol.PacketNumberLen1, - } - server.HandleInitial(&receivedPacket{ - header: hdr, - data: bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize), - }) - Expect(conn.dataWritten.Len()).To(BeZero()) - }) - - It("replies with a Retry packet, if a Cookie is required", func() { - server.config.AcceptCookie = func(_ net.Addr, _ *handshake.Cookie) bool { return false } - hdr := &wire.Header{ - Type: protocol.PacketTypeInitial, - SrcConnectionID: protocol.ConnectionID{5, 4, 3, 2, 1}, - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10}, - Version: protocol.VersionTLS, - } - server.HandleInitial(&receivedPacket{ - remoteAddr: &net.UDPAddr{}, - header: hdr, - data: bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize), - }) - Expect(conn.dataWritten.Len()).ToNot(BeZero()) - replyHdr := parseHeader(conn.dataWritten.Bytes()) - Expect(replyHdr.Type).To(Equal(protocol.PacketTypeRetry)) - Expect(replyHdr.SrcConnectionID).ToNot(Equal(hdr.DestConnectionID)) - Expect(replyHdr.DestConnectionID).To(Equal(hdr.SrcConnectionID)) - Expect(replyHdr.OrigDestConnectionID).To(Equal(hdr.DestConnectionID)) - Expect(replyHdr.Token).ToNot(BeEmpty()) - Expect(sessionChan).ToNot(Receive()) - }) - - It("creates a session, if no Cookie is required", func() { - server.config.AcceptCookie = func(_ net.Addr, _ *handshake.Cookie) bool { return true } - hdr := &wire.Header{ - Type: protocol.PacketTypeInitial, - SrcConnectionID: protocol.ConnectionID{5, 4, 3, 2, 1}, - DestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10}, - Version: protocol.VersionTLS, - } - p := &receivedPacket{ - header: hdr, - data: bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize), - } - run := make(chan struct{}) - server.newSession = func( - connection, - sessionRunner, - protocol.ConnectionID, - protocol.ConnectionID, - protocol.ConnectionID, - protocol.PacketNumber, - *Config, - *tls.Config, - *handshake.TransportParameters, - utils.Logger, - protocol.VersionNumber, - ) (quicSession, error) { - sess := NewMockQuicSession(mockCtrl) - sess.EXPECT().handlePacket(p) - sess.EXPECT().run().Do(func() { close(run) }) - return sess, nil - } - - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - server.HandleInitial(p) - // the Handshake packet is written by the session - Expect(conn.dataWritten.Len()).To(BeZero()) - close(done) - }() - var tlsSess tlsSession - Eventually(sessionChan).Should(Receive(&tlsSess)) - // make sure we're using a server-generated connection ID - Expect(tlsSess.connID).ToNot(Equal(hdr.SrcConnectionID)) - Expect(tlsSess.connID).ToNot(Equal(hdr.DestConnectionID)) - Eventually(run).Should(BeClosed()) - Eventually(done).Should(BeClosed()) - }) -}) diff --git a/session.go b/session.go index c5cbd6be..9437bd51 100644 --- a/session.go +++ b/session.go @@ -2,7 +2,6 @@ package quic import ( "context" - "crypto/rand" "crypto/tls" "errors" "fmt" @@ -47,13 +46,10 @@ type streamManager interface { type cryptoStreamHandler interface { RunHandshake() error + io.Closer ConnectionState() handshake.ConnectionState } -type divNonceSetter interface { - SetDiversificationNonce([]byte) error -} - type receivedPacket struct { remoteAddr net.Addr header *wire.Header @@ -61,11 +57,6 @@ type receivedPacket struct { rcvTime time.Time } -var ( - newCryptoSetup = handshake.NewCryptoSetup - newCryptoSetupClient = handshake.NewCryptoSetupClient -) - type closeError struct { err error remote bool @@ -110,19 +101,9 @@ type session struct { ctx context.Context ctxCancel context.CancelFunc - // when we receive too many undecryptable packets during the handshake, we send a Public reset - // but only after a time of protocol.PublicResetTimeout has passed - undecryptablePackets []*receivedPacket - receivedTooManyUndecrytablePacketsTime time.Time + undecryptablePackets []*receivedPacket - clientHelloWritten <-chan struct{} - // This channel is passed to the CryptoSetup and receives the transport parameters, as soon as the peer sends them. - // Only used for gQUIC. - paramsChan <-chan handshake.TransportParameters - // the handshakeEvent channel is passed to the CryptoSetup. - // It receives when it makes sense to try decrypting undecryptable packets. - // Only used for gQUIC. - handshakeEvent <-chan struct{} + clientHelloWritten <-chan struct{} handshakeCompleteChan chan struct{} // is closed when the handshake completes handshakeComplete bool @@ -151,170 +132,7 @@ type session struct { var _ Session = &session{} var _ streamSender = &session{} -// newSession makes a new session -func newSession( - conn connection, - sessionRunner sessionRunner, - v protocol.VersionNumber, - destConnID protocol.ConnectionID, - srcConnID protocol.ConnectionID, - scfg *handshake.ServerConfig, - tlsConf *tls.Config, - config *Config, - logger utils.Logger, -) (quicSession, error) { - logger.Debugf("Creating new session. Destination Connection ID: %s, Source Connection ID: %s", destConnID, srcConnID) - paramsChan := make(chan handshake.TransportParameters) - handshakeEvent := make(chan struct{}, 1) - handshakeCompleteChan := make(chan struct{}) - s := &session{ - conn: conn, - sessionRunner: sessionRunner, - srcConnID: srcConnID, - destConnID: destConnID, - perspective: protocol.PerspectiveServer, - version: v, - config: config, - handshakeEvent: handshakeEvent, - handshakeCompleteChan: handshakeCompleteChan, - paramsChan: paramsChan, - logger: logger, - } - s.preSetup() - transportParams := &handshake.TransportParameters{ - StreamFlowControlWindow: protocol.ReceiveStreamFlowControlWindow, - ConnectionFlowControlWindow: protocol.ReceiveConnectionFlowControlWindow, - MaxStreams: uint32(s.config.MaxIncomingStreams), - IdleTimeout: s.config.IdleTimeout, - } - divNonce := make([]byte, 32) - if _, err := rand.Read(divNonce); err != nil { - return nil, err - } - s.streamsMap = newStreamsMapLegacy(s.newStream, s.config.MaxIncomingStreams, s.perspective) - cstr, err := s.streamsMap.GetOrOpenReceiveStream(1) - if err != nil { - return nil, err - } - cryptoStream := cstr.(streamI) - cs, err := newCryptoSetup( - cryptoStream, - srcConnID, - s.conn.RemoteAddr(), - s.version, - divNonce, - scfg, - transportParams, - s.config.Versions, - s.config.AcceptCookie, - paramsChan, - handshakeEvent, - handshakeCompleteChan, - s.logger, - ) - if err != nil { - return nil, err - } - s.cryptoStreamHandler = cs - s.unpacker = newPacketUnpackerGQUIC(cs, s.version) - s.framer = newFramer(s.streamsMap, s.version) - s.packer = newPacketPackerLegacy( - destConnID, - srcConnID, - s.sentPacketHandler.GetPacketNumberLen, - s.RemoteAddr(), - divNonce, - cryptoStream, - cs, - s.framer, - sentAndReceivedPacketManager{s.sentPacketHandler, s.receivedPacketHandler}, - s.perspective, - s.version, - ) - return s, s.postSetup() -} - -// declare this as a variable, so that we can it mock it in the tests -var newClientSession = func( - conn connection, - sessionRunner sessionRunner, - v protocol.VersionNumber, - destConnID protocol.ConnectionID, - srcConnID protocol.ConnectionID, - tlsConf *tls.Config, - config *Config, - initialVersion protocol.VersionNumber, - negotiatedVersions []protocol.VersionNumber, // needed for validation of the GQUIC version negotiation - logger utils.Logger, -) (quicSession, error) { - logger.Debugf("Creating new session. Destination Connection ID: %s, Source Connection ID: %s", destConnID, srcConnID) - paramsChan := make(chan handshake.TransportParameters) - handshakeEvent := make(chan struct{}, 1) - handshakeCompleteChan := make(chan struct{}) - s := &session{ - conn: conn, - sessionRunner: sessionRunner, - srcConnID: srcConnID, - destConnID: destConnID, - perspective: protocol.PerspectiveClient, - version: v, - config: config, - handshakeEvent: handshakeEvent, - handshakeCompleteChan: handshakeCompleteChan, - paramsChan: paramsChan, - logger: logger, - } - s.preSetup() - transportParams := &handshake.TransportParameters{ - StreamFlowControlWindow: protocol.ReceiveStreamFlowControlWindow, - ConnectionFlowControlWindow: protocol.ReceiveConnectionFlowControlWindow, - MaxStreams: uint32(s.config.MaxIncomingStreams), - IdleTimeout: s.config.IdleTimeout, - OmitConnectionID: s.config.RequestConnectionIDOmission, - } - s.streamsMap = newStreamsMapLegacy(s.newStream, s.config.MaxIncomingStreams, s.perspective) - cstr, err := s.streamsMap.GetOrOpenReceiveStream(1) - if err != nil { - return nil, err - } - cryptoStream := cstr.(streamI) - cs, err := newCryptoSetupClient( - cryptoStream, - destConnID, - s.version, - tlsConf, - transportParams, - paramsChan, - handshakeEvent, - handshakeCompleteChan, - initialVersion, - negotiatedVersions, - s.logger, - ) - if err != nil { - return nil, err - } - s.cryptoStreamHandler = cs - s.unpacker = newPacketUnpackerGQUIC(cs, s.version) - framer := newFramer(s.streamsMap, s.version) - s.framer = framer - s.packer = newPacketPackerLegacy( - destConnID, - srcConnID, - s.sentPacketHandler.GetPacketNumberLen, - s.RemoteAddr(), - nil, // no diversification nonce - cryptoStream, - cs, - framer, - sentAndReceivedPacketManager{s.sentPacketHandler, s.receivedPacketHandler}, - s.perspective, - s.version, - ) - return s, s.postSetup() -} - -func newTLSServerSession( +var newSession = func( conn connection, runner sessionRunner, origConnID protocol.ConnectionID, @@ -343,7 +161,7 @@ func newTLSServerSession( handshakeStream := newCryptoStream() s.streamsMap = newStreamsMap(s, s.newFlowController, s.config.MaxIncomingStreams, s.config.MaxIncomingUniStreams, s.perspective, s.version) s.framer = newFramer(s.streamsMap, s.version) - cs, err := handshake.NewCryptoSetupTLSServer( + cs, err := handshake.NewCryptoSetupServer( initialStream, handshakeStream, origConnID, @@ -372,7 +190,7 @@ func newTLSServerSession( nil, // no token cs, s.framer, - sentAndReceivedPacketManager{s.sentPacketHandler, s.receivedPacketHandler}, + s.receivedPacketHandler, s.perspective, s.version, ) @@ -386,7 +204,7 @@ func newTLSServerSession( } // declare this as a variable, such that we can it mock it in the tests -var newTLSClientSession = func( +var newClientSession = func( conn connection, runner sessionRunner, token []byte, @@ -414,7 +232,7 @@ var newTLSClientSession = func( s.preSetup() initialStream := newCryptoStream() handshakeStream := newCryptoStream() - cs, clientHelloWritten, err := handshake.NewCryptoSetupTLSClient( + cs, clientHelloWritten, err := handshake.NewCryptoSetupClient( initialStream, handshakeStream, s.destConnID, @@ -447,7 +265,7 @@ var newTLSClientSession = func( token, cs, s.framer, - sentAndReceivedPacketManager{s.sentPacketHandler, s.receivedPacketHandler}, + s.receivedPacketHandler, s.perspective, s.version, ) @@ -492,11 +310,9 @@ func (s *session) run() error { s.closeLocal(err) return } - if s.version.UsesTLS() { - close(s.handshakeCompleteChan) - } + close(s.handshakeCompleteChan) }() - if s.version.UsesTLS() && s.perspective == protocol.PerspectiveClient { + if s.perspective == protocol.PerspectiveClient { select { case <-s.clientHelloWritten: s.scheduleSending() @@ -514,8 +330,6 @@ runLoop: select { case closeErr = <-s.closeChan: break runLoop - case <-s.handshakeEvent: - s.tryDecryptingQueuedPackets() case <-s.handshakeCompleteChan: s.handleHandshakeComplete() default: @@ -546,11 +360,6 @@ runLoop: // This is a bit unclean, but works properly, since the packet always // begins with the public header and we never copy it. putPacketBuffer(&p.header.Raw) - case p := <-s.paramsChan: - s.processTransportParameters(&p) - continue - case <-s.handshakeEvent: - s.tryDecryptingQueuedPackets() case <-s.handshakeCompleteChan: s.handleHandshakeComplete() } @@ -581,10 +390,6 @@ runLoop: continue } - if !s.receivedTooManyUndecrytablePacketsTime.IsZero() && s.receivedTooManyUndecrytablePacketsTime.Add(protocol.PublicResetTimeout).Before(now) && len(s.undecryptablePackets) != 0 { - s.closeLocal(qerr.Error(qerr.DecryptionFailure, "too many undecryptable packets received")) - continue - } if !s.handshakeComplete && now.Sub(s.sessionCreationTime) >= s.config.HandshakeTimeout { s.closeLocal(qerr.Error(qerr.HandshakeTimeout, "Crypto handshake did not complete in time.")) continue @@ -604,9 +409,7 @@ runLoop: } s.logger.Infof("Connection %s closed.", s.srcConnID) s.sessionRunner.removeConnectionID(s.srcConnID) - if s.version.UsesTLS() { - s.cryptoStreamHandler.(io.Closer).Close() - } + s.cryptoStreamHandler.Close() return closeErr.err } @@ -636,9 +439,6 @@ func (s *session) maybeResetTimer() { handshakeDeadline := s.sessionCreationTime.Add(s.config.HandshakeTimeout) deadline = utils.MinTime(deadline, handshakeDeadline) } - if !s.receivedTooManyUndecrytablePacketsTime.IsZero() { - deadline = utils.MinTime(deadline, s.receivedTooManyUndecrytablePacketsTime.Add(protocol.PublicResetTimeout)) - } if !s.pacingDeadline.IsZero() { deadline = utils.MinTime(deadline, s.pacingDeadline) } @@ -651,15 +451,13 @@ func (s *session) handleHandshakeComplete() { s.handshakeCompleteChan = nil // prevent this case from ever being selected again s.sessionRunner.onHandshakeComplete(s) - // In gQUIC, the server completes the handshake first (after sending the SHLO). - // In TLS 1.3, the client completes the handshake first (after sending the CFIN). + // The client completes the handshake first (after sending the CFIN). // We need to make sure they learn about the peer completing the handshake, // in order to stop retransmitting handshake packets. // They will stop retransmitting handshake packets when receiving the first forward-secure packet. // We need to make sure that a retransmittable forward-secure packet is sent, // independent from the application protocol. - if (!s.version.UsesTLS() && s.perspective == protocol.PerspectiveClient) || - (s.version.UsesTLS() && s.perspective == protocol.PerspectiveServer) { + if s.perspective == protocol.PerspectiveServer { s.queueControlFrame(&wire.PingFrame{}) s.sentPacketHandler.SetHandshakeComplete() } @@ -673,13 +471,6 @@ func (s *session) handlePacketImpl(p *receivedPacket) error { s.logger.Debugf("Dropping packet with unexpected source connection ID: %s (expected %s)", p.header.SrcConnectionID, s.destConnID) return nil } - if s.perspective == protocol.PerspectiveClient { - if divNonce := p.header.DiversificationNonce; len(divNonce) > 0 { - if err := s.cryptoStreamHandler.(divNonceSetter).SetDiversificationNonce(divNonce); err != nil { - return err - } - } - } if p.rcvTime.IsZero() { // To simplify testing @@ -719,12 +510,10 @@ func (s *session) handlePacketImpl(p *receivedPacket) error { s.lastNetworkActivityTime = p.rcvTime s.keepAlivePingSent = false - // In gQUIC, the server completes the handshake first (after sending the SHLO). - // In TLS 1.3, the client completes the handshake first (after sending the CFIN). - // We know that the peer completed the handshake as soon as we receive a forward-secure packet. - if (!s.version.UsesTLS() && s.perspective == protocol.PerspectiveServer) || - (s.version.UsesTLS() && s.perspective == protocol.PerspectiveClient) { - if !s.receivedFirstForwardSecurePacket && packet.encryptionLevel == protocol.EncryptionForwardSecure { + // The client completes the handshake first (after sending the CFIN). + // We know that the server completed the handshake as soon as we receive a forward-secure packet. + if s.perspective == protocol.PerspectiveClient { + if !s.receivedFirstForwardSecurePacket && packet.encryptionLevel == protocol.Encryption1RTT { s.receivedFirstForwardSecurePacket = true s.sentPacketHandler.SetHandshakeComplete() } @@ -759,9 +548,6 @@ func (s *session) handleFrames(fs []wire.Frame, encLevel protocol.EncryptionLeve err = s.handleAckFrame(frame, encLevel) case *wire.ConnectionCloseFrame: s.closeRemote(qerr.Error(frame.ErrorCode, frame.ReasonPhrase)) - case *wire.GoawayFrame: - err = errors.New("unimplemented: handling GOAWAY frames") - case *wire.StopWaitingFrame: // ignore STOP_WAITINGs case *wire.RstStreamFrame: err = s.handleRstStreamFrame(frame) case *wire.MaxDataFrame: @@ -814,15 +600,7 @@ func (s *session) handleCryptoFrame(frame *wire.CryptoFrame, encLevel protocol.E } func (s *session) handleStreamFrame(frame *wire.StreamFrame, encLevel protocol.EncryptionLevel) error { - if s.version.IsCryptoStream(frame.StreamID) { - if frame.FinBit { - return errors.New("Received STREAM frame with FIN bit for the crypto stream") - } - str, _ := s.streamsMap.GetOrOpenReceiveStream(frame.StreamID) - return str.handleStreamFrame(frame) - } - - if encLevel <= protocol.EncryptionUnencrypted { + if encLevel < protocol.Encryption1RTT { return qerr.Error(qerr.UnencryptedStreamData, fmt.Sprintf("received unencrypted stream data on stream %d", frame.StreamID)) } str, err := s.streamsMap.GetOrOpenReceiveStream(frame.StreamID) @@ -859,9 +637,6 @@ func (s *session) handleMaxStreamIDFrame(frame *wire.MaxStreamIDFrame) error { } func (s *session) handleRstStreamFrame(frame *wire.RstStreamFrame) error { - if s.version.IsCryptoStream(frame.StreamID) { - return errors.New("Received RST_STREAM frame for the crypto stream") - } str, err := s.streamsMap.GetOrOpenReceiveStream(frame.StreamID) if err != nil { return err @@ -874,9 +649,6 @@ func (s *session) handleRstStreamFrame(frame *wire.RstStreamFrame) error { } func (s *session) handleStopSendingFrame(frame *wire.StopSendingFrame) error { - if s.version.IsCryptoStream(frame.StreamID) { - return errors.New("Received a STOP_SENDING frame for the crypto stream") - } str, err := s.streamsMap.GetOrOpenSendStream(frame.StreamID) if err != nil { return err @@ -963,9 +735,9 @@ func (s *session) handleCloseError(closeErr closeError) error { return nil } - if quicErr.ErrorCode == qerr.DecryptionFailure || - quicErr == handshake.ErrNSTPExperiment { - return s.sendPublicReset(s.lastRcvdPacketNumber) + if quicErr.ErrorCode == qerr.DecryptionFailure { + // TODO(#943): send a stateless reset + return nil } return s.sendConnectionClose(quicErr) } @@ -1077,7 +849,7 @@ func (s *session) maybeSendRetransmission() (bool, error) { break } - if retransmitPacket.EncryptionLevel != protocol.EncryptionForwardSecure { + if retransmitPacket.EncryptionLevel != protocol.Encryption1RTT { s.logger.Debugf("Dequeueing handshake retransmission for packet 0x%x", retransmitPacket.PacketNumber) } else { s.logger.Debugf("Dequeueing retransmission for packet 0x%x", retransmitPacket.PacketNumber) @@ -1224,7 +996,6 @@ func (s *session) newFlowController(id protocol.StreamID) flowcontrol.StreamFlow } return flowcontrol.NewStreamFlowController( id, - s.version.StreamContributesToConnectionFlowControl(id), s.connFlowController, protocol.ReceiveStreamFlowControlWindow, protocol.ByteCount(s.config.MaxReceiveStreamFlowControlWindow), @@ -1235,11 +1006,6 @@ func (s *session) newFlowController(id protocol.StreamID) flowcontrol.StreamFlow ) } -func (s *session) sendPublicReset(rejectedPacketNumber protocol.PacketNumber) error { - s.logger.Infof("Sending PUBLIC_RESET for connection %s, packet number %d", s.destConnID, rejectedPacketNumber) - return s.conn.Write(wire.WritePublicReset(s.destConnID, rejectedPacketNumber, 0)) -} - // scheduleSending signals that we have data for sending func (s *session) scheduleSending() { select { @@ -1254,11 +1020,6 @@ func (s *session) tryQueueingUndecryptablePacket(p *receivedPacket) { return } if len(s.undecryptablePackets)+1 > protocol.MaxUndecryptablePackets { - // if this is the first time the undecryptablePackets runs full, start the timer to send a Public Reset - if s.receivedTooManyUndecrytablePacketsTime.IsZero() { - s.receivedTooManyUndecrytablePacketsTime = time.Now() - s.maybeResetTimer() - } s.logger.Infof("Dropping undecrytable packet 0x%x (undecryptable packet queue full)", p.header.PacketNumber) return } @@ -1289,9 +1050,7 @@ func (s *session) onHasConnectionWindowUpdate() { } func (s *session) onHasStreamData(id protocol.StreamID) { - if !s.version.IsCryptoStream(id) { - s.framer.AddActiveStream(id) - } + s.framer.AddActiveStream(id) s.scheduleSending() } diff --git a/session_test.go b/session_test.go index 682924fe..7e02e841 100644 --- a/session_test.go +++ b/session_test.go @@ -3,25 +3,21 @@ package quic import ( "bytes" "context" - "crypto/tls" "errors" - "io" "net" "runtime/pprof" "strings" "time" - "github.com/golang/mock/gomock" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" + "github.com/golang/mock/gomock" "github.com/lucas-clemente/quic-go/internal/ackhandler" - "github.com/lucas-clemente/quic-go/internal/crypto" "github.com/lucas-clemente/quic-go/internal/handshake" "github.com/lucas-clemente/quic-go/internal/mocks" "github.com/lucas-clemente/quic-go/internal/mocks/ackhandler" "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/testdata" "github.com/lucas-clemente/quic-go/internal/utils" "github.com/lucas-clemente/quic-go/internal/wire" "github.com/lucas-clemente/quic-go/qerr" @@ -59,32 +55,6 @@ func (m *mockConnection) LocalAddr() net.Addr { return m.localAddr } func (m *mockConnection) RemoteAddr() net.Addr { return m.remoteAddr } func (*mockConnection) Close() error { panic("not implemented") } -type mockCryptoSetup struct { - handleErr error - divNonce []byte -} - -var _ handshake.CryptoSetup = &mockCryptoSetup{} - -func (m *mockCryptoSetup) RunHandshake() error { return m.handleErr } -func (m *mockCryptoSetup) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel, error) { - panic("not implemented") -} -func (m *mockCryptoSetup) GetSealer() (protocol.EncryptionLevel, handshake.Sealer) { - panic("not implemented") -} -func (m *mockCryptoSetup) GetSealerForCryptoStream() (protocol.EncryptionLevel, handshake.Sealer) { - panic("not implemented") -} -func (m *mockCryptoSetup) GetSealerWithEncryptionLevel(protocol.EncryptionLevel) (handshake.Sealer, error) { - panic("not implemented") -} -func (m *mockCryptoSetup) SetDiversificationNonce(divNonce []byte) error { - m.divNonce = divNonce - return nil -} -func (m *mockCryptoSetup) ConnectionState() ConnectionState { panic("not implemented") } - func areSessionsRunning() bool { var b bytes.Buffer pprof.Lookup("goroutine").WriteTo(&b, 1) @@ -93,59 +63,33 @@ func areSessionsRunning() bool { var _ = Describe("Session", func() { var ( - sess *session - sessionRunner *MockSessionRunner - scfg *handshake.ServerConfig - mconn *mockConnection - cryptoSetup *mockCryptoSetup - streamManager *MockStreamManager - packer *MockPacker - handshakeChan chan<- struct{} - handshakeCompleteChan chan<- struct{} + sess *session + sessionRunner *MockSessionRunner + mconn *mockConnection + streamManager *MockStreamManager + packer *MockPacker + cryptoSetup *mocks.MockCryptoSetup ) BeforeEach(func() { Eventually(areSessionsRunning).Should(BeFalse()) - cryptoSetup = &mockCryptoSetup{} - newCryptoSetup = func( - _ io.ReadWriter, - _ protocol.ConnectionID, - _ net.Addr, - _ protocol.VersionNumber, - _ []byte, - _ *handshake.ServerConfig, - _ *handshake.TransportParameters, - _ []protocol.VersionNumber, - _ func(net.Addr, *Cookie) bool, - _ chan<- handshake.TransportParameters, - handshakeChanP chan<- struct{}, - handshakeCompleteChanP chan<- struct{}, - _ utils.Logger, - ) (handshake.CryptoSetup, error) { - handshakeChan = handshakeChanP - handshakeCompleteChan = handshakeCompleteChanP - return cryptoSetup, nil - } - sessionRunner = NewMockSessionRunner(mockCtrl) mconn = newMockConnection() - certChain := crypto.NewCertChain(testdata.GetTLSConfig()) - kex, err := crypto.NewCurve25519KEX() - Expect(err).NotTo(HaveOccurred()) - scfg, err = handshake.NewServerConfig(kex, certChain) - Expect(err).NotTo(HaveOccurred()) var pSess Session + var err error pSess, err = newSession( mconn, sessionRunner, - protocol.Version39, + protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10}, protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1}, - protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1}, - scfg, - nil, + protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}, + 1, populateServerConfig(&Config{}), + nil, // tls.Config + nil, // handshake.TransportParameters, utils.DefaultLogger, + protocol.VersionTLS, ) Expect(err).NotTo(HaveOccurred()) sess = pSess.(*session) @@ -153,79 +97,14 @@ var _ = Describe("Session", func() { sess.streamsMap = streamManager packer = NewMockPacker(mockCtrl) sess.packer = packer + cryptoSetup = mocks.NewMockCryptoSetup(mockCtrl) + sess.cryptoStreamHandler = cryptoSetup }) AfterEach(func() { - newCryptoSetup = handshake.NewCryptoSetup Eventually(areSessionsRunning).Should(BeFalse()) }) - Context("source address validation", func() { - var ( - cookieVerify func(net.Addr, *Cookie) bool - paramClientAddr net.Addr - paramCookie *Cookie - ) - remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 13, 37), Port: 1000} - - BeforeEach(func() { - newCryptoSetup = func( - _ io.ReadWriter, - _ protocol.ConnectionID, - _ net.Addr, - _ protocol.VersionNumber, - _ []byte, - _ *handshake.ServerConfig, - _ *handshake.TransportParameters, - _ []protocol.VersionNumber, - cookieFunc func(net.Addr, *Cookie) bool, - _ chan<- handshake.TransportParameters, - _ chan<- struct{}, - _ chan<- struct{}, - _ utils.Logger, - ) (handshake.CryptoSetup, error) { - cookieVerify = cookieFunc - return cryptoSetup, nil - } - - conf := populateServerConfig(&Config{}) - conf.AcceptCookie = func(clientAddr net.Addr, cookie *Cookie) bool { - paramClientAddr = clientAddr - paramCookie = cookie - return false - } - pSess, err := newSession( - mconn, - sessionRunner, - protocol.Version39, - protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1}, - protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1}, - scfg, - nil, - conf, - utils.DefaultLogger, - ) - Expect(err).NotTo(HaveOccurred()) - sess = pSess.(*session) - }) - - It("calls the callback with the right parameters when the client didn't send an STK", func() { - cookieVerify(remoteAddr, nil) - Expect(paramClientAddr).To(Equal(remoteAddr)) - Expect(paramCookie).To(BeNil()) - }) - - It("calls the callback with the STK when the client sent an STK", func() { - cookieAddr := &net.UDPAddr{IP: net.IPv4(127, 0, 0, 1), Port: 1337} - sentTime := time.Now().Add(-time.Hour) - cookieVerify(remoteAddr, &Cookie{SentTime: sentTime, RemoteAddr: cookieAddr.String()}) - Expect(paramClientAddr).To(Equal(remoteAddr)) - Expect(paramCookie).ToNot(BeNil()) - Expect(paramCookie.RemoteAddr).To(Equal(cookieAddr.String())) - Expect(paramCookie.SentTime).To(Equal(sentTime)) - }) - }) - Context("frame handling", func() { Context("handling STREAM frames", func() { It("passes STREAM frames to the stream", func() { @@ -236,7 +115,7 @@ var _ = Describe("Session", func() { str := NewMockReceiveStreamI(mockCtrl) str.EXPECT().handleStreamFrame(f) streamManager.EXPECT().GetOrOpenReceiveStream(protocol.StreamID(5)).Return(str, nil) - err := sess.handleStreamFrame(f, protocol.EncryptionForwardSecure) + err := sess.handleStreamFrame(f, protocol.Encryption1RTT) Expect(err).ToNot(HaveOccurred()) }) @@ -249,7 +128,7 @@ var _ = Describe("Session", func() { str := NewMockReceiveStreamI(mockCtrl) str.EXPECT().handleStreamFrame(f).Return(testErr) streamManager.EXPECT().GetOrOpenReceiveStream(protocol.StreamID(5)).Return(str, nil) - err := sess.handleStreamFrame(f, protocol.EncryptionForwardSecure) + err := sess.handleStreamFrame(f, protocol.Encryption1RTT) Expect(err).To(MatchError(testErr)) }) @@ -258,36 +137,15 @@ var _ = Describe("Session", func() { err := sess.handleStreamFrame(&wire.StreamFrame{ StreamID: 5, Data: []byte("foobar"), - }, protocol.EncryptionForwardSecure) + }, protocol.Encryption1RTT) Expect(err).ToNot(HaveOccurred()) }) - It("errors on a STREAM frame that would close the crypto stream", func() { - err := sess.handleStreamFrame(&wire.StreamFrame{ - StreamID: 1, - Offset: 0x1337, - FinBit: true, - }, protocol.EncryptionForwardSecure) - Expect(err).To(MatchError("Received STREAM frame with FIN bit for the crypto stream")) - }) - - It("accepts unencrypted STREAM frames on the crypto stream", func() { - f := &wire.StreamFrame{ - StreamID: 1, - Data: []byte("foobar"), - } - str := NewMockStreamI(mockCtrl) - str.EXPECT().handleStreamFrame(f) - streamManager.EXPECT().GetOrOpenReceiveStream(protocol.StreamID(1)).Return(str, nil) // for closed streams, the streamManager returns nil - err := sess.handleStreamFrame(f, protocol.EncryptionUnencrypted) - Expect(err).ToNot(HaveOccurred()) - }) - - It("does not handle unencrypted STREAM frames on higher streams", func() { + It("does not accept STREAM frames in non-1RTT packets", func() { err := sess.handleStreamFrame(&wire.StreamFrame{ StreamID: 3, Data: []byte("foobar"), - }, protocol.EncryptionUnencrypted) + }, protocol.EncryptionHandshake) Expect(err).To(MatchError(qerr.Error(qerr.UnencryptedStreamData, "received unencrypted stream data on stream 3"))) }) }) @@ -296,11 +154,11 @@ var _ = Describe("Session", func() { It("informs the SentPacketHandler about ACKs", func() { f := &wire.AckFrame{AckRanges: []wire.AckRange{{Smallest: 2, Largest: 3}}} sph := mockackhandler.NewMockSentPacketHandler(mockCtrl) - sph.EXPECT().ReceivedAck(f, protocol.PacketNumber(42), protocol.EncryptionSecure, gomock.Any()) + sph.EXPECT().ReceivedAck(f, protocol.PacketNumber(42), protocol.EncryptionHandshake, gomock.Any()) sph.EXPECT().GetLowestPacketNotConfirmedAcked() sess.sentPacketHandler = sph sess.lastRcvdPacketNumber = 42 - err := sess.handleAckFrame(f, protocol.EncryptionSecure) + err := sess.handleAckFrame(f, protocol.EncryptionHandshake) Expect(err).ToNot(HaveOccurred()) }) @@ -313,8 +171,7 @@ var _ = Describe("Session", func() { rph := mockackhandler.NewMockReceivedPacketHandler(mockCtrl) rph.EXPECT().IgnoreBelow(protocol.PacketNumber(0x42)) sess.receivedPacketHandler = rph - err := sess.handleAckFrame(ack, protocol.EncryptionUnencrypted) - Expect(err).ToNot(HaveOccurred()) + Expect(sess.handleAckFrame(ack, protocol.EncryptionInitial)).To(Succeed()) }) }) @@ -353,14 +210,6 @@ var _ = Describe("Session", func() { }}, protocol.EncryptionUnspecified) Expect(err).NotTo(HaveOccurred()) }) - - It("erros when a RST_STREAM frame would reset the crypto stream", func() { - err := sess.handleRstStreamFrame(&wire.RstStreamFrame{ - StreamID: 1, - ErrorCode: 123, - }) - Expect(err).To(MatchError("Received RST_STREAM frame for the crypto stream")) - }) }) Context("handling MAX_DATA and MAX_STREAM_DATA frames", func() { @@ -429,14 +278,6 @@ var _ = Describe("Session", func() { Expect(err).ToNot(HaveOccurred()) }) - It("errors when receiving a STOP_SENDING for the crypto stream", func() { - err := sess.handleStopSendingFrame(&wire.StopSendingFrame{ - StreamID: 1, - ErrorCode: 10, - }) - Expect(err).To(MatchError("Received a STOP_SENDING frame for the crypto stream")) - }) - It("ignores STOP_SENDING frames for a closed stream", func() { streamManager.EXPECT().GetOrOpenSendStream(protocol.StreamID(3)).Return(nil, nil) err := sess.handleFrames([]wire.Frame{&wire.StopSendingFrame{ @@ -480,22 +321,15 @@ var _ = Describe("Session", func() { Expect(err).NotTo(HaveOccurred()) }) - It("errors on GOAWAY frames", func() { - err := sess.handleFrames([]wire.Frame{&wire.GoawayFrame{}}, protocol.EncryptionUnspecified) - Expect(err).To(MatchError("unimplemented: handling GOAWAY frames")) - }) - - It("handles STOP_WAITING frames", func() { - err := sess.handleFrames([]wire.Frame{&wire.StopWaitingFrame{LeastUnacked: 10}}, protocol.EncryptionUnspecified) - Expect(err).NotTo(HaveOccurred()) - }) - It("handles CONNECTION_CLOSE frames", func() { testErr := qerr.Error(qerr.ProofInvalid, "foobar") streamManager.EXPECT().CloseWithError(testErr) sessionRunner.EXPECT().removeConnectionID(gomock.Any()) + cryptoSetup.EXPECT().Close() + go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) err := sess.run() Expect(err).To(MatchError(testErr)) }() @@ -523,6 +357,7 @@ var _ = Describe("Session", func() { Eventually(areSessionsRunning).Should(BeFalse()) go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) sess.run() }() Eventually(areSessionsRunning).Should(BeTrue()) @@ -531,6 +366,7 @@ var _ = Describe("Session", func() { It("shuts down without error", func() { streamManager.EXPECT().CloseWithError(qerr.Error(qerr.PeerGoingAway, "")) sessionRunner.EXPECT().removeConnectionID(gomock.Any()) + cryptoSetup.EXPECT().Close() packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{raw: []byte("connection close")}, nil) Expect(sess.Close()).To(Succeed()) Eventually(areSessionsRunning).Should(BeFalse()) @@ -542,6 +378,7 @@ var _ = Describe("Session", func() { It("only closes once", func() { streamManager.EXPECT().CloseWithError(qerr.Error(qerr.PeerGoingAway, "")) sessionRunner.EXPECT().removeConnectionID(gomock.Any()) + cryptoSetup.EXPECT().Close() packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) Expect(sess.Close()).To(Succeed()) Expect(sess.Close()).To(Succeed()) @@ -554,6 +391,7 @@ var _ = Describe("Session", func() { testErr := errors.New("test error") streamManager.EXPECT().CloseWithError(qerr.Error(0x1337, testErr.Error())) sessionRunner.EXPECT().removeConnectionID(gomock.Any()) + cryptoSetup.EXPECT().Close() packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) sess.CloseWithError(0x1337, testErr) Eventually(areSessionsRunning).Should(BeFalse()) @@ -563,23 +401,16 @@ var _ = Describe("Session", func() { It("closes the session in order to replace it with another QUIC version", func() { streamManager.EXPECT().CloseWithError(gomock.Any()) sessionRunner.EXPECT().removeConnectionID(gomock.Any()) + cryptoSetup.EXPECT().Close() sess.destroy(errCloseSessionForNewVersion) Eventually(areSessionsRunning).Should(BeFalse()) Expect(mconn.written).To(BeEmpty()) // no CONNECTION_CLOSE or PUBLIC_RESET sent }) - It("sends a Public Reset if the client is initiating the no STOP_WAITING experiment", func() { - streamManager.EXPECT().CloseWithError(gomock.Any()) - sessionRunner.EXPECT().removeConnectionID(gomock.Any()) - sess.closeLocal(handshake.ErrNSTPExperiment) - Eventually(mconn.written).Should(HaveLen(1)) - Expect((<-mconn.written)[0] & 0x02).ToNot(BeZero()) // Public Reset - Expect(sess.Context().Done()).To(BeClosed()) - }) - It("cancels the context when the run loop exists", func() { streamManager.EXPECT().CloseWithError(gomock.Any()) sessionRunner.EXPECT().removeConnectionID(gomock.Any()) + cryptoSetup.EXPECT().Close() packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) returned := make(chan struct{}) go func() { @@ -642,11 +473,13 @@ var _ = Describe("Session", func() { testErr := errors.New("unpack error") unpacker.EXPECT().Unpack(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, testErr) streamManager.EXPECT().CloseWithError(gomock.Any()) + cryptoSetup.EXPECT().Close() packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) hdr.PacketNumber = 5 done := make(chan struct{}) go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) err := sess.run() Expect(err).To(MatchError(testErr)) close(done) @@ -769,13 +602,6 @@ var _ = Describe("Session", func() { Expect(frames).To(Equal([]wire.Frame{&wire.BlockedFrame{Offset: 1337}})) }) - It("sends PUBLIC_RESET", func() { - err := sess.sendPublicReset(1) - Expect(err).NotTo(HaveOccurred()) - Expect(mconn.written).To(HaveLen(1)) - Expect(mconn.written).To(Receive(ContainSubstring("PRST"))) - }) - It("sends a retransmission and a regular packet in the same run", func() { packetToRetransmit := &ackhandler.Packet{ PacketNumber: 10, @@ -807,14 +633,13 @@ var _ = Describe("Session", func() { }) It("sends multiple packets, if the retransmission is split", func() { - sess.version = versionIETFFrames packet := &ackhandler.Packet{ PacketNumber: 42, Frames: []wire.Frame{&wire.StreamFrame{ StreamID: 0x5, Data: []byte("foobar"), }}, - EncryptionLevel: protocol.EncryptionForwardSecure, + EncryptionLevel: protocol.Encryption1RTT, } retransmissions := []*packedPacket{getPacket(1337), getPacket(1338)} sph := mockackhandler.NewMockSentPacketHandler(mockCtrl) @@ -884,6 +709,7 @@ var _ = Describe("Session", func() { done := make(chan struct{}) go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) sess.run() close(done) }() @@ -893,6 +719,7 @@ var _ = Describe("Session", func() { // make the go routine return packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) sessionRunner.EXPECT().removeConnectionID(gomock.Any()) + cryptoSetup.EXPECT().Close() sess.Close() Eventually(done).Should(BeClosed()) }) @@ -909,6 +736,7 @@ var _ = Describe("Session", func() { done := make(chan struct{}) go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) sess.run() close(done) }() @@ -918,6 +746,7 @@ var _ = Describe("Session", func() { // make the go routine return packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) sessionRunner.EXPECT().removeConnectionID(gomock.Any()) + cryptoSetup.EXPECT().Close() sess.Close() Eventually(done).Should(BeClosed()) }) @@ -935,6 +764,7 @@ var _ = Describe("Session", func() { done := make(chan struct{}) go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) sess.run() close(done) }() @@ -945,6 +775,7 @@ var _ = Describe("Session", func() { // make the go routine return packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) sessionRunner.EXPECT().removeConnectionID(gomock.Any()) + cryptoSetup.EXPECT().Close() sess.Close() Eventually(done).Should(BeClosed()) }) @@ -961,6 +792,7 @@ var _ = Describe("Session", func() { done := make(chan struct{}) go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) sess.run() close(done) }() @@ -969,6 +801,7 @@ var _ = Describe("Session", func() { // make the go routine return packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) sessionRunner.EXPECT().removeConnectionID(gomock.Any()) + cryptoSetup.EXPECT().Close() sess.Close() Eventually(done).Should(BeClosed()) }) @@ -981,6 +814,7 @@ var _ = Describe("Session", func() { done := make(chan struct{}) go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) sess.run() close(done) }() @@ -989,6 +823,7 @@ var _ = Describe("Session", func() { // make the go routine return sessionRunner.EXPECT().removeConnectionID(gomock.Any()) packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) + cryptoSetup.EXPECT().Close() sess.Close() Eventually(done).Should(BeClosed()) }) @@ -1008,6 +843,7 @@ var _ = Describe("Session", func() { go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) sess.run() }() Consistently(mconn.written).ShouldNot(Receive()) @@ -1017,6 +853,7 @@ var _ = Describe("Session", func() { sessionRunner.EXPECT().removeConnectionID(gomock.Any()) streamManager.EXPECT().CloseWithError(gomock.Any()) packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) + cryptoSetup.EXPECT().Close() sess.Close() Eventually(sess.Context().Done()).Should(BeClosed()) }) @@ -1041,6 +878,7 @@ var _ = Describe("Session", func() { go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) sess.run() }() Eventually(mconn.written).Should(Receive()) @@ -1048,178 +886,34 @@ var _ = Describe("Session", func() { packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) sessionRunner.EXPECT().removeConnectionID(gomock.Any()) streamManager.EXPECT().CloseWithError(gomock.Any()) + cryptoSetup.EXPECT().Close() sess.Close() Eventually(sess.Context().Done()).Should(BeClosed()) }) }) }) - It("closes when crypto stream errors", func() { + It("closes when RunHandshake() errors", func() { testErr := errors.New("crypto setup error") streamManager.EXPECT().CloseWithError(qerr.Error(qerr.InternalError, testErr.Error())) sessionRunner.EXPECT().removeConnectionID(gomock.Any()) + cryptoSetup.EXPECT().Close() packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) - cryptoSetup.handleErr = testErr go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Return(testErr) err := sess.run() Expect(err).To(MatchError(testErr)) }() Eventually(sess.Context().Done()).Should(BeClosed()) }) - Context("sending a PUBLIC_RESET when receiving undecryptable packets during the handshake", func() { - // sends protocol.MaxUndecryptablePackets+1 undecrytable packets - // this completely fills up the undecryptable packets queue and triggers the public reset timer - sendUndecryptablePackets := func() { - for i := 0; i < protocol.MaxUndecryptablePackets+1; i++ { - hdr := &wire.Header{ - PacketNumber: protocol.PacketNumber(i + 1), - } - sess.handlePacket(&receivedPacket{ - header: hdr, - remoteAddr: &net.UDPAddr{IP: net.IPv4(127, 0, 0, 1), Port: 1234}, - data: []byte("foobar"), - }) - } - } - - BeforeEach(func() { - unpacker := NewMockUnpacker(mockCtrl) - unpacker.EXPECT().Unpack(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, qerr.Error(qerr.DecryptionFailure, "")).AnyTimes() - sess.unpacker = unpacker - sess.cryptoStreamHandler = &mockCryptoSetup{} - streamManager.EXPECT().CloseWithError(gomock.Any()).MaxTimes(1) - packer.EXPECT().PackPacket().AnyTimes() - }) - - It("doesn't immediately send a PUBLIC_RESET after receiving too many undecryptable packets", func() { - go func() { - defer GinkgoRecover() - sess.run() - }() - sendUndecryptablePackets() - sess.scheduleSending() - Consistently(mconn.written).Should(HaveLen(0)) - // make the go routine return - sessionRunner.EXPECT().removeConnectionID(gomock.Any()) - packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) - sess.Close() - Eventually(sess.Context().Done()).Should(BeClosed()) - }) - - It("sets a deadline to send a PUBLIC_RESET after receiving too many undecryptable packets", func() { - go func() { - defer GinkgoRecover() - sess.run() - }() - sendUndecryptablePackets() - Eventually(func() time.Time { return sess.receivedTooManyUndecrytablePacketsTime }).Should(BeTemporally("~", time.Now(), 20*time.Millisecond)) - // make the go routine return - sessionRunner.EXPECT().removeConnectionID(gomock.Any()) - packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) - sess.Close() - Eventually(sess.Context().Done()).Should(BeClosed()) - }) - - It("drops undecryptable packets when the undecrytable packet queue is full", func() { - go func() { - defer GinkgoRecover() - sess.run() - }() - sendUndecryptablePackets() - Eventually(func() []*receivedPacket { return sess.undecryptablePackets }).Should(HaveLen(protocol.MaxUndecryptablePackets)) - // check that old packets are kept, and the new packets are dropped - Expect(sess.undecryptablePackets[0].header.PacketNumber).To(Equal(protocol.PacketNumber(1))) - // make the go routine return - sessionRunner.EXPECT().removeConnectionID(gomock.Any()) - packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) - Expect(sess.Close()).To(Succeed()) - Eventually(sess.Context().Done()).Should(BeClosed()) - }) - - It("sends a PUBLIC_RESET after a timeout", func() { - sessionRunner.EXPECT().removeConnectionID(gomock.Any()) - Expect(sess.receivedTooManyUndecrytablePacketsTime).To(BeZero()) - go func() { - defer GinkgoRecover() - sess.run() - }() - sendUndecryptablePackets() - Eventually(func() time.Time { return sess.receivedTooManyUndecrytablePacketsTime }).Should(BeTemporally("~", time.Now(), time.Second)) - // speed up this test by manually setting back the time when too many packets were received - sess.receivedTooManyUndecrytablePacketsTime = time.Now().Add(-protocol.PublicResetTimeout) - time.Sleep(10 * time.Millisecond) // wait for the run loop to spin up - sess.scheduleSending() // wake up the run loop - Eventually(mconn.written).Should(HaveLen(1)) - Expect(mconn.written).To(Receive(ContainSubstring("PRST"))) - Eventually(sess.Context().Done()).Should(BeClosed()) - }) - - It("doesn't send a PUBLIC_RESET if decrypting them succeeded during the timeout", func() { - go func() { - defer GinkgoRecover() - sess.run() - }() - sess.receivedTooManyUndecrytablePacketsTime = time.Now().Add(-protocol.PublicResetTimeout).Add(-time.Millisecond) - sess.scheduleSending() // wake up the run loop - // there are no packets in the undecryptable packet queue - // in reality, this happens when the trial decryption succeeded during the Public Reset timeout - Consistently(mconn.written).ShouldNot(HaveLen(1)) - Expect(sess.Context().Done()).ToNot(Receive()) - // make the go routine return - sessionRunner.EXPECT().removeConnectionID(gomock.Any()) - packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) - sess.Close() - Eventually(sess.Context().Done()).Should(BeClosed()) - }) - - It("ignores undecryptable packets after the handshake is complete", func() { - sess.handshakeComplete = true - go func() { - defer GinkgoRecover() - sess.run() - }() - sendUndecryptablePackets() - Consistently(sess.undecryptablePackets).Should(BeEmpty()) - // make the go routine return - sessionRunner.EXPECT().removeConnectionID(gomock.Any()) - packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) - Expect(sess.Close()).To(Succeed()) - Eventually(sess.Context().Done()).Should(BeClosed()) - }) - - It("unqueues undecryptable packets for later decryption", func() { - sess.undecryptablePackets = []*receivedPacket{{ - header: &wire.Header{PacketNumber: protocol.PacketNumber(42)}, - }} - Expect(sess.receivedPackets).NotTo(Receive()) - sess.tryDecryptingQueuedPackets() - Expect(sess.undecryptablePackets).To(BeEmpty()) - Expect(sess.receivedPackets).To(Receive()) - }) - }) - - It("doesn't do anything when the crypto setup says to decrypt undecryptable packets", func() { - go func() { - defer GinkgoRecover() - sess.run() - }() - handshakeChan <- struct{}{} - // don't EXPECT any calls to sessionRunner.onHandshakeComplete() - // make sure the go routine returns - sessionRunner.EXPECT().removeConnectionID(gomock.Any()) - streamManager.EXPECT().CloseWithError(gomock.Any()) - packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) - Expect(sess.Close()).To(Succeed()) - Eventually(sess.Context().Done()).Should(BeClosed()) - }) - It("calls the onHandshakeComplete callback when the handshake completes", func() { - close(handshakeCompleteChan) - sessionRunner.EXPECT().onHandshakeComplete(gomock.Any()) + packer.EXPECT().PackPacket().AnyTimes() go func() { defer GinkgoRecover() + sessionRunner.EXPECT().onHandshakeComplete(gomock.Any()) + cryptoSetup.EXPECT().RunHandshake() sess.run() }() Consistently(sess.Context().Done()).ShouldNot(BeClosed()) @@ -1227,6 +921,35 @@ var _ = Describe("Session", func() { sessionRunner.EXPECT().removeConnectionID(gomock.Any()) streamManager.EXPECT().CloseWithError(gomock.Any()) packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) + cryptoSetup.EXPECT().Close() + Expect(sess.Close()).To(Succeed()) + Eventually(sess.Context().Done()).Should(BeClosed()) + }) + + It("sends a forward-secure packet when the handshake completes", func() { + done := make(chan struct{}) + gomock.InOrder( + sessionRunner.EXPECT().onHandshakeComplete(gomock.Any()), + packer.EXPECT().PackPacket().DoAndReturn(func() (*packedPacket, error) { + defer close(done) + return &packedPacket{ + header: &wire.Header{}, + raw: *getPacketBuffer(), + }, nil + }), + packer.EXPECT().PackPacket().AnyTimes(), + ) + go func() { + defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake() + sess.run() + }() + Eventually(done).Should(BeClosed()) + //make sure the go routine returns + streamManager.EXPECT().CloseWithError(gomock.Any()) + sessionRunner.EXPECT().removeConnectionID(gomock.Any()) + packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) + cryptoSetup.EXPECT().Close() Expect(sess.Close()).To(Succeed()) Eventually(sess.Context().Done()).Should(BeClosed()) }) @@ -1235,13 +958,14 @@ var _ = Describe("Session", func() { done := make(chan struct{}) go func() { defer GinkgoRecover() - err := sess.run() - Expect(err).ToNot(HaveOccurred()) + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) + Expect(sess.run()).To(Succeed()) close(done) }() streamManager.EXPECT().CloseWithError(gomock.Any()) sessionRunner.EXPECT().removeConnectionID(gomock.Any()) packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) + cryptoSetup.EXPECT().Close() Expect(sess.Close()).To(Succeed()) Eventually(done).Should(BeClosed()) }) @@ -1251,6 +975,7 @@ var _ = Describe("Session", func() { done := make(chan struct{}) go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) err := sess.run() Expect(err).To(MatchError(qerr.Error(0x1337, testErr.Error()))) close(done) @@ -1258,33 +983,31 @@ var _ = Describe("Session", func() { streamManager.EXPECT().CloseWithError(gomock.Any()) sessionRunner.EXPECT().removeConnectionID(gomock.Any()) packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) + cryptoSetup.EXPECT().Close() Expect(sess.CloseWithError(0x1337, testErr)).To(Succeed()) Eventually(done).Should(BeClosed()) }) It("process transport parameters received from the peer", func() { - paramsChan := make(chan handshake.TransportParameters) - sess.paramsChan = paramsChan go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) sess.run() }() - params := handshake.TransportParameters{ - MaxStreams: 123, + params := &handshake.TransportParameters{ IdleTimeout: 90 * time.Second, StreamFlowControlWindow: 0x5000, ConnectionFlowControlWindow: 0x5000, - OmitConnectionID: true, MaxPacketSize: 0x42, } - streamManager.EXPECT().UpdateLimits(¶ms) - packer.EXPECT().HandleTransportParameters(¶ms) - paramsChan <- params - Eventually(func() *handshake.TransportParameters { return sess.peerParams }).Should(Equal(¶ms)) + streamManager.EXPECT().UpdateLimits(params) + packer.EXPECT().HandleTransportParameters(params) + sess.processTransportParameters(params) // make the go routine return streamManager.EXPECT().CloseWithError(gomock.Any()) sessionRunner.EXPECT().removeConnectionID(gomock.Any()) packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) + cryptoSetup.EXPECT().Close() sess.Close() Eventually(sess.Context().Done()).Should(BeClosed()) }) @@ -1310,6 +1033,7 @@ var _ = Describe("Session", func() { done := make(chan struct{}) go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) sess.run() close(done) }() @@ -1318,6 +1042,7 @@ var _ = Describe("Session", func() { sessionRunner.EXPECT().removeConnectionID(gomock.Any()) streamManager.EXPECT().CloseWithError(gomock.Any()) packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) + cryptoSetup.EXPECT().Close() sess.Close() Eventually(done).Should(BeClosed()) }) @@ -1329,6 +1054,7 @@ var _ = Describe("Session", func() { done := make(chan struct{}) go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) sess.run() close(done) }() @@ -1337,6 +1063,7 @@ var _ = Describe("Session", func() { sessionRunner.EXPECT().removeConnectionID(gomock.Any()) streamManager.EXPECT().CloseWithError(gomock.Any()) packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) + cryptoSetup.EXPECT().Close() sess.Close() Eventually(done).Should(BeClosed()) }) @@ -1348,6 +1075,7 @@ var _ = Describe("Session", func() { done := make(chan struct{}) go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) sess.run() close(done) }() @@ -1356,6 +1084,7 @@ var _ = Describe("Session", func() { sessionRunner.EXPECT().removeConnectionID(gomock.Any()) streamManager.EXPECT().CloseWithError(gomock.Any()) packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) + cryptoSetup.EXPECT().Close() sess.Close() Eventually(done).Should(BeClosed()) }) @@ -1371,12 +1100,14 @@ var _ = Describe("Session", func() { sess.handshakeComplete = true sess.lastNetworkActivityTime = time.Now().Add(-time.Hour) done := make(chan struct{}) + cryptoSetup.EXPECT().Close() packer.EXPECT().PackConnectionClose(gomock.Any()).DoAndReturn(func(f *wire.ConnectionCloseFrame) (*packedPacket, error) { Expect(f.ErrorCode).To(Equal(qerr.NetworkIdleTimeout)) return &packedPacket{}, nil }) go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) err := sess.run() Expect(err.(*qerr.QuicError).ErrorCode).To(Equal(qerr.NetworkIdleTimeout)) close(done) @@ -1385,8 +1116,9 @@ var _ = Describe("Session", func() { }) It("times out due to non-completed handshake", func() { - sessionRunner.EXPECT().removeConnectionID(gomock.Any()) sess.sessionCreationTime = time.Now().Add(-protocol.DefaultHandshakeTimeout).Add(-time.Second) + sessionRunner.EXPECT().removeConnectionID(gomock.Any()) + cryptoSetup.EXPECT().Close() packer.EXPECT().PackConnectionClose(gomock.Any()).DoAndReturn(func(f *wire.ConnectionCloseFrame) (*packedPacket, error) { Expect(f.ErrorCode).To(Equal(qerr.HandshakeTimeout)) return &packedPacket{}, nil @@ -1394,6 +1126,7 @@ var _ = Describe("Session", func() { done := make(chan struct{}) go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) err := sess.run() Expect(err.(*qerr.QuicError).ErrorCode).To(Equal(qerr.HandshakeTimeout)) close(done) @@ -1403,7 +1136,6 @@ var _ = Describe("Session", func() { It("does not use the idle timeout before the handshake complete", func() { sess.config.IdleTimeout = 9999 * time.Second - defer sess.Close() sess.lastNetworkActivityTime = time.Now().Add(-time.Minute) packer.EXPECT().PackConnectionClose(gomock.Any()).DoAndReturn(func(f *wire.ConnectionCloseFrame) (*packedPacket, error) { Expect(f.ErrorCode).To(Equal(qerr.PeerGoingAway)) @@ -1413,27 +1145,31 @@ var _ = Describe("Session", func() { // and not on the last network activity go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }) sess.run() }() Consistently(sess.Context().Done()).ShouldNot(BeClosed()) // make the go routine return sessionRunner.EXPECT().removeConnectionID(gomock.Any()) + cryptoSetup.EXPECT().Close() sess.Close() Eventually(sess.Context().Done()).Should(BeClosed()) }) It("closes the session due to the idle timeout after handshake", func() { - sessionRunner.EXPECT().onHandshakeComplete(sess) + packer.EXPECT().PackPacket().AnyTimes() sessionRunner.EXPECT().removeConnectionID(gomock.Any()) + cryptoSetup.EXPECT().Close() packer.EXPECT().PackConnectionClose(gomock.Any()).DoAndReturn(func(f *wire.ConnectionCloseFrame) (*packedPacket, error) { Expect(f.ErrorCode).To(Equal(qerr.NetworkIdleTimeout)) return &packedPacket{}, nil }) sess.config.IdleTimeout = 0 - close(handshakeCompleteChan) done := make(chan struct{}) go func() { defer GinkgoRecover() + sessionRunner.EXPECT().onHandshakeComplete(sess) + cryptoSetup.EXPECT().RunHandshake() err := sess.run() Expect(err.(*qerr.QuicError).ErrorCode).To(Equal(qerr.NetworkIdleTimeout)) close(done) @@ -1539,90 +1275,47 @@ var _ = Describe("Session", func() { var _ = Describe("Client Session", func() { var ( - sess *session - sessionRunner *MockSessionRunner - packer *MockPacker - mconn *mockConnection - handshakeCompleteChan chan<- struct{} - - cryptoSetup *mockCryptoSetup + sess *session + sessionRunner *MockSessionRunner + packer *MockPacker + mconn *mockConnection + cryptoSetup *mocks.MockCryptoSetup ) BeforeEach(func() { Eventually(areSessionsRunning).Should(BeFalse()) - cryptoSetup = &mockCryptoSetup{} - newCryptoSetupClient = func( - _ io.ReadWriter, - _ protocol.ConnectionID, - _ protocol.VersionNumber, - _ *tls.Config, - _ *handshake.TransportParameters, - _ chan<- handshake.TransportParameters, - _ chan<- struct{}, - handshakeCompleteChanP chan<- struct{}, - _ protocol.VersionNumber, - _ []protocol.VersionNumber, - _ utils.Logger, - ) (handshake.CryptoSetup, error) { - handshakeCompleteChan = handshakeCompleteChanP - return cryptoSetup, nil - } - mconn = newMockConnection() sessionRunner = NewMockSessionRunner(mockCtrl) sessP, err := newClientSession( mconn, sessionRunner, - protocol.Version39, + []byte("token"), protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1}, protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1}, - nil, - populateClientConfig(&Config{}, false), + populateClientConfig(&Config{}, true), + nil, // tls.Config + nil, // transport parameters protocol.VersionWhatever, - nil, + 1, utils.DefaultLogger, + protocol.VersionWhatever, ) sess = sessP.(*session) Expect(err).ToNot(HaveOccurred()) packer = NewMockPacker(mockCtrl) sess.packer = packer - }) - - AfterEach(func() { - newCryptoSetupClient = handshake.NewCryptoSetupClient - }) - - It("sends a forward-secure packet when the handshake completes", func() { - done := make(chan struct{}) - gomock.InOrder( - sessionRunner.EXPECT().onHandshakeComplete(gomock.Any()), - packer.EXPECT().PackPacket().DoAndReturn(func() (*packedPacket, error) { - close(done) - return &packedPacket{header: &wire.Header{}, raw: *getPacketBuffer()}, nil - }), - packer.EXPECT().PackPacket().AnyTimes(), - ) - close(handshakeCompleteChan) - go func() { - defer GinkgoRecover() - sess.run() - }() - Eventually(done).Should(BeClosed()) - //make sure the go routine returns - sessionRunner.EXPECT().removeConnectionID(gomock.Any()) - packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) - Expect(sess.Close()).To(Succeed()) - Eventually(sess.Context().Done()).Should(BeClosed()) + cryptoSetup = mocks.NewMockCryptoSetup(mockCtrl) + sess.cryptoStreamHandler = cryptoSetup }) It("changes the connection ID when receiving the first packet from the server", func() { - sess.version = protocol.VersionTLS unpacker := NewMockUnpacker(mockCtrl) unpacker.EXPECT().Unpack(gomock.Any(), gomock.Any(), gomock.Any()).Return(&unpackedPacket{}, nil) sess.unpacker = unpacker go func() { defer GinkgoRecover() + cryptoSetup.EXPECT().RunHandshake().Do(func() { <-sess.Context().Done() }).AnyTimes() sess.run() }() newConnID := protocol.ConnectionID{1, 3, 3, 7, 1, 3, 3, 7} @@ -1638,66 +1331,10 @@ var _ = Describe("Client Session", func() { }) Expect(err).ToNot(HaveOccurred()) // make sure the go routine returns - sess.version = protocol.Version39 packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) sessionRunner.EXPECT().removeConnectionID(gomock.Any()) + cryptoSetup.EXPECT().Close() Expect(sess.Close()).To(Succeed()) Eventually(sess.Context().Done()).Should(BeClosed()) }) - - It("doesn't retransmit an Initial packet if it already received a response", func() { - unpacker := NewMockUnpacker(mockCtrl) - unpacker.EXPECT().Unpack(gomock.Any(), gomock.Any(), gomock.Any()).Return(&unpackedPacket{}, nil) - sess.unpacker = unpacker - sph := mockackhandler.NewMockSentPacketHandler(mockCtrl) - sph.EXPECT().GetPacketNumberLen(gomock.Any()).Return(protocol.PacketNumberLen2).AnyTimes() - sph.EXPECT().DequeuePacketForRetransmission().Return(&ackhandler.Packet{ - PacketNumber: 10, - PacketType: protocol.PacketTypeInitial, - }) - sph.EXPECT().DequeuePacketForRetransmission() - rph := mockackhandler.NewMockReceivedPacketHandler(mockCtrl) - rph.EXPECT().ReceivedPacket(gomock.Any(), gomock.Any(), gomock.Any()) - sess.receivedPacketHandler = rph - sess.sentPacketHandler = sph - err := sess.handlePacketImpl(&receivedPacket{ - header: &wire.Header{}, - data: []byte{0}, - }) - Expect(err).ToNot(HaveOccurred()) - Expect(sess.receivedFirstPacket).To(BeTrue()) - sent, err := sess.maybeSendRetransmission() - Expect(err).NotTo(HaveOccurred()) - Expect(sent).To(BeFalse()) - }) - - Context("receiving packets", func() { - var hdr *wire.Header - - BeforeEach(func() { - hdr = &wire.Header{PacketNumberLen: protocol.PacketNumberLen6} - }) - - It("passes the diversification nonce to the crypto setup", func() { - cryptoSetup := &mockCryptoSetup{} - sess.cryptoStreamHandler = cryptoSetup - unpacker := NewMockUnpacker(mockCtrl) - unpacker.EXPECT().Unpack(gomock.Any(), gomock.Any(), gomock.Any()).Return(&unpackedPacket{}, nil) - sess.unpacker = unpacker - go func() { - defer GinkgoRecover() - sess.run() - }() - hdr.PacketNumber = 5 - hdr.DiversificationNonce = []byte("foobar") - err := sess.handlePacketImpl(&receivedPacket{header: hdr}) - Expect(err).ToNot(HaveOccurred()) - Expect(cryptoSetup.divNonce).To(Equal(hdr.DiversificationNonce)) - // make the go routine return - packer.EXPECT().PackConnectionClose(gomock.Any()).Return(&packedPacket{}, nil) - sessionRunner.EXPECT().removeConnectionID(gomock.Any()) - Expect(sess.Close()).To(Succeed()) - Eventually(sess.Context().Done()).Should(BeClosed()) - }) - }) }) diff --git a/stream.go b/stream.go index 64e4d46e..dffcfa39 100644 --- a/stream.go +++ b/stream.go @@ -10,10 +10,7 @@ import ( "github.com/lucas-clemente/quic-go/internal/wire" ) -const ( - errorCodeStopping protocol.ApplicationErrorCode = 0 - errorCodeStoppingGQUIC protocol.ApplicationErrorCode = 7 -) +const errorCodeStopping protocol.ApplicationErrorCode = 0 // The streamSender is notified by the stream about various events. type streamSender interface { @@ -136,8 +133,6 @@ func (s *stream) Close() error { if err := s.sendStream.Close(); err != nil { return err } - // in gQUIC, we need to send a RST_STREAM with the final offset if CancelRead() was called - s.receiveStream.onClose(s.sendStream.getWriteOffset()) return nil } @@ -156,16 +151,7 @@ func (s *stream) closeForShutdown(err error) { } func (s *stream) handleRstStreamFrame(frame *wire.RstStreamFrame) error { - if err := s.receiveStream.handleRstStreamFrame(frame); err != nil { - return err - } - if !s.version.UsesIETFFrameFormat() { - s.handleStopSendingFrame(&wire.StopSendingFrame{ - StreamID: s.StreamID(), - ErrorCode: frame.ErrorCode, - }) - } - return nil + return s.receiveStream.handleRstStreamFrame(frame) } // checkIfCompleted is called from the uniStreamSender, when one of the stream halves is completed. diff --git a/stream_test.go b/stream_test.go index 864e0edb..6b6572cd 100644 --- a/stream_test.go +++ b/stream_test.go @@ -55,118 +55,6 @@ var _ = Describe("Stream", func() { Expect(str.StreamID()).To(Equal(protocol.StreamID(1337))) }) - // need some stream cancelation tests here, since gQUIC doesn't cleanly separate the two stream halves - Context("stream cancelations", func() { - Context("for gQUIC", func() { - BeforeEach(func() { - str.version = versionGQUICFrames - str.receiveStream.version = versionGQUICFrames - str.sendStream.version = versionGQUICFrames - }) - - It("unblocks Write when receiving a RST_STREAM frame with non-zero error code", func() { - mockSender.EXPECT().onHasStreamData(streamID) - mockSender.EXPECT().queueControlFrame(&wire.RstStreamFrame{ - StreamID: streamID, - ByteOffset: 1000, - ErrorCode: errorCodeStoppingGQUIC, - }) - mockSender.EXPECT().onStreamCompleted(streamID) - mockFC.EXPECT().UpdateHighestReceived(protocol.ByteCount(6), true) - str.writeOffset = 1000 - f := &wire.RstStreamFrame{ - StreamID: streamID, - ByteOffset: 6, - ErrorCode: 123, - } - writeReturned := make(chan struct{}) - go func() { - defer GinkgoRecover() - _, err := strWithTimeout.Write([]byte("foobar")) - Expect(err).To(MatchError("Stream 1337 was reset with error code 123")) - Expect(err).To(BeAssignableToTypeOf(streamCanceledError{})) - Expect(err.(streamCanceledError).Canceled()).To(BeTrue()) - Expect(err.(streamCanceledError).ErrorCode()).To(Equal(protocol.ApplicationErrorCode(123))) - close(writeReturned) - }() - Consistently(writeReturned).ShouldNot(BeClosed()) - err := str.handleRstStreamFrame(f) - Expect(err).ToNot(HaveOccurred()) - Eventually(writeReturned).Should(BeClosed()) - }) - - It("unblocks Write when receiving a RST_STREAM frame with error code 0", func() { - mockSender.EXPECT().onHasStreamData(streamID) - mockSender.EXPECT().queueControlFrame(&wire.RstStreamFrame{ - StreamID: streamID, - ByteOffset: 1000, - ErrorCode: errorCodeStoppingGQUIC, - }) - mockFC.EXPECT().UpdateHighestReceived(protocol.ByteCount(6), true) - str.writeOffset = 1000 - f := &wire.RstStreamFrame{ - StreamID: streamID, - ByteOffset: 6, - ErrorCode: 0, - } - writeReturned := make(chan struct{}) - go func() { - defer GinkgoRecover() - _, err := strWithTimeout.Write([]byte("foobar")) - Expect(err).To(MatchError("Stream 1337 was reset with error code 0")) - Expect(err).To(BeAssignableToTypeOf(streamCanceledError{})) - Expect(err.(streamCanceledError).Canceled()).To(BeTrue()) - Expect(err.(streamCanceledError).ErrorCode()).To(Equal(protocol.ApplicationErrorCode(0))) - close(writeReturned) - }() - Consistently(writeReturned).ShouldNot(BeClosed()) - err := str.handleRstStreamFrame(f) - Expect(err).ToNot(HaveOccurred()) - Eventually(writeReturned).Should(BeClosed()) - }) - - It("sends a RST_STREAM with error code 0, after the stream is closed", func() { - str.version = versionGQUICFrames - mockSender.EXPECT().onHasStreamData(streamID).Times(2) // once for the Write, once for the Close - mockFC.EXPECT().SendWindowSize().Return(protocol.MaxByteCount).AnyTimes() - mockFC.EXPECT().AddBytesSent(protocol.ByteCount(6)) - err := str.CancelRead(1234) - Expect(err).ToNot(HaveOccurred()) - writeReturned := make(chan struct{}) - go func() { - defer GinkgoRecover() - _, err := strWithTimeout.Write([]byte("foobar")) - Expect(err).ToNot(HaveOccurred()) - close(writeReturned) - }() - Eventually(func() *wire.StreamFrame { - frame, _ := str.popStreamFrame(1000) - return frame - }).ShouldNot(BeNil()) - Eventually(writeReturned).Should(BeClosed()) - mockSender.EXPECT().queueControlFrame(&wire.RstStreamFrame{ - StreamID: streamID, - ByteOffset: 6, - ErrorCode: 0, - }) - Expect(str.Close()).To(Succeed()) - }) - }) - - Context("for IETF QUIC", func() { - It("doesn't queue a RST_STREAM after closing the stream", func() { // this is what it does for gQUIC - mockSender.EXPECT().queueControlFrame(&wire.StopSendingFrame{ - StreamID: streamID, - ErrorCode: 1234, - }) - mockSender.EXPECT().onHasStreamData(streamID) - err := str.CancelRead(1234) - Expect(err).ToNot(HaveOccurred()) - Expect(str.Close()).To(Succeed()) - }) - }) - }) - Context("deadlines", func() { It("sets a write deadline, when SetDeadline is called", func() { str.SetDeadline(time.Now().Add(-time.Second)) diff --git a/streams_map_legacy.go b/streams_map_legacy.go deleted file mode 100644 index fdc713ca..00000000 --- a/streams_map_legacy.go +++ /dev/null @@ -1,282 +0,0 @@ -package quic - -import ( - "errors" - "fmt" - "sync" - - "github.com/lucas-clemente/quic-go/internal/handshake" - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/utils" - "github.com/lucas-clemente/quic-go/internal/wire" - "github.com/lucas-clemente/quic-go/qerr" -) - -type streamsMapLegacy struct { - mutex sync.RWMutex - - perspective protocol.Perspective - - cryptoStream streamI - streams map[protocol.StreamID]streamI - - nextStreamToOpen protocol.StreamID // StreamID of the next Stream that will be returned by OpenStream() - highestStreamOpenedByPeer protocol.StreamID - nextStreamOrErrCond sync.Cond - openStreamOrErrCond sync.Cond - - closeErr error - nextStreamToAccept protocol.StreamID - - newStream func(protocol.StreamID) streamI - - numOutgoingStreams uint32 - numIncomingStreams uint32 - maxIncomingStreams uint32 - maxOutgoingStreams uint32 -} - -var _ streamManager = &streamsMapLegacy{} - -var errMapAccess = errors.New("streamsMap: Error accessing the streams map") - -func newStreamsMapLegacy(newStream func(protocol.StreamID) streamI, maxStreams int, pers protocol.Perspective) streamManager { - // add some tolerance to the maximum incoming streams value - maxIncomingStreams := utils.MaxUint32( - uint32(maxStreams)+protocol.MaxStreamsMinimumIncrement, - uint32(float64(maxStreams)*float64(protocol.MaxStreamsMultiplier)), - ) - sm := streamsMapLegacy{ - perspective: pers, - streams: make(map[protocol.StreamID]streamI), - cryptoStream: newStream(1), - newStream: newStream, - maxIncomingStreams: maxIncomingStreams, - } - sm.nextStreamOrErrCond.L = &sm.mutex - sm.openStreamOrErrCond.L = &sm.mutex - - nextServerInitiatedStream := protocol.StreamID(2) - nextClientInitiatedStream := protocol.StreamID(3) - if pers == protocol.PerspectiveServer { - sm.highestStreamOpenedByPeer = 1 - } - if pers == protocol.PerspectiveServer { - sm.nextStreamToOpen = nextServerInitiatedStream - sm.nextStreamToAccept = nextClientInitiatedStream - } else { - sm.nextStreamToOpen = nextClientInitiatedStream - sm.nextStreamToAccept = nextServerInitiatedStream - } - return &sm -} - -// getStreamPerspective says which side should initiate a stream -func (m *streamsMapLegacy) streamInitiatedBy(id protocol.StreamID) protocol.Perspective { - if id%2 == 0 { - return protocol.PerspectiveServer - } - return protocol.PerspectiveClient -} - -func (m *streamsMapLegacy) GetOrOpenReceiveStream(id protocol.StreamID) (receiveStreamI, error) { - // every bidirectional stream is also a receive stream - return m.getOrOpenStream(id) -} - -func (m *streamsMapLegacy) GetOrOpenSendStream(id protocol.StreamID) (sendStreamI, error) { - // every bidirectional stream is also a send stream - return m.getOrOpenStream(id) -} - -// getOrOpenStream either returns an existing stream, a newly opened stream, or nil if a stream with the provided ID is already closed. -// Newly opened streams should only originate from the client. To open a stream from the server, OpenStream should be used. -func (m *streamsMapLegacy) getOrOpenStream(id protocol.StreamID) (streamI, error) { - if id == 1 { - return m.cryptoStream, nil - } - m.mutex.RLock() - s, ok := m.streams[id] - m.mutex.RUnlock() - if ok { - return s, nil - } - - // ... we don't have an existing stream - m.mutex.Lock() - defer m.mutex.Unlock() - // We need to check whether another invocation has already created a stream (between RUnlock() and Lock()). - s, ok = m.streams[id] - if ok { - return s, nil - } - - if m.perspective == m.streamInitiatedBy(id) { - if id <= m.nextStreamToOpen { // this is a stream opened by us. Must have been closed already - return nil, nil - } - return nil, qerr.Error(qerr.InvalidStreamID, fmt.Sprintf("peer attempted to open stream %d", id)) - } - if id <= m.highestStreamOpenedByPeer { // this is a peer-initiated stream that doesn't exist anymore. Must have been closed already - return nil, nil - } - - for sid := m.highestStreamOpenedByPeer + 2; sid <= id; sid += 2 { - if _, err := m.openRemoteStream(sid); err != nil { - return nil, err - } - } - - m.nextStreamOrErrCond.Broadcast() - return m.streams[id], nil -} - -func (m *streamsMapLegacy) openRemoteStream(id protocol.StreamID) (streamI, error) { - if m.numIncomingStreams >= m.maxIncomingStreams { - return nil, qerr.TooManyOpenStreams - } - // maxNewStreamIDDelta is the maximum difference between and a newly opened Stream and the highest StreamID that a client has ever opened - // note that the number of streams is half this value, since the client can only open streams with open StreamID - maxStreamIDDelta := protocol.StreamID(4 * m.maxIncomingStreams) - if id+maxStreamIDDelta < m.highestStreamOpenedByPeer { - return nil, qerr.Error(qerr.InvalidStreamID, fmt.Sprintf("attempted to open stream %d, which is a lot smaller than the highest opened stream, %d", id, m.highestStreamOpenedByPeer)) - } - - m.numIncomingStreams++ - if id > m.highestStreamOpenedByPeer { - m.highestStreamOpenedByPeer = id - } - - s := m.newStream(id) - return s, m.putStream(s) -} - -func (m *streamsMapLegacy) openStreamImpl() (streamI, error) { - if m.numOutgoingStreams >= m.maxOutgoingStreams { - return nil, qerr.TooManyOpenStreams - } - - m.numOutgoingStreams++ - s := m.newStream(m.nextStreamToOpen) - m.nextStreamToOpen += 2 - return s, m.putStream(s) -} - -// OpenStream opens the next available stream -func (m *streamsMapLegacy) OpenStream() (Stream, error) { - m.mutex.Lock() - defer m.mutex.Unlock() - - if m.closeErr != nil { - return nil, m.closeErr - } - return m.openStreamImpl() -} - -func (m *streamsMapLegacy) OpenStreamSync() (Stream, error) { - m.mutex.Lock() - defer m.mutex.Unlock() - - for { - if m.closeErr != nil { - return nil, m.closeErr - } - str, err := m.openStreamImpl() - if err == nil { - return str, err - } - if err != nil && err != qerr.TooManyOpenStreams { - return nil, err - } - m.openStreamOrErrCond.Wait() - } -} - -func (m *streamsMapLegacy) OpenUniStream() (SendStream, error) { - return nil, errors.New("gQUIC doesn't support unidirectional streams") -} - -func (m *streamsMapLegacy) OpenUniStreamSync() (SendStream, error) { - return nil, errors.New("gQUIC doesn't support unidirectional streams") -} - -// AcceptStream returns the next stream opened by the peer -// it blocks until a new stream is opened -func (m *streamsMapLegacy) AcceptStream() (Stream, error) { - m.mutex.Lock() - defer m.mutex.Unlock() - var str streamI - for { - var ok bool - if m.closeErr != nil { - return nil, m.closeErr - } - str, ok = m.streams[m.nextStreamToAccept] - if ok { - break - } - m.nextStreamOrErrCond.Wait() - } - m.nextStreamToAccept += 2 - return str, nil -} - -func (m *streamsMapLegacy) AcceptUniStream() (ReceiveStream, error) { - return nil, errors.New("gQUIC doesn't support unidirectional streams") -} - -func (m *streamsMapLegacy) DeleteStream(id protocol.StreamID) error { - m.mutex.Lock() - defer m.mutex.Unlock() - _, ok := m.streams[id] - if !ok { - return errMapAccess - } - delete(m.streams, id) - if m.streamInitiatedBy(id) == m.perspective { - m.numOutgoingStreams-- - } else { - m.numIncomingStreams-- - } - m.openStreamOrErrCond.Signal() - return nil -} - -func (m *streamsMapLegacy) putStream(s streamI) error { - id := s.StreamID() - if _, ok := m.streams[id]; ok { - return fmt.Errorf("a stream with ID %d already exists", id) - } - m.streams[id] = s - return nil -} - -func (m *streamsMapLegacy) CloseWithError(err error) { - m.mutex.Lock() - defer m.mutex.Unlock() - m.closeErr = err - m.nextStreamOrErrCond.Broadcast() - m.openStreamOrErrCond.Broadcast() - for _, s := range m.streams { - s.closeForShutdown(err) - } -} - -// TODO(#952): this won't be needed when gQUIC supports stateless handshakes -func (m *streamsMapLegacy) UpdateLimits(params *handshake.TransportParameters) { - m.mutex.Lock() - m.maxOutgoingStreams = params.MaxStreams - for id, str := range m.streams { - str.handleMaxStreamDataFrame(&wire.MaxStreamDataFrame{ - StreamID: id, - ByteOffset: params.StreamFlowControlWindow, - }) - } - m.mutex.Unlock() - m.openStreamOrErrCond.Broadcast() -} - -// should never be called, since MAX_STREAM_ID frames can only be unpacked for IETF QUIC -func (m *streamsMapLegacy) HandleMaxStreamIDFrame(f *wire.MaxStreamIDFrame) error { - return errors.New("gQUIC doesn't have MAX_STREAM_ID frames") -} diff --git a/streams_map_legacy_test.go b/streams_map_legacy_test.go deleted file mode 100644 index 33476a93..00000000 --- a/streams_map_legacy_test.go +++ /dev/null @@ -1,571 +0,0 @@ -package quic - -import ( - "errors" - - "github.com/golang/mock/gomock" - "github.com/lucas-clemente/quic-go/internal/handshake" - "github.com/lucas-clemente/quic-go/internal/protocol" - "github.com/lucas-clemente/quic-go/internal/wire" - "github.com/lucas-clemente/quic-go/qerr" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Streams Map (for gQUIC)", func() { - var m *streamsMapLegacy - - newStream := func(id protocol.StreamID) streamI { - str := NewMockStreamI(mockCtrl) - str.EXPECT().StreamID().Return(id).AnyTimes() - return str - } - - setNewStreamsMap := func(p protocol.Perspective) { - m = newStreamsMapLegacy(newStream, protocol.DefaultMaxIncomingStreams, p).(*streamsMapLegacy) - } - - deleteStream := func(id protocol.StreamID) { - ExpectWithOffset(1, m.DeleteStream(id)).To(Succeed()) - } - - It("applies the max stream limit for small number of streams", func() { - sm := newStreamsMapLegacy(newStream, 1, protocol.PerspectiveServer).(*streamsMapLegacy) - Expect(sm.maxIncomingStreams).To(BeEquivalentTo(1 + protocol.MaxStreamsMinimumIncrement)) - }) - - It("applies the max stream limit for big number of streams", func() { - sm := newStreamsMapLegacy(newStream, 1000, protocol.PerspectiveServer).(*streamsMapLegacy) - Expect(sm.maxIncomingStreams).To(BeEquivalentTo(1000 * protocol.MaxStreamsMultiplier)) - }) - - Context("getting and creating streams", func() { - Context("as a server", func() { - BeforeEach(func() { - setNewStreamsMap(protocol.PerspectiveServer) - }) - - It("gets the crypto stream", func() { - s, err := m.getOrOpenStream(1) - Expect(err).ToNot(HaveOccurred()) - Expect(s).ToNot(BeNil()) - Expect(s.StreamID()).To(Equal(protocol.StreamID(1))) - }) - - Context("client-side streams", func() { - It("gets new streams", func() { - s, err := m.getOrOpenStream(3) - Expect(err).NotTo(HaveOccurred()) - Expect(s).ToNot(BeNil()) - Expect(s.StreamID()).To(Equal(protocol.StreamID(3))) - Expect(m.streams).To(HaveLen(1)) - Expect(m.numIncomingStreams).To(BeEquivalentTo(1)) - Expect(m.numOutgoingStreams).To(BeZero()) - }) - - It("rejects streams with even IDs", func() { - _, err := m.getOrOpenStream(6) - Expect(err).To(MatchError("InvalidStreamID: peer attempted to open stream 6")) - }) - - It("rejects streams with even IDs, which are lower thatn the highest client-side stream", func() { - _, err := m.getOrOpenStream(5) - Expect(err).NotTo(HaveOccurred()) - _, err = m.getOrOpenStream(4) - Expect(err).To(MatchError("InvalidStreamID: peer attempted to open stream 4")) - }) - - It("gets existing streams", func() { - s, err := m.getOrOpenStream(5) - Expect(err).NotTo(HaveOccurred()) - Expect(s.StreamID()).To(Equal(protocol.StreamID(5))) - numStreams := m.numIncomingStreams - s, err = m.getOrOpenStream(5) - Expect(err).NotTo(HaveOccurred()) - Expect(s.StreamID()).To(Equal(protocol.StreamID(5))) - Expect(m.numIncomingStreams).To(Equal(numStreams)) - }) - - It("returns nil for closed streams", func() { - _, err := m.getOrOpenStream(5) - Expect(err).NotTo(HaveOccurred()) - deleteStream(5) - s, err := m.getOrOpenStream(5) - Expect(err).NotTo(HaveOccurred()) - Expect(s).To(BeNil()) - }) - - It("opens skipped streams", func() { - _, err := m.getOrOpenStream(7) - Expect(err).NotTo(HaveOccurred()) - Expect(m.streams).To(HaveKey(protocol.StreamID(3))) - Expect(m.streams).To(HaveKey(protocol.StreamID(5))) - Expect(m.streams).To(HaveKey(protocol.StreamID(7))) - }) - - It("doesn't reopen an already closed stream", func() { - _, err := m.getOrOpenStream(5) - Expect(err).ToNot(HaveOccurred()) - deleteStream(5) - Expect(err).ToNot(HaveOccurred()) - str, err := m.getOrOpenStream(5) - Expect(err).ToNot(HaveOccurred()) - Expect(str).To(BeNil()) - }) - - Context("counting streams", func() { - It("errors when too many streams are opened", func() { - for i := uint32(0); i < m.maxIncomingStreams; i++ { - _, err := m.getOrOpenStream(protocol.StreamID(i*2 + 1)) - Expect(err).NotTo(HaveOccurred()) - } - _, err := m.getOrOpenStream(protocol.StreamID(2*m.maxIncomingStreams + 3)) - Expect(err).To(MatchError(qerr.TooManyOpenStreams)) - }) - - It("errors when too many streams are opened implicitly", func() { - _, err := m.getOrOpenStream(protocol.StreamID(m.maxIncomingStreams*2 + 3)) - Expect(err).To(MatchError(qerr.TooManyOpenStreams)) - }) - - It("does not error when many streams are opened and closed", func() { - for i := uint32(2); i < 10*m.maxIncomingStreams; i++ { - str, err := m.getOrOpenStream(protocol.StreamID(i*2 + 1)) - Expect(err).NotTo(HaveOccurred()) - deleteStream(str.StreamID()) - } - }) - }) - }) - - Context("server-side streams", func() { - It("doesn't allow opening streams before receiving the transport parameters", func() { - _, err := m.OpenStream() - Expect(err).To(MatchError(qerr.TooManyOpenStreams)) - }) - - It("opens a stream 2 first", func() { - m.UpdateLimits(&handshake.TransportParameters{MaxStreams: 10000}) - s, err := m.OpenStream() - Expect(err).ToNot(HaveOccurred()) - Expect(s).ToNot(BeNil()) - Expect(s.StreamID()).To(Equal(protocol.StreamID(2))) - Expect(m.numIncomingStreams).To(BeZero()) - Expect(m.numOutgoingStreams).To(BeEquivalentTo(1)) - }) - - It("returns the error when the streamsMap was closed", func() { - testErr := errors.New("test error") - m.CloseWithError(testErr) - _, err := m.OpenStream() - Expect(err).To(MatchError(testErr)) - }) - - It("doesn't reopen an already closed stream", func() { - m.UpdateLimits(&handshake.TransportParameters{MaxStreams: 10000}) - str, err := m.OpenStream() - Expect(err).ToNot(HaveOccurred()) - Expect(str.StreamID()).To(Equal(protocol.StreamID(2))) - deleteStream(2) - Expect(err).ToNot(HaveOccurred()) - str, err = m.getOrOpenStream(2) - Expect(err).ToNot(HaveOccurred()) - Expect(str).To(BeNil()) - }) - - Context("counting streams", func() { - const maxOutgoingStreams = 50 - - BeforeEach(func() { - m.UpdateLimits(&handshake.TransportParameters{MaxStreams: maxOutgoingStreams}) - }) - - It("errors when too many streams are opened", func() { - for i := 1; i <= maxOutgoingStreams; i++ { - _, err := m.OpenStream() - Expect(err).NotTo(HaveOccurred()) - } - _, err := m.OpenStream() - Expect(err).To(MatchError(qerr.TooManyOpenStreams)) - }) - - It("does not error when many streams are opened and closed", func() { - for i := 2; i < 10*maxOutgoingStreams; i++ { - str, err := m.OpenStream() - Expect(err).NotTo(HaveOccurred()) - deleteStream(str.StreamID()) - } - }) - - It("allows many server- and client-side streams at the same time", func() { - for i := 1; i < maxOutgoingStreams; i++ { - _, err := m.OpenStream() - Expect(err).ToNot(HaveOccurred()) - } - for i := 0; i < maxOutgoingStreams; i++ { - _, err := m.getOrOpenStream(protocol.StreamID(2*i + 1)) - Expect(err).ToNot(HaveOccurred()) - } - }) - }) - - Context("opening streams synchronously", func() { - const maxOutgoingStreams = 10 - - BeforeEach(func() { - m.UpdateLimits(&handshake.TransportParameters{MaxStreams: maxOutgoingStreams}) - }) - - openMaxNumStreams := func() { - for i := 1; i <= maxOutgoingStreams; i++ { - _, err := m.OpenStream() - Expect(err).NotTo(HaveOccurred()) - } - _, err := m.OpenStream() - Expect(err).To(MatchError(qerr.TooManyOpenStreams)) - } - - It("waits until another stream is closed", func() { - openMaxNumStreams() - var str Stream - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - var err error - str, err = m.OpenStreamSync() - Expect(err).ToNot(HaveOccurred()) - close(done) - }() - Consistently(done).ShouldNot(BeClosed()) - deleteStream(6) - Eventually(done).Should(BeClosed()) - Expect(str.StreamID()).To(Equal(protocol.StreamID(2*maxOutgoingStreams + 2))) - }) - - It("stops waiting when an error is registered", func() { - testErr := errors.New("test error") - openMaxNumStreams() - for _, str := range m.streams { - str.(*MockStreamI).EXPECT().closeForShutdown(testErr) - } - - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - _, err := m.OpenStreamSync() - Expect(err).To(MatchError(testErr)) - close(done) - }() - - Consistently(done).ShouldNot(BeClosed()) - m.CloseWithError(testErr) - Eventually(done).Should(BeClosed()) - }) - - It("immediately returns when OpenStreamSync is called after an error was registered", func() { - testErr := errors.New("test error") - m.CloseWithError(testErr) - _, err := m.OpenStreamSync() - Expect(err).To(MatchError(testErr)) - }) - }) - }) - - Context("accepting streams", func() { - It("does nothing if no stream is opened", func() { - var accepted bool - go func() { - _, _ = m.AcceptStream() - accepted = true - }() - Consistently(func() bool { return accepted }).Should(BeFalse()) - }) - - It("starts with stream 3", func() { - var str Stream - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - var err error - str, err = m.AcceptStream() - Expect(err).ToNot(HaveOccurred()) - close(done) - }() - _, err := m.getOrOpenStream(3) - Expect(err).ToNot(HaveOccurred()) - Eventually(done).Should(BeClosed()) - Expect(str.StreamID()).To(Equal(protocol.StreamID(3))) - }) - - It("returns an implicitly opened stream, if a stream number is skipped", func() { - var str Stream - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - var err error - str, err = m.AcceptStream() - Expect(err).ToNot(HaveOccurred()) - close(done) - }() - _, err := m.getOrOpenStream(5) - Expect(err).ToNot(HaveOccurred()) - Eventually(done).Should(BeClosed()) - Expect(str.StreamID()).To(Equal(protocol.StreamID(3))) - }) - - It("returns to multiple accepts", func() { - var str1, str2 Stream - done1 := make(chan struct{}) - done2 := make(chan struct{}) - go func() { - defer GinkgoRecover() - var err error - str1, err = m.AcceptStream() - Expect(err).ToNot(HaveOccurred()) - close(done1) - }() - go func() { - defer GinkgoRecover() - var err error - str2, err = m.AcceptStream() - Expect(err).ToNot(HaveOccurred()) - close(done2) - }() - _, err := m.getOrOpenStream(5) // opens stream 3 and 5 - Expect(err).ToNot(HaveOccurred()) - Eventually(done1).Should(BeClosed()) - Eventually(done2).Should(BeClosed()) - Expect(str1.StreamID()).ToNot(Equal(str2.StreamID())) - Expect(str1.StreamID() + str2.StreamID()).To(BeEquivalentTo(3 + 5)) - }) - - It("waits until a new stream is available", func() { - var str Stream - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - var err error - str, err = m.AcceptStream() - Expect(err).ToNot(HaveOccurred()) - close(done) - }() - Consistently(done).ShouldNot(BeClosed()) - _, err := m.getOrOpenStream(3) - Expect(err).ToNot(HaveOccurred()) - Eventually(done).Should(BeClosed()) - Expect(str.StreamID()).To(Equal(protocol.StreamID(3))) - }) - - It("returns multiple streams on subsequent Accept calls, if available", func() { - var str Stream - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - var err error - str, err = m.AcceptStream() - Expect(err).ToNot(HaveOccurred()) - close(done) - }() - _, err := m.getOrOpenStream(5) - Expect(err).ToNot(HaveOccurred()) - Eventually(done).Should(BeClosed()) - Expect(str.StreamID()).To(Equal(protocol.StreamID(3))) - str, err = m.AcceptStream() - Expect(err).ToNot(HaveOccurred()) - Expect(str.StreamID()).To(Equal(protocol.StreamID(5))) - }) - - It("blocks after accepting a stream", func() { - _, err := m.getOrOpenStream(3) - Expect(err).ToNot(HaveOccurred()) - str, err := m.AcceptStream() - Expect(err).ToNot(HaveOccurred()) - Expect(str.StreamID()).To(Equal(protocol.StreamID(3))) - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - _, _ = m.AcceptStream() - close(done) - }() - Consistently(done).ShouldNot(BeClosed()) - // make the go routine return - str.(*MockStreamI).EXPECT().closeForShutdown(gomock.Any()) - m.CloseWithError(errors.New("shut down")) - Eventually(done).Should(BeClosed()) - }) - - It("stops waiting when an error is registered", func() { - testErr := errors.New("testErr") - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - _, err := m.AcceptStream() - Expect(err).To(MatchError(testErr)) - close(done) - }() - Consistently(done).ShouldNot(BeClosed()) - m.CloseWithError(testErr) - Eventually(done).Should(BeClosed()) - }) - It("immediately returns when Accept is called after an error was registered", func() { - testErr := errors.New("testErr") - m.CloseWithError(testErr) - _, err := m.AcceptStream() - Expect(err).To(MatchError(testErr)) - }) - }) - }) - - Context("as a client", func() { - BeforeEach(func() { - setNewStreamsMap(protocol.PerspectiveClient) - m.UpdateLimits(&handshake.TransportParameters{MaxStreams: 10000}) - }) - - Context("server-side streams", func() { - It("rejects streams with odd IDs", func() { - _, err := m.getOrOpenStream(5) - Expect(err).To(MatchError("InvalidStreamID: peer attempted to open stream 5")) - }) - - It("rejects streams with odds IDs, which are lower than the highest server-side stream", func() { - _, err := m.getOrOpenStream(6) - Expect(err).NotTo(HaveOccurred()) - _, err = m.getOrOpenStream(5) - Expect(err).To(MatchError("InvalidStreamID: peer attempted to open stream 5")) - }) - - It("gets new streams", func() { - s, err := m.getOrOpenStream(2) - Expect(err).NotTo(HaveOccurred()) - Expect(s.StreamID()).To(Equal(protocol.StreamID(2))) - Expect(m.streams).To(HaveLen(1)) - Expect(m.numOutgoingStreams).To(BeZero()) - Expect(m.numIncomingStreams).To(BeEquivalentTo(1)) - }) - - It("opens skipped streams", func() { - _, err := m.getOrOpenStream(6) - Expect(err).NotTo(HaveOccurred()) - Expect(m.streams).To(HaveKey(protocol.StreamID(2))) - Expect(m.streams).To(HaveKey(protocol.StreamID(4))) - Expect(m.streams).To(HaveKey(protocol.StreamID(6))) - Expect(m.numOutgoingStreams).To(BeZero()) - Expect(m.numIncomingStreams).To(BeEquivalentTo(3)) - }) - - It("doesn't reopen an already closed stream", func() { - str, err := m.OpenStream() - Expect(err).ToNot(HaveOccurred()) - Expect(str.StreamID()).To(Equal(protocol.StreamID(3))) - deleteStream(3) - Expect(err).ToNot(HaveOccurred()) - str, err = m.getOrOpenStream(3) - Expect(err).ToNot(HaveOccurred()) - Expect(str).To(BeNil()) - }) - }) - - Context("client-side streams", func() { - It("starts with stream 3", func() { - s, err := m.OpenStream() - Expect(err).ToNot(HaveOccurred()) - Expect(s).ToNot(BeNil()) - Expect(s.StreamID()).To(BeEquivalentTo(3)) - Expect(m.numOutgoingStreams).To(BeEquivalentTo(1)) - Expect(m.numIncomingStreams).To(BeZero()) - }) - - It("opens multiple streams", func() { - s1, err := m.OpenStream() - Expect(err).ToNot(HaveOccurred()) - s2, err := m.OpenStream() - Expect(err).ToNot(HaveOccurred()) - Expect(s2.StreamID()).To(Equal(s1.StreamID() + 2)) - }) - - It("doesn't reopen an already closed stream", func() { - _, err := m.getOrOpenStream(4) - Expect(err).ToNot(HaveOccurred()) - deleteStream(4) - Expect(err).ToNot(HaveOccurred()) - str, err := m.getOrOpenStream(4) - Expect(err).ToNot(HaveOccurred()) - Expect(str).To(BeNil()) - }) - }) - - Context("accepting streams", func() { - It("accepts stream 2 first", func() { - var str Stream - done := make(chan struct{}) - go func() { - defer GinkgoRecover() - var err error - str, err = m.AcceptStream() - Expect(err).ToNot(HaveOccurred()) - close(done) - }() - _, err := m.getOrOpenStream(2) - Expect(err).ToNot(HaveOccurred()) - Eventually(done).Should(BeClosed()) - Expect(str.StreamID()).To(Equal(protocol.StreamID(2))) - }) - }) - }) - }) - - Context("deleting streams", func() { - BeforeEach(func() { - setNewStreamsMap(protocol.PerspectiveServer) - }) - - It("deletes an incoming stream", func() { - _, err := m.getOrOpenStream(5) // open stream 3 and 5 - Expect(err).ToNot(HaveOccurred()) - Expect(m.numIncomingStreams).To(BeEquivalentTo(2)) - err = m.DeleteStream(3) - Expect(err).ToNot(HaveOccurred()) - Expect(m.streams).To(HaveLen(1)) - Expect(m.streams).To(HaveKey(protocol.StreamID(5))) - Expect(m.numIncomingStreams).To(BeEquivalentTo(1)) - }) - - It("deletes an outgoing stream", func() { - m.UpdateLimits(&handshake.TransportParameters{MaxStreams: 10000}) - _, err := m.OpenStream() // open stream 2 - Expect(err).ToNot(HaveOccurred()) - _, err = m.OpenStream() - Expect(err).ToNot(HaveOccurred()) - Expect(m.numOutgoingStreams).To(BeEquivalentTo(2)) - err = m.DeleteStream(2) - Expect(err).ToNot(HaveOccurred()) - Expect(m.numOutgoingStreams).To(BeEquivalentTo(1)) - }) - - It("errors when the stream doesn't exist", func() { - err := m.DeleteStream(1337) - Expect(err).To(MatchError(errMapAccess)) - }) - }) - - It("sets the flow control limit", func() { - setNewStreamsMap(protocol.PerspectiveServer) - _, err := m.getOrOpenStream(5) - Expect(err).ToNot(HaveOccurred()) - m.streams[3].(*MockStreamI).EXPECT().handleMaxStreamDataFrame(&wire.MaxStreamDataFrame{ - StreamID: 3, - ByteOffset: 321, - }) - m.streams[5].(*MockStreamI).EXPECT().handleMaxStreamDataFrame(&wire.MaxStreamDataFrame{ - StreamID: 5, - ByteOffset: 321, - }) - m.UpdateLimits(&handshake.TransportParameters{StreamFlowControlWindow: 321}) - }) - - It("doesn't accept MAX_STREAM_ID frames", func() { - Expect(m.HandleMaxStreamIDFrame(&wire.MaxStreamIDFrame{})).ToNot(Succeed()) - }) -}) diff --git a/streams_map_test.go b/streams_map_test.go index 688019b6..db6dac38 100644 --- a/streams_map_test.go +++ b/streams_map_test.go @@ -24,7 +24,7 @@ type streamMapping struct { firstOutgoingUniStream protocol.StreamID } -var _ = Describe("Streams Map (for IETF QUIC)", func() { +var _ = Describe("Streams Map", func() { newFlowController := func(protocol.StreamID) flowcontrol.StreamFlowController { return mocks.NewMockStreamFlowController(mockCtrl) } @@ -71,7 +71,7 @@ var _ = Describe("Streams Map (for IETF QUIC)", func() { BeforeEach(func() { mockSender = NewMockStreamSender(mockCtrl) - m = newStreamsMap(mockSender, newFlowController, maxBidiStreams, maxUniStreams, perspective, versionIETFFrames).(*streamsMap) + m = newStreamsMap(mockSender, newFlowController, maxBidiStreams, maxUniStreams, perspective, protocol.VersionWhatever).(*streamsMap) }) Context("opening", func() { diff --git a/vendor/github.com/hashicorp/golang-lru/2q.go b/vendor/github.com/hashicorp/golang-lru/2q.go deleted file mode 100644 index e474cd07..00000000 --- a/vendor/github.com/hashicorp/golang-lru/2q.go +++ /dev/null @@ -1,223 +0,0 @@ -package lru - -import ( - "fmt" - "sync" - - "github.com/hashicorp/golang-lru/simplelru" -) - -const ( - // Default2QRecentRatio is the ratio of the 2Q cache dedicated - // to recently added entries that have only been accessed once. - Default2QRecentRatio = 0.25 - - // Default2QGhostEntries is the default ratio of ghost - // entries kept to track entries recently evicted - Default2QGhostEntries = 0.50 -) - -// TwoQueueCache is a thread-safe fixed size 2Q cache. -// 2Q is an enhancement over the standard LRU cache -// in that it tracks both frequently and recently used -// entries separately. This avoids a burst in access to new -// entries from evicting frequently used entries. It adds some -// additional tracking overhead to the standard LRU cache, and is -// computationally about 2x the cost, and adds some metadata over -// head. The ARCCache is similar, but does not require setting any -// parameters. -type TwoQueueCache struct { - size int - recentSize int - - recent simplelru.LRUCache - frequent simplelru.LRUCache - recentEvict simplelru.LRUCache - lock sync.RWMutex -} - -// New2Q creates a new TwoQueueCache using the default -// values for the parameters. -func New2Q(size int) (*TwoQueueCache, error) { - return New2QParams(size, Default2QRecentRatio, Default2QGhostEntries) -} - -// New2QParams creates a new TwoQueueCache using the provided -// parameter values. -func New2QParams(size int, recentRatio float64, ghostRatio float64) (*TwoQueueCache, error) { - if size <= 0 { - return nil, fmt.Errorf("invalid size") - } - if recentRatio < 0.0 || recentRatio > 1.0 { - return nil, fmt.Errorf("invalid recent ratio") - } - if ghostRatio < 0.0 || ghostRatio > 1.0 { - return nil, fmt.Errorf("invalid ghost ratio") - } - - // Determine the sub-sizes - recentSize := int(float64(size) * recentRatio) - evictSize := int(float64(size) * ghostRatio) - - // Allocate the LRUs - recent, err := simplelru.NewLRU(size, nil) - if err != nil { - return nil, err - } - frequent, err := simplelru.NewLRU(size, nil) - if err != nil { - return nil, err - } - recentEvict, err := simplelru.NewLRU(evictSize, nil) - if err != nil { - return nil, err - } - - // Initialize the cache - c := &TwoQueueCache{ - size: size, - recentSize: recentSize, - recent: recent, - frequent: frequent, - recentEvict: recentEvict, - } - return c, nil -} - -// Get looks up a key's value from the cache. -func (c *TwoQueueCache) Get(key interface{}) (value interface{}, ok bool) { - c.lock.Lock() - defer c.lock.Unlock() - - // Check if this is a frequent value - if val, ok := c.frequent.Get(key); ok { - return val, ok - } - - // If the value is contained in recent, then we - // promote it to frequent - if val, ok := c.recent.Peek(key); ok { - c.recent.Remove(key) - c.frequent.Add(key, val) - return val, ok - } - - // No hit - return nil, false -} - -// Add adds a value to the cache. -func (c *TwoQueueCache) Add(key, value interface{}) { - c.lock.Lock() - defer c.lock.Unlock() - - // Check if the value is frequently used already, - // and just update the value - if c.frequent.Contains(key) { - c.frequent.Add(key, value) - return - } - - // Check if the value is recently used, and promote - // the value into the frequent list - if c.recent.Contains(key) { - c.recent.Remove(key) - c.frequent.Add(key, value) - return - } - - // If the value was recently evicted, add it to the - // frequently used list - if c.recentEvict.Contains(key) { - c.ensureSpace(true) - c.recentEvict.Remove(key) - c.frequent.Add(key, value) - return - } - - // Add to the recently seen list - c.ensureSpace(false) - c.recent.Add(key, value) - return -} - -// ensureSpace is used to ensure we have space in the cache -func (c *TwoQueueCache) ensureSpace(recentEvict bool) { - // If we have space, nothing to do - recentLen := c.recent.Len() - freqLen := c.frequent.Len() - if recentLen+freqLen < c.size { - return - } - - // If the recent buffer is larger than - // the target, evict from there - if recentLen > 0 && (recentLen > c.recentSize || (recentLen == c.recentSize && !recentEvict)) { - k, _, _ := c.recent.RemoveOldest() - c.recentEvict.Add(k, nil) - return - } - - // Remove from the frequent list otherwise - c.frequent.RemoveOldest() -} - -// Len returns the number of items in the cache. -func (c *TwoQueueCache) Len() int { - c.lock.RLock() - defer c.lock.RUnlock() - return c.recent.Len() + c.frequent.Len() -} - -// Keys returns a slice of the keys in the cache. -// The frequently used keys are first in the returned slice. -func (c *TwoQueueCache) Keys() []interface{} { - c.lock.RLock() - defer c.lock.RUnlock() - k1 := c.frequent.Keys() - k2 := c.recent.Keys() - return append(k1, k2...) -} - -// Remove removes the provided key from the cache. -func (c *TwoQueueCache) Remove(key interface{}) { - c.lock.Lock() - defer c.lock.Unlock() - if c.frequent.Remove(key) { - return - } - if c.recent.Remove(key) { - return - } - if c.recentEvict.Remove(key) { - return - } -} - -// Purge is used to completely clear the cache. -func (c *TwoQueueCache) Purge() { - c.lock.Lock() - defer c.lock.Unlock() - c.recent.Purge() - c.frequent.Purge() - c.recentEvict.Purge() -} - -// Contains is used to check if the cache contains a key -// without updating recency or frequency. -func (c *TwoQueueCache) Contains(key interface{}) bool { - c.lock.RLock() - defer c.lock.RUnlock() - return c.frequent.Contains(key) || c.recent.Contains(key) -} - -// Peek is used to inspect the cache value of a key -// without updating recency or frequency. -func (c *TwoQueueCache) Peek(key interface{}) (value interface{}, ok bool) { - c.lock.RLock() - defer c.lock.RUnlock() - if val, ok := c.frequent.Peek(key); ok { - return val, ok - } - return c.recent.Peek(key) -} diff --git a/vendor/github.com/hashicorp/golang-lru/LICENSE b/vendor/github.com/hashicorp/golang-lru/LICENSE deleted file mode 100644 index be2cc4df..00000000 --- a/vendor/github.com/hashicorp/golang-lru/LICENSE +++ /dev/null @@ -1,362 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. "Contributor" - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. "Contributor Version" - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor's Contribution. - -1.3. "Contribution" - - means Covered Software of a particular Contributor. - -1.4. "Covered Software" - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. "Incompatible With Secondary Licenses" - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of - version 1.1 or earlier of the License, but not also under the terms of - a Secondary License. - -1.6. "Executable Form" - - means any form of the work other than Source Code Form. - -1.7. "Larger Work" - - means a work that combines Covered Software with other material, in a - separate file or files, that is not Covered Software. - -1.8. "License" - - means this document. - -1.9. "Licensable" - - means having the right to grant, to the maximum extent possible, whether - at the time of the initial grant or subsequently, any and all of the - rights conveyed by this License. - -1.10. "Modifications" - - means any of the following: - - a. any file in Source Code Form that results from an addition to, - deletion from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. "Patent Claims" of a Contributor - - means any patent claim(s), including without limitation, method, - process, and apparatus claims, in any patent Licensable by such - Contributor that would be infringed, but for the grant of the License, - by the making, using, selling, offering for sale, having made, import, - or transfer of either its Contributions or its Contributor Version. - -1.12. "Secondary License" - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. "Source Code Form" - - means the form of the work preferred for making modifications. - -1.14. "You" (or "Your") - - means an individual or a legal entity exercising rights under this - License. For legal entities, "You" includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, "control" means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or - as part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its - Contributions or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution - become effective for each Contribution on the date the Contributor first - distributes such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under - this License. No additional rights or licenses will be implied from the - distribution or licensing of Covered Software under this License. - Notwithstanding Section 2.1(b) above, no patent license is granted by a - Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party's - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of - its Contributions. - - This License does not grant any rights in the trademarks, service marks, - or logos of any Contributor (except as may be necessary to comply with - the notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this - License (see Section 10.2) or under the terms of a Secondary License (if - permitted under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its - Contributions are its original creation(s) or it has sufficient rights to - grant the rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under - applicable copyright doctrines of fair use, fair dealing, or other - equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under - the terms of this License. You must inform recipients that the Source - Code Form of the Covered Software is governed by the terms of this - License, and how they can obtain a copy of this License. You may not - attempt to alter or restrict the recipients' rights in the Source Code - Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this - License, or sublicense it under different terms, provided that the - license for the Executable Form does not attempt to limit or alter the - recipients' rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for - the Covered Software. If the Larger Work is a combination of Covered - Software with a work governed by one or more Secondary Licenses, and the - Covered Software is not Incompatible With Secondary Licenses, this - License permits You to additionally distribute such Covered Software - under the terms of such Secondary License(s), so that the recipient of - the Larger Work may, at their option, further distribute the Covered - Software under the terms of either this License or such Secondary - License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices - (including copyright notices, patent notices, disclaimers of warranty, or - limitations of liability) contained within the Source Code Form of the - Covered Software, except that You may alter any license notices to the - extent required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on - behalf of any Contributor. You must make it absolutely clear that any - such warranty, support, indemnity, or liability obligation is offered by - You alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, - judicial order, or regulation then You must: (a) comply with the terms of - this License to the maximum extent possible; and (b) describe the - limitations and the code they affect. Such description must be placed in a - text file included with all distributions of the Covered Software under - this License. Except to the extent prohibited by statute or regulation, - such description must be sufficiently detailed for a recipient of ordinary - skill to be able to understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing - basis, if such Contributor fails to notify You of the non-compliance by - some reasonable means prior to 60 days after You have come back into - compliance. Moreover, Your grants from a particular Contributor are - reinstated on an ongoing basis if such Contributor notifies You of the - non-compliance by some reasonable means, this is the first time You have - received notice of non-compliance with this License from such - Contributor, and You become compliant prior to 30 days after Your receipt - of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, - counter-claims, and cross-claims) alleging that a Contributor Version - directly or indirectly infringes any patent, then the rights granted to - You by any and all Contributors for the Covered Software under Section - 2.1 of this License shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an "as is" basis, - without warranty of any kind, either expressed, implied, or statutory, - including, without limitation, warranties that the Covered Software is free - of defects, merchantable, fit for a particular purpose or non-infringing. - The entire risk as to the quality and performance of the Covered Software - is with You. Should any Covered Software prove defective in any respect, - You (not any Contributor) assume the cost of any necessary servicing, - repair, or correction. This disclaimer of warranty constitutes an essential - part of this License. No use of any Covered Software is authorized under - this License except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from - such party's negligence to the extent applicable law prohibits such - limitation. Some jurisdictions do not allow the exclusion or limitation of - incidental or consequential damages, so this exclusion and limitation may - not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts - of a jurisdiction where the defendant maintains its principal place of - business and such litigation shall be governed by laws of that - jurisdiction, without reference to its conflict-of-law provisions. Nothing - in this Section shall prevent a party's ability to bring cross-claims or - counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject - matter hereof. If any provision of this License is held to be - unenforceable, such provision shall be reformed only to the extent - necessary to make it enforceable. Any law or regulation which provides that - the language of a contract shall be construed against the drafter shall not - be used to construe this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version - of the License under which You originally received the Covered Software, - or under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a - modified version of this License if you rename the license and remove - any references to the name of the license steward (except to note that - such modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary - Licenses If You choose to distribute Source Code Form that is - Incompatible With Secondary Licenses under the terms of this version of - the License, the notice described in Exhibit B of this License must be - attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, -then You may include the notice in a location (such as a LICENSE file in a -relevant directory) where a recipient would be likely to look for such a -notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - "Incompatible With Secondary Licenses" Notice - - This Source Code Form is "Incompatible - With Secondary Licenses", as defined by - the Mozilla Public License, v. 2.0. diff --git a/vendor/github.com/hashicorp/golang-lru/README.md b/vendor/github.com/hashicorp/golang-lru/README.md deleted file mode 100644 index 33e58cfa..00000000 --- a/vendor/github.com/hashicorp/golang-lru/README.md +++ /dev/null @@ -1,25 +0,0 @@ -golang-lru -========== - -This provides the `lru` package which implements a fixed-size -thread safe LRU cache. It is based on the cache in Groupcache. - -Documentation -============= - -Full docs are available on [Godoc](http://godoc.org/github.com/hashicorp/golang-lru) - -Example -======= - -Using the LRU is very simple: - -```go -l, _ := New(128) -for i := 0; i < 256; i++ { - l.Add(i, nil) -} -if l.Len() != 128 { - panic(fmt.Sprintf("bad len: %v", l.Len())) -} -``` diff --git a/vendor/github.com/hashicorp/golang-lru/arc.go b/vendor/github.com/hashicorp/golang-lru/arc.go deleted file mode 100644 index 555225a2..00000000 --- a/vendor/github.com/hashicorp/golang-lru/arc.go +++ /dev/null @@ -1,257 +0,0 @@ -package lru - -import ( - "sync" - - "github.com/hashicorp/golang-lru/simplelru" -) - -// ARCCache is a thread-safe fixed size Adaptive Replacement Cache (ARC). -// ARC is an enhancement over the standard LRU cache in that tracks both -// frequency and recency of use. This avoids a burst in access to new -// entries from evicting the frequently used older entries. It adds some -// additional tracking overhead to a standard LRU cache, computationally -// it is roughly 2x the cost, and the extra memory overhead is linear -// with the size of the cache. ARC has been patented by IBM, but is -// similar to the TwoQueueCache (2Q) which requires setting parameters. -type ARCCache struct { - size int // Size is the total capacity of the cache - p int // P is the dynamic preference towards T1 or T2 - - t1 simplelru.LRUCache // T1 is the LRU for recently accessed items - b1 simplelru.LRUCache // B1 is the LRU for evictions from t1 - - t2 simplelru.LRUCache // T2 is the LRU for frequently accessed items - b2 simplelru.LRUCache // B2 is the LRU for evictions from t2 - - lock sync.RWMutex -} - -// NewARC creates an ARC of the given size -func NewARC(size int) (*ARCCache, error) { - // Create the sub LRUs - b1, err := simplelru.NewLRU(size, nil) - if err != nil { - return nil, err - } - b2, err := simplelru.NewLRU(size, nil) - if err != nil { - return nil, err - } - t1, err := simplelru.NewLRU(size, nil) - if err != nil { - return nil, err - } - t2, err := simplelru.NewLRU(size, nil) - if err != nil { - return nil, err - } - - // Initialize the ARC - c := &ARCCache{ - size: size, - p: 0, - t1: t1, - b1: b1, - t2: t2, - b2: b2, - } - return c, nil -} - -// Get looks up a key's value from the cache. -func (c *ARCCache) Get(key interface{}) (value interface{}, ok bool) { - c.lock.Lock() - defer c.lock.Unlock() - - // If the value is contained in T1 (recent), then - // promote it to T2 (frequent) - if val, ok := c.t1.Peek(key); ok { - c.t1.Remove(key) - c.t2.Add(key, val) - return val, ok - } - - // Check if the value is contained in T2 (frequent) - if val, ok := c.t2.Get(key); ok { - return val, ok - } - - // No hit - return nil, false -} - -// Add adds a value to the cache. -func (c *ARCCache) Add(key, value interface{}) { - c.lock.Lock() - defer c.lock.Unlock() - - // Check if the value is contained in T1 (recent), and potentially - // promote it to frequent T2 - if c.t1.Contains(key) { - c.t1.Remove(key) - c.t2.Add(key, value) - return - } - - // Check if the value is already in T2 (frequent) and update it - if c.t2.Contains(key) { - c.t2.Add(key, value) - return - } - - // Check if this value was recently evicted as part of the - // recently used list - if c.b1.Contains(key) { - // T1 set is too small, increase P appropriately - delta := 1 - b1Len := c.b1.Len() - b2Len := c.b2.Len() - if b2Len > b1Len { - delta = b2Len / b1Len - } - if c.p+delta >= c.size { - c.p = c.size - } else { - c.p += delta - } - - // Potentially need to make room in the cache - if c.t1.Len()+c.t2.Len() >= c.size { - c.replace(false) - } - - // Remove from B1 - c.b1.Remove(key) - - // Add the key to the frequently used list - c.t2.Add(key, value) - return - } - - // Check if this value was recently evicted as part of the - // frequently used list - if c.b2.Contains(key) { - // T2 set is too small, decrease P appropriately - delta := 1 - b1Len := c.b1.Len() - b2Len := c.b2.Len() - if b1Len > b2Len { - delta = b1Len / b2Len - } - if delta >= c.p { - c.p = 0 - } else { - c.p -= delta - } - - // Potentially need to make room in the cache - if c.t1.Len()+c.t2.Len() >= c.size { - c.replace(true) - } - - // Remove from B2 - c.b2.Remove(key) - - // Add the key to the frequently used list - c.t2.Add(key, value) - return - } - - // Potentially need to make room in the cache - if c.t1.Len()+c.t2.Len() >= c.size { - c.replace(false) - } - - // Keep the size of the ghost buffers trim - if c.b1.Len() > c.size-c.p { - c.b1.RemoveOldest() - } - if c.b2.Len() > c.p { - c.b2.RemoveOldest() - } - - // Add to the recently seen list - c.t1.Add(key, value) - return -} - -// replace is used to adaptively evict from either T1 or T2 -// based on the current learned value of P -func (c *ARCCache) replace(b2ContainsKey bool) { - t1Len := c.t1.Len() - if t1Len > 0 && (t1Len > c.p || (t1Len == c.p && b2ContainsKey)) { - k, _, ok := c.t1.RemoveOldest() - if ok { - c.b1.Add(k, nil) - } - } else { - k, _, ok := c.t2.RemoveOldest() - if ok { - c.b2.Add(k, nil) - } - } -} - -// Len returns the number of cached entries -func (c *ARCCache) Len() int { - c.lock.RLock() - defer c.lock.RUnlock() - return c.t1.Len() + c.t2.Len() -} - -// Keys returns all the cached keys -func (c *ARCCache) Keys() []interface{} { - c.lock.RLock() - defer c.lock.RUnlock() - k1 := c.t1.Keys() - k2 := c.t2.Keys() - return append(k1, k2...) -} - -// Remove is used to purge a key from the cache -func (c *ARCCache) Remove(key interface{}) { - c.lock.Lock() - defer c.lock.Unlock() - if c.t1.Remove(key) { - return - } - if c.t2.Remove(key) { - return - } - if c.b1.Remove(key) { - return - } - if c.b2.Remove(key) { - return - } -} - -// Purge is used to clear the cache -func (c *ARCCache) Purge() { - c.lock.Lock() - defer c.lock.Unlock() - c.t1.Purge() - c.t2.Purge() - c.b1.Purge() - c.b2.Purge() -} - -// Contains is used to check if the cache contains a key -// without updating recency or frequency. -func (c *ARCCache) Contains(key interface{}) bool { - c.lock.RLock() - defer c.lock.RUnlock() - return c.t1.Contains(key) || c.t2.Contains(key) -} - -// Peek is used to inspect the cache value of a key -// without updating recency or frequency. -func (c *ARCCache) Peek(key interface{}) (value interface{}, ok bool) { - c.lock.RLock() - defer c.lock.RUnlock() - if val, ok := c.t1.Peek(key); ok { - return val, ok - } - return c.t2.Peek(key) -} diff --git a/vendor/github.com/hashicorp/golang-lru/doc.go b/vendor/github.com/hashicorp/golang-lru/doc.go deleted file mode 100644 index 2547df97..00000000 --- a/vendor/github.com/hashicorp/golang-lru/doc.go +++ /dev/null @@ -1,21 +0,0 @@ -// Package lru provides three different LRU caches of varying sophistication. -// -// Cache is a simple LRU cache. It is based on the -// LRU implementation in groupcache: -// https://github.com/golang/groupcache/tree/master/lru -// -// TwoQueueCache tracks frequently used and recently used entries separately. -// This avoids a burst of accesses from taking out frequently used entries, -// at the cost of about 2x computational overhead and some extra bookkeeping. -// -// ARCCache is an adaptive replacement cache. It tracks recent evictions as -// well as recent usage in both the frequent and recent caches. Its -// computational overhead is comparable to TwoQueueCache, but the memory -// overhead is linear with the size of the cache. -// -// ARC has been patented by IBM, so do not use it if that is problematic for -// your program. -// -// All caches in this package take locks while operating, and are therefore -// thread-safe for consumers. -package lru diff --git a/vendor/github.com/hashicorp/golang-lru/lru.go b/vendor/github.com/hashicorp/golang-lru/lru.go deleted file mode 100644 index c8d9b0a2..00000000 --- a/vendor/github.com/hashicorp/golang-lru/lru.go +++ /dev/null @@ -1,110 +0,0 @@ -package lru - -import ( - "sync" - - "github.com/hashicorp/golang-lru/simplelru" -) - -// Cache is a thread-safe fixed size LRU cache. -type Cache struct { - lru simplelru.LRUCache - lock sync.RWMutex -} - -// New creates an LRU of the given size. -func New(size int) (*Cache, error) { - return NewWithEvict(size, nil) -} - -// NewWithEvict constructs a fixed size cache with the given eviction -// callback. -func NewWithEvict(size int, onEvicted func(key interface{}, value interface{})) (*Cache, error) { - lru, err := simplelru.NewLRU(size, simplelru.EvictCallback(onEvicted)) - if err != nil { - return nil, err - } - c := &Cache{ - lru: lru, - } - return c, nil -} - -// Purge is used to completely clear the cache. -func (c *Cache) Purge() { - c.lock.Lock() - c.lru.Purge() - c.lock.Unlock() -} - -// Add adds a value to the cache. Returns true if an eviction occurred. -func (c *Cache) Add(key, value interface{}) (evicted bool) { - c.lock.Lock() - defer c.lock.Unlock() - return c.lru.Add(key, value) -} - -// Get looks up a key's value from the cache. -func (c *Cache) Get(key interface{}) (value interface{}, ok bool) { - c.lock.Lock() - defer c.lock.Unlock() - return c.lru.Get(key) -} - -// Contains checks if a key is in the cache, without updating the -// recent-ness or deleting it for being stale. -func (c *Cache) Contains(key interface{}) bool { - c.lock.RLock() - defer c.lock.RUnlock() - return c.lru.Contains(key) -} - -// Peek returns the key value (or undefined if not found) without updating -// the "recently used"-ness of the key. -func (c *Cache) Peek(key interface{}) (value interface{}, ok bool) { - c.lock.RLock() - defer c.lock.RUnlock() - return c.lru.Peek(key) -} - -// ContainsOrAdd checks if a key is in the cache without updating the -// recent-ness or deleting it for being stale, and if not, adds the value. -// Returns whether found and whether an eviction occurred. -func (c *Cache) ContainsOrAdd(key, value interface{}) (ok, evicted bool) { - c.lock.Lock() - defer c.lock.Unlock() - - if c.lru.Contains(key) { - return true, false - } - evicted = c.lru.Add(key, value) - return false, evicted -} - -// Remove removes the provided key from the cache. -func (c *Cache) Remove(key interface{}) { - c.lock.Lock() - c.lru.Remove(key) - c.lock.Unlock() -} - -// RemoveOldest removes the oldest item from the cache. -func (c *Cache) RemoveOldest() { - c.lock.Lock() - c.lru.RemoveOldest() - c.lock.Unlock() -} - -// Keys returns a slice of the keys in the cache, from oldest to newest. -func (c *Cache) Keys() []interface{} { - c.lock.RLock() - defer c.lock.RUnlock() - return c.lru.Keys() -} - -// Len returns the number of items in the cache. -func (c *Cache) Len() int { - c.lock.RLock() - defer c.lock.RUnlock() - return c.lru.Len() -} diff --git a/vendor/github.com/hashicorp/golang-lru/simplelru/lru.go b/vendor/github.com/hashicorp/golang-lru/simplelru/lru.go deleted file mode 100644 index 5673773b..00000000 --- a/vendor/github.com/hashicorp/golang-lru/simplelru/lru.go +++ /dev/null @@ -1,161 +0,0 @@ -package simplelru - -import ( - "container/list" - "errors" -) - -// EvictCallback is used to get a callback when a cache entry is evicted -type EvictCallback func(key interface{}, value interface{}) - -// LRU implements a non-thread safe fixed size LRU cache -type LRU struct { - size int - evictList *list.List - items map[interface{}]*list.Element - onEvict EvictCallback -} - -// entry is used to hold a value in the evictList -type entry struct { - key interface{} - value interface{} -} - -// NewLRU constructs an LRU of the given size -func NewLRU(size int, onEvict EvictCallback) (*LRU, error) { - if size <= 0 { - return nil, errors.New("Must provide a positive size") - } - c := &LRU{ - size: size, - evictList: list.New(), - items: make(map[interface{}]*list.Element), - onEvict: onEvict, - } - return c, nil -} - -// Purge is used to completely clear the cache. -func (c *LRU) Purge() { - for k, v := range c.items { - if c.onEvict != nil { - c.onEvict(k, v.Value.(*entry).value) - } - delete(c.items, k) - } - c.evictList.Init() -} - -// Add adds a value to the cache. Returns true if an eviction occurred. -func (c *LRU) Add(key, value interface{}) (evicted bool) { - // Check for existing item - if ent, ok := c.items[key]; ok { - c.evictList.MoveToFront(ent) - ent.Value.(*entry).value = value - return false - } - - // Add new item - ent := &entry{key, value} - entry := c.evictList.PushFront(ent) - c.items[key] = entry - - evict := c.evictList.Len() > c.size - // Verify size not exceeded - if evict { - c.removeOldest() - } - return evict -} - -// Get looks up a key's value from the cache. -func (c *LRU) Get(key interface{}) (value interface{}, ok bool) { - if ent, ok := c.items[key]; ok { - c.evictList.MoveToFront(ent) - return ent.Value.(*entry).value, true - } - return -} - -// Contains checks if a key is in the cache, without updating the recent-ness -// or deleting it for being stale. -func (c *LRU) Contains(key interface{}) (ok bool) { - _, ok = c.items[key] - return ok -} - -// Peek returns the key value (or undefined if not found) without updating -// the "recently used"-ness of the key. -func (c *LRU) Peek(key interface{}) (value interface{}, ok bool) { - var ent *list.Element - if ent, ok = c.items[key]; ok { - return ent.Value.(*entry).value, true - } - return nil, ok -} - -// Remove removes the provided key from the cache, returning if the -// key was contained. -func (c *LRU) Remove(key interface{}) (present bool) { - if ent, ok := c.items[key]; ok { - c.removeElement(ent) - return true - } - return false -} - -// RemoveOldest removes the oldest item from the cache. -func (c *LRU) RemoveOldest() (key interface{}, value interface{}, ok bool) { - ent := c.evictList.Back() - if ent != nil { - c.removeElement(ent) - kv := ent.Value.(*entry) - return kv.key, kv.value, true - } - return nil, nil, false -} - -// GetOldest returns the oldest entry -func (c *LRU) GetOldest() (key interface{}, value interface{}, ok bool) { - ent := c.evictList.Back() - if ent != nil { - kv := ent.Value.(*entry) - return kv.key, kv.value, true - } - return nil, nil, false -} - -// Keys returns a slice of the keys in the cache, from oldest to newest. -func (c *LRU) Keys() []interface{} { - keys := make([]interface{}, len(c.items)) - i := 0 - for ent := c.evictList.Back(); ent != nil; ent = ent.Prev() { - keys[i] = ent.Value.(*entry).key - i++ - } - return keys -} - -// Len returns the number of items in the cache. -func (c *LRU) Len() int { - return c.evictList.Len() -} - -// removeOldest removes the oldest item from the cache. -func (c *LRU) removeOldest() { - ent := c.evictList.Back() - if ent != nil { - c.removeElement(ent) - } -} - -// removeElement is used to remove a given list element from the cache -func (c *LRU) removeElement(e *list.Element) { - c.evictList.Remove(e) - kv := e.Value.(*entry) - delete(c.items, kv.key) - if c.onEvict != nil { - c.onEvict(kv.key, kv.value) - } -} diff --git a/vendor/github.com/hashicorp/golang-lru/simplelru/lru_interface.go b/vendor/github.com/hashicorp/golang-lru/simplelru/lru_interface.go deleted file mode 100644 index 744cac01..00000000 --- a/vendor/github.com/hashicorp/golang-lru/simplelru/lru_interface.go +++ /dev/null @@ -1,37 +0,0 @@ -package simplelru - - -// LRUCache is the interface for simple LRU cache. -type LRUCache interface { - // Adds a value to the cache, returns true if an eviction occurred and - // updates the "recently used"-ness of the key. - Add(key, value interface{}) bool - - // Returns key's value from the cache and - // updates the "recently used"-ness of the key. #value, isFound - Get(key interface{}) (value interface{}, ok bool) - - // Check if a key exsists in cache without updating the recent-ness. - Contains(key interface{}) (ok bool) - - // Returns key's value without updating the "recently used"-ness of the key. - Peek(key interface{}) (value interface{}, ok bool) - - // Removes a key from the cache. - Remove(key interface{}) bool - - // Removes the oldest entry from cache. - RemoveOldest() (interface{}, interface{}, bool) - - // Returns the oldest entry from the cache. #key, value, isFound - GetOldest() (interface{}, interface{}, bool) - - // Returns a slice of the keys in the cache, from oldest to newest. - Keys() []interface{} - - // Returns the number of items in the cache. - Len() int - - // Clear all cache entries - Purge() -} diff --git a/vendor/github.com/lucas-clemente/aes12/LICENSE b/vendor/github.com/lucas-clemente/aes12/LICENSE deleted file mode 100644 index 2c08ae24..00000000 --- a/vendor/github.com/lucas-clemente/aes12/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2016 Lucas Clemente - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/vendor/github.com/lucas-clemente/aes12/Readme.md b/vendor/github.com/lucas-clemente/aes12/Readme.md deleted file mode 100644 index ef4e316f..00000000 --- a/vendor/github.com/lucas-clemente/aes12/Readme.md +++ /dev/null @@ -1,28 +0,0 @@ -# aes12 - -This package modifies the AES-GCM implementation from Go's standard library to use 12 byte tag sizes. It is not intended for a general audience, and used in [quic-go](https://github.com/lucas-clemente/quic-go). - -To make use of the in-place encryption / decryption feature, the `dst` parameter to `Seal` and `Open` should be 16 bytes longer than plaintext, not 12. - -Command for testing: - -``` -go test . --bench=. && GOARCH=386 go test . --bench=. -``` - -The output (on my machine): - -``` -BenchmarkAESGCMSeal1K-8 3000000 467 ns/op 2192.37 MB/s -BenchmarkAESGCMOpen1K-8 3000000 416 ns/op 2456.72 MB/s -BenchmarkAESGCMSeal8K-8 500000 2742 ns/op 2986.53 MB/s -BenchmarkAESGCMOpen8K-8 500000 2791 ns/op 2934.65 MB/s -PASS -ok github.com/lucas-clemente/aes12 6.383s -BenchmarkAESGCMSeal1K-8 50000 35233 ns/op 29.06 MB/s -BenchmarkAESGCMOpen1K-8 50000 34529 ns/op 29.66 MB/s -BenchmarkAESGCMSeal8K-8 5000 262678 ns/op 31.19 MB/s -BenchmarkAESGCMOpen8K-8 5000 267296 ns/op 30.65 MB/s -PASS -ok github.com/lucas-clemente/aes12 6.972s -``` diff --git a/vendor/github.com/lucas-clemente/aes12/aes_gcm.go b/vendor/github.com/lucas-clemente/aes12/aes_gcm.go deleted file mode 100644 index 21f2b233..00000000 --- a/vendor/github.com/lucas-clemente/aes12/aes_gcm.go +++ /dev/null @@ -1,148 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build amd64 - -package aes12 - -import "crypto/subtle" - -// The following functions are defined in gcm_amd64.s. -func hasGCMAsm() bool - -//go:noescape -func aesEncBlock(dst, src *[16]byte, ks []uint32) - -//go:noescape -func gcmAesInit(productTable *[256]byte, ks []uint32) - -//go:noescape -func gcmAesData(productTable *[256]byte, data []byte, T *[16]byte) - -//go:noescape -func gcmAesEnc(productTable *[256]byte, dst, src []byte, ctr, T *[16]byte, ks []uint32) - -//go:noescape -func gcmAesDec(productTable *[256]byte, dst, src []byte, ctr, T *[16]byte, ks []uint32) - -//go:noescape -func gcmAesFinish(productTable *[256]byte, tagMask, T *[16]byte, pLen, dLen uint64) - -// aesCipherGCM implements crypto/cipher.gcmAble so that crypto/cipher.NewGCM -// will use the optimised implementation in this file when possible. Instances -// of this type only exist when hasGCMAsm returns true. -type aesCipherGCM struct { - aesCipherAsm -} - -// Assert that aesCipherGCM implements the gcmAble interface. -var _ gcmAble = (*aesCipherGCM)(nil) - -// NewGCM returns the AES cipher wrapped in Galois Counter Mode. This is only -// called by crypto/cipher.NewGCM via the gcmAble interface. -func (c *aesCipherGCM) NewGCM(nonceSize int) (AEAD, error) { - g := &gcmAsm{ks: c.enc, nonceSize: nonceSize} - gcmAesInit(&g.productTable, g.ks) - return g, nil -} - -type gcmAsm struct { - // ks is the key schedule, the length of which depends on the size of - // the AES key. - ks []uint32 - // productTable contains pre-computed multiples of the binary-field - // element used in GHASH. - productTable [256]byte - // nonceSize contains the expected size of the nonce, in bytes. - nonceSize int -} - -func (g *gcmAsm) NonceSize() int { - return g.nonceSize -} - -func (*gcmAsm) Overhead() int { - return gcmTagSize -} - -// Seal encrypts and authenticates plaintext. See the AEAD interface for -// details. -func (g *gcmAsm) Seal(dst, nonce, plaintext, data []byte) []byte { - if len(nonce) != g.nonceSize { - panic("cipher: incorrect nonce length given to GCM") - } - - var counter, tagMask [gcmBlockSize]byte - - if len(nonce) == gcmStandardNonceSize { - // Init counter to nonce||1 - copy(counter[:], nonce) - counter[gcmBlockSize-1] = 1 - } else { - // Otherwise counter = GHASH(nonce) - gcmAesData(&g.productTable, nonce, &counter) - gcmAesFinish(&g.productTable, &tagMask, &counter, uint64(len(nonce)), uint64(0)) - } - - aesEncBlock(&tagMask, &counter, g.ks) - - var tagOut [16]byte - gcmAesData(&g.productTable, data, &tagOut) - - ret, out := sliceForAppend(dst, len(plaintext)+gcmTagSize) - if len(plaintext) > 0 { - gcmAesEnc(&g.productTable, out, plaintext, &counter, &tagOut, g.ks) - } - gcmAesFinish(&g.productTable, &tagMask, &tagOut, uint64(len(plaintext)), uint64(len(data))) - copy(out[len(plaintext):], tagOut[:gcmTagSize]) - - return ret -} - -// Open authenticates and decrypts ciphertext. See the AEAD interface -// for details. -func (g *gcmAsm) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { - if len(nonce) != g.nonceSize { - panic("cipher: incorrect nonce length given to GCM") - } - - if len(ciphertext) < gcmTagSize { - return nil, errOpen - } - tag := ciphertext[len(ciphertext)-gcmTagSize:] - ciphertext = ciphertext[:len(ciphertext)-gcmTagSize] - - // See GCM spec, section 7.1. - var counter, tagMask [gcmBlockSize]byte - - if len(nonce) == gcmStandardNonceSize { - // Init counter to nonce||1 - copy(counter[:], nonce) - counter[gcmBlockSize-1] = 1 - } else { - // Otherwise counter = GHASH(nonce) - gcmAesData(&g.productTable, nonce, &counter) - gcmAesFinish(&g.productTable, &tagMask, &counter, uint64(len(nonce)), uint64(0)) - } - - aesEncBlock(&tagMask, &counter, g.ks) - - var expectedTag [16]byte - gcmAesData(&g.productTable, data, &expectedTag) - - ret, out := sliceForAppend(dst, len(ciphertext)) - if len(ciphertext) > 0 { - gcmAesDec(&g.productTable, out, ciphertext, &counter, &expectedTag, g.ks) - } - gcmAesFinish(&g.productTable, &tagMask, &expectedTag, uint64(len(ciphertext)), uint64(len(data))) - - if subtle.ConstantTimeCompare(expectedTag[:12], tag) != 1 { - for i := range out { - out[i] = 0 - } - return nil, errOpen - } - - return ret, nil -} diff --git a/vendor/github.com/lucas-clemente/aes12/asm_amd64.s b/vendor/github.com/lucas-clemente/aes12/asm_amd64.s deleted file mode 100644 index b2579987..00000000 --- a/vendor/github.com/lucas-clemente/aes12/asm_amd64.s +++ /dev/null @@ -1,285 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -#include "textflag.h" - -// func hasAsm() bool -// returns whether AES-NI is supported -TEXT ·hasAsm(SB),NOSPLIT,$0 - XORQ AX, AX - INCL AX - CPUID - SHRQ $25, CX - ANDQ $1, CX - MOVB CX, ret+0(FP) - RET - -// func encryptBlockAsm(nr int, xk *uint32, dst, src *byte) -TEXT ·encryptBlockAsm(SB),NOSPLIT,$0 - MOVQ nr+0(FP), CX - MOVQ xk+8(FP), AX - MOVQ dst+16(FP), DX - MOVQ src+24(FP), BX - MOVUPS 0(AX), X1 - MOVUPS 0(BX), X0 - ADDQ $16, AX - PXOR X1, X0 - SUBQ $12, CX - JE Lenc196 - JB Lenc128 -Lenc256: - MOVUPS 0(AX), X1 - AESENC X1, X0 - MOVUPS 16(AX), X1 - AESENC X1, X0 - ADDQ $32, AX -Lenc196: - MOVUPS 0(AX), X1 - AESENC X1, X0 - MOVUPS 16(AX), X1 - AESENC X1, X0 - ADDQ $32, AX -Lenc128: - MOVUPS 0(AX), X1 - AESENC X1, X0 - MOVUPS 16(AX), X1 - AESENC X1, X0 - MOVUPS 32(AX), X1 - AESENC X1, X0 - MOVUPS 48(AX), X1 - AESENC X1, X0 - MOVUPS 64(AX), X1 - AESENC X1, X0 - MOVUPS 80(AX), X1 - AESENC X1, X0 - MOVUPS 96(AX), X1 - AESENC X1, X0 - MOVUPS 112(AX), X1 - AESENC X1, X0 - MOVUPS 128(AX), X1 - AESENC X1, X0 - MOVUPS 144(AX), X1 - AESENCLAST X1, X0 - MOVUPS X0, 0(DX) - RET - -// func decryptBlockAsm(nr int, xk *uint32, dst, src *byte) -TEXT ·decryptBlockAsm(SB),NOSPLIT,$0 - MOVQ nr+0(FP), CX - MOVQ xk+8(FP), AX - MOVQ dst+16(FP), DX - MOVQ src+24(FP), BX - MOVUPS 0(AX), X1 - MOVUPS 0(BX), X0 - ADDQ $16, AX - PXOR X1, X0 - SUBQ $12, CX - JE Ldec196 - JB Ldec128 -Ldec256: - MOVUPS 0(AX), X1 - AESDEC X1, X0 - MOVUPS 16(AX), X1 - AESDEC X1, X0 - ADDQ $32, AX -Ldec196: - MOVUPS 0(AX), X1 - AESDEC X1, X0 - MOVUPS 16(AX), X1 - AESDEC X1, X0 - ADDQ $32, AX -Ldec128: - MOVUPS 0(AX), X1 - AESDEC X1, X0 - MOVUPS 16(AX), X1 - AESDEC X1, X0 - MOVUPS 32(AX), X1 - AESDEC X1, X0 - MOVUPS 48(AX), X1 - AESDEC X1, X0 - MOVUPS 64(AX), X1 - AESDEC X1, X0 - MOVUPS 80(AX), X1 - AESDEC X1, X0 - MOVUPS 96(AX), X1 - AESDEC X1, X0 - MOVUPS 112(AX), X1 - AESDEC X1, X0 - MOVUPS 128(AX), X1 - AESDEC X1, X0 - MOVUPS 144(AX), X1 - AESDECLAST X1, X0 - MOVUPS X0, 0(DX) - RET - -// func expandKeyAsm(nr int, key *byte, enc, dec *uint32) { -// Note that round keys are stored in uint128 format, not uint32 -TEXT ·expandKeyAsm(SB),NOSPLIT,$0 - MOVQ nr+0(FP), CX - MOVQ key+8(FP), AX - MOVQ enc+16(FP), BX - MOVQ dec+24(FP), DX - MOVUPS (AX), X0 - // enc - MOVUPS X0, (BX) - ADDQ $16, BX - PXOR X4, X4 // _expand_key_* expect X4 to be zero - CMPL CX, $12 - JE Lexp_enc196 - JB Lexp_enc128 -Lexp_enc256: - MOVUPS 16(AX), X2 - MOVUPS X2, (BX) - ADDQ $16, BX - AESKEYGENASSIST $0x01, X2, X1 - CALL _expand_key_256a<>(SB) - AESKEYGENASSIST $0x01, X0, X1 - CALL _expand_key_256b<>(SB) - AESKEYGENASSIST $0x02, X2, X1 - CALL _expand_key_256a<>(SB) - AESKEYGENASSIST $0x02, X0, X1 - CALL _expand_key_256b<>(SB) - AESKEYGENASSIST $0x04, X2, X1 - CALL _expand_key_256a<>(SB) - AESKEYGENASSIST $0x04, X0, X1 - CALL _expand_key_256b<>(SB) - AESKEYGENASSIST $0x08, X2, X1 - CALL _expand_key_256a<>(SB) - AESKEYGENASSIST $0x08, X0, X1 - CALL _expand_key_256b<>(SB) - AESKEYGENASSIST $0x10, X2, X1 - CALL _expand_key_256a<>(SB) - AESKEYGENASSIST $0x10, X0, X1 - CALL _expand_key_256b<>(SB) - AESKEYGENASSIST $0x20, X2, X1 - CALL _expand_key_256a<>(SB) - AESKEYGENASSIST $0x20, X0, X1 - CALL _expand_key_256b<>(SB) - AESKEYGENASSIST $0x40, X2, X1 - CALL _expand_key_256a<>(SB) - JMP Lexp_dec -Lexp_enc196: - MOVQ 16(AX), X2 - AESKEYGENASSIST $0x01, X2, X1 - CALL _expand_key_192a<>(SB) - AESKEYGENASSIST $0x02, X2, X1 - CALL _expand_key_192b<>(SB) - AESKEYGENASSIST $0x04, X2, X1 - CALL _expand_key_192a<>(SB) - AESKEYGENASSIST $0x08, X2, X1 - CALL _expand_key_192b<>(SB) - AESKEYGENASSIST $0x10, X2, X1 - CALL _expand_key_192a<>(SB) - AESKEYGENASSIST $0x20, X2, X1 - CALL _expand_key_192b<>(SB) - AESKEYGENASSIST $0x40, X2, X1 - CALL _expand_key_192a<>(SB) - AESKEYGENASSIST $0x80, X2, X1 - CALL _expand_key_192b<>(SB) - JMP Lexp_dec -Lexp_enc128: - AESKEYGENASSIST $0x01, X0, X1 - CALL _expand_key_128<>(SB) - AESKEYGENASSIST $0x02, X0, X1 - CALL _expand_key_128<>(SB) - AESKEYGENASSIST $0x04, X0, X1 - CALL _expand_key_128<>(SB) - AESKEYGENASSIST $0x08, X0, X1 - CALL _expand_key_128<>(SB) - AESKEYGENASSIST $0x10, X0, X1 - CALL _expand_key_128<>(SB) - AESKEYGENASSIST $0x20, X0, X1 - CALL _expand_key_128<>(SB) - AESKEYGENASSIST $0x40, X0, X1 - CALL _expand_key_128<>(SB) - AESKEYGENASSIST $0x80, X0, X1 - CALL _expand_key_128<>(SB) - AESKEYGENASSIST $0x1b, X0, X1 - CALL _expand_key_128<>(SB) - AESKEYGENASSIST $0x36, X0, X1 - CALL _expand_key_128<>(SB) -Lexp_dec: - // dec - SUBQ $16, BX - MOVUPS (BX), X1 - MOVUPS X1, (DX) - DECQ CX -Lexp_dec_loop: - MOVUPS -16(BX), X1 - AESIMC X1, X0 - MOVUPS X0, 16(DX) - SUBQ $16, BX - ADDQ $16, DX - DECQ CX - JNZ Lexp_dec_loop - MOVUPS -16(BX), X0 - MOVUPS X0, 16(DX) - RET - -TEXT _expand_key_128<>(SB),NOSPLIT,$0 - PSHUFD $0xff, X1, X1 - SHUFPS $0x10, X0, X4 - PXOR X4, X0 - SHUFPS $0x8c, X0, X4 - PXOR X4, X0 - PXOR X1, X0 - MOVUPS X0, (BX) - ADDQ $16, BX - RET - -TEXT _expand_key_192a<>(SB),NOSPLIT,$0 - PSHUFD $0x55, X1, X1 - SHUFPS $0x10, X0, X4 - PXOR X4, X0 - SHUFPS $0x8c, X0, X4 - PXOR X4, X0 - PXOR X1, X0 - - MOVAPS X2, X5 - MOVAPS X2, X6 - PSLLDQ $0x4, X5 - PSHUFD $0xff, X0, X3 - PXOR X3, X2 - PXOR X5, X2 - - MOVAPS X0, X1 - SHUFPS $0x44, X0, X6 - MOVUPS X6, (BX) - SHUFPS $0x4e, X2, X1 - MOVUPS X1, 16(BX) - ADDQ $32, BX - RET - -TEXT _expand_key_192b<>(SB),NOSPLIT,$0 - PSHUFD $0x55, X1, X1 - SHUFPS $0x10, X0, X4 - PXOR X4, X0 - SHUFPS $0x8c, X0, X4 - PXOR X4, X0 - PXOR X1, X0 - - MOVAPS X2, X5 - PSLLDQ $0x4, X5 - PSHUFD $0xff, X0, X3 - PXOR X3, X2 - PXOR X5, X2 - - MOVUPS X0, (BX) - ADDQ $16, BX - RET - -TEXT _expand_key_256a<>(SB),NOSPLIT,$0 - JMP _expand_key_128<>(SB) - -TEXT _expand_key_256b<>(SB),NOSPLIT,$0 - PSHUFD $0xaa, X1, X1 - SHUFPS $0x10, X2, X4 - PXOR X4, X2 - SHUFPS $0x8c, X2, X4 - PXOR X4, X2 - PXOR X1, X2 - - MOVUPS X2, (BX) - ADDQ $16, BX - RET diff --git a/vendor/github.com/lucas-clemente/aes12/block.go b/vendor/github.com/lucas-clemente/aes12/block.go deleted file mode 100644 index 1f29ddaa..00000000 --- a/vendor/github.com/lucas-clemente/aes12/block.go +++ /dev/null @@ -1,176 +0,0 @@ -// Copyright 2009 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// This Go implementation is derived in part from the reference -// ANSI C implementation, which carries the following notice: -// -// rijndael-alg-fst.c -// -// @version 3.0 (December 2000) -// -// Optimised ANSI C code for the Rijndael cipher (now AES) -// -// @author Vincent Rijmen -// @author Antoon Bosselaers -// @author Paulo Barreto -// -// This code is hereby placed in the public domain. -// -// THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS -// OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE -// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -// BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -// WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -// OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -// EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -// -// See FIPS 197 for specification, and see Daemen and Rijmen's Rijndael submission -// for implementation details. -// http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdf -// http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf - -package aes12 - -// Encrypt one block from src into dst, using the expanded key xk. -func encryptBlockGo(xk []uint32, dst, src []byte) { - var s0, s1, s2, s3, t0, t1, t2, t3 uint32 - - s0 = uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3]) - s1 = uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7]) - s2 = uint32(src[8])<<24 | uint32(src[9])<<16 | uint32(src[10])<<8 | uint32(src[11]) - s3 = uint32(src[12])<<24 | uint32(src[13])<<16 | uint32(src[14])<<8 | uint32(src[15]) - - // First round just XORs input with key. - s0 ^= xk[0] - s1 ^= xk[1] - s2 ^= xk[2] - s3 ^= xk[3] - - // Middle rounds shuffle using tables. - // Number of rounds is set by length of expanded key. - nr := len(xk)/4 - 2 // - 2: one above, one more below - k := 4 - for r := 0; r < nr; r++ { - t0 = xk[k+0] ^ te0[uint8(s0>>24)] ^ te1[uint8(s1>>16)] ^ te2[uint8(s2>>8)] ^ te3[uint8(s3)] - t1 = xk[k+1] ^ te0[uint8(s1>>24)] ^ te1[uint8(s2>>16)] ^ te2[uint8(s3>>8)] ^ te3[uint8(s0)] - t2 = xk[k+2] ^ te0[uint8(s2>>24)] ^ te1[uint8(s3>>16)] ^ te2[uint8(s0>>8)] ^ te3[uint8(s1)] - t3 = xk[k+3] ^ te0[uint8(s3>>24)] ^ te1[uint8(s0>>16)] ^ te2[uint8(s1>>8)] ^ te3[uint8(s2)] - k += 4 - s0, s1, s2, s3 = t0, t1, t2, t3 - } - - // Last round uses s-box directly and XORs to produce output. - s0 = uint32(sbox0[t0>>24])<<24 | uint32(sbox0[t1>>16&0xff])<<16 | uint32(sbox0[t2>>8&0xff])<<8 | uint32(sbox0[t3&0xff]) - s1 = uint32(sbox0[t1>>24])<<24 | uint32(sbox0[t2>>16&0xff])<<16 | uint32(sbox0[t3>>8&0xff])<<8 | uint32(sbox0[t0&0xff]) - s2 = uint32(sbox0[t2>>24])<<24 | uint32(sbox0[t3>>16&0xff])<<16 | uint32(sbox0[t0>>8&0xff])<<8 | uint32(sbox0[t1&0xff]) - s3 = uint32(sbox0[t3>>24])<<24 | uint32(sbox0[t0>>16&0xff])<<16 | uint32(sbox0[t1>>8&0xff])<<8 | uint32(sbox0[t2&0xff]) - - s0 ^= xk[k+0] - s1 ^= xk[k+1] - s2 ^= xk[k+2] - s3 ^= xk[k+3] - - dst[0], dst[1], dst[2], dst[3] = byte(s0>>24), byte(s0>>16), byte(s0>>8), byte(s0) - dst[4], dst[5], dst[6], dst[7] = byte(s1>>24), byte(s1>>16), byte(s1>>8), byte(s1) - dst[8], dst[9], dst[10], dst[11] = byte(s2>>24), byte(s2>>16), byte(s2>>8), byte(s2) - dst[12], dst[13], dst[14], dst[15] = byte(s3>>24), byte(s3>>16), byte(s3>>8), byte(s3) -} - -// Decrypt one block from src into dst, using the expanded key xk. -func decryptBlockGo(xk []uint32, dst, src []byte) { - var s0, s1, s2, s3, t0, t1, t2, t3 uint32 - - s0 = uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3]) - s1 = uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7]) - s2 = uint32(src[8])<<24 | uint32(src[9])<<16 | uint32(src[10])<<8 | uint32(src[11]) - s3 = uint32(src[12])<<24 | uint32(src[13])<<16 | uint32(src[14])<<8 | uint32(src[15]) - - // First round just XORs input with key. - s0 ^= xk[0] - s1 ^= xk[1] - s2 ^= xk[2] - s3 ^= xk[3] - - // Middle rounds shuffle using tables. - // Number of rounds is set by length of expanded key. - nr := len(xk)/4 - 2 // - 2: one above, one more below - k := 4 - for r := 0; r < nr; r++ { - t0 = xk[k+0] ^ td0[uint8(s0>>24)] ^ td1[uint8(s3>>16)] ^ td2[uint8(s2>>8)] ^ td3[uint8(s1)] - t1 = xk[k+1] ^ td0[uint8(s1>>24)] ^ td1[uint8(s0>>16)] ^ td2[uint8(s3>>8)] ^ td3[uint8(s2)] - t2 = xk[k+2] ^ td0[uint8(s2>>24)] ^ td1[uint8(s1>>16)] ^ td2[uint8(s0>>8)] ^ td3[uint8(s3)] - t3 = xk[k+3] ^ td0[uint8(s3>>24)] ^ td1[uint8(s2>>16)] ^ td2[uint8(s1>>8)] ^ td3[uint8(s0)] - k += 4 - s0, s1, s2, s3 = t0, t1, t2, t3 - } - - // Last round uses s-box directly and XORs to produce output. - s0 = uint32(sbox1[t0>>24])<<24 | uint32(sbox1[t3>>16&0xff])<<16 | uint32(sbox1[t2>>8&0xff])<<8 | uint32(sbox1[t1&0xff]) - s1 = uint32(sbox1[t1>>24])<<24 | uint32(sbox1[t0>>16&0xff])<<16 | uint32(sbox1[t3>>8&0xff])<<8 | uint32(sbox1[t2&0xff]) - s2 = uint32(sbox1[t2>>24])<<24 | uint32(sbox1[t1>>16&0xff])<<16 | uint32(sbox1[t0>>8&0xff])<<8 | uint32(sbox1[t3&0xff]) - s3 = uint32(sbox1[t3>>24])<<24 | uint32(sbox1[t2>>16&0xff])<<16 | uint32(sbox1[t1>>8&0xff])<<8 | uint32(sbox1[t0&0xff]) - - s0 ^= xk[k+0] - s1 ^= xk[k+1] - s2 ^= xk[k+2] - s3 ^= xk[k+3] - - dst[0], dst[1], dst[2], dst[3] = byte(s0>>24), byte(s0>>16), byte(s0>>8), byte(s0) - dst[4], dst[5], dst[6], dst[7] = byte(s1>>24), byte(s1>>16), byte(s1>>8), byte(s1) - dst[8], dst[9], dst[10], dst[11] = byte(s2>>24), byte(s2>>16), byte(s2>>8), byte(s2) - dst[12], dst[13], dst[14], dst[15] = byte(s3>>24), byte(s3>>16), byte(s3>>8), byte(s3) -} - -// Apply sbox0 to each byte in w. -func subw(w uint32) uint32 { - return uint32(sbox0[w>>24])<<24 | - uint32(sbox0[w>>16&0xff])<<16 | - uint32(sbox0[w>>8&0xff])<<8 | - uint32(sbox0[w&0xff]) -} - -// Rotate -func rotw(w uint32) uint32 { return w<<8 | w>>24 } - -// Key expansion algorithm. See FIPS-197, Figure 11. -// Their rcon[i] is our powx[i-1] << 24. -func expandKeyGo(key []byte, enc, dec []uint32) { - // Encryption key setup. - var i int - nk := len(key) / 4 - for i = 0; i < nk; i++ { - enc[i] = uint32(key[4*i])<<24 | uint32(key[4*i+1])<<16 | uint32(key[4*i+2])<<8 | uint32(key[4*i+3]) - } - for ; i < len(enc); i++ { - t := enc[i-1] - if i%nk == 0 { - t = subw(rotw(t)) ^ (uint32(powx[i/nk-1]) << 24) - } else if nk > 6 && i%nk == 4 { - t = subw(t) - } - enc[i] = enc[i-nk] ^ t - } - - // Derive decryption key from encryption key. - // Reverse the 4-word round key sets from enc to produce dec. - // All sets but the first and last get the MixColumn transform applied. - if dec == nil { - return - } - n := len(enc) - for i := 0; i < n; i += 4 { - ei := n - i - 4 - for j := 0; j < 4; j++ { - x := enc[ei+j] - if i > 0 && i+4 < n { - x = td0[sbox0[x>>24]] ^ td1[sbox0[x>>16&0xff]] ^ td2[sbox0[x>>8&0xff]] ^ td3[sbox0[x&0xff]] - } - dec[i+j] = x - } - } -} diff --git a/vendor/github.com/lucas-clemente/aes12/cipher.go b/vendor/github.com/lucas-clemente/aes12/cipher.go deleted file mode 100644 index a9b8e547..00000000 --- a/vendor/github.com/lucas-clemente/aes12/cipher.go +++ /dev/null @@ -1,68 +0,0 @@ -// Copyright 2009 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package aes12 - -import "strconv" - -// The AES block size in bytes. -const BlockSize = 16 - -// A cipher is an instance of AES encryption using a particular key. -type aesCipher struct { - enc []uint32 - dec []uint32 -} - -type KeySizeError int - -func (k KeySizeError) Error() string { - return "crypto/aes: invalid key size " + strconv.Itoa(int(k)) -} - -// NewCipher creates and returns a new Block. -// The key argument should be the AES key, -// either 16, 24, or 32 bytes to select -// AES-128, AES-192, or AES-256. -func NewCipher(key []byte) (Block, error) { - k := len(key) - switch k { - default: - return nil, KeySizeError(k) - case 16, 24, 32: - break - } - return newCipher(key) -} - -// newCipherGeneric creates and returns a new Block -// implemented in pure Go. -func newCipherGeneric(key []byte) (Block, error) { - n := len(key) + 28 - c := aesCipher{make([]uint32, n), make([]uint32, n)} - expandKeyGo(key, c.enc, c.dec) - return &c, nil -} - -func (c *aesCipher) BlockSize() int { return BlockSize } - -func (c *aesCipher) Encrypt(dst, src []byte) { - if len(src) < BlockSize { - panic("crypto/aes: input not full block") - } - if len(dst) < BlockSize { - panic("crypto/aes: output not full block") - } - encryptBlockGo(c.enc, dst, src) -} - -func (c *aesCipher) Decrypt(dst, src []byte) { - if len(src) < BlockSize { - panic("crypto/aes: input not full block") - } - if len(dst) < BlockSize { - panic("crypto/aes: output not full block") - } - decryptBlockGo(c.dec, dst, src) -} diff --git a/vendor/github.com/lucas-clemente/aes12/cipher_2.go b/vendor/github.com/lucas-clemente/aes12/cipher_2.go deleted file mode 100644 index ae2f520b..00000000 --- a/vendor/github.com/lucas-clemente/aes12/cipher_2.go +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright 2010 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// package aes12 implements standard block cipher modes that can be wrapped -// around low-level block cipher implementations. -// See http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html -// and NIST Special Publication 800-38A. -package aes12 - -// A Block represents an implementation of block cipher -// using a given key. It provides the capability to encrypt -// or decrypt individual blocks. The mode implementations -// extend that capability to streams of blocks. -type Block interface { - // BlockSize returns the cipher's block size. - BlockSize() int - - // Encrypt encrypts the first block in src into dst. - // Dst and src may point at the same memory. - Encrypt(dst, src []byte) - - // Decrypt decrypts the first block in src into dst. - // Dst and src may point at the same memory. - Decrypt(dst, src []byte) -} - -// A Stream represents a stream cipher. -type Stream interface { - // XORKeyStream XORs each byte in the given slice with a byte from the - // cipher's key stream. Dst and src may point to the same memory. - // If len(dst) < len(src), XORKeyStream should panic. It is acceptable - // to pass a dst bigger than src, and in that case, XORKeyStream will - // only update dst[:len(src)] and will not touch the rest of dst. - XORKeyStream(dst, src []byte) -} - -// A BlockMode represents a block cipher running in a block-based mode (CBC, -// ECB etc). -type BlockMode interface { - // BlockSize returns the mode's block size. - BlockSize() int - - // CryptBlocks encrypts or decrypts a number of blocks. The length of - // src must be a multiple of the block size. Dst and src may point to - // the same memory. - CryptBlocks(dst, src []byte) -} - -// Utility routines - -func dup(p []byte) []byte { - q := make([]byte, len(p)) - copy(q, p) - return q -} diff --git a/vendor/github.com/lucas-clemente/aes12/cipher_amd64.go b/vendor/github.com/lucas-clemente/aes12/cipher_amd64.go deleted file mode 100644 index cd0544f3..00000000 --- a/vendor/github.com/lucas-clemente/aes12/cipher_amd64.go +++ /dev/null @@ -1,79 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package aes12 - -// defined in asm_amd64.s -func hasAsm() bool -func encryptBlockAsm(nr int, xk *uint32, dst, src *byte) -func decryptBlockAsm(nr int, xk *uint32, dst, src *byte) -func expandKeyAsm(nr int, key *byte, enc *uint32, dec *uint32) - -type aesCipherAsm struct { - aesCipher -} - -var useAsm = hasAsm() - -func newCipher(key []byte) (Block, error) { - if !useAsm { - return newCipherGeneric(key) - } - n := len(key) + 28 - c := aesCipherAsm{aesCipher{make([]uint32, n), make([]uint32, n)}} - rounds := 10 - switch len(key) { - case 128 / 8: - rounds = 10 - case 192 / 8: - rounds = 12 - case 256 / 8: - rounds = 14 - } - expandKeyAsm(rounds, &key[0], &c.enc[0], &c.dec[0]) - if hasGCMAsm() { - return &aesCipherGCM{c}, nil - } - - return &c, nil -} - -func (c *aesCipherAsm) BlockSize() int { return BlockSize } - -func (c *aesCipherAsm) Encrypt(dst, src []byte) { - if len(src) < BlockSize { - panic("crypto/aes: input not full block") - } - if len(dst) < BlockSize { - panic("crypto/aes: output not full block") - } - encryptBlockAsm(len(c.enc)/4-1, &c.enc[0], &dst[0], &src[0]) -} - -func (c *aesCipherAsm) Decrypt(dst, src []byte) { - if len(src) < BlockSize { - panic("crypto/aes: input not full block") - } - if len(dst) < BlockSize { - panic("crypto/aes: output not full block") - } - decryptBlockAsm(len(c.dec)/4-1, &c.dec[0], &dst[0], &src[0]) -} - -// expandKey is used by BenchmarkExpand to ensure that the asm implementation -// of key expansion is used for the benchmark when it is available. -func expandKey(key []byte, enc, dec []uint32) { - if useAsm { - rounds := 10 // rounds needed for AES128 - switch len(key) { - case 192 / 8: - rounds = 12 - case 256 / 8: - rounds = 14 - } - expandKeyAsm(rounds, &key[0], &enc[0], &dec[0]) - } else { - expandKeyGo(key, enc, dec) - } -} diff --git a/vendor/github.com/lucas-clemente/aes12/cipher_generic.go b/vendor/github.com/lucas-clemente/aes12/cipher_generic.go deleted file mode 100644 index 6861677f..00000000 --- a/vendor/github.com/lucas-clemente/aes12/cipher_generic.go +++ /dev/null @@ -1,22 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build !amd64 - -package aes12 - -// newCipher calls the newCipherGeneric function -// directly. Platforms with hardware accelerated -// implementations of AES should implement their -// own version of newCipher (which may then call -// newCipherGeneric if needed). -func newCipher(key []byte) (Block, error) { - return newCipherGeneric(key) -} - -// expandKey is used by BenchmarkExpand and should -// call an assembly implementation if one is available. -func expandKey(key []byte, enc, dec []uint32) { - expandKeyGo(key, enc, dec) -} diff --git a/vendor/github.com/lucas-clemente/aes12/const.go b/vendor/github.com/lucas-clemente/aes12/const.go deleted file mode 100644 index 40296fa7..00000000 --- a/vendor/github.com/lucas-clemente/aes12/const.go +++ /dev/null @@ -1,358 +0,0 @@ -// Copyright 2009 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// package aes12 implements AES encryption (formerly Rijndael), as defined in -// U.S. Federal Information Processing Standards Publication 197. -package aes12 - -// This file contains AES constants - 8720 bytes of initialized data. - -// http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdf - -// AES is based on the mathematical behavior of binary polynomials -// (polynomials over GF(2)) modulo the irreducible polynomial x⁸ + x⁴ + x³ + x + 1. -// Addition of these binary polynomials corresponds to binary xor. -// Reducing mod poly corresponds to binary xor with poly every -// time a 0x100 bit appears. -const poly = 1<<8 | 1<<4 | 1<<3 | 1<<1 | 1<<0 // x⁸ + x⁴ + x³ + x + 1 - -// Powers of x mod poly in GF(2). -var powx = [16]byte{ - 0x01, - 0x02, - 0x04, - 0x08, - 0x10, - 0x20, - 0x40, - 0x80, - 0x1b, - 0x36, - 0x6c, - 0xd8, - 0xab, - 0x4d, - 0x9a, - 0x2f, -} - -// FIPS-197 Figure 7. S-box substitution values in hexadecimal format. -var sbox0 = [256]byte{ - 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, - 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, - 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, - 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, - 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, - 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, - 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, - 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, - 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, - 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, - 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, - 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, - 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, - 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, - 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, - 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16, -} - -// FIPS-197 Figure 14. Inverse S-box substitution values in hexadecimal format. -var sbox1 = [256]byte{ - 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, - 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, - 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, - 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, - 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, - 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, - 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, - 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, - 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, - 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, - 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, - 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, - 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, - 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, - 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, - 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d, -} - -// Lookup tables for encryption. -// These can be recomputed by adapting the tests in aes_test.go. - -var te0 = [256]uint32{ - 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554, - 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d, 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, - 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87, 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, - 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b, - 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a, 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, - 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108, 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f, - 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5, - 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, - 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e, 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb, - 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497, - 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c, 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, - 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b, 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a, - 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594, - 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81, 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, - 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a, 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504, - 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d, - 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, - 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47, 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395, - 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883, - 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c, 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, - 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e, 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4, - 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b, - 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7, 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, - 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25, 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818, - 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651, - 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, - 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa, 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12, - 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9, - 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133, 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, - 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920, 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a, - 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8, - 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a, -} -var te1 = [256]uint32{ - 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5, - 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b, 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676, - 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d, 0x15effafa, 0xebb25959, 0xc98e4747, 0x0bfbf0f0, - 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf, 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0, - 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626, 0x5a6c3636, 0x417e3f3f, 0x02f5f7f7, 0x4f83cccc, - 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x08f9f1f1, 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515, - 0x0c080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3, 0x28301818, 0xa1379696, 0x0f0a0505, 0xb52f9a9a, - 0x090e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2, 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575, - 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a, 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0, - 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3, 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484, - 0xf5a65353, 0x68b9d1d1, 0x00000000, 0x2cc1eded, 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b, - 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939, 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf, - 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb, 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585, - 0xcf8a4545, 0x10e9f9f9, 0x06040202, 0x81fe7f7f, 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8, - 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f, 0xad3f9292, 0xbc219d9d, 0x48703838, 0x04f1f5f5, - 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121, 0x30201010, 0x1ae5ffff, 0x0efdf3f3, 0x6dbfd2d2, - 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec, 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717, - 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d, 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373, - 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc, 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888, - 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414, 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb, - 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a, 0xdb924949, 0x0a0c0606, 0x6c482424, 0xe4b85c5c, - 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262, 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979, - 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d, 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9, - 0xb4d86c6c, 0xfaac5656, 0x07f3f4f4, 0x25cfeaea, 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808, - 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e, 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6, - 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f, 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a, - 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666, 0xd8904848, 0x05060303, 0x01f7f6f6, 0x121c0e0e, - 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9, 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e, - 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111, 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494, - 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9, 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf, - 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d, 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868, - 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f, 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616, -} -var te2 = [256]uint32{ - 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b, 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5, - 0x30506030, 0x01030201, 0x67a9ce67, 0x2b7d562b, 0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76, - 0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d, 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0, - 0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af, 0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0, - 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26, 0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc, - 0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1, 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15, - 0x040c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3, 0x18283018, 0x96a13796, 0x050f0a05, 0x9ab52f9a, - 0x07090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2, 0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75, - 0x091b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a, 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0, - 0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3, 0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384, - 0x53f5a653, 0xd168b9d1, 0x00000000, 0xed2cc1ed, 0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b, - 0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239, 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf, - 0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb, 0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185, - 0x45cf8a45, 0xf910e9f9, 0x02060402, 0x7f81fe7f, 0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8, - 0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f, 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5, - 0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221, 0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2, - 0xcd4c81cd, 0x0c14180c, 0x13352613, 0xec2fc3ec, 0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17, - 0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d, 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673, - 0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc, 0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88, - 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814, 0xde79a7de, 0x5ee2bc5e, 0x0b1d160b, 0xdb76addb, - 0xe03bdbe0, 0x32566432, 0x3a4e743a, 0x0a1e140a, 0x49db9249, 0x060a0c06, 0x246c4824, 0x5ce4b85c, - 0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462, 0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279, - 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d, 0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9, - 0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea, 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x08181008, - 0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e, 0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6, - 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f, 0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a, - 0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66, 0x48d89048, 0x03050603, 0xf601f7f6, 0x0e121c0e, - 0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9, 0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e, - 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211, 0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394, - 0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9, 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df, - 0x8c8f038c, 0xa1f859a1, 0x89800989, 0x0d171a0d, 0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068, - 0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f, 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16, -} -var te3 = [256]uint32{ - 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6, 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491, - 0x30305060, 0x01010302, 0x6767a9ce, 0x2b2b7d56, 0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec, - 0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa, 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb, - 0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45, 0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b, - 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c, 0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83, - 0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9, 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a, - 0x04040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d, 0x18182830, 0x9696a137, 0x05050f0a, 0x9a9ab52f, - 0x0707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf, 0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea, - 0x09091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34, 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b, - 0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d, 0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713, - 0x5353f5a6, 0xd1d168b9, 0x00000000, 0xeded2cc1, 0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6, - 0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72, 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85, - 0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed, 0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411, - 0x4545cf8a, 0xf9f910e9, 0x02020604, 0x7f7f81fe, 0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b, - 0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05, 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1, - 0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342, 0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf, - 0xcdcd4c81, 0x0c0c1418, 0x13133526, 0xecec2fc3, 0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e, - 0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a, 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6, - 0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3, 0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b, - 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28, 0xdede79a7, 0x5e5ee2bc, 0x0b0b1d16, 0xdbdb76ad, - 0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0x0a0a1e14, 0x4949db92, 0x06060a0c, 0x24246c48, 0x5c5ce4b8, - 0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4, 0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2, - 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da, 0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049, - 0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf, 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x08081810, - 0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c, 0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197, - 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e, 0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f, - 0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc, 0x4848d890, 0x03030506, 0xf6f601f7, 0x0e0e121c, - 0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069, 0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927, - 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322, 0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733, - 0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9, 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5, - 0x8c8c8f03, 0xa1a1f859, 0x89898009, 0x0d0d171a, 0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0, - 0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e, 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c, -} - -// Lookup tables for decryption. -// These can be recomputed by adapting the tests in aes_test.go. - -var td0 = [256]uint32{ - 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, - 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25, 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f, - 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1, 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6, - 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da, 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844, - 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd, 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4, - 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45, 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94, - 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7, 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a, - 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5, 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c, - 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1, 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a, - 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75, 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051, - 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46, 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff, - 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77, 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb, - 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000, 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e, - 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927, 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a, - 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e, 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16, - 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d, 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8, - 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd, 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34, - 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163, 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120, - 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d, 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0, - 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422, 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef, - 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36, 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4, - 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662, 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5, - 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3, 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b, - 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8, 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6, - 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6, 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0, - 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815, 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f, - 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df, 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f, - 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e, 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713, - 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89, 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c, - 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf, 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86, - 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f, 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541, - 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190, 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742, -} -var td1 = [256]uint32{ - 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303, - 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c, 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3, - 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0, 0x02c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9, - 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259, 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8, - 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971, 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a, - 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f, 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b, - 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8, 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab, - 0x07b2eb28, 0x032fb5c2, 0x9a86c57b, 0xa5d33708, 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682, - 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2, 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe, - 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb, 0x390b83ec, 0xaa4060ef, 0x065e719f, 0x51bd6e10, - 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd, 0xb591548d, 0x0571c45d, 0x6f0406d4, 0xff605015, - 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e, 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee, - 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x00000000, 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72, - 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39, 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e, - 0xb10c0a67, 0x0f9357e7, 0xd2b4ee96, 0x9e1b9b91, 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a, - 0x0ae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17, 0x0b0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9, - 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60, 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e, - 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1, 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611, - 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1, 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3, - 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964, 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390, - 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b, 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf, - 0xe42c3a9d, 0x0d507892, 0x9b6a5fcc, 0x62547e46, 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af, - 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512, 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb, - 0x09cd2678, 0xf46e5918, 0x01ec9ab7, 0xa8834f9a, 0x65e6956e, 0x7eaaffe6, 0x0821bccf, 0xe6ef15e8, - 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c, 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266, - 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8, 0x4af10498, 0xf741ecda, 0x0e7fcd50, 0x2f1791f6, - 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604, 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551, - 0x049d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41, 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647, - 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c, 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1, - 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737, 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db, - 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340, 0x72161dc3, 0x0cbce225, 0x8b283c49, 0x41ff0d95, - 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1, 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857, -} -var td2 = [256]uint32{ - 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27, 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x03934be3, - 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502, 0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562, - 0x5a49deb1, 0x1b6725ba, 0x0e9845ea, 0xc0e15dfe, 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3, - 0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552, 0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9, - 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9, 0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce, - 0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253, 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908, - 0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b, 0xd323ab73, 0x02e2724b, 0x8f57e31f, 0xab2a6655, - 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x08a5d337, 0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16, - 0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69, 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6, - 0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6, 0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e, - 0x8af93e21, 0x063d96dd, 0x05aedd3e, 0xbd464de6, 0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050, - 0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9, 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8, - 0x0a47a17c, 0x0fe97c42, 0x1ec9f884, 0x00000000, 0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a, - 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d, 0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436, - 0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b, 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12, - 0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b, 0x0d0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e, - 0x198557f1, 0x074caf75, 0xddbbee99, 0x60fda37f, 0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb, - 0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4, 0xdccad731, 0x85104263, 0x22401397, 0x112084c6, - 0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729, 0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1, - 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9, 0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233, - 0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0x0b3698d4, 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad, - 0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e, 0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3, - 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25, 0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b, - 0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f, 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15, - 0x9bd9bae7, 0x36ce4a6f, 0x09d4ea9f, 0x7cd629b0, 0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2, - 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7, 0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791, - 0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x04dfe496, 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665, - 0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b, 0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6, - 0x618c9ad7, 0x0c7a37a1, 0x148e59f8, 0x3c89eb13, 0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47, - 0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7, 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844, - 0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3, 0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d, - 0x017139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456, 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8, -} -var td3 = [256]uint32{ - 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a, 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b, - 0x30fa5520, 0x766df6ad, 0xcc769188, 0x024c25f5, 0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5, - 0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d, 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b, - 0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95, 0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e, - 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27, 0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d, - 0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562, 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x082b94f9, - 0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752, 0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66, - 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3, 0x2887f230, 0xbfa5b223, 0x036aba02, 0x16825ced, - 0xcf1c2b8a, 0x79b492a7, 0x07f2f0f3, 0x69e2a14e, 0xdaf4cd65, 0x05bed506, 0x34621fd1, 0xa6fe8ac4, - 0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4, 0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd, - 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d, 0x548db591, 0xc45d0571, 0x06d46f04, 0x5015ff60, - 0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767, 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79, - 0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x00000000, 0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c, - 0x0efffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736, 0x0fd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24, - 0x0a67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b, 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c, - 0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12, 0x090d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814, - 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3, 0x01269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b, - 0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8, 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084, - 0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7, 0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077, - 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247, 0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22, - 0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698, 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f, - 0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254, 0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582, - 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf, 0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb, - 0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883, 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef, - 0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629, 0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035, - 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533, 0x04984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17, - 0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4, 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46, - 0x5eea049d, 0x8c355d01, 0x877473fa, 0x0b412efb, 0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d, - 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb, 0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a, - 0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73, 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678, - 0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2, 0x1dc37216, 0xe2250cbc, 0x3c498b28, 0x0d9541ff, - 0xa8017139, 0x0cb3de08, 0xb4e49cd8, 0x56c19064, 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0, -} diff --git a/vendor/github.com/lucas-clemente/aes12/gcm.go b/vendor/github.com/lucas-clemente/aes12/gcm.go deleted file mode 100644 index ed7dc918..00000000 --- a/vendor/github.com/lucas-clemente/aes12/gcm.go +++ /dev/null @@ -1,401 +0,0 @@ -// Copyright 2013 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package aes12 - -import ( - "crypto/subtle" - "errors" -) - -// AEAD is a cipher mode providing authenticated encryption with associated -// data. For a description of the methodology, see -// https://en.wikipedia.org/wiki/Authenticated_encryption -type AEAD interface { - // NonceSize returns the size of the nonce that must be passed to Seal - // and Open. - NonceSize() int - - // Overhead returns the maximum difference between the lengths of a - // plaintext and its ciphertext. - Overhead() int - - // Seal encrypts and authenticates plaintext, authenticates the - // additional data and appends the result to dst, returning the updated - // slice. The nonce must be NonceSize() bytes long and unique for all - // time, for a given key. - // - // The plaintext and dst may alias exactly or not at all. To reuse - // plaintext's storage for the encrypted output, use plaintext[:0] as dst. - Seal(dst, nonce, plaintext, additionalData []byte) []byte - - // Open decrypts and authenticates ciphertext, authenticates the - // additional data and, if successful, appends the resulting plaintext - // to dst, returning the updated slice. The nonce must be NonceSize() - // bytes long and both it and the additional data must match the - // value passed to Seal. - // - // The ciphertext and dst may alias exactly or not at all. To reuse - // ciphertext's storage for the decrypted output, use ciphertext[:0] as dst. - // - // Even if the function fails, the contents of dst, up to its capacity, - // may be overwritten. - Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) -} - -// gcmAble is an interface implemented by ciphers that have a specific optimized -// implementation of GCM, like crypto/aes. NewGCM will check for this interface -// and return the specific AEAD if found. -type gcmAble interface { - NewGCM(int) (AEAD, error) -} - -// gcmFieldElement represents a value in GF(2¹²⁸). In order to reflect the GCM -// standard and make getUint64 suitable for marshaling these values, the bits -// are stored backwards. For example: -// the coefficient of x⁰ can be obtained by v.low >> 63. -// the coefficient of x⁶³ can be obtained by v.low & 1. -// the coefficient of x⁶⁴ can be obtained by v.high >> 63. -// the coefficient of x¹²⁷ can be obtained by v.high & 1. -type gcmFieldElement struct { - low, high uint64 -} - -// gcm represents a Galois Counter Mode with a specific key. See -// http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf -type gcm struct { - cipher Block - nonceSize int - // productTable contains the first sixteen powers of the key, H. - // However, they are in bit reversed order. See NewGCMWithNonceSize. - productTable [16]gcmFieldElement -} - -// NewGCM returns the given 128-bit, block cipher wrapped in Galois Counter Mode -// with the standard nonce length. -func NewGCM(cipher Block) (AEAD, error) { - return NewGCMWithNonceSize(cipher, gcmStandardNonceSize) -} - -// NewGCMWithNonceSize returns the given 128-bit, block cipher wrapped in Galois -// Counter Mode, which accepts nonces of the given length. -// -// Only use this function if you require compatibility with an existing -// cryptosystem that uses non-standard nonce lengths. All other users should use -// NewGCM, which is faster and more resistant to misuse. -func NewGCMWithNonceSize(cipher Block, size int) (AEAD, error) { - if cipher, ok := cipher.(gcmAble); ok { - return cipher.NewGCM(size) - } - - if cipher.BlockSize() != gcmBlockSize { - return nil, errors.New("cipher: NewGCM requires 128-bit block cipher") - } - - var key [gcmBlockSize]byte - cipher.Encrypt(key[:], key[:]) - - g := &gcm{cipher: cipher, nonceSize: size} - - // We precompute 16 multiples of |key|. However, when we do lookups - // into this table we'll be using bits from a field element and - // therefore the bits will be in the reverse order. So normally one - // would expect, say, 4*key to be in index 4 of the table but due to - // this bit ordering it will actually be in index 0010 (base 2) = 2. - x := gcmFieldElement{ - getUint64(key[:8]), - getUint64(key[8:]), - } - g.productTable[reverseBits(1)] = x - - for i := 2; i < 16; i += 2 { - g.productTable[reverseBits(i)] = gcmDouble(&g.productTable[reverseBits(i/2)]) - g.productTable[reverseBits(i+1)] = gcmAdd(&g.productTable[reverseBits(i)], &x) - } - - return g, nil -} - -const ( - gcmBlockSize = 16 - gcmTagSize = 12 - gcmStandardNonceSize = 12 -) - -func (g *gcm) NonceSize() int { - return g.nonceSize -} - -func (*gcm) Overhead() int { - return gcmTagSize -} - -func (g *gcm) Seal(dst, nonce, plaintext, data []byte) []byte { - if len(nonce) != g.nonceSize { - panic("cipher: incorrect nonce length given to GCM") - } - ret, out := sliceForAppend(dst, len(plaintext)+gcmTagSize) - - var counter, tagMask [gcmBlockSize]byte - g.deriveCounter(&counter, nonce) - - g.cipher.Encrypt(tagMask[:], counter[:]) - gcmInc32(&counter) - - g.counterCrypt(out, plaintext, &counter) - - tag := make([]byte, 16) - g.auth(tag, out[:len(plaintext)], data, &tagMask) - copy(ret[len(ret)-12:], tag) - - return ret -} - -var errOpen = errors.New("cipher: message authentication failed") - -func (g *gcm) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { - if len(nonce) != g.nonceSize { - panic("cipher: incorrect nonce length given to GCM") - } - - if len(ciphertext) < gcmTagSize { - return nil, errOpen - } - tag := ciphertext[len(ciphertext)-gcmTagSize:] - ciphertext = ciphertext[:len(ciphertext)-gcmTagSize] - - var counter, tagMask [gcmBlockSize]byte - g.deriveCounter(&counter, nonce) - - g.cipher.Encrypt(tagMask[:], counter[:]) - gcmInc32(&counter) - - var expectedTag [gcmBlockSize]byte - g.auth(expectedTag[:], ciphertext, data, &tagMask) - - ret, out := sliceForAppend(dst, len(ciphertext)) - - if subtle.ConstantTimeCompare(expectedTag[:gcmTagSize], tag) != 1 { - // The AESNI code decrypts and authenticates concurrently, and - // so overwrites dst in the event of a tag mismatch. That - // behaviour is mimicked here in order to be consistent across - // platforms. - for i := range out { - out[i] = 0 - } - return nil, errOpen - } - - g.counterCrypt(out, ciphertext, &counter) - - return ret, nil -} - -// reverseBits reverses the order of the bits of 4-bit number in i. -func reverseBits(i int) int { - i = ((i << 2) & 0xc) | ((i >> 2) & 0x3) - i = ((i << 1) & 0xa) | ((i >> 1) & 0x5) - return i -} - -// gcmAdd adds two elements of GF(2¹²⁸) and returns the sum. -func gcmAdd(x, y *gcmFieldElement) gcmFieldElement { - // Addition in a characteristic 2 field is just XOR. - return gcmFieldElement{x.low ^ y.low, x.high ^ y.high} -} - -// gcmDouble returns the result of doubling an element of GF(2¹²⁸). -func gcmDouble(x *gcmFieldElement) (double gcmFieldElement) { - msbSet := x.high&1 == 1 - - // Because of the bit-ordering, doubling is actually a right shift. - double.high = x.high >> 1 - double.high |= x.low << 63 - double.low = x.low >> 1 - - // If the most-significant bit was set before shifting then it, - // conceptually, becomes a term of x^128. This is greater than the - // irreducible polynomial so the result has to be reduced. The - // irreducible polynomial is 1+x+x^2+x^7+x^128. We can subtract that to - // eliminate the term at x^128 which also means subtracting the other - // four terms. In characteristic 2 fields, subtraction == addition == - // XOR. - if msbSet { - double.low ^= 0xe100000000000000 - } - - return -} - -var gcmReductionTable = []uint16{ - 0x0000, 0x1c20, 0x3840, 0x2460, 0x7080, 0x6ca0, 0x48c0, 0x54e0, - 0xe100, 0xfd20, 0xd940, 0xc560, 0x9180, 0x8da0, 0xa9c0, 0xb5e0, -} - -// mul sets y to y*H, where H is the GCM key, fixed during NewGCMWithNonceSize. -func (g *gcm) mul(y *gcmFieldElement) { - var z gcmFieldElement - - for i := 0; i < 2; i++ { - word := y.high - if i == 1 { - word = y.low - } - - // Multiplication works by multiplying z by 16 and adding in - // one of the precomputed multiples of H. - for j := 0; j < 64; j += 4 { - msw := z.high & 0xf - z.high >>= 4 - z.high |= z.low << 60 - z.low >>= 4 - z.low ^= uint64(gcmReductionTable[msw]) << 48 - - // the values in |table| are ordered for - // little-endian bit positions. See the comment - // in NewGCMWithNonceSize. - t := &g.productTable[word&0xf] - - z.low ^= t.low - z.high ^= t.high - word >>= 4 - } - } - - *y = z -} - -// updateBlocks extends y with more polynomial terms from blocks, based on -// Horner's rule. There must be a multiple of gcmBlockSize bytes in blocks. -func (g *gcm) updateBlocks(y *gcmFieldElement, blocks []byte) { - for len(blocks) > 0 { - y.low ^= getUint64(blocks) - y.high ^= getUint64(blocks[8:]) - g.mul(y) - blocks = blocks[gcmBlockSize:] - } -} - -// update extends y with more polynomial terms from data. If data is not a -// multiple of gcmBlockSize bytes long then the remainder is zero padded. -func (g *gcm) update(y *gcmFieldElement, data []byte) { - fullBlocks := (len(data) >> 4) << 4 - g.updateBlocks(y, data[:fullBlocks]) - - if len(data) != fullBlocks { - var partialBlock [gcmBlockSize]byte - copy(partialBlock[:], data[fullBlocks:]) - g.updateBlocks(y, partialBlock[:]) - } -} - -// gcmInc32 treats the final four bytes of counterBlock as a big-endian value -// and increments it. -func gcmInc32(counterBlock *[16]byte) { - for i := gcmBlockSize - 1; i >= gcmBlockSize-4; i-- { - counterBlock[i]++ - if counterBlock[i] != 0 { - break - } - } -} - -// sliceForAppend takes a slice and a requested number of bytes. It returns a -// slice with the contents of the given slice followed by that many bytes and a -// second slice that aliases into it and contains only the extra bytes. If the -// original slice has sufficient capacity then no allocation is performed. -func sliceForAppend(in []byte, n int) (head, tail []byte) { - if total := len(in) + n; cap(in) >= total { - head = in[:total] - } else { - head = make([]byte, total) - copy(head, in) - } - tail = head[len(in):] - return -} - -// counterCrypt crypts in to out using g.cipher in counter mode. -func (g *gcm) counterCrypt(out, in []byte, counter *[gcmBlockSize]byte) { - var mask [gcmBlockSize]byte - - for len(in) >= gcmBlockSize { - g.cipher.Encrypt(mask[:], counter[:]) - gcmInc32(counter) - - xorWords(out, in, mask[:]) - out = out[gcmBlockSize:] - in = in[gcmBlockSize:] - } - - if len(in) > 0 { - g.cipher.Encrypt(mask[:], counter[:]) - gcmInc32(counter) - xorBytes(out, in, mask[:]) - } -} - -// deriveCounter computes the initial GCM counter state from the given nonce. -// See NIST SP 800-38D, section 7.1. This assumes that counter is filled with -// zeros on entry. -func (g *gcm) deriveCounter(counter *[gcmBlockSize]byte, nonce []byte) { - // GCM has two modes of operation with respect to the initial counter - // state: a "fast path" for 96-bit (12-byte) nonces, and a "slow path" - // for nonces of other lengths. For a 96-bit nonce, the nonce, along - // with a four-byte big-endian counter starting at one, is used - // directly as the starting counter. For other nonce sizes, the counter - // is computed by passing it through the GHASH function. - if len(nonce) == gcmStandardNonceSize { - copy(counter[:], nonce) - counter[gcmBlockSize-1] = 1 - } else { - var y gcmFieldElement - g.update(&y, nonce) - y.high ^= uint64(len(nonce)) * 8 - g.mul(&y) - putUint64(counter[:8], y.low) - putUint64(counter[8:], y.high) - } -} - -// auth calculates GHASH(ciphertext, additionalData), masks the result with -// tagMask and writes the result to out. -func (g *gcm) auth(out, ciphertext, additionalData []byte, tagMask *[gcmBlockSize]byte) { - var y gcmFieldElement - g.update(&y, additionalData) - g.update(&y, ciphertext) - - y.low ^= uint64(len(additionalData)) * 8 - y.high ^= uint64(len(ciphertext)) * 8 - - g.mul(&y) - - putUint64(out, y.low) - putUint64(out[8:], y.high) - - xorWords(out, out, tagMask[:]) -} - -func getUint64(data []byte) uint64 { - r := uint64(data[0])<<56 | - uint64(data[1])<<48 | - uint64(data[2])<<40 | - uint64(data[3])<<32 | - uint64(data[4])<<24 | - uint64(data[5])<<16 | - uint64(data[6])<<8 | - uint64(data[7]) - return r -} - -func putUint64(out []byte, v uint64) { - out[0] = byte(v >> 56) - out[1] = byte(v >> 48) - out[2] = byte(v >> 40) - out[3] = byte(v >> 32) - out[4] = byte(v >> 24) - out[5] = byte(v >> 16) - out[6] = byte(v >> 8) - out[7] = byte(v) -} diff --git a/vendor/github.com/lucas-clemente/aes12/gcm_amd64.s b/vendor/github.com/lucas-clemente/aes12/gcm_amd64.s deleted file mode 100644 index c25badd5..00000000 --- a/vendor/github.com/lucas-clemente/aes12/gcm_amd64.s +++ /dev/null @@ -1,1277 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// This is an optimized implementation of AES-GCM using AES-NI and CLMUL-NI -// The implementation uses some optimization as described in: -// [1] Gueron, S., Kounavis, M.E.: Intel® Carry-Less Multiplication -// Instruction and its Usage for Computing the GCM Mode rev. 2.02 -// [2] Gueron, S., Krasnov, V.: Speeding up Counter Mode in Software and -// Hardware - -#include "textflag.h" - -#define B0 X0 -#define B1 X1 -#define B2 X2 -#define B3 X3 -#define B4 X4 -#define B5 X5 -#define B6 X6 -#define B7 X7 - -#define ACC0 X8 -#define ACC1 X9 -#define ACCM X10 - -#define T0 X11 -#define T1 X12 -#define T2 X13 -#define POLY X14 -#define BSWAP X15 - -DATA bswapMask<>+0x00(SB)/8, $0x08090a0b0c0d0e0f -DATA bswapMask<>+0x08(SB)/8, $0x0001020304050607 - -DATA gcmPoly<>+0x00(SB)/8, $0x0000000000000001 -DATA gcmPoly<>+0x08(SB)/8, $0xc200000000000000 - -DATA andMask<>+0x00(SB)/8, $0x00000000000000ff -DATA andMask<>+0x08(SB)/8, $0x0000000000000000 -DATA andMask<>+0x10(SB)/8, $0x000000000000ffff -DATA andMask<>+0x18(SB)/8, $0x0000000000000000 -DATA andMask<>+0x20(SB)/8, $0x0000000000ffffff -DATA andMask<>+0x28(SB)/8, $0x0000000000000000 -DATA andMask<>+0x30(SB)/8, $0x00000000ffffffff -DATA andMask<>+0x38(SB)/8, $0x0000000000000000 -DATA andMask<>+0x40(SB)/8, $0x000000ffffffffff -DATA andMask<>+0x48(SB)/8, $0x0000000000000000 -DATA andMask<>+0x50(SB)/8, $0x0000ffffffffffff -DATA andMask<>+0x58(SB)/8, $0x0000000000000000 -DATA andMask<>+0x60(SB)/8, $0x00ffffffffffffff -DATA andMask<>+0x68(SB)/8, $0x0000000000000000 -DATA andMask<>+0x70(SB)/8, $0xffffffffffffffff -DATA andMask<>+0x78(SB)/8, $0x0000000000000000 -DATA andMask<>+0x80(SB)/8, $0xffffffffffffffff -DATA andMask<>+0x88(SB)/8, $0x00000000000000ff -DATA andMask<>+0x90(SB)/8, $0xffffffffffffffff -DATA andMask<>+0x98(SB)/8, $0x000000000000ffff -DATA andMask<>+0xa0(SB)/8, $0xffffffffffffffff -DATA andMask<>+0xa8(SB)/8, $0x0000000000ffffff -DATA andMask<>+0xb0(SB)/8, $0xffffffffffffffff -DATA andMask<>+0xb8(SB)/8, $0x00000000ffffffff -DATA andMask<>+0xc0(SB)/8, $0xffffffffffffffff -DATA andMask<>+0xc8(SB)/8, $0x000000ffffffffff -DATA andMask<>+0xd0(SB)/8, $0xffffffffffffffff -DATA andMask<>+0xd8(SB)/8, $0x0000ffffffffffff -DATA andMask<>+0xe0(SB)/8, $0xffffffffffffffff -DATA andMask<>+0xe8(SB)/8, $0x00ffffffffffffff - -GLOBL bswapMask<>(SB), (NOPTR+RODATA), $16 -GLOBL gcmPoly<>(SB), (NOPTR+RODATA), $16 -GLOBL andMask<>(SB), (NOPTR+RODATA), $240 - -// func hasGCMAsm() bool -// returns whether AES-NI AND CLMUL-NI are supported -TEXT ·hasGCMAsm(SB),NOSPLIT,$0 - XORQ AX, AX - INCL AX - CPUID - MOVQ CX, DX - SHRQ $25, CX - SHRQ $1, DX - ANDQ DX, CX - ANDQ $1, CX - MOVB CX, ret+0(FP) - RET - -// func aesEncBlock(dst, src *[16]byte, ks []uint32) -TEXT ·aesEncBlock(SB),NOSPLIT,$0 - MOVQ dst+0(FP), DI - MOVQ src+8(FP), SI - MOVQ ks_base+16(FP), DX - MOVQ ks_len+24(FP), CX - - SHRQ $2, CX - DECQ CX - - MOVOU (SI), X0 - MOVOU (16*0)(DX), X1 - PXOR X1, X0 - MOVOU (16*1)(DX), X1 - AESENC X1, X0 - MOVOU (16*2)(DX), X1 - AESENC X1, X0 - MOVOU (16*3)(DX), X1 - AESENC X1, X0 - MOVOU (16*4)(DX), X1 - AESENC X1, X0 - MOVOU (16*5)(DX), X1 - AESENC X1, X0 - MOVOU (16*6)(DX), X1 - AESENC X1, X0 - MOVOU (16*7)(DX), X1 - AESENC X1, X0 - MOVOU (16*8)(DX), X1 - AESENC X1, X0 - MOVOU (16*9)(DX), X1 - AESENC X1, X0 - MOVOU (16*10)(DX), X1 - CMPQ CX, $12 - JB encLast - AESENC X1, X0 - MOVOU (16*11)(DX), X1 - AESENC X1, X0 - MOVOU (16*12)(DX), X1 - JE encLast - AESENC X1, X0 - MOVOU (16*13)(DX), X1 - AESENC X1, X0 - MOVOU (16*14)(DX), X1 - -encLast: - AESENCLAST X1, X0 - MOVOU X0, (DI) - - RET - -// func gcmAesFinish(productTable *[256]byte, tagMask, T *[16]byte, pLen, dLen uint64) -TEXT ·gcmAesFinish(SB),NOSPLIT,$0 -#define pTbl DI -#define tMsk SI -#define tPtr DX -#define plen AX -#define dlen CX - - MOVQ productTable+0(FP), pTbl - MOVQ tagMask+8(FP), tMsk - MOVQ T+16(FP), tPtr - MOVQ pLen+24(FP), plen - MOVQ dLen+32(FP), dlen - - MOVOU (tPtr), ACC0 - MOVOU (tMsk), T2 - - MOVOU bswapMask<>(SB), BSWAP - MOVOU gcmPoly<>(SB), POLY - - SHLQ $3, plen - SHLQ $3, dlen - - MOVQ plen, B0 - PINSRQ $1, dlen, B0 - - PXOR ACC0, B0 - - MOVOU (16*14)(pTbl), ACC0 - MOVOU (16*15)(pTbl), ACCM - MOVOU ACC0, ACC1 - - PCLMULQDQ $0x00, B0, ACC0 - PCLMULQDQ $0x11, B0, ACC1 - PSHUFD $78, B0, T0 - PXOR B0, T0 - PCLMULQDQ $0x00, T0, ACCM - - PXOR ACC0, ACCM - PXOR ACC1, ACCM - MOVOU ACCM, T0 - PSRLDQ $8, ACCM - PSLLDQ $8, T0 - PXOR ACCM, ACC1 - PXOR T0, ACC0 - - MOVOU POLY, T0 - PCLMULQDQ $0x01, ACC0, T0 - PSHUFD $78, ACC0, ACC0 - PXOR T0, ACC0 - - MOVOU POLY, T0 - PCLMULQDQ $0x01, ACC0, T0 - PSHUFD $78, ACC0, ACC0 - PXOR T0, ACC0 - - PXOR ACC1, ACC0 - - PSHUFB BSWAP, ACC0 - PXOR T2, ACC0 - MOVOU ACC0, (tPtr) - - RET -#undef pTbl -#undef tMsk -#undef tPtr -#undef plen -#undef dlen - -// func gcmAesInit(productTable *[256]byte, ks []uint32) -TEXT ·gcmAesInit(SB),NOSPLIT,$0 -#define dst DI -#define KS SI -#define NR DX - - MOVQ productTable+0(FP), dst - MOVQ ks_base+8(FP), KS - MOVQ ks_len+16(FP), NR - - SHRQ $2, NR - DECQ NR - - MOVOU bswapMask<>(SB), BSWAP - MOVOU gcmPoly<>(SB), POLY - - // Encrypt block 0, with the AES key to generate the hash key H - MOVOU (16*0)(KS), B0 - MOVOU (16*1)(KS), T0 - AESENC T0, B0 - MOVOU (16*2)(KS), T0 - AESENC T0, B0 - MOVOU (16*3)(KS), T0 - AESENC T0, B0 - MOVOU (16*4)(KS), T0 - AESENC T0, B0 - MOVOU (16*5)(KS), T0 - AESENC T0, B0 - MOVOU (16*6)(KS), T0 - AESENC T0, B0 - MOVOU (16*7)(KS), T0 - AESENC T0, B0 - MOVOU (16*8)(KS), T0 - AESENC T0, B0 - MOVOU (16*9)(KS), T0 - AESENC T0, B0 - MOVOU (16*10)(KS), T0 - CMPQ NR, $12 - JB initEncLast - AESENC T0, B0 - MOVOU (16*11)(KS), T0 - AESENC T0, B0 - MOVOU (16*12)(KS), T0 - JE initEncLast - AESENC T0, B0 - MOVOU (16*13)(KS), T0 - AESENC T0, B0 - MOVOU (16*14)(KS), T0 -initEncLast: - AESENCLAST T0, B0 - - PSHUFB BSWAP, B0 - // H * 2 - PSHUFD $0xff, B0, T0 - MOVOU B0, T1 - PSRAL $31, T0 - PAND POLY, T0 - PSRLL $31, T1 - PSLLDQ $4, T1 - PSLLL $1, B0 - PXOR T0, B0 - PXOR T1, B0 - // Karatsuba pre-computations - MOVOU B0, (16*14)(dst) - PSHUFD $78, B0, B1 - PXOR B0, B1 - MOVOU B1, (16*15)(dst) - - MOVOU B0, B2 - MOVOU B1, B3 - // Now prepare powers of H and pre-computations for them - MOVQ $7, AX - -initLoop: - MOVOU B2, T0 - MOVOU B2, T1 - MOVOU B3, T2 - PCLMULQDQ $0x00, B0, T0 - PCLMULQDQ $0x11, B0, T1 - PCLMULQDQ $0x00, B1, T2 - - PXOR T0, T2 - PXOR T1, T2 - MOVOU T2, B4 - PSLLDQ $8, B4 - PSRLDQ $8, T2 - PXOR B4, T0 - PXOR T2, T1 - - MOVOU POLY, B2 - PCLMULQDQ $0x01, T0, B2 - PSHUFD $78, T0, T0 - PXOR B2, T0 - MOVOU POLY, B2 - PCLMULQDQ $0x01, T0, B2 - PSHUFD $78, T0, T0 - PXOR T0, B2 - PXOR T1, B2 - - MOVOU B2, (16*12)(dst) - PSHUFD $78, B2, B3 - PXOR B2, B3 - MOVOU B3, (16*13)(dst) - - DECQ AX - LEAQ (-16*2)(dst), dst - JNE initLoop - - RET -#undef NR -#undef KS -#undef dst - -// func gcmAesData(productTable *[256]byte, data []byte, T *[16]byte) -TEXT ·gcmAesData(SB),NOSPLIT,$0 -#define pTbl DI -#define aut SI -#define tPtr CX -#define autLen DX - - MOVQ productTable+0(FP), pTbl - MOVQ data_base+8(FP), aut - MOVQ data_len+16(FP), autLen - MOVQ T+32(FP), tPtr - - PXOR ACC0, ACC0 - MOVOU bswapMask<>(SB), BSWAP - MOVOU gcmPoly<>(SB), POLY - - MOVOU (16*14)(pTbl), T1 - MOVOU (16*15)(pTbl), T2 - - TESTQ autLen, autLen - JEQ dataBail - - CMPQ autLen, $13 // optimize the TLS case - JNE dataSinglesLoop - - PXOR B0, B0 - MOVQ (aut), B0 - PINSRD $2, 8(aut), B0 - PINSRB $12, 12(aut), B0 - XORQ autLen, autLen - JMP dataMul - -dataSinglesLoop: - - CMPQ autLen, $16 - JB dataEnd - SUBQ $16, autLen - - MOVOU (aut), B0 -dataMul: - PSHUFB BSWAP, B0 - PXOR ACC0, B0 - - MOVOU T1, ACC0 - MOVOU T2, ACCM - MOVOU T1, ACC1 - - PSHUFD $78, B0, T0 - PXOR B0, T0 - PCLMULQDQ $0x00, B0, ACC0 - PCLMULQDQ $0x11, B0, ACC1 - PCLMULQDQ $0x00, T0, ACCM - - PXOR ACC0, ACCM - PXOR ACC1, ACCM - MOVOU ACCM, T0 - PSRLDQ $8, ACCM - PSLLDQ $8, T0 - PXOR ACCM, ACC1 - PXOR T0, ACC0 - - MOVOU POLY, T0 - PCLMULQDQ $0x01, ACC0, T0 - PSHUFD $78, ACC0, ACC0 - PXOR T0, ACC0 - - MOVOU POLY, T0 - PCLMULQDQ $0x01, ACC0, T0 - PSHUFD $78, ACC0, ACC0 - PXOR T0, ACC0 - PXOR ACC1, ACC0 - - LEAQ 16(aut), aut - - JMP dataSinglesLoop - -dataEnd: - - TESTQ autLen, autLen - JEQ dataBail - - PXOR B0, B0 - LEAQ -1(aut)(autLen*1), aut - -dataLoadLoop: - - PSLLDQ $1, B0 - PINSRB $0, (aut), B0 - - LEAQ -1(aut), aut - DECQ autLen - JNE dataLoadLoop - - JMP dataMul - -dataBail: - MOVOU ACC0, (tPtr) - RET -#undef pTbl -#undef aut -#undef tPtr -#undef autLen - -// func gcmAesEnc(productTable *[256]byte, dst, src []byte, ctr, T *[16]byte, ks []uint32) -TEXT ·gcmAesEnc(SB),0,$256-96 -#define pTbl DI -#define ctx DX -#define ctrPtr CX -#define ptx SI -#define ks AX -#define tPtr R8 -#define ptxLen R9 -#define aluCTR R10 -#define aluTMP R11 -#define aluK R12 -#define NR R13 - -#define increment(i) ADDL $1, aluCTR; MOVL aluCTR, aluTMP; XORL aluK, aluTMP; BSWAPL aluTMP; MOVL aluTMP, (3*4 + 8*16 + i*16)(SP) -#define aesRnd(k) AESENC k, B0; AESENC k, B1; AESENC k, B2; AESENC k, B3; AESENC k, B4; AESENC k, B5; AESENC k, B6; AESENC k, B7 -#define aesRound(i) MOVOU (16*i)(ks), T0;AESENC T0, B0; AESENC T0, B1; AESENC T0, B2; AESENC T0, B3; AESENC T0, B4; AESENC T0, B5; AESENC T0, B6; AESENC T0, B7 -#define aesRndLast(k) AESENCLAST k, B0; AESENCLAST k, B1; AESENCLAST k, B2; AESENCLAST k, B3; AESENCLAST k, B4; AESENCLAST k, B5; AESENCLAST k, B6; AESENCLAST k, B7 -#define reduceRound(a) MOVOU POLY, T0; PCLMULQDQ $0x01, a, T0; PSHUFD $78, a, a; PXOR T0, a -#define combinedRound(i) \ - MOVOU (16*i)(ks), T0;\ - AESENC T0, B0;\ - AESENC T0, B1;\ - AESENC T0, B2;\ - AESENC T0, B3;\ - MOVOU (16*(i*2))(pTbl), T1;\ - MOVOU T1, T2;\ - AESENC T0, B4;\ - AESENC T0, B5;\ - AESENC T0, B6;\ - AESENC T0, B7;\ - MOVOU (16*i)(SP), T0;\ - PCLMULQDQ $0x00, T0, T1;\ - PXOR T1, ACC0;\ - PSHUFD $78, T0, T1;\ - PCLMULQDQ $0x11, T0, T2;\ - PXOR T1, T0;\ - PXOR T2, ACC1;\ - MOVOU (16*(i*2+1))(pTbl), T2;\ - PCLMULQDQ $0x00, T2, T0;\ - PXOR T0, ACCM -#define mulRound(i) \ - MOVOU (16*i)(SP), T0;\ - MOVOU (16*(i*2))(pTbl), T1;\ - MOVOU T1, T2;\ - PCLMULQDQ $0x00, T0, T1;\ - PXOR T1, ACC0;\ - PCLMULQDQ $0x11, T0, T2;\ - PXOR T2, ACC1;\ - PSHUFD $78, T0, T1;\ - PXOR T1, T0;\ - MOVOU (16*(i*2+1))(pTbl), T1;\ - PCLMULQDQ $0x00, T0, T1;\ - PXOR T1, ACCM - - MOVQ productTable+0(FP), pTbl - MOVQ dst+8(FP), ctx - MOVQ src_base+32(FP), ptx - MOVQ src_len+40(FP), ptxLen - MOVQ ctr+56(FP), ctrPtr - MOVQ T+64(FP), tPtr - MOVQ ks_base+72(FP), ks - MOVQ ks_len+80(FP), NR - - SHRQ $2, NR - DECQ NR - - MOVOU bswapMask<>(SB), BSWAP - MOVOU gcmPoly<>(SB), POLY - - MOVOU (tPtr), ACC0 - PXOR ACC1, ACC1 - PXOR ACCM, ACCM - MOVOU (ctrPtr), B0 - MOVL (3*4)(ctrPtr), aluCTR - MOVOU (ks), T0 - MOVL (3*4)(ks), aluK - BSWAPL aluCTR - BSWAPL aluK - - PXOR B0, T0 - MOVOU T0, (8*16 + 0*16)(SP) - increment(0) - - CMPQ ptxLen, $128 - JB gcmAesEncSingles - SUBQ $128, ptxLen - - // We have at least 8 blocks to encrypt, prepare the rest of the counters - MOVOU T0, (8*16 + 1*16)(SP) - increment(1) - MOVOU T0, (8*16 + 2*16)(SP) - increment(2) - MOVOU T0, (8*16 + 3*16)(SP) - increment(3) - MOVOU T0, (8*16 + 4*16)(SP) - increment(4) - MOVOU T0, (8*16 + 5*16)(SP) - increment(5) - MOVOU T0, (8*16 + 6*16)(SP) - increment(6) - MOVOU T0, (8*16 + 7*16)(SP) - increment(7) - - MOVOU (8*16 + 0*16)(SP), B0 - MOVOU (8*16 + 1*16)(SP), B1 - MOVOU (8*16 + 2*16)(SP), B2 - MOVOU (8*16 + 3*16)(SP), B3 - MOVOU (8*16 + 4*16)(SP), B4 - MOVOU (8*16 + 5*16)(SP), B5 - MOVOU (8*16 + 6*16)(SP), B6 - MOVOU (8*16 + 7*16)(SP), B7 - - aesRound(1) - increment(0) - aesRound(2) - increment(1) - aesRound(3) - increment(2) - aesRound(4) - increment(3) - aesRound(5) - increment(4) - aesRound(6) - increment(5) - aesRound(7) - increment(6) - aesRound(8) - increment(7) - aesRound(9) - MOVOU (16*10)(ks), T0 - CMPQ NR, $12 - JB encLast1 - aesRnd(T0) - aesRound(11) - MOVOU (16*12)(ks), T0 - JE encLast1 - aesRnd(T0) - aesRound(13) - MOVOU (16*14)(ks), T0 -encLast1: - aesRndLast(T0) - - MOVOU (16*0)(ptx), T0 - PXOR T0, B0 - MOVOU (16*1)(ptx), T0 - PXOR T0, B1 - MOVOU (16*2)(ptx), T0 - PXOR T0, B2 - MOVOU (16*3)(ptx), T0 - PXOR T0, B3 - MOVOU (16*4)(ptx), T0 - PXOR T0, B4 - MOVOU (16*5)(ptx), T0 - PXOR T0, B5 - MOVOU (16*6)(ptx), T0 - PXOR T0, B6 - MOVOU (16*7)(ptx), T0 - PXOR T0, B7 - - MOVOU B0, (16*0)(ctx) - PSHUFB BSWAP, B0 - PXOR ACC0, B0 - MOVOU B1, (16*1)(ctx) - PSHUFB BSWAP, B1 - MOVOU B2, (16*2)(ctx) - PSHUFB BSWAP, B2 - MOVOU B3, (16*3)(ctx) - PSHUFB BSWAP, B3 - MOVOU B4, (16*4)(ctx) - PSHUFB BSWAP, B4 - MOVOU B5, (16*5)(ctx) - PSHUFB BSWAP, B5 - MOVOU B6, (16*6)(ctx) - PSHUFB BSWAP, B6 - MOVOU B7, (16*7)(ctx) - PSHUFB BSWAP, B7 - - MOVOU B0, (16*0)(SP) - MOVOU B1, (16*1)(SP) - MOVOU B2, (16*2)(SP) - MOVOU B3, (16*3)(SP) - MOVOU B4, (16*4)(SP) - MOVOU B5, (16*5)(SP) - MOVOU B6, (16*6)(SP) - MOVOU B7, (16*7)(SP) - - LEAQ 128(ptx), ptx - LEAQ 128(ctx), ctx - -gcmAesEncOctetsLoop: - - CMPQ ptxLen, $128 - JB gcmAesEncOctetsEnd - SUBQ $128, ptxLen - - MOVOU (8*16 + 0*16)(SP), B0 - MOVOU (8*16 + 1*16)(SP), B1 - MOVOU (8*16 + 2*16)(SP), B2 - MOVOU (8*16 + 3*16)(SP), B3 - MOVOU (8*16 + 4*16)(SP), B4 - MOVOU (8*16 + 5*16)(SP), B5 - MOVOU (8*16 + 6*16)(SP), B6 - MOVOU (8*16 + 7*16)(SP), B7 - - MOVOU (16*0)(SP), T0 - PSHUFD $78, T0, T1 - PXOR T0, T1 - - MOVOU (16*0)(pTbl), ACC0 - MOVOU (16*1)(pTbl), ACCM - MOVOU ACC0, ACC1 - - PCLMULQDQ $0x00, T1, ACCM - PCLMULQDQ $0x00, T0, ACC0 - PCLMULQDQ $0x11, T0, ACC1 - - combinedRound(1) - increment(0) - combinedRound(2) - increment(1) - combinedRound(3) - increment(2) - combinedRound(4) - increment(3) - combinedRound(5) - increment(4) - combinedRound(6) - increment(5) - combinedRound(7) - increment(6) - - aesRound(8) - increment(7) - - PXOR ACC0, ACCM - PXOR ACC1, ACCM - MOVOU ACCM, T0 - PSRLDQ $8, ACCM - PSLLDQ $8, T0 - PXOR ACCM, ACC1 - PXOR T0, ACC0 - - reduceRound(ACC0) - aesRound(9) - - reduceRound(ACC0) - PXOR ACC1, ACC0 - - MOVOU (16*10)(ks), T0 - CMPQ NR, $12 - JB encLast2 - aesRnd(T0) - aesRound(11) - MOVOU (16*12)(ks), T0 - JE encLast2 - aesRnd(T0) - aesRound(13) - MOVOU (16*14)(ks), T0 -encLast2: - aesRndLast(T0) - - MOVOU (16*0)(ptx), T0 - PXOR T0, B0 - MOVOU (16*1)(ptx), T0 - PXOR T0, B1 - MOVOU (16*2)(ptx), T0 - PXOR T0, B2 - MOVOU (16*3)(ptx), T0 - PXOR T0, B3 - MOVOU (16*4)(ptx), T0 - PXOR T0, B4 - MOVOU (16*5)(ptx), T0 - PXOR T0, B5 - MOVOU (16*6)(ptx), T0 - PXOR T0, B6 - MOVOU (16*7)(ptx), T0 - PXOR T0, B7 - - MOVOU B0, (16*0)(ctx) - PSHUFB BSWAP, B0 - PXOR ACC0, B0 - MOVOU B1, (16*1)(ctx) - PSHUFB BSWAP, B1 - MOVOU B2, (16*2)(ctx) - PSHUFB BSWAP, B2 - MOVOU B3, (16*3)(ctx) - PSHUFB BSWAP, B3 - MOVOU B4, (16*4)(ctx) - PSHUFB BSWAP, B4 - MOVOU B5, (16*5)(ctx) - PSHUFB BSWAP, B5 - MOVOU B6, (16*6)(ctx) - PSHUFB BSWAP, B6 - MOVOU B7, (16*7)(ctx) - PSHUFB BSWAP, B7 - - MOVOU B0, (16*0)(SP) - MOVOU B1, (16*1)(SP) - MOVOU B2, (16*2)(SP) - MOVOU B3, (16*3)(SP) - MOVOU B4, (16*4)(SP) - MOVOU B5, (16*5)(SP) - MOVOU B6, (16*6)(SP) - MOVOU B7, (16*7)(SP) - - LEAQ 128(ptx), ptx - LEAQ 128(ctx), ctx - - JMP gcmAesEncOctetsLoop - -gcmAesEncOctetsEnd: - - MOVOU (16*0)(SP), T0 - MOVOU (16*0)(pTbl), ACC0 - MOVOU (16*1)(pTbl), ACCM - MOVOU ACC0, ACC1 - PSHUFD $78, T0, T1 - PXOR T0, T1 - PCLMULQDQ $0x00, T0, ACC0 - PCLMULQDQ $0x11, T0, ACC1 - PCLMULQDQ $0x00, T1, ACCM - - mulRound(1) - mulRound(2) - mulRound(3) - mulRound(4) - mulRound(5) - mulRound(6) - mulRound(7) - - PXOR ACC0, ACCM - PXOR ACC1, ACCM - MOVOU ACCM, T0 - PSRLDQ $8, ACCM - PSLLDQ $8, T0 - PXOR ACCM, ACC1 - PXOR T0, ACC0 - - reduceRound(ACC0) - reduceRound(ACC0) - PXOR ACC1, ACC0 - - TESTQ ptxLen, ptxLen - JE gcmAesEncDone - - SUBQ $7, aluCTR - -gcmAesEncSingles: - - MOVOU (16*1)(ks), B1 - MOVOU (16*2)(ks), B2 - MOVOU (16*3)(ks), B3 - MOVOU (16*4)(ks), B4 - MOVOU (16*5)(ks), B5 - MOVOU (16*6)(ks), B6 - MOVOU (16*7)(ks), B7 - - MOVOU (16*14)(pTbl), T2 - -gcmAesEncSinglesLoop: - - CMPQ ptxLen, $16 - JB gcmAesEncTail - SUBQ $16, ptxLen - - MOVOU (8*16 + 0*16)(SP), B0 - increment(0) - - AESENC B1, B0 - AESENC B2, B0 - AESENC B3, B0 - AESENC B4, B0 - AESENC B5, B0 - AESENC B6, B0 - AESENC B7, B0 - MOVOU (16*8)(ks), T0 - AESENC T0, B0 - MOVOU (16*9)(ks), T0 - AESENC T0, B0 - MOVOU (16*10)(ks), T0 - CMPQ NR, $12 - JB encLast3 - AESENC T0, B0 - MOVOU (16*11)(ks), T0 - AESENC T0, B0 - MOVOU (16*12)(ks), T0 - JE encLast3 - AESENC T0, B0 - MOVOU (16*13)(ks), T0 - AESENC T0, B0 - MOVOU (16*14)(ks), T0 -encLast3: - AESENCLAST T0, B0 - - MOVOU (ptx), T0 - PXOR T0, B0 - MOVOU B0, (ctx) - - PSHUFB BSWAP, B0 - PXOR ACC0, B0 - - MOVOU T2, ACC0 - MOVOU T2, ACC1 - MOVOU (16*15)(pTbl), ACCM - - PSHUFD $78, B0, T0 - PXOR B0, T0 - PCLMULQDQ $0x00, B0, ACC0 - PCLMULQDQ $0x11, B0, ACC1 - PCLMULQDQ $0x00, T0, ACCM - - PXOR ACC0, ACCM - PXOR ACC1, ACCM - MOVOU ACCM, T0 - PSRLDQ $8, ACCM - PSLLDQ $8, T0 - PXOR ACCM, ACC1 - PXOR T0, ACC0 - - reduceRound(ACC0) - reduceRound(ACC0) - PXOR ACC1, ACC0 - - LEAQ (16*1)(ptx), ptx - LEAQ (16*1)(ctx), ctx - - JMP gcmAesEncSinglesLoop - -gcmAesEncTail: - TESTQ ptxLen, ptxLen - JE gcmAesEncDone - - MOVOU (8*16 + 0*16)(SP), B0 - AESENC B1, B0 - AESENC B2, B0 - AESENC B3, B0 - AESENC B4, B0 - AESENC B5, B0 - AESENC B6, B0 - AESENC B7, B0 - MOVOU (16*8)(ks), T0 - AESENC T0, B0 - MOVOU (16*9)(ks), T0 - AESENC T0, B0 - MOVOU (16*10)(ks), T0 - CMPQ NR, $12 - JB encLast4 - AESENC T0, B0 - MOVOU (16*11)(ks), T0 - AESENC T0, B0 - MOVOU (16*12)(ks), T0 - JE encLast4 - AESENC T0, B0 - MOVOU (16*13)(ks), T0 - AESENC T0, B0 - MOVOU (16*14)(ks), T0 -encLast4: - AESENCLAST T0, B0 - MOVOU B0, T0 - - LEAQ -1(ptx)(ptxLen*1), ptx - - MOVQ ptxLen, aluTMP - SHLQ $4, aluTMP - - LEAQ andMask<>(SB), aluCTR - MOVOU -16(aluCTR)(aluTMP*1), T1 - - PXOR B0, B0 -ptxLoadLoop: - PSLLDQ $1, B0 - PINSRB $0, (ptx), B0 - LEAQ -1(ptx), ptx - DECQ ptxLen - JNE ptxLoadLoop - - PXOR T0, B0 - PAND T1, B0 - MOVOU B0, (ctx) // I assume there is always space, due to TAG in the end of the CT - - PSHUFB BSWAP, B0 - PXOR ACC0, B0 - - MOVOU T2, ACC0 - MOVOU T2, ACC1 - MOVOU (16*15)(pTbl), ACCM - - PSHUFD $78, B0, T0 - PXOR B0, T0 - PCLMULQDQ $0x00, B0, ACC0 - PCLMULQDQ $0x11, B0, ACC1 - PCLMULQDQ $0x00, T0, ACCM - - PXOR ACC0, ACCM - PXOR ACC1, ACCM - MOVOU ACCM, T0 - PSRLDQ $8, ACCM - PSLLDQ $8, T0 - PXOR ACCM, ACC1 - PXOR T0, ACC0 - - reduceRound(ACC0) - reduceRound(ACC0) - PXOR ACC1, ACC0 - -gcmAesEncDone: - MOVOU ACC0, (tPtr) - RET -#undef increment - -// func gcmAesDec(productTable *[256]byte, dst, src []byte, ctr, T *[16]byte, ks []uint32) -TEXT ·gcmAesDec(SB),0,$128-96 -#define increment(i) ADDL $1, aluCTR; MOVL aluCTR, aluTMP; XORL aluK, aluTMP; BSWAPL aluTMP; MOVL aluTMP, (3*4 + i*16)(SP) -#define combinedDecRound(i) \ - MOVOU (16*i)(ks), T0;\ - AESENC T0, B0;\ - AESENC T0, B1;\ - AESENC T0, B2;\ - AESENC T0, B3;\ - MOVOU (16*(i*2))(pTbl), T1;\ - MOVOU T1, T2;\ - AESENC T0, B4;\ - AESENC T0, B5;\ - AESENC T0, B6;\ - AESENC T0, B7;\ - MOVOU (16*i)(ctx), T0;\ - PSHUFB BSWAP, T0;\ - PCLMULQDQ $0x00, T0, T1;\ - PXOR T1, ACC0;\ - PSHUFD $78, T0, T1;\ - PCLMULQDQ $0x11, T0, T2;\ - PXOR T1, T0;\ - PXOR T2, ACC1;\ - MOVOU (16*(i*2+1))(pTbl), T2;\ - PCLMULQDQ $0x00, T2, T0;\ - PXOR T0, ACCM - - MOVQ productTable+0(FP), pTbl - MOVQ dst+8(FP), ptx - MOVQ src_base+32(FP), ctx - MOVQ src_len+40(FP), ptxLen - MOVQ ctr+56(FP), ctrPtr - MOVQ T+64(FP), tPtr - MOVQ ks_base+72(FP), ks - MOVQ ks_len+80(FP), NR - - SHRQ $2, NR - DECQ NR - - MOVOU bswapMask<>(SB), BSWAP - MOVOU gcmPoly<>(SB), POLY - - MOVOU (tPtr), ACC0 - PXOR ACC1, ACC1 - PXOR ACCM, ACCM - MOVOU (ctrPtr), B0 - MOVL (3*4)(ctrPtr), aluCTR - MOVOU (ks), T0 - MOVL (3*4)(ks), aluK - BSWAPL aluCTR - BSWAPL aluK - - PXOR B0, T0 - MOVOU T0, (0*16)(SP) - increment(0) - - CMPQ ptxLen, $128 - JB gcmAesDecSingles - - MOVOU T0, (1*16)(SP) - increment(1) - MOVOU T0, (2*16)(SP) - increment(2) - MOVOU T0, (3*16)(SP) - increment(3) - MOVOU T0, (4*16)(SP) - increment(4) - MOVOU T0, (5*16)(SP) - increment(5) - MOVOU T0, (6*16)(SP) - increment(6) - MOVOU T0, (7*16)(SP) - increment(7) - -gcmAesDecOctetsLoop: - - CMPQ ptxLen, $128 - JB gcmAesDecEndOctets - SUBQ $128, ptxLen - - MOVOU (0*16)(SP), B0 - MOVOU (1*16)(SP), B1 - MOVOU (2*16)(SP), B2 - MOVOU (3*16)(SP), B3 - MOVOU (4*16)(SP), B4 - MOVOU (5*16)(SP), B5 - MOVOU (6*16)(SP), B6 - MOVOU (7*16)(SP), B7 - - MOVOU (16*0)(ctx), T0 - PSHUFB BSWAP, T0 - PXOR ACC0, T0 - PSHUFD $78, T0, T1 - PXOR T0, T1 - - MOVOU (16*0)(pTbl), ACC0 - MOVOU (16*1)(pTbl), ACCM - MOVOU ACC0, ACC1 - - PCLMULQDQ $0x00, T1, ACCM - PCLMULQDQ $0x00, T0, ACC0 - PCLMULQDQ $0x11, T0, ACC1 - - combinedDecRound(1) - increment(0) - combinedDecRound(2) - increment(1) - combinedDecRound(3) - increment(2) - combinedDecRound(4) - increment(3) - combinedDecRound(5) - increment(4) - combinedDecRound(6) - increment(5) - combinedDecRound(7) - increment(6) - - aesRound(8) - increment(7) - - PXOR ACC0, ACCM - PXOR ACC1, ACCM - MOVOU ACCM, T0 - PSRLDQ $8, ACCM - PSLLDQ $8, T0 - PXOR ACCM, ACC1 - PXOR T0, ACC0 - - reduceRound(ACC0) - aesRound(9) - - reduceRound(ACC0) - PXOR ACC1, ACC0 - - MOVOU (16*10)(ks), T0 - CMPQ NR, $12 - JB decLast1 - aesRnd(T0) - aesRound(11) - MOVOU (16*12)(ks), T0 - JE decLast1 - aesRnd(T0) - aesRound(13) - MOVOU (16*14)(ks), T0 -decLast1: - aesRndLast(T0) - - MOVOU (16*0)(ctx), T0 - PXOR T0, B0 - MOVOU (16*1)(ctx), T0 - PXOR T0, B1 - MOVOU (16*2)(ctx), T0 - PXOR T0, B2 - MOVOU (16*3)(ctx), T0 - PXOR T0, B3 - MOVOU (16*4)(ctx), T0 - PXOR T0, B4 - MOVOU (16*5)(ctx), T0 - PXOR T0, B5 - MOVOU (16*6)(ctx), T0 - PXOR T0, B6 - MOVOU (16*7)(ctx), T0 - PXOR T0, B7 - - MOVOU B0, (16*0)(ptx) - MOVOU B1, (16*1)(ptx) - MOVOU B2, (16*2)(ptx) - MOVOU B3, (16*3)(ptx) - MOVOU B4, (16*4)(ptx) - MOVOU B5, (16*5)(ptx) - MOVOU B6, (16*6)(ptx) - MOVOU B7, (16*7)(ptx) - - LEAQ 128(ptx), ptx - LEAQ 128(ctx), ctx - - JMP gcmAesDecOctetsLoop - -gcmAesDecEndOctets: - - SUBQ $7, aluCTR - -gcmAesDecSingles: - - MOVOU (16*1)(ks), B1 - MOVOU (16*2)(ks), B2 - MOVOU (16*3)(ks), B3 - MOVOU (16*4)(ks), B4 - MOVOU (16*5)(ks), B5 - MOVOU (16*6)(ks), B6 - MOVOU (16*7)(ks), B7 - - MOVOU (16*14)(pTbl), T2 - -gcmAesDecSinglesLoop: - - CMPQ ptxLen, $16 - JB gcmAesDecTail - SUBQ $16, ptxLen - - MOVOU (ctx), B0 - MOVOU B0, T1 - PSHUFB BSWAP, B0 - PXOR ACC0, B0 - - MOVOU T2, ACC0 - MOVOU T2, ACC1 - MOVOU (16*15)(pTbl), ACCM - - PCLMULQDQ $0x00, B0, ACC0 - PCLMULQDQ $0x11, B0, ACC1 - PSHUFD $78, B0, T0 - PXOR B0, T0 - PCLMULQDQ $0x00, T0, ACCM - - PXOR ACC0, ACCM - PXOR ACC1, ACCM - MOVOU ACCM, T0 - PSRLDQ $8, ACCM - PSLLDQ $8, T0 - PXOR ACCM, ACC1 - PXOR T0, ACC0 - - reduceRound(ACC0) - reduceRound(ACC0) - PXOR ACC1, ACC0 - - MOVOU (0*16)(SP), B0 - increment(0) - AESENC B1, B0 - AESENC B2, B0 - AESENC B3, B0 - AESENC B4, B0 - AESENC B5, B0 - AESENC B6, B0 - AESENC B7, B0 - MOVOU (16*8)(ks), T0 - AESENC T0, B0 - MOVOU (16*9)(ks), T0 - AESENC T0, B0 - MOVOU (16*10)(ks), T0 - CMPQ NR, $12 - JB decLast2 - AESENC T0, B0 - MOVOU (16*11)(ks), T0 - AESENC T0, B0 - MOVOU (16*12)(ks), T0 - JE decLast2 - AESENC T0, B0 - MOVOU (16*13)(ks), T0 - AESENC T0, B0 - MOVOU (16*14)(ks), T0 -decLast2: - AESENCLAST T0, B0 - - PXOR T1, B0 - MOVOU B0, (ptx) - - LEAQ (16*1)(ptx), ptx - LEAQ (16*1)(ctx), ctx - - JMP gcmAesDecSinglesLoop - -gcmAesDecTail: - - TESTQ ptxLen, ptxLen - JE gcmAesDecDone - - MOVQ ptxLen, aluTMP - SHLQ $4, aluTMP - LEAQ andMask<>(SB), aluCTR - MOVOU -16(aluCTR)(aluTMP*1), T1 - - MOVOU (ctx), B0 // I assume there is TAG attached to the ctx, and there is no read overflow - PAND T1, B0 - - MOVOU B0, T1 - PSHUFB BSWAP, B0 - PXOR ACC0, B0 - - MOVOU (16*14)(pTbl), ACC0 - MOVOU (16*15)(pTbl), ACCM - MOVOU ACC0, ACC1 - - PCLMULQDQ $0x00, B0, ACC0 - PCLMULQDQ $0x11, B0, ACC1 - PSHUFD $78, B0, T0 - PXOR B0, T0 - PCLMULQDQ $0x00, T0, ACCM - - PXOR ACC0, ACCM - PXOR ACC1, ACCM - MOVOU ACCM, T0 - PSRLDQ $8, ACCM - PSLLDQ $8, T0 - PXOR ACCM, ACC1 - PXOR T0, ACC0 - - reduceRound(ACC0) - reduceRound(ACC0) - PXOR ACC1, ACC0 - - MOVOU (0*16)(SP), B0 - increment(0) - AESENC B1, B0 - AESENC B2, B0 - AESENC B3, B0 - AESENC B4, B0 - AESENC B5, B0 - AESENC B6, B0 - AESENC B7, B0 - MOVOU (16*8)(ks), T0 - AESENC T0, B0 - MOVOU (16*9)(ks), T0 - AESENC T0, B0 - MOVOU (16*10)(ks), T0 - CMPQ NR, $12 - JB decLast3 - AESENC T0, B0 - MOVOU (16*11)(ks), T0 - AESENC T0, B0 - MOVOU (16*12)(ks), T0 - JE decLast3 - AESENC T0, B0 - MOVOU (16*13)(ks), T0 - AESENC T0, B0 - MOVOU (16*14)(ks), T0 -decLast3: - AESENCLAST T0, B0 - PXOR T1, B0 - -ptxStoreLoop: - PEXTRB $0, B0, (ptx) - PSRLDQ $1, B0 - LEAQ 1(ptx), ptx - DECQ ptxLen - - JNE ptxStoreLoop - -gcmAesDecDone: - - MOVOU ACC0, (tPtr) - RET diff --git a/vendor/github.com/lucas-clemente/aes12/xor.go b/vendor/github.com/lucas-clemente/aes12/xor.go deleted file mode 100644 index 668c13fd..00000000 --- a/vendor/github.com/lucas-clemente/aes12/xor.go +++ /dev/null @@ -1,84 +0,0 @@ -// Copyright 2013 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package aes12 - -import ( - "runtime" - "unsafe" -) - -const wordSize = int(unsafe.Sizeof(uintptr(0))) -const supportsUnaligned = runtime.GOARCH == "386" || runtime.GOARCH == "amd64" || runtime.GOARCH == "ppc64" || runtime.GOARCH == "ppc64le" || runtime.GOARCH == "s390x" - -// fastXORBytes xors in bulk. It only works on architectures that -// support unaligned read/writes. -func fastXORBytes(dst, a, b []byte) int { - n := len(a) - if len(b) < n { - n = len(b) - } - - w := n / wordSize - if w > 0 { - dw := *(*[]uintptr)(unsafe.Pointer(&dst)) - aw := *(*[]uintptr)(unsafe.Pointer(&a)) - bw := *(*[]uintptr)(unsafe.Pointer(&b)) - for i := 0; i < w; i++ { - dw[i] = aw[i] ^ bw[i] - } - } - - for i := (n - n%wordSize); i < n; i++ { - dst[i] = a[i] ^ b[i] - } - - return n -} - -func safeXORBytes(dst, a, b []byte) int { - n := len(a) - if len(b) < n { - n = len(b) - } - for i := 0; i < n; i++ { - dst[i] = a[i] ^ b[i] - } - return n -} - -// xorBytes xors the bytes in a and b. The destination is assumed to have enough -// space. Returns the number of bytes xor'd. -func xorBytes(dst, a, b []byte) int { - if supportsUnaligned { - return fastXORBytes(dst, a, b) - } else { - // TODO(hanwen): if (dst, a, b) have common alignment - // we could still try fastXORBytes. It is not clear - // how often this happens, and it's only worth it if - // the block encryption itself is hardware - // accelerated. - return safeXORBytes(dst, a, b) - } -} - -// fastXORWords XORs multiples of 4 or 8 bytes (depending on architecture.) -// The arguments are assumed to be of equal length. -func fastXORWords(dst, a, b []byte) { - dw := *(*[]uintptr)(unsafe.Pointer(&dst)) - aw := *(*[]uintptr)(unsafe.Pointer(&a)) - bw := *(*[]uintptr)(unsafe.Pointer(&b)) - n := len(b) / wordSize - for i := 0; i < n; i++ { - dw[i] = aw[i] ^ bw[i] - } -} - -func xorWords(dst, a, b []byte) { - if supportsUnaligned { - fastXORWords(dst, a, b) - } else { - safeXORBytes(dst, a, b) - } -} diff --git a/vendor/github.com/lucas-clemente/quic-go-certificates/LICENSE b/vendor/github.com/lucas-clemente/quic-go-certificates/LICENSE deleted file mode 100644 index 2c08ae24..00000000 --- a/vendor/github.com/lucas-clemente/quic-go-certificates/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2016 Lucas Clemente - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/vendor/github.com/lucas-clemente/quic-go-certificates/README.md b/vendor/github.com/lucas-clemente/quic-go-certificates/README.md deleted file mode 100644 index c9621d5c..00000000 --- a/vendor/github.com/lucas-clemente/quic-go-certificates/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# certsets - -Common certificate sets for quic-go diff --git a/vendor/github.com/lucas-clemente/quic-go-certificates/cert_set_2.go b/vendor/github.com/lucas-clemente/quic-go-certificates/cert_set_2.go deleted file mode 100644 index f2f2250f..00000000 --- a/vendor/github.com/lucas-clemente/quic-go-certificates/cert_set_2.go +++ /dev/null @@ -1,5824 +0,0 @@ -package certsets - -var CertSet2 = [][]byte{ - certSet2Cert0, - certSet2Cert1, - certSet2Cert2, - certSet2Cert3, - certSet2Cert4, - certSet2Cert5, - certSet2Cert6, - certSet2Cert7, - certSet2Cert8, - certSet2Cert9, - certSet2Cert10, - certSet2Cert11, - certSet2Cert12, - certSet2Cert13, - certSet2Cert14, - certSet2Cert15, - certSet2Cert16, - certSet2Cert17, - certSet2Cert18, - certSet2Cert19, - certSet2Cert20, - certSet2Cert21, - certSet2Cert22, - certSet2Cert23, - certSet2Cert24, - certSet2Cert25, - certSet2Cert26, - certSet2Cert27, - certSet2Cert28, - certSet2Cert29, - certSet2Cert30, - certSet2Cert31, - certSet2Cert32, - certSet2Cert33, - certSet2Cert34, - certSet2Cert35, - certSet2Cert36, - certSet2Cert37, - certSet2Cert38, - certSet2Cert39, - certSet2Cert40, - certSet2Cert41, - certSet2Cert42, - certSet2Cert43, - certSet2Cert44, - certSet2Cert45, - certSet2Cert46, - certSet2Cert47, - certSet2Cert48, - certSet2Cert49, - certSet2Cert50, - certSet2Cert51, - certSet2Cert52, - certSet2Cert53, -} - -const CertSet2Hash uint64 = (0xe81a92926081e801) - -var certSet2Cert0 = []byte{ - 0x30, 0x82, 0x03, 0x7d, 0x30, 0x82, 0x02, 0xe6, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x12, 0xbb, 0xe6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x4e, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x45, - 0x71, 0x75, 0x69, 0x66, 0x61, 0x78, 0x31, 0x2d, 0x30, 0x2b, 0x06, 0x03, - 0x55, 0x04, 0x0b, 0x13, 0x24, 0x45, 0x71, 0x75, 0x69, 0x66, 0x61, 0x78, - 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x32, 0x30, - 0x35, 0x32, 0x31, 0x30, 0x34, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, - 0x31, 0x38, 0x30, 0x38, 0x32, 0x31, 0x30, 0x34, 0x30, 0x30, 0x30, 0x30, - 0x5a, 0x30, 0x42, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x12, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, - 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, - 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xda, 0xcc, 0x18, 0x63, 0x30, 0xfd, - 0xf4, 0x17, 0x23, 0x1a, 0x56, 0x7e, 0x5b, 0xdf, 0x3c, 0x6c, 0x38, 0xe4, - 0x71, 0xb7, 0x78, 0x91, 0xd4, 0xbc, 0xa1, 0xd8, 0x4c, 0xf8, 0xa8, 0x43, - 0xb6, 0x03, 0xe9, 0x4d, 0x21, 0x07, 0x08, 0x88, 0xda, 0x58, 0x2f, 0x66, - 0x39, 0x29, 0xbd, 0x05, 0x78, 0x8b, 0x9d, 0x38, 0xe8, 0x05, 0xb7, 0x6a, - 0x7e, 0x71, 0xa4, 0xe6, 0xc4, 0x60, 0xa6, 0xb0, 0xef, 0x80, 0xe4, 0x89, - 0x28, 0x0f, 0x9e, 0x25, 0xd6, 0xed, 0x83, 0xf3, 0xad, 0xa6, 0x91, 0xc7, - 0x98, 0xc9, 0x42, 0x18, 0x35, 0x14, 0x9d, 0xad, 0x98, 0x46, 0x92, 0x2e, - 0x4f, 0xca, 0xf1, 0x87, 0x43, 0xc1, 0x16, 0x95, 0x57, 0x2d, 0x50, 0xef, - 0x89, 0x2d, 0x80, 0x7a, 0x57, 0xad, 0xf2, 0xee, 0x5f, 0x6b, 0xd2, 0x00, - 0x8d, 0xb9, 0x14, 0xf8, 0x14, 0x15, 0x35, 0xd9, 0xc0, 0x46, 0xa3, 0x7b, - 0x72, 0xc8, 0x91, 0xbf, 0xc9, 0x55, 0x2b, 0xcd, 0xd0, 0x97, 0x3e, 0x9c, - 0x26, 0x64, 0xcc, 0xdf, 0xce, 0x83, 0x19, 0x71, 0xca, 0x4e, 0xe6, 0xd4, - 0xd5, 0x7b, 0xa9, 0x19, 0xcd, 0x55, 0xde, 0xc8, 0xec, 0xd2, 0x5e, 0x38, - 0x53, 0xe5, 0x5c, 0x4f, 0x8c, 0x2d, 0xfe, 0x50, 0x23, 0x36, 0xfc, 0x66, - 0xe6, 0xcb, 0x8e, 0xa4, 0x39, 0x19, 0x00, 0xb7, 0x95, 0x02, 0x39, 0x91, - 0x0b, 0x0e, 0xfe, 0x38, 0x2e, 0xd1, 0x1d, 0x05, 0x9a, 0xf6, 0x4d, 0x3e, - 0x6f, 0x0f, 0x07, 0x1d, 0xaf, 0x2c, 0x1e, 0x8f, 0x60, 0x39, 0xe2, 0xfa, - 0x36, 0x53, 0x13, 0x39, 0xd4, 0x5e, 0x26, 0x2b, 0xdb, 0x3d, 0xa8, 0x14, - 0xbd, 0x32, 0xeb, 0x18, 0x03, 0x28, 0x52, 0x04, 0x71, 0xe5, 0xab, 0x33, - 0x3d, 0xe1, 0x38, 0xbb, 0x07, 0x36, 0x84, 0x62, 0x9c, 0x79, 0xea, 0x16, - 0x30, 0xf4, 0x5f, 0xc0, 0x2b, 0xe8, 0x71, 0x6b, 0xe4, 0xf9, 0x02, 0x03, - 0x01, 0x00, 0x01, 0xa3, 0x81, 0xf0, 0x30, 0x81, 0xed, 0x30, 0x1f, 0x06, - 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x48, 0xe6, - 0x68, 0xf9, 0x2b, 0xd2, 0xb2, 0x95, 0xd7, 0x47, 0xd8, 0x23, 0x20, 0x10, - 0x4f, 0x33, 0x98, 0x90, 0x9f, 0xd4, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, - 0x0e, 0x04, 0x16, 0x04, 0x14, 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, - 0xab, 0x05, 0x64, 0x0c, 0x11, 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc, - 0x4e, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, - 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x3a, - 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x33, 0x30, 0x31, 0x30, 0x2f, 0xa0, - 0x2d, 0xa0, 0x2b, 0x86, 0x29, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x63, 0x72, 0x6c, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x73, 0x2f, 0x73, 0x65, - 0x63, 0x75, 0x72, 0x65, 0x63, 0x61, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x4e, - 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x47, 0x30, 0x45, 0x30, 0x43, 0x06, - 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x3b, 0x30, 0x39, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x2d, 0x68, 0x74, 0x74, - 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, - 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x72, 0x65, 0x70, 0x6f, - 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, - 0x00, 0x76, 0xe1, 0x12, 0x6e, 0x4e, 0x4b, 0x16, 0x12, 0x86, 0x30, 0x06, - 0xb2, 0x81, 0x08, 0xcf, 0xf0, 0x08, 0xc7, 0xc7, 0x71, 0x7e, 0x66, 0xee, - 0xc2, 0xed, 0xd4, 0x3b, 0x1f, 0xff, 0xf0, 0xf0, 0xc8, 0x4e, 0xd6, 0x43, - 0x38, 0xb0, 0xb9, 0x30, 0x7d, 0x18, 0xd0, 0x55, 0x83, 0xa2, 0x6a, 0xcb, - 0x36, 0x11, 0x9c, 0xe8, 0x48, 0x66, 0xa3, 0x6d, 0x7f, 0xb8, 0x13, 0xd4, - 0x47, 0xfe, 0x8b, 0x5a, 0x5c, 0x73, 0xfc, 0xae, 0xd9, 0x1b, 0x32, 0x19, - 0x38, 0xab, 0x97, 0x34, 0x14, 0xaa, 0x96, 0xd2, 0xeb, 0xa3, 0x1c, 0x14, - 0x08, 0x49, 0xb6, 0xbb, 0xe5, 0x91, 0xef, 0x83, 0x36, 0xeb, 0x1d, 0x56, - 0x6f, 0xca, 0xda, 0xbc, 0x73, 0x63, 0x90, 0xe4, 0x7f, 0x7b, 0x3e, 0x22, - 0xcb, 0x3d, 0x07, 0xed, 0x5f, 0x38, 0x74, 0x9c, 0xe3, 0x03, 0x50, 0x4e, - 0xa1, 0xaf, 0x98, 0xee, 0x61, 0xf2, 0x84, 0x3f, 0x12, -} - -var certSet2Cert1 = []byte{ - 0x30, 0x82, 0x03, 0x8b, 0x30, 0x82, 0x02, 0xf4, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x0d, 0x6e, 0x62, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x4e, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x45, - 0x71, 0x75, 0x69, 0x66, 0x61, 0x78, 0x31, 0x2d, 0x30, 0x2b, 0x06, 0x03, - 0x55, 0x04, 0x0b, 0x13, 0x24, 0x45, 0x71, 0x75, 0x69, 0x66, 0x61, 0x78, - 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x31, - 0x31, 0x32, 0x37, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, - 0x31, 0x38, 0x30, 0x38, 0x32, 0x31, 0x31, 0x36, 0x31, 0x35, 0x30, 0x30, - 0x5a, 0x30, 0x58, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x31, 0x30, 0x2f, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x28, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x82, 0x01, 0x22, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, - 0x82, 0x01, 0x01, 0x00, 0xbe, 0xb8, 0x15, 0x7b, 0xff, 0xd4, 0x7c, 0x7d, - 0x67, 0xad, 0x83, 0x64, 0x7b, 0xc8, 0x42, 0x53, 0x2d, 0xdf, 0xf6, 0x84, - 0x08, 0x20, 0x61, 0xd6, 0x01, 0x59, 0x6a, 0x9c, 0x44, 0x11, 0xaf, 0xef, - 0x76, 0xfd, 0x95, 0x7e, 0xce, 0x61, 0x30, 0xbb, 0x7a, 0x83, 0x5f, 0x02, - 0xbd, 0x01, 0x66, 0xca, 0xee, 0x15, 0x8d, 0x6f, 0xa1, 0x30, 0x9c, 0xbd, - 0xa1, 0x85, 0x9e, 0x94, 0x3a, 0xf3, 0x56, 0x88, 0x00, 0x31, 0xcf, 0xd8, - 0xee, 0x6a, 0x96, 0x02, 0xd9, 0xed, 0x03, 0x8c, 0xfb, 0x75, 0x6d, 0xe7, - 0xea, 0xb8, 0x55, 0x16, 0x05, 0x16, 0x9a, 0xf4, 0xe0, 0x5e, 0xb1, 0x88, - 0xc0, 0x64, 0x85, 0x5c, 0x15, 0x4d, 0x88, 0xc7, 0xb7, 0xba, 0xe0, 0x75, - 0xe9, 0xad, 0x05, 0x3d, 0x9d, 0xc7, 0x89, 0x48, 0xe0, 0xbb, 0x28, 0xc8, - 0x03, 0xe1, 0x30, 0x93, 0x64, 0x5e, 0x52, 0xc0, 0x59, 0x70, 0x22, 0x35, - 0x57, 0x88, 0x8a, 0xf1, 0x95, 0x0a, 0x83, 0xd7, 0xbc, 0x31, 0x73, 0x01, - 0x34, 0xed, 0xef, 0x46, 0x71, 0xe0, 0x6b, 0x02, 0xa8, 0x35, 0x72, 0x6b, - 0x97, 0x9b, 0x66, 0xe0, 0xcb, 0x1c, 0x79, 0x5f, 0xd8, 0x1a, 0x04, 0x68, - 0x1e, 0x47, 0x02, 0xe6, 0x9d, 0x60, 0xe2, 0x36, 0x97, 0x01, 0xdf, 0xce, - 0x35, 0x92, 0xdf, 0xbe, 0x67, 0xc7, 0x6d, 0x77, 0x59, 0x3b, 0x8f, 0x9d, - 0xd6, 0x90, 0x15, 0x94, 0xbc, 0x42, 0x34, 0x10, 0xc1, 0x39, 0xf9, 0xb1, - 0x27, 0x3e, 0x7e, 0xd6, 0x8a, 0x75, 0xc5, 0xb2, 0xaf, 0x96, 0xd3, 0xa2, - 0xde, 0x9b, 0xe4, 0x98, 0xbe, 0x7d, 0xe1, 0xe9, 0x81, 0xad, 0xb6, 0x6f, - 0xfc, 0xd7, 0x0e, 0xda, 0xe0, 0x34, 0xb0, 0x0d, 0x1a, 0x77, 0xe7, 0xe3, - 0x08, 0x98, 0xef, 0x58, 0xfa, 0x9c, 0x84, 0xb7, 0x36, 0xaf, 0xc2, 0xdf, - 0xac, 0xd2, 0xf4, 0x10, 0x06, 0x70, 0x71, 0x35, 0x02, 0x03, 0x01, 0x00, - 0x01, 0xa3, 0x81, 0xe8, 0x30, 0x81, 0xe5, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x2c, 0xd5, - 0x50, 0x41, 0x97, 0x15, 0x8b, 0xf0, 0x8f, 0x36, 0x61, 0x5b, 0x4a, 0xfb, - 0x6b, 0xd9, 0x99, 0xc9, 0x33, 0x92, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x48, 0xe6, 0x68, 0xf9, 0x2b, - 0xd2, 0xb2, 0x95, 0xd7, 0x47, 0xd8, 0x23, 0x20, 0x10, 0x4f, 0x33, 0x98, - 0x90, 0x9f, 0xd4, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, - 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x3a, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x33, 0x30, 0x31, 0x30, 0x2f, 0xa0, 0x2d, 0xa0, - 0x2b, 0x86, 0x29, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, - 0x6c, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x73, 0x2f, 0x73, 0x65, 0x63, 0x75, - 0x72, 0x65, 0x63, 0x61, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x46, 0x06, 0x03, - 0x55, 0x1d, 0x20, 0x04, 0x3f, 0x30, 0x3d, 0x30, 0x3b, 0x06, 0x04, 0x55, - 0x1d, 0x20, 0x00, 0x30, 0x33, 0x30, 0x31, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, - 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, - 0x81, 0x81, 0x00, 0xaf, 0xf3, 0x0e, 0xd6, 0x72, 0xab, 0xc7, 0xa9, 0x97, - 0xca, 0x2a, 0x6b, 0x84, 0x39, 0xde, 0x79, 0xa9, 0xf0, 0x81, 0xe5, 0x08, - 0x67, 0xab, 0xd7, 0x2f, 0x20, 0x02, 0x01, 0x71, 0x0c, 0x04, 0x22, 0xc9, - 0x1e, 0x88, 0x95, 0x03, 0xc9, 0x49, 0x3a, 0xaf, 0x67, 0x08, 0x49, 0xb0, - 0xd5, 0x08, 0xf5, 0x20, 0x3d, 0x80, 0x91, 0xa0, 0xc5, 0x87, 0xa3, 0xfb, - 0xc9, 0xa3, 0x17, 0x91, 0xf9, 0xa8, 0x2f, 0xae, 0xe9, 0x0f, 0xdf, 0x96, - 0x72, 0x0f, 0x75, 0x17, 0x80, 0x5d, 0x78, 0x01, 0x4d, 0x9f, 0x1f, 0x6d, - 0x7b, 0xd8, 0xf5, 0x42, 0x38, 0x23, 0x1a, 0x99, 0x93, 0xf4, 0x83, 0xbe, - 0x3b, 0x35, 0x74, 0xe7, 0x37, 0x13, 0x35, 0x7a, 0xac, 0xb4, 0xb6, 0x90, - 0x82, 0x6c, 0x27, 0xa4, 0xe0, 0xec, 0x9e, 0x35, 0xbd, 0xbf, 0xe5, 0x29, - 0xa1, 0x47, 0x9f, 0x5b, 0x32, 0xfc, 0xe9, 0x99, 0x7d, 0x2b, 0x39, -} - -var certSet2Cert2 = []byte{ - 0x30, 0x82, 0x03, 0xd5, 0x30, 0x82, 0x02, 0xbd, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x02, 0x36, 0xd1, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x42, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x30, - 0x32, 0x31, 0x39, 0x32, 0x32, 0x34, 0x35, 0x30, 0x35, 0x5a, 0x17, 0x0d, - 0x32, 0x30, 0x30, 0x32, 0x31, 0x38, 0x32, 0x32, 0x34, 0x35, 0x30, 0x35, - 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0e, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x2c, - 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x0b, 0x52, 0x61, 0x70, 0x69, 0x64, 0x53, 0x53, 0x4c, - 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xc7, 0x71, 0xf8, 0x56, 0xc7, 0x1e, 0xd9, 0xcc, 0xb5, 0xad, 0xf6, 0xb4, - 0x97, 0xa3, 0xfb, 0xa1, 0xe6, 0x0b, 0x50, 0x5f, 0x50, 0xaa, 0x3a, 0xda, - 0x0f, 0xfc, 0x3d, 0x29, 0x24, 0x43, 0xc6, 0x10, 0x29, 0xc1, 0xfc, 0x55, - 0x40, 0x72, 0xee, 0xbd, 0xea, 0xdf, 0x9f, 0xb6, 0x41, 0xf4, 0x48, 0x4b, - 0xc8, 0x6e, 0xfe, 0x4f, 0x57, 0x12, 0x8b, 0x5b, 0xfa, 0x92, 0xdd, 0x5e, - 0xe8, 0xad, 0xf3, 0xf0, 0x1b, 0xb1, 0x7b, 0x4d, 0xfb, 0xcf, 0xfd, 0xd1, - 0xe5, 0xf8, 0xe3, 0xdc, 0xe7, 0xf5, 0x73, 0x7f, 0xdf, 0x01, 0x49, 0xcf, - 0x8c, 0x56, 0xc1, 0xbd, 0x37, 0xe3, 0x5b, 0xbe, 0xb5, 0x4f, 0x8b, 0x8b, - 0xf0, 0xda, 0x4f, 0xc7, 0xe3, 0xdd, 0x55, 0x47, 0x69, 0xdf, 0xf2, 0x5b, - 0x7b, 0x07, 0x4f, 0x3d, 0xe5, 0xac, 0x21, 0xc1, 0xc8, 0x1d, 0x7a, 0xe8, - 0xe7, 0xf6, 0x0f, 0xa1, 0xaa, 0xf5, 0x6f, 0xde, 0xa8, 0x65, 0x4f, 0x10, - 0x89, 0x9c, 0x03, 0xf3, 0x89, 0x7a, 0xa5, 0x5e, 0x01, 0x72, 0x33, 0xed, - 0xa9, 0xe9, 0x5a, 0x1e, 0x79, 0xf3, 0x87, 0xc8, 0xdf, 0xc8, 0xc5, 0xfc, - 0x37, 0xc8, 0x9a, 0x9a, 0xd7, 0xb8, 0x76, 0xcc, 0xb0, 0x3e, 0xe7, 0xfd, - 0xe6, 0x54, 0xea, 0xdf, 0x5f, 0x52, 0x41, 0x78, 0x59, 0x57, 0xad, 0xf1, - 0x12, 0xd6, 0x7f, 0xbc, 0xd5, 0x9f, 0x70, 0xd3, 0x05, 0x6c, 0xfa, 0xa3, - 0x7d, 0x67, 0x58, 0xdd, 0x26, 0x62, 0x1d, 0x31, 0x92, 0x0c, 0x79, 0x79, - 0x1c, 0x8e, 0xcf, 0xca, 0x7b, 0xc1, 0x66, 0xaf, 0xa8, 0x74, 0x48, 0xfb, - 0x8e, 0x82, 0xc2, 0x9e, 0x2c, 0x99, 0x5c, 0x7b, 0x2d, 0x5d, 0x9b, 0xbc, - 0x5b, 0x57, 0x9e, 0x7c, 0x3a, 0x7a, 0x13, 0xad, 0xf2, 0xa3, 0x18, 0x5b, - 0x2b, 0x59, 0x0f, 0xcd, 0x5c, 0x3a, 0xeb, 0x68, 0x33, 0xc6, 0x28, 0x1d, - 0x82, 0xd1, 0x50, 0x8b, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xd9, - 0x30, 0x81, 0xd6, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, - 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x6b, 0x69, 0x3d, 0x6a, 0x18, 0x42, - 0x4a, 0xdd, 0x8f, 0x02, 0x65, 0x39, 0xfd, 0x35, 0x24, 0x86, 0x78, 0x91, - 0x16, 0x30, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, - 0x16, 0x80, 0x14, 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, 0xab, 0x05, - 0x64, 0x0c, 0x11, 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc, 0x4e, 0x30, - 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, - 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x3a, 0x06, 0x03, 0x55, - 0x1d, 0x1f, 0x04, 0x33, 0x30, 0x31, 0x30, 0x2f, 0xa0, 0x2d, 0xa0, 0x2b, - 0x86, 0x29, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, - 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x73, 0x2f, 0x67, 0x74, 0x67, 0x6c, 0x6f, - 0x62, 0x61, 0x6c, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x34, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x28, 0x30, 0x26, 0x30, - 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, - 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, - 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, - 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xab, 0xbc, 0xbc, - 0x0a, 0x5d, 0x18, 0x94, 0xe3, 0xc1, 0xb1, 0xc3, 0xa8, 0x4c, 0x55, 0xd6, - 0xbe, 0xb4, 0x98, 0xf1, 0xee, 0x3c, 0x1c, 0xcd, 0xcf, 0xf3, 0x24, 0x24, - 0x5c, 0x96, 0x03, 0x27, 0x58, 0xfc, 0x36, 0xae, 0xa2, 0x2f, 0x8f, 0xf1, - 0xfe, 0xda, 0x2b, 0x02, 0xc3, 0x33, 0xbd, 0xc8, 0xdd, 0x48, 0x22, 0x2b, - 0x60, 0x0f, 0xa5, 0x03, 0x10, 0xfd, 0x77, 0xf8, 0xd0, 0xed, 0x96, 0x67, - 0x4f, 0xfd, 0xea, 0x47, 0x20, 0x70, 0x54, 0xdc, 0xa9, 0x0c, 0x55, 0x7e, - 0xe1, 0x96, 0x25, 0x8a, 0xd9, 0xb5, 0xda, 0x57, 0x4a, 0xbe, 0x8d, 0x8e, - 0x49, 0x43, 0x63, 0xa5, 0x6c, 0x4e, 0x27, 0x87, 0x25, 0xeb, 0x5b, 0x6d, - 0xfe, 0xa2, 0x7f, 0x38, 0x28, 0xe0, 0x36, 0xab, 0xad, 0x39, 0xa5, 0xa5, - 0x62, 0xc4, 0xb7, 0x5c, 0x58, 0x2c, 0xaa, 0x5d, 0x01, 0x60, 0xa6, 0x62, - 0x67, 0xa3, 0xc0, 0xc7, 0x62, 0x23, 0xf4, 0xe7, 0x6c, 0x46, 0xee, 0xb5, - 0xd3, 0x80, 0x6a, 0x22, 0x13, 0xd2, 0x2d, 0x3f, 0x74, 0x4f, 0xea, 0xaf, - 0x8c, 0x5f, 0xb4, 0x38, 0x9c, 0xdb, 0xae, 0xce, 0xaf, 0x84, 0x1e, 0xa6, - 0xf6, 0x34, 0x51, 0x59, 0x79, 0xd3, 0xe3, 0x75, 0xdc, 0xbc, 0xd7, 0xf3, - 0x73, 0xdf, 0x92, 0xec, 0xd2, 0x20, 0x59, 0x6f, 0x9c, 0xfb, 0x95, 0xf8, - 0x92, 0x76, 0x18, 0x0a, 0x7c, 0x0f, 0x2c, 0xa6, 0xca, 0xde, 0x8a, 0x62, - 0x7b, 0xd8, 0xf3, 0xce, 0x5f, 0x68, 0xbd, 0x8f, 0x3e, 0xc1, 0x74, 0xbb, - 0x15, 0x72, 0x3a, 0x16, 0x83, 0xa9, 0x0b, 0xe6, 0x4d, 0x99, 0x9c, 0xd8, - 0x57, 0xec, 0xa8, 0x01, 0x51, 0xc7, 0x6f, 0x57, 0x34, 0x5e, 0xab, 0x4a, - 0x2c, 0x42, 0xf6, 0x4f, 0x1c, 0x89, 0x78, 0xde, 0x26, 0x4e, 0xf5, 0x6f, - 0x93, 0x4c, 0x15, 0x6b, 0x27, 0x56, 0x4d, 0x00, 0x54, 0x6c, 0x7a, 0xb7, - 0xb7, -} - -var certSet2Cert3 = []byte{ - 0x30, 0x82, 0x03, 0xf0, 0x30, 0x82, 0x02, 0xd8, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x02, 0x3a, 0x83, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x42, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x30, - 0x34, 0x30, 0x35, 0x31, 0x35, 0x31, 0x35, 0x35, 0x36, 0x5a, 0x17, 0x0d, - 0x31, 0x36, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, - 0x5a, 0x30, 0x49, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0a, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e, - 0x63, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1c, - 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0x9c, 0x2a, 0x04, 0x77, 0x5c, 0xd8, 0x50, 0x91, 0x3a, 0x06, 0xa3, - 0x82, 0xe0, 0xd8, 0x50, 0x48, 0xbc, 0x89, 0x3f, 0xf1, 0x19, 0x70, 0x1a, - 0x88, 0x46, 0x7e, 0xe0, 0x8f, 0xc5, 0xf1, 0x89, 0xce, 0x21, 0xee, 0x5a, - 0xfe, 0x61, 0x0d, 0xb7, 0x32, 0x44, 0x89, 0xa0, 0x74, 0x0b, 0x53, 0x4f, - 0x55, 0xa4, 0xce, 0x82, 0x62, 0x95, 0xee, 0xeb, 0x59, 0x5f, 0xc6, 0xe1, - 0x05, 0x80, 0x12, 0xc4, 0x5e, 0x94, 0x3f, 0xbc, 0x5b, 0x48, 0x38, 0xf4, - 0x53, 0xf7, 0x24, 0xe6, 0xfb, 0x91, 0xe9, 0x15, 0xc4, 0xcf, 0xf4, 0x53, - 0x0d, 0xf4, 0x4a, 0xfc, 0x9f, 0x54, 0xde, 0x7d, 0xbe, 0xa0, 0x6b, 0x6f, - 0x87, 0xc0, 0xd0, 0x50, 0x1f, 0x28, 0x30, 0x03, 0x40, 0xda, 0x08, 0x73, - 0x51, 0x6c, 0x7f, 0xff, 0x3a, 0x3c, 0xa7, 0x37, 0x06, 0x8e, 0xbd, 0x4b, - 0x11, 0x04, 0xeb, 0x7d, 0x24, 0xde, 0xe6, 0xf9, 0xfc, 0x31, 0x71, 0xfb, - 0x94, 0xd5, 0x60, 0xf3, 0x2e, 0x4a, 0xaf, 0x42, 0xd2, 0xcb, 0xea, 0xc4, - 0x6a, 0x1a, 0xb2, 0xcc, 0x53, 0xdd, 0x15, 0x4b, 0x8b, 0x1f, 0xc8, 0x19, - 0x61, 0x1f, 0xcd, 0x9d, 0xa8, 0x3e, 0x63, 0x2b, 0x84, 0x35, 0x69, 0x65, - 0x84, 0xc8, 0x19, 0xc5, 0x46, 0x22, 0xf8, 0x53, 0x95, 0xbe, 0xe3, 0x80, - 0x4a, 0x10, 0xc6, 0x2a, 0xec, 0xba, 0x97, 0x20, 0x11, 0xc7, 0x39, 0x99, - 0x10, 0x04, 0xa0, 0xf0, 0x61, 0x7a, 0x95, 0x25, 0x8c, 0x4e, 0x52, 0x75, - 0xe2, 0xb6, 0xed, 0x08, 0xca, 0x14, 0xfc, 0xce, 0x22, 0x6a, 0xb3, 0x4e, - 0xcf, 0x46, 0x03, 0x97, 0x97, 0x03, 0x7e, 0xc0, 0xb1, 0xde, 0x7b, 0xaf, - 0x45, 0x33, 0xcf, 0xba, 0x3e, 0x71, 0xb7, 0xde, 0xf4, 0x25, 0x25, 0xc2, - 0x0d, 0x35, 0x89, 0x9d, 0x9d, 0xfb, 0x0e, 0x11, 0x79, 0x89, 0x1e, 0x37, - 0xc5, 0xaf, 0x8e, 0x72, 0x69, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, - 0xe7, 0x30, 0x81, 0xe4, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, - 0x18, 0x30, 0x16, 0x80, 0x14, 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, - 0xab, 0x05, 0x64, 0x0c, 0x11, 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc, - 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0x4a, 0xdd, 0x06, 0x16, 0x1b, 0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, - 0xb6, 0xbb, 0x62, 0x1a, 0xba, 0x5a, 0x81, 0x2f, 0x30, 0x0e, 0x06, 0x03, - 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, - 0x30, 0x2e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, - 0x04, 0x22, 0x30, 0x20, 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x30, 0x01, 0x86, 0x12, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x67, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x64, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, - 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x35, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x2e, 0x30, 0x2c, 0x30, 0x2a, 0xa0, 0x28, 0xa0, - 0x26, 0x86, 0x24, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x2e, - 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, - 0x6c, 0x73, 0x2f, 0x67, 0x74, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x17, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x10, - 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, - 0x79, 0x02, 0x05, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0xaa, 0xfa, 0xa9, 0x20, 0xcd, 0x6a, 0x67, 0x83, 0xed, 0x5e, 0xd4, 0x7e, - 0xde, 0x1d, 0xc4, 0x7f, 0xe0, 0x25, 0x06, 0x00, 0xc5, 0x24, 0xfb, 0xa9, - 0xc8, 0x2d, 0x6d, 0x7e, 0xde, 0x9d, 0x82, 0x65, 0x2c, 0x81, 0x63, 0x34, - 0x66, 0x3e, 0xe9, 0x52, 0xc2, 0x08, 0xb4, 0xcb, 0x2f, 0xf7, 0x5f, 0x99, - 0x3a, 0x6a, 0x9c, 0x50, 0x7a, 0x85, 0x05, 0x8c, 0x7d, 0xd1, 0x2a, 0x48, - 0x84, 0xd3, 0x09, 0x6c, 0x7c, 0xc2, 0xcd, 0x35, 0x9f, 0xf3, 0x82, 0xee, - 0x52, 0xde, 0x68, 0x5f, 0xe4, 0x00, 0x8a, 0x17, 0x20, 0x96, 0xf7, 0x29, - 0x8d, 0x9a, 0x4d, 0xcb, 0xa8, 0xde, 0x86, 0xc8, 0x0d, 0x6f, 0x56, 0x87, - 0x03, 0x7d, 0x03, 0x3f, 0xdc, 0xfa, 0x79, 0x7d, 0x21, 0x19, 0xf9, 0xc8, - 0x3a, 0x2f, 0x51, 0x76, 0x8c, 0xc7, 0x41, 0x92, 0x71, 0x8f, 0x25, 0xce, - 0x37, 0xf8, 0x4a, 0x4c, 0x00, 0x23, 0xef, 0xc4, 0x35, 0x10, 0xae, 0xe0, - 0x23, 0x80, 0x73, 0x7c, 0x4d, 0x34, 0x2e, 0xc8, 0x6e, 0x90, 0xd6, 0x10, - 0x1e, 0x99, 0x84, 0x73, 0x1a, 0x70, 0xf2, 0xed, 0x55, 0x0e, 0xee, 0x17, - 0x06, 0xea, 0x67, 0xee, 0x32, 0xeb, 0x2c, 0xdd, 0x67, 0x07, 0x3f, 0xf6, - 0x8b, 0xc2, 0x70, 0xde, 0x5b, 0x00, 0xe6, 0xbb, 0x1b, 0xd3, 0x36, 0x1a, - 0x22, 0x6c, 0x6c, 0xb0, 0x35, 0x42, 0x6c, 0x90, 0x09, 0x3d, 0x93, 0xe9, - 0x64, 0x09, 0x22, 0x0e, 0x85, 0x06, 0x9f, 0xc2, 0x73, 0x21, 0xd3, 0xe6, - 0x5f, 0x80, 0xe4, 0x8d, 0x85, 0x22, 0x3a, 0x73, 0x03, 0xb1, 0x60, 0x8e, - 0xae, 0x68, 0xe2, 0xf4, 0x3e, 0x97, 0xe7, 0x60, 0x12, 0x09, 0x68, 0x36, - 0xde, 0x3a, 0xd6, 0xe2, 0x43, 0x95, 0x5b, 0x37, 0x81, 0x92, 0x81, 0x1f, - 0xbb, 0x8d, 0xd7, 0xad, 0x52, 0x64, 0x16, 0x57, 0x96, 0xd9, 0x5e, 0x34, - 0x7e, 0xc8, 0x35, 0xd8, -} - -var certSet2Cert4 = []byte{ - 0x30, 0x82, 0x04, 0x15, 0x30, 0x82, 0x03, 0x7e, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x04, 0x07, 0x27, 0x8e, 0xed, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x75, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0f, - 0x47, 0x54, 0x45, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x1e, 0x47, 0x54, 0x45, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x20, 0x53, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x23, 0x30, 0x21, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1a, 0x47, 0x54, 0x45, 0x20, 0x43, - 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, - 0x6f, 0x62, 0x61, 0x6c, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, - 0x0d, 0x31, 0x32, 0x30, 0x34, 0x31, 0x38, 0x31, 0x36, 0x33, 0x36, 0x31, - 0x38, 0x5a, 0x17, 0x0d, 0x31, 0x38, 0x30, 0x38, 0x31, 0x33, 0x31, 0x36, - 0x33, 0x35, 0x31, 0x37, 0x5a, 0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x45, 0x31, 0x12, 0x30, 0x10, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x09, 0x42, 0x61, 0x6c, 0x74, 0x69, - 0x6d, 0x6f, 0x72, 0x65, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x0a, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, - 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x20, 0x43, 0x79, - 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x52, 0x6f, 0x6f, - 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, - 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa3, 0x04, - 0xbb, 0x22, 0xab, 0x98, 0x3d, 0x57, 0xe8, 0x26, 0x72, 0x9a, 0xb5, 0x79, - 0xd4, 0x29, 0xe2, 0xe1, 0xe8, 0x95, 0x80, 0xb1, 0xb0, 0xe3, 0x5b, 0x8e, - 0x2b, 0x29, 0x9a, 0x64, 0xdf, 0xa1, 0x5d, 0xed, 0xb0, 0x09, 0x05, 0x6d, - 0xdb, 0x28, 0x2e, 0xce, 0x62, 0xa2, 0x62, 0xfe, 0xb4, 0x88, 0xda, 0x12, - 0xeb, 0x38, 0xeb, 0x21, 0x9d, 0xc0, 0x41, 0x2b, 0x01, 0x52, 0x7b, 0x88, - 0x77, 0xd3, 0x1c, 0x8f, 0xc7, 0xba, 0xb9, 0x88, 0xb5, 0x6a, 0x09, 0xe7, - 0x73, 0xe8, 0x11, 0x40, 0xa7, 0xd1, 0xcc, 0xca, 0x62, 0x8d, 0x2d, 0xe5, - 0x8f, 0x0b, 0xa6, 0x50, 0xd2, 0xa8, 0x50, 0xc3, 0x28, 0xea, 0xf5, 0xab, - 0x25, 0x87, 0x8a, 0x9a, 0x96, 0x1c, 0xa9, 0x67, 0xb8, 0x3f, 0x0c, 0xd5, - 0xf7, 0xf9, 0x52, 0x13, 0x2f, 0xc2, 0x1b, 0xd5, 0x70, 0x70, 0xf0, 0x8f, - 0xc0, 0x12, 0xca, 0x06, 0xcb, 0x9a, 0xe1, 0xd9, 0xca, 0x33, 0x7a, 0x77, - 0xd6, 0xf8, 0xec, 0xb9, 0xf1, 0x68, 0x44, 0x42, 0x48, 0x13, 0xd2, 0xc0, - 0xc2, 0xa4, 0xae, 0x5e, 0x60, 0xfe, 0xb6, 0xa6, 0x05, 0xfc, 0xb4, 0xdd, - 0x07, 0x59, 0x02, 0xd4, 0x59, 0x18, 0x98, 0x63, 0xf5, 0xa5, 0x63, 0xe0, - 0x90, 0x0c, 0x7d, 0x5d, 0xb2, 0x06, 0x7a, 0xf3, 0x85, 0xea, 0xeb, 0xd4, - 0x03, 0xae, 0x5e, 0x84, 0x3e, 0x5f, 0xff, 0x15, 0xed, 0x69, 0xbc, 0xf9, - 0x39, 0x36, 0x72, 0x75, 0xcf, 0x77, 0x52, 0x4d, 0xf3, 0xc9, 0x90, 0x2c, - 0xb9, 0x3d, 0xe5, 0xc9, 0x23, 0x53, 0x3f, 0x1f, 0x24, 0x98, 0x21, 0x5c, - 0x07, 0x99, 0x29, 0xbd, 0xc6, 0x3a, 0xec, 0xe7, 0x6e, 0x86, 0x3a, 0x6b, - 0x97, 0x74, 0x63, 0x33, 0xbd, 0x68, 0x18, 0x31, 0xf0, 0x78, 0x8d, 0x76, - 0xbf, 0xfc, 0x9e, 0x8e, 0x5d, 0x2a, 0x86, 0xa7, 0x4d, 0x90, 0xdc, 0x27, - 0x1a, 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x47, 0x30, - 0x82, 0x01, 0x43, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, - 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x03, 0x30, - 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41, 0x30, 0x3f, - 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x37, 0x30, 0x35, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x29, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x79, 0x62, 0x65, 0x72, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x2e, 0x6f, 0x6d, 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, - 0x6f, 0x72, 0x79, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, - 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x81, 0x89, 0x06, 0x03, - 0x55, 0x1d, 0x23, 0x04, 0x81, 0x81, 0x30, 0x7f, 0xa1, 0x79, 0xa4, 0x77, - 0x30, 0x75, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x55, 0x53, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0f, 0x47, 0x54, 0x45, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x1e, 0x47, 0x54, 0x45, 0x20, 0x43, 0x79, 0x62, 0x65, - 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x53, 0x6f, 0x6c, 0x75, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x23, - 0x30, 0x21, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1a, 0x47, 0x54, 0x45, - 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x82, - 0x02, 0x01, 0xa5, 0x30, 0x45, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x3e, - 0x30, 0x3c, 0x30, 0x3a, 0xa0, 0x38, 0xa0, 0x36, 0x86, 0x34, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x70, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x2d, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x63, 0x67, 0x69, 0x2d, 0x62, 0x69, 0x6e, 0x2f, 0x43, 0x52, - 0x4c, 0x2f, 0x32, 0x30, 0x31, 0x38, 0x2f, 0x63, 0x64, 0x70, 0x2e, 0x63, - 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x93, 0x1d, 0xfe, - 0x8b, 0xae, 0x46, 0xec, 0xcb, 0xa9, 0x0f, 0xab, 0xe5, 0xef, 0xca, 0xb2, - 0x68, 0x16, 0x68, 0xd8, 0x8f, 0xfa, 0x13, 0xa9, 0xaf, 0xb3, 0xcb, 0x2d, - 0xe7, 0x4b, 0x6e, 0x8e, 0x69, 0x2a, 0xc2, 0x2b, 0x10, 0x0a, 0x8d, 0xf6, - 0xae, 0x73, 0xb6, 0xb9, 0xfb, 0x14, 0xfd, 0x5f, 0x6d, 0xb8, 0x50, 0xb6, - 0xc4, 0x8a, 0xd6, 0x40, 0x7e, 0xd7, 0xc3, 0xcb, 0x73, 0xdc, 0xc9, 0x5d, - 0x5b, 0xaf, 0xb0, 0x41, 0xb5, 0x37, 0xeb, 0xea, 0xdc, 0x20, 0x91, 0xc4, - 0x34, 0x6a, 0xf4, 0xa1, 0xf3, 0x96, 0x9d, 0x37, 0x86, 0x97, 0xe1, 0x71, - 0xa4, 0xdd, 0x7d, 0xfa, 0x44, 0x84, 0x94, 0xae, 0xd7, 0x09, 0x04, 0x22, - 0x76, 0x0f, 0x64, 0x51, 0x35, 0xa9, 0x24, 0x0f, 0xf9, 0x0b, 0xdb, 0x32, - 0xda, 0xc2, 0xfe, 0xc1, 0xb9, 0x2a, 0x5c, 0x7a, 0x27, 0x13, 0xca, 0xb1, - 0x48, 0x3a, 0x71, 0xd0, 0x43, -} - -var certSet2Cert5 = []byte{ - 0x30, 0x82, 0x04, 0x22, 0x30, 0x82, 0x03, 0x0a, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x02, 0x3a, 0x79, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x42, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, - 0x39, 0x30, 0x38, 0x32, 0x30, 0x34, 0x31, 0x31, 0x30, 0x5a, 0x17, 0x0d, - 0x32, 0x32, 0x30, 0x35, 0x32, 0x30, 0x32, 0x30, 0x34, 0x31, 0x31, 0x30, - 0x5a, 0x30, 0x44, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x14, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x34, 0x30, - 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, - 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9a, 0x7d, 0x98, 0x68, - 0x11, 0x40, 0xc1, 0x5f, 0x72, 0xec, 0x55, 0xb3, 0xb1, 0x63, 0xf3, 0x32, - 0x22, 0x72, 0x91, 0xc6, 0x16, 0x05, 0xbb, 0x08, 0x82, 0x31, 0xb4, 0xf6, - 0xee, 0xd4, 0x18, 0x39, 0x11, 0x2f, 0x2e, 0xda, 0x47, 0xfe, 0x51, 0x31, - 0x6e, 0x5b, 0xf2, 0xa9, 0x0a, 0xeb, 0x2f, 0xbb, 0xf5, 0x61, 0x59, 0x65, - 0x57, 0x02, 0xcd, 0x80, 0xff, 0xc7, 0x70, 0x32, 0x54, 0x89, 0xfd, 0xdb, - 0xae, 0x99, 0x72, 0xd4, 0x4f, 0x0c, 0x26, 0xb9, 0x2e, 0x63, 0x30, 0x7d, - 0xde, 0x14, 0x5b, 0x6a, 0xd7, 0x52, 0x78, 0x21, 0xf9, 0xbf, 0xbc, 0x50, - 0xd5, 0x54, 0x12, 0x59, 0xd8, 0xb5, 0x36, 0xd9, 0x21, 0x47, 0xb8, 0x3f, - 0x6a, 0x58, 0x1d, 0x8c, 0x72, 0xe1, 0x97, 0x95, 0xd3, 0xe1, 0x45, 0xa8, - 0xf1, 0x5a, 0xe5, 0xbe, 0xfe, 0xe3, 0x53, 0x7c, 0xa5, 0xf0, 0x52, 0xe0, - 0xcf, 0x39, 0x94, 0x0c, 0x19, 0x71, 0xf2, 0xc0, 0x25, 0x07, 0x48, 0x7d, - 0x1c, 0xe6, 0xf1, 0x39, 0x25, 0x2f, 0x98, 0x79, 0x43, 0xe8, 0x18, 0x72, - 0xf4, 0x65, 0x86, 0x98, 0x5a, 0x00, 0x04, 0x47, 0xda, 0x4b, 0x58, 0x1e, - 0x7c, 0x86, 0xb1, 0x4b, 0x35, 0xa6, 0x20, 0x00, 0x1c, 0xcd, 0x1b, 0x3b, - 0x22, 0x5d, 0xd1, 0x93, 0x28, 0x33, 0x12, 0x23, 0x94, 0x08, 0xaa, 0xc3, - 0x3a, 0xf5, 0xd1, 0xc6, 0x8c, 0x7e, 0x99, 0xd3, 0x18, 0xa0, 0xad, 0x9d, - 0x18, 0xcf, 0x49, 0xad, 0x10, 0x03, 0xf7, 0x99, 0x33, 0x26, 0x86, 0x46, - 0x9a, 0x2f, 0xa0, 0xba, 0x6c, 0x6e, 0xc8, 0x88, 0x02, 0xb7, 0x6e, 0xfa, - 0x7a, 0x9e, 0x98, 0x4a, 0xee, 0x9a, 0x31, 0x7d, 0x19, 0x14, 0x60, 0x0c, - 0xec, 0x8f, 0x20, 0x23, 0x3c, 0xda, 0x97, 0x26, 0xb6, 0xea, 0x80, 0x6c, - 0x8a, 0x57, 0x9e, 0x20, 0xee, 0x6f, 0x17, 0x25, 0x4a, 0x32, 0xad, 0x35, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x1d, 0x30, 0x82, 0x01, - 0x19, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, - 0x80, 0x14, 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, 0xab, 0x05, 0x64, - 0x0c, 0x11, 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc, 0x4e, 0x30, 0x1d, - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xac, 0x32, 0xed, - 0x5a, 0xc9, 0xe0, 0xde, 0x30, 0x9c, 0x90, 0x58, 0x55, 0x26, 0x63, 0xf6, - 0x72, 0xa6, 0x54, 0x5f, 0xe3, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, - 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, - 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, - 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x35, 0x06, 0x03, 0x55, 0x1d, 0x1f, - 0x04, 0x2e, 0x30, 0x2c, 0x30, 0x2a, 0xa0, 0x28, 0xa0, 0x26, 0x86, 0x24, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x2e, 0x73, 0x79, 0x6d, - 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x73, 0x2f, - 0x67, 0x74, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x2e, 0x63, 0x72, 0x6c, - 0x30, 0x2e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, - 0x04, 0x22, 0x30, 0x20, 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x30, 0x01, 0x86, 0x12, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x67, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x64, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x4c, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x45, 0x30, 0x43, 0x30, - 0x41, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, 0x07, - 0x36, 0x30, 0x33, 0x30, 0x31, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x77, 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x01, 0x00, 0x61, 0x40, 0xad, 0x21, 0x0f, 0x03, 0xbb, 0x95, 0xdc, 0x89, - 0xfc, 0xa3, 0xcb, 0x05, 0x71, 0xe9, 0x1c, 0x59, 0x97, 0x35, 0xc2, 0xfa, - 0x6b, 0x05, 0xa4, 0x16, 0xc6, 0x56, 0x46, 0x37, 0x74, 0x1b, 0x1b, 0xf1, - 0x3e, 0x2c, 0xe8, 0x37, 0x19, 0xb7, 0x94, 0xd2, 0x0f, 0x0e, 0xc5, 0xbf, - 0x14, 0x07, 0x2b, 0x34, 0xcd, 0x5b, 0xb4, 0x8d, 0xc7, 0x56, 0x9d, 0x19, - 0xfc, 0x02, 0xb4, 0x9e, 0x90, 0x31, 0xfa, 0xa4, 0x44, 0xc6, 0x75, 0xdd, - 0xdd, 0x1f, 0x25, 0x54, 0xa3, 0x30, 0x4c, 0xac, 0xdb, 0xfe, 0xc4, 0x88, - 0xf7, 0x31, 0x26, 0x18, 0x47, 0xae, 0x4c, 0x20, 0x19, 0x1a, 0xc7, 0xae, - 0x3e, 0x98, 0x0a, 0x16, 0x3d, 0xd2, 0xc2, 0xa6, 0x5d, 0x0d, 0x2e, 0x29, - 0x7d, 0xb2, 0x9d, 0xc7, 0x41, 0x32, 0x17, 0xca, 0x9d, 0xae, 0x39, 0xbf, - 0x91, 0x98, 0xde, 0xe7, 0x44, 0xe2, 0x95, 0x9c, 0x94, 0x5c, 0x6c, 0x42, - 0x1b, 0x59, 0xc9, 0x7b, 0x68, 0x13, 0xa8, 0x96, 0x09, 0x74, 0xee, 0x40, - 0x14, 0xa4, 0xd5, 0xd7, 0xc9, 0x7b, 0x33, 0xa3, 0x0f, 0x5a, 0x69, 0x9c, - 0x1a, 0xfa, 0x6f, 0x12, 0x47, 0x1c, 0xdf, 0x1e, 0x4c, 0x70, 0x4e, 0x6d, - 0xdd, 0xfe, 0x1c, 0x87, 0xb5, 0x9d, 0xe1, 0x54, 0x07, 0x09, 0x8a, 0xcd, - 0xbe, 0xaa, 0xa8, 0x46, 0x78, 0x6e, 0x16, 0xf2, 0xe7, 0x91, 0x0e, 0xc3, - 0xaf, 0xda, 0x76, 0x00, 0xd1, 0xd8, 0xa2, 0x46, 0x24, 0x03, 0xa5, 0x1a, - 0x85, 0x81, 0x56, 0x83, 0x63, 0x27, 0xba, 0x90, 0x8e, 0xf9, 0x62, 0x11, - 0xba, 0xa7, 0x7c, 0x90, 0xa9, 0x1a, 0x66, 0xb4, 0xc5, 0xbc, 0x8f, 0x29, - 0x41, 0xab, 0xeb, 0x8d, 0x99, 0xa6, 0xcc, 0x91, 0x64, 0xba, 0xdc, 0xc6, - 0xa6, 0x4c, 0xb3, 0xb4, 0x23, 0x26, 0x51, 0x72, 0x56, 0xf9, 0xf3, 0x74, - 0x55, 0x9f, 0x25, 0x75, 0x4f, 0x2b, -} - -var certSet2Cert6 = []byte{ - 0x30, 0x82, 0x04, 0x25, 0x30, 0x82, 0x03, 0x0d, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x02, 0x3a, 0x77, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x42, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, - 0x38, 0x32, 0x39, 0x32, 0x31, 0x33, 0x39, 0x33, 0x32, 0x5a, 0x17, 0x0d, - 0x32, 0x32, 0x30, 0x35, 0x32, 0x30, 0x32, 0x31, 0x33, 0x39, 0x33, 0x32, - 0x5a, 0x30, 0x47, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x17, 0x52, 0x61, 0x70, 0x69, 0x64, 0x53, 0x53, 0x4c, 0x20, - 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, - 0x47, 0x33, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xaf, - 0x54, 0x9b, 0xd9, 0x58, 0x5d, 0x1e, 0x2c, 0x56, 0xc6, 0xd5, 0xe8, 0x7f, - 0xf4, 0x7d, 0x16, 0x03, 0xff, 0xd0, 0x8b, 0x5a, 0xe4, 0x8e, 0xa7, 0xdd, - 0x54, 0x2e, 0xd4, 0x04, 0xc0, 0x5d, 0x98, 0x9c, 0x8d, 0x90, 0x0f, 0xbc, - 0x10, 0x65, 0x5f, 0xda, 0x9a, 0xd6, 0x44, 0x7c, 0xc0, 0x9f, 0xb5, 0xe9, - 0x4a, 0x8c, 0x0b, 0x06, 0x43, 0x04, 0xbb, 0xf4, 0x96, 0xe2, 0x26, 0xf6, - 0x61, 0x01, 0x91, 0x66, 0x31, 0x22, 0xc3, 0x34, 0x34, 0x5f, 0x3f, 0x3f, - 0x91, 0x2f, 0x44, 0x5f, 0xdc, 0xc7, 0x14, 0xb6, 0x03, 0x9f, 0x86, 0x4b, - 0x0e, 0xa3, 0xff, 0xa0, 0x80, 0x02, 0x83, 0xc3, 0xd3, 0x1f, 0x69, 0x52, - 0xd6, 0x9d, 0x64, 0x0f, 0xc9, 0x83, 0xe7, 0x1b, 0xc4, 0x70, 0xac, 0x94, - 0xe7, 0xc3, 0xa4, 0x6a, 0x2c, 0xbd, 0xb8, 0x9e, 0x69, 0xd8, 0xbe, 0x0a, - 0x8f, 0x16, 0x63, 0x5a, 0x68, 0x71, 0x80, 0x7b, 0x30, 0xde, 0x15, 0x04, - 0xbf, 0xcc, 0xd3, 0xbf, 0x3e, 0x48, 0x05, 0x55, 0x7a, 0xb3, 0xd7, 0x10, - 0x0c, 0x03, 0xfc, 0x9b, 0xfd, 0x08, 0xa7, 0x8c, 0x8c, 0xdb, 0xa7, 0x8e, - 0xf1, 0x1e, 0x63, 0xdc, 0xb3, 0x01, 0x2f, 0x7f, 0xaf, 0x57, 0xc3, 0x3c, - 0x48, 0xa7, 0x83, 0x68, 0x21, 0xa7, 0x2f, 0xe7, 0xa7, 0x3f, 0xf0, 0xb5, - 0x0c, 0xfc, 0xf5, 0x84, 0xd1, 0x53, 0xbc, 0x0e, 0x72, 0x4f, 0x60, 0x0c, - 0x42, 0xb8, 0x98, 0xad, 0x19, 0x88, 0x57, 0xd7, 0x04, 0xec, 0x87, 0xbf, - 0x7e, 0x87, 0x4e, 0xa3, 0x21, 0xf9, 0x53, 0xfd, 0x36, 0x98, 0x48, 0x8d, - 0xd6, 0xf8, 0xbb, 0x48, 0xf2, 0x29, 0xc8, 0x64, 0xd1, 0xcc, 0x54, 0x48, - 0x53, 0x8b, 0xaf, 0xb7, 0x65, 0x1e, 0xbf, 0x29, 0x33, 0x29, 0xd9, 0x29, - 0x60, 0x48, 0xf8, 0xff, 0x91, 0xbc, 0x57, 0x58, 0xe5, 0x35, 0x2e, 0xbb, - 0x69, 0xb6, 0x59, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x1d, - 0x30, 0x82, 0x01, 0x19, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, - 0x18, 0x30, 0x16, 0x80, 0x14, 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, - 0xab, 0x05, 0x64, 0x0c, 0x11, 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc, - 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0xc3, 0x9c, 0xf3, 0xfc, 0xd3, 0x46, 0x08, 0x34, 0xbb, 0xce, 0x46, 0x7f, - 0xa0, 0x7c, 0x5b, 0xf3, 0xe2, 0x08, 0xcb, 0x59, 0x30, 0x12, 0x06, 0x03, - 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, - 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, - 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x35, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x2e, 0x30, 0x2c, 0x30, 0x2a, 0xa0, 0x28, 0xa0, - 0x26, 0x86, 0x24, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x2e, - 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, - 0x6c, 0x73, 0x2f, 0x67, 0x74, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x2e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x01, 0x01, 0x04, 0x22, 0x30, 0x20, 0x30, 0x1e, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x12, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x64, 0x2e, - 0x63, 0x6f, 0x6d, 0x30, 0x4c, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x45, - 0x30, 0x43, 0x30, 0x41, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, - 0x45, 0x01, 0x07, 0x36, 0x30, 0x33, 0x30, 0x31, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x01, 0x00, 0xa3, 0x58, 0x1e, 0xc6, 0x43, 0x32, 0xac, - 0xac, 0x2f, 0x93, 0x78, 0xb7, 0xea, 0xae, 0x54, 0x40, 0x47, 0x2d, 0x7e, - 0x78, 0x8d, 0x50, 0xf6, 0xf8, 0x66, 0xac, 0xd6, 0x4f, 0x73, 0xd6, 0x44, - 0xef, 0xaf, 0x0b, 0xcc, 0x5b, 0xc1, 0xf4, 0x4f, 0x9a, 0x8f, 0x49, 0x7e, - 0x60, 0xaf, 0xc2, 0x27, 0xc7, 0x16, 0xf1, 0xfb, 0x93, 0x81, 0x90, 0xa9, - 0x7c, 0xef, 0x6f, 0x7e, 0x6e, 0x45, 0x94, 0x16, 0x84, 0xbd, 0xec, 0x49, - 0xf1, 0xc4, 0x0e, 0xf4, 0xaf, 0x04, 0x59, 0x83, 0x87, 0x0f, 0x2c, 0x3b, - 0x97, 0xc3, 0x5a, 0x12, 0x9b, 0x7b, 0x04, 0x35, 0x7b, 0xa3, 0x95, 0x33, - 0x08, 0x7b, 0x93, 0x71, 0x22, 0x42, 0xb3, 0xa9, 0xd9, 0x6f, 0x4f, 0x81, - 0x92, 0xfc, 0x07, 0xb6, 0x79, 0xbc, 0x84, 0x4a, 0x9d, 0x77, 0x09, 0xf1, - 0xc5, 0x89, 0xf2, 0xf0, 0xb4, 0x9c, 0x54, 0xaa, 0x12, 0x7b, 0x0d, 0xba, - 0x4f, 0xef, 0x93, 0x19, 0xec, 0xef, 0x7d, 0x4e, 0x61, 0xa3, 0x8e, 0x76, - 0x9c, 0x59, 0xcf, 0x8c, 0x94, 0xb1, 0x84, 0x97, 0xf7, 0x1a, 0xb9, 0x07, - 0xb8, 0xb2, 0xc6, 0x4f, 0x13, 0x79, 0xdb, 0xbf, 0x4f, 0x51, 0x1b, 0x7f, - 0x69, 0x0d, 0x51, 0x2a, 0xc1, 0xd6, 0x15, 0xff, 0x37, 0x51, 0x34, 0x65, - 0x51, 0xf4, 0x1e, 0xbe, 0x38, 0x6a, 0xec, 0x0e, 0xab, 0xbf, 0x3d, 0x7b, - 0x39, 0x05, 0x7b, 0xf4, 0xf3, 0xfb, 0x1a, 0xa1, 0xd0, 0xc8, 0x7e, 0x4e, - 0x64, 0x8d, 0xcd, 0x8c, 0x61, 0x55, 0x90, 0xfe, 0x3a, 0xca, 0x5d, 0x25, - 0x0f, 0xf8, 0x1d, 0xa3, 0x4a, 0x74, 0x56, 0x4f, 0x1a, 0x55, 0x40, 0x70, - 0x75, 0x25, 0xa6, 0x33, 0x2e, 0xba, 0x4b, 0xa5, 0x5d, 0x53, 0x9a, 0x0d, - 0x30, 0xe1, 0x8d, 0x5f, 0x61, 0x2c, 0xaf, 0xcc, 0xef, 0xb0, 0x99, 0xa1, - 0x80, 0xff, 0x0b, 0xf2, 0x62, 0x4c, 0x70, 0x26, 0x98, -} - -var certSet2Cert7 = []byte{ - 0x30, 0x82, 0x04, 0x2b, 0x30, 0x82, 0x03, 0x13, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x12, 0x11, 0x20, 0x96, 0xf6, 0xc8, 0x03, 0x7c, 0x9e, 0x07, - 0xb1, 0x38, 0xbf, 0x2e, 0x72, 0x10, 0x8a, 0xd7, 0xed, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, - 0x30, 0x3d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x46, 0x52, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x08, 0x43, 0x65, 0x72, 0x74, 0x70, 0x6c, 0x75, 0x73, 0x31, 0x1b, - 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x43, 0x6c, 0x61, - 0x73, 0x73, 0x20, 0x32, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, - 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x37, 0x30, 0x36, 0x30, - 0x35, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x31, 0x39, - 0x30, 0x36, 0x32, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, - 0x40, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x46, 0x52, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x09, 0x4b, 0x45, 0x59, 0x4e, 0x45, 0x43, 0x54, 0x49, 0x53, 0x31, 0x1d, - 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x43, 0x4c, 0x41, - 0x53, 0x53, 0x20, 0x32, 0x20, 0x4b, 0x45, 0x59, 0x4e, 0x45, 0x43, 0x54, - 0x49, 0x53, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, - 0x01, 0x00, 0xc6, 0xbe, 0xfe, 0x44, 0x23, 0x04, 0xd4, 0xef, 0x2f, 0x3b, - 0x86, 0xaa, 0x35, 0x58, 0x81, 0xd1, 0xe1, 0x9a, 0xd6, 0xb1, 0xd4, 0x27, - 0x45, 0x28, 0xfc, 0xd1, 0x1e, 0x46, 0x85, 0xba, 0x54, 0x23, 0x11, 0x7d, - 0xe0, 0x66, 0x3f, 0xd4, 0xa3, 0x57, 0x66, 0x78, 0xf9, 0x6b, 0xeb, 0x74, - 0x7c, 0x2a, 0xb8, 0x37, 0xa5, 0xe8, 0x70, 0xae, 0x82, 0xb5, 0x4e, 0xd4, - 0x81, 0xfe, 0x5b, 0xe2, 0xea, 0xe7, 0x22, 0x16, 0xf8, 0xf9, 0xd7, 0xba, - 0x3a, 0xf6, 0x88, 0x56, 0xdc, 0xc4, 0xf2, 0xa0, 0xa4, 0xe5, 0x75, 0x06, - 0x60, 0x72, 0x2b, 0xfb, 0xf5, 0x94, 0xee, 0x2c, 0x83, 0x28, 0xde, 0x91, - 0x9a, 0xb3, 0x83, 0x3a, 0xb0, 0x9f, 0x08, 0xfa, 0xdd, 0xd8, 0x9e, 0x8c, - 0x24, 0xe6, 0xdf, 0x66, 0x5b, 0xc8, 0x7e, 0xa3, 0x62, 0x4d, 0x3f, 0x3a, - 0x85, 0x23, 0xec, 0xe8, 0x71, 0x8f, 0x0a, 0x00, 0xac, 0x89, 0x6d, 0x7e, - 0xd8, 0x72, 0xe5, 0xdd, 0xc1, 0x94, 0x8e, 0x5f, 0xe4, 0x73, 0xe6, 0xc1, - 0xc6, 0x0c, 0x87, 0x58, 0x4f, 0x37, 0xda, 0xd1, 0xa9, 0x88, 0x26, 0x76, - 0xb4, 0xee, 0x11, 0x8d, 0xf6, 0xad, 0xb2, 0xa7, 0xbc, 0x73, 0xc4, 0xcd, - 0x1c, 0x6e, 0x1a, 0xe6, 0x8d, 0x72, 0x56, 0x44, 0xa0, 0x98, 0xf7, 0x92, - 0xf9, 0xd7, 0x79, 0x9b, 0x03, 0xe6, 0x68, 0x5f, 0xa4, 0x5c, 0x7c, 0x3d, - 0x50, 0xb4, 0x83, 0xcc, 0xe5, 0xac, 0x0d, 0xe1, 0x3e, 0x4f, 0x14, 0xf2, - 0xb4, 0xe4, 0x7d, 0xbf, 0x71, 0xa4, 0xc3, 0x97, 0x73, 0x38, 0xd6, 0x52, - 0x7c, 0xc8, 0xa4, 0xb5, 0xea, 0xe9, 0xb2, 0x54, 0x56, 0xd4, 0xeb, 0xb8, - 0x57, 0x3a, 0x40, 0x52, 0x5a, 0x5e, 0x46, 0x27, 0xa3, 0x7b, 0x30, 0x2d, - 0x08, 0x3d, 0x85, 0x1e, 0x9a, 0xf0, 0x32, 0xa8, 0xf2, 0x10, 0xa2, 0x83, - 0x9b, 0xe2, 0x28, 0xf6, 0x9d, 0xcb, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, - 0x82, 0x01, 0x20, 0x30, 0x82, 0x01, 0x1c, 0x30, 0x12, 0x06, 0x03, 0x55, - 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, - 0x02, 0x01, 0x00, 0x30, 0x7d, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x76, - 0x30, 0x74, 0x30, 0x38, 0x06, 0x0b, 0x2b, 0x06, 0x04, 0x01, 0x81, 0xad, - 0x5a, 0x02, 0x05, 0x03, 0x03, 0x30, 0x29, 0x30, 0x27, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1b, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6b, 0x65, 0x79, 0x6e, - 0x65, 0x63, 0x74, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x50, 0x43, - 0x30, 0x38, 0x06, 0x0b, 0x2b, 0x06, 0x04, 0x01, 0x81, 0xad, 0x5a, 0x02, - 0x05, 0x01, 0x03, 0x30, 0x29, 0x30, 0x27, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1b, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6b, 0x65, 0x79, 0x6e, 0x65, 0x63, - 0x74, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x50, 0x43, 0x30, 0x37, - 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x30, 0x30, 0x2e, 0x30, 0x2c, 0xa0, - 0x2a, 0xa0, 0x28, 0x86, 0x26, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x77, 0x77, 0x77, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x70, 0x6c, 0x75, 0x73, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x52, 0x4c, 0x2f, 0x63, 0x6c, 0x61, - 0x73, 0x73, 0x32, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x00, 0x11, - 0x41, 0xdf, 0x3b, 0x9d, 0x3b, 0xcb, 0xb8, 0xa2, 0xc1, 0x33, 0x92, 0xa8, - 0x81, 0xcc, 0xe5, 0x7d, 0xe7, 0x99, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xe3, 0x73, 0x2d, 0xdf, 0xcb, - 0x0e, 0x28, 0x0c, 0xde, 0xdd, 0xb3, 0xa4, 0xca, 0x79, 0xb8, 0x8e, 0xbb, - 0xe8, 0x30, 0x89, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x08, - 0x88, 0xfe, 0x1f, 0xa2, 0xca, 0xcd, 0xe2, 0xa0, 0xf1, 0x2e, 0x7c, 0x67, - 0x49, 0xfb, 0xdc, 0x94, 0xac, 0x7f, 0x41, 0x0d, 0x78, 0x01, 0xba, 0x31, - 0xf7, 0x9b, 0xfb, 0x31, 0x18, 0x77, 0x2f, 0x66, 0x25, 0x94, 0xb8, 0x6d, - 0x16, 0x74, 0x81, 0xf1, 0xc0, 0xae, 0x67, 0xc6, 0x14, 0x45, 0x7a, 0x01, - 0xd1, 0x13, 0x88, 0xfc, 0xe2, 0x8d, 0x22, 0x1d, 0xbd, 0x1e, 0x0c, 0xc7, - 0xa9, 0x7e, 0xd0, 0xc3, 0x97, 0xf6, 0x37, 0x5b, 0x41, 0x5e, 0x67, 0x94, - 0x8e, 0xab, 0x69, 0x02, 0x17, 0x18, 0xf5, 0x4d, 0x38, 0xc2, 0x49, 0x28, - 0x09, 0x6e, 0x5a, 0x9b, 0xa6, 0x27, 0xdb, 0xc0, 0x5f, 0x8f, 0x44, 0x9c, - 0x90, 0x65, 0x99, 0xd8, 0xb3, 0x2e, 0xc1, 0x92, 0xee, 0x1a, 0x9d, 0x0f, - 0x72, 0x45, 0x20, 0xfa, 0x2c, 0x0c, 0x9c, 0x5d, 0xcd, 0x5b, 0x54, 0x41, - 0x54, 0x4f, 0xd3, 0xe2, 0xc7, 0x59, 0x84, 0x3f, 0x17, 0x7b, 0x7d, 0x0e, - 0xc2, 0xef, 0x62, 0xc7, 0xba, 0xb1, 0x26, 0x6c, 0x83, 0x4e, 0xd3, 0x19, - 0xc5, 0xff, 0x56, 0xa7, 0xb4, 0x45, 0x3f, 0x7a, 0x9e, 0xfa, 0xd0, 0x39, - 0x3e, 0x80, 0x46, 0x75, 0x5d, 0x5a, 0x79, 0x7a, 0x33, 0xc5, 0x01, 0xbc, - 0x02, 0x44, 0xce, 0x1b, 0xc0, 0x31, 0x4e, 0x47, 0x96, 0x15, 0x6e, 0xe7, - 0xe4, 0x76, 0xf0, 0xc2, 0x90, 0x0d, 0xa1, 0x78, 0xf4, 0x38, 0x00, 0x91, - 0x2b, 0x65, 0x7c, 0x79, 0x13, 0xa8, 0x3e, 0x91, 0x14, 0xdc, 0x88, 0x05, - 0x08, 0xd7, 0x6f, 0x53, 0xf6, 0x15, 0x43, 0xee, 0xc5, 0x53, 0x56, 0x1a, - 0x02, 0xb5, 0xa6, 0xa2, 0x46, 0x8d, 0x1e, 0x13, 0xe4, 0x67, 0xc2, 0x45, - 0x5f, 0x40, 0x5e, 0x10, 0x42, 0x58, 0xb5, 0xcd, 0x44, 0xa3, 0x94, 0x4c, - 0x1c, 0x54, 0x90, 0x4d, 0x91, 0x9a, 0x26, 0x8b, 0xad, 0xa2, 0x80, 0x50, - 0x8d, 0x14, 0x14, -} - -var certSet2Cert8 = []byte{ - 0x30, 0x82, 0x04, 0x38, 0x30, 0x82, 0x03, 0xa1, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x04, 0x07, 0x27, 0x6d, 0xb9, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x75, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0f, - 0x47, 0x54, 0x45, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x1e, 0x47, 0x54, 0x45, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x20, 0x53, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x23, 0x30, 0x21, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1a, 0x47, 0x54, 0x45, 0x20, 0x43, - 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, - 0x6f, 0x62, 0x61, 0x6c, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, - 0x0d, 0x31, 0x30, 0x31, 0x31, 0x33, 0x30, 0x31, 0x36, 0x33, 0x35, 0x32, - 0x31, 0x5a, 0x17, 0x0d, 0x31, 0x38, 0x30, 0x38, 0x31, 0x30, 0x31, 0x35, - 0x33, 0x34, 0x32, 0x36, 0x5a, 0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x45, 0x31, 0x12, 0x30, 0x10, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x09, 0x42, 0x61, 0x6c, 0x74, 0x69, - 0x6d, 0x6f, 0x72, 0x65, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x0a, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, - 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x20, 0x43, 0x79, - 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x52, 0x6f, 0x6f, - 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, - 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa3, 0x04, - 0xbb, 0x22, 0xab, 0x98, 0x3d, 0x57, 0xe8, 0x26, 0x72, 0x9a, 0xb5, 0x79, - 0xd4, 0x29, 0xe2, 0xe1, 0xe8, 0x95, 0x80, 0xb1, 0xb0, 0xe3, 0x5b, 0x8e, - 0x2b, 0x29, 0x9a, 0x64, 0xdf, 0xa1, 0x5d, 0xed, 0xb0, 0x09, 0x05, 0x6d, - 0xdb, 0x28, 0x2e, 0xce, 0x62, 0xa2, 0x62, 0xfe, 0xb4, 0x88, 0xda, 0x12, - 0xeb, 0x38, 0xeb, 0x21, 0x9d, 0xc0, 0x41, 0x2b, 0x01, 0x52, 0x7b, 0x88, - 0x77, 0xd3, 0x1c, 0x8f, 0xc7, 0xba, 0xb9, 0x88, 0xb5, 0x6a, 0x09, 0xe7, - 0x73, 0xe8, 0x11, 0x40, 0xa7, 0xd1, 0xcc, 0xca, 0x62, 0x8d, 0x2d, 0xe5, - 0x8f, 0x0b, 0xa6, 0x50, 0xd2, 0xa8, 0x50, 0xc3, 0x28, 0xea, 0xf5, 0xab, - 0x25, 0x87, 0x8a, 0x9a, 0x96, 0x1c, 0xa9, 0x67, 0xb8, 0x3f, 0x0c, 0xd5, - 0xf7, 0xf9, 0x52, 0x13, 0x2f, 0xc2, 0x1b, 0xd5, 0x70, 0x70, 0xf0, 0x8f, - 0xc0, 0x12, 0xca, 0x06, 0xcb, 0x9a, 0xe1, 0xd9, 0xca, 0x33, 0x7a, 0x77, - 0xd6, 0xf8, 0xec, 0xb9, 0xf1, 0x68, 0x44, 0x42, 0x48, 0x13, 0xd2, 0xc0, - 0xc2, 0xa4, 0xae, 0x5e, 0x60, 0xfe, 0xb6, 0xa6, 0x05, 0xfc, 0xb4, 0xdd, - 0x07, 0x59, 0x02, 0xd4, 0x59, 0x18, 0x98, 0x63, 0xf5, 0xa5, 0x63, 0xe0, - 0x90, 0x0c, 0x7d, 0x5d, 0xb2, 0x06, 0x7a, 0xf3, 0x85, 0xea, 0xeb, 0xd4, - 0x03, 0xae, 0x5e, 0x84, 0x3e, 0x5f, 0xff, 0x15, 0xed, 0x69, 0xbc, 0xf9, - 0x39, 0x36, 0x72, 0x75, 0xcf, 0x77, 0x52, 0x4d, 0xf3, 0xc9, 0x90, 0x2c, - 0xb9, 0x3d, 0xe5, 0xc9, 0x23, 0x53, 0x3f, 0x1f, 0x24, 0x98, 0x21, 0x5c, - 0x07, 0x99, 0x29, 0xbd, 0xc6, 0x3a, 0xec, 0xe7, 0x6e, 0x86, 0x3a, 0x6b, - 0x97, 0x74, 0x63, 0x33, 0xbd, 0x68, 0x18, 0x31, 0xf0, 0x78, 0x8d, 0x76, - 0xbf, 0xfc, 0x9e, 0x8e, 0x5d, 0x2a, 0x86, 0xa7, 0x4d, 0x90, 0xdc, 0x27, - 0x1a, 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x6a, 0x30, - 0x82, 0x01, 0x66, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, - 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x03, 0x30, - 0x4e, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x47, 0x30, 0x45, 0x30, 0x43, - 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x3b, 0x30, 0x39, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x2d, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x79, 0x62, 0x65, 0x72, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x2e, 0x6f, 0x6d, 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, - 0x6f, 0x72, 0x79, 0x2e, 0x63, 0x66, 0x6d, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, - 0x81, 0x89, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x81, 0x30, 0x7f, - 0xa1, 0x79, 0xa4, 0x77, 0x30, 0x75, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x18, 0x30, 0x16, 0x06, - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0f, 0x47, 0x54, 0x45, 0x20, 0x43, 0x6f, - 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x27, 0x30, - 0x25, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1e, 0x47, 0x54, 0x45, 0x20, - 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x53, - 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2c, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x23, 0x30, 0x21, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x1a, 0x47, 0x54, 0x45, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, - 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x20, 0x52, - 0x6f, 0x6f, 0x74, 0x82, 0x02, 0x01, 0xa5, 0x30, 0x45, 0x06, 0x03, 0x55, - 0x1d, 0x1f, 0x04, 0x3e, 0x30, 0x3c, 0x30, 0x3a, 0xa0, 0x38, 0xa0, 0x36, - 0x86, 0x34, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, - 0x2e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2d, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x67, 0x69, 0x2d, 0x62, 0x69, - 0x6e, 0x2f, 0x43, 0x52, 0x4c, 0x2f, 0x32, 0x30, 0x31, 0x38, 0x2f, 0x63, - 0x64, 0x70, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, - 0x0e, 0x04, 0x16, 0x04, 0x14, 0xe5, 0x9d, 0x59, 0x30, 0x82, 0x47, 0x58, - 0xcc, 0xac, 0xfa, 0x08, 0x54, 0x36, 0x86, 0x7b, 0x3a, 0xb5, 0x04, 0x4d, - 0xf0, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x16, 0xb4, 0x2c, 0xc9, - 0xf1, 0x5e, 0xe1, 0xa2, 0x7b, 0x9b, 0x78, 0x20, 0x7a, 0x4a, 0x70, 0x70, - 0x86, 0x19, 0x00, 0xb7, 0x05, 0x2a, 0xe8, 0xc9, 0x25, 0x39, 0x0f, 0xc3, - 0x64, 0x3c, 0x75, 0x09, 0xd9, 0x89, 0x15, 0x80, 0x07, 0xc2, 0x8d, 0xbc, - 0x29, 0xa5, 0x64, 0x50, 0xcf, 0x71, 0x75, 0x47, 0x23, 0xbd, 0x4d, 0xd8, - 0x7f, 0x77, 0x9a, 0x51, 0x10, 0x6e, 0x4e, 0x1f, 0x20, 0x3c, 0x47, 0x9c, - 0x43, 0x74, 0x7f, 0x96, 0x84, 0x10, 0x4c, 0x13, 0x43, 0xbe, 0xf8, 0xe0, - 0x72, 0x2e, 0xff, 0xbf, 0xae, 0x3c, 0x0a, 0x03, 0x60, 0x82, 0x4b, 0x6f, - 0xf9, 0x9a, 0xc5, 0x1e, 0xf6, 0xaf, 0x90, 0x3b, 0x9f, 0x61, 0x3b, 0x3e, - 0xde, 0x9b, 0x05, 0x1a, 0xc6, 0x2c, 0x3c, 0x57, 0x21, 0x08, 0x0f, 0x54, - 0xfa, 0x28, 0x63, 0x6c, 0xe8, 0x1b, 0x9c, 0x0f, 0xcf, 0xdd, 0x30, 0x44, - 0x13, 0xb9, 0x57, 0xfe, -} - -var certSet2Cert9 = []byte{ - 0x30, 0x82, 0x04, 0x44, 0x30, 0x82, 0x03, 0x2c, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x02, 0x3a, 0x78, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x42, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, - 0x38, 0x32, 0x39, 0x32, 0x32, 0x32, 0x34, 0x35, 0x38, 0x5a, 0x17, 0x0d, - 0x32, 0x32, 0x30, 0x35, 0x32, 0x30, 0x32, 0x32, 0x32, 0x34, 0x35, 0x38, - 0x5a, 0x30, 0x66, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x14, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x61, - 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x64, 0x20, 0x53, 0x53, 0x4c, 0x31, - 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x17, 0x47, 0x65, - 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x44, 0x56, 0x20, 0x53, 0x53, - 0x4c, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x34, 0x30, 0x82, 0x01, - 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, - 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xdf, 0x41, 0x94, 0x7a, 0xda, 0xf7, - 0xe4, 0x31, 0x43, 0xb6, 0xea, 0x01, 0x1b, 0x5c, 0xce, 0x63, 0xea, 0xfa, - 0x6d, 0xa3, 0xd9, 0x6a, 0xee, 0x2d, 0x9a, 0x75, 0xf9, 0xd5, 0x9c, 0x5b, - 0xbd, 0x34, 0xdf, 0xd8, 0x1c, 0xc9, 0x6d, 0xd8, 0x04, 0x88, 0xda, 0x6e, - 0xb5, 0xb7, 0xb5, 0xf0, 0x30, 0xae, 0x40, 0xd6, 0x5d, 0xfa, 0xc4, 0x53, - 0xc1, 0xd4, 0x22, 0x9d, 0x04, 0x4e, 0x11, 0xa6, 0x95, 0xd5, 0x45, 0x7c, - 0x41, 0x05, 0x58, 0xe0, 0x4c, 0xdd, 0xf9, 0xee, 0x55, 0xbd, 0x5f, 0x46, - 0xdc, 0xad, 0x13, 0x08, 0x9d, 0x2c, 0xe4, 0xf7, 0x82, 0xe6, 0x07, 0x2b, - 0x9e, 0x0e, 0x8c, 0x34, 0xa1, 0xce, 0xc4, 0xa1, 0xe0, 0x81, 0x70, 0x86, - 0x00, 0x06, 0x3f, 0x2d, 0xea, 0x7c, 0x9b, 0x28, 0xae, 0x1b, 0x28, 0x8b, - 0x39, 0x09, 0xd3, 0xe7, 0xf0, 0x45, 0xa4, 0xb1, 0xba, 0x11, 0x67, 0x90, - 0x55, 0x7b, 0x8f, 0xde, 0xed, 0x38, 0x5c, 0xa1, 0xe1, 0xe3, 0x83, 0xc4, - 0xc3, 0x72, 0x91, 0x4f, 0x98, 0xee, 0x1c, 0xc2, 0x80, 0xaa, 0x64, 0xa5, - 0x3e, 0x83, 0x62, 0x1c, 0xcc, 0xe0, 0x9e, 0xf8, 0x5a, 0xc0, 0x13, 0x12, - 0x7d, 0xa2, 0xa7, 0x8b, 0xa3, 0xe7, 0x9f, 0x2a, 0xd7, 0x9b, 0xca, 0xcb, - 0xed, 0x97, 0x01, 0x9c, 0x28, 0x84, 0x51, 0x04, 0x50, 0x41, 0xbc, 0xb4, - 0xfc, 0x78, 0xe9, 0x1b, 0xcf, 0x14, 0xea, 0x1f, 0x0f, 0xfc, 0x2e, 0x01, - 0x32, 0x8d, 0xb6, 0x35, 0xcb, 0x0a, 0x18, 0x3b, 0xec, 0x5a, 0x3e, 0x3c, - 0x1b, 0xd3, 0x99, 0x43, 0x1e, 0x2f, 0xf7, 0xbd, 0xf3, 0x5b, 0x12, 0xb9, - 0x07, 0x5e, 0xed, 0x3e, 0xd1, 0xa9, 0x87, 0xcc, 0x77, 0x72, 0x27, 0xd4, - 0xd9, 0x75, 0xa2, 0x63, 0x4b, 0x93, 0x36, 0xbd, 0xe5, 0x5c, 0xd7, 0xbf, - 0x5f, 0x79, 0x0d, 0xb3, 0x32, 0xa7, 0x0b, 0xb2, 0x63, 0x23, 0x02, 0x03, - 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x1d, 0x30, 0x82, 0x01, 0x19, 0x30, - 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, - 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, 0xab, 0x05, 0x64, 0x0c, 0x11, - 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc, 0x4e, 0x30, 0x1d, 0x06, 0x03, - 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x0b, 0x50, 0xec, 0x77, 0xef, - 0x2a, 0x9b, 0xff, 0xec, 0x03, 0xa1, 0x0a, 0xff, 0xad, 0xc6, 0xe4, 0x2a, - 0x18, 0xc7, 0x3e, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, - 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, - 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, - 0x02, 0x01, 0x06, 0x30, 0x35, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2e, - 0x30, 0x2c, 0x30, 0x2a, 0xa0, 0x28, 0xa0, 0x26, 0x86, 0x24, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x73, 0x2f, 0x67, 0x74, - 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x2e, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x22, - 0x30, 0x20, 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x01, 0x86, 0x12, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, - 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x64, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x4c, - 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x45, 0x30, 0x43, 0x30, 0x41, 0x06, - 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, 0x07, 0x36, 0x30, - 0x33, 0x30, 0x31, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, - 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, - 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, - 0x2f, 0x63, 0x70, 0x73, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0x33, 0x24, 0xd5, 0x90, 0xaa, 0x29, 0x0c, 0x35, 0xb9, 0x2f, 0xc3, 0xc7, - 0x42, 0x93, 0xc0, 0xc6, 0x10, 0x4b, 0x03, 0x08, 0x76, 0x84, 0x10, 0xa2, - 0xe0, 0xe7, 0x53, 0x12, 0x27, 0xf2, 0x0a, 0xda, 0x7f, 0x3a, 0xdc, 0xfd, - 0x5c, 0x79, 0x5a, 0x8f, 0x17, 0x74, 0x43, 0x53, 0xb1, 0xd5, 0xd1, 0x5d, - 0x59, 0xb9, 0xa6, 0x84, 0x64, 0xca, 0xf1, 0x3a, 0x0a, 0x59, 0x96, 0x10, - 0xbf, 0xa9, 0x81, 0x57, 0x8b, 0x5c, 0x87, 0xdc, 0x7f, 0xe3, 0xe4, 0xbb, - 0x05, 0x7a, 0xa0, 0x32, 0x09, 0x13, 0x4e, 0x10, 0x81, 0x28, 0x1f, 0x9c, - 0x03, 0x62, 0xbc, 0xf4, 0x01, 0xb5, 0x29, 0x83, 0x46, 0x07, 0xb9, 0xe7, - 0xb8, 0x5d, 0xc8, 0xe9, 0xd1, 0xdd, 0xad, 0x3b, 0xf8, 0x34, 0xdb, 0xc1, - 0xd1, 0x95, 0xa9, 0x91, 0x18, 0xed, 0x3c, 0x2c, 0x37, 0x11, 0x4d, 0xcc, - 0xfe, 0x53, 0x3e, 0x50, 0x43, 0xf9, 0xc3, 0x56, 0x41, 0xac, 0x53, 0x9b, - 0x6c, 0x05, 0xb2, 0x9a, 0xe2, 0xe0, 0x59, 0x57, 0x30, 0x32, 0xb6, 0x26, - 0x4e, 0x13, 0x25, 0xcd, 0xfa, 0x48, 0x70, 0x0f, 0x75, 0x55, 0x60, 0x11, - 0xf5, 0x3b, 0xd5, 0x5e, 0x5a, 0x3c, 0x8b, 0x5b, 0x0f, 0x0f, 0x62, 0x42, - 0x48, 0x61, 0x85, 0x8b, 0x10, 0xf4, 0xc1, 0x88, 0xbf, 0x7f, 0x5f, 0x8a, - 0xc2, 0xd7, 0xcd, 0x2b, 0x94, 0x5c, 0x1f, 0x34, 0x4a, 0x08, 0xaf, 0xeb, - 0xae, 0x89, 0xa8, 0x48, 0x75, 0x55, 0x95, 0x1d, 0xbb, 0xc0, 0x9a, 0x01, - 0xb9, 0xf4, 0x03, 0x22, 0x3e, 0xd4, 0xe6, 0x52, 0x30, 0x0d, 0x67, 0xb9, - 0xc0, 0x91, 0xfd, 0x2d, 0x4c, 0x30, 0x8e, 0xbd, 0x8c, 0xa5, 0x04, 0x91, - 0xbb, 0xa4, 0xab, 0x7f, 0x0f, 0xd8, 0x6f, 0xf0, 0x66, 0x00, 0xc9, 0xa3, - 0x5c, 0xf5, 0xb0, 0x8f, 0x83, 0xe6, 0x9c, 0x5a, 0xe6, 0xb6, 0xb9, 0xc5, - 0xbc, 0xbe, 0xe4, 0x02, -} - -var certSet2Cert10 = []byte{ - 0x30, 0x82, 0x04, 0x45, 0x30, 0x82, 0x03, 0xae, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x33, 0x65, 0x50, 0x08, 0x79, 0xad, 0x73, 0xe2, 0x30, - 0xb9, 0xe0, 0x1d, 0x0d, 0x7f, 0xac, 0x91, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, - 0xce, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x5a, 0x41, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, - 0x0c, 0x57, 0x65, 0x73, 0x74, 0x65, 0x72, 0x6e, 0x20, 0x43, 0x61, 0x70, - 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x09, - 0x43, 0x61, 0x70, 0x65, 0x20, 0x54, 0x6f, 0x77, 0x6e, 0x31, 0x1d, 0x30, - 0x1b, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x14, 0x54, 0x68, 0x61, 0x77, - 0x74, 0x65, 0x20, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, - 0x67, 0x20, 0x63, 0x63, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x1f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x73, 0x20, 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, 0x21, - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x18, 0x54, 0x68, 0x61, - 0x77, 0x74, 0x65, 0x20, 0x50, 0x72, 0x65, 0x6d, 0x69, 0x75, 0x6d, 0x20, - 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, 0x31, 0x28, 0x30, - 0x26, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, - 0x16, 0x19, 0x70, 0x72, 0x65, 0x6d, 0x69, 0x75, 0x6d, 0x2d, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x40, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, - 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x31, 0x31, 0x31, - 0x37, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x30, - 0x31, 0x32, 0x33, 0x30, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, - 0x81, 0xa9, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x1f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, - 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, 0x38, 0x30, 0x36, - 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, - 0x30, 0x30, 0x36, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, - 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x16, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, - 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, - 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xac, 0xa0, 0xf0, 0xfb, 0x80, 0x59, 0xd4, 0x9c, 0xc7, 0xa4, 0xcf, 0x9d, - 0xa1, 0x59, 0x73, 0x09, 0x10, 0x45, 0x0c, 0x0d, 0x2c, 0x6e, 0x68, 0xf1, - 0x6c, 0x5b, 0x48, 0x68, 0x49, 0x59, 0x37, 0xfc, 0x0b, 0x33, 0x19, 0xc2, - 0x77, 0x7f, 0xcc, 0x10, 0x2d, 0x95, 0x34, 0x1c, 0xe6, 0xeb, 0x4d, 0x09, - 0xa7, 0x1c, 0xd2, 0xb8, 0xc9, 0x97, 0x36, 0x02, 0xb7, 0x89, 0xd4, 0x24, - 0x5f, 0x06, 0xc0, 0xcc, 0x44, 0x94, 0x94, 0x8d, 0x02, 0x62, 0x6f, 0xeb, - 0x5a, 0xdd, 0x11, 0x8d, 0x28, 0x9a, 0x5c, 0x84, 0x90, 0x10, 0x7a, 0x0d, - 0xbd, 0x74, 0x66, 0x2f, 0x6a, 0x38, 0xa0, 0xe2, 0xd5, 0x54, 0x44, 0xeb, - 0x1d, 0x07, 0x9f, 0x07, 0xba, 0x6f, 0xee, 0xe9, 0xfd, 0x4e, 0x0b, 0x29, - 0xf5, 0x3e, 0x84, 0xa0, 0x01, 0xf1, 0x9c, 0xab, 0xf8, 0x1c, 0x7e, 0x89, - 0xa4, 0xe8, 0xa1, 0xd8, 0x71, 0x65, 0x0d, 0xa3, 0x51, 0x7b, 0xee, 0xbc, - 0xd2, 0x22, 0x60, 0x0d, 0xb9, 0x5b, 0x9d, 0xdf, 0xba, 0xfc, 0x51, 0x5b, - 0x0b, 0xaf, 0x98, 0xb2, 0xe9, 0x2e, 0xe9, 0x04, 0xe8, 0x62, 0x87, 0xde, - 0x2b, 0xc8, 0xd7, 0x4e, 0xc1, 0x4c, 0x64, 0x1e, 0xdd, 0xcf, 0x87, 0x58, - 0xba, 0x4a, 0x4f, 0xca, 0x68, 0x07, 0x1d, 0x1c, 0x9d, 0x4a, 0xc6, 0xd5, - 0x2f, 0x91, 0xcc, 0x7c, 0x71, 0x72, 0x1c, 0xc5, 0xc0, 0x67, 0xeb, 0x32, - 0xfd, 0xc9, 0x92, 0x5c, 0x94, 0xda, 0x85, 0xc0, 0x9b, 0xbf, 0x53, 0x7d, - 0x2b, 0x09, 0xf4, 0x8c, 0x9d, 0x91, 0x1f, 0x97, 0x6a, 0x52, 0xcb, 0xde, - 0x09, 0x36, 0xa4, 0x77, 0xd8, 0x7b, 0x87, 0x50, 0x44, 0xd5, 0x3e, 0x6e, - 0x29, 0x69, 0xfb, 0x39, 0x49, 0x26, 0x1e, 0x09, 0xa5, 0x80, 0x7b, 0x40, - 0x2d, 0xeb, 0xe8, 0x27, 0x85, 0xc9, 0xfe, 0x61, 0xfd, 0x7e, 0xe6, 0x7c, - 0x97, 0x1d, 0xd5, 0x9d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xc2, - 0x30, 0x81, 0xbf, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, - 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x3b, 0x06, 0x03, - 0x55, 0x1d, 0x20, 0x04, 0x34, 0x30, 0x32, 0x30, 0x30, 0x06, 0x04, 0x55, - 0x1d, 0x20, 0x00, 0x30, 0x28, 0x30, 0x26, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x73, - 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, - 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x0e, 0x06, - 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, - 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0x7b, 0x5b, 0x45, 0xcf, 0xaf, 0xce, 0xcb, 0x7a, 0xfd, 0x31, 0x92, 0x1a, - 0x6a, 0xb6, 0xf3, 0x46, 0xeb, 0x57, 0x48, 0x50, 0x30, 0x40, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x39, 0x30, 0x37, 0x30, 0x35, 0xa0, 0x33, 0xa0, - 0x31, 0x86, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, - 0x6c, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x50, 0x72, 0x65, 0x6d, 0x69, - 0x75, 0x6d, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x41, 0x2e, 0x63, - 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x84, 0xa8, 0x4c, - 0xc9, 0x3e, 0x2a, 0xbc, 0x9a, 0xe2, 0xcc, 0x8f, 0x0b, 0xb2, 0x25, 0x77, - 0xc4, 0x61, 0x89, 0x89, 0x63, 0x5a, 0xd4, 0xa3, 0x15, 0x40, 0xd4, 0xfb, - 0x5e, 0x3f, 0xb4, 0x43, 0xea, 0x63, 0x17, 0x2b, 0x6b, 0x99, 0x74, 0x9e, - 0x09, 0xa8, 0xdd, 0xd4, 0x56, 0x15, 0x2e, 0x7a, 0x79, 0x31, 0x5f, 0x63, - 0x96, 0x53, 0x1b, 0x34, 0xd9, 0x15, 0xea, 0x4f, 0x6d, 0x70, 0xca, 0xbe, - 0xf6, 0x82, 0xa9, 0xed, 0xda, 0x85, 0x77, 0xcc, 0x76, 0x1c, 0x6a, 0x81, - 0x0a, 0x21, 0xd8, 0x41, 0x99, 0x7f, 0x5e, 0x2e, 0x82, 0xc1, 0xe8, 0xaa, - 0xf7, 0x93, 0x81, 0x05, 0xaa, 0x92, 0xb4, 0x1f, 0xb7, 0x9a, 0xc0, 0x07, - 0x17, 0xf5, 0xcb, 0xc6, 0xb4, 0x4c, 0x0e, 0xd7, 0x56, 0xdc, 0x71, 0x20, - 0x74, 0x38, 0xd6, 0x74, 0xc6, 0xd6, 0x8f, 0x6b, 0xaf, 0x8b, 0x8d, 0xa0, - 0x6c, 0x29, 0x0b, 0x61, 0xe0, -} - -var certSet2Cert11 = []byte{ - 0x30, 0x82, 0x04, 0x4d, 0x30, 0x82, 0x03, 0x35, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x0b, 0x04, 0x00, 0x00, 0x00, 0x00, 0x01, 0x44, 0x4e, 0xf0, - 0x36, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19, 0x30, 0x17, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10, 0x47, 0x6c, 0x6f, 0x62, 0x61, - 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, 0x73, 0x61, 0x31, - 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x07, 0x52, 0x6f, - 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x12, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, - 0x67, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, - 0x17, 0x0d, 0x31, 0x34, 0x30, 0x32, 0x32, 0x30, 0x31, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x32, 0x32, 0x30, 0x31, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x4c, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19, 0x30, - 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, 0x73, 0x61, - 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x41, - 0x6c, 0x70, 0x68, 0x61, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, 0x20, 0x2d, - 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x2d, 0x20, 0x47, 0x32, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xda, 0x01, 0xec, - 0xe4, 0xec, 0x73, 0x60, 0xfb, 0x7e, 0x8f, 0x6a, 0xb7, 0xc6, 0x17, 0xe3, - 0x92, 0x64, 0x32, 0xd4, 0xac, 0x00, 0xd9, 0xa2, 0x0f, 0xb9, 0xed, 0xee, - 0x6b, 0x8a, 0x86, 0xca, 0x92, 0x67, 0xd9, 0x74, 0xd7, 0x5d, 0x47, 0x02, - 0x3c, 0x8f, 0x40, 0xd6, 0x9e, 0x6d, 0x14, 0xcd, 0xc3, 0xda, 0x29, 0x39, - 0xa7, 0x0f, 0x05, 0x0a, 0x68, 0xa2, 0x66, 0x1a, 0x1e, 0xc4, 0xb2, 0x8b, - 0x76, 0x58, 0xe5, 0xab, 0x5d, 0x1d, 0x8f, 0x40, 0xb3, 0x39, 0x8b, 0xef, - 0x1e, 0x83, 0x7d, 0x22, 0xd0, 0xe3, 0xa9, 0x00, 0x2e, 0xec, 0x53, 0xcf, - 0x62, 0x19, 0x85, 0x44, 0x28, 0x4c, 0xc0, 0x27, 0xcb, 0x7b, 0x0e, 0xec, - 0x10, 0x64, 0x00, 0x10, 0xa4, 0x05, 0xcc, 0xa0, 0x72, 0xbe, 0x41, 0x6c, - 0x31, 0x5b, 0x48, 0xe4, 0xb1, 0xec, 0xb9, 0x23, 0xeb, 0x55, 0x4d, 0xd0, - 0x7d, 0x62, 0x4a, 0xa5, 0xb4, 0xa5, 0xa4, 0x59, 0x85, 0xc5, 0x25, 0x91, - 0xa6, 0xfe, 0xa6, 0x09, 0x9f, 0x06, 0x10, 0x6d, 0x8f, 0x81, 0x0c, 0x64, - 0x40, 0x5e, 0x73, 0x00, 0x9a, 0xe0, 0x2e, 0x65, 0x98, 0x54, 0x10, 0x00, - 0x70, 0x98, 0xc8, 0xe1, 0xed, 0x34, 0x5f, 0xd8, 0x9c, 0xc7, 0x0d, 0xc0, - 0xd6, 0x23, 0x59, 0x45, 0xfc, 0xfe, 0x55, 0x7a, 0x86, 0xee, 0x94, 0x60, - 0x22, 0xf1, 0xae, 0xd1, 0xe6, 0x55, 0x46, 0xf6, 0x99, 0xc5, 0x1b, 0x08, - 0x74, 0x5f, 0xac, 0xb0, 0x64, 0x84, 0x8f, 0x89, 0x38, 0x1c, 0xa1, 0xa7, - 0x90, 0x21, 0x4f, 0x02, 0x6e, 0xbd, 0xe0, 0x61, 0x67, 0xd4, 0xf8, 0x42, - 0x87, 0x0f, 0x0a, 0xf7, 0xc9, 0x04, 0x6d, 0x2a, 0xa9, 0x2f, 0xef, 0x42, - 0xa5, 0xdf, 0xdd, 0xa3, 0x53, 0xdb, 0x98, 0x1e, 0x81, 0xf9, 0x9a, 0x72, - 0x7b, 0x5a, 0xde, 0x4f, 0x3e, 0x7f, 0xa2, 0x58, 0xa0, 0xe2, 0x17, 0xad, - 0x67, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x23, 0x30, 0x82, - 0x01, 0x1f, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, - 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, - 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, - 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, - 0x14, 0xf5, 0xcd, 0xd5, 0x3c, 0x08, 0x50, 0xf9, 0x6a, 0x4f, 0x3a, 0xb7, - 0x97, 0xda, 0x56, 0x83, 0xe6, 0x69, 0xd2, 0x68, 0xf7, 0x30, 0x45, 0x06, - 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3e, 0x30, 0x3c, 0x30, 0x3a, 0x06, 0x04, - 0x55, 0x1d, 0x20, 0x00, 0x30, 0x32, 0x30, 0x30, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x24, 0x68, 0x74, 0x74, 0x70, - 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, - 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, 0x30, 0x33, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x2c, 0x30, 0x2a, 0x30, 0x28, 0xa0, 0x26, 0xa0, - 0x24, 0x86, 0x22, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, - 0x6c, 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x73, 0x69, 0x67, 0x6e, - 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x72, - 0x6c, 0x30, 0x3d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, - 0x01, 0x04, 0x31, 0x30, 0x2f, 0x30, 0x2d, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x21, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61, - 0x6c, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x6f, - 0x6f, 0x74, 0x72, 0x31, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, - 0x18, 0x30, 0x16, 0x80, 0x14, 0x60, 0x7b, 0x66, 0x1a, 0x45, 0x0d, 0x97, - 0xca, 0x89, 0x50, 0x2f, 0x7d, 0x04, 0xcd, 0x34, 0xa8, 0xff, 0xfc, 0xfd, - 0x4b, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x60, 0x40, 0x68, - 0x16, 0x47, 0xe7, 0x16, 0x8d, 0xdb, 0x5c, 0xa1, 0x56, 0x2a, 0xcb, 0xf4, - 0x5c, 0x9b, 0xb0, 0x1e, 0xa2, 0x4b, 0xf5, 0xcb, 0x02, 0x3f, 0xf8, 0x0b, - 0xa1, 0xf2, 0xa7, 0x42, 0xd4, 0xb7, 0x4c, 0xeb, 0xe3, 0x66, 0x80, 0xf3, - 0x25, 0x43, 0x78, 0x2e, 0x1b, 0x17, 0x56, 0x07, 0x52, 0x18, 0xcb, 0xd1, - 0xa8, 0xec, 0xe6, 0xfb, 0x73, 0x3e, 0xa4, 0x62, 0x8c, 0x80, 0xb4, 0xd2, - 0xc5, 0x12, 0x73, 0xa3, 0xd3, 0xfa, 0x02, 0x38, 0xbe, 0x63, 0x3d, 0x84, - 0xb8, 0x99, 0xc1, 0xf1, 0xba, 0xf7, 0x9f, 0xc3, 0x40, 0xd1, 0x58, 0x18, - 0x53, 0xc1, 0x62, 0xdd, 0xaf, 0x18, 0x42, 0x7f, 0x34, 0x4e, 0xc5, 0x43, - 0xd5, 0x71, 0xb0, 0x30, 0x00, 0xc7, 0xe3, 0x90, 0xae, 0x3f, 0x57, 0x86, - 0x97, 0xce, 0xea, 0x0c, 0x12, 0x8e, 0x22, 0x70, 0xe3, 0x66, 0xa7, 0x54, - 0x7f, 0x2e, 0x28, 0xcb, 0xd4, 0x54, 0xd0, 0xb3, 0x1e, 0x62, 0x67, 0x08, - 0xf9, 0x27, 0xe1, 0xcb, 0xe3, 0x66, 0xb8, 0x24, 0x1b, 0x89, 0x6a, 0x89, - 0x44, 0x65, 0xf2, 0xd9, 0x4c, 0xd2, 0x58, 0x1c, 0x8c, 0x4e, 0xc0, 0x95, - 0xa1, 0xd4, 0xef, 0x67, 0x2f, 0x38, 0x20, 0xe8, 0x2e, 0xff, 0x96, 0x51, - 0xf0, 0xba, 0xd8, 0x3d, 0x92, 0x70, 0x47, 0x65, 0x1c, 0x9e, 0x73, 0x72, - 0xb4, 0x60, 0x0c, 0x5c, 0xe2, 0xd1, 0x73, 0x76, 0xe0, 0xaf, 0x4e, 0xe2, - 0xe5, 0x37, 0xa5, 0x45, 0x2f, 0x8a, 0x23, 0x3e, 0x87, 0xc7, 0x30, 0xe6, - 0x31, 0x38, 0x7c, 0xf4, 0xdd, 0x52, 0xca, 0xf3, 0x53, 0x04, 0x25, 0x57, - 0x56, 0x66, 0x94, 0xe8, 0x0b, 0xee, 0xe6, 0x03, 0x14, 0x4e, 0xee, 0xfd, - 0x6d, 0x94, 0x64, 0x9e, 0x5e, 0xce, 0x79, 0xd4, 0xb2, 0xa6, 0xcf, 0x40, - 0xb1, 0x44, 0xa8, 0x3e, 0x87, 0x19, 0x5e, 0xe9, 0xf8, 0x21, 0x16, 0x59, - 0x53, -} - -var certSet2Cert12 = []byte{ - 0x30, 0x82, 0x04, 0x4f, 0x30, 0x82, 0x03, 0x37, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x02, 0x3a, 0x6f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x42, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x31, - 0x31, 0x30, 0x35, 0x32, 0x31, 0x33, 0x36, 0x35, 0x30, 0x5a, 0x17, 0x0d, - 0x32, 0x32, 0x30, 0x35, 0x32, 0x30, 0x32, 0x31, 0x33, 0x36, 0x35, 0x30, - 0x5a, 0x30, 0x44, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x14, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, - 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, - 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xe3, 0xbe, 0x7e, 0x0a, - 0x86, 0xa3, 0xcf, 0x6b, 0x6d, 0x3d, 0x2b, 0xa1, 0x97, 0xad, 0x49, 0x24, - 0x4d, 0xd7, 0x77, 0xb9, 0x34, 0x79, 0x08, 0xa5, 0x9e, 0xa2, 0x9e, 0xde, - 0x47, 0x12, 0x92, 0x3d, 0x7e, 0xea, 0x19, 0x86, 0xb1, 0xe8, 0x4f, 0x3d, - 0x5f, 0xf7, 0xd0, 0xa7, 0x77, 0x9a, 0x5b, 0x1f, 0x0a, 0x03, 0xb5, 0x19, - 0x53, 0xdb, 0xa5, 0x21, 0x94, 0x69, 0x63, 0x9d, 0x6a, 0x4c, 0x91, 0x0c, - 0x10, 0x47, 0xbe, 0x11, 0xfa, 0x6c, 0x86, 0x25, 0xb7, 0xab, 0x04, 0x68, - 0x42, 0x38, 0x09, 0x65, 0xf0, 0x14, 0xda, 0x19, 0x9e, 0xfa, 0x6b, 0x0b, - 0xab, 0x62, 0xef, 0x8d, 0xa7, 0xef, 0x63, 0x70, 0x23, 0xa8, 0xaf, 0x81, - 0xf3, 0xd1, 0x6e, 0x88, 0x67, 0x53, 0xec, 0x12, 0xa4, 0x29, 0x75, 0x8a, - 0xa7, 0xf2, 0x57, 0x3d, 0xa2, 0x83, 0x98, 0x97, 0xf2, 0x0a, 0x7d, 0xd4, - 0xe7, 0x43, 0x6e, 0x30, 0x78, 0x62, 0x22, 0x59, 0x59, 0xb8, 0x71, 0x27, - 0x45, 0xaa, 0x0f, 0x66, 0xc6, 0x55, 0x3f, 0xfa, 0x32, 0x17, 0x2b, 0x31, - 0x8f, 0x46, 0xa0, 0xfa, 0x69, 0x14, 0x7c, 0x9d, 0x9f, 0x5a, 0xe2, 0xeb, - 0x33, 0x4e, 0x10, 0xa6, 0xb3, 0xed, 0x77, 0x63, 0xd8, 0xc3, 0x9e, 0xf4, - 0xdd, 0xdf, 0x79, 0x9a, 0x7a, 0xd4, 0xee, 0xde, 0xdd, 0x9a, 0xcc, 0xc3, - 0xb7, 0xa9, 0x5d, 0xcc, 0x11, 0x3a, 0x07, 0xbb, 0x6f, 0x97, 0xa4, 0x01, - 0x23, 0x47, 0x95, 0x1f, 0xa3, 0x77, 0xfa, 0x58, 0x92, 0xc6, 0xc7, 0xd0, - 0xbd, 0xcf, 0x93, 0x18, 0x42, 0xb7, 0x7e, 0xf7, 0x9e, 0x65, 0xea, 0xd5, - 0x3b, 0xca, 0xed, 0xac, 0xc5, 0x70, 0xa1, 0xfe, 0xd4, 0x10, 0x9a, 0xf0, - 0x12, 0x04, 0x44, 0xac, 0x1a, 0x5b, 0x78, 0x50, 0x45, 0x57, 0x4c, 0x6f, - 0xbd, 0x80, 0xcb, 0x81, 0x5c, 0x2d, 0xb3, 0xbc, 0x76, 0xa1, 0x1e, 0x65, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4a, 0x30, 0x82, 0x01, - 0x46, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, - 0x80, 0x14, 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, 0xab, 0x05, 0x64, - 0x0c, 0x11, 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc, 0x4e, 0x30, 0x1d, - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xd2, 0x6f, 0xf7, - 0x96, 0xf4, 0x85, 0x3f, 0x72, 0x3c, 0x30, 0x7d, 0x23, 0xda, 0x85, 0x78, - 0x9b, 0xa3, 0x7c, 0x5a, 0x7c, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, - 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, - 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, - 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x36, 0x06, 0x03, 0x55, 0x1d, 0x1f, - 0x04, 0x2f, 0x30, 0x2d, 0x30, 0x2b, 0xa0, 0x29, 0xa0, 0x27, 0x86, 0x25, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x31, 0x2e, 0x73, 0x79, - 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x73, - 0x2f, 0x67, 0x74, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x2e, 0x63, 0x72, - 0x6c, 0x30, 0x2f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, - 0x01, 0x04, 0x23, 0x30, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x13, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x67, 0x32, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, - 0x6f, 0x6d, 0x30, 0x4c, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x45, 0x30, - 0x43, 0x30, 0x41, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, - 0x01, 0x07, 0x36, 0x30, 0x33, 0x30, 0x31, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, - 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x29, 0x06, 0x03, - 0x55, 0x1d, 0x11, 0x04, 0x22, 0x30, 0x20, 0xa4, 0x1e, 0x30, 0x1c, 0x31, - 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x53, 0x79, - 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, 0x50, 0x4b, 0x49, 0x2d, 0x31, 0x2d, - 0x35, 0x33, 0x39, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xa0, - 0xd4, 0xf7, 0x2c, 0xfb, 0x74, 0x0b, 0x7f, 0x64, 0xf1, 0xcd, 0x43, 0x6a, - 0x9f, 0x62, 0x53, 0x1c, 0x02, 0x7c, 0x98, 0x90, 0xa2, 0xee, 0x4f, 0x68, - 0xd4, 0x20, 0x1a, 0x73, 0x12, 0x3e, 0x77, 0xb3, 0x50, 0xeb, 0x72, 0xbc, - 0xee, 0x88, 0xbe, 0x7f, 0x17, 0xea, 0x77, 0x8f, 0x83, 0x61, 0x95, 0x4f, - 0x84, 0xa1, 0xcb, 0x32, 0x4f, 0x6c, 0x21, 0xbe, 0xd2, 0x69, 0x96, 0x7d, - 0x63, 0xbd, 0xdc, 0x2b, 0xa8, 0x1f, 0xd0, 0x13, 0x84, 0x70, 0xfe, 0xf6, - 0x35, 0x95, 0x89, 0xf9, 0xa6, 0x77, 0xb0, 0x46, 0xc8, 0xbb, 0xb7, 0x13, - 0xf5, 0xc9, 0x60, 0x69, 0xd6, 0x4c, 0xfe, 0xd2, 0x8e, 0xef, 0xd3, 0x60, - 0xc1, 0x80, 0x80, 0xe1, 0xe7, 0xfb, 0x8b, 0x6f, 0x21, 0x79, 0x4a, 0xe0, - 0xdc, 0xa9, 0x1b, 0xc1, 0xb7, 0xfb, 0xc3, 0x49, 0x59, 0x5c, 0xb5, 0x77, - 0x07, 0x44, 0xd4, 0x97, 0xfc, 0x49, 0x00, 0x89, 0x6f, 0x06, 0x4e, 0x01, - 0x70, 0x19, 0xac, 0x2f, 0x11, 0xc0, 0xe2, 0xe6, 0x0f, 0x2f, 0x86, 0x4b, - 0x8d, 0x7b, 0xc3, 0xb9, 0xa7, 0x2e, 0xf4, 0xf1, 0xac, 0x16, 0x3e, 0x39, - 0x49, 0x51, 0x9e, 0x17, 0x4b, 0x4f, 0x10, 0x3a, 0x5b, 0xa5, 0xa8, 0x92, - 0x6f, 0xfd, 0xfa, 0xd6, 0x0b, 0x03, 0x4d, 0x47, 0x56, 0x57, 0x19, 0xf3, - 0xcb, 0x6b, 0xf5, 0xf3, 0xd6, 0xcf, 0xb0, 0xf5, 0xf5, 0xa3, 0x11, 0xd2, - 0x20, 0x53, 0x13, 0x34, 0x37, 0x05, 0x2c, 0x43, 0x5a, 0x63, 0xdf, 0x8d, - 0x40, 0xd6, 0x85, 0x1e, 0x51, 0xe9, 0x51, 0x17, 0x1e, 0x03, 0x56, 0xc9, - 0xf1, 0x30, 0xad, 0xe7, 0x9b, 0x11, 0xa2, 0xb9, 0xd0, 0x31, 0x81, 0x9b, - 0x68, 0xb1, 0xd9, 0xe8, 0xf3, 0xe6, 0x94, 0x7e, 0xc7, 0xae, 0x13, 0x2f, - 0x87, 0xed, 0xd0, 0x25, 0xb0, 0x68, 0xf9, 0xde, 0x08, 0x5a, 0xf3, 0x29, - 0xcc, 0xd4, 0x92, -} - -var certSet2Cert13 = []byte{ - 0x30, 0x82, 0x04, 0x59, 0x30, 0x82, 0x03, 0x41, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x02, 0x3a, 0x63, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x42, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, - 0x38, 0x32, 0x37, 0x32, 0x30, 0x34, 0x30, 0x34, 0x30, 0x5a, 0x17, 0x0d, - 0x32, 0x32, 0x30, 0x35, 0x32, 0x30, 0x32, 0x30, 0x34, 0x30, 0x34, 0x30, - 0x5a, 0x30, 0x44, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x14, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, - 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, - 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb9, 0x27, 0xf9, 0x4f, - 0xd8, 0xf6, 0xb7, 0x15, 0x3f, 0x8f, 0xcd, 0xce, 0xd6, 0x8d, 0x1c, 0x6b, - 0xfd, 0x7f, 0xda, 0x54, 0x21, 0x4e, 0x03, 0xd8, 0xca, 0xd0, 0x72, 0x52, - 0x15, 0xb8, 0xc9, 0x82, 0x5b, 0x58, 0x79, 0x84, 0xff, 0x24, 0x72, 0x6f, - 0xf2, 0x69, 0x7f, 0xbc, 0x96, 0xd9, 0x9a, 0x7a, 0xc3, 0x3e, 0xa9, 0xcf, - 0x50, 0x22, 0x13, 0x0e, 0x86, 0x19, 0xdb, 0xe8, 0x49, 0xef, 0x8b, 0xe6, - 0xd6, 0x47, 0xf2, 0xfd, 0x73, 0x45, 0x08, 0xae, 0x8f, 0xac, 0x5e, 0xb6, - 0xf8, 0x9e, 0x7c, 0xf7, 0x10, 0xff, 0x92, 0x43, 0x66, 0xef, 0x1c, 0xd4, - 0xee, 0xa1, 0x46, 0x88, 0x11, 0x89, 0x49, 0x79, 0x7a, 0x25, 0xce, 0x4b, - 0x6a, 0xf0, 0xd7, 0x1c, 0x76, 0x1a, 0x29, 0x3c, 0xc9, 0xe4, 0xfd, 0x1e, - 0x85, 0xdc, 0xe0, 0x31, 0x65, 0x05, 0x47, 0x16, 0xac, 0x0a, 0x07, 0x4b, - 0x2e, 0x70, 0x5e, 0x6b, 0x06, 0xa7, 0x6b, 0x3a, 0x6c, 0xaf, 0x05, 0x12, - 0xc4, 0xb2, 0x11, 0x25, 0xd6, 0x3e, 0x97, 0x29, 0xf0, 0x83, 0x6c, 0x57, - 0x1c, 0xd8, 0xa5, 0xef, 0xcc, 0xec, 0xfd, 0xd6, 0x12, 0xf1, 0x3f, 0xdb, - 0x40, 0xb4, 0xae, 0x0f, 0x18, 0xd3, 0xc5, 0xaf, 0x40, 0x92, 0x5d, 0x07, - 0x5e, 0x4e, 0xfe, 0x62, 0x17, 0x37, 0x89, 0xe9, 0x8b, 0x74, 0x26, 0xa2, - 0xed, 0xb8, 0x0a, 0xe7, 0x6c, 0x15, 0x5b, 0x35, 0x90, 0x72, 0xdd, 0xd8, - 0x4d, 0x21, 0xd4, 0x40, 0x23, 0x5c, 0x8f, 0xee, 0x80, 0x31, 0x16, 0xab, - 0x68, 0x55, 0xf4, 0x0e, 0x3b, 0x54, 0xe9, 0x04, 0x4d, 0xf0, 0xcc, 0x4e, - 0x81, 0x5e, 0xe9, 0x6f, 0x52, 0x69, 0x4e, 0xbe, 0xa6, 0x16, 0x6d, 0x42, - 0xf5, 0x51, 0xff, 0xe0, 0x0b, 0x56, 0x3c, 0x98, 0x4f, 0x73, 0x8f, 0x0e, - 0x6f, 0x1a, 0x23, 0xf1, 0xc9, 0xc8, 0xd9, 0xdf, 0xbc, 0xec, 0x52, 0xd7, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x54, 0x30, 0x82, 0x01, - 0x50, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, - 0x80, 0x14, 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, 0xab, 0x05, 0x64, - 0x0c, 0x11, 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc, 0x4e, 0x30, 0x1d, - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x11, 0x4a, 0xd0, - 0x73, 0x39, 0xd5, 0x5b, 0x69, 0x08, 0x5c, 0xba, 0x3d, 0xbf, 0x64, 0x9a, - 0xa8, 0x8b, 0x1c, 0x55, 0xbc, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, - 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, - 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, - 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x3a, 0x06, 0x03, 0x55, 0x1d, 0x1f, - 0x04, 0x33, 0x30, 0x31, 0x30, 0x2f, 0xa0, 0x2d, 0xa0, 0x2b, 0x86, 0x29, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x67, - 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x63, 0x72, 0x6c, 0x73, 0x2f, 0x67, 0x74, 0x67, 0x6c, 0x6f, 0x62, 0x61, - 0x6c, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, - 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, - 0x4c, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x45, 0x30, 0x43, 0x30, 0x41, - 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, 0x07, 0x36, - 0x30, 0x33, 0x30, 0x31, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, - 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x1d, 0x11, - 0x04, 0x23, 0x30, 0x21, 0xa4, 0x1f, 0x30, 0x1d, 0x31, 0x1b, 0x30, 0x19, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x56, 0x65, 0x72, 0x69, 0x53, - 0x69, 0x67, 0x6e, 0x4d, 0x50, 0x4b, 0x49, 0x2d, 0x32, 0x2d, 0x32, 0x35, - 0x34, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x3c, 0xe5, 0x3d, - 0x5a, 0x1b, 0xa2, 0x37, 0x2a, 0xe3, 0x46, 0xcf, 0x36, 0x96, 0x18, 0x3c, - 0x7b, 0xf1, 0x84, 0xc5, 0x57, 0x86, 0x77, 0x40, 0x9d, 0x35, 0xf0, 0x12, - 0xf0, 0x78, 0x18, 0xfb, 0x22, 0xa4, 0xde, 0x98, 0x4b, 0x78, 0x81, 0xe6, - 0x4d, 0x86, 0xe3, 0x91, 0x0f, 0x42, 0xe3, 0xb9, 0xdc, 0xa0, 0xd6, 0xff, - 0xa9, 0xf8, 0xb1, 0x79, 0x97, 0x99, 0xd1, 0xc3, 0x6c, 0x42, 0xa5, 0x92, - 0x94, 0xe0, 0x5d, 0x0c, 0x33, 0x18, 0x25, 0xc9, 0x2b, 0x95, 0x53, 0xe0, - 0xe5, 0xa9, 0x0c, 0x7d, 0x47, 0xfe, 0x7f, 0x51, 0x31, 0x44, 0x5e, 0xf7, - 0x2a, 0x1e, 0x35, 0xa2, 0x94, 0x32, 0xf7, 0xc9, 0xee, 0xc0, 0xb6, 0xc6, - 0x9a, 0xac, 0xde, 0x99, 0x21, 0x6a, 0x23, 0xa0, 0x38, 0x64, 0xee, 0xa3, - 0xc4, 0x88, 0x73, 0x32, 0x3b, 0x50, 0xce, 0xbf, 0xad, 0xd3, 0x75, 0x1e, - 0xa6, 0xf4, 0xe9, 0xf9, 0x42, 0x6b, 0x60, 0xb2, 0xdd, 0x45, 0xfd, 0x5d, - 0x57, 0x08, 0xce, 0x2d, 0x50, 0xe6, 0x12, 0x32, 0x16, 0x13, 0x8a, 0xf2, - 0x94, 0xa2, 0x9b, 0x47, 0xa8, 0x86, 0x7f, 0xd9, 0x98, 0xe5, 0xf7, 0xe5, - 0x76, 0x74, 0x64, 0xd8, 0x91, 0xbc, 0x84, 0x16, 0x28, 0xd8, 0x25, 0x44, - 0x30, 0x7e, 0x82, 0xd8, 0xac, 0xb1, 0xe4, 0xc0, 0xe4, 0x15, 0x6c, 0xdb, - 0xb6, 0x24, 0x27, 0x02, 0x2a, 0x01, 0x12, 0x85, 0xba, 0x31, 0x88, 0x58, - 0x47, 0x74, 0xe3, 0xb8, 0xd2, 0x64, 0xa6, 0xc3, 0x32, 0x59, 0x2e, 0x29, - 0x4b, 0x45, 0xf1, 0x5b, 0x89, 0x49, 0x2e, 0x82, 0x9a, 0xc6, 0x18, 0x15, - 0x44, 0xd0, 0x2e, 0x64, 0x01, 0x15, 0x68, 0x38, 0xf9, 0xf6, 0xf9, 0x66, - 0x03, 0x0c, 0x55, 0x1b, 0x9d, 0xbf, 0x00, 0x40, 0xae, 0xf0, 0x48, 0x27, - 0x4c, 0xe0, 0x80, 0x5e, 0x2d, 0xb9, 0x2a, 0x15, 0x7a, 0xbc, 0x66, 0xf8, - 0x35, -} - -var certSet2Cert14 = []byte{ - 0x30, 0x82, 0x04, 0x63, 0x30, 0x82, 0x03, 0x4b, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x0b, 0x04, 0x00, 0x00, 0x00, 0x00, 0x01, 0x44, 0x4e, 0xf0, - 0x3e, 0x20, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19, 0x30, 0x17, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10, 0x47, 0x6c, 0x6f, 0x62, 0x61, - 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, 0x73, 0x61, 0x31, - 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x07, 0x52, 0x6f, - 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x12, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, - 0x67, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, - 0x17, 0x0d, 0x31, 0x34, 0x30, 0x32, 0x32, 0x30, 0x31, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x32, 0x32, 0x30, 0x31, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x60, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19, 0x30, - 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, 0x73, 0x61, - 0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2d, 0x47, - 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x44, 0x6f, - 0x6d, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x53, 0x48, 0x41, - 0x32, 0x35, 0x36, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xa9, 0xdd, 0xcc, 0x0e, 0xb3, 0xe2, 0x32, - 0x39, 0xdd, 0x49, 0x22, 0xa8, 0x13, 0x69, 0x93, 0x87, 0x88, 0xe1, 0x0c, - 0xee, 0x71, 0x7d, 0xbd, 0x90, 0x87, 0x96, 0x5d, 0x59, 0xf2, 0xcc, 0xb3, - 0xd2, 0x58, 0x57, 0x57, 0xf9, 0x46, 0xef, 0x6c, 0x26, 0xd8, 0x36, 0x42, - 0x8e, 0x7e, 0x30, 0xb3, 0x2f, 0x9a, 0x3e, 0x53, 0x7b, 0x1f, 0x6e, 0xb6, - 0xa2, 0x4c, 0x45, 0x1f, 0x3c, 0xd3, 0x15, 0x93, 0x1c, 0x89, 0xed, 0x3c, - 0xf4, 0x57, 0xde, 0xca, 0xbd, 0xec, 0x06, 0x9a, 0x6a, 0x2a, 0xa0, 0x19, - 0x52, 0x7f, 0x51, 0xd1, 0x74, 0x39, 0x08, 0x9f, 0xab, 0xeb, 0xd7, 0x86, - 0x13, 0x15, 0x97, 0xae, 0x36, 0xc3, 0x54, 0x66, 0x0e, 0x5a, 0xf2, 0xa0, - 0x73, 0x85, 0x31, 0xe3, 0xb2, 0x64, 0x14, 0x6a, 0xff, 0xa5, 0xa2, 0x8e, - 0x24, 0xbb, 0xbd, 0x85, 0x52, 0x15, 0xa2, 0x79, 0xee, 0xf0, 0xb5, 0xee, - 0x3d, 0xb8, 0xf4, 0x7d, 0x80, 0xbc, 0xd9, 0x90, 0x35, 0x65, 0xb8, 0x17, - 0xa9, 0xad, 0xb3, 0x98, 0x9f, 0xa0, 0x7e, 0x7d, 0x6e, 0xfb, 0x3f, 0xad, - 0x7c, 0xc2, 0x1b, 0x59, 0x36, 0x96, 0xda, 0x37, 0x32, 0x4b, 0x4b, 0x5d, - 0x35, 0x02, 0x63, 0x8e, 0xdb, 0xa7, 0xcf, 0x62, 0xee, 0xcc, 0x2e, 0xd4, - 0x8d, 0xc9, 0xbd, 0x3c, 0x6a, 0x91, 0x72, 0xa2, 0x22, 0xa7, 0x72, 0x2d, - 0x20, 0xd1, 0xfa, 0xca, 0x37, 0xda, 0x18, 0x98, 0xe6, 0x16, 0x24, 0x71, - 0x25, 0x4b, 0xc4, 0xe5, 0x7b, 0x89, 0x52, 0x09, 0x02, 0xfd, 0x59, 0x2b, - 0x04, 0x6e, 0xca, 0x07, 0x81, 0xd4, 0xb3, 0xda, 0xda, 0xdb, 0xe3, 0xcc, - 0x80, 0xa8, 0x56, 0x07, 0x06, 0x7c, 0x96, 0x08, 0x37, 0x9d, 0xdb, 0x38, - 0xb6, 0x62, 0x34, 0x91, 0x62, 0x07, 0x74, 0x01, 0x38, 0xd8, 0x72, 0x30, - 0xe2, 0xeb, 0x90, 0x71, 0x26, 0x62, 0xc0, 0x57, 0xf3, 0x02, 0x03, 0x01, - 0x00, 0x01, 0xa3, 0x82, 0x01, 0x25, 0x30, 0x82, 0x01, 0x21, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, - 0x01, 0x06, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, - 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x1d, - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xea, 0x4e, 0x7c, - 0xd4, 0x80, 0x2d, 0xe5, 0x15, 0x81, 0x86, 0x26, 0x8c, 0x82, 0x6d, 0xc0, - 0x98, 0xa4, 0xcf, 0x97, 0x0f, 0x30, 0x47, 0x06, 0x03, 0x55, 0x1d, 0x20, - 0x04, 0x40, 0x30, 0x3e, 0x30, 0x3c, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, - 0x30, 0x34, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x02, 0x01, 0x16, 0x26, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, - 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x73, 0x69, - 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, - 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, 0x30, 0x33, 0x06, 0x03, 0x55, 0x1d, - 0x1f, 0x04, 0x2c, 0x30, 0x2a, 0x30, 0x28, 0xa0, 0x26, 0xa0, 0x24, 0x86, - 0x22, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, - 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x6e, - 0x65, 0x74, 0x2f, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x72, 0x6c, 0x30, - 0x3d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, - 0x31, 0x30, 0x2f, 0x30, 0x2d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x30, 0x01, 0x86, 0x21, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x73, - 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x6f, 0x6f, 0x74, - 0x72, 0x31, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, - 0x16, 0x80, 0x14, 0x60, 0x7b, 0x66, 0x1a, 0x45, 0x0d, 0x97, 0xca, 0x89, - 0x50, 0x2f, 0x7d, 0x04, 0xcd, 0x34, 0xa8, 0xff, 0xfc, 0xfd, 0x4b, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xd7, 0x45, 0x9e, 0xa0, 0xdc, - 0xe0, 0xe3, 0x61, 0x5a, 0x0b, 0x7d, 0x77, 0x84, 0x17, 0x2d, 0x65, 0x5a, - 0x82, 0x9a, 0x8d, 0xa3, 0x27, 0x2a, 0x85, 0xf7, 0xc9, 0xef, 0xe9, 0x86, - 0xfd, 0xd4, 0x47, 0xcd, 0x01, 0x52, 0x96, 0xc5, 0x43, 0xbd, 0x37, 0xb1, - 0xe1, 0xb8, 0xf2, 0xa9, 0xd2, 0x8a, 0x11, 0x84, 0x71, 0x91, 0x15, 0x89, - 0xdc, 0x02, 0x9d, 0x0b, 0xcb, 0x6c, 0x33, 0x85, 0x34, 0x28, 0x9e, 0x20, - 0xb2, 0xb1, 0x97, 0xdc, 0x6d, 0x0b, 0x10, 0xc1, 0x3c, 0xcd, 0x5f, 0xea, - 0x5d, 0xd7, 0x98, 0x31, 0xc5, 0x34, 0x99, 0x5c, 0x00, 0x61, 0x55, 0xc4, - 0x1b, 0x02, 0x5b, 0xc5, 0xe3, 0x89, 0xc8, 0xb4, 0xb8, 0x6f, 0x1e, 0x38, - 0xf2, 0x56, 0x26, 0xe9, 0x41, 0xef, 0x3d, 0xcd, 0xac, 0x99, 0x4f, 0x59, - 0x4a, 0x57, 0x2d, 0x4b, 0x7d, 0xae, 0xc7, 0x88, 0xfb, 0xd6, 0x98, 0x3b, - 0xf5, 0xe5, 0xf0, 0xe8, 0x89, 0x89, 0xb9, 0x8b, 0x03, 0xcb, 0x5a, 0x23, - 0x1f, 0xa4, 0xfd, 0xb8, 0xea, 0xfb, 0x2e, 0x9d, 0xae, 0x6a, 0x73, 0x09, - 0xbc, 0xfc, 0xd5, 0xa0, 0xb5, 0x44, 0x82, 0xab, 0x44, 0x91, 0x2e, 0x50, - 0x2e, 0x57, 0xc1, 0x43, 0xd8, 0x91, 0x04, 0x8b, 0xe9, 0x11, 0x2e, 0x5f, - 0xb4, 0x3f, 0x79, 0xdf, 0x1e, 0xfb, 0x3f, 0x30, 0x00, 0x8b, 0x53, 0xe3, - 0xb7, 0x2c, 0x1d, 0x3b, 0x4d, 0x8b, 0xdc, 0xe4, 0x64, 0x1d, 0x04, 0x58, - 0x33, 0xaf, 0x1b, 0x55, 0xe7, 0xab, 0x0c, 0xbf, 0x30, 0x04, 0x74, 0xe4, - 0xf3, 0x0e, 0x2f, 0x30, 0x39, 0x8d, 0x4b, 0x04, 0x8c, 0x1e, 0x75, 0x66, - 0x66, 0x49, 0xe0, 0xbe, 0x40, 0x34, 0xc7, 0x5c, 0x5a, 0x51, 0x92, 0xba, - 0x12, 0x3c, 0x52, 0xd5, 0x04, 0x82, 0x55, 0x2d, 0x67, 0xa5, 0xdf, 0xb7, - 0x95, 0x7c, 0xee, 0x3f, 0xc3, 0x08, 0xba, 0x04, 0xbe, 0xc0, 0x46, -} - -var certSet2Cert15 = []byte{ - 0x30, 0x82, 0x04, 0x69, 0x30, 0x82, 0x03, 0x51, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x0b, 0x04, 0x00, 0x00, 0x00, 0x00, 0x01, 0x44, 0x4e, 0xf0, - 0x42, 0x47, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19, 0x30, 0x17, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10, 0x47, 0x6c, 0x6f, 0x62, 0x61, - 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, 0x73, 0x61, 0x31, - 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x07, 0x52, 0x6f, - 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x12, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, - 0x67, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, - 0x17, 0x0d, 0x31, 0x34, 0x30, 0x32, 0x32, 0x30, 0x31, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x32, 0x32, 0x30, 0x31, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x66, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19, 0x30, - 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, 0x73, 0x61, - 0x31, 0x3c, 0x30, 0x3a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x33, 0x47, - 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x4f, 0x72, - 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x56, - 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x43, 0x41, - 0x20, 0x2d, 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x2d, 0x20, - 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc7, - 0x0e, 0x6c, 0x3f, 0x23, 0x93, 0x7f, 0xcc, 0x70, 0xa5, 0x9d, 0x20, 0xc3, - 0x0e, 0x53, 0x3f, 0x7e, 0xc0, 0x4e, 0xc2, 0x98, 0x49, 0xca, 0x47, 0xd5, - 0x23, 0xef, 0x03, 0x34, 0x85, 0x74, 0xc8, 0xa3, 0x02, 0x2e, 0x46, 0x5c, - 0x0b, 0x7d, 0xc9, 0x88, 0x9d, 0x4f, 0x8b, 0xf0, 0xf8, 0x9c, 0x6c, 0x8c, - 0x55, 0x35, 0xdb, 0xbf, 0xf2, 0xb3, 0xea, 0xfb, 0xe3, 0x56, 0xe7, 0x4a, - 0x46, 0xd9, 0x13, 0x22, 0xca, 0x36, 0xd5, 0x9b, 0xc1, 0xa8, 0xe3, 0x96, - 0x43, 0x93, 0xf2, 0x0c, 0xbc, 0xe6, 0xf9, 0xe6, 0xe8, 0x99, 0xc8, 0x63, - 0x48, 0x78, 0x7f, 0x57, 0x36, 0x69, 0x1a, 0x19, 0x1d, 0x5a, 0xd1, 0xd4, - 0x7d, 0xc2, 0x9c, 0xd4, 0x7f, 0xe1, 0x80, 0x12, 0xae, 0x7a, 0xea, 0x88, - 0xea, 0x57, 0xd8, 0xca, 0x0a, 0x0a, 0x3a, 0x12, 0x49, 0xa2, 0x62, 0x19, - 0x7a, 0x0d, 0x24, 0xf7, 0x37, 0xeb, 0xb4, 0x73, 0x92, 0x7b, 0x05, 0x23, - 0x9b, 0x12, 0xb5, 0xce, 0xeb, 0x29, 0xdf, 0xa4, 0x14, 0x02, 0xb9, 0x01, - 0xa5, 0xd4, 0xa6, 0x9c, 0x43, 0x64, 0x88, 0xde, 0xf8, 0x7e, 0xfe, 0xe3, - 0xf5, 0x1e, 0xe5, 0xfe, 0xdc, 0xa3, 0xa8, 0xe4, 0x66, 0x31, 0xd9, 0x4c, - 0x25, 0xe9, 0x18, 0xb9, 0x89, 0x59, 0x09, 0xae, 0xe9, 0x9d, 0x1c, 0x6d, - 0x37, 0x0f, 0x4a, 0x1e, 0x35, 0x20, 0x28, 0xe2, 0xaf, 0xd4, 0x21, 0x8b, - 0x01, 0xc4, 0x45, 0xad, 0x6e, 0x2b, 0x63, 0xab, 0x92, 0x6b, 0x61, 0x0a, - 0x4d, 0x20, 0xed, 0x73, 0xba, 0x7c, 0xce, 0xfe, 0x16, 0xb5, 0xdb, 0x9f, - 0x80, 0xf0, 0xd6, 0x8b, 0x6c, 0xd9, 0x08, 0x79, 0x4a, 0x4f, 0x78, 0x65, - 0xda, 0x92, 0xbc, 0xbe, 0x35, 0xf9, 0xb3, 0xc4, 0xf9, 0x27, 0x80, 0x4e, - 0xff, 0x96, 0x52, 0xe6, 0x02, 0x20, 0xe1, 0x07, 0x73, 0xe9, 0x5d, 0x2b, - 0xbd, 0xb2, 0xf1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x25, - 0x30, 0x82, 0x01, 0x21, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, - 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x12, 0x06, 0x03, - 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, - 0xff, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, - 0x16, 0x04, 0x14, 0x96, 0xde, 0x61, 0xf1, 0xbd, 0x1c, 0x16, 0x29, 0x53, - 0x1c, 0xc0, 0xcc, 0x7d, 0x3b, 0x83, 0x00, 0x40, 0xe6, 0x1a, 0x7c, 0x30, - 0x47, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x40, 0x30, 0x3e, 0x30, 0x3c, - 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x34, 0x30, 0x32, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x26, 0x68, 0x74, - 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6c, - 0x6f, 0x62, 0x61, 0x6c, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, - 0x30, 0x33, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2c, 0x30, 0x2a, 0x30, - 0x28, 0xa0, 0x26, 0xa0, 0x24, 0x86, 0x22, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, - 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x72, 0x6f, 0x6f, - 0x74, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x3d, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x31, 0x30, 0x2f, 0x30, 0x2d, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x21, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, - 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x72, 0x6f, 0x6f, 0x74, 0x72, 0x31, 0x30, 0x1f, 0x06, 0x03, - 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x60, 0x7b, 0x66, - 0x1a, 0x45, 0x0d, 0x97, 0xca, 0x89, 0x50, 0x2f, 0x7d, 0x04, 0xcd, 0x34, - 0xa8, 0xff, 0xfc, 0xfd, 0x4b, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, - 0x00, 0x46, 0x2a, 0xee, 0x5e, 0xbd, 0xae, 0x01, 0x60, 0x37, 0x31, 0x11, - 0x86, 0x71, 0x74, 0xb6, 0x46, 0x49, 0xc8, 0x10, 0x16, 0xfe, 0x2f, 0x62, - 0x23, 0x17, 0xab, 0x1f, 0x87, 0xf8, 0x82, 0xed, 0xca, 0xdf, 0x0e, 0x2c, - 0xdf, 0x64, 0x75, 0x8e, 0xe5, 0x18, 0x72, 0xa7, 0x8c, 0x3a, 0x8b, 0xc9, - 0xac, 0xa5, 0x77, 0x50, 0xf7, 0xef, 0x9e, 0xa4, 0xe0, 0xa0, 0x8f, 0x14, - 0x57, 0xa3, 0x2a, 0x5f, 0xec, 0x7e, 0x6d, 0x10, 0xe6, 0xba, 0x8d, 0xb0, - 0x08, 0x87, 0x76, 0x0e, 0x4c, 0xb2, 0xd9, 0x51, 0xbb, 0x11, 0x02, 0xf2, - 0x5c, 0xdd, 0x1c, 0xbd, 0xf3, 0x55, 0x96, 0x0f, 0xd4, 0x06, 0xc0, 0xfc, - 0xe2, 0x23, 0x8a, 0x24, 0x70, 0xd3, 0xbb, 0xf0, 0x79, 0x1a, 0xa7, 0x61, - 0x70, 0x83, 0x8a, 0xaf, 0x06, 0xc5, 0x20, 0xd8, 0xa1, 0x63, 0xd0, 0x6c, - 0xae, 0x4f, 0x32, 0xd7, 0xae, 0x7c, 0x18, 0x45, 0x75, 0x05, 0x29, 0x77, - 0xdf, 0x42, 0x40, 0x64, 0x64, 0x86, 0xbe, 0x2a, 0x76, 0x09, 0x31, 0x6f, - 0x1d, 0x24, 0xf4, 0x99, 0xd0, 0x85, 0xfe, 0xf2, 0x21, 0x08, 0xf9, 0xc6, - 0xf6, 0xf1, 0xd0, 0x59, 0xed, 0xd6, 0x56, 0x3c, 0x08, 0x28, 0x03, 0x67, - 0xba, 0xf0, 0xf9, 0xf1, 0x90, 0x16, 0x47, 0xae, 0x67, 0xe6, 0xbc, 0x80, - 0x48, 0xe9, 0x42, 0x76, 0x34, 0x97, 0x55, 0x69, 0x24, 0x0e, 0x83, 0xd6, - 0xa0, 0x2d, 0xb4, 0xf5, 0xf3, 0x79, 0x8a, 0x49, 0x28, 0x74, 0x1a, 0x41, - 0xa1, 0xc2, 0xd3, 0x24, 0x88, 0x35, 0x30, 0x60, 0x94, 0x17, 0xb4, 0xe1, - 0x04, 0x22, 0x31, 0x3d, 0x3b, 0x2f, 0x17, 0x06, 0xb2, 0xb8, 0x9d, 0x86, - 0x2b, 0x5a, 0x69, 0xef, 0x83, 0xf5, 0x4b, 0xc4, 0xaa, 0xb4, 0x2a, 0xf8, - 0x7c, 0xa1, 0xb1, 0x85, 0x94, 0x8c, 0xf4, 0x0c, 0x87, 0x0c, 0xf4, 0xac, - 0x40, 0xf8, 0x59, 0x49, 0x98, -} - -var certSet2Cert16 = []byte{ - 0x30, 0x82, 0x04, 0x6c, 0x30, 0x82, 0x03, 0x54, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x4d, 0x5f, 0x2c, 0x34, 0x08, 0xb2, 0x4c, 0x20, 0xcd, - 0x6d, 0x50, 0x7e, 0x24, 0x4d, 0xc9, 0xec, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, - 0xa9, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, - 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, 0x38, 0x30, 0x36, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, - 0x30, 0x36, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, - 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x16, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, - 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x30, 0x32, 0x30, 0x38, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x30, - 0x32, 0x30, 0x37, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x3c, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, - 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0d, 0x54, - 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x99, 0xe4, 0x85, - 0x5b, 0x76, 0x49, 0x7d, 0x2f, 0x05, 0xd8, 0xc5, 0xac, 0xc8, 0xc8, 0xa9, - 0xd3, 0xdc, 0x98, 0xe6, 0xd7, 0x34, 0xa6, 0x2f, 0x0c, 0xf2, 0x22, 0x26, - 0xd8, 0xa3, 0xc9, 0x14, 0x4c, 0x8f, 0x05, 0xa4, 0x45, 0xe8, 0x14, 0x0c, - 0x58, 0x90, 0x05, 0x1a, 0xb7, 0xc5, 0xc1, 0x06, 0xa5, 0x80, 0xaf, 0xbb, - 0x1d, 0x49, 0x6b, 0x52, 0x34, 0x88, 0xc3, 0x59, 0xe7, 0xef, 0x6b, 0xc4, - 0x27, 0x41, 0x8c, 0x2b, 0x66, 0x1d, 0xd0, 0xe0, 0xa3, 0x97, 0x98, 0x19, - 0x34, 0x4b, 0x41, 0xd5, 0x98, 0xd5, 0xc7, 0x05, 0xad, 0xa2, 0xe4, 0xd7, - 0xed, 0x0c, 0xad, 0x4f, 0xc1, 0xb5, 0xb0, 0x21, 0xfd, 0x3e, 0x50, 0x53, - 0xb2, 0xc4, 0x90, 0xd0, 0xd4, 0x30, 0x67, 0x6c, 0x9a, 0xf1, 0x0e, 0x74, - 0xc4, 0xc2, 0xdc, 0x8a, 0xe8, 0x97, 0xff, 0xc9, 0x92, 0xae, 0x01, 0x8a, - 0x56, 0x0a, 0x98, 0x32, 0xb0, 0x00, 0x23, 0xec, 0x90, 0x1a, 0x60, 0xc3, - 0xed, 0xbb, 0x3a, 0xcb, 0x0f, 0x63, 0x9f, 0x0d, 0x44, 0xc9, 0x52, 0xe1, - 0x25, 0x96, 0xbf, 0xed, 0x50, 0x95, 0x89, 0x7f, 0x56, 0x14, 0xb1, 0xb7, - 0x61, 0x1d, 0x1c, 0x07, 0x8c, 0x3a, 0x2c, 0xf7, 0xff, 0x80, 0xde, 0x39, - 0x45, 0xd5, 0xaf, 0x1a, 0xd1, 0x78, 0xd8, 0xc7, 0x71, 0x6a, 0xa3, 0x19, - 0xa7, 0x32, 0x50, 0x21, 0xe9, 0xf2, 0x0e, 0xa1, 0xc6, 0x13, 0x03, 0x44, - 0x48, 0xd1, 0x66, 0xa8, 0x52, 0x57, 0xd7, 0x11, 0xb4, 0x93, 0x8b, 0xe5, - 0x99, 0x9f, 0x5d, 0xe7, 0x78, 0x51, 0xe5, 0x4d, 0xf6, 0xb7, 0x59, 0xb4, - 0x76, 0xb5, 0x09, 0x37, 0x4d, 0x06, 0x38, 0x13, 0x7a, 0x1c, 0x08, 0x98, - 0x5c, 0xc4, 0x48, 0x4a, 0xcb, 0x52, 0xa0, 0xa9, 0xf8, 0xb1, 0x9d, 0x8e, - 0x7b, 0x79, 0xb0, 0x20, 0x2f, 0x3c, 0x96, 0xa8, 0x11, 0x62, 0x47, 0xbb, - 0x11, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xfb, 0x30, 0x81, 0xf8, - 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, - 0x04, 0x26, 0x30, 0x24, 0x30, 0x22, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x30, 0x01, 0x86, 0x16, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, - 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, - 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, - 0x30, 0x34, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2d, 0x30, 0x2b, 0x30, - 0x29, 0xa0, 0x27, 0xa0, 0x25, 0x86, 0x23, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x50, - 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x28, - 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x21, 0x30, 0x1f, 0xa4, 0x1d, 0x30, - 0x1b, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x10, - 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x4d, 0x50, 0x4b, 0x49, - 0x2d, 0x32, 0x2d, 0x39, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, - 0x16, 0x04, 0x14, 0xa7, 0xa2, 0x83, 0xbb, 0x34, 0x45, 0x40, 0x3d, 0xfc, - 0xd5, 0x30, 0x4f, 0x12, 0xb9, 0x3e, 0xa1, 0x01, 0x9f, 0xf6, 0xdb, 0x30, - 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, - 0x7b, 0x5b, 0x45, 0xcf, 0xaf, 0xce, 0xcb, 0x7a, 0xfd, 0x31, 0x92, 0x1a, - 0x6a, 0xb6, 0xf3, 0x46, 0xeb, 0x57, 0x48, 0x50, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x80, 0x22, 0x80, 0xe0, 0x6c, 0xc8, 0x95, 0x16, - 0xd7, 0x57, 0x26, 0x87, 0xf3, 0x72, 0x34, 0xdb, 0xc6, 0x72, 0x56, 0x27, - 0x3e, 0xd3, 0x96, 0xf6, 0x2e, 0x25, 0x91, 0xa5, 0x3e, 0x33, 0x97, 0xa7, - 0x4b, 0xe5, 0x2f, 0xfb, 0x25, 0x7d, 0x2f, 0x07, 0x61, 0xfa, 0x6f, 0x83, - 0x74, 0x4c, 0x4c, 0x53, 0x72, 0x20, 0xa4, 0x7a, 0xcf, 0x51, 0x51, 0x56, - 0x81, 0x88, 0xb0, 0x6d, 0x1f, 0x36, 0x2c, 0xc8, 0x2b, 0xb1, 0x88, 0x99, - 0xc1, 0xfe, 0x44, 0xab, 0x48, 0x51, 0x7c, 0xd8, 0xf2, 0x44, 0x64, 0x2a, - 0xd8, 0x71, 0xa7, 0xfb, 0x1a, 0x2f, 0xf9, 0x19, 0x8d, 0x34, 0xb2, 0x23, - 0xbf, 0xc4, 0x4c, 0x55, 0x1d, 0x8e, 0x44, 0xe8, 0xaa, 0x5d, 0x9a, 0xdd, - 0x9f, 0xfd, 0x03, 0xc7, 0xba, 0x24, 0x43, 0x8d, 0x2d, 0x47, 0x44, 0xdb, - 0xf6, 0xd8, 0x98, 0xc8, 0xb2, 0xf9, 0xda, 0xef, 0xed, 0x29, 0x5c, 0x69, - 0x12, 0xfa, 0xd1, 0x23, 0x96, 0x0f, 0xbf, 0x9c, 0x0d, 0xf2, 0x79, 0x45, - 0x53, 0x37, 0x9a, 0x56, 0x2f, 0xe8, 0x57, 0x10, 0x70, 0xf6, 0xee, 0x89, - 0x0c, 0x49, 0x89, 0x9a, 0xc1, 0x23, 0xf5, 0xc2, 0x2a, 0xcc, 0x41, 0xcf, - 0x22, 0xab, 0x65, 0x6e, 0xb7, 0x94, 0x82, 0x6d, 0x2f, 0x40, 0x5f, 0x58, - 0xde, 0xeb, 0x95, 0x2b, 0xa6, 0x72, 0x68, 0x52, 0x19, 0x91, 0x2a, 0xae, - 0x75, 0x9d, 0x4e, 0x92, 0xe6, 0xca, 0xde, 0x54, 0xea, 0x18, 0xab, 0x25, - 0x3c, 0xe6, 0x64, 0xa6, 0x79, 0x1f, 0x26, 0x7d, 0x61, 0xed, 0x7d, 0xd2, - 0xe5, 0x71, 0x55, 0xd8, 0x93, 0x17, 0x7c, 0x14, 0x38, 0x30, 0x3c, 0xdf, - 0x86, 0xe3, 0x4c, 0xad, 0x49, 0xe3, 0x97, 0x59, 0xce, 0x1b, 0x9b, 0x2b, - 0xce, 0xdc, 0x65, 0xd4, 0x0b, 0x28, 0x6b, 0x4e, 0x84, 0x46, 0x51, 0x44, - 0xf7, 0x33, 0x08, 0x2d, 0x58, 0x97, 0x21, 0xae, -} - -var certSet2Cert17 = []byte{ - 0x30, 0x82, 0x04, 0x6e, 0x30, 0x82, 0x03, 0x56, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x6e, 0x8a, 0x90, 0xeb, 0xcf, 0xf0, 0x44, 0x8a, 0x72, - 0x0d, 0x08, 0x05, 0xd0, 0x82, 0xa5, 0x44, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x58, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, - 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x31, 0x30, 0x2f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x28, - 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x50, 0x72, 0x69, - 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x30, - 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, - 0x33, 0x31, 0x30, 0x33, 0x30, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, - 0x30, 0x47, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x17, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, - 0x56, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, - 0x34, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, - 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd9, 0xb4, - 0x05, 0xf2, 0x38, 0x67, 0x0f, 0x09, 0xe7, 0x7c, 0xf5, 0x63, 0x2a, 0xe5, - 0xb9, 0x5e, 0xa8, 0x11, 0xae, 0x75, 0x71, 0xd9, 0x4c, 0x84, 0x67, 0xad, - 0x89, 0x5d, 0xfc, 0x28, 0x3d, 0x2a, 0xb0, 0xa5, 0xd5, 0xd4, 0xe6, 0x30, - 0x0a, 0x84, 0xd4, 0xe4, 0x18, 0xcb, 0x85, 0x37, 0xc5, 0x46, 0x71, 0xeb, - 0x1c, 0x7b, 0x69, 0xdb, 0x65, 0x69, 0x8c, 0x30, 0x05, 0x3e, 0x07, 0xe1, - 0x6f, 0x3c, 0xc1, 0x0b, 0x61, 0xe6, 0x38, 0x44, 0xfc, 0xbc, 0x8c, 0x2f, - 0x4e, 0x75, 0x57, 0xf5, 0x96, 0x99, 0x7c, 0x3e, 0x87, 0x1f, 0x0f, 0x90, - 0x4b, 0x70, 0xc3, 0x3f, 0x39, 0x45, 0x3b, 0x3a, 0x6b, 0xcb, 0xbb, 0x7b, - 0x40, 0x54, 0xd1, 0x8b, 0x4b, 0xa1, 0x72, 0xd2, 0x04, 0xe9, 0xe0, 0x72, - 0x1a, 0x93, 0x11, 0x7a, 0x2f, 0xf1, 0xab, 0x9d, 0x9c, 0x98, 0x58, 0xae, - 0x2c, 0xea, 0x77, 0x5f, 0x2f, 0x2e, 0x87, 0xaf, 0xb8, 0x6b, 0xe3, 0xe2, - 0xe2, 0x3f, 0xd6, 0x3d, 0xe0, 0x96, 0x44, 0xdf, 0x11, 0x55, 0x63, 0x52, - 0x2f, 0xf4, 0x26, 0x78, 0xc4, 0x0f, 0x20, 0x4d, 0x0a, 0xc0, 0x68, 0x70, - 0x15, 0x86, 0x38, 0xee, 0xb7, 0x76, 0x88, 0xab, 0x18, 0x8f, 0x4f, 0x35, - 0x1e, 0xd4, 0x8c, 0xc9, 0xdb, 0x7e, 0x3d, 0x44, 0xd4, 0x36, 0x8c, 0xc1, - 0x37, 0xb5, 0x59, 0x5b, 0x87, 0xf9, 0xe9, 0xf1, 0xd4, 0xc5, 0x28, 0xbd, - 0x1d, 0xdc, 0xcc, 0x96, 0x72, 0xd1, 0x7a, 0xa1, 0xa7, 0x20, 0xb5, 0xb8, - 0xaf, 0xf8, 0x6e, 0xa5, 0x60, 0x7b, 0x2b, 0x8d, 0x1f, 0xee, 0xf4, 0x2b, - 0xd6, 0x69, 0xcd, 0xaf, 0xca, 0x80, 0x58, 0x29, 0xe8, 0x4c, 0x00, 0x20, - 0x8a, 0x49, 0x0a, 0x6e, 0x8e, 0x8c, 0xa8, 0xd1, 0x00, 0x12, 0x84, 0xb6, - 0xc5, 0xe2, 0x95, 0xa2, 0xc0, 0x3b, 0xa4, 0x6b, 0xf0, 0x82, 0xd0, 0x96, - 0x5d, 0x25, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, - 0x82, 0x01, 0x3f, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, - 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, - 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, - 0x02, 0x01, 0x06, 0x30, 0x2f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x01, 0x01, 0x04, 0x23, 0x30, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x13, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x32, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x47, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, - 0x40, 0x30, 0x3e, 0x30, 0x3c, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, - 0x34, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, - 0x01, 0x16, 0x26, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, - 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x34, 0x06, 0x03, 0x55, 0x1d, 0x1f, - 0x04, 0x2d, 0x30, 0x2b, 0x30, 0x29, 0xa0, 0x27, 0xa0, 0x25, 0x86, 0x23, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x31, 0x2e, 0x73, 0x79, - 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x47, 0x65, 0x6f, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x50, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, 0x30, - 0x29, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x22, 0x30, 0x20, 0xa4, 0x1e, - 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x11, 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, 0x50, 0x4b, 0x49, - 0x2d, 0x31, 0x2d, 0x35, 0x33, 0x38, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, - 0x0e, 0x04, 0x16, 0x04, 0x14, 0xde, 0xcf, 0x5c, 0x50, 0xb7, 0xae, 0x02, - 0x1f, 0x15, 0x17, 0xaa, 0x16, 0xe8, 0x0d, 0xb5, 0x28, 0x9d, 0x6a, 0x5a, - 0xf3, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, - 0x80, 0x14, 0x2c, 0xd5, 0x50, 0x41, 0x97, 0x15, 0x8b, 0xf0, 0x8f, 0x36, - 0x61, 0x5b, 0x4a, 0xfb, 0x6b, 0xd9, 0x99, 0xc9, 0x33, 0x92, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xb4, 0x8e, 0xbd, 0x07, 0xb9, 0x9a, - 0x85, 0xec, 0x3b, 0x67, 0xbd, 0x07, 0x60, 0x61, 0xe6, 0x84, 0xd1, 0xd4, - 0xef, 0xeb, 0x1b, 0xba, 0x0b, 0x82, 0x4b, 0x95, 0x64, 0xb6, 0x66, 0x53, - 0x23, 0xbd, 0xb7, 0x84, 0xdd, 0xe4, 0x7b, 0x8d, 0x09, 0xda, 0xcf, 0xb2, - 0xf5, 0xf1, 0xc3, 0xbf, 0x87, 0x84, 0xbe, 0x4e, 0xa6, 0xa8, 0xc2, 0xe7, - 0x12, 0x39, 0x28, 0x34, 0xe0, 0xa4, 0x56, 0x44, 0x40, 0x0c, 0x9f, 0x88, - 0xa3, 0x15, 0xd3, 0xe8, 0xd3, 0x5e, 0xe3, 0x1c, 0x04, 0x60, 0xfb, 0x69, - 0x36, 0x4f, 0x6a, 0x7e, 0x0c, 0x2a, 0x28, 0xc1, 0xf3, 0xaa, 0x58, 0x0e, - 0x6c, 0xce, 0x1d, 0x07, 0xc3, 0x4a, 0xc0, 0x9c, 0x8d, 0xc3, 0x74, 0xb1, - 0xae, 0x82, 0xf0, 0x1a, 0xe1, 0xf9, 0x4e, 0x29, 0xbd, 0x46, 0xde, 0xb7, - 0x1d, 0xf9, 0x7d, 0xdb, 0xd9, 0x0f, 0x84, 0xcb, 0x92, 0x45, 0xcc, 0x1c, - 0xb3, 0x18, 0xf6, 0xa0, 0xcf, 0x71, 0x6f, 0x0c, 0x2e, 0x9b, 0xd2, 0x2d, - 0xb3, 0x99, 0x93, 0x83, 0x44, 0xac, 0x15, 0xaa, 0x9b, 0x2e, 0x67, 0xec, - 0x4f, 0x88, 0x69, 0x05, 0x56, 0x7b, 0x8b, 0xb2, 0x43, 0xa9, 0x3a, 0x6c, - 0x1c, 0x13, 0x33, 0x25, 0x1b, 0xfd, 0xa8, 0xc8, 0x57, 0x02, 0xfb, 0x1c, - 0xe0, 0xd1, 0xbd, 0x3b, 0x56, 0x44, 0x65, 0xc3, 0x63, 0xf5, 0x1b, 0xef, - 0xec, 0x30, 0xd9, 0xe3, 0x6e, 0x2e, 0x13, 0xe9, 0x39, 0x08, 0x2a, 0x0c, - 0x72, 0xf3, 0x9a, 0xcc, 0xf6, 0x27, 0x29, 0x84, 0xd3, 0xef, 0x4c, 0xc7, - 0x84, 0x11, 0x65, 0x1f, 0xc6, 0xe3, 0x81, 0x03, 0xdb, 0x87, 0xcc, 0x78, - 0xf7, 0xb5, 0x9d, 0x96, 0x3e, 0x6a, 0x7f, 0xbc, 0x11, 0x85, 0x7a, 0x75, - 0xe6, 0x41, 0x7d, 0x0d, 0xcf, 0xf9, 0xe5, 0x85, 0x69, 0x25, 0x8f, 0xc7, - 0x8d, 0x07, 0x2d, 0xf8, 0x69, 0x0f, 0xcb, 0x41, 0x53, 0x00, -} - -var certSet2Cert18 = []byte{ - 0x30, 0x82, 0x04, 0x7d, 0x30, 0x82, 0x03, 0x65, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x1b, 0xe7, 0x15, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x63, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x18, 0x54, - 0x68, 0x65, 0x20, 0x47, 0x6f, 0x20, 0x44, 0x61, 0x64, 0x64, 0x79, 0x20, - 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, - 0x31, 0x30, 0x2f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x28, 0x47, 0x6f, - 0x20, 0x44, 0x61, 0x64, 0x64, 0x79, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, - 0x20, 0x32, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x31, 0x30, 0x31, - 0x30, 0x37, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x31, 0x30, - 0x35, 0x33, 0x30, 0x30, 0x37, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, - 0x83, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, - 0x07, 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31, 0x13, 0x30, 0x11, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63, 0x6f, 0x74, 0x74, - 0x73, 0x64, 0x61, 0x6c, 0x65, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x13, 0x11, 0x47, 0x6f, 0x44, 0x61, 0x64, 0x64, 0x79, 0x2e, - 0x63, 0x6f, 0x6d, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x31, 0x30, - 0x2f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x28, 0x47, 0x6f, 0x20, 0x44, - 0x61, 0x64, 0x64, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x32, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0x71, 0x62, - 0x08, 0xf1, 0xfa, 0x59, 0x34, 0xf7, 0x1b, 0xc9, 0x18, 0xa3, 0xf7, 0x80, - 0x49, 0x58, 0xe9, 0x22, 0x83, 0x13, 0xa6, 0xc5, 0x20, 0x43, 0x01, 0x3b, - 0x84, 0xf1, 0xe6, 0x85, 0x49, 0x9f, 0x27, 0xea, 0xf6, 0x84, 0x1b, 0x4e, - 0xa0, 0xb4, 0xdb, 0x70, 0x98, 0xc7, 0x32, 0x01, 0xb1, 0x05, 0x3e, 0x07, - 0x4e, 0xee, 0xf4, 0xfa, 0x4f, 0x2f, 0x59, 0x30, 0x22, 0xe7, 0xab, 0x19, - 0x56, 0x6b, 0xe2, 0x80, 0x07, 0xfc, 0xf3, 0x16, 0x75, 0x80, 0x39, 0x51, - 0x7b, 0xe5, 0xf9, 0x35, 0xb6, 0x74, 0x4e, 0xa9, 0x8d, 0x82, 0x13, 0xe4, - 0xb6, 0x3f, 0xa9, 0x03, 0x83, 0xfa, 0xa2, 0xbe, 0x8a, 0x15, 0x6a, 0x7f, - 0xde, 0x0b, 0xc3, 0xb6, 0x19, 0x14, 0x05, 0xca, 0xea, 0xc3, 0xa8, 0x04, - 0x94, 0x3b, 0x46, 0x7c, 0x32, 0x0d, 0xf3, 0x00, 0x66, 0x22, 0xc8, 0x8d, - 0x69, 0x6d, 0x36, 0x8c, 0x11, 0x18, 0xb7, 0xd3, 0xb2, 0x1c, 0x60, 0xb4, - 0x38, 0xfa, 0x02, 0x8c, 0xce, 0xd3, 0xdd, 0x46, 0x07, 0xde, 0x0a, 0x3e, - 0xeb, 0x5d, 0x7c, 0xc8, 0x7c, 0xfb, 0xb0, 0x2b, 0x53, 0xa4, 0x92, 0x62, - 0x69, 0x51, 0x25, 0x05, 0x61, 0x1a, 0x44, 0x81, 0x8c, 0x2c, 0xa9, 0x43, - 0x96, 0x23, 0xdf, 0xac, 0x3a, 0x81, 0x9a, 0x0e, 0x29, 0xc5, 0x1c, 0xa9, - 0xe9, 0x5d, 0x1e, 0xb6, 0x9e, 0x9e, 0x30, 0x0a, 0x39, 0xce, 0xf1, 0x88, - 0x80, 0xfb, 0x4b, 0x5d, 0xcc, 0x32, 0xec, 0x85, 0x62, 0x43, 0x25, 0x34, - 0x02, 0x56, 0x27, 0x01, 0x91, 0xb4, 0x3b, 0x70, 0x2a, 0x3f, 0x6e, 0xb1, - 0xe8, 0x9c, 0x88, 0x01, 0x7d, 0x9f, 0xd4, 0xf9, 0xdb, 0x53, 0x6d, 0x60, - 0x9d, 0xbf, 0x2c, 0xe7, 0x58, 0xab, 0xb8, 0x5f, 0x46, 0xfc, 0xce, 0xc4, - 0x1b, 0x03, 0x3c, 0x09, 0xeb, 0x49, 0x31, 0x5c, 0x69, 0x46, 0xb3, 0xe0, - 0x47, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x17, 0x30, 0x82, - 0x01, 0x13, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, - 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3a, 0x9a, - 0x85, 0x07, 0x10, 0x67, 0x28, 0xb6, 0xef, 0xf6, 0xbd, 0x05, 0x41, 0x6e, - 0x20, 0xc1, 0x94, 0xda, 0x0f, 0xde, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xd2, 0xc4, 0xb0, 0xd2, 0x91, - 0xd4, 0x4c, 0x11, 0x71, 0xb3, 0x61, 0xcb, 0x3d, 0xa1, 0xfe, 0xdd, 0xa8, - 0x6a, 0xd4, 0xe3, 0x30, 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x01, 0x01, 0x04, 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x6f, 0x64, - 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x30, 0x32, 0x06, - 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2b, 0x30, 0x29, 0x30, 0x27, 0xa0, 0x25, - 0xa0, 0x23, 0x86, 0x21, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, - 0x72, 0x6c, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x67, 0x64, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x72, - 0x6c, 0x30, 0x46, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3f, 0x30, 0x3d, - 0x30, 0x3b, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x33, 0x30, 0x31, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, - 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, - 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, - 0x2f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x59, 0x0b, 0x53, - 0xbd, 0x92, 0x86, 0x11, 0xa7, 0x24, 0x7b, 0xed, 0x5b, 0x31, 0xcf, 0x1d, - 0x1f, 0x6c, 0x70, 0xc5, 0xb8, 0x6e, 0xbe, 0x4e, 0xbb, 0xf6, 0xbe, 0x97, - 0x50, 0xe1, 0x30, 0x7f, 0xba, 0x28, 0x5c, 0x62, 0x94, 0xc2, 0xe3, 0x7e, - 0x33, 0xf7, 0xfb, 0x42, 0x76, 0x85, 0xdb, 0x95, 0x1c, 0x8c, 0x22, 0x58, - 0x75, 0x09, 0x0c, 0x88, 0x65, 0x67, 0x39, 0x0a, 0x16, 0x09, 0xc5, 0xa0, - 0x38, 0x97, 0xa4, 0xc5, 0x23, 0x93, 0x3f, 0xb4, 0x18, 0xa6, 0x01, 0x06, - 0x44, 0x91, 0xe3, 0xa7, 0x69, 0x27, 0xb4, 0x5a, 0x25, 0x7f, 0x3a, 0xb7, - 0x32, 0xcd, 0xdd, 0x84, 0xff, 0x2a, 0x38, 0x29, 0x33, 0xa4, 0xdd, 0x67, - 0xb2, 0x85, 0xfe, 0xa1, 0x88, 0x20, 0x1c, 0x50, 0x89, 0xc8, 0xdc, 0x2a, - 0xf6, 0x42, 0x03, 0x37, 0x4c, 0xe6, 0x88, 0xdf, 0xd5, 0xaf, 0x24, 0xf2, - 0xb1, 0xc3, 0xdf, 0xcc, 0xb5, 0xec, 0xe0, 0x99, 0x5e, 0xb7, 0x49, 0x54, - 0x20, 0x3c, 0x94, 0x18, 0x0c, 0xc7, 0x1c, 0x52, 0x18, 0x49, 0xa4, 0x6d, - 0xe1, 0xb3, 0x58, 0x0b, 0xc9, 0xd8, 0xec, 0xd9, 0xae, 0x1c, 0x32, 0x8e, - 0x28, 0x70, 0x0d, 0xe2, 0xfe, 0xa6, 0x17, 0x9e, 0x84, 0x0f, 0xbd, 0x57, - 0x70, 0xb3, 0x5a, 0xe9, 0x1f, 0xa0, 0x86, 0x53, 0xbb, 0xef, 0x7c, 0xff, - 0x69, 0x0b, 0xe0, 0x48, 0xc3, 0xb7, 0x93, 0x0b, 0xc8, 0x0a, 0x54, 0xc4, - 0xac, 0x5d, 0x14, 0x67, 0x37, 0x6c, 0xca, 0xa5, 0x2f, 0x31, 0x08, 0x37, - 0xaa, 0x6e, 0x6f, 0x8c, 0xbc, 0x9b, 0xe2, 0x57, 0x5d, 0x24, 0x81, 0xaf, - 0x97, 0x97, 0x9c, 0x84, 0xad, 0x6c, 0xac, 0x37, 0x4c, 0x66, 0xf3, 0x61, - 0x91, 0x11, 0x20, 0xe4, 0xbe, 0x30, 0x9f, 0x7a, 0xa4, 0x29, 0x09, 0xb0, - 0xe1, 0x34, 0x5f, 0x64, 0x77, 0x18, 0x40, 0x51, 0xdf, 0x8c, 0x30, 0xa6, - 0xaf, -} - -var certSet2Cert19 = []byte{ - 0x30, 0x82, 0x04, 0x8f, 0x30, 0x82, 0x03, 0x77, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x06, 0x9e, 0x1d, 0xb7, 0x7f, 0xcf, 0x1d, 0xfb, 0xa9, - 0x7a, 0xf5, 0xe5, 0xc9, 0xa2, 0x40, 0x37, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x61, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, - 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, - 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x10, 0x77, - 0x77, 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x17, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x47, - 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, - 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x30, 0x33, 0x30, 0x38, 0x31, - 0x32, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x33, - 0x30, 0x38, 0x31, 0x32, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x48, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x44, - 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x31, - 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x44, 0x69, - 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, - 0x65, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, 0x30, - 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, - 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbb, 0x57, 0xe4, 0x21, - 0xa9, 0xd5, 0x9b, 0x60, 0x37, 0x7e, 0x8e, 0xa1, 0x61, 0x7f, 0x81, 0xe2, - 0x1a, 0xc2, 0x75, 0x64, 0xd9, 0x91, 0x50, 0x0b, 0xe4, 0x36, 0x44, 0x24, - 0x6e, 0x30, 0xd2, 0x9b, 0x7a, 0x27, 0xfa, 0xc2, 0x6a, 0xae, 0x6a, 0x70, - 0x09, 0x38, 0xb9, 0x20, 0x0a, 0xc8, 0x65, 0x10, 0x4a, 0x88, 0xac, 0x31, - 0xf2, 0xdc, 0x92, 0xf2, 0x63, 0xa1, 0x5d, 0x80, 0x63, 0x59, 0x80, 0x92, - 0x23, 0x1c, 0xe6, 0xef, 0x76, 0x4a, 0x50, 0x35, 0xc9, 0xd8, 0x71, 0x38, - 0xb9, 0xed, 0xf0, 0xe6, 0x42, 0xae, 0xd3, 0x38, 0x26, 0x79, 0x30, 0xf9, - 0x22, 0x94, 0xc6, 0xdb, 0xa6, 0x3f, 0x41, 0x78, 0x90, 0xd8, 0xde, 0x5c, - 0x7e, 0x69, 0x7d, 0xf8, 0x90, 0x15, 0x3a, 0xd0, 0xa1, 0xa0, 0xbe, 0xfa, - 0xb2, 0xb2, 0x19, 0xa1, 0xd8, 0x2b, 0xd1, 0xce, 0xbf, 0x6b, 0xdd, 0x49, - 0xab, 0xa3, 0x92, 0xfe, 0xb5, 0xab, 0xc8, 0xc1, 0x3e, 0xee, 0x01, 0x00, - 0xd8, 0xa9, 0x44, 0xb8, 0x42, 0x73, 0x88, 0xc3, 0x61, 0xf5, 0xab, 0x4a, - 0x83, 0x28, 0x0a, 0xd2, 0xd4, 0x49, 0xfa, 0x6a, 0xb1, 0xcd, 0xdf, 0x57, - 0x2c, 0x94, 0xe5, 0xe2, 0xca, 0x83, 0x5f, 0xb7, 0xba, 0x62, 0x5c, 0x2f, - 0x68, 0xa5, 0xf0, 0xc0, 0xb9, 0xfd, 0x2b, 0xd1, 0xe9, 0x1f, 0xd8, 0x1a, - 0x62, 0x15, 0xbd, 0xff, 0x3d, 0xa6, 0xf7, 0xcb, 0xef, 0xe6, 0xdb, 0x65, - 0x2f, 0x25, 0x38, 0xec, 0xfb, 0xe6, 0x20, 0x66, 0x58, 0x96, 0x34, 0x19, - 0xd2, 0x15, 0xce, 0x21, 0xd3, 0x24, 0xcc, 0xd9, 0x14, 0x6f, 0xd8, 0xfe, - 0x55, 0xc7, 0xe7, 0x6f, 0xb6, 0x0f, 0x1a, 0x8c, 0x49, 0xbe, 0x29, 0xf2, - 0xba, 0x5a, 0x9a, 0x81, 0x26, 0x37, 0x24, 0x6f, 0xd7, 0x48, 0x12, 0x6c, - 0x2e, 0x59, 0xf5, 0x9c, 0x18, 0xbb, 0xd9, 0xf6, 0x68, 0xe2, 0xdf, 0x45, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x5a, 0x30, 0x82, 0x01, - 0x56, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, - 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, - 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, - 0x86, 0x30, 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, - 0x01, 0x04, 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, - 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x7b, 0x06, 0x03, 0x55, - 0x1d, 0x1f, 0x04, 0x74, 0x30, 0x72, 0x30, 0x37, 0xa0, 0x35, 0xa0, 0x33, - 0x86, 0x31, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, - 0x33, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x47, - 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x41, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x37, 0xa0, 0x35, 0xa0, 0x33, 0x86, 0x31, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x34, 0x2e, 0x64, - 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, - 0x30, 0x3d, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x36, 0x30, 0x34, 0x30, - 0x32, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x2a, 0x30, 0x28, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1c, 0x68, - 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x64, - 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x43, 0x50, 0x53, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, - 0x04, 0x14, 0x90, 0x71, 0xdb, 0x37, 0xeb, 0x73, 0xc8, 0xef, 0xdc, 0xd5, - 0x1e, 0x12, 0xb6, 0x34, 0xba, 0x2b, 0x5a, 0xa0, 0xa6, 0x92, 0x30, 0x1f, - 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x03, - 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, 0x66, 0xf0, 0xa3, 0xe2, 0x1b, - 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x01, 0x00, 0x30, 0xce, 0xd1, 0x95, 0x51, 0x00, 0xae, 0x06, 0x0b, - 0xa1, 0x0e, 0x02, 0xc0, 0x17, 0xac, 0xb6, 0x7f, 0x8f, 0x20, 0xf6, 0x40, - 0x75, 0x74, 0x1c, 0xcc, 0x78, 0xb1, 0xa4, 0x4f, 0xea, 0xf4, 0xd0, 0xc4, - 0x9d, 0xa2, 0xde, 0x81, 0x07, 0x26, 0x1f, 0x40, 0x88, 0x51, 0xf0, 0x1f, - 0xcf, 0xb7, 0x4c, 0x40, 0x99, 0xd0, 0xf4, 0x3c, 0x71, 0x98, 0x73, 0x88, - 0x97, 0x2c, 0x19, 0xd7, 0x6e, 0x84, 0x8f, 0xa4, 0x1f, 0x9c, 0x5a, 0x20, - 0xe3, 0x51, 0x5c, 0xb0, 0xc5, 0x9e, 0x99, 0x6a, 0x4f, 0xc8, 0x69, 0xf7, - 0x10, 0xff, 0x4e, 0xad, 0x19, 0xd9, 0xc9, 0x58, 0xb3, 0x33, 0xae, 0x0c, - 0xd9, 0x96, 0x29, 0x9e, 0x71, 0xb2, 0x70, 0x63, 0xa3, 0xb6, 0x99, 0x16, - 0x42, 0x1d, 0x65, 0xf3, 0xf7, 0xa0, 0x1e, 0x7d, 0xc5, 0xd4, 0x65, 0x14, - 0xb2, 0x62, 0x84, 0xd4, 0x6c, 0x5c, 0x08, 0x0c, 0xd8, 0x6c, 0x93, 0x2b, - 0xb4, 0x76, 0x59, 0x8a, 0xd1, 0x7f, 0xff, 0x03, 0xd8, 0xc2, 0x5d, 0xb8, - 0x2f, 0x22, 0xd6, 0x38, 0xf0, 0xf6, 0x9c, 0x6b, 0x7d, 0x46, 0xeb, 0x99, - 0x74, 0xf7, 0xeb, 0x4a, 0x0e, 0xa9, 0xa6, 0x04, 0xeb, 0x7b, 0xce, 0xf0, - 0x5c, 0x6b, 0x98, 0x31, 0x5a, 0x98, 0x40, 0xeb, 0x69, 0xc4, 0x05, 0xf4, - 0x20, 0xa8, 0xca, 0x08, 0x3a, 0x65, 0x6c, 0x38, 0x15, 0xf5, 0x5c, 0x2c, - 0xb2, 0x55, 0xe4, 0x2c, 0x6b, 0x41, 0xf0, 0xbe, 0x5c, 0x46, 0xca, 0x4a, - 0x29, 0xa0, 0x48, 0x5e, 0x20, 0xd2, 0x45, 0xff, 0x05, 0xde, 0x34, 0xaf, - 0x70, 0x4b, 0x81, 0x39, 0xe2, 0xca, 0x07, 0x57, 0x7c, 0xb6, 0x31, 0xdc, - 0x21, 0x29, 0xe2, 0xbe, 0x97, 0x0e, 0x77, 0x90, 0x14, 0x51, 0x40, 0xe1, - 0xbf, 0xe3, 0xcc, 0x1b, 0x19, 0x9c, 0x25, 0xca, 0xa7, 0x06, 0xb2, 0x53, - 0xdf, 0x23, 0xb2, 0xcf, 0x12, 0x19, 0xa3, -} - -var certSet2Cert20 = []byte{ - 0x30, 0x82, 0x04, 0x90, 0x30, 0x82, 0x03, 0xf9, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x1b, 0x09, 0x3b, 0x78, 0x60, 0x96, 0xda, 0x37, 0xbb, - 0xa4, 0x51, 0x94, 0x46, 0xc8, 0x96, 0x78, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5f, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, - 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x2e, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x50, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, - 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x31, 0x31, 0x30, 0x38, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x31, 0x31, 0x30, 0x37, - 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x81, 0xca, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, - 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x3a, 0x30, - 0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x31, 0x28, 0x63, 0x29, 0x20, - 0x32, 0x30, 0x30, 0x36, 0x20, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, - 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, - 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, - 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x45, 0x30, - 0x43, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x3c, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, - 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, - 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x35, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xaf, 0x24, 0x08, 0x08, 0x29, 0x7a, 0x35, - 0x9e, 0x60, 0x0c, 0xaa, 0xe7, 0x4b, 0x3b, 0x4e, 0xdc, 0x7c, 0xbc, 0x3c, - 0x45, 0x1c, 0xbb, 0x2b, 0xe0, 0xfe, 0x29, 0x02, 0xf9, 0x57, 0x08, 0xa3, - 0x64, 0x85, 0x15, 0x27, 0xf5, 0xf1, 0xad, 0xc8, 0x31, 0x89, 0x5d, 0x22, - 0xe8, 0x2a, 0xaa, 0xa6, 0x42, 0xb3, 0x8f, 0xf8, 0xb9, 0x55, 0xb7, 0xb1, - 0xb7, 0x4b, 0xb3, 0xfe, 0x8f, 0x7e, 0x07, 0x57, 0xec, 0xef, 0x43, 0xdb, - 0x66, 0x62, 0x15, 0x61, 0xcf, 0x60, 0x0d, 0xa4, 0xd8, 0xde, 0xf8, 0xe0, - 0xc3, 0x62, 0x08, 0x3d, 0x54, 0x13, 0xeb, 0x49, 0xca, 0x59, 0x54, 0x85, - 0x26, 0xe5, 0x2b, 0x8f, 0x1b, 0x9f, 0xeb, 0xf5, 0xa1, 0x91, 0xc2, 0x33, - 0x49, 0xd8, 0x43, 0x63, 0x6a, 0x52, 0x4b, 0xd2, 0x8f, 0xe8, 0x70, 0x51, - 0x4d, 0xd1, 0x89, 0x69, 0x7b, 0xc7, 0x70, 0xf6, 0xb3, 0xdc, 0x12, 0x74, - 0xdb, 0x7b, 0x5d, 0x4b, 0x56, 0xd3, 0x96, 0xbf, 0x15, 0x77, 0xa1, 0xb0, - 0xf4, 0xa2, 0x25, 0xf2, 0xaf, 0x1c, 0x92, 0x67, 0x18, 0xe5, 0xf4, 0x06, - 0x04, 0xef, 0x90, 0xb9, 0xe4, 0x00, 0xe4, 0xdd, 0x3a, 0xb5, 0x19, 0xff, - 0x02, 0xba, 0xf4, 0x3c, 0xee, 0xe0, 0x8b, 0xeb, 0x37, 0x8b, 0xec, 0xf4, - 0xd7, 0xac, 0xf2, 0xf6, 0xf0, 0x3d, 0xaf, 0xdd, 0x75, 0x91, 0x33, 0x19, - 0x1d, 0x1c, 0x40, 0xcb, 0x74, 0x24, 0x19, 0x21, 0x93, 0xd9, 0x14, 0xfe, - 0xac, 0x2a, 0x52, 0xc7, 0x8f, 0xd5, 0x04, 0x49, 0xe4, 0x8d, 0x63, 0x47, - 0x88, 0x3c, 0x69, 0x83, 0xcb, 0xfe, 0x47, 0xbd, 0x2b, 0x7e, 0x4f, 0xc5, - 0x95, 0xae, 0x0e, 0x9d, 0xd4, 0xd1, 0x43, 0xc0, 0x67, 0x73, 0xe3, 0x14, - 0x08, 0x7e, 0xe5, 0x3f, 0x9f, 0x73, 0xb8, 0x33, 0x0a, 0xcf, 0x5d, 0x3f, - 0x34, 0x87, 0x96, 0x8a, 0xee, 0x53, 0xe8, 0x25, 0x15, 0x02, 0x03, 0x01, - 0x00, 0x01, 0xa3, 0x82, 0x01, 0x5b, 0x30, 0x82, 0x01, 0x57, 0x30, 0x0f, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, - 0x01, 0x01, 0xff, 0x30, 0x31, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2a, - 0x30, 0x28, 0x30, 0x26, 0xa0, 0x24, 0xa0, 0x22, 0x86, 0x20, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x76, 0x65, 0x72, - 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x63, - 0x61, 0x33, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x3d, - 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x36, 0x30, 0x34, 0x30, 0x32, 0x06, - 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x2a, 0x30, 0x28, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1c, 0x68, 0x74, 0x74, - 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x76, 0x65, 0x72, - 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, - 0x73, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0x7f, 0xd3, 0x65, 0xa7, 0xc2, 0xdd, 0xec, 0xbb, 0xf0, 0x30, 0x09, 0xf3, - 0x43, 0x39, 0xfa, 0x02, 0xaf, 0x33, 0x31, 0x33, 0x30, 0x6d, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0c, 0x04, 0x61, 0x30, 0x5f, - 0xa1, 0x5d, 0xa0, 0x5b, 0x30, 0x59, 0x30, 0x57, 0x30, 0x55, 0x16, 0x09, - 0x69, 0x6d, 0x61, 0x67, 0x65, 0x2f, 0x67, 0x69, 0x66, 0x30, 0x21, 0x30, - 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, - 0x8f, 0xe5, 0xd3, 0x1a, 0x86, 0xac, 0x8d, 0x8e, 0x6b, 0xc3, 0xcf, 0x80, - 0x6a, 0xd4, 0x48, 0x18, 0x2c, 0x7b, 0x19, 0x2e, 0x30, 0x25, 0x16, 0x23, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6c, 0x6f, 0x67, 0x6f, 0x2e, - 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x76, 0x73, 0x6c, 0x6f, 0x67, 0x6f, 0x2e, 0x67, 0x69, 0x66, 0x30, - 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, - 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, - 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, - 0xa3, 0xcd, 0x7d, 0x1e, 0xf7, 0xc7, 0x75, 0x8d, 0x48, 0xe7, 0x56, 0x34, - 0x4c, 0x00, 0x90, 0x75, 0xa9, 0x51, 0xa5, 0x56, 0xc1, 0x6d, 0xbc, 0xfe, - 0xf5, 0x53, 0x22, 0xe9, 0x98, 0xa2, 0xac, 0x9a, 0x7e, 0x70, 0x1e, 0xb3, - 0x8e, 0x3b, 0x45, 0xe3, 0x86, 0x95, 0x31, 0xda, 0x6d, 0x4c, 0xfb, 0x34, - 0x50, 0x80, 0x96, 0xcd, 0x24, 0xf2, 0x40, 0xdf, 0x04, 0x3f, 0xe2, 0x65, - 0xce, 0x34, 0x22, 0x61, 0x15, 0xea, 0x66, 0x70, 0x64, 0xd2, 0xf1, 0x6e, - 0xf3, 0xca, 0x18, 0x59, 0x6a, 0x41, 0x46, 0x7e, 0x82, 0xde, 0x19, 0xb0, - 0x70, 0x31, 0x56, 0x69, 0x0d, 0x0c, 0xe6, 0x1d, 0x9d, 0x71, 0x58, 0xdc, - 0xcc, 0xde, 0x62, 0xf5, 0xe1, 0x7a, 0x10, 0x02, 0xd8, 0x7a, 0xdc, 0x3b, - 0xfa, 0x57, 0xbd, 0xc9, 0xe9, 0x8f, 0x46, 0x21, 0x39, 0x9f, 0x51, 0x65, - 0x4c, 0x8e, 0x3a, 0xbe, 0x28, 0x41, 0x70, 0x1d, -} - -var certSet2Cert21 = []byte{ - 0x30, 0x82, 0x04, 0x94, 0x30, 0x82, 0x03, 0x7c, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x01, 0xfd, 0xa3, 0xeb, 0x6e, 0xca, 0x75, 0xc8, 0x88, - 0x43, 0x8b, 0x72, 0x4b, 0xcf, 0xbc, 0x91, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x61, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, - 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, - 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x10, 0x77, - 0x77, 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x17, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x47, - 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, - 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x30, 0x33, 0x30, 0x38, 0x31, - 0x32, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x33, - 0x30, 0x38, 0x31, 0x32, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x4d, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x44, - 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x31, - 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1e, 0x44, 0x69, - 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x48, 0x41, 0x32, 0x20, - 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xdc, 0xae, 0x58, 0x90, 0x4d, 0xc1, 0xc4, 0x30, 0x15, 0x90, 0x35, - 0x5b, 0x6e, 0x3c, 0x82, 0x15, 0xf5, 0x2c, 0x5c, 0xbd, 0xe3, 0xdb, 0xff, - 0x71, 0x43, 0xfa, 0x64, 0x25, 0x80, 0xd4, 0xee, 0x18, 0xa2, 0x4d, 0xf0, - 0x66, 0xd0, 0x0a, 0x73, 0x6e, 0x11, 0x98, 0x36, 0x17, 0x64, 0xaf, 0x37, - 0x9d, 0xfd, 0xfa, 0x41, 0x84, 0xaf, 0xc7, 0xaf, 0x8c, 0xfe, 0x1a, 0x73, - 0x4d, 0xcf, 0x33, 0x97, 0x90, 0xa2, 0x96, 0x87, 0x53, 0x83, 0x2b, 0xb9, - 0xa6, 0x75, 0x48, 0x2d, 0x1d, 0x56, 0x37, 0x7b, 0xda, 0x31, 0x32, 0x1a, - 0xd7, 0xac, 0xab, 0x06, 0xf4, 0xaa, 0x5d, 0x4b, 0xb7, 0x47, 0x46, 0xdd, - 0x2a, 0x93, 0xc3, 0x90, 0x2e, 0x79, 0x80, 0x80, 0xef, 0x13, 0x04, 0x6a, - 0x14, 0x3b, 0xb5, 0x9b, 0x92, 0xbe, 0xc2, 0x07, 0x65, 0x4e, 0xfc, 0xda, - 0xfc, 0xff, 0x7a, 0xae, 0xdc, 0x5c, 0x7e, 0x55, 0x31, 0x0c, 0xe8, 0x39, - 0x07, 0xa4, 0xd7, 0xbe, 0x2f, 0xd3, 0x0b, 0x6a, 0xd2, 0xb1, 0xdf, 0x5f, - 0xfe, 0x57, 0x74, 0x53, 0x3b, 0x35, 0x80, 0xdd, 0xae, 0x8e, 0x44, 0x98, - 0xb3, 0x9f, 0x0e, 0xd3, 0xda, 0xe0, 0xd7, 0xf4, 0x6b, 0x29, 0xab, 0x44, - 0xa7, 0x4b, 0x58, 0x84, 0x6d, 0x92, 0x4b, 0x81, 0xc3, 0xda, 0x73, 0x8b, - 0x12, 0x97, 0x48, 0x90, 0x04, 0x45, 0x75, 0x1a, 0xdd, 0x37, 0x31, 0x97, - 0x92, 0xe8, 0xcd, 0x54, 0x0d, 0x3b, 0xe4, 0xc1, 0x3f, 0x39, 0x5e, 0x2e, - 0xb8, 0xf3, 0x5c, 0x7e, 0x10, 0x8e, 0x86, 0x41, 0x00, 0x8d, 0x45, 0x66, - 0x47, 0xb0, 0xa1, 0x65, 0xce, 0xa0, 0xaa, 0x29, 0x09, 0x4e, 0xf3, 0x97, - 0xeb, 0xe8, 0x2e, 0xab, 0x0f, 0x72, 0xa7, 0x30, 0x0e, 0xfa, 0xc7, 0xf4, - 0xfd, 0x14, 0x77, 0xc3, 0xa4, 0x5b, 0x28, 0x57, 0xc2, 0xb3, 0xf9, 0x82, - 0xfd, 0xb7, 0x45, 0x58, 0x9b, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, - 0x01, 0x5a, 0x30, 0x82, 0x01, 0x56, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, - 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, - 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, - 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x34, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x28, 0x30, 0x26, 0x30, 0x24, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x18, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, - 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x7b, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x74, 0x30, 0x72, 0x30, - 0x37, 0xa0, 0x35, 0xa0, 0x33, 0x86, 0x31, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x33, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, - 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x44, 0x69, 0x67, 0x69, - 0x43, 0x65, 0x72, 0x74, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x52, 0x6f, - 0x6f, 0x74, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x37, 0xa0, 0x35, - 0xa0, 0x33, 0x86, 0x31, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, - 0x72, 0x6c, 0x34, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, - 0x74, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x52, 0x6f, 0x6f, 0x74, 0x43, - 0x41, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x3d, 0x06, 0x03, 0x55, 0x1d, 0x20, - 0x04, 0x36, 0x30, 0x34, 0x30, 0x32, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, - 0x30, 0x2a, 0x30, 0x28, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x02, 0x01, 0x16, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, - 0x77, 0x77, 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x50, 0x53, 0x30, 0x1d, 0x06, 0x03, - 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x0f, 0x80, 0x61, 0x1c, 0x82, - 0x31, 0x61, 0xd5, 0x2f, 0x28, 0xe7, 0x8d, 0x46, 0x38, 0xb4, 0x2c, 0xe1, - 0xc6, 0xd9, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, - 0x30, 0x16, 0x80, 0x14, 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, - 0x66, 0xf0, 0xa3, 0xe2, 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x23, 0x3e, 0xdf, 0x4b, - 0xd2, 0x31, 0x42, 0xa5, 0xb6, 0x7e, 0x42, 0x5c, 0x1a, 0x44, 0xcc, 0x69, - 0xd1, 0x68, 0xb4, 0x5d, 0x4b, 0xe0, 0x04, 0x21, 0x6c, 0x4b, 0xe2, 0x6d, - 0xcc, 0xb1, 0xe0, 0x97, 0x8f, 0xa6, 0x53, 0x09, 0xcd, 0xaa, 0x2a, 0x65, - 0xe5, 0x39, 0x4f, 0x1e, 0x83, 0xa5, 0x6e, 0x5c, 0x98, 0xa2, 0x24, 0x26, - 0xe6, 0xfb, 0xa1, 0xed, 0x93, 0xc7, 0x2e, 0x02, 0xc6, 0x4d, 0x4a, 0xbf, - 0xb0, 0x42, 0xdf, 0x78, 0xda, 0xb3, 0xa8, 0xf9, 0x6d, 0xff, 0x21, 0x85, - 0x53, 0x36, 0x60, 0x4c, 0x76, 0xce, 0xec, 0x38, 0xdc, 0xd6, 0x51, 0x80, - 0xf0, 0xc5, 0xd6, 0xe5, 0xd4, 0x4d, 0x27, 0x64, 0xab, 0x9b, 0xc7, 0x3e, - 0x71, 0xfb, 0x48, 0x97, 0xb8, 0x33, 0x6d, 0xc9, 0x13, 0x07, 0xee, 0x96, - 0xa2, 0x1b, 0x18, 0x15, 0xf6, 0x5c, 0x4c, 0x40, 0xed, 0xb3, 0xc2, 0xec, - 0xff, 0x71, 0xc1, 0xe3, 0x47, 0xff, 0xd4, 0xb9, 0x00, 0xb4, 0x37, 0x42, - 0xda, 0x20, 0xc9, 0xea, 0x6e, 0x8a, 0xee, 0x14, 0x06, 0xae, 0x7d, 0xa2, - 0x59, 0x98, 0x88, 0xa8, 0x1b, 0x6f, 0x2d, 0xf4, 0xf2, 0xc9, 0x14, 0x5f, - 0x26, 0xcf, 0x2c, 0x8d, 0x7e, 0xed, 0x37, 0xc0, 0xa9, 0xd5, 0x39, 0xb9, - 0x82, 0xbf, 0x19, 0x0c, 0xea, 0x34, 0xaf, 0x00, 0x21, 0x68, 0xf8, 0xad, - 0x73, 0xe2, 0xc9, 0x32, 0xda, 0x38, 0x25, 0x0b, 0x55, 0xd3, 0x9a, 0x1d, - 0xf0, 0x68, 0x86, 0xed, 0x2e, 0x41, 0x34, 0xef, 0x7c, 0xa5, 0x50, 0x1d, - 0xbf, 0x3a, 0xf9, 0xd3, 0xc1, 0x08, 0x0c, 0xe6, 0xed, 0x1e, 0x8a, 0x58, - 0x25, 0xe4, 0xb8, 0x77, 0xad, 0x2d, 0x6e, 0xf5, 0x52, 0xdd, 0xb4, 0x74, - 0x8f, 0xab, 0x49, 0x2e, 0x9d, 0x3b, 0x93, 0x34, 0x28, 0x1f, 0x78, 0xce, - 0x94, 0xea, 0xc7, 0xbd, 0xd3, 0xc9, 0x6d, 0x1c, 0xde, 0x5c, 0x32, 0xf3, -} - -var certSet2Cert22 = []byte{ - 0x30, 0x82, 0x04, 0x9a, 0x30, 0x82, 0x03, 0x82, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x0b, 0x1d, 0xb1, 0xa9, 0x19, 0xf2, 0x4c, 0x3c, 0x4e, - 0xfc, 0xb5, 0x7a, 0x6a, 0x4e, 0x6c, 0xbf, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x58, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, - 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x31, 0x30, 0x2f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x28, - 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x50, 0x72, 0x69, - 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x38, - 0x32, 0x33, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, - 0x32, 0x30, 0x38, 0x32, 0x32, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, - 0x30, 0x58, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x31, 0x31, 0x30, 0x2f, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x28, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, - 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x20, 0x56, 0x61, 0x6c, 0x69, - 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x43, - 0x41, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, - 0x01, 0x01, 0x00, 0x9e, 0xc6, 0x21, 0xcd, 0x2e, 0x3d, 0xd0, 0xbb, 0x2a, - 0x4d, 0xa4, 0x7b, 0x1f, 0xa8, 0x1a, 0xc2, 0x03, 0xa6, 0xff, 0x43, 0x62, - 0x5b, 0xbf, 0x91, 0xd1, 0x66, 0x52, 0xa9, 0x81, 0x90, 0x68, 0x31, 0x86, - 0x16, 0xbb, 0x1d, 0x85, 0x58, 0xa9, 0x7e, 0x91, 0x6a, 0x1e, 0x4c, 0x31, - 0xca, 0x21, 0xc4, 0xbe, 0x70, 0x1b, 0x9f, 0x8c, 0xe4, 0x05, 0x2d, 0x9c, - 0xed, 0x11, 0x79, 0xad, 0x8f, 0x9c, 0x25, 0x86, 0x4c, 0xba, 0xf2, 0xe5, - 0x62, 0x79, 0x8e, 0x22, 0x5f, 0x85, 0x7c, 0x22, 0x35, 0x38, 0x23, 0x8d, - 0x80, 0x3c, 0xac, 0xcc, 0x2d, 0xfc, 0x58, 0xf2, 0x35, 0xbf, 0x66, 0x5b, - 0xeb, 0xc1, 0x24, 0xf8, 0x70, 0x80, 0x74, 0x32, 0xf9, 0x46, 0xde, 0x32, - 0x19, 0x80, 0x8c, 0xb7, 0xe7, 0x1a, 0xa1, 0xaa, 0x64, 0x98, 0x8d, 0xca, - 0xce, 0x0e, 0xdc, 0x6b, 0xf7, 0xe2, 0x90, 0x0a, 0x6c, 0x1c, 0xa5, 0xf4, - 0x90, 0x32, 0x52, 0xe5, 0xf1, 0x00, 0x42, 0x31, 0x91, 0x48, 0x42, 0x89, - 0xa8, 0x5d, 0x7f, 0x63, 0x8d, 0x31, 0xb2, 0xd6, 0x48, 0x5c, 0x45, 0x45, - 0x22, 0xc9, 0xc5, 0x59, 0x12, 0xab, 0x41, 0x94, 0xea, 0xfe, 0x9c, 0x46, - 0x4d, 0x9a, 0xbc, 0x9c, 0xe0, 0xe2, 0xc6, 0x46, 0xb3, 0xe6, 0x7f, 0xdc, - 0xf5, 0x0f, 0xa3, 0x13, 0x45, 0x86, 0x6d, 0x79, 0x78, 0xfc, 0xe1, 0x50, - 0xcf, 0x09, 0x86, 0xe5, 0x9f, 0xbf, 0xcb, 0x3a, 0xd4, 0xe0, 0xb1, 0xd4, - 0xff, 0xa8, 0x3f, 0x7d, 0x62, 0x1f, 0xc0, 0x6d, 0x78, 0x48, 0xc3, 0xd7, - 0xa3, 0xa5, 0x23, 0x61, 0xc5, 0x3e, 0x35, 0x4d, 0xb2, 0xe5, 0xf8, 0xfd, - 0x94, 0x4b, 0xbc, 0x73, 0x53, 0xaf, 0xe3, 0x9a, 0x69, 0x55, 0xbe, 0xcb, - 0x67, 0xab, 0xe1, 0xbe, 0xef, 0x1b, 0xc2, 0x4d, 0xac, 0xcb, 0x29, 0x5c, - 0xbc, 0xed, 0xb8, 0x62, 0x9d, 0x10, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, - 0xa3, 0x82, 0x01, 0x5e, 0x30, 0x82, 0x01, 0x5a, 0x30, 0x3d, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x31, 0x30, 0x2f, - 0x30, 0x2d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, - 0x86, 0x21, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x45, 0x56, 0x53, - 0x65, 0x63, 0x75, 0x72, 0x65, 0x2d, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, - 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, - 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, - 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x46, 0x06, 0x03, 0x55, - 0x1d, 0x20, 0x04, 0x3f, 0x30, 0x3d, 0x30, 0x3b, 0x06, 0x04, 0x55, 0x1d, - 0x20, 0x00, 0x30, 0x33, 0x30, 0x31, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x41, 0x06, 0x03, 0x55, - 0x1d, 0x1f, 0x04, 0x3a, 0x30, 0x38, 0x30, 0x36, 0xa0, 0x34, 0xa0, 0x32, - 0x86, 0x30, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x45, 0x56, 0x53, - 0x65, 0x63, 0x75, 0x72, 0x65, 0x2d, 0x63, 0x72, 0x6c, 0x2e, 0x67, 0x65, - 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x50, 0x43, 0x41, 0x2e, 0x63, - 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, - 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x1d, - 0x11, 0x04, 0x23, 0x30, 0x21, 0xa4, 0x1f, 0x30, 0x1d, 0x31, 0x1b, 0x30, - 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6e, 0x4d, 0x50, 0x4b, 0x49, 0x2d, 0x32, 0x2d, 0x32, - 0x35, 0x33, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, - 0x14, 0x6f, 0x26, 0x56, 0xd9, 0x5c, 0xe7, 0xf7, 0xc9, 0x04, 0x20, 0xf8, - 0x1e, 0xba, 0x7c, 0x91, 0x27, 0x2f, 0x8c, 0xfa, 0x07, 0x30, 0x1f, 0x06, - 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x2c, 0xd5, - 0x50, 0x41, 0x97, 0x15, 0x8b, 0xf0, 0x8f, 0x36, 0x61, 0x5b, 0x4a, 0xfb, - 0x6b, 0xd9, 0x99, 0xc9, 0x33, 0x92, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x01, 0x00, 0x92, 0x77, 0xe9, 0x57, 0xc9, 0xeb, 0xc4, 0x45, 0x6f, 0xc9, - 0x4c, 0x6e, 0x7d, 0x00, 0x12, 0x71, 0xa5, 0xe3, 0x39, 0xfe, 0x13, 0x84, - 0x49, 0x6c, 0xe7, 0x49, 0x71, 0xf5, 0x2c, 0xc7, 0xc0, 0x36, 0xc2, 0x08, - 0x58, 0xf3, 0x83, 0x75, 0xc5, 0x72, 0xd8, 0x8d, 0x78, 0xf4, 0x65, 0xea, - 0x8c, 0xd5, 0xe3, 0xa5, 0x0e, 0xa9, 0xad, 0xeb, 0xe3, 0xa1, 0x23, 0xae, - 0x93, 0xb7, 0xd8, 0x75, 0x75, 0x4a, 0x59, 0xcb, 0xf2, 0x9e, 0xdb, 0x40, - 0xbf, 0x4e, 0x89, 0xfe, 0x95, 0x42, 0x29, 0x34, 0x7b, 0xf4, 0xdd, 0x6a, - 0x0d, 0x74, 0x5f, 0xc7, 0x11, 0x13, 0x2e, 0xdd, 0x11, 0x6e, 0xc6, 0xe3, - 0x5b, 0xb3, 0xcf, 0xa6, 0x8d, 0xe5, 0xf7, 0x67, 0x7b, 0xba, 0xb3, 0xb3, - 0x69, 0x70, 0x14, 0xb0, 0xc2, 0x99, 0xb4, 0xd2, 0x76, 0x5b, 0x38, 0x17, - 0x39, 0x45, 0x1b, 0x82, 0xf1, 0x53, 0xb8, 0x3d, 0x55, 0x39, 0x0b, 0x7f, - 0xff, 0x98, 0xad, 0x6e, 0x96, 0x9a, 0xb6, 0x6a, 0x4c, 0x7a, 0x5e, 0xbd, - 0xb1, 0x86, 0x12, 0x9d, 0x7c, 0x2c, 0x62, 0xbb, 0x09, 0x93, 0x5f, 0x3f, - 0xd8, 0xb5, 0x8a, 0xc3, 0x49, 0x28, 0x0f, 0x0b, 0xf9, 0x39, 0x22, 0x1a, - 0xfe, 0x5d, 0xd3, 0xe8, 0x18, 0x5f, 0x9d, 0x5f, 0xb4, 0xc0, 0x20, 0xc6, - 0xa9, 0x49, 0x0d, 0x55, 0x73, 0x6a, 0x09, 0x7a, 0xff, 0xa2, 0x99, 0xbf, - 0xd8, 0xbb, 0x91, 0xdc, 0x30, 0x39, 0xae, 0x28, 0x4b, 0xf6, 0xc5, 0x77, - 0x24, 0xe8, 0xd6, 0xc6, 0xa7, 0xa0, 0x4e, 0xf2, 0xa6, 0x99, 0x75, 0xcd, - 0xdd, 0x57, 0xdd, 0x0a, 0x47, 0x92, 0xcb, 0xbb, 0xb7, 0x48, 0xfa, 0x21, - 0xf0, 0x69, 0x21, 0xff, 0xe5, 0x0c, 0xaa, 0x0c, 0xb1, 0xea, 0xdd, 0x05, - 0x1c, 0x19, 0x8e, 0xd1, 0x2a, 0x79, 0x68, 0x02, 0x5e, 0xcc, 0x38, 0xe6, - 0x29, 0xc4, 0x77, 0xf5, 0x19, 0x1c, -} - -var certSet2Cert23 = []byte{ - 0x30, 0x82, 0x04, 0xa0, 0x30, 0x82, 0x03, 0x88, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x39, 0x14, 0x84, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x68, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1c, 0x53, - 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x54, 0x65, 0x63, - 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x69, 0x65, 0x73, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x29, 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, - 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x32, 0x20, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, - 0x34, 0x30, 0x31, 0x30, 0x31, 0x30, 0x37, 0x30, 0x30, 0x30, 0x30, 0x5a, - 0x17, 0x0d, 0x33, 0x31, 0x30, 0x35, 0x33, 0x30, 0x30, 0x37, 0x30, 0x30, - 0x30, 0x30, 0x5a, 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, - 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, - 0x61, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, - 0x53, 0x63, 0x6f, 0x74, 0x74, 0x73, 0x64, 0x61, 0x6c, 0x65, 0x31, 0x25, - 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1c, 0x53, 0x74, 0x61, - 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x54, 0x65, 0x63, 0x68, 0x6e, - 0x6f, 0x6c, 0x6f, 0x67, 0x69, 0x65, 0x73, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, - 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x52, 0x6f, - 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, - 0x01, 0x00, 0xbd, 0xed, 0xc1, 0x03, 0xfc, 0xf6, 0x8f, 0xfc, 0x02, 0xb1, - 0x6f, 0x5b, 0x9f, 0x48, 0xd9, 0x9d, 0x79, 0xe2, 0xa2, 0xb7, 0x03, 0x61, - 0x56, 0x18, 0xc3, 0x47, 0xb6, 0xd7, 0xca, 0x3d, 0x35, 0x2e, 0x89, 0x43, - 0xf7, 0xa1, 0x69, 0x9b, 0xde, 0x8a, 0x1a, 0xfd, 0x13, 0x20, 0x9c, 0xb4, - 0x49, 0x77, 0x32, 0x29, 0x56, 0xfd, 0xb9, 0xec, 0x8c, 0xdd, 0x22, 0xfa, - 0x72, 0xdc, 0x27, 0x61, 0x97, 0xee, 0xf6, 0x5a, 0x84, 0xec, 0x6e, 0x19, - 0xb9, 0x89, 0x2c, 0xdc, 0x84, 0x5b, 0xd5, 0x74, 0xfb, 0x6b, 0x5f, 0xc5, - 0x89, 0xa5, 0x10, 0x52, 0x89, 0x46, 0x55, 0xf4, 0xb8, 0x75, 0x1c, 0xe6, - 0x7f, 0xe4, 0x54, 0xae, 0x4b, 0xf8, 0x55, 0x72, 0x57, 0x02, 0x19, 0xf8, - 0x17, 0x71, 0x59, 0xeb, 0x1e, 0x28, 0x07, 0x74, 0xc5, 0x9d, 0x48, 0xbe, - 0x6c, 0xb4, 0xf4, 0xa4, 0xb0, 0xf3, 0x64, 0x37, 0x79, 0x92, 0xc0, 0xec, - 0x46, 0x5e, 0x7f, 0xe1, 0x6d, 0x53, 0x4c, 0x62, 0xaf, 0xcd, 0x1f, 0x0b, - 0x63, 0xbb, 0x3a, 0x9d, 0xfb, 0xfc, 0x79, 0x00, 0x98, 0x61, 0x74, 0xcf, - 0x26, 0x82, 0x40, 0x63, 0xf3, 0xb2, 0x72, 0x6a, 0x19, 0x0d, 0x99, 0xca, - 0xd4, 0x0e, 0x75, 0xcc, 0x37, 0xfb, 0x8b, 0x89, 0xc1, 0x59, 0xf1, 0x62, - 0x7f, 0x5f, 0xb3, 0x5f, 0x65, 0x30, 0xf8, 0xa7, 0xb7, 0x4d, 0x76, 0x5a, - 0x1e, 0x76, 0x5e, 0x34, 0xc0, 0xe8, 0x96, 0x56, 0x99, 0x8a, 0xb3, 0xf0, - 0x7f, 0xa4, 0xcd, 0xbd, 0xdc, 0x32, 0x31, 0x7c, 0x91, 0xcf, 0xe0, 0x5f, - 0x11, 0xf8, 0x6b, 0xaa, 0x49, 0x5c, 0xd1, 0x99, 0x94, 0xd1, 0xa2, 0xe3, - 0x63, 0x5b, 0x09, 0x76, 0xb5, 0x56, 0x62, 0xe1, 0x4b, 0x74, 0x1d, 0x96, - 0xd4, 0x26, 0xd4, 0x08, 0x04, 0x59, 0xd0, 0x98, 0x0e, 0x0e, 0xe6, 0xde, - 0xfc, 0xc3, 0xec, 0x1f, 0x90, 0xf1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, - 0x82, 0x01, 0x29, 0x30, 0x82, 0x01, 0x25, 0x30, 0x0f, 0x06, 0x03, 0x55, - 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, - 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, - 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, - 0x16, 0x04, 0x14, 0x7c, 0x0c, 0x32, 0x1f, 0xa7, 0xd9, 0x30, 0x7f, 0xc4, - 0x7d, 0x68, 0xa3, 0x62, 0xa8, 0xa1, 0xce, 0xab, 0x07, 0x5b, 0x27, 0x30, - 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, - 0xbf, 0x5f, 0xb7, 0xd1, 0xce, 0xdd, 0x1f, 0x86, 0xf4, 0x5b, 0x55, 0xac, - 0xdc, 0xd7, 0x10, 0xc2, 0x0e, 0xa9, 0x88, 0xe7, 0x30, 0x3a, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x2e, 0x30, 0x2c, - 0x30, 0x2a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, - 0x86, 0x1e, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, - 0x70, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x74, - 0x65, 0x63, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x30, 0x38, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x31, 0x30, 0x2f, 0x30, 0x2d, 0xa0, 0x2b, 0xa0, - 0x29, 0x86, 0x27, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, - 0x6c, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x74, - 0x65, 0x63, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x66, 0x72, 0x6f, - 0x6f, 0x74, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x4c, 0x06, 0x03, 0x55, 0x1d, - 0x20, 0x04, 0x45, 0x30, 0x43, 0x30, 0x41, 0x06, 0x04, 0x55, 0x1d, 0x20, - 0x00, 0x30, 0x39, 0x30, 0x37, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x02, 0x01, 0x16, 0x2b, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, - 0x2f, 0x63, 0x65, 0x72, 0x74, 0x73, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x66, - 0x69, 0x65, 0x6c, 0x64, 0x74, 0x65, 0x63, 0x68, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x85, 0x63, 0xc1, 0xd9, - 0xdd, 0xb9, 0xff, 0xa9, 0xbd, 0xa6, 0x19, 0xdc, 0xbf, 0x13, 0x3a, 0x11, - 0x38, 0x22, 0x54, 0xb1, 0xac, 0x05, 0x10, 0xfb, 0x7c, 0xb3, 0x96, 0x3f, - 0x31, 0x8b, 0x66, 0xff, 0x88, 0xf3, 0xe1, 0xbf, 0xfb, 0xc7, 0x1f, 0x00, - 0xff, 0x46, 0x6a, 0x8b, 0x61, 0x32, 0xc9, 0x01, 0x51, 0x76, 0xfb, 0x9a, - 0xc6, 0xfa, 0x20, 0x51, 0xc8, 0x46, 0xc4, 0x98, 0xd7, 0x79, 0xa3, 0xe3, - 0x04, 0x72, 0x3f, 0x8b, 0x4d, 0x34, 0x53, 0x67, 0xec, 0x33, 0x2c, 0x7b, - 0xe8, 0x94, 0x01, 0x28, 0x7c, 0x3a, 0x34, 0x5b, 0x02, 0x77, 0x16, 0x8d, - 0x40, 0x25, 0x33, 0xb0, 0xbc, 0x6c, 0x97, 0xd7, 0x05, 0x7a, 0xff, 0x8c, - 0x85, 0xce, 0x6f, 0xa0, 0x53, 0x00, 0x17, 0x6e, 0x1e, 0x6c, 0xbd, 0x22, - 0xd7, 0x0a, 0x88, 0x37, 0xf6, 0x7d, 0xeb, 0x99, 0x41, 0xef, 0x27, 0xcb, - 0x8c, 0x60, 0x6b, 0x4c, 0x01, 0x7e, 0x65, 0x50, 0x0b, 0x4f, 0xb8, 0x95, - 0x9a, 0x9a, 0x6e, 0x34, 0xfd, 0x73, 0x3a, 0x33, 0xf1, 0x91, 0xd5, 0xf3, - 0x4e, 0x2d, 0x74, 0xe8, 0xef, 0xd3, 0x90, 0x35, 0xf1, 0x06, 0x68, 0x64, - 0xd4, 0xd0, 0x13, 0xfd, 0x52, 0xd3, 0xc6, 0x6d, 0xc1, 0x3a, 0x8a, 0x31, - 0xdd, 0x05, 0x26, 0x35, 0x4a, 0x8c, 0x65, 0xb8, 0x52, 0x6b, 0x81, 0xec, - 0xd2, 0x9c, 0xb5, 0x34, 0x10, 0x97, 0x9c, 0x3e, 0xc6, 0x2f, 0xed, 0x8e, - 0x42, 0x42, 0x24, 0x2e, 0xe9, 0x73, 0x9a, 0x25, 0xf9, 0x11, 0xf1, 0xf2, - 0x23, 0x69, 0xcb, 0xe5, 0x94, 0x69, 0xa0, 0xd2, 0xdc, 0xb0, 0xfc, 0x44, - 0x89, 0xac, 0x17, 0xa8, 0xcc, 0xd5, 0x37, 0x77, 0x16, 0xc5, 0x80, 0xb9, - 0x0c, 0x8f, 0x57, 0x02, 0x55, 0x99, 0x85, 0x7b, 0x49, 0xf0, 0x2e, 0x5b, - 0xa0, 0xc2, 0x57, 0x53, 0x5d, 0xa2, 0xe8, 0xa6, 0x37, 0xc3, 0x01, 0xfa, -} - -var certSet2Cert24 = []byte{ - 0x30, 0x82, 0x04, 0xa6, 0x30, 0x82, 0x03, 0x8e, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x28, 0x1c, 0x89, 0x29, 0x66, 0x14, 0x43, 0x80, 0x42, - 0x63, 0x55, 0x3a, 0x32, 0x40, 0xae, 0xb3, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0x98, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x39, 0x30, 0x37, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x30, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x38, 0x20, 0x47, 0x65, - 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, - 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, - 0x79, 0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2d, - 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x50, 0x72, 0x69, - 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, 0x1e, 0x17, - 0x0d, 0x31, 0x35, 0x30, 0x36, 0x33, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, - 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x35, 0x30, 0x36, 0x32, 0x39, 0x32, 0x33, - 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x47, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, - 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x20, 0x30, 0x1e, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x17, 0x52, 0x61, 0x70, 0x69, 0x64, - 0x53, 0x53, 0x4c, 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x43, - 0x41, 0x20, 0x2d, 0x20, 0x47, 0x34, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, - 0x01, 0x01, 0x00, 0xc0, 0x9e, 0x3a, 0x0f, 0x9a, 0xb2, 0xba, 0xd3, 0xd2, - 0xdc, 0x15, 0xec, 0xd0, 0x30, 0x54, 0x59, 0x30, 0x4d, 0x40, 0x51, 0xae, - 0x42, 0x71, 0x71, 0xd2, 0x8d, 0x53, 0x73, 0x81, 0xfe, 0xb8, 0xe0, 0xc4, - 0x96, 0xc5, 0x8e, 0x7e, 0xc2, 0xf1, 0xb7, 0x63, 0x4a, 0xcf, 0xa7, 0x1e, - 0x3f, 0xa8, 0xe7, 0xce, 0x53, 0xa0, 0xfa, 0x2d, 0xf7, 0xd6, 0xe6, 0xce, - 0x70, 0x11, 0xa6, 0xee, 0xe1, 0x03, 0x52, 0xd2, 0x68, 0xde, 0x3d, 0x08, - 0x0d, 0x87, 0xfd, 0x1c, 0xd7, 0x0b, 0x97, 0x62, 0x6d, 0x82, 0x30, 0x76, - 0x1b, 0x47, 0x3a, 0xc4, 0xf7, 0xce, 0xed, 0x1d, 0x7c, 0x8c, 0xb7, 0x17, - 0x8e, 0x53, 0x80, 0x1e, 0x1d, 0x0f, 0x5d, 0x8c, 0xf9, 0x90, 0xe4, 0x04, - 0x1e, 0x02, 0x7e, 0xcb, 0xb0, 0x49, 0xef, 0xda, 0x52, 0x25, 0xfb, 0xfb, - 0x67, 0xed, 0xdd, 0x84, 0x74, 0x59, 0x84, 0x0e, 0xf3, 0xde, 0x70, 0x66, - 0x8d, 0xe4, 0x52, 0x38, 0xf7, 0x53, 0x5a, 0x37, 0x13, 0x67, 0x0b, 0x3e, - 0xbb, 0xa8, 0x58, 0xb7, 0x2e, 0xed, 0xff, 0xb7, 0x5e, 0x11, 0x73, 0xb9, - 0x77, 0x45, 0x52, 0x67, 0x46, 0xae, 0xc4, 0xdc, 0x24, 0x81, 0x89, 0x76, - 0x0a, 0xca, 0xa1, 0x6c, 0x66, 0x73, 0x04, 0x82, 0xaa, 0xf5, 0x70, 0x6c, - 0x5f, 0x1b, 0x9a, 0x00, 0x79, 0x46, 0xd6, 0x7f, 0x7a, 0x26, 0x17, 0x30, - 0xcf, 0x39, 0x4b, 0x2c, 0x74, 0xd9, 0x89, 0x44, 0x76, 0x10, 0xd0, 0xed, - 0xf7, 0x8b, 0xbb, 0x89, 0x05, 0x75, 0x4d, 0x0b, 0x0d, 0xb3, 0xda, 0xe9, - 0xbf, 0xf1, 0x6a, 0x7d, 0x2a, 0x11, 0xdb, 0x1e, 0x9f, 0x8c, 0xe3, 0xc4, - 0x06, 0x69, 0xe1, 0x1d, 0x88, 0x45, 0x39, 0xd1, 0x6e, 0x55, 0xd8, 0xaa, - 0xb7, 0x9b, 0x6f, 0xea, 0xf4, 0xde, 0xac, 0x17, 0x11, 0x92, 0x5d, 0x40, - 0x9b, 0x83, 0x7b, 0x9a, 0xe2, 0xf7, 0xa9, 0x02, 0x03, 0x01, 0x00, 0x01, - 0xa3, 0x82, 0x01, 0x3a, 0x30, 0x82, 0x01, 0x36, 0x30, 0x2e, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x22, 0x30, 0x20, - 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, - 0x86, 0x12, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x2e, 0x73, - 0x79, 0x6d, 0x63, 0x64, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x12, 0x06, 0x03, - 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, - 0xff, 0x02, 0x01, 0x00, 0x30, 0x49, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, - 0x42, 0x30, 0x40, 0x30, 0x3e, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01, 0x02, - 0x01, 0x30, 0x34, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x02, 0x01, 0x16, 0x26, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, - 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x36, 0x06, 0x03, 0x55, - 0x1d, 0x1f, 0x04, 0x2f, 0x30, 0x2d, 0x30, 0x2b, 0xa0, 0x29, 0xa0, 0x27, - 0x86, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x2e, 0x73, - 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x47, 0x65, 0x6f, - 0x54, 0x72, 0x75, 0x73, 0x74, 0x50, 0x43, 0x41, 0x2d, 0x47, 0x33, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, - 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, - 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, - 0x14, 0xf3, 0xb5, 0x56, 0x0c, 0xc4, 0x09, 0xb0, 0xb4, 0xcf, 0x1f, 0xaa, - 0xf9, 0xdd, 0x23, 0x56, 0xf0, 0x77, 0xe8, 0xa1, 0xf9, 0x30, 0x1f, 0x06, - 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xc4, 0x79, - 0xca, 0x8e, 0xa1, 0x4e, 0x03, 0x1d, 0x1c, 0xdc, 0x6b, 0xdb, 0x31, 0x5b, - 0x94, 0x3e, 0x3f, 0x30, 0x7f, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x01, 0x00, 0xc3, 0x7e, 0xd8, 0x83, 0x4b, 0x04, 0x4c, 0x55, 0x29, 0x2a, - 0x4f, 0x14, 0x9d, 0x9a, 0x6e, 0xde, 0x90, 0x70, 0xc1, 0xa4, 0x26, 0x4c, - 0x88, 0x8e, 0x78, 0x48, 0xef, 0xbd, 0x9c, 0xb0, 0xa0, 0xf5, 0xf0, 0x66, - 0xfc, 0xfe, 0x59, 0x26, 0xe1, 0x79, 0xef, 0xc8, 0xb7, 0x60, 0x64, 0xa8, - 0x8b, 0x47, 0xea, 0x2f, 0xe0, 0x83, 0x99, 0xda, 0x41, 0x19, 0xd7, 0xc5, - 0xbe, 0x05, 0xfa, 0xf2, 0x90, 0x11, 0xf0, 0x0a, 0xff, 0x6c, 0xdc, 0x05, - 0xb4, 0xd8, 0x06, 0x6f, 0xa4, 0x6f, 0x8d, 0xbe, 0x20, 0x2b, 0x54, 0xdb, - 0xf9, 0xa2, 0x45, 0x83, 0x9a, 0x1e, 0xa5, 0x21, 0x89, 0x35, 0x1d, 0x7c, - 0x20, 0x5c, 0x17, 0xfd, 0x04, 0x2e, 0x45, 0xd8, 0xb2, 0xc6, 0xf8, 0x42, - 0x99, 0xfc, 0x54, 0x08, 0x4e, 0x4b, 0x80, 0x5f, 0x39, 0x37, 0xba, 0x95, - 0x4e, 0xa6, 0x37, 0x0a, 0x9e, 0x93, 0x5e, 0x87, 0x5b, 0xe9, 0x90, 0xd6, - 0xa8, 0xb6, 0x65, 0x08, 0x8d, 0x61, 0x49, 0xeb, 0x83, 0x20, 0xa9, 0x5d, - 0x1b, 0x16, 0x60, 0x62, 0x6b, 0x2f, 0x54, 0xfb, 0x5a, 0x02, 0x0d, 0x7a, - 0x27, 0xe2, 0x4b, 0xe1, 0x05, 0x14, 0xc2, 0xe4, 0xe9, 0xf9, 0x70, 0xc0, - 0xd9, 0xf7, 0x34, 0x65, 0x0e, 0xa2, 0x91, 0x4b, 0xac, 0x28, 0xf2, 0xb7, - 0x08, 0x0f, 0x98, 0xca, 0xd7, 0x3e, 0x70, 0xb6, 0xc8, 0x0b, 0xf1, 0x8b, - 0x9c, 0x51, 0xf8, 0xc6, 0x10, 0x6c, 0xd2, 0x53, 0x4f, 0x62, 0x8c, 0x11, - 0x00, 0x3e, 0x88, 0xdf, 0xbf, 0xe6, 0xd2, 0xcc, 0x70, 0xbd, 0xed, 0x25, - 0x9c, 0xfb, 0xdd, 0x24, 0x0a, 0xbd, 0x59, 0x91, 0x4a, 0x42, 0x03, 0x38, - 0x12, 0x71, 0x32, 0x88, 0x76, 0xa0, 0x8e, 0x7c, 0xbb, 0x32, 0xef, 0x88, - 0x2a, 0x1b, 0xd4, 0x6a, 0x6f, 0x50, 0xb9, 0x52, 0x67, 0x8b, 0xab, 0x30, - 0xfa, 0x1f, 0xfd, 0xe3, 0x24, 0x9a, -} - -var certSet2Cert25 = []byte{ - 0x30, 0x82, 0x04, 0xaf, 0x30, 0x82, 0x03, 0x97, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x5d, 0x72, 0xfb, 0x33, 0x76, 0x20, 0xf6, 0x4c, 0x72, - 0x80, 0xdb, 0xe9, 0x12, 0x81, 0xff, 0x6a, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xa9, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, - 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, 0x38, 0x30, 0x36, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, - 0x30, 0x36, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, - 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x16, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, - 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x30, 0x33, 0x31, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x31, - 0x30, 0x33, 0x30, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x44, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, - 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x15, 0x74, - 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x45, 0x56, 0x20, 0x53, 0x53, 0x4c, - 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xdd, 0xda, 0x94, 0x1e, 0x32, 0xb2, - 0x2e, 0xa0, 0x83, 0xc0, 0xa6, 0x7d, 0x5f, 0x65, 0x2d, 0xfd, 0x27, 0xb8, - 0x73, 0x0e, 0xf8, 0x0b, 0xa9, 0xd4, 0x56, 0x26, 0x69, 0x98, 0x67, 0x35, - 0x39, 0x64, 0x58, 0xce, 0x82, 0x6f, 0x98, 0x94, 0xd1, 0x8f, 0xe0, 0x90, - 0xd6, 0xed, 0x55, 0x4b, 0x98, 0x4b, 0xd7, 0x10, 0x59, 0x34, 0x02, 0x1b, - 0xe7, 0x51, 0x31, 0x51, 0xc4, 0x38, 0xc2, 0xbc, 0xdb, 0x03, 0x5c, 0xca, - 0xe1, 0x7c, 0xdc, 0x4f, 0x59, 0x97, 0xea, 0x07, 0x7f, 0x0f, 0x85, 0x3e, - 0x92, 0xea, 0xaa, 0xa7, 0xd9, 0xbe, 0x01, 0x41, 0xe4, 0x62, 0x56, 0x47, - 0x36, 0xbd, 0x57, 0x91, 0xe6, 0x21, 0xd3, 0xf8, 0x41, 0x0b, 0xd8, 0xba, - 0xe8, 0xed, 0x81, 0xad, 0x70, 0xc0, 0x8b, 0x6e, 0xf3, 0x89, 0x6e, 0x27, - 0x9e, 0xa6, 0xa6, 0x73, 0x59, 0xbb, 0x71, 0x00, 0xd4, 0x4f, 0x4b, 0x48, - 0xe9, 0xd5, 0xc9, 0x27, 0x36, 0x9c, 0x7c, 0x1c, 0x02, 0xaa, 0xac, 0xbd, - 0x3b, 0xd1, 0x53, 0x83, 0x6a, 0x1f, 0xe6, 0x08, 0x47, 0x33, 0xa7, 0xb1, - 0x9f, 0x02, 0xbe, 0x9b, 0x47, 0xed, 0x33, 0x04, 0xdc, 0x1c, 0x80, 0x27, - 0xd1, 0x4a, 0x33, 0xa0, 0x8c, 0xeb, 0x01, 0x47, 0xa1, 0x32, 0x90, 0x64, - 0x7b, 0xc4, 0xe0, 0x84, 0xc9, 0x32, 0xe9, 0xdd, 0x34, 0x1f, 0x8a, 0x68, - 0x67, 0xf3, 0xad, 0x10, 0x63, 0xeb, 0xee, 0x8a, 0x9a, 0xb1, 0x2a, 0x1b, - 0x26, 0x74, 0xa1, 0x2a, 0xb0, 0x8f, 0xfe, 0x52, 0x98, 0x46, 0x97, 0xcf, - 0xa3, 0x56, 0x1c, 0x6f, 0x6e, 0x99, 0x97, 0x8d, 0x26, 0x0e, 0xa9, 0xec, - 0xc2, 0x53, 0x70, 0xfc, 0x7a, 0xa5, 0x19, 0x49, 0xbd, 0xb5, 0x17, 0x82, - 0x55, 0xde, 0x97, 0xe0, 0x5d, 0x62, 0x84, 0x81, 0xf0, 0x70, 0xa8, 0x34, - 0x53, 0x4f, 0x14, 0xfd, 0x3d, 0x5d, 0x3d, 0x6f, 0xb9, 0x02, 0x03, 0x01, - 0x00, 0x01, 0xa3, 0x82, 0x01, 0x35, 0x30, 0x82, 0x01, 0x31, 0x30, 0x12, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, - 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x2f, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x23, - 0x30, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x01, 0x86, 0x13, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x74, - 0x32, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x30, - 0x3b, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x34, 0x30, 0x32, 0x30, 0x30, - 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x28, 0x30, 0x26, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, - 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x74, 0x68, - 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, 0x73, - 0x30, 0x32, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2b, 0x30, 0x29, 0x30, - 0x27, 0xa0, 0x25, 0xa0, 0x23, 0x86, 0x21, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x74, 0x31, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x50, 0x43, 0x41, - 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x29, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, - 0x22, 0x30, 0x20, 0xa4, 0x1e, 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, - 0x65, 0x63, 0x50, 0x4b, 0x49, 0x2d, 0x31, 0x2d, 0x35, 0x33, 0x36, 0x30, - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xf0, 0x70, - 0x51, 0xda, 0xd3, 0x2a, 0x91, 0x4f, 0x52, 0x77, 0xd7, 0x86, 0x77, 0x74, - 0x0f, 0xce, 0x71, 0x1a, 0x6c, 0x22, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7b, 0x5b, 0x45, 0xcf, 0xaf, - 0xce, 0xcb, 0x7a, 0xfd, 0x31, 0x92, 0x1a, 0x6a, 0xb6, 0xf3, 0x46, 0xeb, - 0x57, 0x48, 0x50, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xa1, - 0x2e, 0x94, 0x3e, 0x9b, 0x16, 0xf4, 0x58, 0x1a, 0x6f, 0xc1, 0xfa, 0xc1, - 0x7e, 0x43, 0x93, 0xb2, 0xc3, 0xf7, 0x89, 0xeb, 0x13, 0x62, 0x5d, 0xdd, - 0xcc, 0x61, 0x13, 0x2b, 0x1d, 0x4e, 0x88, 0x79, 0x11, 0x62, 0x14, 0x37, - 0x30, 0x46, 0xff, 0x89, 0x62, 0x10, 0x85, 0x2a, 0x87, 0x1e, 0xf8, 0xe2, - 0xaf, 0xfe, 0x93, 0x02, 0x93, 0xca, 0xf2, 0xe9, 0x46, 0x03, 0x6b, 0xa1, - 0x1a, 0xac, 0xd5, 0xf0, 0x80, 0x1b, 0x98, 0x6f, 0xb8, 0x3a, 0x50, 0xf8, - 0x54, 0x71, 0x06, 0x03, 0xe7, 0x84, 0xcc, 0x8e, 0x61, 0xd2, 0x5f, 0x4d, - 0x0c, 0x97, 0x02, 0x65, 0xb5, 0x8c, 0x26, 0xbc, 0x05, 0x98, 0xf4, 0xdc, - 0xc6, 0xaf, 0xe4, 0x57, 0x7f, 0xe3, 0xdc, 0xa1, 0xd7, 0x27, 0x47, 0x2a, - 0xe0, 0x2c, 0x3f, 0x09, 0x74, 0xdc, 0x5a, 0xe5, 0xb5, 0x7c, 0xfa, 0x82, - 0x9a, 0x15, 0xfa, 0x74, 0x2b, 0x84, 0x2e, 0x6b, 0xac, 0xef, 0x35, 0xa6, - 0x30, 0xfa, 0x47, 0x4a, 0xaa, 0x36, 0x44, 0xf6, 0x5a, 0x91, 0x07, 0xd3, - 0xe4, 0x4e, 0x97, 0x3f, 0xa6, 0x53, 0xd8, 0x29, 0x33, 0x32, 0x6f, 0x8b, - 0x3d, 0xb5, 0xa5, 0x0d, 0xe5, 0xe4, 0x8a, 0xe8, 0xf5, 0xc0, 0xfa, 0xaf, - 0xd8, 0x37, 0x28, 0x27, 0xc3, 0xed, 0x34, 0x31, 0xd9, 0x7c, 0xa6, 0xaf, - 0x4d, 0x12, 0x4f, 0xd0, 0x2b, 0x92, 0x9c, 0x69, 0x95, 0xf2, 0x28, 0xa6, - 0xfe, 0xa8, 0xc6, 0xe0, 0x2c, 0x4d, 0x36, 0xeb, 0x11, 0x34, 0xd6, 0xe1, - 0x81, 0x99, 0x9d, 0x41, 0xf2, 0xe7, 0xc5, 0x57, 0x05, 0x0e, 0x19, 0xca, - 0xaf, 0x42, 0x39, 0x1f, 0xa7, 0x27, 0x5e, 0xe0, 0x0a, 0x17, 0xb8, 0xae, - 0x47, 0xab, 0x92, 0xf1, 0x8a, 0x04, 0xdf, 0x30, 0xe0, 0xbb, 0x4f, 0x8a, - 0xf9, 0x1b, 0x88, 0x4f, 0x03, 0xb4, 0x25, 0x7a, 0x78, 0xde, 0x2e, 0x7d, - 0x29, 0xd1, 0x31, -} - -var certSet2Cert26 = []byte{ - 0x30, 0x82, 0x04, 0xb1, 0x30, 0x82, 0x03, 0x99, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x04, 0xe1, 0xe7, 0xa4, 0xdc, 0x5c, 0xf2, 0xf3, 0x6d, - 0xc0, 0x2b, 0x42, 0xb8, 0x5d, 0x15, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x6c, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, - 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, - 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x10, 0x77, - 0x77, 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x22, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x48, - 0x69, 0x67, 0x68, 0x20, 0x41, 0x73, 0x73, 0x75, 0x72, 0x61, 0x6e, 0x63, - 0x65, 0x20, 0x45, 0x56, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, - 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x30, 0x32, 0x32, 0x31, 0x32, - 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x31, 0x30, 0x32, - 0x32, 0x31, 0x32, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x70, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x44, 0x69, - 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x31, 0x19, - 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x10, 0x77, 0x77, 0x77, - 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, - 0x6d, 0x31, 0x2f, 0x30, 0x2d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x26, - 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x48, 0x41, - 0x32, 0x20, 0x48, 0x69, 0x67, 0x68, 0x20, 0x41, 0x73, 0x73, 0x75, 0x72, - 0x61, 0x6e, 0x63, 0x65, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, - 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb6, - 0xe0, 0x2f, 0xc2, 0x24, 0x06, 0xc8, 0x6d, 0x04, 0x5f, 0xd7, 0xef, 0x0a, - 0x64, 0x06, 0xb2, 0x7d, 0x22, 0x26, 0x65, 0x16, 0xae, 0x42, 0x40, 0x9b, - 0xce, 0xdc, 0x9f, 0x9f, 0x76, 0x07, 0x3e, 0xc3, 0x30, 0x55, 0x87, 0x19, - 0xb9, 0x4f, 0x94, 0x0e, 0x5a, 0x94, 0x1f, 0x55, 0x56, 0xb4, 0xc2, 0x02, - 0x2a, 0xaf, 0xd0, 0x98, 0xee, 0x0b, 0x40, 0xd7, 0xc4, 0xd0, 0x3b, 0x72, - 0xc8, 0x14, 0x9e, 0xef, 0x90, 0xb1, 0x11, 0xa9, 0xae, 0xd2, 0xc8, 0xb8, - 0x43, 0x3a, 0xd9, 0x0b, 0x0b, 0xd5, 0xd5, 0x95, 0xf5, 0x40, 0xaf, 0xc8, - 0x1d, 0xed, 0x4d, 0x9c, 0x5f, 0x57, 0xb7, 0x86, 0x50, 0x68, 0x99, 0xf5, - 0x8a, 0xda, 0xd2, 0xc7, 0x05, 0x1f, 0xa8, 0x97, 0xc9, 0xdc, 0xa4, 0xb1, - 0x82, 0x84, 0x2d, 0xc6, 0xad, 0xa5, 0x9c, 0xc7, 0x19, 0x82, 0xa6, 0x85, - 0x0f, 0x5e, 0x44, 0x58, 0x2a, 0x37, 0x8f, 0xfd, 0x35, 0xf1, 0x0b, 0x08, - 0x27, 0x32, 0x5a, 0xf5, 0xbb, 0x8b, 0x9e, 0xa4, 0xbd, 0x51, 0xd0, 0x27, - 0xe2, 0xdd, 0x3b, 0x42, 0x33, 0xa3, 0x05, 0x28, 0xc4, 0xbb, 0x28, 0xcc, - 0x9a, 0xac, 0x2b, 0x23, 0x0d, 0x78, 0xc6, 0x7b, 0xe6, 0x5e, 0x71, 0xb7, - 0x4a, 0x3e, 0x08, 0xfb, 0x81, 0xb7, 0x16, 0x16, 0xa1, 0x9d, 0x23, 0x12, - 0x4d, 0xe5, 0xd7, 0x92, 0x08, 0xac, 0x75, 0xa4, 0x9c, 0xba, 0xcd, 0x17, - 0xb2, 0x1e, 0x44, 0x35, 0x65, 0x7f, 0x53, 0x25, 0x39, 0xd1, 0x1c, 0x0a, - 0x9a, 0x63, 0x1b, 0x19, 0x92, 0x74, 0x68, 0x0a, 0x37, 0xc2, 0xc2, 0x52, - 0x48, 0xcb, 0x39, 0x5a, 0xa2, 0xb6, 0xe1, 0x5d, 0xc1, 0xdd, 0xa0, 0x20, - 0xb8, 0x21, 0xa2, 0x93, 0x26, 0x6f, 0x14, 0x4a, 0x21, 0x41, 0xc7, 0xed, - 0x6d, 0x9b, 0xf2, 0x48, 0x2f, 0xf3, 0x03, 0xf5, 0xa2, 0x68, 0x92, 0x53, - 0x2f, 0x5e, 0xe3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x49, - 0x30, 0x82, 0x01, 0x45, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, - 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, - 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, - 0x03, 0x02, 0x01, 0x86, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, - 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, - 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, - 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, - 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, - 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x4b, 0x06, 0x03, 0x55, 0x1d, 0x1f, - 0x04, 0x44, 0x30, 0x42, 0x30, 0x40, 0xa0, 0x3e, 0xa0, 0x3c, 0x86, 0x3a, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x34, 0x2e, - 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x48, 0x69, 0x67, - 0x68, 0x41, 0x73, 0x73, 0x75, 0x72, 0x61, 0x6e, 0x63, 0x65, 0x45, 0x56, - 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x3d, - 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x36, 0x30, 0x34, 0x30, 0x32, 0x06, - 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x2a, 0x30, 0x28, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1c, 0x68, 0x74, 0x74, - 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x64, 0x69, 0x67, - 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x50, - 0x53, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0x51, 0x68, 0xff, 0x90, 0xaf, 0x02, 0x07, 0x75, 0x3c, 0xcc, 0xd9, 0x65, - 0x64, 0x62, 0xa2, 0x12, 0xb8, 0x59, 0x72, 0x3b, 0x30, 0x1f, 0x06, 0x03, - 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb1, 0x3e, 0xc3, - 0x69, 0x03, 0xf8, 0xbf, 0x47, 0x01, 0xd4, 0x98, 0x26, 0x1a, 0x08, 0x02, - 0xef, 0x63, 0x64, 0x2b, 0xc3, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, - 0x00, 0x18, 0x8a, 0x95, 0x89, 0x03, 0xe6, 0x6d, 0xdf, 0x5c, 0xfc, 0x1d, - 0x68, 0xea, 0x4a, 0x8f, 0x83, 0xd6, 0x51, 0x2f, 0x8d, 0x6b, 0x44, 0x16, - 0x9e, 0xac, 0x63, 0xf5, 0xd2, 0x6e, 0x6c, 0x84, 0x99, 0x8b, 0xaa, 0x81, - 0x71, 0x84, 0x5b, 0xed, 0x34, 0x4e, 0xb0, 0xb7, 0x79, 0x92, 0x29, 0xcc, - 0x2d, 0x80, 0x6a, 0xf0, 0x8e, 0x20, 0xe1, 0x79, 0xa4, 0xfe, 0x03, 0x47, - 0x13, 0xea, 0xf5, 0x86, 0xca, 0x59, 0x71, 0x7d, 0xf4, 0x04, 0x96, 0x6b, - 0xd3, 0x59, 0x58, 0x3d, 0xfe, 0xd3, 0x31, 0x25, 0x5c, 0x18, 0x38, 0x84, - 0xa3, 0xe6, 0x9f, 0x82, 0xfd, 0x8c, 0x5b, 0x98, 0x31, 0x4e, 0xcd, 0x78, - 0x9e, 0x1a, 0xfd, 0x85, 0xcb, 0x49, 0xaa, 0xf2, 0x27, 0x8b, 0x99, 0x72, - 0xfc, 0x3e, 0xaa, 0xd5, 0x41, 0x0b, 0xda, 0xd5, 0x36, 0xa1, 0xbf, 0x1c, - 0x6e, 0x47, 0x49, 0x7f, 0x5e, 0xd9, 0x48, 0x7c, 0x03, 0xd9, 0xfd, 0x8b, - 0x49, 0xa0, 0x98, 0x26, 0x42, 0x40, 0xeb, 0xd6, 0x92, 0x11, 0xa4, 0x64, - 0x0a, 0x57, 0x54, 0xc4, 0xf5, 0x1d, 0xd6, 0x02, 0x5e, 0x6b, 0xac, 0xee, - 0xc4, 0x80, 0x9a, 0x12, 0x72, 0xfa, 0x56, 0x93, 0xd7, 0xff, 0xbf, 0x30, - 0x85, 0x06, 0x30, 0xbf, 0x0b, 0x7f, 0x4e, 0xff, 0x57, 0x05, 0x9d, 0x24, - 0xed, 0x85, 0xc3, 0x2b, 0xfb, 0xa6, 0x75, 0xa8, 0xac, 0x2d, 0x16, 0xef, - 0x7d, 0x79, 0x27, 0xb2, 0xeb, 0xc2, 0x9d, 0x0b, 0x07, 0xea, 0xaa, 0x85, - 0xd3, 0x01, 0xa3, 0x20, 0x28, 0x41, 0x59, 0x43, 0x28, 0xd2, 0x81, 0xe3, - 0xaa, 0xf6, 0xec, 0x7b, 0x3b, 0x77, 0xb6, 0x40, 0x62, 0x80, 0x05, 0x41, - 0x45, 0x01, 0xef, 0x17, 0x06, 0x3e, 0xde, 0xc0, 0x33, 0x9b, 0x67, 0xd3, - 0x61, 0x2e, 0x72, 0x87, 0xe4, 0x69, 0xfc, 0x12, 0x00, 0x57, 0x40, 0x1e, - 0x70, 0xf5, 0x1e, 0xc9, 0xb4, -} - -var certSet2Cert27 = []byte{ - 0x30, 0x82, 0x04, 0xb2, 0x30, 0x82, 0x03, 0x9a, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x16, 0x87, 0xd6, 0x88, 0x6d, 0xe2, 0x30, 0x06, 0x85, - 0x23, 0x3d, 0xbf, 0x11, 0xbf, 0x65, 0x97, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xa9, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, - 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, 0x38, 0x30, 0x36, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, - 0x30, 0x36, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, - 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x16, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, - 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x30, 0x33, 0x31, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x31, - 0x30, 0x33, 0x30, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x41, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, - 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x74, - 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, - 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, - 0x01, 0x00, 0xb2, 0xfc, 0x06, 0xfb, 0x04, 0x93, 0xd2, 0xea, 0x59, 0x20, - 0x3b, 0x44, 0x85, 0x97, 0x52, 0x39, 0xe7, 0x10, 0xf0, 0x7a, 0xe0, 0xb0, - 0x94, 0x40, 0xda, 0x46, 0xf8, 0x0c, 0x28, 0xbb, 0xb9, 0xce, 0x60, 0x38, - 0x3f, 0xd2, 0xd8, 0x11, 0x42, 0x1b, 0x91, 0xad, 0x49, 0xee, 0x8f, 0xc7, - 0xde, 0x6c, 0xde, 0x37, 0x6f, 0xfd, 0x8b, 0x20, 0x3c, 0x6d, 0xe7, 0x74, - 0xd3, 0xdc, 0xd5, 0x24, 0x88, 0x41, 0x80, 0x89, 0xee, 0x36, 0xbe, 0xc4, - 0xd5, 0xbe, 0x8d, 0x53, 0x13, 0xaa, 0xe4, 0xa5, 0xb8, 0x93, 0x0a, 0xbe, - 0xec, 0xda, 0xcd, 0x3c, 0xd4, 0x32, 0x56, 0xef, 0xd0, 0x4e, 0xa0, 0xb8, - 0x97, 0xbb, 0x39, 0x50, 0x1e, 0x6e, 0x65, 0xc3, 0xfd, 0xb2, 0xce, 0xe0, - 0x59, 0xa9, 0x48, 0x09, 0xc6, 0xfe, 0xbe, 0xae, 0xfc, 0x3e, 0x3b, 0x81, - 0x20, 0x97, 0x8b, 0x8f, 0x46, 0xdf, 0x60, 0x64, 0x07, 0x75, 0xbb, 0x1b, - 0x86, 0x38, 0x9f, 0x47, 0x7b, 0x34, 0xce, 0xa1, 0xd1, 0x97, 0xad, 0x76, - 0xd8, 0x9f, 0xb7, 0x26, 0xdb, 0x79, 0x80, 0x36, 0x48, 0xf2, 0xc5, 0x37, - 0xf8, 0xd9, 0x32, 0xae, 0x7c, 0xa4, 0x53, 0x81, 0xc7, 0x99, 0xa1, 0x54, - 0x38, 0x2f, 0x4f, 0x75, 0xa0, 0xbb, 0x5a, 0xa5, 0xbb, 0xcd, 0xac, 0x02, - 0x5b, 0x19, 0x02, 0xd5, 0x13, 0x18, 0xa7, 0xce, 0xac, 0x74, 0x55, 0x12, - 0x05, 0x8b, 0x9b, 0xa2, 0x95, 0x46, 0x64, 0x72, 0x38, 0xcd, 0x5a, 0x1b, - 0x3a, 0x16, 0xa7, 0xbe, 0x71, 0x99, 0x8c, 0x54, 0x03, 0xb8, 0x96, 0x6c, - 0x01, 0xd3, 0x3e, 0x06, 0x98, 0x3f, 0x21, 0x81, 0x3b, 0x02, 0x7e, 0x00, - 0x47, 0x53, 0x01, 0x1e, 0x0e, 0x46, 0x43, 0xfb, 0x4b, 0x2d, 0xdc, 0x0b, - 0x1a, 0xe8, 0x2f, 0x98, 0xf8, 0x7e, 0xd1, 0x99, 0xab, 0x13, 0x6c, 0xa4, - 0x17, 0xde, 0x6f, 0xf6, 0x15, 0xf5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, - 0x82, 0x01, 0x3b, 0x30, 0x82, 0x01, 0x37, 0x30, 0x12, 0x06, 0x03, 0x55, - 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, - 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, - 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x32, 0x06, 0x03, 0x55, - 0x1d, 0x1f, 0x04, 0x2b, 0x30, 0x29, 0x30, 0x27, 0xa0, 0x25, 0xa0, 0x23, - 0x86, 0x21, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x74, 0x31, 0x2e, - 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x54, 0x68, - 0x61, 0x77, 0x74, 0x65, 0x50, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, 0x30, - 0x2f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, - 0x23, 0x30, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x30, 0x01, 0x86, 0x13, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x74, 0x32, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x41, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3a, 0x30, 0x38, 0x30, - 0x36, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, 0x07, - 0x36, 0x30, 0x28, 0x30, 0x26, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, - 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x29, 0x06, 0x03, 0x55, - 0x1d, 0x11, 0x04, 0x22, 0x30, 0x20, 0xa4, 0x1e, 0x30, 0x1c, 0x31, 0x1a, - 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x53, 0x79, 0x6d, - 0x61, 0x6e, 0x74, 0x65, 0x63, 0x50, 0x4b, 0x49, 0x2d, 0x31, 0x2d, 0x35, - 0x33, 0x37, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, - 0x14, 0xc2, 0x4f, 0x48, 0x57, 0xfc, 0xd1, 0x4f, 0x9a, 0xc0, 0x5d, 0x38, - 0x7d, 0x0e, 0x05, 0xdb, 0xd9, 0x2e, 0xb5, 0x52, 0x60, 0x30, 0x1f, 0x06, - 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7b, 0x5b, - 0x45, 0xcf, 0xaf, 0xce, 0xcb, 0x7a, 0xfd, 0x31, 0x92, 0x1a, 0x6a, 0xb6, - 0xf3, 0x46, 0xeb, 0x57, 0x48, 0x50, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x01, 0x00, 0x8d, 0x06, 0xde, 0x43, 0xc9, 0x76, 0x02, 0xca, 0xd9, 0x23, - 0x97, 0x5e, 0xf3, 0x63, 0xd7, 0x7d, 0x44, 0xc2, 0x0f, 0x6b, 0x0a, 0xf5, - 0x07, 0xe5, 0x8b, 0xb8, 0xfa, 0xe0, 0xa3, 0xfa, 0x6b, 0x80, 0x92, 0xb5, - 0x03, 0x2c, 0xc5, 0x37, 0xe0, 0xc2, 0xe5, 0x95, 0xb5, 0x92, 0x70, 0x18, - 0x28, 0x42, 0x94, 0xee, 0x4b, 0x77, 0x6a, 0x01, 0x0f, 0x8b, 0x23, 0xec, - 0x56, 0x4d, 0xf4, 0x00, 0x69, 0xe5, 0x84, 0xc8, 0xe2, 0xea, 0xde, 0x5b, - 0x3e, 0xf6, 0x3c, 0x07, 0x3a, 0x94, 0xca, 0x6c, 0x27, 0xb1, 0xcc, 0x83, - 0x1a, 0x60, 0x71, 0x27, 0xd2, 0xbf, 0x02, 0xf5, 0x1e, 0x44, 0xd3, 0x48, - 0xd5, 0xa6, 0xd3, 0x76, 0x21, 0x00, 0x9c, 0xfa, 0x98, 0x64, 0xeb, 0x17, - 0x36, 0x3f, 0xeb, 0x1b, 0x3c, 0x3e, 0xa6, 0xb1, 0xd9, 0x58, 0x06, 0x0e, - 0x72, 0xd9, 0x68, 0xbe, 0xf1, 0xa7, 0x20, 0xd7, 0x52, 0xe4, 0xa4, 0x77, - 0x1f, 0x71, 0x70, 0x9d, 0x55, 0x35, 0x85, 0x37, 0xe1, 0x1d, 0x4d, 0x94, - 0xc2, 0x70, 0x7f, 0x95, 0x40, 0x6e, 0x4b, 0x7d, 0xb2, 0xb4, 0x29, 0x2a, - 0x03, 0x79, 0xc8, 0xb9, 0x4c, 0x67, 0x61, 0x04, 0xa0, 0x8b, 0x27, 0xff, - 0x59, 0x00, 0xeb, 0x55, 0x7f, 0xc6, 0xb7, 0x33, 0x35, 0x2d, 0x5e, 0x4e, - 0xac, 0xb8, 0xea, 0x12, 0xc5, 0xe8, 0xf7, 0xb9, 0xab, 0xbe, 0x74, 0x92, - 0x2c, 0xb7, 0xd9, 0x4d, 0xca, 0x84, 0x2f, 0x1c, 0xc2, 0xf0, 0x72, 0x7c, - 0xb2, 0x31, 0x6e, 0xcf, 0x80, 0xe5, 0x88, 0x07, 0x36, 0x51, 0x7b, 0xba, - 0x61, 0xaf, 0x6d, 0x8d, 0x23, 0x5b, 0x34, 0xa3, 0x95, 0xbc, 0xa2, 0x31, - 0x7f, 0xf2, 0xf5, 0xe7, 0xb7, 0xe8, 0xef, 0xc4, 0xb5, 0x27, 0x32, 0xe9, - 0xf7, 0x9e, 0x69, 0xc7, 0x2b, 0xe8, 0xbe, 0xbb, 0x0c, 0xaa, 0xe7, 0xea, - 0x60, 0x12, 0xea, 0x26, 0x8a, 0x78, -} - -var certSet2Cert28 = []byte{ - 0x30, 0x82, 0x04, 0xb6, 0x30, 0x82, 0x03, 0x9e, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x0c, 0x79, 0xa9, 0x44, 0xb0, 0x8c, 0x11, 0x95, 0x20, - 0x92, 0x61, 0x5f, 0xe2, 0x6b, 0x1d, 0x83, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x6c, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, - 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, - 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x10, 0x77, - 0x77, 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x22, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x48, - 0x69, 0x67, 0x68, 0x20, 0x41, 0x73, 0x73, 0x75, 0x72, 0x61, 0x6e, 0x63, - 0x65, 0x20, 0x45, 0x56, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, - 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x30, 0x32, 0x32, 0x31, 0x32, - 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x31, 0x30, 0x32, - 0x32, 0x31, 0x32, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x75, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x44, 0x69, - 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x31, 0x19, - 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x10, 0x77, 0x77, 0x77, - 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, - 0x6d, 0x31, 0x34, 0x30, 0x32, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2b, - 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x48, 0x41, - 0x32, 0x20, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x20, 0x56, - 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, - 0x82, 0x01, 0x01, 0x00, 0xd7, 0x53, 0xa4, 0x04, 0x51, 0xf8, 0x99, 0xa6, - 0x16, 0x48, 0x4b, 0x67, 0x27, 0xaa, 0x93, 0x49, 0xd0, 0x39, 0xed, 0x0c, - 0xb0, 0xb0, 0x00, 0x87, 0xf1, 0x67, 0x28, 0x86, 0x85, 0x8c, 0x8e, 0x63, - 0xda, 0xbc, 0xb1, 0x40, 0x38, 0xe2, 0xd3, 0xf5, 0xec, 0xa5, 0x05, 0x18, - 0xb8, 0x3d, 0x3e, 0xc5, 0x99, 0x17, 0x32, 0xec, 0x18, 0x8c, 0xfa, 0xf1, - 0x0c, 0xa6, 0x64, 0x21, 0x85, 0xcb, 0x07, 0x10, 0x34, 0xb0, 0x52, 0x88, - 0x2b, 0x1f, 0x68, 0x9b, 0xd2, 0xb1, 0x8f, 0x12, 0xb0, 0xb3, 0xd2, 0xe7, - 0x88, 0x1f, 0x1f, 0xef, 0x38, 0x77, 0x54, 0x53, 0x5f, 0x80, 0x79, 0x3f, - 0x2e, 0x1a, 0xaa, 0xa8, 0x1e, 0x4b, 0x2b, 0x0d, 0xab, 0xb7, 0x63, 0xb9, - 0x35, 0xb7, 0x7d, 0x14, 0xbc, 0x59, 0x4b, 0xdf, 0x51, 0x4a, 0xd2, 0xa1, - 0xe2, 0x0c, 0xe2, 0x90, 0x82, 0x87, 0x6a, 0xae, 0xea, 0xd7, 0x64, 0xd6, - 0x98, 0x55, 0xe8, 0xfd, 0xaf, 0x1a, 0x50, 0x6c, 0x54, 0xbc, 0x11, 0xf2, - 0xfd, 0x4a, 0xf2, 0x9d, 0xbb, 0x7f, 0x0e, 0xf4, 0xd5, 0xbe, 0x8e, 0x16, - 0x89, 0x12, 0x55, 0xd8, 0xc0, 0x71, 0x34, 0xee, 0xf6, 0xdc, 0x2d, 0xec, - 0xc4, 0x87, 0x25, 0x86, 0x8d, 0xd8, 0x21, 0xe4, 0xb0, 0x4d, 0x0c, 0x89, - 0xdc, 0x39, 0x26, 0x17, 0xdd, 0xf6, 0xd7, 0x94, 0x85, 0xd8, 0x04, 0x21, - 0x70, 0x9d, 0x6f, 0x6f, 0xff, 0x5c, 0xba, 0x19, 0xe1, 0x45, 0xcb, 0x56, - 0x57, 0x28, 0x7e, 0x1c, 0x0d, 0x41, 0x57, 0xaa, 0xb7, 0xb8, 0x27, 0xbb, - 0xb1, 0xe4, 0xfa, 0x2a, 0xef, 0x21, 0x23, 0x75, 0x1a, 0xad, 0x2d, 0x9b, - 0x86, 0x35, 0x8c, 0x9c, 0x77, 0xb5, 0x73, 0xad, 0xd8, 0x94, 0x2d, 0xe4, - 0xf3, 0x0c, 0x9d, 0xee, 0xc1, 0x4e, 0x62, 0x7e, 0x17, 0xc0, 0x71, 0x9e, - 0x2c, 0xde, 0xf1, 0xf9, 0x10, 0x28, 0x19, 0x33, 0x02, 0x03, 0x01, 0x00, - 0x01, 0xa3, 0x82, 0x01, 0x49, 0x30, 0x82, 0x01, 0x45, 0x30, 0x12, 0x06, - 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, - 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, - 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x1d, 0x06, - 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x03, 0x02, 0x30, 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x01, 0x01, 0x04, 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x64, 0x69, - 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x4b, - 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x44, 0x30, 0x42, 0x30, 0x40, 0xa0, - 0x3e, 0xa0, 0x3c, 0x86, 0x3a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x63, 0x72, 0x6c, 0x34, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, - 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, - 0x72, 0x74, 0x48, 0x69, 0x67, 0x68, 0x41, 0x73, 0x73, 0x75, 0x72, 0x61, - 0x6e, 0x63, 0x65, 0x45, 0x56, 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x41, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x3d, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x36, - 0x30, 0x34, 0x30, 0x32, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x2a, - 0x30, 0x28, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, - 0x16, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, - 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x43, 0x50, 0x53, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, - 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3d, 0xd3, 0x50, 0xa5, 0xd6, 0xa0, 0xad, - 0xee, 0xf3, 0x4a, 0x60, 0x0a, 0x65, 0xd3, 0x21, 0xd4, 0xf8, 0xf8, 0xd6, - 0x0f, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, - 0x80, 0x14, 0xb1, 0x3e, 0xc3, 0x69, 0x03, 0xf8, 0xbf, 0x47, 0x01, 0xd4, - 0x98, 0x26, 0x1a, 0x08, 0x02, 0xef, 0x63, 0x64, 0x2b, 0xc3, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x9d, 0xb6, 0xd0, 0x90, 0x86, 0xe1, - 0x86, 0x02, 0xed, 0xc5, 0xa0, 0xf0, 0x34, 0x1c, 0x74, 0xc1, 0x8d, 0x76, - 0xcc, 0x86, 0x0a, 0xa8, 0xf0, 0x4a, 0x8a, 0x42, 0xd6, 0x3f, 0xc8, 0xa9, - 0x4d, 0xad, 0x7c, 0x08, 0xad, 0xe6, 0xb6, 0x50, 0xb8, 0xa2, 0x1a, 0x4d, - 0x88, 0x07, 0xb1, 0x29, 0x21, 0xdc, 0xe7, 0xda, 0xc6, 0x3c, 0x21, 0xe0, - 0xe3, 0x11, 0x49, 0x70, 0xac, 0x7a, 0x1d, 0x01, 0xa4, 0xca, 0x11, 0x3a, - 0x57, 0xab, 0x7d, 0x57, 0x2a, 0x40, 0x74, 0xfd, 0xd3, 0x1d, 0x85, 0x18, - 0x50, 0xdf, 0x57, 0x47, 0x75, 0xa1, 0x7d, 0x55, 0x20, 0x2e, 0x47, 0x37, - 0x50, 0x72, 0x8c, 0x7f, 0x82, 0x1b, 0xd2, 0x62, 0x8f, 0x2d, 0x03, 0x5a, - 0xda, 0xc3, 0xc8, 0xa1, 0xce, 0x2c, 0x52, 0xa2, 0x00, 0x63, 0xeb, 0x73, - 0xba, 0x71, 0xc8, 0x49, 0x27, 0x23, 0x97, 0x64, 0x85, 0x9e, 0x38, 0x0e, - 0xad, 0x63, 0x68, 0x3c, 0xba, 0x52, 0x81, 0x58, 0x79, 0xa3, 0x2c, 0x0c, - 0xdf, 0xde, 0x6d, 0xeb, 0x31, 0xf2, 0xba, 0xa0, 0x7c, 0x6c, 0xf1, 0x2c, - 0xd4, 0xe1, 0xbd, 0x77, 0x84, 0x37, 0x03, 0xce, 0x32, 0xb5, 0xc8, 0x9a, - 0x81, 0x1a, 0x4a, 0x92, 0x4e, 0x3b, 0x46, 0x9a, 0x85, 0xfe, 0x83, 0xa2, - 0xf9, 0x9e, 0x8c, 0xa3, 0xcc, 0x0d, 0x5e, 0xb3, 0x3d, 0xcf, 0x04, 0x78, - 0x8f, 0x14, 0x14, 0x7b, 0x32, 0x9c, 0xc7, 0x00, 0xa6, 0x5c, 0xc4, 0xb5, - 0xa1, 0x55, 0x8d, 0x5a, 0x56, 0x68, 0xa4, 0x22, 0x70, 0xaa, 0x3c, 0x81, - 0x71, 0xd9, 0x9d, 0xa8, 0x45, 0x3b, 0xf4, 0xe5, 0xf6, 0xa2, 0x51, 0xdd, - 0xc7, 0x7b, 0x62, 0xe8, 0x6f, 0x0c, 0x74, 0xeb, 0xb8, 0xda, 0xf8, 0xbf, - 0x87, 0x0d, 0x79, 0x50, 0x91, 0x90, 0x9b, 0x18, 0x3b, 0x91, 0x59, 0x27, - 0xf1, 0x35, 0x28, 0x13, 0xab, 0x26, 0x7e, 0xd5, 0xf7, 0x7a, -} - -var certSet2Cert29 = []byte{ - 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x03, 0xaa, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x36, 0x34, 0x9e, 0x18, 0xc9, 0x9c, 0x26, 0x69, 0xb6, - 0x56, 0x2e, 0x6c, 0xe5, 0xad, 0x71, 0x32, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, - 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, 0x38, 0x30, 0x36, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, - 0x30, 0x38, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, - 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x1b, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, - 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, 0x1e, 0x17, 0x0d, 0x31, - 0x33, 0x30, 0x35, 0x32, 0x33, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, - 0x17, 0x0d, 0x32, 0x33, 0x30, 0x35, 0x32, 0x32, 0x32, 0x33, 0x35, 0x39, - 0x35, 0x39, 0x5a, 0x30, 0x43, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, - 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, - 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x14, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x53, - 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa3, 0x63, 0x2b, - 0xd4, 0xba, 0x5d, 0x38, 0xae, 0xb0, 0xcf, 0xb9, 0x4c, 0x38, 0xdf, 0x20, - 0x7d, 0xf1, 0x2b, 0x47, 0x71, 0x1d, 0x8b, 0x68, 0xf3, 0x56, 0xf9, 0x9c, - 0xda, 0xaa, 0xe5, 0x84, 0x26, 0xde, 0xa5, 0x71, 0x30, 0xbc, 0xf3, 0x31, - 0x23, 0x9d, 0xe8, 0x3b, 0x80, 0xc8, 0x66, 0x57, 0x75, 0xb6, 0x57, 0x0e, - 0xdb, 0x93, 0xf5, 0x26, 0x8e, 0x70, 0xba, 0x64, 0x52, 0x66, 0x8a, 0x2a, - 0x88, 0x5c, 0x44, 0x18, 0x4d, 0xa8, 0xa2, 0x7c, 0xbd, 0x56, 0x61, 0x32, - 0x90, 0x12, 0xf9, 0x35, 0x87, 0x48, 0x60, 0xb0, 0x6e, 0x90, 0x67, 0x44, - 0x01, 0x8d, 0xe7, 0xc9, 0x0d, 0x63, 0x68, 0x72, 0x72, 0xab, 0x63, 0x3c, - 0x86, 0xb8, 0x1f, 0x7d, 0xad, 0x88, 0x25, 0xa7, 0x6a, 0x88, 0x29, 0xfb, - 0x59, 0xc6, 0x78, 0x71, 0x5f, 0x2c, 0xba, 0x89, 0xe6, 0xd3, 0x80, 0xfd, - 0x57, 0xec, 0xb9, 0x51, 0x5f, 0x43, 0x33, 0x2e, 0x7e, 0x25, 0x3b, 0xa4, - 0x04, 0xd1, 0x60, 0x8c, 0xb3, 0x44, 0x33, 0x93, 0x0c, 0xad, 0x2a, 0xb6, - 0x44, 0xa2, 0x19, 0x3b, 0xaf, 0xc4, 0x90, 0x6f, 0x7b, 0x05, 0x87, 0x86, - 0x9b, 0x2c, 0x6a, 0x9d, 0x2b, 0x6c, 0x77, 0xc9, 0x00, 0x9f, 0xc9, 0xcf, - 0xac, 0xed, 0x3e, 0x1b, 0xf7, 0xc3, 0xf3, 0xd9, 0xf8, 0x6c, 0xd4, 0xa0, - 0x57, 0xc4, 0xfb, 0x28, 0x32, 0xaa, 0x33, 0xf0, 0xe6, 0xba, 0x98, 0xdf, - 0xe5, 0xc2, 0x4e, 0x9c, 0x74, 0xbf, 0x8a, 0x48, 0xc2, 0xf2, 0x1b, 0xf0, - 0x77, 0x40, 0x41, 0x07, 0x04, 0xb2, 0x3a, 0xd5, 0x4c, 0xc4, 0x29, 0xa9, - 0x11, 0x40, 0x3f, 0x02, 0x46, 0xf0, 0x91, 0xd5, 0xd2, 0x81, 0x83, 0x86, - 0x13, 0xb3, 0x31, 0xed, 0x46, 0xab, 0xa8, 0x87, 0x76, 0xa9, 0x99, 0x7d, - 0xbc, 0xcd, 0x31, 0x50, 0xf4, 0xa5, 0xb5, 0xdc, 0xa5, 0x32, 0xb3, 0x8b, - 0x8b, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x44, 0x30, 0x82, - 0x01, 0x40, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x01, 0x01, 0x04, 0x26, 0x30, 0x24, 0x30, 0x22, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x16, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x74, 0x68, 0x61, 0x77, - 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, - 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, - 0x01, 0x00, 0x30, 0x41, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3a, 0x30, - 0x38, 0x30, 0x36, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, - 0x01, 0x07, 0x36, 0x30, 0x28, 0x30, 0x26, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x73, - 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, - 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x37, 0x06, - 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x30, 0x30, 0x2e, 0x30, 0x2c, 0xa0, 0x2a, - 0xa0, 0x28, 0x86, 0x26, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, - 0x72, 0x6c, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x50, 0x43, 0x41, 0x2d, - 0x47, 0x33, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x2a, - 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x23, 0x30, 0x21, 0xa4, 0x1f, 0x30, - 0x1d, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, - 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x4d, 0x50, 0x4b, 0x49, - 0x2d, 0x32, 0x2d, 0x34, 0x31, 0x35, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, - 0x0e, 0x04, 0x16, 0x04, 0x14, 0x2b, 0x9a, 0x35, 0xae, 0x01, 0x18, 0x38, - 0x30, 0xe1, 0x70, 0x7a, 0x05, 0xe0, 0x11, 0x76, 0xa3, 0xce, 0xbd, 0x90, - 0x14, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, - 0x80, 0x14, 0xad, 0x6c, 0xaa, 0x94, 0x60, 0x9c, 0xed, 0xe4, 0xff, 0xfa, - 0x3e, 0x0a, 0x74, 0x2b, 0x63, 0x03, 0xf7, 0xb6, 0x59, 0xbf, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x74, 0xa6, 0x56, 0xe8, 0xaf, 0x93, - 0x96, 0x19, 0xfb, 0x26, 0xf9, 0x0d, 0xb0, 0x44, 0xa5, 0xcd, 0xe9, 0x7a, - 0x48, 0x03, 0x74, 0x01, 0x6c, 0x13, 0x71, 0xb7, 0xe0, 0x82, 0x90, 0x99, - 0x62, 0x23, 0xe3, 0xd6, 0x99, 0xaf, 0xf0, 0xc7, 0x1e, 0x9e, 0xa8, 0x18, - 0x21, 0xdb, 0xb4, 0x94, 0x3f, 0x34, 0x56, 0x1b, 0x99, 0x55, 0x2f, 0x8e, - 0xf0, 0x45, 0x33, 0x32, 0xb7, 0x72, 0xc1, 0x13, 0x5b, 0x34, 0xd3, 0xf5, - 0x60, 0xe5, 0x2e, 0x18, 0xd1, 0x5c, 0xc5, 0x6a, 0xc1, 0xaa, 0x87, 0x50, - 0x0c, 0x1c, 0x9d, 0x64, 0x2b, 0xff, 0x1b, 0xdc, 0xd5, 0x2e, 0x61, 0x0b, - 0xe7, 0xb9, 0xb6, 0x91, 0x53, 0x86, 0xd9, 0x03, 0x2a, 0xd1, 0x3d, 0x7b, - 0x4a, 0xda, 0x2b, 0x07, 0xbe, 0x29, 0xf2, 0x60, 0x42, 0xa9, 0x91, 0x1a, - 0x0e, 0x2e, 0x3c, 0xd1, 0x7d, 0xa5, 0x13, 0x14, 0x02, 0xfa, 0xee, 0x8b, - 0x8d, 0xb6, 0xc8, 0xb8, 0x3e, 0x56, 0x81, 0x57, 0x21, 0x24, 0x3f, 0x65, - 0xc3, 0xb4, 0xc9, 0xce, 0x5c, 0x8d, 0x46, 0xac, 0x53, 0xf3, 0xf9, 0x55, - 0x74, 0xc8, 0x2b, 0xfd, 0xd2, 0x78, 0x70, 0xf5, 0xf8, 0x11, 0xe5, 0xf4, - 0xa7, 0xad, 0x20, 0xf5, 0x9d, 0xf1, 0xec, 0x70, 0xf6, 0x13, 0xac, 0xe6, - 0x8c, 0x8d, 0xdb, 0x3f, 0xc6, 0xf2, 0x79, 0x0e, 0xab, 0x52, 0xf2, 0xcc, - 0x1b, 0x79, 0x27, 0xcf, 0x16, 0xb3, 0xd6, 0xf3, 0xc6, 0x36, 0x80, 0x43, - 0xec, 0xc5, 0x94, 0xf0, 0xdd, 0x90, 0x8d, 0xf8, 0xc6, 0x52, 0x46, 0x56, - 0xeb, 0x74, 0x47, 0xbe, 0xa6, 0xf3, 0x19, 0xae, 0x71, 0x4c, 0xc0, 0xe1, - 0xe7, 0xd4, 0xcf, 0xed, 0xd4, 0x06, 0x28, 0x2a, 0x11, 0x3c, 0xba, 0xd9, - 0x41, 0x6e, 0x00, 0xe7, 0x81, 0x37, 0x93, 0xe4, 0xda, 0x62, 0xc6, 0x1d, - 0x67, 0x6f, 0x63, 0xb4, 0x14, 0x86, 0xd9, 0xa6, 0x62, 0xf0, -} - -var certSet2Cert30 = []byte{ - 0x30, 0x82, 0x04, 0xc6, 0x30, 0x82, 0x04, 0x2f, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x35, 0x97, 0x31, 0x87, 0xf3, 0x87, 0x3a, 0x07, 0x32, - 0x7e, 0xce, 0x58, 0x0c, 0x9b, 0x7e, 0xda, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5f, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, - 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x2e, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x50, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, - 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x31, 0x31, 0x30, 0x38, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x31, 0x31, 0x30, 0x37, - 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x81, 0xca, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, - 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x3a, 0x30, - 0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x31, 0x28, 0x63, 0x29, 0x20, - 0x32, 0x30, 0x30, 0x36, 0x20, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, - 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, - 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, - 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x45, 0x30, - 0x43, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x3c, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, - 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, - 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x35, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xaf, 0x24, 0x08, 0x08, 0x29, 0x7a, 0x35, - 0x9e, 0x60, 0x0c, 0xaa, 0xe7, 0x4b, 0x3b, 0x4e, 0xdc, 0x7c, 0xbc, 0x3c, - 0x45, 0x1c, 0xbb, 0x2b, 0xe0, 0xfe, 0x29, 0x02, 0xf9, 0x57, 0x08, 0xa3, - 0x64, 0x85, 0x15, 0x27, 0xf5, 0xf1, 0xad, 0xc8, 0x31, 0x89, 0x5d, 0x22, - 0xe8, 0x2a, 0xaa, 0xa6, 0x42, 0xb3, 0x8f, 0xf8, 0xb9, 0x55, 0xb7, 0xb1, - 0xb7, 0x4b, 0xb3, 0xfe, 0x8f, 0x7e, 0x07, 0x57, 0xec, 0xef, 0x43, 0xdb, - 0x66, 0x62, 0x15, 0x61, 0xcf, 0x60, 0x0d, 0xa4, 0xd8, 0xde, 0xf8, 0xe0, - 0xc3, 0x62, 0x08, 0x3d, 0x54, 0x13, 0xeb, 0x49, 0xca, 0x59, 0x54, 0x85, - 0x26, 0xe5, 0x2b, 0x8f, 0x1b, 0x9f, 0xeb, 0xf5, 0xa1, 0x91, 0xc2, 0x33, - 0x49, 0xd8, 0x43, 0x63, 0x6a, 0x52, 0x4b, 0xd2, 0x8f, 0xe8, 0x70, 0x51, - 0x4d, 0xd1, 0x89, 0x69, 0x7b, 0xc7, 0x70, 0xf6, 0xb3, 0xdc, 0x12, 0x74, - 0xdb, 0x7b, 0x5d, 0x4b, 0x56, 0xd3, 0x96, 0xbf, 0x15, 0x77, 0xa1, 0xb0, - 0xf4, 0xa2, 0x25, 0xf2, 0xaf, 0x1c, 0x92, 0x67, 0x18, 0xe5, 0xf4, 0x06, - 0x04, 0xef, 0x90, 0xb9, 0xe4, 0x00, 0xe4, 0xdd, 0x3a, 0xb5, 0x19, 0xff, - 0x02, 0xba, 0xf4, 0x3c, 0xee, 0xe0, 0x8b, 0xeb, 0x37, 0x8b, 0xec, 0xf4, - 0xd7, 0xac, 0xf2, 0xf6, 0xf0, 0x3d, 0xaf, 0xdd, 0x75, 0x91, 0x33, 0x19, - 0x1d, 0x1c, 0x40, 0xcb, 0x74, 0x24, 0x19, 0x21, 0x93, 0xd9, 0x14, 0xfe, - 0xac, 0x2a, 0x52, 0xc7, 0x8f, 0xd5, 0x04, 0x49, 0xe4, 0x8d, 0x63, 0x47, - 0x88, 0x3c, 0x69, 0x83, 0xcb, 0xfe, 0x47, 0xbd, 0x2b, 0x7e, 0x4f, 0xc5, - 0x95, 0xae, 0x0e, 0x9d, 0xd4, 0xd1, 0x43, 0xc0, 0x67, 0x73, 0xe3, 0x14, - 0x08, 0x7e, 0xe5, 0x3f, 0x9f, 0x73, 0xb8, 0x33, 0x0a, 0xcf, 0x5d, 0x3f, - 0x34, 0x87, 0x96, 0x8a, 0xee, 0x53, 0xe8, 0x25, 0x15, 0x02, 0x03, 0x01, - 0x00, 0x01, 0xa3, 0x82, 0x01, 0x91, 0x30, 0x82, 0x01, 0x8d, 0x30, 0x0f, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, - 0x01, 0x01, 0xff, 0x30, 0x31, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2a, - 0x30, 0x28, 0x30, 0x26, 0xa0, 0x24, 0xa0, 0x22, 0x86, 0x20, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x76, 0x65, 0x72, - 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x63, - 0x61, 0x33, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x3d, - 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x36, 0x30, 0x34, 0x30, 0x32, 0x06, - 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x2a, 0x30, 0x28, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1c, 0x68, 0x74, 0x74, - 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x76, 0x65, 0x72, - 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, - 0x73, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0x7f, 0xd3, 0x65, 0xa7, 0xc2, 0xdd, 0xec, 0xbb, 0xf0, 0x30, 0x09, 0xf3, - 0x43, 0x39, 0xfa, 0x02, 0xaf, 0x33, 0x31, 0x33, 0x30, 0x34, 0x06, 0x03, - 0x55, 0x1d, 0x25, 0x04, 0x2d, 0x30, 0x2b, 0x06, 0x09, 0x60, 0x86, 0x48, - 0x01, 0x86, 0xf8, 0x42, 0x04, 0x01, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, - 0x86, 0xf8, 0x45, 0x01, 0x08, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x03, 0x02, 0x30, 0x6d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x01, 0x0c, 0x04, 0x61, 0x30, 0x5f, 0xa1, 0x5d, 0xa0, 0x5b, 0x30, 0x59, - 0x30, 0x57, 0x30, 0x55, 0x16, 0x09, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x2f, - 0x67, 0x69, 0x66, 0x30, 0x21, 0x30, 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, - 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x8f, 0xe5, 0xd3, 0x1a, 0x86, 0xac, - 0x8d, 0x8e, 0x6b, 0xc3, 0xcf, 0x80, 0x6a, 0xd4, 0x48, 0x18, 0x2c, 0x7b, - 0x19, 0x2e, 0x30, 0x25, 0x16, 0x23, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x6c, 0x6f, 0x67, 0x6f, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, - 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x76, 0x73, 0x6c, 0x6f, 0x67, - 0x6f, 0x2e, 0x67, 0x69, 0x66, 0x30, 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x76, - 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, - 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x0f, 0x25, 0xae, 0x48, 0xed, 0x1b, - 0x33, 0x85, 0x4c, 0x0c, 0xb5, 0xc2, 0xd7, 0xfe, 0x4d, 0xd6, 0x83, 0x28, - 0x4c, 0x41, 0x65, 0x60, 0x00, 0x0b, 0x77, 0x48, 0x71, 0x82, 0xfe, 0x7f, - 0xdb, 0x5a, 0x0e, 0x20, 0xcc, 0xd2, 0xea, 0x47, 0xbc, 0x64, 0x42, 0x61, - 0x44, 0x34, 0x74, 0x30, 0x81, 0x81, 0x26, 0x8a, 0x4a, 0xf7, 0x44, 0x5d, - 0x7e, 0x34, 0x80, 0xa8, 0xb8, 0x83, 0xe2, 0x09, 0xd7, 0x6d, 0x23, 0xdd, - 0x89, 0xed, 0x28, 0x08, 0xbd, 0x63, 0x5a, 0x11, 0x57, 0x08, 0xc4, 0x9e, - 0xda, 0xe2, 0x68, 0x28, 0xaf, 0xdd, 0x50, 0x3c, 0xec, 0x82, 0x21, 0xd8, - 0x00, 0xc2, 0x55, 0x44, 0x50, 0x70, 0x41, 0xad, 0x83, 0x17, 0x79, 0xba, - 0x08, 0xf3, 0x2b, 0xde, 0xed, 0x34, 0x1d, 0x44, 0x9e, 0xd2, 0x04, 0x93, - 0xf4, 0xcb, 0x05, 0x17, 0x2d, 0x09, 0x2d, 0x2d, 0x63, 0xef, 0xf6, 0x26, - 0x0b, 0x7b, -} - -var certSet2Cert31 = []byte{ - 0x30, 0x82, 0x04, 0xd0, 0x30, 0x82, 0x03, 0xb8, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x01, 0x07, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x83, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, - 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63, 0x6f, 0x74, 0x74, 0x73, 0x64, 0x61, - 0x6c, 0x65, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x11, 0x47, 0x6f, 0x44, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, - 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x31, 0x30, 0x2f, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x28, 0x47, 0x6f, 0x20, 0x44, 0x61, 0x64, 0x64, - 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x1e, 0x17, - 0x0d, 0x31, 0x31, 0x30, 0x35, 0x30, 0x33, 0x30, 0x37, 0x30, 0x30, 0x30, - 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x31, 0x30, 0x35, 0x30, 0x33, 0x30, 0x37, - 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0xb4, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, - 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, 0x69, 0x7a, - 0x6f, 0x6e, 0x61, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, - 0x13, 0x0a, 0x53, 0x63, 0x6f, 0x74, 0x74, 0x73, 0x64, 0x61, 0x6c, 0x65, - 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x47, - 0x6f, 0x44, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x2d, 0x30, 0x2b, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x24, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, - 0x72, 0x74, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, - 0x72, 0x79, 0x2f, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x2a, 0x47, 0x6f, 0x20, 0x44, 0x61, 0x64, 0x64, 0x79, 0x20, 0x53, - 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xb9, 0xe0, 0xcb, 0x10, 0xd4, 0xaf, 0x76, - 0xbd, 0xd4, 0x93, 0x62, 0xeb, 0x30, 0x64, 0xb8, 0x81, 0x08, 0x6c, 0xc3, - 0x04, 0xd9, 0x62, 0x17, 0x8e, 0x2f, 0xff, 0x3e, 0x65, 0xcf, 0x8f, 0xce, - 0x62, 0xe6, 0x3c, 0x52, 0x1c, 0xda, 0x16, 0x45, 0x4b, 0x55, 0xab, 0x78, - 0x6b, 0x63, 0x83, 0x62, 0x90, 0xce, 0x0f, 0x69, 0x6c, 0x99, 0xc8, 0x1a, - 0x14, 0x8b, 0x4c, 0xcc, 0x45, 0x33, 0xea, 0x88, 0xdc, 0x9e, 0xa3, 0xaf, - 0x2b, 0xfe, 0x80, 0x61, 0x9d, 0x79, 0x57, 0xc4, 0xcf, 0x2e, 0xf4, 0x3f, - 0x30, 0x3c, 0x5d, 0x47, 0xfc, 0x9a, 0x16, 0xbc, 0xc3, 0x37, 0x96, 0x41, - 0x51, 0x8e, 0x11, 0x4b, 0x54, 0xf8, 0x28, 0xbe, 0xd0, 0x8c, 0xbe, 0xf0, - 0x30, 0x38, 0x1e, 0xf3, 0xb0, 0x26, 0xf8, 0x66, 0x47, 0x63, 0x6d, 0xde, - 0x71, 0x26, 0x47, 0x8f, 0x38, 0x47, 0x53, 0xd1, 0x46, 0x1d, 0xb4, 0xe3, - 0xdc, 0x00, 0xea, 0x45, 0xac, 0xbd, 0xbc, 0x71, 0xd9, 0xaa, 0x6f, 0x00, - 0xdb, 0xdb, 0xcd, 0x30, 0x3a, 0x79, 0x4f, 0x5f, 0x4c, 0x47, 0xf8, 0x1d, - 0xef, 0x5b, 0xc2, 0xc4, 0x9d, 0x60, 0x3b, 0xb1, 0xb2, 0x43, 0x91, 0xd8, - 0xa4, 0x33, 0x4e, 0xea, 0xb3, 0xd6, 0x27, 0x4f, 0xad, 0x25, 0x8a, 0xa5, - 0xc6, 0xf4, 0xd5, 0xd0, 0xa6, 0xae, 0x74, 0x05, 0x64, 0x57, 0x88, 0xb5, - 0x44, 0x55, 0xd4, 0x2d, 0x2a, 0x3a, 0x3e, 0xf8, 0xb8, 0xbd, 0xe9, 0x32, - 0x0a, 0x02, 0x94, 0x64, 0xc4, 0x16, 0x3a, 0x50, 0xf1, 0x4a, 0xae, 0xe7, - 0x79, 0x33, 0xaf, 0x0c, 0x20, 0x07, 0x7f, 0xe8, 0xdf, 0x04, 0x39, 0xc2, - 0x69, 0x02, 0x6c, 0x63, 0x52, 0xfa, 0x77, 0xc1, 0x1b, 0xc8, 0x74, 0x87, - 0xc8, 0xb9, 0x93, 0x18, 0x50, 0x54, 0x35, 0x4b, 0x69, 0x4e, 0xbc, 0x3b, - 0xd3, 0x49, 0x2e, 0x1f, 0xdc, 0xc1, 0xd2, 0x52, 0xfb, 0x02, 0x03, 0x01, - 0x00, 0x01, 0xa3, 0x82, 0x01, 0x1a, 0x30, 0x82, 0x01, 0x16, 0x30, 0x0f, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, - 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, - 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x40, 0xc2, 0xbd, 0x27, 0x8e, 0xcc, - 0x34, 0x83, 0x30, 0xa2, 0x33, 0xd7, 0xfb, 0x6c, 0xb3, 0xf0, 0xb4, 0x2c, - 0x80, 0xce, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, - 0x16, 0x80, 0x14, 0x3a, 0x9a, 0x85, 0x07, 0x10, 0x67, 0x28, 0xb6, 0xef, - 0xf6, 0xbd, 0x05, 0x41, 0x6e, 0x20, 0xc1, 0x94, 0xda, 0x0f, 0xde, 0x30, - 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, - 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x30, 0x35, 0x06, 0x03, 0x55, 0x1d, 0x1f, - 0x04, 0x2e, 0x30, 0x2c, 0x30, 0x2a, 0xa0, 0x28, 0xa0, 0x26, 0x86, 0x24, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x67, - 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, - 0x64, 0x72, 0x6f, 0x6f, 0x74, 0x2d, 0x67, 0x32, 0x2e, 0x63, 0x72, 0x6c, - 0x30, 0x46, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3f, 0x30, 0x3d, 0x30, - 0x3b, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x33, 0x30, 0x31, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, - 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x73, - 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x08, 0x7e, 0x6c, 0x93, - 0x10, 0xc8, 0x38, 0xb8, 0x96, 0xa9, 0x90, 0x4b, 0xff, 0xa1, 0x5f, 0x4f, - 0x04, 0xef, 0x6c, 0x3e, 0x9c, 0x88, 0x06, 0xc9, 0x50, 0x8f, 0xa6, 0x73, - 0xf7, 0x57, 0x31, 0x1b, 0xbe, 0xbc, 0xe4, 0x2f, 0xdb, 0xf8, 0xba, 0xd3, - 0x5b, 0xe0, 0xb4, 0xe7, 0xe6, 0x79, 0x62, 0x0e, 0x0c, 0xa2, 0xd7, 0x6a, - 0x63, 0x73, 0x31, 0xb5, 0xf5, 0xa8, 0x48, 0xa4, 0x3b, 0x08, 0x2d, 0xa2, - 0x5d, 0x90, 0xd7, 0xb4, 0x7c, 0x25, 0x4f, 0x11, 0x56, 0x30, 0xc4, 0xb6, - 0x44, 0x9d, 0x7b, 0x2c, 0x9d, 0xe5, 0x5e, 0xe6, 0xef, 0x0c, 0x61, 0xaa, - 0xbf, 0xe4, 0x2a, 0x1b, 0xee, 0x84, 0x9e, 0xb8, 0x83, 0x7d, 0xc1, 0x43, - 0xce, 0x44, 0xa7, 0x13, 0x70, 0x0d, 0x91, 0x1f, 0xf4, 0xc8, 0x13, 0xad, - 0x83, 0x60, 0xd9, 0xd8, 0x72, 0xa8, 0x73, 0x24, 0x1e, 0xb5, 0xac, 0x22, - 0x0e, 0xca, 0x17, 0x89, 0x62, 0x58, 0x44, 0x1b, 0xab, 0x89, 0x25, 0x01, - 0x00, 0x0f, 0xcd, 0xc4, 0x1b, 0x62, 0xdb, 0x51, 0xb4, 0xd3, 0x0f, 0x51, - 0x2a, 0x9b, 0xf4, 0xbc, 0x73, 0xfc, 0x76, 0xce, 0x36, 0xa4, 0xcd, 0xd9, - 0xd8, 0x2c, 0xea, 0xae, 0x9b, 0xf5, 0x2a, 0xb2, 0x90, 0xd1, 0x4d, 0x75, - 0x18, 0x8a, 0x3f, 0x8a, 0x41, 0x90, 0x23, 0x7d, 0x5b, 0x4b, 0xfe, 0xa4, - 0x03, 0x58, 0x9b, 0x46, 0xb2, 0xc3, 0x60, 0x60, 0x83, 0xf8, 0x7d, 0x50, - 0x41, 0xce, 0xc2, 0xa1, 0x90, 0xc3, 0xbb, 0xef, 0x02, 0x2f, 0xd2, 0x15, - 0x54, 0xee, 0x44, 0x15, 0xd9, 0x0a, 0xae, 0xa7, 0x8a, 0x33, 0xed, 0xb1, - 0x2d, 0x76, 0x36, 0x26, 0xdc, 0x04, 0xeb, 0x9f, 0xf7, 0x61, 0x1f, 0x15, - 0xdc, 0x87, 0x6f, 0xee, 0x46, 0x96, 0x28, 0xad, 0xa1, 0x26, 0x7d, 0x0a, - 0x09, 0xa7, 0x2e, 0x04, 0xa3, 0x8d, 0xbc, 0xf8, 0xbc, 0x04, 0x30, 0x01, -} - -var certSet2Cert32 = []byte{ - 0x30, 0x82, 0x04, 0xd0, 0x30, 0x82, 0x03, 0xb8, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x0a, 0x48, 0x9e, 0x88, 0x53, 0x7e, 0x8a, 0xa6, 0x45, - 0x4d, 0x6e, 0x2c, 0x4b, 0x2a, 0xeb, 0x20, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, - 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, 0x38, 0x30, 0x36, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, - 0x30, 0x38, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, - 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x1b, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, - 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, 0x1e, 0x17, 0x0d, 0x31, - 0x33, 0x30, 0x34, 0x30, 0x39, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, - 0x17, 0x0d, 0x32, 0x33, 0x30, 0x34, 0x30, 0x38, 0x32, 0x33, 0x35, 0x39, - 0x35, 0x39, 0x5a, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, - 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, - 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x31, 0x30, 0x2f, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x28, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x45, - 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x20, 0x56, 0x61, 0x6c, 0x69, - 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, - 0x36, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xf2, 0xc4, 0xbc, 0x74, 0xe8, 0x25, 0xf6, - 0x00, 0x62, 0x28, 0xe3, 0x4c, 0xe8, 0xb8, 0xdf, 0x13, 0x9f, 0x8b, 0x07, - 0x37, 0xef, 0x62, 0x4a, 0xf1, 0x57, 0x09, 0xf6, 0x82, 0xe8, 0x75, 0xf0, - 0x0a, 0xa9, 0x27, 0xcf, 0x93, 0x3b, 0xec, 0x36, 0x89, 0xa5, 0x6e, 0x1d, - 0xd6, 0x54, 0xf3, 0xb8, 0x04, 0x97, 0x72, 0xb4, 0x69, 0x25, 0xcc, 0xd1, - 0x42, 0x0e, 0x5b, 0xd5, 0x1c, 0x7f, 0xa2, 0x60, 0x6e, 0xb1, 0x52, 0x1a, - 0xdb, 0x93, 0x2f, 0xbb, 0x0b, 0x0d, 0x64, 0x53, 0x16, 0xcb, 0x1c, 0x09, - 0x24, 0x95, 0x29, 0x22, 0xb4, 0x8a, 0x18, 0x00, 0x89, 0xfe, 0xf7, 0x1f, - 0x72, 0xc8, 0xe8, 0x5c, 0x2f, 0x1a, 0x1b, 0xa2, 0x18, 0xb8, 0xef, 0x18, - 0x5c, 0xcb, 0xb5, 0xdb, 0x3a, 0x4e, 0xdb, 0x0f, 0xae, 0xdf, 0xc4, 0x79, - 0xe3, 0x1e, 0xaa, 0x5c, 0xa3, 0xa4, 0xe5, 0xac, 0x61, 0x9b, 0x37, 0x85, - 0x8f, 0x48, 0x75, 0x1b, 0xb9, 0xd5, 0x68, 0x96, 0xe9, 0x27, 0x79, 0x70, - 0x57, 0x23, 0x1a, 0xbb, 0x6c, 0x93, 0x90, 0xc7, 0x45, 0xd7, 0x17, 0xd2, - 0x37, 0x2a, 0x76, 0xb3, 0xcd, 0x82, 0xa9, 0x4f, 0xc0, 0x03, 0x7b, 0xe1, - 0x3d, 0x7a, 0x7e, 0x5b, 0xb8, 0x85, 0xf2, 0xf5, 0x15, 0xfb, 0x70, 0xa9, - 0xbd, 0xf5, 0x50, 0x65, 0x16, 0x9d, 0xe3, 0xb6, 0x6b, 0x61, 0x6e, 0xa1, - 0x7a, 0x9e, 0xe8, 0x0d, 0x1c, 0xf7, 0x2a, 0x8e, 0x69, 0x7e, 0x43, 0x30, - 0x8e, 0x78, 0xce, 0xee, 0x65, 0x1e, 0x3b, 0x9b, 0x87, 0x1e, 0x49, 0x1c, - 0xf8, 0x32, 0x46, 0x5d, 0x28, 0x46, 0x79, 0x2a, 0x4e, 0x27, 0x5d, 0x17, - 0x58, 0xa8, 0x37, 0xfe, 0xa8, 0x13, 0xa9, 0x69, 0x15, 0xdf, 0x36, 0x22, - 0x89, 0x75, 0xba, 0xca, 0x01, 0x40, 0x2e, 0xed, 0x9d, 0xd7, 0x0c, 0xaa, - 0x31, 0xce, 0x27, 0xae, 0x57, 0xd5, 0xd2, 0x51, 0xfb, 0x02, 0x03, 0x01, - 0x00, 0x01, 0xa3, 0x82, 0x01, 0x3e, 0x30, 0x82, 0x01, 0x3a, 0x30, 0x12, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, - 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x32, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x26, - 0x30, 0x24, 0x30, 0x22, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x01, 0x86, 0x16, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, - 0x63, 0x73, 0x70, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, - 0x6f, 0x6d, 0x30, 0x3b, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x34, 0x30, - 0x32, 0x30, 0x30, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x28, 0x30, - 0x26, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, - 0x1a, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, - 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x63, 0x70, 0x73, 0x30, 0x37, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x30, - 0x30, 0x2e, 0x30, 0x2c, 0xa0, 0x2a, 0xa0, 0x28, 0x86, 0x26, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x74, 0x68, 0x61, - 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x54, 0x68, 0x61, 0x77, - 0x74, 0x65, 0x50, 0x43, 0x41, 0x2d, 0x47, 0x33, 0x2e, 0x63, 0x72, 0x6c, - 0x30, 0x2a, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x23, 0x30, 0x21, 0xa4, - 0x1f, 0x30, 0x1d, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x12, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x4d, 0x50, - 0x4b, 0x49, 0x2d, 0x32, 0x2d, 0x33, 0x37, 0x34, 0x30, 0x1d, 0x06, 0x03, - 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3b, 0x24, 0xc8, 0x31, 0xa0, - 0xb7, 0x5a, 0xd0, 0x6a, 0xb8, 0xd2, 0xca, 0x07, 0x74, 0xcc, 0x1e, 0x24, - 0xd4, 0xc4, 0xdc, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, - 0x30, 0x16, 0x80, 0x14, 0xad, 0x6c, 0xaa, 0x94, 0x60, 0x9c, 0xed, 0xe4, - 0xff, 0xfa, 0x3e, 0x0a, 0x74, 0x2b, 0x63, 0x03, 0xf7, 0xb6, 0x59, 0xbf, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x68, 0x98, 0x26, 0xaa, - 0xd4, 0x33, 0xc9, 0xba, 0x75, 0x70, 0xd4, 0x9f, 0x49, 0xad, 0xd6, 0xc1, - 0x54, 0xdc, 0xee, 0xaa, 0x56, 0x1f, 0x78, 0xa7, 0xf0, 0xa1, 0xa4, 0xee, - 0x0b, 0xf9, 0x12, 0xaf, 0xdf, 0xa6, 0xb8, 0xee, 0xc3, 0xcb, 0x35, 0x13, - 0x6a, 0x59, 0x2a, 0xf8, 0xc9, 0xe9, 0x4c, 0x2f, 0xbc, 0xb1, 0xbc, 0x2b, - 0xc2, 0x02, 0x30, 0xe1, 0xc3, 0xbe, 0xc2, 0xf0, 0x81, 0x8c, 0x99, 0x77, - 0x89, 0x58, 0x00, 0xa3, 0xcc, 0x7f, 0xa3, 0x02, 0x4c, 0x53, 0xb2, 0x6e, - 0x36, 0x4f, 0xfe, 0xdf, 0x87, 0x76, 0xb3, 0x3f, 0xec, 0x5a, 0x62, 0x50, - 0xb6, 0x00, 0x45, 0x58, 0xf2, 0x87, 0xac, 0x77, 0xe6, 0xd0, 0x20, 0x50, - 0x63, 0xc5, 0xe4, 0xb2, 0x70, 0x15, 0x18, 0x90, 0x05, 0x7b, 0x7b, 0xaf, - 0x2b, 0x46, 0xbe, 0x6b, 0x4e, 0x1f, 0x53, 0xfc, 0x84, 0x27, 0xae, 0x83, - 0xd2, 0x8d, 0x47, 0x53, 0xa7, 0x0e, 0x1f, 0x63, 0xb5, 0xba, 0xdb, 0x16, - 0xd8, 0x6a, 0x09, 0x25, 0x55, 0x7d, 0x8f, 0x3d, 0x4a, 0xc1, 0x83, 0xf9, - 0xb3, 0xb9, 0xa7, 0x04, 0x5a, 0xc8, 0xf3, 0x11, 0x04, 0x91, 0x53, 0x30, - 0xd9, 0x52, 0x87, 0xcb, 0x39, 0x00, 0x9c, 0xec, 0x53, 0xc3, 0x02, 0x09, - 0x7e, 0xa7, 0x36, 0x8e, 0x72, 0x21, 0x2f, 0x23, 0xbb, 0x4c, 0xc6, 0x47, - 0xa5, 0xa1, 0xee, 0x67, 0xc4, 0x2f, 0x5c, 0x3a, 0x47, 0x38, 0x61, 0xe2, - 0xc3, 0x1e, 0x37, 0x92, 0x9e, 0xc8, 0x2f, 0x6b, 0xfa, 0xef, 0xd2, 0xc3, - 0xcd, 0x29, 0x8d, 0x98, 0xf8, 0x52, 0x17, 0xed, 0xb5, 0x53, 0x3c, 0xdf, - 0xaf, 0xc9, 0x1b, 0x62, 0xad, 0xdf, 0x02, 0xee, 0x5d, 0x34, 0xf6, 0x41, - 0x4b, 0xcb, 0xc3, 0x55, 0xaf, 0xb1, 0xcb, 0xda, 0x9c, 0x73, 0xd5, 0x02, - 0xa8, 0x2d, 0xa7, 0xac, 0xfc, 0xe1, 0xe5, 0x07, 0xd0, 0x51, 0xe8, 0x35, -} - -var certSet2Cert33 = []byte{ - 0x30, 0x82, 0x04, 0xd0, 0x30, 0x82, 0x04, 0x39, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x25, 0x0c, 0xe8, 0xe0, 0x30, 0x61, 0x2e, 0x9f, 0x2b, - 0x89, 0xf7, 0x05, 0x4d, 0x7c, 0xf8, 0xfd, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5f, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, - 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x2e, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x50, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, - 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x31, 0x31, 0x30, 0x38, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x31, 0x31, 0x30, 0x37, - 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x81, 0xca, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, - 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x3a, 0x30, - 0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x31, 0x28, 0x63, 0x29, 0x20, - 0x32, 0x30, 0x30, 0x36, 0x20, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, - 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, - 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, - 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x45, 0x30, - 0x43, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x3c, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, - 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, - 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x35, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xaf, 0x24, 0x08, 0x08, 0x29, 0x7a, 0x35, - 0x9e, 0x60, 0x0c, 0xaa, 0xe7, 0x4b, 0x3b, 0x4e, 0xdc, 0x7c, 0xbc, 0x3c, - 0x45, 0x1c, 0xbb, 0x2b, 0xe0, 0xfe, 0x29, 0x02, 0xf9, 0x57, 0x08, 0xa3, - 0x64, 0x85, 0x15, 0x27, 0xf5, 0xf1, 0xad, 0xc8, 0x31, 0x89, 0x5d, 0x22, - 0xe8, 0x2a, 0xaa, 0xa6, 0x42, 0xb3, 0x8f, 0xf8, 0xb9, 0x55, 0xb7, 0xb1, - 0xb7, 0x4b, 0xb3, 0xfe, 0x8f, 0x7e, 0x07, 0x57, 0xec, 0xef, 0x43, 0xdb, - 0x66, 0x62, 0x15, 0x61, 0xcf, 0x60, 0x0d, 0xa4, 0xd8, 0xde, 0xf8, 0xe0, - 0xc3, 0x62, 0x08, 0x3d, 0x54, 0x13, 0xeb, 0x49, 0xca, 0x59, 0x54, 0x85, - 0x26, 0xe5, 0x2b, 0x8f, 0x1b, 0x9f, 0xeb, 0xf5, 0xa1, 0x91, 0xc2, 0x33, - 0x49, 0xd8, 0x43, 0x63, 0x6a, 0x52, 0x4b, 0xd2, 0x8f, 0xe8, 0x70, 0x51, - 0x4d, 0xd1, 0x89, 0x69, 0x7b, 0xc7, 0x70, 0xf6, 0xb3, 0xdc, 0x12, 0x74, - 0xdb, 0x7b, 0x5d, 0x4b, 0x56, 0xd3, 0x96, 0xbf, 0x15, 0x77, 0xa1, 0xb0, - 0xf4, 0xa2, 0x25, 0xf2, 0xaf, 0x1c, 0x92, 0x67, 0x18, 0xe5, 0xf4, 0x06, - 0x04, 0xef, 0x90, 0xb9, 0xe4, 0x00, 0xe4, 0xdd, 0x3a, 0xb5, 0x19, 0xff, - 0x02, 0xba, 0xf4, 0x3c, 0xee, 0xe0, 0x8b, 0xeb, 0x37, 0x8b, 0xec, 0xf4, - 0xd7, 0xac, 0xf2, 0xf6, 0xf0, 0x3d, 0xaf, 0xdd, 0x75, 0x91, 0x33, 0x19, - 0x1d, 0x1c, 0x40, 0xcb, 0x74, 0x24, 0x19, 0x21, 0x93, 0xd9, 0x14, 0xfe, - 0xac, 0x2a, 0x52, 0xc7, 0x8f, 0xd5, 0x04, 0x49, 0xe4, 0x8d, 0x63, 0x47, - 0x88, 0x3c, 0x69, 0x83, 0xcb, 0xfe, 0x47, 0xbd, 0x2b, 0x7e, 0x4f, 0xc5, - 0x95, 0xae, 0x0e, 0x9d, 0xd4, 0xd1, 0x43, 0xc0, 0x67, 0x73, 0xe3, 0x14, - 0x08, 0x7e, 0xe5, 0x3f, 0x9f, 0x73, 0xb8, 0x33, 0x0a, 0xcf, 0x5d, 0x3f, - 0x34, 0x87, 0x96, 0x8a, 0xee, 0x53, 0xe8, 0x25, 0x15, 0x02, 0x03, 0x01, - 0x00, 0x01, 0xa3, 0x82, 0x01, 0x9b, 0x30, 0x82, 0x01, 0x97, 0x30, 0x0f, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, - 0x01, 0x01, 0xff, 0x30, 0x31, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2a, - 0x30, 0x28, 0x30, 0x26, 0xa0, 0x24, 0xa0, 0x22, 0x86, 0x20, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x76, 0x65, 0x72, - 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x63, - 0x61, 0x33, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x3d, - 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x36, 0x30, 0x34, 0x30, 0x32, 0x06, - 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x2a, 0x30, 0x28, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1c, 0x68, 0x74, 0x74, - 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x76, 0x65, 0x72, - 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, - 0x73, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0x7f, 0xd3, 0x65, 0xa7, 0xc2, 0xdd, 0xec, 0xbb, 0xf0, 0x30, 0x09, 0xf3, - 0x43, 0x39, 0xfa, 0x02, 0xaf, 0x33, 0x31, 0x33, 0x30, 0x6d, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0c, 0x04, 0x61, 0x30, 0x5f, - 0xa1, 0x5d, 0xa0, 0x5b, 0x30, 0x59, 0x30, 0x57, 0x30, 0x55, 0x16, 0x09, - 0x69, 0x6d, 0x61, 0x67, 0x65, 0x2f, 0x67, 0x69, 0x66, 0x30, 0x21, 0x30, - 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, - 0x8f, 0xe5, 0xd3, 0x1a, 0x86, 0xac, 0x8d, 0x8e, 0x6b, 0xc3, 0xcf, 0x80, - 0x6a, 0xd4, 0x48, 0x18, 0x2c, 0x7b, 0x19, 0x2e, 0x30, 0x25, 0x16, 0x23, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6c, 0x6f, 0x67, 0x6f, 0x2e, - 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x76, 0x73, 0x6c, 0x6f, 0x67, 0x6f, 0x2e, 0x67, 0x69, 0x66, 0x30, - 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, - 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, - 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x3e, 0x06, 0x03, 0x55, 0x1d, 0x25, - 0x04, 0x37, 0x30, 0x35, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03, 0x06, 0x09, - 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x04, 0x01, 0x06, 0x0a, 0x60, - 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, 0x08, 0x01, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, - 0x03, 0x81, 0x81, 0x00, 0x13, 0x02, 0xdd, 0xf8, 0xe8, 0x86, 0x00, 0xf2, - 0x5a, 0xf8, 0xf8, 0x20, 0x0c, 0x59, 0x88, 0x62, 0x07, 0xce, 0xce, 0xf7, - 0x4e, 0xf9, 0xbb, 0x59, 0xa1, 0x98, 0xe5, 0xe1, 0x38, 0xdd, 0x4e, 0xbc, - 0x66, 0x18, 0xd3, 0xad, 0xeb, 0x18, 0xf2, 0x0d, 0xc9, 0x6d, 0x3e, 0x4a, - 0x94, 0x20, 0xc3, 0x3c, 0xba, 0xbd, 0x65, 0x54, 0xc6, 0xaf, 0x44, 0xb3, - 0x10, 0xad, 0x2c, 0x6b, 0x3e, 0xab, 0xd7, 0x07, 0xb6, 0xb8, 0x81, 0x63, - 0xc5, 0xf9, 0x5e, 0x2e, 0xe5, 0x2a, 0x67, 0xce, 0xcd, 0x33, 0x0c, 0x2a, - 0xd7, 0x89, 0x56, 0x03, 0x23, 0x1f, 0xb3, 0xbe, 0xe8, 0x3a, 0x08, 0x59, - 0xb4, 0xec, 0x45, 0x35, 0xf7, 0x8a, 0x5b, 0xff, 0x66, 0xcf, 0x50, 0xaf, - 0xc6, 0x6d, 0x57, 0x8d, 0x19, 0x78, 0xb7, 0xb9, 0xa2, 0xd1, 0x57, 0xea, - 0x1f, 0x9a, 0x4b, 0xaf, 0xba, 0xc9, 0x8e, 0x12, 0x7e, 0xc6, 0xbd, 0xff, -} - -var certSet2Cert34 = []byte{ - 0x30, 0x82, 0x04, 0xd2, 0x30, 0x82, 0x03, 0xba, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x2c, 0x69, 0xe1, 0x2f, 0x6a, 0x67, 0x0b, 0xd9, 0x9d, - 0xd2, 0x0f, 0x91, 0x9e, 0xf0, 0x9e, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xa9, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, - 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, 0x38, 0x30, 0x36, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, - 0x30, 0x36, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, - 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x16, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, - 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x36, 0x31, 0x30, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x34, 0x30, - 0x36, 0x30, 0x39, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x63, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, - 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x14, 0x44, - 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, - 0x74, 0x65, 0x64, 0x20, 0x53, 0x53, 0x4c, 0x31, 0x1e, 0x30, 0x1c, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x15, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, - 0x20, 0x44, 0x56, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, 0x20, 0x2d, - 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xea, 0x94, 0x07, 0x85, 0xc8, 0x41, 0x2c, 0xf6, 0x83, 0x12, 0x6c, 0x92, - 0x5f, 0xab, 0x1f, 0x00, 0xd4, 0x96, 0x6f, 0x74, 0xcd, 0x2e, 0x11, 0xe9, - 0x6c, 0x0f, 0x39, 0x01, 0xb9, 0x48, 0x90, 0x40, 0x39, 0x4d, 0xc4, 0xa2, - 0xc8, 0x79, 0x6a, 0xa5, 0x9a, 0xbd, 0x91, 0x44, 0x65, 0x77, 0x54, 0xad, - 0xff, 0x25, 0x5f, 0xee, 0x42, 0xfb, 0xb3, 0x02, 0x0f, 0xea, 0x5d, 0x7a, - 0xdd, 0x1a, 0x54, 0x9e, 0xd7, 0x73, 0x42, 0x9b, 0xcc, 0x79, 0x5f, 0xc5, - 0x4d, 0xf4, 0xb7, 0x0b, 0x18, 0x39, 0x20, 0x7a, 0xdd, 0x50, 0x01, 0x5d, - 0x34, 0x45, 0x5f, 0x4c, 0x11, 0x0e, 0xf5, 0x87, 0x26, 0x26, 0xb4, 0xb0, - 0xf3, 0x7e, 0x71, 0xa0, 0x31, 0x71, 0x50, 0x89, 0x68, 0x5a, 0x63, 0x8a, - 0x14, 0x62, 0xe5, 0x8c, 0x3a, 0x16, 0x55, 0x0d, 0x3e, 0xeb, 0xaa, 0x80, - 0x1d, 0x71, 0x7a, 0xe3, 0x87, 0x07, 0xab, 0xbd, 0xa2, 0x74, 0xcd, 0xda, - 0x08, 0x01, 0x9d, 0x1b, 0xcc, 0x27, 0x88, 0x8c, 0x47, 0xd4, 0x69, 0x25, - 0x42, 0xd6, 0xbb, 0x50, 0x6d, 0x85, 0x50, 0xd0, 0x48, 0x82, 0x0d, 0x08, - 0x9f, 0xe9, 0x23, 0xe3, 0x42, 0xc6, 0x3c, 0x98, 0xb8, 0xbb, 0x6e, 0xc5, - 0x70, 0x13, 0xdf, 0x19, 0x1d, 0x01, 0xfd, 0xd2, 0xb5, 0x4e, 0xe6, 0x62, - 0xf4, 0x07, 0xfa, 0x6b, 0x7d, 0x11, 0x77, 0xc4, 0x62, 0x4f, 0x40, 0x4e, - 0xa5, 0x78, 0x97, 0xab, 0x2c, 0x4d, 0x0c, 0xa7, 0x7c, 0xc3, 0xc4, 0x50, - 0x32, 0x9f, 0xd0, 0x70, 0x9b, 0x0f, 0xff, 0xff, 0x75, 0x59, 0x34, 0x85, - 0xad, 0x49, 0xd5, 0x35, 0xee, 0x4f, 0x5b, 0xd4, 0xd4, 0x36, 0x95, 0xa0, - 0x7e, 0xe8, 0xc5, 0xa1, 0x1c, 0xbd, 0x13, 0x4e, 0x7d, 0xee, 0x63, 0x6a, - 0x96, 0x19, 0x99, 0xc8, 0xa7, 0x2a, 0x00, 0xe6, 0x51, 0x8d, 0x46, 0xeb, - 0x30, 0x58, 0xe8, 0x2d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, - 0x39, 0x30, 0x82, 0x01, 0x35, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, - 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, - 0x00, 0x30, 0x41, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3a, 0x30, 0x38, - 0x30, 0x36, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, - 0x07, 0x36, 0x30, 0x28, 0x30, 0x26, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, - 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x0e, 0x06, 0x03, - 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, - 0x30, 0x2e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, - 0x04, 0x22, 0x30, 0x20, 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x30, 0x01, 0x86, 0x12, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x74, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x64, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x31, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2a, 0x30, 0x28, 0x30, - 0x26, 0xa0, 0x24, 0xa0, 0x22, 0x86, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x74, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x50, 0x43, 0x41, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x29, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x22, - 0x30, 0x20, 0xa4, 0x1e, 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x11, 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, - 0x63, 0x50, 0x4b, 0x49, 0x2d, 0x31, 0x2d, 0x36, 0x39, 0x38, 0x30, 0x1d, - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9f, 0xb8, 0xc1, - 0xa9, 0x6c, 0xf2, 0xf5, 0xc0, 0x22, 0x2a, 0x94, 0xed, 0x5c, 0x99, 0xac, - 0xd4, 0xec, 0xd7, 0xc6, 0x07, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, - 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7b, 0x5b, 0x45, 0xcf, 0xaf, 0xce, - 0xcb, 0x7a, 0xfd, 0x31, 0x92, 0x1a, 0x6a, 0xb6, 0xf3, 0x46, 0xeb, 0x57, - 0x48, 0x50, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x53, 0x54, - 0xf2, 0x47, 0xa8, 0x02, 0xd7, 0xef, 0xaa, 0x35, 0x78, 0xbe, 0x4a, 0x08, - 0x0d, 0x90, 0x18, 0x4b, 0x6d, 0x9e, 0x2a, 0x53, 0x2b, 0xe9, 0x54, 0x17, - 0x77, 0x74, 0x29, 0x7e, 0xd0, 0x37, 0x07, 0x05, 0xb8, 0xe4, 0xfa, 0xb8, - 0xb4, 0x63, 0x98, 0x44, 0xdc, 0xc6, 0x4f, 0x81, 0x06, 0x8c, 0x3a, 0xbe, - 0xc7, 0x30, 0x57, 0xc6, 0x70, 0xfc, 0xd6, 0x93, 0x19, 0x9f, 0xc3, 0x55, - 0xd7, 0x3e, 0x1f, 0x72, 0x8a, 0x9d, 0x30, 0x5a, 0x35, 0x97, 0x32, 0xcb, - 0x63, 0xe4, 0xc6, 0x72, 0xdf, 0xfb, 0x68, 0xca, 0x69, 0x2f, 0xdb, 0xcd, - 0x50, 0x38, 0x3e, 0x2b, 0xbb, 0xab, 0x3b, 0x82, 0xc7, 0xfd, 0x4b, 0x9b, - 0xbd, 0x7c, 0x41, 0x98, 0xef, 0x01, 0x53, 0xd8, 0x35, 0x8f, 0x25, 0xc9, - 0x03, 0x06, 0xe6, 0x9c, 0x57, 0xc1, 0x51, 0x0f, 0x9e, 0xf6, 0x7d, 0x93, - 0x4d, 0xf8, 0x76, 0xc8, 0x3a, 0x6b, 0xf4, 0xc4, 0x8f, 0x33, 0x32, 0x7f, - 0x9d, 0x21, 0x84, 0x34, 0xd9, 0xa7, 0xf9, 0x92, 0xfa, 0x41, 0x91, 0x61, - 0x84, 0x05, 0x9d, 0xa3, 0x79, 0x46, 0xce, 0x67, 0xe7, 0x81, 0xf2, 0x5e, - 0xac, 0x4c, 0xbc, 0xa8, 0xab, 0x6a, 0x6d, 0x15, 0xe2, 0x9c, 0x4e, 0x5a, - 0xd9, 0x63, 0x80, 0xbc, 0xf7, 0x42, 0xeb, 0x9a, 0x44, 0xc6, 0x8c, 0x6b, - 0x06, 0x36, 0xb4, 0x8b, 0x32, 0x89, 0xde, 0xc2, 0xf1, 0xa8, 0x26, 0xaa, - 0xa9, 0xac, 0xff, 0xea, 0x71, 0xa6, 0xe7, 0x8c, 0x41, 0xfa, 0x17, 0x35, - 0xbb, 0xb3, 0x87, 0x31, 0xa9, 0x93, 0xc2, 0xc8, 0x58, 0xe1, 0x0a, 0x4e, - 0x95, 0x83, 0x9c, 0xb9, 0xed, 0x3b, 0xa5, 0xef, 0x08, 0xe0, 0x74, 0xf9, - 0xc3, 0x1b, 0xe6, 0x07, 0xa3, 0xee, 0x07, 0xd7, 0x42, 0x22, 0x79, 0x21, - 0xa0, 0xa1, 0xd4, 0x1d, 0x26, 0xd3, 0xd0, 0xd6, 0xa6, 0x5d, 0x2b, 0x41, - 0xc0, 0x79, -} - -var certSet2Cert35 = []byte{ - 0x30, 0x82, 0x04, 0xe4, 0x30, 0x82, 0x03, 0xcc, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x4f, 0xe3, 0xe2, 0x65, 0x21, 0x07, 0xab, 0x20, 0x37, - 0x41, 0x6e, 0x48, 0x70, 0xce, 0xd2, 0xc2, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x6f, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x53, - 0x45, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, - 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x41, 0x42, 0x31, - 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1d, 0x41, 0x64, - 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, 0x78, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x20, 0x54, 0x54, 0x50, 0x20, 0x4e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x19, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, - 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x43, 0x41, 0x20, 0x52, - 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x30, 0x35, 0x32, - 0x35, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x30, - 0x30, 0x35, 0x33, 0x30, 0x31, 0x30, 0x34, 0x38, 0x33, 0x38, 0x5a, 0x30, - 0x6b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x2d, 0x30, 0x2b, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x24, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x20, 0x53, 0x65, 0x63, - 0x75, 0x72, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x31, 0x2d, 0x30, 0x2b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x24, - 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x20, 0x53, 0x65, 0x63, 0x75, - 0x72, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x80, 0x0b, 0x42, - 0xc6, 0x06, 0x6c, 0xcf, 0x22, 0xb3, 0x1a, 0x9e, 0x11, 0x2e, 0x42, 0x6e, - 0x39, 0xbf, 0xe8, 0x12, 0xaf, 0x3c, 0x42, 0x21, 0x12, 0x95, 0x40, 0x5d, - 0x32, 0xb1, 0x6d, 0x1c, 0x21, 0xd1, 0x34, 0xe5, 0x4f, 0xa8, 0xd1, 0x43, - 0xa2, 0x26, 0x4e, 0x30, 0x7d, 0x73, 0x44, 0x2c, 0x73, 0xaa, 0xc5, 0x4d, - 0x66, 0x01, 0x19, 0xd2, 0xea, 0x50, 0x59, 0x65, 0xd0, 0x68, 0x9d, 0x05, - 0xa0, 0x7c, 0xa1, 0x79, 0x53, 0xd0, 0x21, 0x90, 0x59, 0x0e, 0x37, 0xdb, - 0x1e, 0xdc, 0x92, 0xa7, 0x8b, 0x0d, 0xc4, 0xf5, 0xf8, 0xe6, 0xff, 0xb5, - 0x35, 0x1a, 0xda, 0xa8, 0xb6, 0x9b, 0x20, 0x85, 0x65, 0xc4, 0xa2, 0x4d, - 0xdf, 0xf3, 0x94, 0x4d, 0x63, 0x7e, 0xee, 0x89, 0x07, 0xaf, 0xfe, 0xe1, - 0xba, 0x00, 0x15, 0x2d, 0xc6, 0x77, 0x8e, 0xa3, 0xfe, 0xad, 0xcf, 0x26, - 0x54, 0x5a, 0xdf, 0xfc, 0xd2, 0xde, 0xc2, 0xad, 0xf6, 0xb2, 0x23, 0xfd, - 0xa8, 0x83, 0xe5, 0x65, 0xbd, 0x27, 0xf7, 0x27, 0x1a, 0x18, 0x59, 0x6a, - 0x9e, 0x14, 0xf6, 0xb4, 0x86, 0xff, 0x1c, 0x58, 0x14, 0x43, 0x73, 0x96, - 0x24, 0xbf, 0x10, 0x43, 0xd5, 0x5c, 0x89, 0xf0, 0xce, 0xf7, 0xe1, 0x96, - 0x16, 0x5e, 0x18, 0x4a, 0x27, 0x28, 0x90, 0x80, 0x18, 0xfc, 0x32, 0xfe, - 0xf4, 0xc7, 0xb8, 0xd6, 0x82, 0x3d, 0x35, 0xaf, 0xbb, 0x4a, 0x1c, 0x5b, - 0x05, 0x78, 0xf6, 0xfd, 0x55, 0x3e, 0x82, 0x74, 0xb2, 0x73, 0xb8, 0x89, - 0x4e, 0xf7, 0x1b, 0x85, 0x9a, 0xd8, 0xca, 0xb1, 0x5a, 0xb1, 0x00, 0x20, - 0x41, 0x14, 0x30, 0x2b, 0x14, 0x24, 0xed, 0x37, 0x0e, 0x32, 0x3e, 0x23, - 0x88, 0x39, 0x7e, 0xb9, 0xd9, 0x38, 0x03, 0xe2, 0x4c, 0xd9, 0x0d, 0x43, - 0x41, 0x33, 0x10, 0xeb, 0x30, 0x72, 0x53, 0x88, 0xf7, 0x52, 0x9b, 0x4f, - 0x81, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x7e, 0x30, 0x82, - 0x01, 0x7a, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, - 0x16, 0x80, 0x14, 0xad, 0xbd, 0x98, 0x7a, 0x34, 0xb4, 0x26, 0xf7, 0xfa, - 0xc4, 0x26, 0x54, 0xef, 0x03, 0xbd, 0xe0, 0x24, 0xcb, 0x54, 0x1a, 0x30, - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xcc, 0x03, - 0x5b, 0x96, 0x5a, 0x9e, 0x16, 0xcc, 0x26, 0x1e, 0xbd, 0xa3, 0x70, 0xfb, - 0xe3, 0xcb, 0x79, 0x19, 0xfc, 0x4d, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x12, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, - 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x18, 0x06, 0x03, 0x55, 0x1d, - 0x20, 0x04, 0x11, 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x0b, 0x2b, 0x06, 0x01, - 0x04, 0x01, 0xb2, 0x31, 0x01, 0x02, 0x02, 0x08, 0x30, 0x44, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x3d, 0x30, 0x3b, 0x30, 0x39, 0xa0, 0x37, 0xa0, - 0x35, 0x86, 0x33, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, - 0x6c, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, - 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x43, 0x41, 0x52, 0x6f, - 0x6f, 0x74, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x81, 0xb3, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x81, 0xa6, 0x30, 0x81, - 0xa3, 0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, - 0x02, 0x86, 0x33, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, - 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, - 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x43, 0x41, 0x52, 0x6f, - 0x6f, 0x74, 0x2e, 0x70, 0x37, 0x63, 0x30, 0x39, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x2d, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x41, 0x64, 0x64, - 0x54, 0x72, 0x75, 0x73, 0x74, 0x55, 0x54, 0x4e, 0x53, 0x47, 0x43, 0x43, - 0x41, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x25, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x19, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x7b, 0xf0, 0xfc, 0xa1, 0x28, 0x47, 0xbc, 0x2b, - 0xb4, 0x04, 0x73, 0x3f, 0x4b, 0xdd, 0x1e, 0xd1, 0xb9, 0xcd, 0x1c, 0xed, - 0x7d, 0xe5, 0xe8, 0xcb, 0x51, 0xf4, 0x92, 0xbf, 0xdd, 0x9c, 0x0d, 0x5c, - 0x6e, 0x1d, 0x95, 0xed, 0x5b, 0x70, 0x50, 0x89, 0xd4, 0x67, 0x9a, 0x15, - 0x54, 0xd1, 0x90, 0x0a, 0xfa, 0x09, 0x68, 0x06, 0x18, 0xbb, 0xd7, 0x27, - 0xe4, 0x93, 0xff, 0x43, 0x48, 0x81, 0x3b, 0xc8, 0x59, 0x49, 0x35, 0xea, - 0xac, 0xb6, 0xae, 0x46, 0xb5, 0xd4, 0xf3, 0xb8, 0xc3, 0xc6, 0xe4, 0x91, - 0xbf, 0xc9, 0x34, 0xfd, 0x7e, 0xd0, 0x59, 0x6e, 0x61, 0xa1, 0x1f, 0x48, - 0x63, 0x54, 0xb2, 0x7d, 0x46, 0xbf, 0xc8, 0xfa, 0xc3, 0xbf, 0x48, 0x58, - 0x98, 0xf6, 0x69, 0x84, 0xa7, 0x16, 0x69, 0x08, 0x27, 0xa4, 0x22, 0xcb, - 0xa2, 0x2c, 0xc8, 0xdf, 0x6e, 0xa9, 0xee, 0xf8, 0x41, 0xdf, 0x1b, 0xa8, - 0xb7, 0xf3, 0xe3, 0xae, 0xce, 0xa3, 0xfe, 0xd9, 0x27, 0x60, 0x50, 0x3f, - 0x04, 0x7d, 0x7a, 0x44, 0xea, 0x76, 0x42, 0x5c, 0xd3, 0x55, 0x46, 0xef, - 0x27, 0xc5, 0x6a, 0x4a, 0x80, 0xe7, 0x35, 0xa0, 0x91, 0xc6, 0x1b, 0xa6, - 0x86, 0x9c, 0x5a, 0x3b, 0x04, 0x83, 0x54, 0x34, 0xd7, 0xd1, 0x88, 0xa6, - 0x36, 0xe9, 0x7f, 0x40, 0x27, 0xda, 0x56, 0x0a, 0x50, 0x21, 0x9d, 0x29, - 0x8b, 0xa0, 0x84, 0xec, 0xfe, 0x71, 0x23, 0x53, 0x04, 0x18, 0x19, 0x70, - 0x67, 0x86, 0x44, 0x95, 0x72, 0x40, 0x55, 0xf6, 0xdd, 0xa3, 0xb4, 0x3d, - 0x2d, 0x09, 0x60, 0xa5, 0xe7, 0x5f, 0xfc, 0xac, 0x3b, 0xec, 0x0c, 0x91, - 0x9f, 0xf8, 0xee, 0x6a, 0xba, 0xb2, 0x3c, 0xfd, 0x95, 0x7d, 0x9a, 0x07, - 0xf4, 0xb0, 0x65, 0x43, 0xa2, 0xf6, 0xdf, 0x7d, 0xb8, 0x21, 0x49, 0x84, - 0x04, 0xee, 0xbd, 0xce, 0x53, 0x8f, 0x0f, 0x29, -} - -var certSet2Cert36 = []byte{ - 0x30, 0x82, 0x04, 0xf2, 0x30, 0x82, 0x03, 0xda, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x04, 0x38, 0x63, 0xe9, 0xfc, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, - 0xb4, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, - 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x31, - 0x40, 0x30, 0x3e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x14, 0x37, 0x77, 0x77, - 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, - 0x74, 0x2f, 0x43, 0x50, 0x53, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x20, 0x69, - 0x6e, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x20, 0x62, 0x79, 0x20, 0x72, 0x65, - 0x66, 0x2e, 0x20, 0x28, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x20, 0x6c, - 0x69, 0x61, 0x62, 0x2e, 0x29, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x1c, 0x28, 0x63, 0x29, 0x20, 0x31, 0x39, 0x39, 0x39, - 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, - 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, 0x33, 0x30, 0x31, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2a, 0x45, 0x6e, 0x74, 0x72, 0x75, - 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x28, 0x32, 0x30, 0x34, 0x38, - 0x29, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x39, 0x31, 0x32, 0x31, 0x30, 0x32, - 0x30, 0x34, 0x33, 0x35, 0x34, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x32, - 0x31, 0x30, 0x32, 0x31, 0x31, 0x33, 0x35, 0x34, 0x5a, 0x30, 0x81, 0xb1, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, - 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x39, 0x30, 0x37, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x30, - 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x6e, 0x65, 0x74, 0x2f, 0x72, 0x70, 0x61, 0x20, 0x69, 0x73, 0x20, 0x69, - 0x6e, 0x63, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x65, 0x64, 0x20, - 0x62, 0x79, 0x20, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, - 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x28, - 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x39, 0x20, 0x45, 0x6e, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x2e, 0x30, - 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x45, 0x6e, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x4c, 0x31, 0x43, 0x30, 0x82, 0x01, - 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, - 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x97, 0xa3, 0x2d, 0x3c, 0x9e, 0xde, - 0x05, 0xda, 0x13, 0xc2, 0x11, 0x8d, 0x9d, 0x8e, 0xe3, 0x7f, 0xc7, 0x4b, - 0x7e, 0x5a, 0x9f, 0xb3, 0xff, 0x62, 0xab, 0x73, 0xc8, 0x28, 0x6b, 0xba, - 0x10, 0x64, 0x82, 0x87, 0x13, 0xcd, 0x57, 0x18, 0xff, 0x28, 0xce, 0xc0, - 0xe6, 0x0e, 0x06, 0x91, 0x50, 0x29, 0x83, 0xd1, 0xf2, 0xc3, 0x2a, 0xdb, - 0xd8, 0xdb, 0x4e, 0x04, 0xcc, 0x00, 0xeb, 0x8b, 0xb6, 0x96, 0xdc, 0xbc, - 0xaa, 0xfa, 0x52, 0x77, 0x04, 0xc1, 0xdb, 0x19, 0xe4, 0xae, 0x9c, 0xfd, - 0x3c, 0x8b, 0x03, 0xef, 0x4d, 0xbc, 0x1a, 0x03, 0x65, 0xf9, 0xc1, 0xb1, - 0x3f, 0x72, 0x86, 0xf2, 0x38, 0xaa, 0x19, 0xae, 0x10, 0x88, 0x78, 0x28, - 0xda, 0x75, 0xc3, 0x3d, 0x02, 0x82, 0x02, 0x9c, 0xb9, 0xc1, 0x65, 0x77, - 0x76, 0x24, 0x4c, 0x98, 0xf7, 0x6d, 0x31, 0x38, 0xfb, 0xdb, 0xfe, 0xdb, - 0x37, 0x02, 0x76, 0xa1, 0x18, 0x97, 0xa6, 0xcc, 0xde, 0x20, 0x09, 0x49, - 0x36, 0x24, 0x69, 0x42, 0xf6, 0xe4, 0x37, 0x62, 0xf1, 0x59, 0x6d, 0xa9, - 0x3c, 0xed, 0x34, 0x9c, 0xa3, 0x8e, 0xdb, 0xdc, 0x3a, 0xd7, 0xf7, 0x0a, - 0x6f, 0xef, 0x2e, 0xd8, 0xd5, 0x93, 0x5a, 0x7a, 0xed, 0x08, 0x49, 0x68, - 0xe2, 0x41, 0xe3, 0x5a, 0x90, 0xc1, 0x86, 0x55, 0xfc, 0x51, 0x43, 0x9d, - 0xe0, 0xb2, 0xc4, 0x67, 0xb4, 0xcb, 0x32, 0x31, 0x25, 0xf0, 0x54, 0x9f, - 0x4b, 0xd1, 0x6f, 0xdb, 0xd4, 0xdd, 0xfc, 0xaf, 0x5e, 0x6c, 0x78, 0x90, - 0x95, 0xde, 0xca, 0x3a, 0x48, 0xb9, 0x79, 0x3c, 0x9b, 0x19, 0xd6, 0x75, - 0x05, 0xa0, 0xf9, 0x88, 0xd7, 0xc1, 0xe8, 0xa5, 0x09, 0xe4, 0x1a, 0x15, - 0xdc, 0x87, 0x23, 0xaa, 0xb2, 0x75, 0x8c, 0x63, 0x25, 0x87, 0xd8, 0xf8, - 0x3d, 0xa6, 0xc2, 0xcc, 0x66, 0xff, 0xa5, 0x66, 0x68, 0x55, 0x02, 0x03, - 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x0b, 0x30, 0x82, 0x01, 0x07, 0x30, - 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, - 0x02, 0x01, 0x06, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, - 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x33, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x27, 0x30, 0x25, - 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, - 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, - 0x70, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, - 0x74, 0x30, 0x32, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2b, 0x30, 0x29, - 0x30, 0x27, 0xa0, 0x25, 0xa0, 0x23, 0x86, 0x21, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, - 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x32, 0x30, 0x34, 0x38, 0x63, - 0x61, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x3b, 0x06, 0x03, 0x55, 0x1d, 0x20, - 0x04, 0x34, 0x30, 0x32, 0x30, 0x30, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, - 0x30, 0x28, 0x30, 0x26, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, - 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, - 0x65, 0x74, 0x2f, 0x72, 0x70, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, - 0x0e, 0x04, 0x16, 0x04, 0x14, 0x1e, 0xf1, 0xab, 0x89, 0x06, 0xf8, 0x49, - 0x0f, 0x01, 0x33, 0x77, 0xee, 0x14, 0x7a, 0xee, 0x19, 0x7c, 0x93, 0x28, - 0x4d, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, - 0x80, 0x14, 0x55, 0xe4, 0x81, 0xd1, 0x11, 0x80, 0xbe, 0xd8, 0x89, 0xb9, - 0x08, 0xa3, 0x31, 0xf9, 0xa1, 0x24, 0x09, 0x16, 0xb9, 0x70, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x07, 0xf6, 0x5f, 0x82, 0x84, 0x7f, - 0x80, 0x40, 0xc7, 0x90, 0x34, 0x46, 0x42, 0x24, 0x03, 0xce, 0x2f, 0xab, - 0xba, 0x83, 0x9e, 0x25, 0x73, 0x0d, 0xed, 0xac, 0x05, 0x69, 0xc6, 0x87, - 0xed, 0xa3, 0x5c, 0xf2, 0x57, 0xc1, 0xb1, 0x49, 0x76, 0x9a, 0x4d, 0xf2, - 0x3f, 0xdd, 0xe4, 0x0e, 0xfe, 0x0b, 0x3e, 0xb9, 0x98, 0xd9, 0x32, 0x95, - 0x1d, 0x32, 0xf4, 0x01, 0xee, 0x9c, 0xc8, 0xc8, 0xe5, 0x3f, 0xe0, 0x53, - 0x76, 0x62, 0xfc, 0xdd, 0xab, 0x6d, 0x3d, 0x94, 0x90, 0xf2, 0xc0, 0xb3, - 0x3c, 0x98, 0x27, 0x36, 0x5e, 0x28, 0x97, 0x22, 0xfc, 0x1b, 0x40, 0xd3, - 0x2b, 0x0d, 0xad, 0xb5, 0x57, 0x6d, 0xdf, 0x0f, 0xe3, 0x4b, 0xef, 0x73, - 0x02, 0x10, 0x65, 0xfa, 0x1b, 0xd0, 0xac, 0x31, 0xd5, 0xe3, 0x0f, 0xe8, - 0xba, 0x32, 0x30, 0x83, 0xee, 0x4a, 0xd0, 0xbf, 0xdf, 0x22, 0x90, 0x7a, - 0xbe, 0xec, 0x3a, 0x1b, 0xc4, 0x49, 0x04, 0x1d, 0xf1, 0xae, 0x80, 0x77, - 0x3c, 0x42, 0x08, 0xdb, 0xa7, 0x3b, 0x28, 0xa6, 0x80, 0x01, 0x03, 0xe6, - 0x39, 0xa3, 0xeb, 0xdf, 0x80, 0x59, 0x1b, 0xf3, 0x2c, 0xbe, 0xdc, 0x72, - 0x44, 0x79, 0xa0, 0x6c, 0x07, 0xa5, 0x6d, 0x4d, 0x44, 0x8e, 0x42, 0x68, - 0xca, 0x94, 0x7c, 0x2e, 0x36, 0xba, 0x85, 0x9e, 0xcd, 0xaa, 0xc4, 0x5e, - 0x3c, 0x54, 0xbe, 0xfe, 0x2f, 0xea, 0x69, 0x9d, 0x1c, 0x1e, 0x29, 0x9b, - 0x96, 0xd8, 0xc8, 0xfe, 0x51, 0x90, 0xf1, 0x24, 0xa6, 0x90, 0x06, 0xb3, - 0xf0, 0x29, 0xa2, 0xff, 0x78, 0x2e, 0x77, 0x5c, 0x45, 0x21, 0xd9, 0x44, - 0x00, 0x31, 0xf3, 0xbe, 0x32, 0x4f, 0xf5, 0x0a, 0x32, 0x0d, 0xfc, 0xfc, - 0xba, 0x16, 0x76, 0x56, 0xb2, 0xd6, 0x48, 0x92, 0xf2, 0x8b, 0xa6, 0x3e, - 0xb7, 0xac, 0x5c, 0x69, 0xea, 0x0b, 0x3f, 0x66, 0x45, 0xb9, -} - -var certSet2Cert37 = []byte{ - 0x30, 0x82, 0x04, 0xfc, 0x30, 0x82, 0x03, 0xe4, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x16, 0x90, 0xc3, 0x29, 0xb6, 0x78, 0x06, 0x07, 0x51, - 0x1f, 0x05, 0xb0, 0x34, 0x48, 0x46, 0xcb, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x6f, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x53, - 0x45, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, - 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x41, 0x42, 0x31, - 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1d, 0x41, 0x64, - 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, 0x78, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x20, 0x54, 0x54, 0x50, 0x20, 0x4e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x19, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, - 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x43, 0x41, 0x20, 0x52, - 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x30, 0x34, 0x31, - 0x36, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x30, - 0x30, 0x35, 0x33, 0x30, 0x31, 0x30, 0x34, 0x38, 0x33, 0x38, 0x5a, 0x30, - 0x81, 0x89, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x47, 0x42, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x08, - 0x13, 0x12, 0x47, 0x72, 0x65, 0x61, 0x74, 0x65, 0x72, 0x20, 0x4d, 0x61, - 0x6e, 0x63, 0x68, 0x65, 0x73, 0x74, 0x65, 0x72, 0x31, 0x10, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x53, 0x61, 0x6c, 0x66, 0x6f, - 0x72, 0x64, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x11, 0x43, 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20, 0x43, 0x41, 0x20, 0x4c, - 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, 0x2f, 0x30, 0x2d, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x26, 0x43, 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20, - 0x48, 0x69, 0x67, 0x68, 0x2d, 0x41, 0x73, 0x73, 0x75, 0x72, 0x61, 0x6e, - 0x63, 0x65, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, - 0x82, 0x01, 0x01, 0x00, 0xe7, 0x87, 0xda, 0xc0, 0x77, 0xe4, 0xbb, 0x3a, - 0xfa, 0x6a, 0x24, 0xc8, 0x80, 0x41, 0xac, 0xd2, 0x16, 0x13, 0x15, 0x3d, - 0xfa, 0xf7, 0xf8, 0x2a, 0x76, 0xdc, 0xa8, 0x2d, 0x39, 0x08, 0xce, 0x48, - 0x4a, 0xbe, 0x0f, 0x7d, 0xf0, 0xde, 0xba, 0xbb, 0x47, 0xd5, 0xbd, 0x2d, - 0xd7, 0x1b, 0xab, 0x0f, 0x20, 0x81, 0x23, 0x08, 0x72, 0xb1, 0xc0, 0x11, - 0x95, 0x0d, 0xe6, 0xea, 0xa9, 0x87, 0xff, 0xc7, 0x6e, 0x1e, 0x4f, 0x66, - 0x32, 0xba, 0x53, 0xbc, 0x05, 0xaa, 0x1c, 0x2c, 0x0c, 0xef, 0x4d, 0x37, - 0x47, 0x6b, 0x10, 0x0c, 0xdb, 0xc5, 0xa0, 0x98, 0x7e, 0x58, 0xdb, 0x37, - 0xd6, 0xae, 0xe9, 0x06, 0xbd, 0xd7, 0xa8, 0x65, 0xf3, 0x37, 0xb9, 0xc7, - 0x6d, 0xce, 0x77, 0xc7, 0x26, 0xe0, 0xd7, 0x74, 0x1f, 0xa6, 0x98, 0x16, - 0xbb, 0x0c, 0x6b, 0xc8, 0xbe, 0x77, 0xd0, 0xef, 0x58, 0xa7, 0x29, 0xa0, - 0xb9, 0xb8, 0x69, 0x05, 0x36, 0xcb, 0xb2, 0xda, 0x58, 0xa3, 0x0b, 0x75, - 0xad, 0x3d, 0x8b, 0x22, 0x82, 0x20, 0x3e, 0x70, 0x86, 0x99, 0x1c, 0xb9, - 0x4f, 0xcf, 0x77, 0xa4, 0x07, 0x1a, 0x23, 0x63, 0xd1, 0x38, 0x56, 0x84, - 0xec, 0xbf, 0x8f, 0xc5, 0x4e, 0xf4, 0x18, 0x96, 0x9b, 0x1a, 0xe8, 0x93, - 0xec, 0x8d, 0xaf, 0x15, 0x9c, 0x24, 0xf0, 0x5a, 0x3b, 0xe8, 0x0f, 0xb9, - 0xa8, 0x5a, 0x01, 0xd3, 0xb2, 0x1c, 0x60, 0xc9, 0x9c, 0x52, 0x04, 0xdd, - 0x92, 0xa7, 0xfe, 0x0c, 0xac, 0xe2, 0x45, 0x8d, 0x03, 0x61, 0xbc, 0x79, - 0xe0, 0x77, 0x2e, 0x87, 0x41, 0x3c, 0x58, 0x5f, 0xcb, 0xf5, 0xc5, 0x77, - 0xf2, 0x58, 0xc8, 0x4d, 0x28, 0xd0, 0x9a, 0xfa, 0xf3, 0x73, 0x09, 0x24, - 0x68, 0x74, 0xbc, 0x20, 0x4c, 0xd8, 0x2c, 0xb0, 0xaa, 0xe8, 0xd9, 0x4e, - 0x6d, 0xf2, 0x8c, 0x24, 0xd3, 0x93, 0x5d, 0x91, 0x02, 0x03, 0x01, 0x00, - 0x01, 0xa3, 0x82, 0x01, 0x77, 0x30, 0x82, 0x01, 0x73, 0x30, 0x1f, 0x06, - 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xad, 0xbd, - 0x98, 0x7a, 0x34, 0xb4, 0x26, 0xf7, 0xfa, 0xc4, 0x26, 0x54, 0xef, 0x03, - 0xbd, 0xe0, 0x24, 0xcb, 0x54, 0x1a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, - 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3f, 0xd5, 0xb5, 0xd0, 0xd6, 0x44, 0x79, - 0x50, 0x4a, 0x17, 0xa3, 0x9b, 0x8c, 0x4a, 0xdc, 0xb8, 0xb0, 0x22, 0x64, - 0x6b, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, - 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, - 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, - 0x00, 0x30, 0x11, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x0a, 0x30, 0x08, - 0x30, 0x06, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x44, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x3d, 0x30, 0x3b, 0x30, 0x39, 0xa0, 0x37, 0xa0, - 0x35, 0x86, 0x33, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, - 0x6c, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, - 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x43, 0x41, 0x52, 0x6f, - 0x6f, 0x74, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x81, 0xb3, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x81, 0xa6, 0x30, 0x81, - 0xa3, 0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, - 0x02, 0x86, 0x33, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, - 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, - 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x43, 0x41, 0x52, 0x6f, - 0x6f, 0x74, 0x2e, 0x70, 0x37, 0x63, 0x30, 0x39, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x2d, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x41, 0x64, 0x64, - 0x54, 0x72, 0x75, 0x73, 0x74, 0x55, 0x54, 0x4e, 0x53, 0x47, 0x43, 0x43, - 0x41, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x25, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x19, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x13, 0x85, 0x1f, 0x52, 0x80, 0x18, 0xc9, 0x53, - 0xf7, 0xfe, 0x2e, 0x1a, 0xaf, 0xcc, 0xd9, 0x0b, 0x3c, 0xc2, 0xd3, 0x85, - 0x81, 0x10, 0xf0, 0x28, 0x8d, 0xb9, 0x40, 0x7e, 0x2c, 0x9e, 0x8f, 0xd6, - 0x36, 0x86, 0x0a, 0x4c, 0x14, 0x2d, 0xd6, 0x97, 0x43, 0x92, 0x41, 0x19, - 0x37, 0x4b, 0x96, 0x9e, 0xeb, 0xa9, 0x30, 0x79, 0x12, 0x95, 0xb3, 0x02, - 0x36, 0x57, 0xed, 0x2b, 0xb9, 0x1d, 0x98, 0x1a, 0xa3, 0x18, 0x0a, 0x3f, - 0x9b, 0x39, 0x8b, 0xcd, 0xa1, 0x49, 0x29, 0x4c, 0x2f, 0xf9, 0xd0, 0x95, - 0x8c, 0xc8, 0x4d, 0x95, 0xba, 0xa8, 0x43, 0xcf, 0x33, 0xaa, 0x25, 0x2a, - 0x5a, 0x0e, 0xaa, 0x27, 0xc9, 0x4e, 0x6b, 0xb1, 0xe6, 0x73, 0x1f, 0xb3, - 0x74, 0x04, 0xc3, 0xf3, 0x4c, 0xe2, 0xa8, 0xeb, 0x67, 0xb7, 0x5d, 0xb8, - 0x08, 0x05, 0x1a, 0x56, 0x9a, 0x54, 0x29, 0x85, 0xf5, 0x29, 0x4e, 0x80, - 0x3b, 0x95, 0xd0, 0x7b, 0x53, 0x96, 0x11, 0x56, 0xc1, 0x02, 0xd3, 0xea, - 0xb2, 0x7f, 0xca, 0x8f, 0x9c, 0x70, 0x4a, 0x14, 0x8d, 0x5a, 0xb9, 0x16, - 0x60, 0x75, 0xd6, 0xcd, 0x27, 0x1e, 0x16, 0xcd, 0x5b, 0x33, 0x8e, 0x79, - 0x40, 0xcf, 0x28, 0x48, 0xe7, 0xdc, 0x71, 0x16, 0x4e, 0x74, 0x91, 0x75, - 0xb9, 0x2a, 0x8c, 0xf1, 0x70, 0xac, 0x26, 0xdd, 0x04, 0xb9, 0x40, 0xc2, - 0x85, 0xde, 0x1c, 0x93, 0x40, 0xd0, 0xcc, 0x6e, 0xc3, 0x9b, 0xaa, 0xef, - 0x60, 0x65, 0xdf, 0x60, 0x22, 0xf0, 0x5a, 0xa5, 0x7a, 0xa2, 0x2f, 0xe4, - 0x70, 0x73, 0xee, 0x3c, 0xd4, 0x26, 0x2b, 0x68, 0x07, 0xc1, 0x20, 0x7a, - 0xe8, 0x98, 0x5a, 0x3e, 0x7b, 0x9f, 0x02, 0x8b, 0x62, 0xc0, 0x85, 0x81, - 0x80, 0x60, 0x35, 0x7e, 0xa5, 0x1d, 0x0c, 0xd2, 0x9c, 0xdf, 0x62, 0x45, - 0x0d, 0xdb, 0xfc, 0x37, 0xfb, 0xf5, 0x25, 0x22, -} - -var certSet2Cert38 = []byte{ - 0x30, 0x82, 0x04, 0xff, 0x30, 0x82, 0x03, 0xe7, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x04, 0x51, 0xd3, 0x40, 0x44, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xb0, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0d, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x39, 0x30, 0x37, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x30, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, - 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x43, 0x50, 0x53, 0x20, 0x69, 0x73, 0x20, - 0x69, 0x6e, 0x63, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x65, 0x64, - 0x20, 0x62, 0x79, 0x20, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, - 0x65, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, - 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x36, 0x20, 0x45, 0x6e, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x2d, - 0x30, 0x2b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x24, 0x45, 0x6e, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, - 0x0d, 0x31, 0x34, 0x30, 0x39, 0x32, 0x32, 0x31, 0x37, 0x31, 0x34, 0x35, - 0x37, 0x5a, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x39, 0x32, 0x33, 0x30, 0x31, - 0x33, 0x31, 0x35, 0x33, 0x5a, 0x30, 0x81, 0xbe, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, - 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x45, 0x6e, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, 0x30, - 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, 0x53, 0x65, 0x65, 0x20, - 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x6e, 0x65, 0x74, 0x2f, 0x6c, 0x65, 0x67, 0x61, 0x6c, 0x2d, 0x74, 0x65, - 0x72, 0x6d, 0x73, 0x31, 0x39, 0x30, 0x37, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x30, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x39, 0x20, 0x45, - 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x20, 0x2d, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, - 0x6c, 0x79, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x29, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x20, 0x52, 0x6f, 0x6f, - 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, - 0x01, 0x01, 0x00, 0xba, 0x84, 0xb6, 0x72, 0xdb, 0x9e, 0x0c, 0x6b, 0xe2, - 0x99, 0xe9, 0x30, 0x01, 0xa7, 0x76, 0xea, 0x32, 0xb8, 0x95, 0x41, 0x1a, - 0xc9, 0xda, 0x61, 0x4e, 0x58, 0x72, 0xcf, 0xfe, 0xf6, 0x82, 0x79, 0xbf, - 0x73, 0x61, 0x06, 0x0a, 0xa5, 0x27, 0xd8, 0xb3, 0x5f, 0xd3, 0x45, 0x4e, - 0x1c, 0x72, 0xd6, 0x4e, 0x32, 0xf2, 0x72, 0x8a, 0x0f, 0xf7, 0x83, 0x19, - 0xd0, 0x6a, 0x80, 0x80, 0x00, 0x45, 0x1e, 0xb0, 0xc7, 0xe7, 0x9a, 0xbf, - 0x12, 0x57, 0x27, 0x1c, 0xa3, 0x68, 0x2f, 0x0a, 0x87, 0xbd, 0x6a, 0x6b, - 0x0e, 0x5e, 0x65, 0xf3, 0x1c, 0x77, 0xd5, 0xd4, 0x85, 0x8d, 0x70, 0x21, - 0xb4, 0xb3, 0x32, 0xe7, 0x8b, 0xa2, 0xd5, 0x86, 0x39, 0x02, 0xb1, 0xb8, - 0xd2, 0x47, 0xce, 0xe4, 0xc9, 0x49, 0xc4, 0x3b, 0xa7, 0xde, 0xfb, 0x54, - 0x7d, 0x57, 0xbe, 0xf0, 0xe8, 0x6e, 0xc2, 0x79, 0xb2, 0x3a, 0x0b, 0x55, - 0xe2, 0x50, 0x98, 0x16, 0x32, 0x13, 0x5c, 0x2f, 0x78, 0x56, 0xc1, 0xc2, - 0x94, 0xb3, 0xf2, 0x5a, 0xe4, 0x27, 0x9a, 0x9f, 0x24, 0xd7, 0xc6, 0xec, - 0xd0, 0x9b, 0x25, 0x82, 0xe3, 0xcc, 0xc2, 0xc4, 0x45, 0xc5, 0x8c, 0x97, - 0x7a, 0x06, 0x6b, 0x2a, 0x11, 0x9f, 0xa9, 0x0a, 0x6e, 0x48, 0x3b, 0x6f, - 0xdb, 0xd4, 0x11, 0x19, 0x42, 0xf7, 0x8f, 0x07, 0xbf, 0xf5, 0x53, 0x5f, - 0x9c, 0x3e, 0xf4, 0x17, 0x2c, 0xe6, 0x69, 0xac, 0x4e, 0x32, 0x4c, 0x62, - 0x77, 0xea, 0xb7, 0xe8, 0xe5, 0xbb, 0x34, 0xbc, 0x19, 0x8b, 0xae, 0x9c, - 0x51, 0xe7, 0xb7, 0x7e, 0xb5, 0x53, 0xb1, 0x33, 0x22, 0xe5, 0x6d, 0xcf, - 0x70, 0x3c, 0x1a, 0xfa, 0xe2, 0x9b, 0x67, 0xb6, 0x83, 0xf4, 0x8d, 0xa5, - 0xaf, 0x62, 0x4c, 0x4d, 0xe0, 0x58, 0xac, 0x64, 0x34, 0x12, 0x03, 0xf8, - 0xb6, 0x8d, 0x94, 0x63, 0x24, 0xa4, 0x71, 0x02, 0x03, 0x01, 0x00, 0x01, - 0xa3, 0x82, 0x01, 0x0f, 0x30, 0x82, 0x01, 0x0b, 0x30, 0x0e, 0x06, 0x03, - 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, - 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, - 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01, 0x30, 0x33, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x27, 0x30, 0x25, - 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, - 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, - 0x70, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, - 0x74, 0x30, 0x33, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2c, 0x30, 0x2a, - 0x30, 0x28, 0xa0, 0x26, 0xa0, 0x24, 0x86, 0x22, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, - 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x72, 0x6f, 0x6f, 0x74, 0x63, - 0x61, 0x31, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x3b, 0x06, 0x03, 0x55, 0x1d, - 0x20, 0x04, 0x34, 0x30, 0x32, 0x30, 0x30, 0x06, 0x04, 0x55, 0x1d, 0x20, - 0x00, 0x30, 0x28, 0x30, 0x26, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x6e, 0x65, 0x74, 0x2f, 0x43, 0x50, 0x53, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x6a, 0x72, 0x26, 0x7a, 0xd0, 0x1e, - 0xef, 0x7d, 0xe7, 0x3b, 0x69, 0x51, 0xd4, 0x6c, 0x8d, 0x9f, 0x90, 0x12, - 0x66, 0xab, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, - 0x16, 0x80, 0x14, 0x68, 0x90, 0xe4, 0x67, 0xa4, 0xa6, 0x53, 0x80, 0xc7, - 0x86, 0x66, 0xa4, 0xf1, 0xf7, 0x4b, 0x43, 0xfb, 0x84, 0xbd, 0x6d, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x69, 0x33, 0x83, 0xfc, 0x28, - 0x7a, 0x6f, 0x7d, 0xef, 0x9d, 0x55, 0xeb, 0xc5, 0x3e, 0x7a, 0x9d, 0x75, - 0xb3, 0xcc, 0xc3, 0x38, 0x36, 0xd9, 0x34, 0xa2, 0x28, 0x68, 0x18, 0xea, - 0x1e, 0x69, 0xd3, 0xbd, 0xe7, 0xd0, 0x77, 0xda, 0xb8, 0x00, 0x83, 0x4e, - 0x4a, 0xcf, 0x6f, 0xd1, 0xf1, 0xc1, 0x22, 0x3f, 0x74, 0xe4, 0xf7, 0x98, - 0x49, 0x9e, 0x9b, 0xb6, 0x9e, 0xe1, 0xdb, 0x98, 0x77, 0x2d, 0x56, 0x34, - 0xb1, 0xa8, 0x3c, 0xd9, 0xfd, 0xc0, 0xcd, 0xc7, 0xbf, 0x05, 0x03, 0xd4, - 0x02, 0xc5, 0xf1, 0xe5, 0xc6, 0xda, 0x08, 0xa5, 0x13, 0xc7, 0x62, 0x23, - 0x11, 0xd1, 0x61, 0x30, 0x1d, 0x60, 0x84, 0x45, 0xef, 0x79, 0xa8, 0xc6, - 0x26, 0x93, 0xa4, 0xb7, 0xcd, 0x34, 0xb8, 0x69, 0xc5, 0x13, 0xf6, 0x91, - 0xb3, 0xc9, 0x45, 0x73, 0x76, 0xb6, 0x92, 0xf6, 0x76, 0x0a, 0x5b, 0xe1, - 0x03, 0x47, 0xb7, 0xe9, 0x29, 0x4c, 0x91, 0x32, 0x23, 0x37, 0x4a, 0x9c, - 0x35, 0xd8, 0x78, 0xfd, 0x1d, 0x1f, 0xe4, 0x83, 0x89, 0x24, 0x80, 0xad, - 0xb7, 0xf9, 0xcf, 0xe4, 0x5d, 0xa5, 0xd4, 0x71, 0xc4, 0x85, 0x5b, 0x70, - 0x1f, 0xdb, 0x3f, 0x1c, 0x01, 0xeb, 0x1a, 0x45, 0x26, 0x31, 0x14, 0xcc, - 0x65, 0xbf, 0x67, 0xde, 0xca, 0xcc, 0x33, 0x65, 0xe5, 0x41, 0x91, 0xd7, - 0x37, 0xbe, 0x41, 0x1a, 0x96, 0x9d, 0xe6, 0x8a, 0x97, 0x9d, 0xa7, 0xce, - 0xac, 0x4e, 0x9a, 0x3d, 0xbd, 0x01, 0xa0, 0x6a, 0xd9, 0x4f, 0x22, 0x00, - 0x8b, 0x44, 0xd5, 0x69, 0x62, 0x7b, 0x2e, 0xeb, 0xcc, 0xba, 0xe7, 0x92, - 0x7d, 0x69, 0x67, 0x3d, 0xfc, 0xb8, 0x7c, 0xde, 0x41, 0x87, 0xd0, 0x69, - 0xea, 0xba, 0x0a, 0x18, 0x7a, 0x1a, 0x95, 0x43, 0xb3, 0x79, 0x71, 0x28, - 0x76, 0x6d, 0xa1, 0xfb, 0x57, 0x4a, 0xec, 0x4d, 0xc8, 0x0e, 0x10, -} - -var certSet2Cert39 = []byte{ - 0x30, 0x82, 0x05, 0x00, 0x30, 0x82, 0x03, 0xe8, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x01, 0x07, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x8f, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, - 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63, 0x6f, 0x74, 0x74, 0x73, 0x64, 0x61, - 0x6c, 0x65, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x1c, 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x54, - 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x69, 0x65, 0x73, 0x2c, - 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x29, 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, - 0x64, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x1e, 0x17, - 0x0d, 0x31, 0x31, 0x30, 0x35, 0x30, 0x33, 0x30, 0x37, 0x30, 0x30, 0x30, - 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x31, 0x30, 0x35, 0x30, 0x33, 0x30, 0x37, - 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0xc6, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, - 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, 0x69, 0x7a, - 0x6f, 0x6e, 0x61, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, - 0x13, 0x0a, 0x53, 0x63, 0x6f, 0x74, 0x74, 0x73, 0x64, 0x61, 0x6c, 0x65, - 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1c, 0x53, - 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x54, 0x65, 0x63, - 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x69, 0x65, 0x73, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x2a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, - 0x74, 0x73, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, - 0x74, 0x65, 0x63, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, - 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, 0x31, 0x34, 0x30, 0x32, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2b, 0x53, 0x74, 0x61, 0x72, 0x66, - 0x69, 0x65, 0x6c, 0x64, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, - 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xe5, - 0x90, 0x66, 0x4b, 0xec, 0xf9, 0x46, 0x71, 0xa9, 0x20, 0x83, 0xbe, 0xe9, - 0x6c, 0xbf, 0x4a, 0xc9, 0x48, 0x69, 0x81, 0x75, 0x4e, 0x6d, 0x24, 0xf6, - 0xcb, 0x17, 0x13, 0xf8, 0xb0, 0x71, 0x59, 0x84, 0x7a, 0x6b, 0x2b, 0x85, - 0xa4, 0x34, 0xb5, 0x16, 0xe5, 0xcb, 0xcc, 0xe9, 0x41, 0x70, 0x2c, 0xa4, - 0x2e, 0xd6, 0xfa, 0x32, 0x7d, 0xe1, 0xa8, 0xde, 0x94, 0x10, 0xac, 0x31, - 0xc1, 0xc0, 0xd8, 0x6a, 0xff, 0x59, 0x27, 0xab, 0x76, 0xd6, 0xfc, 0x0b, - 0x74, 0x6b, 0xb8, 0xa7, 0xae, 0x3f, 0xc4, 0x54, 0xf4, 0xb4, 0x31, 0x44, - 0xdd, 0x93, 0x56, 0x8c, 0xa4, 0x4c, 0x5e, 0x9b, 0x89, 0xcb, 0x24, 0x83, - 0x9b, 0xe2, 0x57, 0x7d, 0xb7, 0xd8, 0x12, 0x1f, 0xc9, 0x85, 0x6d, 0xf4, - 0xd1, 0x80, 0xf1, 0x50, 0x9b, 0x87, 0xae, 0xd4, 0x0b, 0x10, 0x05, 0xfb, - 0x27, 0xba, 0x28, 0x6d, 0x17, 0xe9, 0x0e, 0xd6, 0x4d, 0xb9, 0x39, 0x55, - 0x06, 0xff, 0x0a, 0x24, 0x05, 0x7e, 0x2f, 0xc6, 0x1d, 0x72, 0x6c, 0xd4, - 0x8b, 0x29, 0x8c, 0x57, 0x7d, 0xda, 0xd9, 0xeb, 0x66, 0x1a, 0xd3, 0x4f, - 0xa7, 0xdf, 0x7f, 0x52, 0xc4, 0x30, 0xc5, 0xa5, 0xc9, 0x0e, 0x02, 0xc5, - 0x53, 0xbf, 0x77, 0x38, 0x68, 0x06, 0x24, 0xc3, 0x66, 0xc8, 0x37, 0x7e, - 0x30, 0x1e, 0x45, 0x71, 0x23, 0x35, 0xff, 0x90, 0xd8, 0x2a, 0x9d, 0x8d, - 0xe7, 0xb0, 0x92, 0x4d, 0x3c, 0x7f, 0x2a, 0x0a, 0x93, 0xdc, 0xcd, 0x16, - 0x46, 0x65, 0xf7, 0x60, 0x84, 0x8b, 0x76, 0x4b, 0x91, 0x27, 0x73, 0x14, - 0x92, 0xe0, 0xea, 0xee, 0x8f, 0x16, 0xea, 0x8d, 0x0e, 0x3e, 0x76, 0x17, - 0xbf, 0x7d, 0x89, 0x80, 0x80, 0x44, 0x43, 0xe7, 0x2d, 0xe0, 0x43, 0x09, - 0x75, 0xda, 0x36, 0xe8, 0xad, 0xdb, 0x89, 0x3a, 0xf5, 0x5d, 0x12, 0x8e, - 0x23, 0x04, 0x83, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x2c, - 0x30, 0x82, 0x01, 0x28, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, - 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, - 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, - 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0x25, 0x45, 0x81, 0x68, 0x50, 0x26, 0x38, 0x3d, 0x3b, 0x2d, 0x2c, 0xbe, - 0xcd, 0x6a, 0xd9, 0xb6, 0x3d, 0xb3, 0x66, 0x63, 0x30, 0x1f, 0x06, 0x03, - 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7c, 0x0c, 0x32, - 0x1f, 0xa7, 0xd9, 0x30, 0x7f, 0xc4, 0x7d, 0x68, 0xa3, 0x62, 0xa8, 0xa1, - 0xce, 0xab, 0x07, 0x5b, 0x27, 0x30, 0x3a, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x2e, 0x30, 0x2c, 0x30, 0x2a, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x1e, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x73, - 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x74, 0x65, 0x63, 0x68, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x30, 0x3b, 0x06, 0x03, 0x55, 0x1d, 0x1f, - 0x04, 0x34, 0x30, 0x32, 0x30, 0x30, 0xa0, 0x2e, 0xa0, 0x2c, 0x86, 0x2a, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x73, - 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x74, 0x65, 0x63, 0x68, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x66, 0x72, 0x6f, 0x6f, 0x74, 0x2d, - 0x67, 0x32, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x4c, 0x06, 0x03, 0x55, 0x1d, - 0x20, 0x04, 0x45, 0x30, 0x43, 0x30, 0x41, 0x06, 0x04, 0x55, 0x1d, 0x20, - 0x00, 0x30, 0x39, 0x30, 0x37, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x02, 0x01, 0x16, 0x2b, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, - 0x2f, 0x63, 0x65, 0x72, 0x74, 0x73, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x66, - 0x69, 0x65, 0x6c, 0x64, 0x74, 0x65, 0x63, 0x68, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x56, 0x65, 0xca, 0xfe, - 0xf3, 0x3f, 0x0a, 0xa8, 0x93, 0x8b, 0x18, 0xc7, 0xde, 0x43, 0x69, 0x13, - 0x34, 0x20, 0xbe, 0x4e, 0x5f, 0x78, 0xa8, 0x6b, 0x9c, 0xdb, 0x6a, 0x4d, - 0x41, 0xdb, 0xc1, 0x13, 0xec, 0xdc, 0x31, 0x00, 0x22, 0x5e, 0xf7, 0x00, - 0x9e, 0x0c, 0xe0, 0x34, 0x65, 0x34, 0xf9, 0xb1, 0x3a, 0x4e, 0x48, 0xc8, - 0x12, 0x81, 0x88, 0x5c, 0x5b, 0x3e, 0x08, 0x53, 0x7a, 0xf7, 0x1a, 0x64, - 0xdf, 0xb8, 0x50, 0x61, 0xcc, 0x53, 0x51, 0x40, 0x29, 0x4b, 0xc2, 0xf4, - 0xae, 0x3a, 0x5f, 0xe4, 0xca, 0xad, 0x26, 0xcc, 0x4e, 0x61, 0x43, 0xe5, - 0xfd, 0x57, 0xa6, 0x37, 0x70, 0xce, 0x43, 0x2b, 0xb0, 0x94, 0xc3, 0x92, - 0xe9, 0xe1, 0x5f, 0xaa, 0x10, 0x49, 0xb7, 0x69, 0xe4, 0xe0, 0xd0, 0x1f, - 0x64, 0xa4, 0x2b, 0xcd, 0x1f, 0x6f, 0xa0, 0xf8, 0x84, 0x24, 0x18, 0xce, - 0x79, 0x3d, 0xa9, 0x91, 0xbf, 0x54, 0x18, 0x13, 0x89, 0x99, 0x54, 0x11, - 0x0d, 0x55, 0xc5, 0x26, 0x0b, 0x79, 0x4f, 0x5a, 0x1c, 0x6e, 0xf9, 0x63, - 0xdb, 0x14, 0x80, 0xa4, 0x07, 0xab, 0xfa, 0xb2, 0xa5, 0xb9, 0x88, 0xdd, - 0x91, 0xfe, 0x65, 0x3b, 0xa4, 0xa3, 0x79, 0xbe, 0x89, 0x4d, 0xe1, 0xd0, - 0xb0, 0xf4, 0xc8, 0x17, 0x0c, 0x0a, 0x96, 0x14, 0x7c, 0x09, 0xb7, 0x6c, - 0xe1, 0xc2, 0xd8, 0x55, 0xd4, 0x18, 0xa0, 0xaa, 0x41, 0x69, 0x70, 0x24, - 0xa3, 0xb9, 0xef, 0xe9, 0x5a, 0xdc, 0x3e, 0xeb, 0x94, 0x4a, 0xf0, 0xb7, - 0xde, 0x5f, 0x0e, 0x76, 0xfa, 0xfb, 0xfb, 0x69, 0x03, 0x45, 0x40, 0x50, - 0xee, 0x72, 0x0c, 0xa4, 0x12, 0x86, 0x81, 0xcd, 0x13, 0xd1, 0x4e, 0xc4, - 0x3c, 0xca, 0x4e, 0x0d, 0xd2, 0x26, 0xf1, 0x00, 0xb7, 0xb4, 0xa6, 0xa2, - 0xe1, 0x6e, 0x7a, 0x81, 0xfd, 0x30, 0xac, 0x7a, 0x1f, 0xc7, 0x59, 0x7b, -} - -var certSet2Cert40 = []byte{ - 0x30, 0x82, 0x05, 0x03, 0x30, 0x82, 0x03, 0xeb, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x04, 0x51, 0xd3, 0x60, 0xee, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xbe, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0d, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x1f, 0x53, 0x65, 0x65, 0x20, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x6c, 0x65, 0x67, - 0x61, 0x6c, 0x2d, 0x74, 0x65, 0x72, 0x6d, 0x73, 0x31, 0x39, 0x30, 0x37, - 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x30, 0x28, 0x63, 0x29, 0x20, 0x32, - 0x30, 0x30, 0x39, 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2c, - 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x66, 0x6f, 0x72, 0x20, - 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, - 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x32, 0x30, 0x30, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, - 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30, 0x32, 0x32, 0x31, 0x37, 0x30, - 0x35, 0x31, 0x34, 0x5a, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x30, 0x32, 0x33, - 0x30, 0x37, 0x33, 0x33, 0x32, 0x32, 0x5a, 0x30, 0x81, 0xba, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x45, 0x6e, - 0x74, 0x72, 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, - 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, 0x53, 0x65, - 0x65, 0x20, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x6c, 0x65, 0x67, 0x61, 0x6c, 0x2d, - 0x74, 0x65, 0x72, 0x6d, 0x73, 0x31, 0x39, 0x30, 0x37, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x30, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, 0x31, 0x32, - 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, - 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x25, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x20, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, - 0x20, 0x4c, 0x31, 0x4b, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xda, 0x3f, 0x96, 0xd0, 0x4d, 0xb9, 0x2f, 0x44, 0xe7, 0xdb, 0x39, - 0x5e, 0x9b, 0x50, 0xee, 0x5c, 0xa5, 0x61, 0xda, 0x41, 0x67, 0x53, 0x09, - 0xaa, 0x00, 0x9a, 0x8e, 0x57, 0x7f, 0x29, 0x6b, 0xdb, 0xc7, 0xe1, 0x21, - 0x24, 0xaa, 0x3a, 0xd0, 0x8d, 0x47, 0x23, 0xd2, 0xed, 0x72, 0x16, 0xf0, - 0x91, 0x21, 0xd2, 0x5d, 0xb7, 0xb8, 0x4b, 0xa8, 0x83, 0x8f, 0xb7, 0x91, - 0x32, 0x68, 0xcf, 0xce, 0x25, 0x93, 0x2c, 0xb2, 0x7d, 0x97, 0xc8, 0xfe, - 0xc1, 0xb4, 0x17, 0xba, 0x09, 0x9e, 0x03, 0x90, 0x93, 0x7b, 0x7c, 0x49, - 0x83, 0x22, 0x68, 0x8a, 0x9b, 0xde, 0x47, 0xc3, 0x31, 0x98, 0x7a, 0x2e, - 0x7d, 0x40, 0x0b, 0xd2, 0xef, 0x3e, 0xd3, 0xb2, 0x8c, 0xaa, 0x8f, 0x48, - 0xa9, 0xff, 0x00, 0xe8, 0x29, 0x58, 0x06, 0xf7, 0xb6, 0x93, 0x5a, 0x94, - 0x73, 0x26, 0x26, 0xad, 0x58, 0x0e, 0xe5, 0x42, 0xb8, 0xd5, 0xea, 0x73, - 0x79, 0x64, 0x68, 0x53, 0x25, 0xb8, 0x84, 0xcf, 0x94, 0x7a, 0xae, 0x06, - 0x45, 0x0c, 0xa3, 0x6b, 0x4d, 0xd0, 0xc6, 0xbe, 0xea, 0x18, 0xa4, 0x36, - 0xf0, 0x92, 0xb2, 0xba, 0x1c, 0x88, 0x8f, 0x3a, 0x52, 0x7f, 0xf7, 0x5e, - 0x6d, 0x83, 0x1c, 0x9d, 0xf0, 0x1f, 0xe5, 0xc3, 0xd6, 0xdd, 0xa5, 0x78, - 0x92, 0x3d, 0xb0, 0x6d, 0x2c, 0xea, 0xc9, 0xcf, 0x94, 0x41, 0x19, 0x71, - 0x44, 0x68, 0xba, 0x47, 0x3c, 0x04, 0xe9, 0x5d, 0xba, 0x3e, 0xf0, 0x35, - 0xf7, 0x15, 0xb6, 0x9e, 0xf2, 0x2e, 0x15, 0x1e, 0x3f, 0x47, 0xc8, 0xc8, - 0x38, 0xa7, 0x73, 0x45, 0x5d, 0x4d, 0xb0, 0x3b, 0xb1, 0x8e, 0x17, 0x29, - 0x37, 0xea, 0xdd, 0x05, 0x01, 0x22, 0xbb, 0x94, 0x36, 0x2a, 0x8d, 0x5b, - 0x35, 0xfe, 0x53, 0x19, 0x2f, 0x08, 0x46, 0xc1, 0x2a, 0xb3, 0x1a, 0x62, - 0x1d, 0x4e, 0x2b, 0xd9, 0x1b, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, - 0x01, 0x09, 0x30, 0x82, 0x01, 0x05, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0f, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, - 0x02, 0x01, 0x00, 0x30, 0x33, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x01, 0x01, 0x04, 0x27, 0x30, 0x25, 0x30, 0x23, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x65, 0x6e, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x30, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0, 0x23, 0xa0, - 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, - 0x6c, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, - 0x74, 0x2f, 0x67, 0x32, 0x63, 0x61, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x3b, - 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x34, 0x30, 0x32, 0x30, 0x30, 0x06, - 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x28, 0x30, 0x26, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x72, 0x70, 0x61, 0x30, - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x82, 0xa2, - 0x70, 0x74, 0xdd, 0xbc, 0x53, 0x3f, 0xcf, 0x7b, 0xd4, 0xf7, 0xcd, 0x7f, - 0xa7, 0x60, 0xc6, 0x0a, 0x4c, 0xbf, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x6a, 0x72, 0x26, 0x7a, 0xd0, - 0x1e, 0xef, 0x7d, 0xe7, 0x3b, 0x69, 0x51, 0xd4, 0x6c, 0x8d, 0x9f, 0x90, - 0x12, 0x66, 0xab, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x3f, - 0x1c, 0x1a, 0x5b, 0xff, 0x40, 0x22, 0x1d, 0x8f, 0x35, 0x0c, 0x2d, 0xaa, - 0x99, 0x27, 0xab, 0xc0, 0x11, 0x32, 0x70, 0xd7, 0x36, 0x28, 0x69, 0xa5, - 0x8d, 0xb1, 0x27, 0x99, 0x42, 0xbe, 0xc4, 0x93, 0xeb, 0x48, 0x57, 0x43, - 0x71, 0x23, 0xc4, 0xe5, 0x4e, 0xad, 0xae, 0x43, 0x6f, 0x92, 0x76, 0xc5, - 0x19, 0xef, 0xca, 0xbc, 0x6f, 0x42, 0x4c, 0x16, 0x9a, 0x86, 0xa9, 0x04, - 0x38, 0xc7, 0x65, 0xf0, 0xf5, 0x0c, 0xe0, 0x4a, 0xdf, 0xa2, 0xfa, 0xce, - 0x1a, 0x11, 0xa8, 0x9c, 0x69, 0x2f, 0x1b, 0xdf, 0xea, 0xe2, 0x32, 0xf3, - 0xce, 0x4c, 0xbc, 0x46, 0x0c, 0xc0, 0x89, 0x80, 0xd1, 0x87, 0x6b, 0xa2, - 0xcf, 0x6b, 0xd4, 0x7f, 0xfd, 0xf5, 0x60, 0x52, 0x67, 0x57, 0xa0, 0x6d, - 0xd1, 0x64, 0x41, 0x14, 0x6d, 0x34, 0x62, 0xed, 0x06, 0x6c, 0x24, 0xf2, - 0x06, 0xbc, 0x28, 0x02, 0xaf, 0x03, 0x2d, 0xc2, 0x33, 0x05, 0xfb, 0xcb, - 0xaa, 0x16, 0xe8, 0x65, 0x10, 0x43, 0xf5, 0x69, 0x5c, 0xe3, 0x81, 0x58, - 0x99, 0xcd, 0x6b, 0xd3, 0xb8, 0xc7, 0x7b, 0x19, 0x55, 0xc9, 0x40, 0xce, - 0x79, 0x55, 0xb8, 0x73, 0x89, 0xe9, 0x5c, 0x40, 0x66, 0x43, 0x12, 0x7f, - 0x07, 0xb8, 0x65, 0x56, 0xd5, 0x8d, 0xc3, 0xa7, 0xf5, 0xb1, 0xb6, 0x65, - 0x9e, 0xc0, 0x83, 0x36, 0x7f, 0x16, 0x45, 0x3c, 0x74, 0x4b, 0x93, 0x8a, - 0x3c, 0xf1, 0x2b, 0xf5, 0x35, 0x70, 0x73, 0x7b, 0xe7, 0x82, 0x04, 0xb1, - 0x18, 0x98, 0x0e, 0xd4, 0x9c, 0x6f, 0x1a, 0xfc, 0xfc, 0xa7, 0x33, 0xa5, - 0xbb, 0xbb, 0x18, 0xf3, 0x6b, 0x7a, 0x5d, 0x32, 0x87, 0xf7, 0x6d, 0x25, - 0xe4, 0xe2, 0x76, 0x86, 0x21, 0x1e, 0x11, 0x46, 0xcd, 0x76, 0x0e, 0x6f, - 0x4f, 0xa4, 0x21, 0x71, 0x0a, 0x84, 0xa7, 0x2d, 0x36, 0xa9, 0x48, 0x22, - 0x51, 0x7e, 0x82, -} - -var certSet2Cert41 = []byte{ - 0x30, 0x82, 0x05, 0x1f, 0x30, 0x82, 0x04, 0x07, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x04, 0x07, 0x27, 0xa4, 0x6b, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x5a, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, - 0x45, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x09, - 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x31, 0x13, 0x30, - 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0a, 0x43, 0x79, 0x62, 0x65, - 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x19, 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, - 0x72, 0x65, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, - 0x30, 0x34, 0x30, 0x32, 0x31, 0x34, 0x33, 0x36, 0x31, 0x30, 0x5a, 0x17, - 0x0d, 0x32, 0x31, 0x30, 0x34, 0x30, 0x32, 0x31, 0x34, 0x33, 0x35, 0x35, - 0x32, 0x5a, 0x30, 0x81, 0x8d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, - 0x55, 0x04, 0x07, 0x13, 0x09, 0x41, 0x6d, 0x73, 0x74, 0x65, 0x72, 0x64, - 0x61, 0x6d, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x1c, 0x56, 0x65, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x20, 0x45, 0x6e, 0x74, - 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x20, 0x53, 0x6f, 0x6c, 0x75, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x0a, 0x43, 0x79, 0x62, 0x65, 0x72, 0x74, 0x72, 0x75, - 0x73, 0x74, 0x31, 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x25, 0x56, 0x65, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x20, 0x41, 0x6b, 0x61, - 0x6d, 0x61, 0x69, 0x20, 0x53, 0x75, 0x72, 0x65, 0x53, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x20, 0x43, 0x41, 0x20, 0x47, 0x31, 0x34, 0x2d, 0x53, 0x48, - 0x41, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xdd, - 0x6e, 0x9e, 0x02, 0x69, 0x02, 0xb5, 0xa3, 0x99, 0x2e, 0x08, 0x64, 0x32, - 0x6a, 0x59, 0xf3, 0xc6, 0x9e, 0xa6, 0x20, 0x07, 0xd2, 0x48, 0xd1, 0xa8, - 0x93, 0xc7, 0xea, 0x47, 0x8f, 0x83, 0x39, 0x40, 0xd7, 0x20, 0x5d, 0x8d, - 0x9a, 0xba, 0xab, 0xd8, 0x70, 0xec, 0x9d, 0x88, 0xd1, 0xbd, 0x62, 0xf6, - 0xdb, 0xec, 0x9d, 0x5e, 0x35, 0x01, 0x76, 0x03, 0x23, 0xe5, 0x6f, 0xd2, - 0xaf, 0x46, 0x35, 0x59, 0x5a, 0x5c, 0xd1, 0xa8, 0x23, 0xc1, 0xeb, 0xe9, - 0x20, 0xd4, 0x49, 0xd6, 0x3f, 0x00, 0xd8, 0xa8, 0x22, 0xde, 0x43, 0x79, - 0x81, 0xac, 0xe9, 0xa4, 0x92, 0xf5, 0x77, 0x70, 0x05, 0x1e, 0x5c, 0xb6, - 0xa0, 0xf7, 0x90, 0xa4, 0xcd, 0xab, 0x28, 0x2c, 0x90, 0xc2, 0xe7, 0x0f, - 0xc3, 0xaf, 0x1c, 0x47, 0x59, 0xd5, 0x84, 0x2e, 0xdf, 0x26, 0x07, 0x45, - 0x23, 0x5a, 0xc6, 0xe8, 0x90, 0xc8, 0x85, 0x4b, 0x8c, 0x16, 0x1e, 0x60, - 0xf9, 0x01, 0x13, 0xf1, 0x14, 0x1f, 0xe6, 0xe8, 0x14, 0xed, 0xc5, 0xd2, - 0x6f, 0x63, 0x28, 0x6e, 0x72, 0x8c, 0x49, 0xae, 0x08, 0x72, 0xc7, 0x93, - 0x95, 0xb4, 0x0b, 0x0c, 0xae, 0x8f, 0x9a, 0x67, 0x84, 0xf5, 0x57, 0x1b, - 0xdb, 0x81, 0xd7, 0x17, 0x9d, 0x41, 0x11, 0x43, 0x19, 0xbd, 0x6d, 0x4a, - 0x85, 0xed, 0x8f, 0x70, 0x25, 0xab, 0x66, 0xab, 0xf6, 0xfa, 0x6d, 0x1c, - 0x3c, 0xab, 0xed, 0x17, 0xbd, 0x56, 0x84, 0xe1, 0xdb, 0x75, 0x33, 0xb2, - 0x28, 0x4b, 0x99, 0x8e, 0xf9, 0x4b, 0x82, 0x33, 0x50, 0x9f, 0x92, 0x53, - 0xed, 0xfa, 0xad, 0x0f, 0x95, 0x9c, 0xa3, 0xf2, 0xcb, 0x60, 0xf0, 0x77, - 0x1d, 0xc9, 0x01, 0x8b, 0x5f, 0x2d, 0x86, 0xbe, 0xbf, 0x36, 0xb8, 0x24, - 0x96, 0x13, 0x7c, 0xc1, 0x86, 0x5a, 0x6c, 0xc1, 0x48, 0x2a, 0x7f, 0x3e, - 0x93, 0x60, 0xc5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0xb7, - 0x30, 0x82, 0x01, 0xb3, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, - 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x02, - 0x30, 0x4c, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x45, 0x30, 0x43, 0x30, - 0x41, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xb1, 0x3e, 0x01, 0x32, - 0x30, 0x34, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x02, 0x01, 0x16, 0x26, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, - 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x2e, 0x6f, 0x6d, 0x6e, 0x69, 0x72, - 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, - 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x30, 0x81, 0xba, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x81, 0xad, 0x30, 0x81, - 0xaa, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, - 0x01, 0x86, 0x26, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, - 0x73, 0x70, 0x2e, 0x6f, 0x6d, 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x62, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, - 0x65, 0x72, 0x6f, 0x6f, 0x74, 0x30, 0x39, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x2d, 0x68, 0x74, 0x74, 0x70, 0x73, - 0x3a, 0x2f, 0x2f, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x6d, - 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x62, - 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x72, 0x6f, 0x6f, 0x74, - 0x2e, 0x63, 0x72, 0x74, 0x30, 0x39, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x30, 0x02, 0x86, 0x2d, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, - 0x2f, 0x2f, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x6d, 0x6e, - 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x62, 0x61, - 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x72, 0x6f, 0x6f, 0x74, 0x2e, - 0x64, 0x65, 0x72, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, - 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0xc6, 0x30, 0x1f, 0x06, 0x03, 0x55, - 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xe5, 0x9d, 0x59, 0x30, - 0x82, 0x47, 0x58, 0xcc, 0xac, 0xfa, 0x08, 0x54, 0x36, 0x86, 0x7b, 0x3a, - 0xb5, 0x04, 0x4d, 0xf0, 0x30, 0x42, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, - 0x3b, 0x30, 0x39, 0x30, 0x37, 0xa0, 0x35, 0xa0, 0x33, 0x86, 0x31, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x64, 0x70, 0x31, 0x2e, 0x70, - 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2d, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x52, 0x4c, 0x2f, 0x4f, 0x6d, 0x6e, 0x69, - 0x72, 0x6f, 0x6f, 0x74, 0x32, 0x30, 0x32, 0x35, 0x2e, 0x63, 0x72, 0x6c, - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xf8, - 0xbd, 0xfa, 0xaf, 0x73, 0x77, 0xc6, 0xc7, 0x1b, 0xf9, 0x4b, 0x4d, 0x11, - 0xa7, 0xd1, 0x33, 0xaf, 0xaf, 0x72, 0x11, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x01, 0x00, 0x80, 0xd9, 0x7a, 0xed, 0x72, 0x05, 0x37, 0x8f, 0x61, - 0xaa, 0x73, 0x7c, 0x9a, 0x6a, 0xfc, 0xfe, 0x01, 0xe2, 0x19, 0x81, 0x70, - 0x07, 0x25, 0x32, 0xb0, 0xf0, 0x6f, 0x3b, 0xc7, 0x6a, 0x28, 0x3d, 0xe4, - 0x51, 0x87, 0xe6, 0x7e, 0x82, 0xec, 0xae, 0x48, 0xa7, 0xb1, 0x77, 0x38, - 0xc2, 0xd6, 0x56, 0xaf, 0x8f, 0xf2, 0x01, 0xfc, 0x65, 0x65, 0x10, 0x09, - 0xf7, 0x74, 0x29, 0xb5, 0x0e, 0x92, 0xee, 0x90, 0x98, 0xd1, 0x88, 0xa2, - 0x65, 0xb7, 0xcd, 0x9c, 0x0e, 0xa7, 0x86, 0x98, 0x28, 0xbc, 0xae, 0x15, - 0x83, 0xb6, 0x1a, 0xd7, 0x1d, 0xec, 0x19, 0xda, 0x7a, 0x8e, 0x40, 0xf9, - 0x99, 0x15, 0xd5, 0x7d, 0xa5, 0xba, 0xab, 0xfd, 0x26, 0x98, 0x6e, 0x9c, - 0x41, 0x3b, 0xb6, 0x81, 0x18, 0xec, 0x70, 0x48, 0xd7, 0x6e, 0x7f, 0xa6, - 0xe1, 0x77, 0x25, 0xd6, 0xdd, 0x62, 0xe8, 0x52, 0xf3, 0x8c, 0x16, 0x39, - 0x67, 0xe2, 0x22, 0x0d, 0x77, 0x2e, 0xfb, 0x11, 0x6c, 0xe4, 0xdd, 0x38, - 0xb4, 0x27, 0x5f, 0x03, 0xa8, 0x3d, 0x44, 0xe2, 0xf2, 0x84, 0x4b, 0x84, - 0xfd, 0x56, 0xa6, 0x9e, 0x4d, 0x7b, 0xa2, 0x16, 0x4f, 0x07, 0xf5, 0x34, - 0x24, 0x72, 0xa5, 0xa2, 0xfa, 0x16, 0x66, 0x2a, 0xa4, 0x4a, 0x0e, 0xc8, - 0x0d, 0x27, 0x44, 0x9c, 0x77, 0xd4, 0x12, 0x10, 0x87, 0xd2, 0x00, 0x2c, - 0x7a, 0xbb, 0x8e, 0x88, 0x22, 0x91, 0x15, 0xbe, 0xa2, 0x59, 0xca, 0x34, - 0xe0, 0x1c, 0x61, 0x94, 0x86, 0x20, 0x33, 0xcd, 0xe7, 0x4c, 0x5d, 0x3b, - 0x92, 0x3e, 0xcb, 0xd6, 0x2d, 0xea, 0x54, 0xfa, 0xfb, 0xaf, 0x54, 0xf5, - 0xa8, 0xc5, 0x0b, 0xca, 0x8b, 0x87, 0x00, 0xe6, 0x9f, 0xe6, 0x95, 0xbf, - 0xb7, 0xc4, 0xa3, 0x59, 0xf5, 0x16, 0x6c, 0x5f, 0x3e, 0x69, 0x55, 0x80, - 0x39, 0xf6, 0x75, 0x50, 0x14, 0x3e, 0x32, -} - -var certSet2Cert42 = []byte{ - 0x30, 0x82, 0x05, 0x2b, 0x30, 0x82, 0x04, 0x13, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x7e, 0xe1, 0x4a, 0x6f, 0x6f, 0xef, 0xf2, 0xd3, 0x7f, - 0x3f, 0xad, 0x65, 0x4d, 0x3a, 0xda, 0xb4, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xca, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x16, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x31, 0x3a, 0x30, 0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x31, 0x28, - 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x36, 0x20, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, - 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, - 0x31, 0x45, 0x30, 0x43, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x3c, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6c, 0x61, 0x73, - 0x73, 0x20, 0x33, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x35, 0x30, - 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x30, 0x33, 0x31, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x31, 0x30, 0x33, 0x30, - 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x77, 0x31, 0x0b, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x1d, - 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x14, 0x53, 0x79, 0x6d, - 0x61, 0x6e, 0x74, 0x65, 0x63, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x16, 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, - 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x1f, 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, 0x20, 0x43, 0x6c, - 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x45, 0x56, 0x20, 0x53, 0x53, 0x4c, - 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xd8, 0xa1, 0x65, 0x74, 0x23, 0xe8, 0x2b, - 0x64, 0xe2, 0x32, 0xd7, 0x33, 0x37, 0x3d, 0x8e, 0xf5, 0x34, 0x16, 0x48, - 0xdd, 0x4f, 0x7f, 0x87, 0x1c, 0xf8, 0x44, 0x23, 0x13, 0x8e, 0xfb, 0x11, - 0xd8, 0x44, 0x5a, 0x18, 0x71, 0x8e, 0x60, 0x16, 0x26, 0x92, 0x9b, 0xfd, - 0x17, 0x0b, 0xe1, 0x71, 0x70, 0x42, 0xfe, 0xbf, 0xfa, 0x1c, 0xc0, 0xaa, - 0xa3, 0xa7, 0xb5, 0x71, 0xe8, 0xff, 0x18, 0x83, 0xf6, 0xdf, 0x10, 0x0a, - 0x13, 0x62, 0xc8, 0x3d, 0x9c, 0xa7, 0xde, 0x2e, 0x3f, 0x0c, 0xd9, 0x1d, - 0xe7, 0x2e, 0xfb, 0x2a, 0xce, 0xc8, 0x9a, 0x7f, 0x87, 0xbf, 0xd8, 0x4c, - 0x04, 0x15, 0x32, 0xc9, 0xd1, 0xcc, 0x95, 0x71, 0xa0, 0x4e, 0x28, 0x4f, - 0x84, 0xd9, 0x35, 0xfb, 0xe3, 0x86, 0x6f, 0x94, 0x53, 0xe6, 0x72, 0x8a, - 0x63, 0x67, 0x2e, 0xbe, 0x69, 0xf6, 0xf7, 0x6e, 0x8e, 0x9c, 0x60, 0x04, - 0xeb, 0x29, 0xfa, 0xc4, 0x47, 0x42, 0xd2, 0x78, 0x98, 0xe3, 0xec, 0x0b, - 0xa5, 0x92, 0xdc, 0xb7, 0x9a, 0xbd, 0x80, 0x64, 0x2b, 0x38, 0x7c, 0x38, - 0x09, 0x5b, 0x66, 0xf6, 0x2d, 0x95, 0x7a, 0x86, 0xb2, 0x34, 0x2e, 0x85, - 0x9e, 0x90, 0x0e, 0x5f, 0xb7, 0x5d, 0xa4, 0x51, 0x72, 0x46, 0x70, 0x13, - 0xbf, 0x67, 0xf2, 0xb6, 0xa7, 0x4d, 0x14, 0x1e, 0x6c, 0xb9, 0x53, 0xee, - 0x23, 0x1a, 0x4e, 0x8d, 0x48, 0x55, 0x43, 0x41, 0xb1, 0x89, 0x75, 0x6a, - 0x40, 0x28, 0xc5, 0x7d, 0xdd, 0xd2, 0x6e, 0xd2, 0x02, 0x19, 0x2f, 0x7b, - 0x24, 0x94, 0x4b, 0xeb, 0xf1, 0x1a, 0xa9, 0x9b, 0xe3, 0x23, 0x9a, 0xea, - 0xfa, 0x33, 0xab, 0x0a, 0x2c, 0xb7, 0xf4, 0x60, 0x08, 0xdd, 0x9f, 0x1c, - 0xcd, 0xdd, 0x2d, 0x01, 0x66, 0x80, 0xaf, 0xb3, 0x2f, 0x29, 0x1d, 0x23, - 0xb8, 0x8a, 0xe1, 0xa1, 0x70, 0x07, 0x0c, 0x34, 0x0f, 0x02, 0x03, 0x01, - 0x00, 0x01, 0xa3, 0x82, 0x01, 0x5d, 0x30, 0x82, 0x01, 0x59, 0x30, 0x2f, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x23, - 0x30, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x01, 0x86, 0x13, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x73, - 0x32, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x30, - 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, - 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x65, 0x06, 0x03, 0x55, - 0x1d, 0x20, 0x04, 0x5e, 0x30, 0x5c, 0x30, 0x5a, 0x06, 0x04, 0x55, 0x1d, - 0x20, 0x00, 0x30, 0x52, 0x30, 0x26, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x73, 0x79, 0x6d, 0x61, 0x75, 0x74, 0x68, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x28, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02, 0x30, 0x1c, 0x1a, 0x1a, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x73, - 0x79, 0x6d, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, - 0x70, 0x61, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x29, 0x30, - 0x27, 0x30, 0x25, 0xa0, 0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x73, 0x31, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x63, 0x61, 0x33, 0x2d, 0x67, 0x35, - 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, - 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x29, 0x06, 0x03, - 0x55, 0x1d, 0x11, 0x04, 0x22, 0x30, 0x20, 0xa4, 0x1e, 0x30, 0x1c, 0x31, - 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x53, 0x79, - 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, 0x50, 0x4b, 0x49, 0x2d, 0x31, 0x2d, - 0x35, 0x33, 0x33, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, - 0x04, 0x14, 0x01, 0x59, 0xab, 0xe7, 0xdd, 0x3a, 0x0b, 0x59, 0xa6, 0x64, - 0x63, 0xd6, 0xcf, 0x20, 0x07, 0x57, 0xd5, 0x91, 0xe7, 0x6a, 0x30, 0x1f, - 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7f, - 0xd3, 0x65, 0xa7, 0xc2, 0xdd, 0xec, 0xbb, 0xf0, 0x30, 0x09, 0xf3, 0x43, - 0x39, 0xfa, 0x02, 0xaf, 0x33, 0x31, 0x33, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x01, 0x00, 0x42, 0x01, 0x55, 0x7b, 0xd0, 0x16, 0x1a, 0x5d, 0x58, - 0xe8, 0xbb, 0x9b, 0xa8, 0x4d, 0xd7, 0xf3, 0xd7, 0xeb, 0x13, 0x94, 0x86, - 0xd6, 0x7f, 0x21, 0x0b, 0x47, 0xbc, 0x57, 0x9b, 0x92, 0x5d, 0x4f, 0x05, - 0x9f, 0x38, 0xa4, 0x10, 0x7c, 0xcf, 0x83, 0xbe, 0x06, 0x43, 0x46, 0x8d, - 0x08, 0xbc, 0x6a, 0xd7, 0x10, 0xa6, 0xfa, 0xab, 0xaf, 0x2f, 0x61, 0xa8, - 0x63, 0xf2, 0x65, 0xdf, 0x7f, 0x4c, 0x88, 0x12, 0x88, 0x4f, 0xb3, 0x69, - 0xd9, 0xff, 0x27, 0xc0, 0x0a, 0x97, 0x91, 0x8f, 0x56, 0xfb, 0x89, 0xc4, - 0xa8, 0xbb, 0x92, 0x2d, 0x1b, 0x73, 0xb0, 0xc6, 0xab, 0x36, 0xf4, 0x96, - 0x6c, 0x20, 0x08, 0xef, 0x0a, 0x1e, 0x66, 0x24, 0x45, 0x4f, 0x67, 0x00, - 0x40, 0xc8, 0x07, 0x54, 0x74, 0x33, 0x3b, 0xa6, 0xad, 0xbb, 0x23, 0x9f, - 0x66, 0xed, 0xa2, 0x44, 0x70, 0x34, 0xfb, 0x0e, 0xea, 0x01, 0xfd, 0xcf, - 0x78, 0x74, 0xdf, 0xa7, 0xad, 0x55, 0xb7, 0x5f, 0x4d, 0xf6, 0xd6, 0x3f, - 0xe0, 0x86, 0xce, 0x24, 0xc7, 0x42, 0xa9, 0x13, 0x14, 0x44, 0x35, 0x4b, - 0xb6, 0xdf, 0xc9, 0x60, 0xac, 0x0c, 0x7f, 0xd9, 0x93, 0x21, 0x4b, 0xee, - 0x9c, 0xe4, 0x49, 0x02, 0x98, 0xd3, 0x60, 0x7b, 0x5c, 0xbc, 0xd5, 0x30, - 0x2f, 0x07, 0xce, 0x44, 0x42, 0xc4, 0x0b, 0x99, 0xfe, 0xe6, 0x9f, 0xfc, - 0xb0, 0x78, 0x86, 0x51, 0x6d, 0xd1, 0x2c, 0x9d, 0xc6, 0x96, 0xfb, 0x85, - 0x82, 0xbb, 0x04, 0x2f, 0xf7, 0x62, 0x80, 0xef, 0x62, 0xda, 0x7f, 0xf6, - 0x0e, 0xac, 0x90, 0xb8, 0x56, 0xbd, 0x79, 0x3f, 0xf2, 0x80, 0x6e, 0xa3, - 0xd9, 0xb9, 0x0f, 0x5d, 0x3a, 0x07, 0x1d, 0x91, 0x93, 0x86, 0x4b, 0x29, - 0x4c, 0xe1, 0xdc, 0xb5, 0xe1, 0xe0, 0x33, 0x9d, 0xb3, 0xcb, 0x36, 0x91, - 0x4b, 0xfe, 0xa1, 0xb4, 0xee, 0xf0, 0xf9, -} - -var certSet2Cert43 = []byte{ - 0x30, 0x82, 0x05, 0x38, 0x30, 0x82, 0x04, 0x20, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x51, 0x3f, 0xb9, 0x74, 0x38, 0x70, 0xb7, 0x34, 0x40, - 0x41, 0x8d, 0x30, 0x93, 0x06, 0x99, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xca, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x16, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x31, 0x3a, 0x30, 0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x31, 0x28, - 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x36, 0x20, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, - 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, - 0x31, 0x45, 0x30, 0x43, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x3c, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6c, 0x61, 0x73, - 0x73, 0x20, 0x33, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x35, 0x30, - 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x30, 0x33, 0x31, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x31, 0x30, 0x33, 0x30, - 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x7e, 0x31, 0x0b, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x1d, - 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x14, 0x53, 0x79, 0x6d, - 0x61, 0x6e, 0x74, 0x65, 0x63, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x16, 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, - 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x31, 0x2f, 0x30, 0x2d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x26, 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, 0x20, 0x43, 0x6c, - 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, - 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, 0x20, 0x2d, - 0x20, 0x47, 0x34, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xb2, 0xd8, 0x05, 0xca, 0x1c, 0x74, 0x2d, 0xb5, 0x17, 0x56, 0x39, 0xc5, - 0x4a, 0x52, 0x09, 0x96, 0xe8, 0x4b, 0xd8, 0x0c, 0xf1, 0x68, 0x9f, 0x9a, - 0x42, 0x28, 0x62, 0xc3, 0xa5, 0x30, 0x53, 0x7e, 0x55, 0x11, 0x82, 0x5b, - 0x03, 0x7a, 0x0d, 0x2f, 0xe1, 0x79, 0x04, 0xc9, 0xb4, 0x96, 0x77, 0x19, - 0x81, 0x01, 0x94, 0x59, 0xf9, 0xbc, 0xf7, 0x7a, 0x99, 0x27, 0x82, 0x2d, - 0xb7, 0x83, 0xdd, 0x5a, 0x27, 0x7f, 0xb2, 0x03, 0x7a, 0x9c, 0x53, 0x25, - 0xe9, 0x48, 0x1f, 0x46, 0x4f, 0xc8, 0x9d, 0x29, 0xf8, 0xbe, 0x79, 0x56, - 0xf6, 0xf7, 0xfd, 0xd9, 0x3a, 0x68, 0xda, 0x8b, 0x4b, 0x82, 0x33, 0x41, - 0x12, 0xc3, 0xc8, 0x3c, 0xcc, 0xd6, 0x96, 0x7a, 0x84, 0x21, 0x1a, 0x22, - 0x04, 0x03, 0x27, 0x17, 0x8b, 0x1c, 0x68, 0x61, 0x93, 0x0f, 0x0e, 0x51, - 0x80, 0x33, 0x1d, 0xb4, 0xb5, 0xce, 0xeb, 0x7e, 0xd0, 0x62, 0xac, 0xee, - 0xb3, 0x7b, 0x01, 0x74, 0xef, 0x69, 0x35, 0xeb, 0xca, 0xd5, 0x3d, 0xa9, - 0xee, 0x97, 0x98, 0xca, 0x8d, 0xaa, 0x44, 0x0e, 0x25, 0x99, 0x4a, 0x15, - 0x96, 0xa4, 0xce, 0x6d, 0x02, 0x54, 0x1f, 0x2a, 0x6a, 0x26, 0xe2, 0x06, - 0x3a, 0x63, 0x48, 0xac, 0xb4, 0x4c, 0xd1, 0x75, 0x93, 0x50, 0xff, 0x13, - 0x2f, 0xd6, 0xda, 0xe1, 0xc6, 0x18, 0xf5, 0x9f, 0xc9, 0x25, 0x5d, 0xf3, - 0x00, 0x3a, 0xde, 0x26, 0x4d, 0xb4, 0x29, 0x09, 0xcd, 0x0f, 0x3d, 0x23, - 0x6f, 0x16, 0x4a, 0x81, 0x16, 0xfb, 0xf2, 0x83, 0x10, 0xc3, 0xb8, 0xd6, - 0xd8, 0x55, 0x32, 0x3d, 0xf1, 0xbd, 0x0f, 0xbd, 0x8c, 0x52, 0x95, 0x4a, - 0x16, 0x97, 0x7a, 0x52, 0x21, 0x63, 0x75, 0x2f, 0x16, 0xf9, 0xc4, 0x66, - 0xbe, 0xf5, 0xb5, 0x09, 0xd8, 0xff, 0x27, 0x00, 0xcd, 0x44, 0x7c, 0x6f, - 0x4b, 0x3f, 0xb0, 0xf7, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, - 0x63, 0x30, 0x82, 0x01, 0x5f, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, - 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, - 0x00, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x29, 0x30, 0x27, - 0x30, 0x25, 0xa0, 0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x73, 0x31, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x63, 0x61, 0x33, 0x2d, 0x67, 0x35, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, - 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x2f, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x23, 0x30, 0x21, 0x30, - 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, - 0x13, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x73, 0x32, 0x2e, 0x73, - 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x6b, 0x06, 0x03, - 0x55, 0x1d, 0x20, 0x04, 0x64, 0x30, 0x62, 0x30, 0x60, 0x06, 0x0a, 0x60, - 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, 0x07, 0x36, 0x30, 0x52, 0x30, - 0x26, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, - 0x1a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, - 0x73, 0x79, 0x6d, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x63, 0x70, 0x73, 0x30, 0x28, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x02, 0x02, 0x30, 0x1c, 0x1a, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x73, 0x79, 0x6d, 0x61, 0x75, 0x74, - 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x70, 0x61, 0x30, 0x29, 0x06, - 0x03, 0x55, 0x1d, 0x11, 0x04, 0x22, 0x30, 0x20, 0xa4, 0x1e, 0x30, 0x1c, - 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x53, - 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, 0x50, 0x4b, 0x49, 0x2d, 0x31, - 0x2d, 0x35, 0x33, 0x34, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, - 0x16, 0x04, 0x14, 0x5f, 0x60, 0xcf, 0x61, 0x90, 0x55, 0xdf, 0x84, 0x43, - 0x14, 0x8a, 0x60, 0x2a, 0xb2, 0xf5, 0x7a, 0xf4, 0x43, 0x18, 0xef, 0x30, - 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, - 0x7f, 0xd3, 0x65, 0xa7, 0xc2, 0xdd, 0xec, 0xbb, 0xf0, 0x30, 0x09, 0xf3, - 0x43, 0x39, 0xfa, 0x02, 0xaf, 0x33, 0x31, 0x33, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x5e, 0x94, 0x56, 0x49, 0xdd, 0x8e, 0x2d, 0x65, - 0xf5, 0xc1, 0x36, 0x51, 0xb6, 0x03, 0xe3, 0xda, 0x9e, 0x73, 0x19, 0xf2, - 0x1f, 0x59, 0xab, 0x58, 0x7e, 0x6c, 0x26, 0x05, 0x2c, 0xfa, 0x81, 0xd7, - 0x5c, 0x23, 0x17, 0x22, 0x2c, 0x37, 0x93, 0xf7, 0x86, 0xec, 0x85, 0xe6, - 0xb0, 0xa3, 0xfd, 0x1f, 0xe2, 0x32, 0xa8, 0x45, 0x6f, 0xe1, 0xd9, 0xfb, - 0xb9, 0xaf, 0xd2, 0x70, 0xa0, 0x32, 0x42, 0x65, 0xbf, 0x84, 0xfe, 0x16, - 0x2a, 0x8f, 0x3f, 0xc5, 0xa6, 0xd6, 0xa3, 0x93, 0x7d, 0x43, 0xe9, 0x74, - 0x21, 0x91, 0x35, 0x28, 0xf4, 0x63, 0xe9, 0x2e, 0xed, 0xf7, 0xf5, 0x5c, - 0x7f, 0x4b, 0x9a, 0xb5, 0x20, 0xe9, 0x0a, 0xbd, 0xe0, 0x45, 0x10, 0x0c, - 0x14, 0x94, 0x9a, 0x5d, 0xa5, 0xe3, 0x4b, 0x91, 0xe8, 0x24, 0x9b, 0x46, - 0x40, 0x65, 0xf4, 0x22, 0x72, 0xcd, 0x99, 0xf8, 0x88, 0x11, 0xf5, 0xf3, - 0x7f, 0xe6, 0x33, 0x82, 0xe6, 0xa8, 0xc5, 0x7e, 0xfe, 0xd0, 0x08, 0xe2, - 0x25, 0x58, 0x08, 0x71, 0x68, 0xe6, 0xcd, 0xa2, 0xe6, 0x14, 0xde, 0x4e, - 0x52, 0x24, 0x2d, 0xfd, 0xe5, 0x79, 0x13, 0x53, 0xe7, 0x5e, 0x2f, 0x2d, - 0x4d, 0x1b, 0x6d, 0x40, 0x15, 0x52, 0x2b, 0xf7, 0x87, 0x89, 0x78, 0x12, - 0x81, 0x6e, 0xd9, 0x4d, 0xaa, 0x2d, 0x78, 0xd4, 0xc2, 0x2c, 0x3d, 0x08, - 0x5f, 0x87, 0x91, 0x9e, 0x1f, 0x0e, 0xb0, 0xde, 0x30, 0x52, 0x64, 0x86, - 0x89, 0xaa, 0x9d, 0x66, 0x9c, 0x0e, 0x76, 0x0c, 0x80, 0xf2, 0x74, 0xd8, - 0x2a, 0xf8, 0xb8, 0x3a, 0xce, 0xd7, 0xd6, 0x0f, 0x11, 0xbe, 0x6b, 0xab, - 0x14, 0xf5, 0xbd, 0x41, 0xa0, 0x22, 0x63, 0x89, 0xf1, 0xba, 0x0f, 0x6f, - 0x29, 0x63, 0x66, 0x2d, 0x3f, 0xac, 0x8c, 0x72, 0xc5, 0xfb, 0xc7, 0xe4, - 0xd4, 0x0f, 0xf2, 0x3b, 0x4f, 0x8c, 0x29, 0xc7, -} - -var certSet2Cert44 = []byte{ - 0x30, 0x82, 0x05, 0x86, 0x30, 0x82, 0x04, 0x6e, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x04, 0x07, 0x27, 0x9a, 0xa9, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x5a, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, - 0x45, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x09, - 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x31, 0x13, 0x30, - 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0a, 0x43, 0x79, 0x62, 0x65, - 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x19, 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, - 0x72, 0x65, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, - 0x31, 0x32, 0x31, 0x39, 0x32, 0x30, 0x30, 0x37, 0x33, 0x32, 0x5a, 0x17, - 0x0d, 0x31, 0x37, 0x31, 0x32, 0x31, 0x39, 0x32, 0x30, 0x30, 0x36, 0x35, - 0x35, 0x5a, 0x30, 0x81, 0x8b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, - 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, - 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, - 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, - 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x0c, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, - 0x74, 0x20, 0x49, 0x54, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, - 0x20, 0x49, 0x54, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x53, 0x48, 0x41, 0x32, - 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, - 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xd1, 0xe8, 0x37, - 0xa7, 0x76, 0x8a, 0x70, 0x4b, 0x19, 0xf0, 0x20, 0x37, 0x09, 0x24, 0x37, - 0x7f, 0xea, 0xfb, 0x78, 0xe6, 0x05, 0xba, 0x6a, 0xad, 0x4e, 0x27, 0x0d, - 0xfc, 0x72, 0x6a, 0xd9, 0x6c, 0x21, 0xc4, 0x64, 0x11, 0x95, 0x73, 0x10, - 0x0a, 0x5c, 0x25, 0x7b, 0x88, 0x6c, 0x94, 0x04, 0xfd, 0xc7, 0xdb, 0xae, - 0x7b, 0xdc, 0x4a, 0x08, 0xb3, 0x3e, 0x16, 0xf1, 0xd0, 0xad, 0xdb, 0x30, - 0x6d, 0xd7, 0x1a, 0x1e, 0x52, 0xb5, 0x3d, 0xf0, 0x47, 0x19, 0x03, 0xe2, - 0x7d, 0xa6, 0xbd, 0x57, 0x13, 0x3f, 0x54, 0xea, 0x3a, 0xa3, 0xb1, 0x77, - 0xfc, 0x42, 0xf0, 0x63, 0x49, 0x6a, 0x91, 0x80, 0x2e, 0x30, 0x49, 0xc0, - 0x8a, 0xeb, 0x2b, 0xaf, 0xfe, 0x3a, 0xeb, 0x07, 0x5d, 0x06, 0xf7, 0xe9, - 0xfd, 0x84, 0x0e, 0x91, 0xbd, 0x09, 0x20, 0x29, 0xe8, 0x6e, 0x5d, 0x09, - 0xce, 0x15, 0xd3, 0xe7, 0xef, 0xdb, 0x50, 0xeb, 0x44, 0xef, 0x18, 0x57, - 0xab, 0x04, 0x1d, 0xbc, 0x31, 0xf9, 0xf7, 0x7b, 0x2a, 0x13, 0xcf, 0xd1, - 0x3d, 0x51, 0xaf, 0x1b, 0xc5, 0xb5, 0x7b, 0xe7, 0xb0, 0xfc, 0x53, 0xbb, - 0x9a, 0xe7, 0x63, 0xde, 0x41, 0x33, 0xb6, 0x47, 0x24, 0x69, 0x5d, 0xb8, - 0x46, 0xa7, 0xff, 0xad, 0xab, 0xdf, 0x4f, 0x7a, 0x78, 0x25, 0x27, 0x21, - 0x26, 0x34, 0xca, 0x02, 0x6e, 0x37, 0x51, 0xf0, 0xed, 0x58, 0x1a, 0x60, - 0x94, 0xf6, 0xc4, 0x93, 0xd8, 0xdd, 0x30, 0x24, 0x25, 0xd7, 0x1c, 0xeb, - 0x19, 0x94, 0x35, 0x5d, 0x93, 0xb2, 0xae, 0xaa, 0x29, 0x83, 0x73, 0xc4, - 0x74, 0x59, 0x05, 0x52, 0x67, 0x9d, 0xda, 0x67, 0x51, 0x39, 0x05, 0x3a, - 0x36, 0xea, 0xf2, 0x1e, 0x76, 0x2b, 0x14, 0xae, 0xec, 0x3d, 0xf9, 0x14, - 0x99, 0x8b, 0x07, 0x6e, 0xbc, 0xe7, 0x0c, 0x56, 0xde, 0xac, 0xbe, 0xae, - 0xdb, 0x75, 0x32, 0x90, 0x9e, 0x63, 0xbd, 0x74, 0xbf, 0xe0, 0x0a, 0xca, - 0xf8, 0x34, 0x96, 0x67, 0x84, 0xcd, 0xd1, 0x42, 0x38, 0x78, 0xc7, 0x99, - 0xb6, 0x0c, 0xce, 0xb6, 0x0f, 0xe9, 0x1b, 0xcb, 0xf4, 0x59, 0xbe, 0x11, - 0x0e, 0xcb, 0x2c, 0x32, 0xc8, 0xfa, 0x83, 0x29, 0x64, 0x79, 0x3c, 0x8b, - 0x4b, 0xf0, 0x32, 0x74, 0x6c, 0xf3, 0x93, 0xb8, 0x96, 0x6b, 0x5d, 0x57, - 0x5a, 0x68, 0xc1, 0xcc, 0x0c, 0x79, 0x8a, 0x19, 0xde, 0xf5, 0x49, 0x02, - 0x5e, 0x08, 0x80, 0x01, 0x89, 0x0c, 0x32, 0xcd, 0xd2, 0xd6, 0x96, 0xd5, - 0x4b, 0xa0, 0xf3, 0xec, 0xbf, 0xab, 0xf4, 0x7d, 0xb3, 0xa1, 0xb9, 0x7c, - 0xda, 0x4e, 0xd7, 0xe5, 0xb7, 0xac, 0xb9, 0xf2, 0x25, 0x5f, 0x01, 0xcb, - 0x8c, 0x96, 0xa8, 0x28, 0xae, 0xc1, 0x33, 0x5a, 0xf6, 0x3f, 0x08, 0x90, - 0xdc, 0xeb, 0xff, 0x39, 0xd8, 0x26, 0xc8, 0x12, 0x9d, 0x1c, 0x9a, 0xaa, - 0xa9, 0xc0, 0x16, 0x8e, 0x86, 0xed, 0x67, 0x52, 0x96, 0x00, 0x7f, 0x0d, - 0x92, 0x3d, 0x3d, 0xd9, 0x70, 0x36, 0xe5, 0xea, 0x42, 0x6f, 0x1f, 0xae, - 0x95, 0xe5, 0x5b, 0x5d, 0xf8, 0xd0, 0x3a, 0xc7, 0xd4, 0xde, 0x77, 0x86, - 0xd0, 0xfc, 0x9e, 0x4e, 0xe2, 0xe2, 0xb8, 0xa9, 0x68, 0x37, 0x09, 0xc4, - 0x39, 0xe3, 0x85, 0xb8, 0x89, 0xf3, 0x1f, 0x6e, 0xb7, 0x6d, 0x1f, 0x4a, - 0x2f, 0x18, 0x09, 0x6f, 0xde, 0x4a, 0x01, 0x8f, 0x14, 0xc9, 0xb7, 0xa6, - 0xee, 0xa7, 0x63, 0x9f, 0x33, 0xa4, 0x54, 0x7c, 0x42, 0x83, 0x68, 0xb8, - 0xa5, 0xdf, 0xbf, 0xec, 0xb9, 0x1a, 0x5d, 0x13, 0x3b, 0xd9, 0xad, 0x68, - 0xfd, 0x20, 0x0a, 0x55, 0x91, 0x21, 0x64, 0xf9, 0xd7, 0x13, 0x01, 0xa0, - 0x08, 0x5d, 0x59, 0x89, 0x1b, 0x44, 0xaf, 0xa4, 0xac, 0xc7, 0x05, 0x10, - 0xfa, 0x41, 0x4a, 0xa8, 0xfb, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, - 0x01, 0x20, 0x30, 0x82, 0x01, 0x1c, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, - 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, - 0x01, 0x00, 0x30, 0x53, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x4c, 0x30, - 0x4a, 0x30, 0x48, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xb1, 0x3e, - 0x01, 0x00, 0x30, 0x3b, 0x30, 0x39, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x02, 0x01, 0x16, 0x2d, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x63, 0x79, 0x62, 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x6f, 0x6d, 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2e, - 0x63, 0x66, 0x6d, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, - 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x03, 0x02, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, - 0x16, 0x80, 0x14, 0xe5, 0x9d, 0x59, 0x30, 0x82, 0x47, 0x58, 0xcc, 0xac, - 0xfa, 0x08, 0x54, 0x36, 0x86, 0x7b, 0x3a, 0xb5, 0x04, 0x4d, 0xf0, 0x30, - 0x42, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x3b, 0x30, 0x39, 0x30, 0x37, - 0xa0, 0x35, 0xa0, 0x33, 0x86, 0x31, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x63, 0x64, 0x70, 0x31, 0x2e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, - 0x2d, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, - 0x52, 0x4c, 0x2f, 0x4f, 0x6d, 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x32, - 0x30, 0x32, 0x35, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x51, 0xaf, 0x24, 0x26, 0x9c, 0xf4, - 0x68, 0x22, 0x57, 0x80, 0x26, 0x2b, 0x3b, 0x46, 0x62, 0x15, 0x7b, 0x1e, - 0xcc, 0xa5, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x76, 0x85, - 0xc5, 0x23, 0x31, 0x1f, 0xb4, 0x73, 0xea, 0xa0, 0xbc, 0xa5, 0xed, 0xdf, - 0x45, 0x43, 0x6a, 0x7f, 0x69, 0x20, 0x1b, 0x80, 0xb2, 0xfb, 0x1c, 0xdd, - 0xaa, 0x7f, 0x88, 0xd3, 0x31, 0x41, 0x36, 0xf7, 0xfb, 0xfb, 0x6b, 0xad, - 0x98, 0x8c, 0x78, 0x1f, 0x9d, 0x11, 0x67, 0x3a, 0xcd, 0x4b, 0xec, 0xa8, - 0xbc, 0x9d, 0x15, 0x19, 0xc4, 0x3b, 0x0b, 0xa7, 0x93, 0xce, 0xe8, 0xfc, - 0x9d, 0x5b, 0xe8, 0x1f, 0xcb, 0x56, 0xae, 0x76, 0x43, 0x2b, 0xc7, 0x13, - 0x51, 0x77, 0x41, 0xa8, 0x66, 0x4c, 0x5f, 0xa7, 0xd1, 0xd7, 0xaa, 0x75, - 0xc5, 0x1b, 0x29, 0x4c, 0xc9, 0xf4, 0x6d, 0xa1, 0x5e, 0xa1, 0x85, 0x93, - 0x16, 0xc2, 0xcb, 0x3b, 0xab, 0x14, 0x7d, 0x44, 0xfd, 0xda, 0x25, 0x29, - 0x86, 0x2a, 0xfe, 0x63, 0x20, 0xca, 0xd2, 0x0b, 0xc2, 0x34, 0x15, 0xbb, - 0xaf, 0x5b, 0x7f, 0x8a, 0xe0, 0xaa, 0xed, 0x45, 0xa6, 0xea, 0x79, 0xdb, - 0xd8, 0x35, 0x66, 0x54, 0x43, 0xde, 0x37, 0x33, 0xd1, 0xe4, 0xe0, 0xcd, - 0x57, 0xca, 0x71, 0xb0, 0x7d, 0xe9, 0x16, 0x77, 0x64, 0xe8, 0x59, 0x97, - 0xb9, 0xd5, 0x2e, 0xd1, 0xb4, 0x91, 0xda, 0x77, 0x71, 0xf3, 0x4a, 0x0f, - 0x48, 0xd2, 0x34, 0x99, 0x60, 0x95, 0x37, 0xac, 0x1f, 0x01, 0xcd, 0x10, - 0x9d, 0xe8, 0x2a, 0xa5, 0x20, 0xc7, 0x50, 0x9b, 0xb3, 0x6c, 0x49, 0x78, - 0x2b, 0x58, 0x92, 0x64, 0x89, 0xb8, 0x95, 0x36, 0xa8, 0x34, 0xaa, 0xf0, - 0x41, 0xd2, 0x95, 0x5a, 0x24, 0x54, 0x97, 0x4d, 0x6e, 0x05, 0xc4, 0x95, - 0xad, 0xc4, 0x7a, 0xa3, 0x39, 0xfb, 0x79, 0x06, 0x8a, 0x9b, 0xa6, 0x4f, - 0xd9, 0x22, 0xfa, 0x44, 0x4e, 0x36, 0xf3, 0xc9, 0x0f, 0xa6, 0x39, 0xe7, - 0x80, 0xb2, 0x5e, 0xbf, 0xbd, 0x39, 0xd1, 0x46, 0xe5, 0x55, 0x47, 0xdb, - 0xbc, 0x6e, -} - -var certSet2Cert45 = []byte{ - 0x30, 0x82, 0x05, 0xa3, 0x30, 0x82, 0x03, 0x8b, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x67, 0x3f, 0x33, 0x4f, 0x21, 0x53, 0x36, 0x52, 0xc3, - 0x5e, 0x15, 0xd2, 0xfd, 0xb3, 0x02, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x55, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, - 0x4e, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, - 0x57, 0x6f, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x41, 0x20, 0x4c, 0x69, - 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, 0x2a, 0x30, 0x28, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x21, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x20, 0x6f, 0x66, 0x20, 0x57, 0x6f, 0x53, 0x69, 0x67, - 0x6e, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x39, 0x30, 0x38, 0x30, 0x38, 0x30, - 0x31, 0x30, 0x30, 0x30, 0x35, 0x5a, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x38, - 0x30, 0x38, 0x30, 0x31, 0x30, 0x30, 0x30, 0x35, 0x5a, 0x30, 0x4f, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, - 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x57, - 0x6f, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x41, 0x20, 0x4c, 0x69, 0x6d, - 0x69, 0x74, 0x65, 0x64, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x1b, 0x57, 0x6f, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6c, - 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x4f, 0x56, 0x20, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, - 0x01, 0x01, 0x00, 0xbc, 0x89, 0xbe, 0x61, 0x51, 0x53, 0xc8, 0x2b, 0x96, - 0x75, 0xb3, 0x5a, 0xd3, 0x0e, 0x34, 0xfe, 0x4a, 0xc2, 0x9f, 0xa3, 0x18, - 0x83, 0xa2, 0xac, 0xe3, 0x2e, 0x5e, 0x93, 0x79, 0x0b, 0x13, 0x49, 0x5e, - 0x93, 0xb2, 0x8f, 0x84, 0x10, 0xed, 0x91, 0x8f, 0x82, 0xba, 0xad, 0x67, - 0xdf, 0x33, 0x1b, 0xae, 0x84, 0xf2, 0x55, 0xb0, 0x5b, 0xf4, 0xb3, 0x9e, - 0xbc, 0xe6, 0x04, 0x0f, 0x1d, 0xef, 0x04, 0x5a, 0xa8, 0x0b, 0xec, 0x12, - 0x6d, 0x56, 0x19, 0x64, 0x70, 0x49, 0x0f, 0x57, 0x92, 0xf3, 0x5f, 0x21, - 0xa6, 0x4d, 0xb4, 0xd2, 0x96, 0x2b, 0x3c, 0x32, 0xb3, 0xef, 0x8f, 0x59, - 0x0b, 0x14, 0xba, 0x6e, 0xa2, 0x9e, 0x71, 0xdb, 0xf2, 0x88, 0x3f, 0x28, - 0x3b, 0xec, 0xce, 0xbe, 0x47, 0xac, 0x45, 0xc7, 0x8a, 0x9e, 0xfa, 0x61, - 0x93, 0xc5, 0x49, 0x17, 0xb6, 0x46, 0xb6, 0xf7, 0x99, 0x16, 0x8c, 0x1c, - 0x6e, 0x31, 0xae, 0x69, 0xce, 0xed, 0xc6, 0x24, 0x92, 0x70, 0xa1, 0xcb, - 0x96, 0xc3, 0x6c, 0x16, 0xd0, 0xee, 0xcc, 0x4f, 0x86, 0x33, 0xb3, 0x41, - 0xe6, 0x3d, 0x3d, 0xdb, 0x0e, 0x8c, 0x33, 0x74, 0xbb, 0xc3, 0xfc, 0x0b, - 0xa7, 0xfc, 0xd1, 0x71, 0xe2, 0xc1, 0x0c, 0xd4, 0xf7, 0xba, 0x3e, 0x80, - 0x90, 0xd4, 0x48, 0xeb, 0xa2, 0x83, 0x70, 0xd8, 0xdb, 0x30, 0x07, 0x29, - 0x89, 0xf9, 0x81, 0x21, 0x2c, 0xff, 0xeb, 0x47, 0xf6, 0x7a, 0x6d, 0x43, - 0x96, 0x67, 0x17, 0x3e, 0xf3, 0xe2, 0x73, 0x51, 0xc7, 0x76, 0x1e, 0xe9, - 0x1c, 0xa0, 0xec, 0x11, 0x1a, 0xb1, 0xcf, 0x1e, 0x2d, 0x9c, 0x55, 0xee, - 0x3b, 0xc6, 0x2d, 0xae, 0xdc, 0x66, 0x65, 0x91, 0xa2, 0x66, 0x9c, 0xac, - 0x82, 0xf1, 0xa4, 0x17, 0xb5, 0xd7, 0x43, 0x83, 0xc3, 0x88, 0xa0, 0x64, - 0xde, 0xca, 0x72, 0x45, 0xdc, 0x38, 0xfb, 0x02, 0x03, 0x01, 0x00, 0x01, - 0xa3, 0x82, 0x01, 0x73, 0x30, 0x82, 0x01, 0x6f, 0x30, 0x0e, 0x06, 0x03, - 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x12, 0x06, 0x03, 0x55, - 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, - 0x02, 0x01, 0x00, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x29, - 0x30, 0x27, 0x30, 0x25, 0xa0, 0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x73, 0x31, 0x2e, 0x77, - 0x6f, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x61, - 0x31, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x71, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x65, 0x30, 0x63, 0x30, 0x27, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x1b, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x31, 0x2e, - 0x77, 0x6f, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, - 0x61, 0x31, 0x30, 0x38, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x02, 0x86, 0x2c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x61, - 0x69, 0x61, 0x31, 0x2e, 0x77, 0x6f, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x63, 0x61, 0x31, 0x2d, 0x63, 0x6c, 0x61, 0x73, 0x73, - 0x33, 0x2d, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x63, 0x65, 0x72, - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, - 0x2e, 0x81, 0xd9, 0xe3, 0x42, 0x79, 0x14, 0xa3, 0xcd, 0xd9, 0x54, 0x8a, - 0x6e, 0xf8, 0xde, 0x95, 0xaa, 0x8f, 0x98, 0x30, 0x1f, 0x06, 0x03, 0x55, - 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xe1, 0x66, 0xcf, 0x0e, - 0xd1, 0xf1, 0xb3, 0x4b, 0xb7, 0x06, 0x20, 0x14, 0xfe, 0x87, 0x12, 0xd5, - 0xf6, 0xfe, 0xfb, 0x3e, 0x30, 0x45, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, - 0x3e, 0x30, 0x3c, 0x30, 0x3a, 0x06, 0x0b, 0x2b, 0x06, 0x01, 0x04, 0x01, - 0x82, 0x9b, 0x51, 0x01, 0x03, 0x02, 0x30, 0x2b, 0x30, 0x29, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1d, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x73, - 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x2f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0xab, - 0x70, 0xaa, 0x64, 0xc4, 0x0b, 0x34, 0x91, 0xb9, 0x63, 0x20, 0x5e, 0xb0, - 0x9c, 0x21, 0xff, 0x25, 0x79, 0x6c, 0x57, 0x4e, 0x56, 0x44, 0x58, 0x83, - 0xb9, 0x00, 0xce, 0x2d, 0x65, 0xa8, 0x6d, 0x95, 0x38, 0xea, 0x82, 0x2d, - 0x55, 0x18, 0x60, 0x12, 0x7e, 0x1a, 0x1d, 0x6b, 0x62, 0x34, 0x2c, 0xd9, - 0xcd, 0x17, 0x00, 0x43, 0x84, 0x3e, 0xad, 0xbc, 0xff, 0x26, 0x85, 0x1f, - 0x4a, 0xa7, 0x46, 0x13, 0xb0, 0x7d, 0x3b, 0x0b, 0xd9, 0x4b, 0x9d, 0xb0, - 0xcf, 0x8d, 0xf4, 0x05, 0xcb, 0x12, 0x29, 0xfe, 0xe1, 0x97, 0xc7, 0xb7, - 0xc7, 0xaa, 0x53, 0x7e, 0x39, 0x2d, 0x9d, 0xf6, 0xd4, 0x5e, 0xb7, 0x8c, - 0x15, 0x6a, 0x81, 0xd2, 0x37, 0x1a, 0x43, 0x0e, 0xcb, 0xe6, 0x30, 0x21, - 0x43, 0x83, 0x69, 0x0f, 0xef, 0x6b, 0xcd, 0x10, 0xf9, 0x84, 0x60, 0xcf, - 0x89, 0xe9, 0x88, 0x10, 0x01, 0xaf, 0x09, 0xf3, 0x48, 0xbb, 0x07, 0x09, - 0x75, 0x01, 0x84, 0xfa, 0xb1, 0x1e, 0x51, 0x19, 0x8f, 0xc6, 0xc9, 0x85, - 0x65, 0x16, 0x5f, 0xe0, 0x56, 0x7e, 0xb7, 0xbf, 0x40, 0xc2, 0xd4, 0xd0, - 0x05, 0x1f, 0x93, 0x63, 0xc9, 0x24, 0x08, 0x3b, 0x91, 0xb2, 0x35, 0xe1, - 0xa4, 0x8f, 0x35, 0xdb, 0x24, 0x58, 0x75, 0x39, 0xe4, 0xdd, 0x10, 0x1a, - 0xb0, 0xdf, 0x13, 0x12, 0x73, 0x9e, 0x6d, 0xe7, 0x67, 0x3c, 0xdb, 0x1c, - 0x1c, 0xdd, 0x10, 0xdd, 0xcc, 0xf4, 0x07, 0x09, 0xb9, 0x2e, 0xe5, 0x75, - 0x6d, 0x97, 0xb7, 0x60, 0x5b, 0x89, 0x70, 0x81, 0xd2, 0x26, 0xd8, 0xc6, - 0x09, 0x2b, 0xb2, 0x05, 0x7f, 0xc4, 0xb8, 0x14, 0x41, 0x1e, 0x07, 0xf0, - 0x48, 0x41, 0x63, 0xcb, 0x0c, 0xaa, 0x45, 0x7e, 0x84, 0xf9, 0x33, 0xb3, - 0x58, 0x87, 0xbc, 0xb1, 0xd6, 0xc2, 0x65, 0xc7, 0x57, 0xc6, 0x95, 0xe8, - 0x85, 0x90, 0xb0, 0x62, 0x50, 0xf5, 0xee, 0x12, 0xf1, 0xd8, 0x7e, 0x73, - 0xcb, 0xc0, 0xc3, 0xa0, 0x25, 0x17, 0x23, 0x37, 0x91, 0xba, 0x63, 0xbd, - 0x84, 0xaf, 0xf3, 0x89, 0xe0, 0x51, 0xc2, 0x73, 0x35, 0x6d, 0x63, 0x86, - 0x21, 0xf2, 0x73, 0xbd, 0xc2, 0x47, 0xe0, 0x4d, 0x7e, 0x46, 0x37, 0x4b, - 0xd0, 0xf7, 0x61, 0x2a, 0xc7, 0x94, 0x50, 0x25, 0x36, 0xe8, 0xae, 0xda, - 0x2e, 0x1f, 0xb8, 0x08, 0xb2, 0x55, 0x7c, 0x6b, 0x66, 0x43, 0x8f, 0x02, - 0x1d, 0xdd, 0xa7, 0xeb, 0x98, 0x00, 0xa7, 0x25, 0x74, 0xf5, 0x93, 0x1b, - 0x6d, 0x26, 0xbb, 0x1d, 0xe5, 0xb7, 0xfc, 0x21, 0x25, 0x26, 0xd1, 0x77, - 0x1b, 0xa8, 0x6e, 0xaa, 0xc3, 0x4b, 0x64, 0x51, 0x7f, 0x91, 0x0e, 0x41, - 0x5c, 0x19, 0x83, 0xa1, 0xa8, 0x1f, 0x94, 0x99, 0x43, 0x0f, 0x99, 0xdb, - 0x18, 0xdc, 0x21, 0x6f, 0x76, 0xd1, 0x9e, 0xea, 0xa3, 0x76, 0xe0, 0xf0, - 0x09, 0xbc, 0xb9, 0xb4, 0xf7, 0x43, 0x6c, 0x1f, 0xd3, 0x2a, 0x86, 0x6a, - 0x2f, 0xe0, 0x6c, 0xf1, 0x83, 0x39, 0xd7, 0x70, 0xdb, 0xa2, 0x91, 0xab, - 0x54, 0xbe, 0xf4, 0x47, 0x88, 0x8c, 0xf0, 0x10, 0xd2, 0xe4, 0xad, 0xeb, - 0x7e, 0xb1, 0xba, 0x08, 0x4b, 0x67, 0x04, 0xa3, 0xf2, 0xe9, 0x90, 0x2b, - 0x81, 0xe3, 0x74, 0x76, 0x3d, 0x00, 0x9d, 0xd2, 0xbb, 0xfc, 0xa5, 0xa0, - 0x15, 0x1c, 0x28, 0xdf, 0x10, 0x4f, 0x47, 0xd7, 0x33, 0x46, 0x9d, 0xb2, - 0x57, 0xd2, 0xc6, 0x1f, 0xfb, 0xe4, 0x59, 0x4a, 0x2b, 0x28, 0xa9, 0x13, - 0xdd, 0xb9, 0xe9, 0x93, 0xb4, 0x88, 0xee, 0xe2, 0x5b, 0xa0, 0x07, 0x25, - 0xfe, 0x8a, 0x2e, 0x78, 0xe4, 0xb4, 0xe1, 0xd5, 0x1d, 0xf6, 0x1a, 0x3a, - 0xe3, 0x1c, 0x01, 0x2a, 0x1e, 0xa1, 0x86, 0x54, 0x9e, 0x49, 0xdc, 0xc9, - 0x59, 0xe3, 0x0d, 0x6d, 0x5a, 0x13, 0x36, -} - -var certSet2Cert46 = []byte{ - 0x30, 0x82, 0x05, 0xe1, 0x30, 0x82, 0x04, 0xc9, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x04, 0x07, 0x27, 0xaa, 0x47, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x5a, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, - 0x45, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x09, - 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x31, 0x13, 0x30, - 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0a, 0x43, 0x79, 0x62, 0x65, - 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x19, 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, - 0x72, 0x65, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, - 0x30, 0x35, 0x30, 0x37, 0x31, 0x37, 0x30, 0x34, 0x30, 0x39, 0x5a, 0x17, - 0x0d, 0x31, 0x38, 0x30, 0x35, 0x30, 0x37, 0x31, 0x37, 0x30, 0x33, 0x33, - 0x30, 0x5a, 0x30, 0x81, 0x8b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, - 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, - 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, - 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, - 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x0c, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, - 0x74, 0x20, 0x49, 0x54, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, - 0x20, 0x49, 0x54, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x53, 0x48, 0x41, 0x32, - 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, - 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xd1, 0xe8, 0x37, - 0xa7, 0x76, 0x8a, 0x70, 0x4b, 0x19, 0xf0, 0x20, 0x37, 0x09, 0x24, 0x37, - 0x7f, 0xea, 0xfb, 0x78, 0xe6, 0x05, 0xba, 0x6a, 0xad, 0x4e, 0x27, 0x0d, - 0xfc, 0x72, 0x6a, 0xd9, 0x6c, 0x21, 0xc4, 0x64, 0x11, 0x95, 0x73, 0x10, - 0x0a, 0x5c, 0x25, 0x7b, 0x88, 0x6c, 0x94, 0x04, 0xfd, 0xc7, 0xdb, 0xae, - 0x7b, 0xdc, 0x4a, 0x08, 0xb3, 0x3e, 0x16, 0xf1, 0xd0, 0xad, 0xdb, 0x30, - 0x6d, 0xd7, 0x1a, 0x1e, 0x52, 0xb5, 0x3d, 0xf0, 0x47, 0x19, 0x03, 0xe2, - 0x7d, 0xa6, 0xbd, 0x57, 0x13, 0x3f, 0x54, 0xea, 0x3a, 0xa3, 0xb1, 0x77, - 0xfc, 0x42, 0xf0, 0x63, 0x49, 0x6a, 0x91, 0x80, 0x2e, 0x30, 0x49, 0xc0, - 0x8a, 0xeb, 0x2b, 0xaf, 0xfe, 0x3a, 0xeb, 0x07, 0x5d, 0x06, 0xf7, 0xe9, - 0xfd, 0x84, 0x0e, 0x91, 0xbd, 0x09, 0x20, 0x29, 0xe8, 0x6e, 0x5d, 0x09, - 0xce, 0x15, 0xd3, 0xe7, 0xef, 0xdb, 0x50, 0xeb, 0x44, 0xef, 0x18, 0x57, - 0xab, 0x04, 0x1d, 0xbc, 0x31, 0xf9, 0xf7, 0x7b, 0x2a, 0x13, 0xcf, 0xd1, - 0x3d, 0x51, 0xaf, 0x1b, 0xc5, 0xb5, 0x7b, 0xe7, 0xb0, 0xfc, 0x53, 0xbb, - 0x9a, 0xe7, 0x63, 0xde, 0x41, 0x33, 0xb6, 0x47, 0x24, 0x69, 0x5d, 0xb8, - 0x46, 0xa7, 0xff, 0xad, 0xab, 0xdf, 0x4f, 0x7a, 0x78, 0x25, 0x27, 0x21, - 0x26, 0x34, 0xca, 0x02, 0x6e, 0x37, 0x51, 0xf0, 0xed, 0x58, 0x1a, 0x60, - 0x94, 0xf6, 0xc4, 0x93, 0xd8, 0xdd, 0x30, 0x24, 0x25, 0xd7, 0x1c, 0xeb, - 0x19, 0x94, 0x35, 0x5d, 0x93, 0xb2, 0xae, 0xaa, 0x29, 0x83, 0x73, 0xc4, - 0x74, 0x59, 0x05, 0x52, 0x67, 0x9d, 0xda, 0x67, 0x51, 0x39, 0x05, 0x3a, - 0x36, 0xea, 0xf2, 0x1e, 0x76, 0x2b, 0x14, 0xae, 0xec, 0x3d, 0xf9, 0x14, - 0x99, 0x8b, 0x07, 0x6e, 0xbc, 0xe7, 0x0c, 0x56, 0xde, 0xac, 0xbe, 0xae, - 0xdb, 0x75, 0x32, 0x90, 0x9e, 0x63, 0xbd, 0x74, 0xbf, 0xe0, 0x0a, 0xca, - 0xf8, 0x34, 0x96, 0x67, 0x84, 0xcd, 0xd1, 0x42, 0x38, 0x78, 0xc7, 0x99, - 0xb6, 0x0c, 0xce, 0xb6, 0x0f, 0xe9, 0x1b, 0xcb, 0xf4, 0x59, 0xbe, 0x11, - 0x0e, 0xcb, 0x2c, 0x32, 0xc8, 0xfa, 0x83, 0x29, 0x64, 0x79, 0x3c, 0x8b, - 0x4b, 0xf0, 0x32, 0x74, 0x6c, 0xf3, 0x93, 0xb8, 0x96, 0x6b, 0x5d, 0x57, - 0x5a, 0x68, 0xc1, 0xcc, 0x0c, 0x79, 0x8a, 0x19, 0xde, 0xf5, 0x49, 0x02, - 0x5e, 0x08, 0x80, 0x01, 0x89, 0x0c, 0x32, 0xcd, 0xd2, 0xd6, 0x96, 0xd5, - 0x4b, 0xa0, 0xf3, 0xec, 0xbf, 0xab, 0xf4, 0x7d, 0xb3, 0xa1, 0xb9, 0x7c, - 0xda, 0x4e, 0xd7, 0xe5, 0xb7, 0xac, 0xb9, 0xf2, 0x25, 0x5f, 0x01, 0xcb, - 0x8c, 0x96, 0xa8, 0x28, 0xae, 0xc1, 0x33, 0x5a, 0xf6, 0x3f, 0x08, 0x90, - 0xdc, 0xeb, 0xff, 0x39, 0xd8, 0x26, 0xc8, 0x12, 0x9d, 0x1c, 0x9a, 0xaa, - 0xa9, 0xc0, 0x16, 0x8e, 0x86, 0xed, 0x67, 0x52, 0x96, 0x00, 0x7f, 0x0d, - 0x92, 0x3d, 0x3d, 0xd9, 0x70, 0x36, 0xe5, 0xea, 0x42, 0x6f, 0x1f, 0xae, - 0x95, 0xe5, 0x5b, 0x5d, 0xf8, 0xd0, 0x3a, 0xc7, 0xd4, 0xde, 0x77, 0x86, - 0xd0, 0xfc, 0x9e, 0x4e, 0xe2, 0xe2, 0xb8, 0xa9, 0x68, 0x37, 0x09, 0xc4, - 0x39, 0xe3, 0x85, 0xb8, 0x89, 0xf3, 0x1f, 0x6e, 0xb7, 0x6d, 0x1f, 0x4a, - 0x2f, 0x18, 0x09, 0x6f, 0xde, 0x4a, 0x01, 0x8f, 0x14, 0xc9, 0xb7, 0xa6, - 0xee, 0xa7, 0x63, 0x9f, 0x33, 0xa4, 0x54, 0x7c, 0x42, 0x83, 0x68, 0xb8, - 0xa5, 0xdf, 0xbf, 0xec, 0xb9, 0x1a, 0x5d, 0x13, 0x3b, 0xd9, 0xad, 0x68, - 0xfd, 0x20, 0x0a, 0x55, 0x91, 0x21, 0x64, 0xf9, 0xd7, 0x13, 0x01, 0xa0, - 0x08, 0x5d, 0x59, 0x89, 0x1b, 0x44, 0xaf, 0xa4, 0xac, 0xc7, 0x05, 0x10, - 0xfa, 0x41, 0x4a, 0xa8, 0xfb, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, - 0x01, 0x7b, 0x30, 0x82, 0x01, 0x77, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, - 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, - 0x01, 0x00, 0x30, 0x60, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x59, 0x30, - 0x57, 0x30, 0x48, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xb1, 0x3e, - 0x01, 0x00, 0x30, 0x3b, 0x30, 0x39, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x02, 0x01, 0x16, 0x2d, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x63, 0x79, 0x62, 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x6f, 0x6d, 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2e, - 0x63, 0x66, 0x6d, 0x30, 0x0b, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, - 0x82, 0x37, 0x2a, 0x01, 0x30, 0x42, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x01, 0x01, 0x04, 0x36, 0x30, 0x34, 0x30, 0x32, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x26, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x6f, 0x6d, - 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x62, - 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x72, 0x6f, 0x6f, 0x74, - 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, - 0x03, 0x02, 0x01, 0x86, 0x30, 0x27, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, - 0x20, 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, - 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x1f, 0x06, - 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xe5, 0x9d, - 0x59, 0x30, 0x82, 0x47, 0x58, 0xcc, 0xac, 0xfa, 0x08, 0x54, 0x36, 0x86, - 0x7b, 0x3a, 0xb5, 0x04, 0x4d, 0xf0, 0x30, 0x42, 0x06, 0x03, 0x55, 0x1d, - 0x1f, 0x04, 0x3b, 0x30, 0x39, 0x30, 0x37, 0xa0, 0x35, 0xa0, 0x33, 0x86, - 0x31, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x64, 0x70, 0x31, - 0x2e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2d, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x52, 0x4c, 0x2f, 0x4f, 0x6d, - 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x32, 0x30, 0x32, 0x35, 0x2e, 0x63, - 0x72, 0x6c, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, - 0x14, 0x51, 0xaf, 0x24, 0x26, 0x9c, 0xf4, 0x68, 0x22, 0x57, 0x80, 0x26, - 0x2b, 0x3b, 0x46, 0x62, 0x15, 0x7b, 0x1e, 0xcc, 0xa5, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x01, 0x00, 0x69, 0x62, 0xf6, 0x84, 0x91, 0x00, 0xc4, - 0x6f, 0x82, 0x7b, 0x24, 0xe1, 0x42, 0xa2, 0xa5, 0x8b, 0x82, 0x5c, 0xa7, - 0xc5, 0x44, 0xcb, 0xe7, 0x52, 0x76, 0x63, 0xd3, 0x76, 0x9e, 0x78, 0xe2, - 0x69, 0x35, 0xb1, 0x38, 0xba, 0xb0, 0x96, 0xc6, 0x1f, 0xac, 0x7b, 0xc6, - 0xb2, 0x65, 0x77, 0x8b, 0x7d, 0x8d, 0xae, 0x64, 0xb9, 0xa5, 0x8c, 0x17, - 0xca, 0x58, 0x65, 0xc3, 0xad, 0x82, 0xf5, 0xc5, 0xa2, 0xf5, 0x01, 0x13, - 0x93, 0xc6, 0x7e, 0x44, 0xe5, 0xc4, 0x61, 0xfa, 0x03, 0xb6, 0x56, 0xc1, - 0x72, 0xe1, 0xc8, 0x28, 0xc5, 0x69, 0x21, 0x8f, 0xac, 0x6e, 0xfd, 0x7f, - 0x43, 0x83, 0x36, 0xb8, 0xc0, 0xd6, 0xa0, 0x28, 0xfe, 0x1a, 0x45, 0xbe, - 0xfd, 0x93, 0x8c, 0x8d, 0xa4, 0x64, 0x79, 0x1f, 0x14, 0xdb, 0xa1, 0x9f, - 0x21, 0xdc, 0xc0, 0x4e, 0x7b, 0x17, 0x22, 0x17, 0xb1, 0xb6, 0x3c, 0xd3, - 0x9b, 0xe2, 0x0a, 0xa3, 0x7e, 0x99, 0xb0, 0xc1, 0xac, 0xd8, 0xf4, 0x86, - 0xdf, 0x3c, 0xda, 0x7d, 0x14, 0x9c, 0x40, 0xc1, 0x7c, 0xd2, 0x18, 0x6f, - 0xf1, 0x4f, 0x26, 0x45, 0x09, 0x95, 0x94, 0x5c, 0xda, 0xd0, 0x98, 0xf8, - 0xf4, 0x4c, 0x82, 0x96, 0x10, 0xde, 0xac, 0x30, 0xcb, 0x2b, 0xae, 0xf9, - 0x92, 0xea, 0xbf, 0x79, 0x03, 0xfc, 0x1e, 0x3f, 0xac, 0x09, 0xa4, 0x3f, - 0x65, 0xfd, 0x91, 0x4f, 0x96, 0x24, 0xa7, 0xce, 0xb4, 0x4e, 0x6a, 0x96, - 0x29, 0x17, 0xae, 0xc0, 0xa8, 0xdf, 0x17, 0x22, 0xf4, 0x17, 0xe3, 0xdc, - 0x1c, 0x39, 0x06, 0x56, 0x10, 0xea, 0xea, 0xb5, 0x74, 0x17, 0x3c, 0x4e, - 0xdd, 0x7e, 0x91, 0x0a, 0xa8, 0x0b, 0x78, 0x07, 0xa7, 0x31, 0x44, 0x08, - 0x31, 0xab, 0x18, 0x84, 0x0f, 0x12, 0x9c, 0xe7, 0xde, 0x84, 0x2c, 0xe9, - 0x6d, 0x93, 0x45, 0xbf, 0xa8, 0xc1, 0x3f, 0x34, 0xdc, -} - -var certSet2Cert47 = []byte{ - 0x30, 0x82, 0x05, 0xec, 0x30, 0x82, 0x04, 0xd4, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x6e, 0xcc, 0x7a, 0xa5, 0xa7, 0x03, 0x20, 0x09, 0xb8, - 0xce, 0xbc, 0xf4, 0xe9, 0x52, 0xd4, 0x91, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, - 0xca, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x16, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x31, 0x3a, 0x30, 0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x31, 0x28, - 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x36, 0x20, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, - 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, - 0x31, 0x45, 0x30, 0x43, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x3c, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6c, 0x61, 0x73, - 0x73, 0x20, 0x33, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x35, 0x30, - 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x30, 0x32, 0x30, 0x38, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x32, 0x30, 0x37, - 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x81, 0xb5, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, - 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x3b, 0x30, - 0x39, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x32, 0x54, 0x65, 0x72, 0x6d, - 0x73, 0x20, 0x6f, 0x66, 0x20, 0x75, 0x73, 0x65, 0x20, 0x61, 0x74, 0x20, - 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, - 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x72, 0x70, 0x61, 0x20, 0x28, 0x63, 0x29, 0x31, 0x30, 0x31, 0x2f, - 0x30, 0x2d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x26, 0x56, 0x65, 0x72, - 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, - 0x33, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, - 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, - 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb1, 0x87, 0x84, 0x1f, - 0xc2, 0x0c, 0x45, 0xf5, 0xbc, 0xab, 0x25, 0x97, 0xa7, 0xad, 0xa2, 0x3e, - 0x9c, 0xba, 0xf6, 0xc1, 0x39, 0xb8, 0x8b, 0xca, 0xc2, 0xac, 0x56, 0xc6, - 0xe5, 0xbb, 0x65, 0x8e, 0x44, 0x4f, 0x4d, 0xce, 0x6f, 0xed, 0x09, 0x4a, - 0xd4, 0xaf, 0x4e, 0x10, 0x9c, 0x68, 0x8b, 0x2e, 0x95, 0x7b, 0x89, 0x9b, - 0x13, 0xca, 0xe2, 0x34, 0x34, 0xc1, 0xf3, 0x5b, 0xf3, 0x49, 0x7b, 0x62, - 0x83, 0x48, 0x81, 0x74, 0xd1, 0x88, 0x78, 0x6c, 0x02, 0x53, 0xf9, 0xbc, - 0x7f, 0x43, 0x26, 0x57, 0x58, 0x33, 0x83, 0x3b, 0x33, 0x0a, 0x17, 0xb0, - 0xd0, 0x4e, 0x91, 0x24, 0xad, 0x86, 0x7d, 0x64, 0x12, 0xdc, 0x74, 0x4a, - 0x34, 0xa1, 0x1d, 0x0a, 0xea, 0x96, 0x1d, 0x0b, 0x15, 0xfc, 0xa3, 0x4b, - 0x3b, 0xce, 0x63, 0x88, 0xd0, 0xf8, 0x2d, 0x0c, 0x94, 0x86, 0x10, 0xca, - 0xb6, 0x9a, 0x3d, 0xca, 0xeb, 0x37, 0x9c, 0x00, 0x48, 0x35, 0x86, 0x29, - 0x50, 0x78, 0xe8, 0x45, 0x63, 0xcd, 0x19, 0x41, 0x4f, 0xf5, 0x95, 0xec, - 0x7b, 0x98, 0xd4, 0xc4, 0x71, 0xb3, 0x50, 0xbe, 0x28, 0xb3, 0x8f, 0xa0, - 0xb9, 0x53, 0x9c, 0xf5, 0xca, 0x2c, 0x23, 0xa9, 0xfd, 0x14, 0x06, 0xe8, - 0x18, 0xb4, 0x9a, 0xe8, 0x3c, 0x6e, 0x81, 0xfd, 0xe4, 0xcd, 0x35, 0x36, - 0xb3, 0x51, 0xd3, 0x69, 0xec, 0x12, 0xba, 0x56, 0x6e, 0x6f, 0x9b, 0x57, - 0xc5, 0x8b, 0x14, 0xe7, 0x0e, 0xc7, 0x9c, 0xed, 0x4a, 0x54, 0x6a, 0xc9, - 0x4d, 0xc5, 0xbf, 0x11, 0xb1, 0xae, 0x1c, 0x67, 0x81, 0xcb, 0x44, 0x55, - 0x33, 0x99, 0x7f, 0x24, 0x9b, 0x3f, 0x53, 0x45, 0x7f, 0x86, 0x1a, 0xf3, - 0x3c, 0xfa, 0x6d, 0x7f, 0x81, 0xf5, 0xb8, 0x4a, 0xd3, 0xf5, 0x85, 0x37, - 0x1c, 0xb5, 0xa6, 0xd0, 0x09, 0xe4, 0x18, 0x7b, 0x38, 0x4e, 0xfa, 0x0f, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, - 0xdb, 0x30, 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, - 0x01, 0x04, 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, - 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x12, 0x06, 0x03, 0x55, - 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, - 0x02, 0x01, 0x00, 0x30, 0x70, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x69, - 0x30, 0x67, 0x30, 0x65, 0x06, 0x0b, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, - 0x45, 0x01, 0x07, 0x17, 0x03, 0x30, 0x56, 0x30, 0x28, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1c, 0x68, 0x74, 0x74, - 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x76, 0x65, 0x72, - 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, - 0x73, 0x30, 0x2a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, - 0x02, 0x30, 0x1e, 0x1a, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, - 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, - 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x70, 0x61, 0x30, 0x34, 0x06, - 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2d, 0x30, 0x2b, 0x30, 0x29, 0xa0, 0x27, - 0xa0, 0x25, 0x86, 0x23, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, - 0x72, 0x6c, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x63, 0x61, 0x33, 0x2d, 0x67, 0x35, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, - 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x6d, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0c, 0x04, 0x61, 0x30, 0x5f, 0xa1, - 0x5d, 0xa0, 0x5b, 0x30, 0x59, 0x30, 0x57, 0x30, 0x55, 0x16, 0x09, 0x69, - 0x6d, 0x61, 0x67, 0x65, 0x2f, 0x67, 0x69, 0x66, 0x30, 0x21, 0x30, 0x1f, - 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x8f, - 0xe5, 0xd3, 0x1a, 0x86, 0xac, 0x8d, 0x8e, 0x6b, 0xc3, 0xcf, 0x80, 0x6a, - 0xd4, 0x48, 0x18, 0x2c, 0x7b, 0x19, 0x2e, 0x30, 0x25, 0x16, 0x23, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6c, 0x6f, 0x67, 0x6f, 0x2e, 0x76, - 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x76, 0x73, 0x6c, 0x6f, 0x67, 0x6f, 0x2e, 0x67, 0x69, 0x66, 0x30, 0x28, - 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x21, 0x30, 0x1f, 0xa4, 0x1d, 0x30, - 0x1b, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x10, - 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x4d, 0x50, 0x4b, 0x49, - 0x2d, 0x32, 0x2d, 0x36, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, - 0x16, 0x04, 0x14, 0x0d, 0x44, 0x5c, 0x16, 0x53, 0x44, 0xc1, 0x82, 0x7e, - 0x1d, 0x20, 0xab, 0x25, 0xf4, 0x01, 0x63, 0xd8, 0xbe, 0x79, 0xa5, 0x30, - 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, - 0x7f, 0xd3, 0x65, 0xa7, 0xc2, 0xdd, 0xec, 0xbb, 0xf0, 0x30, 0x09, 0xf3, - 0x43, 0x39, 0xfa, 0x02, 0xaf, 0x33, 0x31, 0x33, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x0c, 0x83, 0x24, 0xef, 0xdd, 0xc3, 0x0c, 0xd9, - 0x58, 0x9c, 0xfe, 0x36, 0xb6, 0xeb, 0x8a, 0x80, 0x4b, 0xd1, 0xa3, 0xf7, - 0x9d, 0xf3, 0xcc, 0x53, 0xef, 0x82, 0x9e, 0xa3, 0xa1, 0xe6, 0x97, 0xc1, - 0x58, 0x9d, 0x75, 0x6c, 0xe0, 0x1d, 0x1b, 0x4c, 0xfa, 0xd1, 0xc1, 0x2d, - 0x05, 0xc0, 0xea, 0x6e, 0xb2, 0x22, 0x70, 0x55, 0xd9, 0x20, 0x33, 0x40, - 0x33, 0x07, 0xc2, 0x65, 0x83, 0xfa, 0x8f, 0x43, 0x37, 0x9b, 0xea, 0x0e, - 0x9a, 0x6c, 0x70, 0xee, 0xf6, 0x9c, 0x80, 0x3b, 0xd9, 0x37, 0xf4, 0x7a, - 0x6d, 0xec, 0xd0, 0x18, 0x7d, 0x49, 0x4a, 0xca, 0x99, 0xc7, 0x19, 0x28, - 0xa2, 0xbe, 0xd8, 0x77, 0x24, 0xf7, 0x85, 0x26, 0x86, 0x6d, 0x87, 0x05, - 0x40, 0x41, 0x67, 0xd1, 0x27, 0x3a, 0xed, 0xdc, 0x48, 0x1d, 0x22, 0xcd, - 0x0b, 0x0b, 0x8b, 0xbc, 0xf4, 0xb1, 0x7b, 0xfd, 0xb4, 0x99, 0xa8, 0xe9, - 0x76, 0x2a, 0xe1, 0x1a, 0x2d, 0x87, 0x6e, 0x74, 0xd3, 0x88, 0xdd, 0x1e, - 0x22, 0xc6, 0xdf, 0x16, 0xb6, 0x2b, 0x82, 0x14, 0x0a, 0x94, 0x5c, 0xf2, - 0x50, 0xec, 0xaf, 0xce, 0xff, 0x62, 0x37, 0x0d, 0xad, 0x65, 0xd3, 0x06, - 0x41, 0x53, 0xed, 0x02, 0x14, 0xc8, 0xb5, 0x58, 0x28, 0xa1, 0xac, 0xe0, - 0x5b, 0xec, 0xb3, 0x7f, 0x95, 0x4a, 0xfb, 0x03, 0xc8, 0xad, 0x26, 0xdb, - 0xe6, 0x66, 0x78, 0x12, 0x4a, 0xd9, 0x9f, 0x42, 0xfb, 0xe1, 0x98, 0xe6, - 0x42, 0x83, 0x9b, 0x8f, 0x8f, 0x67, 0x24, 0xe8, 0x61, 0x19, 0xb5, 0xdd, - 0xcd, 0xb5, 0x0b, 0x26, 0x05, 0x8e, 0xc3, 0x6e, 0xc4, 0xc8, 0x75, 0xb8, - 0x46, 0xcf, 0xe2, 0x18, 0x06, 0x5e, 0xa9, 0xae, 0xa8, 0x81, 0x9a, 0x47, - 0x16, 0xde, 0x0c, 0x28, 0x6c, 0x25, 0x27, 0xb9, 0xde, 0xb7, 0x84, 0x58, - 0xc6, 0x1f, 0x38, 0x1e, 0xa4, 0xc4, 0xcb, 0x66, -} - -var certSet2Cert48 = []byte{ - 0x30, 0x82, 0x06, 0x1e, 0x30, 0x82, 0x05, 0x06, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x2c, 0x48, 0xdd, 0x93, 0x0d, 0xf5, 0x59, 0x8e, 0xf9, - 0x3c, 0x99, 0x54, 0x7a, 0x60, 0xed, 0x43, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, - 0xca, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x16, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x31, 0x3a, 0x30, 0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x31, 0x28, - 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x36, 0x20, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, - 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, - 0x31, 0x45, 0x30, 0x43, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x3c, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6c, 0x61, 0x73, - 0x73, 0x20, 0x33, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x35, 0x30, - 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x31, 0x31, 0x30, 0x38, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x31, 0x30, 0x37, - 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x81, 0xbe, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, - 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x3b, 0x30, - 0x39, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x32, 0x54, 0x65, 0x72, 0x6d, - 0x73, 0x20, 0x6f, 0x66, 0x20, 0x75, 0x73, 0x65, 0x20, 0x61, 0x74, 0x20, - 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, - 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x72, 0x70, 0x61, 0x20, 0x28, 0x63, 0x29, 0x30, 0x36, 0x31, 0x38, - 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2f, 0x56, 0x65, 0x72, - 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, - 0x33, 0x20, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x20, 0x56, - 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, 0x53, - 0x4c, 0x20, 0x53, 0x47, 0x43, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xbd, 0x56, 0x88, 0xba, 0x88, 0x34, 0x64, - 0x64, 0xcf, 0xcd, 0xca, 0xb0, 0xee, 0xe7, 0x19, 0x73, 0xc5, 0x72, 0xd9, - 0xbb, 0x45, 0xbc, 0xb5, 0xa8, 0xff, 0x83, 0xbe, 0x1c, 0x03, 0xdb, 0xed, - 0x89, 0xb7, 0x2e, 0x10, 0x1a, 0x25, 0xbc, 0x55, 0xca, 0x41, 0xa1, 0x9f, - 0x0b, 0xcf, 0x19, 0x5e, 0x70, 0xb9, 0x5e, 0x39, 0x4b, 0x9e, 0x31, 0x1c, - 0x5f, 0x87, 0xae, 0x2a, 0xaa, 0xa8, 0x2b, 0xa2, 0x1b, 0x3b, 0x10, 0x23, - 0x5f, 0x13, 0xb1, 0xdd, 0x08, 0x8c, 0x4e, 0x14, 0xda, 0x83, 0x81, 0xe3, - 0xb5, 0x8c, 0xe3, 0x68, 0xed, 0x24, 0x67, 0xce, 0x56, 0xb6, 0xac, 0x9b, - 0x73, 0x96, 0x44, 0xdb, 0x8a, 0x8c, 0xb3, 0xd6, 0xf0, 0x71, 0x93, 0x8e, - 0xdb, 0x71, 0x54, 0x4a, 0xeb, 0x73, 0x59, 0x6a, 0x8f, 0x70, 0x51, 0x2c, - 0x03, 0x9f, 0x97, 0xd1, 0xcc, 0x11, 0x7a, 0xbc, 0x62, 0x0d, 0x95, 0x2a, - 0xc9, 0x1c, 0x75, 0x57, 0xe9, 0xf5, 0xc7, 0xea, 0xba, 0x84, 0x35, 0xcb, - 0xc7, 0x85, 0x5a, 0x7e, 0xe4, 0x4d, 0xe1, 0x11, 0x97, 0x7d, 0x0e, 0x20, - 0x34, 0x45, 0xdb, 0xf1, 0xa2, 0x09, 0xeb, 0xeb, 0x3d, 0x9e, 0xb8, 0x96, - 0x43, 0x5e, 0x34, 0x4b, 0x08, 0x25, 0x1e, 0x43, 0x1a, 0xa2, 0xd9, 0xb7, - 0x8a, 0x01, 0x34, 0x3d, 0xc3, 0xf8, 0xe5, 0xaf, 0x4f, 0x8c, 0xff, 0xcd, - 0x65, 0xf0, 0x23, 0x4e, 0xc5, 0x97, 0xb3, 0x5c, 0xda, 0x90, 0x1c, 0x82, - 0x85, 0x0d, 0x06, 0x0d, 0xc1, 0x22, 0xb6, 0x7b, 0x28, 0xa4, 0x03, 0xc3, - 0x4c, 0x53, 0xd1, 0x58, 0xbc, 0x72, 0xbc, 0x08, 0x39, 0xfc, 0xa0, 0x76, - 0xa8, 0xa8, 0xe9, 0x4b, 0x6e, 0x88, 0x3d, 0xe3, 0xb3, 0x31, 0x25, 0x8c, - 0x73, 0x29, 0x48, 0x0e, 0x32, 0x79, 0x06, 0xed, 0x3d, 0x43, 0xf4, 0xf6, - 0xe4, 0xe9, 0xfc, 0x7d, 0xbe, 0x8e, 0x08, 0xd5, 0x1f, 0x02, 0x03, 0x01, - 0x00, 0x01, 0xa3, 0x82, 0x02, 0x08, 0x30, 0x82, 0x02, 0x04, 0x30, 0x1d, - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x4e, 0x43, 0xc8, - 0x1d, 0x76, 0xef, 0x37, 0x53, 0x7a, 0x4f, 0xf2, 0x58, 0x6f, 0x94, 0xf3, - 0x38, 0xe2, 0xd5, 0xbd, 0xdf, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, - 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, - 0x00, 0x30, 0x3d, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x36, 0x30, 0x34, - 0x30, 0x32, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x2a, 0x30, 0x28, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1c, - 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, - 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x63, 0x70, 0x73, 0x30, 0x3d, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, - 0x36, 0x30, 0x34, 0x30, 0x32, 0xa0, 0x30, 0xa0, 0x2e, 0x86, 0x2c, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x45, 0x56, 0x53, 0x65, 0x63, 0x75, - 0x72, 0x65, 0x2d, 0x63, 0x72, 0x6c, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, - 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x63, 0x61, 0x33, - 0x2d, 0x67, 0x35, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, - 0x11, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x01, - 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x6d, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x01, 0x0c, 0x04, 0x61, 0x30, 0x5f, 0xa1, 0x5d, - 0xa0, 0x5b, 0x30, 0x59, 0x30, 0x57, 0x30, 0x55, 0x16, 0x09, 0x69, 0x6d, - 0x61, 0x67, 0x65, 0x2f, 0x67, 0x69, 0x66, 0x30, 0x21, 0x30, 0x1f, 0x30, - 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x8f, 0xe5, - 0xd3, 0x1a, 0x86, 0xac, 0x8d, 0x8e, 0x6b, 0xc3, 0xcf, 0x80, 0x6a, 0xd4, - 0x48, 0x18, 0x2c, 0x7b, 0x19, 0x2e, 0x30, 0x25, 0x16, 0x23, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6c, 0x6f, 0x67, 0x6f, 0x2e, 0x76, 0x65, - 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x76, - 0x73, 0x6c, 0x6f, 0x67, 0x6f, 0x2e, 0x67, 0x69, 0x66, 0x30, 0x29, 0x06, - 0x03, 0x55, 0x1d, 0x11, 0x04, 0x22, 0x30, 0x20, 0xa4, 0x1e, 0x30, 0x1c, - 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x43, - 0x6c, 0x61, 0x73, 0x73, 0x33, 0x43, 0x41, 0x32, 0x30, 0x34, 0x38, 0x2d, - 0x31, 0x2d, 0x34, 0x38, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, - 0x18, 0x30, 0x16, 0x80, 0x14, 0x7f, 0xd3, 0x65, 0xa7, 0xc2, 0xdd, 0xec, - 0xbb, 0xf0, 0x30, 0x09, 0xf3, 0x43, 0x39, 0xfa, 0x02, 0xaf, 0x33, 0x31, - 0x33, 0x30, 0x3d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, - 0x01, 0x04, 0x31, 0x30, 0x2f, 0x30, 0x2d, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x21, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x45, 0x56, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x2d, 0x6f, - 0x63, 0x73, 0x70, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, - 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x34, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, - 0x2d, 0x30, 0x2b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, - 0x04, 0x01, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, - 0x08, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x27, 0x74, 0xa6, 0x34, 0xea, 0x1d, - 0x9d, 0xe1, 0x53, 0xd6, 0x1c, 0x9d, 0x0c, 0xa7, 0x5b, 0x4c, 0xa9, 0x67, - 0xf2, 0xf0, 0x32, 0xb7, 0x01, 0x0f, 0xfb, 0x42, 0x18, 0x38, 0xde, 0xe4, - 0xee, 0x49, 0xc8, 0x13, 0xc9, 0x0b, 0xec, 0x04, 0xc3, 0x40, 0x71, 0x18, - 0x72, 0x76, 0x43, 0x02, 0x23, 0x5d, 0xab, 0x7b, 0xc8, 0x48, 0x14, 0x1a, - 0xc8, 0x7b, 0x1d, 0xfc, 0xf6, 0x0a, 0x9f, 0x36, 0xa1, 0xd2, 0x09, 0x73, - 0x71, 0x66, 0x96, 0x75, 0x51, 0x34, 0xbf, 0x99, 0x30, 0x51, 0x67, 0x9d, - 0x54, 0xb7, 0x26, 0x45, 0xac, 0x73, 0x08, 0x23, 0x86, 0x26, 0x99, 0x71, - 0xf4, 0x8e, 0xd7, 0xea, 0x39, 0x9b, 0x06, 0x09, 0x23, 0xbf, 0x62, 0xdd, - 0xa8, 0xc4, 0xb6, 0x7d, 0xa4, 0x89, 0x07, 0x3e, 0xf3, 0x6d, 0xae, 0x40, - 0x59, 0x50, 0x79, 0x97, 0x37, 0x3d, 0x32, 0x78, 0x7d, 0xb2, 0x63, 0x4b, - 0xf9, 0xea, 0x08, 0x69, 0x0e, 0x13, 0xed, 0xe8, 0xcf, 0xbb, 0xac, 0x05, - 0x86, 0xca, 0x22, 0xcf, 0x88, 0x62, 0x5d, 0x3c, 0x22, 0x49, 0xd8, 0x63, - 0xd5, 0x24, 0xa6, 0xbd, 0xef, 0x5c, 0xe3, 0xcc, 0x20, 0x3b, 0x22, 0xea, - 0xfc, 0x44, 0xc6, 0xa8, 0xe5, 0x1f, 0xe1, 0x86, 0xcd, 0x0c, 0x4d, 0x8f, - 0x93, 0x53, 0xd9, 0x7f, 0xee, 0xa1, 0x08, 0xa7, 0xb3, 0x30, 0x96, 0x49, - 0x70, 0x6e, 0xa3, 0x6c, 0x3d, 0xd0, 0x63, 0xef, 0x25, 0x66, 0x63, 0xcc, - 0xaa, 0xb7, 0x18, 0x17, 0x4e, 0xea, 0x70, 0x76, 0xf6, 0xba, 0x42, 0xa6, - 0x80, 0x37, 0x09, 0x4e, 0x9f, 0x66, 0x88, 0x2e, 0x6b, 0x33, 0x66, 0xc8, - 0xc0, 0x71, 0xa4, 0x41, 0xeb, 0x5a, 0xe3, 0xfc, 0x14, 0x2e, 0x4b, 0x88, - 0xfd, 0xae, 0x6e, 0x5b, 0x65, 0xe9, 0x27, 0xe4, 0xbf, 0xe4, 0xb0, 0x23, - 0xc1, 0xb2, 0x7d, 0x5b, 0x62, 0x25, 0xd7, 0x3e, 0x10, 0xd4, -} - -var certSet2Cert49 = []byte{ - 0x30, 0x82, 0x06, 0x29, 0x30, 0x82, 0x05, 0x11, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x64, 0x1b, 0xe8, 0x20, 0xce, 0x02, 0x08, 0x13, 0xf3, - 0x2d, 0x4d, 0x2d, 0x95, 0xd6, 0x7e, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, - 0xca, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x16, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x31, 0x3a, 0x30, 0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x31, 0x28, - 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x36, 0x20, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, - 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, - 0x31, 0x45, 0x30, 0x43, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x3c, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6c, 0x61, 0x73, - 0x73, 0x20, 0x33, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x35, 0x30, - 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x30, 0x32, 0x30, 0x38, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x32, 0x30, 0x37, - 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x81, 0xbc, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, - 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x3b, 0x30, - 0x39, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x32, 0x54, 0x65, 0x72, 0x6d, - 0x73, 0x20, 0x6f, 0x66, 0x20, 0x75, 0x73, 0x65, 0x20, 0x61, 0x74, 0x20, - 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, - 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x72, 0x70, 0x61, 0x20, 0x28, 0x63, 0x29, 0x31, 0x30, 0x31, 0x36, - 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2d, 0x56, 0x65, 0x72, - 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, - 0x33, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x61, 0x6c, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, - 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, - 0x01, 0x01, 0x00, 0x99, 0xd6, 0x9c, 0x62, 0xf0, 0x15, 0xf4, 0x81, 0x9a, - 0x41, 0x08, 0x59, 0x8f, 0x13, 0x9d, 0x17, 0xc9, 0x9f, 0x51, 0xdc, 0xda, - 0xb1, 0x52, 0xef, 0xff, 0xe3, 0x41, 0xdd, 0xe0, 0xdf, 0xc4, 0x28, 0xc6, - 0xe3, 0xad, 0x79, 0x1f, 0x27, 0x10, 0x98, 0xb8, 0xbb, 0x20, 0x97, 0xc1, - 0x28, 0x44, 0x41, 0x0f, 0xea, 0xa9, 0xa8, 0x52, 0xcf, 0x4d, 0x4e, 0x1b, - 0x8b, 0xbb, 0xb5, 0xc4, 0x76, 0xd9, 0xcc, 0x56, 0x06, 0xee, 0xb3, 0x55, - 0x20, 0x2a, 0xde, 0x15, 0x8d, 0x71, 0xcb, 0x54, 0xc8, 0x6f, 0x17, 0xcd, - 0x89, 0x00, 0xe4, 0xdc, 0xff, 0xe1, 0xc0, 0x1f, 0x68, 0x71, 0xe9, 0xc7, - 0x29, 0x2e, 0x7e, 0xbc, 0x3b, 0xfc, 0xe5, 0xbb, 0xab, 0x26, 0x54, 0x8b, - 0x66, 0x90, 0xcd, 0xf6, 0x92, 0xb9, 0x31, 0x24, 0x80, 0xbc, 0x9e, 0x6c, - 0xd5, 0xfc, 0x7e, 0xd2, 0xe1, 0x4b, 0x8c, 0xdc, 0x42, 0xfa, 0x44, 0x4b, - 0x5f, 0xf8, 0x18, 0xb5, 0x2e, 0x30, 0xf4, 0x3d, 0x12, 0x98, 0xd3, 0x62, - 0x05, 0x73, 0x54, 0xa6, 0x9c, 0xa2, 0x1d, 0xbe, 0x52, 0x83, 0x3a, 0x07, - 0x46, 0xc4, 0x3b, 0x02, 0x56, 0x21, 0xbf, 0xf2, 0x51, 0x4f, 0xd0, 0xa6, - 0x99, 0x39, 0xe9, 0xae, 0xa5, 0x3f, 0x89, 0x9b, 0x9c, 0x7d, 0xfe, 0x4d, - 0x60, 0x07, 0x25, 0x20, 0xf7, 0xbb, 0xd7, 0x69, 0x83, 0x2b, 0x82, 0x93, - 0x43, 0x37, 0xd9, 0x83, 0x41, 0x1b, 0x6b, 0x0b, 0xab, 0x4a, 0x66, 0x84, - 0x4f, 0x4a, 0x8e, 0xde, 0x7e, 0x34, 0x99, 0x8e, 0x68, 0xd6, 0xca, 0x39, - 0x06, 0x9b, 0x4c, 0xb3, 0x9a, 0x48, 0x4d, 0x13, 0x46, 0xb4, 0x58, 0x21, - 0x04, 0xc4, 0xfb, 0xa0, 0x4d, 0xac, 0x2e, 0x4b, 0x62, 0x12, 0xe3, 0xfb, - 0x4d, 0xf6, 0xc9, 0x51, 0x00, 0x01, 0x1f, 0xfc, 0x1e, 0x6a, 0x81, 0x2a, - 0x38, 0xe0, 0xb9, 0x4f, 0xd6, 0x2d, 0x45, 0x02, 0x03, 0x01, 0x00, 0x01, - 0xa3, 0x82, 0x02, 0x15, 0x30, 0x82, 0x02, 0x11, 0x30, 0x12, 0x06, 0x03, - 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, - 0xff, 0x02, 0x01, 0x00, 0x30, 0x70, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, - 0x69, 0x30, 0x67, 0x30, 0x65, 0x06, 0x0b, 0x60, 0x86, 0x48, 0x01, 0x86, - 0xf8, 0x45, 0x01, 0x07, 0x17, 0x03, 0x30, 0x56, 0x30, 0x28, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1c, 0x68, 0x74, - 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x76, 0x65, - 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, - 0x70, 0x73, 0x30, 0x2a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x02, 0x02, 0x30, 0x1e, 0x1a, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, - 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, - 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x70, 0x61, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, - 0x01, 0x06, 0x30, 0x6d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x01, 0x0c, 0x04, 0x61, 0x30, 0x5f, 0xa1, 0x5d, 0xa0, 0x5b, 0x30, 0x59, - 0x30, 0x57, 0x30, 0x55, 0x16, 0x09, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x2f, - 0x67, 0x69, 0x66, 0x30, 0x21, 0x30, 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, - 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x8f, 0xe5, 0xd3, 0x1a, 0x86, 0xac, - 0x8d, 0x8e, 0x6b, 0xc3, 0xcf, 0x80, 0x6a, 0xd4, 0x48, 0x18, 0x2c, 0x7b, - 0x19, 0x2e, 0x30, 0x25, 0x16, 0x23, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x6c, 0x6f, 0x67, 0x6f, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, - 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x76, 0x73, 0x6c, 0x6f, 0x67, - 0x6f, 0x2e, 0x67, 0x69, 0x66, 0x30, 0x34, 0x06, 0x03, 0x55, 0x1d, 0x25, - 0x04, 0x2d, 0x30, 0x2b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, - 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x04, 0x01, 0x06, - 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, 0x08, 0x01, 0x30, - 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, - 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, - 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x34, 0x06, 0x03, 0x55, 0x1d, 0x1f, - 0x04, 0x2d, 0x30, 0x2b, 0x30, 0x29, 0xa0, 0x27, 0xa0, 0x25, 0x86, 0x23, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x76, - 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x70, 0x63, 0x61, 0x33, 0x2d, 0x67, 0x35, 0x2e, 0x63, 0x72, 0x6c, 0x30, - 0x28, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x21, 0x30, 0x1f, 0xa4, 0x1d, - 0x30, 0x1b, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x10, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x4d, 0x50, 0x4b, - 0x49, 0x2d, 0x32, 0x2d, 0x37, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, - 0x04, 0x16, 0x04, 0x14, 0xd7, 0x9b, 0x7c, 0xd8, 0x22, 0xa0, 0x15, 0xf7, - 0xdd, 0xad, 0x5f, 0xce, 0x29, 0x9b, 0x58, 0xc3, 0xbc, 0x46, 0x00, 0xb5, - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, - 0x14, 0x7f, 0xd3, 0x65, 0xa7, 0xc2, 0xdd, 0xec, 0xbb, 0xf0, 0x30, 0x09, - 0xf3, 0x43, 0x39, 0xfa, 0x02, 0xaf, 0x33, 0x31, 0x33, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x01, 0x00, 0x71, 0xb5, 0x7d, 0x73, 0x52, 0x4a, 0xdd, - 0xd7, 0x4d, 0x34, 0x2b, 0x2e, 0xaf, 0x94, 0x46, 0xa5, 0x49, 0x50, 0x02, - 0x4f, 0xf8, 0x2f, 0x17, 0x70, 0xf2, 0x13, 0xdc, 0x1f, 0x21, 0x86, 0xaa, - 0xc2, 0x4f, 0x7c, 0x37, 0x3c, 0xd4, 0x46, 0x78, 0xae, 0x5d, 0x78, 0x6f, - 0xd1, 0xba, 0x5a, 0xbc, 0x10, 0xab, 0x58, 0x36, 0xc5, 0x8c, 0x62, 0x15, - 0x45, 0x60, 0x17, 0x21, 0xe2, 0xd5, 0x42, 0xa8, 0x77, 0xa1, 0x55, 0xd8, - 0x43, 0x04, 0x51, 0xf6, 0x6e, 0xba, 0x48, 0xe6, 0x5d, 0x4c, 0xb7, 0x44, - 0xd3, 0x3e, 0xa4, 0xd5, 0xd6, 0x33, 0x9a, 0x9f, 0x0d, 0xe6, 0xd7, 0x4e, - 0x96, 0x44, 0x95, 0x5a, 0x6c, 0xd6, 0xa3, 0x16, 0x53, 0x0e, 0x98, 0x43, - 0xce, 0xa4, 0xb8, 0xc3, 0x66, 0x7a, 0x05, 0x5c, 0x62, 0x10, 0xe8, 0x1b, - 0x12, 0xdb, 0x7d, 0x2e, 0x76, 0x50, 0xff, 0xdf, 0xd7, 0x6b, 0x1b, 0xcc, - 0x8a, 0xcc, 0x71, 0xfa, 0xb3, 0x40, 0x56, 0x7c, 0x33, 0x7a, 0x77, 0x94, - 0x5b, 0xf5, 0x0b, 0x53, 0xfb, 0x0e, 0x5f, 0xbc, 0x68, 0xfb, 0xaf, 0x2a, - 0xee, 0x30, 0x37, 0x79, 0x16, 0x93, 0x25, 0x7f, 0x4d, 0x10, 0xff, 0x57, - 0xfb, 0xbf, 0x6e, 0x3b, 0x33, 0x21, 0xde, 0x79, 0xdc, 0x86, 0x17, 0x59, - 0x2d, 0x43, 0x64, 0xb7, 0xa6, 0x66, 0x87, 0xea, 0xbc, 0x96, 0x46, 0x19, - 0x1a, 0x86, 0x8b, 0x6f, 0xd7, 0xb7, 0x49, 0x00, 0x5b, 0xdb, 0xa3, 0xbf, - 0x29, 0x9a, 0xee, 0xf7, 0xd3, 0x33, 0xae, 0xa3, 0xf4, 0x9e, 0x4c, 0xca, - 0x5e, 0x69, 0xd4, 0x1b, 0xad, 0xb7, 0x90, 0x77, 0x6a, 0xd8, 0x59, 0x6f, - 0x79, 0xab, 0x01, 0xfa, 0x55, 0xf0, 0x8a, 0x21, 0x66, 0xe5, 0x65, 0x6e, - 0xfd, 0x7c, 0xd3, 0xdf, 0x1e, 0xeb, 0x7e, 0x3f, 0x06, 0x90, 0xfb, 0x19, - 0x0b, 0xd3, 0x06, 0x02, 0x1b, 0x78, 0x43, 0x99, 0xa8, -} - -var certSet2Cert50 = []byte{ - 0x30, 0x82, 0x06, 0x34, 0x30, 0x82, 0x04, 0x1c, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x01, 0x1a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x7d, 0x31, 0x0b, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x4c, 0x31, 0x16, - 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x53, 0x74, 0x61, - 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, 0x4c, 0x74, 0x64, 0x2e, 0x31, 0x2b, - 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x22, 0x53, 0x65, 0x63, - 0x75, 0x72, 0x65, 0x20, 0x44, 0x69, 0x67, 0x69, 0x74, 0x61, 0x6c, 0x20, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, - 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x31, 0x29, 0x30, 0x27, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x20, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, - 0x6f, 0x6d, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x37, 0x31, 0x30, 0x32, 0x34, - 0x32, 0x30, 0x35, 0x37, 0x30, 0x39, 0x5a, 0x17, 0x0d, 0x31, 0x37, 0x31, - 0x30, 0x32, 0x34, 0x32, 0x30, 0x35, 0x37, 0x30, 0x39, 0x5a, 0x30, 0x81, - 0x8c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x49, 0x4c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0d, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, 0x4c, 0x74, - 0x64, 0x2e, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x22, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x44, 0x69, 0x67, 0x69, - 0x74, 0x61, 0x6c, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x31, - 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2f, 0x53, 0x74, - 0x61, 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, - 0x20, 0x32, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x49, - 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, - 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, - 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, - 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xe2, 0x4f, 0x39, 0x2f, 0xa1, 0x8c, - 0x9a, 0x85, 0xad, 0x08, 0x0e, 0x08, 0x3e, 0x57, 0xf2, 0x88, 0x01, 0x21, - 0x1b, 0x94, 0xa9, 0x6c, 0xe2, 0xb8, 0xdb, 0xaa, 0x19, 0x18, 0x46, 0x3a, - 0x52, 0xa1, 0xf5, 0x0f, 0xf4, 0x6e, 0x8c, 0xea, 0x96, 0x8c, 0x96, 0x87, - 0x79, 0x13, 0x40, 0x51, 0x2f, 0x22, 0xf2, 0x0c, 0x8b, 0x87, 0x0f, 0x65, - 0xdf, 0x71, 0x74, 0x34, 0x43, 0x55, 0xb1, 0x35, 0x09, 0x9b, 0xd9, 0xbc, - 0x1f, 0xfa, 0xeb, 0x42, 0xd0, 0x97, 0x40, 0x72, 0xb7, 0x43, 0x96, 0x3d, - 0xba, 0x96, 0x9d, 0x5d, 0x50, 0x02, 0x1c, 0x9b, 0x91, 0x8d, 0x9c, 0xc0, - 0xac, 0xd7, 0xbb, 0x2f, 0x17, 0xd7, 0xcb, 0x3e, 0x82, 0x9d, 0x73, 0xeb, - 0x07, 0x42, 0x92, 0xb2, 0xcd, 0x64, 0xb3, 0x74, 0x55, 0x1b, 0xb4, 0x4b, - 0x86, 0x21, 0x2c, 0xf7, 0x78, 0x87, 0x32, 0xe0, 0x16, 0xe4, 0xda, 0xbd, - 0x4c, 0x95, 0xea, 0xa4, 0x0a, 0x7e, 0xb6, 0x0a, 0x0d, 0x2e, 0x8a, 0xcf, - 0x55, 0xab, 0xc3, 0xe5, 0xdd, 0x41, 0x8a, 0x4e, 0xe6, 0x6f, 0x65, 0x6c, - 0xb2, 0x40, 0xcf, 0x17, 0x5d, 0xb9, 0xc3, 0x6a, 0x0b, 0x27, 0x11, 0x84, - 0x77, 0x61, 0xf6, 0xc2, 0x7c, 0xed, 0xc0, 0x8d, 0x78, 0x14, 0x18, 0x99, - 0x81, 0x99, 0x75, 0x63, 0xb7, 0xe8, 0x53, 0xd3, 0xba, 0x61, 0xe9, 0x0e, - 0xfa, 0xa2, 0x30, 0xf3, 0x46, 0xa2, 0xb9, 0xc9, 0x1f, 0x6c, 0x80, 0x5a, - 0x40, 0xac, 0x27, 0xed, 0x48, 0x47, 0x33, 0xb0, 0x54, 0xc6, 0x46, 0x1a, - 0xf3, 0x35, 0x61, 0xc1, 0x02, 0x29, 0x90, 0x54, 0x7e, 0x64, 0x4d, 0xc4, - 0x30, 0x52, 0x02, 0x82, 0xd7, 0xdf, 0xce, 0x21, 0x6e, 0x18, 0x91, 0xd7, - 0xb8, 0xab, 0x8c, 0x27, 0x17, 0xb5, 0xf0, 0xa3, 0x01, 0x2f, 0x8e, 0xd2, - 0x2e, 0x87, 0x3a, 0x3d, 0xb4, 0x29, 0x67, 0x8a, 0xc4, 0x03, 0x02, 0x03, - 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0xad, 0x30, 0x82, 0x01, 0xa9, 0x30, - 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, - 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, - 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, - 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x11, 0xdb, 0x23, 0x45, 0xfd, - 0x54, 0xcc, 0x6a, 0x71, 0x6f, 0x84, 0x8a, 0x03, 0xd7, 0xbe, 0xf7, 0x01, - 0x2f, 0x26, 0x86, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, - 0x30, 0x16, 0x80, 0x14, 0x4e, 0x0b, 0xef, 0x1a, 0xa4, 0x40, 0x5b, 0xa5, - 0x17, 0x69, 0x87, 0x30, 0xca, 0x34, 0x68, 0x43, 0xd0, 0x41, 0xae, 0xf2, - 0x30, 0x66, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, - 0x04, 0x5a, 0x30, 0x58, 0x30, 0x27, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x30, 0x01, 0x86, 0x1b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x74, 0x73, - 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x61, 0x30, 0x2d, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x21, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x73, 0x74, - 0x61, 0x72, 0x74, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, - 0x66, 0x73, 0x63, 0x61, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x5b, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x54, 0x30, 0x52, 0x30, 0x27, 0xa0, 0x25, 0xa0, - 0x23, 0x86, 0x21, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, - 0x77, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x74, 0x73, 0x73, 0x6c, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x73, 0x66, 0x73, 0x63, 0x61, 0x2e, 0x63, 0x72, 0x6c, - 0x30, 0x27, 0xa0, 0x25, 0xa0, 0x23, 0x86, 0x21, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x74, - 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x66, 0x73, 0x63, - 0x61, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x81, 0x80, 0x06, 0x03, 0x55, 0x1d, - 0x20, 0x04, 0x79, 0x30, 0x77, 0x30, 0x75, 0x06, 0x0b, 0x2b, 0x06, 0x01, - 0x04, 0x01, 0x81, 0xb5, 0x37, 0x01, 0x02, 0x01, 0x30, 0x66, 0x30, 0x2e, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x22, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x73, - 0x74, 0x61, 0x72, 0x74, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x64, 0x66, 0x30, 0x34, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x28, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x73, - 0x74, 0x61, 0x72, 0x74, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, - 0x2e, 0x70, 0x64, 0x66, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, - 0x9d, 0x07, 0xe1, 0xee, 0x90, 0x76, 0x31, 0x67, 0x16, 0x45, 0x70, 0x8c, - 0xcb, 0x84, 0x8b, 0x4b, 0x57, 0x68, 0x44, 0xa5, 0x89, 0xc1, 0xf2, 0x7e, - 0xcb, 0x28, 0x8b, 0xf5, 0xe7, 0x70, 0x77, 0xd5, 0xb6, 0xf4, 0x0b, 0x21, - 0x60, 0xa5, 0xa1, 0x74, 0x73, 0x24, 0x22, 0x80, 0xd6, 0xd8, 0xba, 0x8d, - 0xa2, 0x62, 0x5d, 0x09, 0x35, 0x42, 0x29, 0xfb, 0x39, 0x63, 0x45, 0x0b, - 0xa4, 0xb0, 0x38, 0x1a, 0x68, 0xf4, 0x95, 0x13, 0xcc, 0xe0, 0x43, 0x94, - 0xec, 0xeb, 0x39, 0x1a, 0xec, 0x57, 0x29, 0xd9, 0x99, 0x6d, 0xf5, 0x84, - 0xcd, 0x8e, 0x73, 0xae, 0xc9, 0xdc, 0x6a, 0xfa, 0x9e, 0x9d, 0x16, 0x64, - 0x93, 0x08, 0xc7, 0x1c, 0xc2, 0x89, 0x54, 0x9e, 0x77, 0x80, 0x90, 0xf6, - 0xb9, 0x29, 0x76, 0xeb, 0x13, 0x67, 0x48, 0x59, 0xf8, 0x2e, 0x3a, 0x31, - 0xb8, 0xc9, 0xd3, 0x88, 0xe5, 0x5f, 0x4e, 0xd2, 0x19, 0x3d, 0x43, 0x8e, - 0xd7, 0x92, 0xff, 0xcf, 0x38, 0xb6, 0xe1, 0x5b, 0x8a, 0x53, 0x1d, 0xce, - 0xac, 0xb4, 0x76, 0x2f, 0xd8, 0xf7, 0x40, 0x63, 0xd5, 0xee, 0x69, 0xf3, - 0x45, 0x7d, 0xa0, 0x62, 0xc1, 0x61, 0xc3, 0x75, 0xed, 0xb2, 0x7b, 0x4d, - 0xac, 0x21, 0x27, 0x30, 0x4e, 0x59, 0x46, 0x6a, 0x93, 0x17, 0xca, 0xc8, - 0x39, 0x2d, 0x01, 0x73, 0x65, 0x5b, 0xe9, 0x41, 0x9b, 0x11, 0x17, 0x9c, - 0xc8, 0xc8, 0x4a, 0xef, 0xa1, 0x76, 0x60, 0x2d, 0xae, 0x93, 0xff, 0x0c, - 0xd5, 0x33, 0x13, 0x9f, 0x4f, 0x13, 0xce, 0xdd, 0x86, 0xf1, 0xfc, 0xf8, - 0x35, 0x54, 0x15, 0xa8, 0x5b, 0xe7, 0x85, 0x7e, 0xfa, 0x37, 0x09, 0xff, - 0x8b, 0xb8, 0x31, 0x49, 0x9e, 0x0d, 0x6e, 0xde, 0xb4, 0xd2, 0x12, 0x2d, - 0xb8, 0xed, 0xc8, 0xc3, 0xf1, 0xb6, 0x42, 0xa0, 0x4c, 0x97, 0x79, 0xdf, - 0xfe, 0xc3, 0xa3, 0x9f, 0xa1, 0xf4, 0x6d, 0x2c, 0x84, 0x77, 0xa4, 0xa2, - 0x05, 0xe1, 0x17, 0xff, 0x31, 0xdd, 0x9a, 0xf3, 0xb8, 0x7a, 0xc3, 0x52, - 0xc2, 0x11, 0x11, 0xb7, 0x50, 0x31, 0x8a, 0x7f, 0xcc, 0xe7, 0x5a, 0x89, - 0xcc, 0xf7, 0x86, 0x9a, 0x61, 0x92, 0x4f, 0x2f, 0x94, 0xb6, 0x98, 0xc7, - 0x78, 0xe0, 0x62, 0x4b, 0x43, 0x7d, 0x3c, 0xde, 0xd6, 0x9a, 0xb4, 0x10, - 0xa1, 0x40, 0x9c, 0x4b, 0x2a, 0xdc, 0xb8, 0xd0, 0xd4, 0x9e, 0xfd, 0xf1, - 0x84, 0x78, 0x1b, 0x0e, 0x57, 0x8f, 0x69, 0x54, 0x42, 0x68, 0x7b, 0xea, - 0xa0, 0xef, 0x75, 0x0f, 0x07, 0xa2, 0x8c, 0x73, 0x99, 0xab, 0x55, 0xf5, - 0x07, 0x09, 0xd2, 0xaf, 0x38, 0x03, 0x6a, 0x90, 0x03, 0x0c, 0x2f, 0x8f, - 0xe2, 0xe8, 0x43, 0xc2, 0x31, 0xe9, 0x6f, 0xad, 0x87, 0xe5, 0x8d, 0xbd, - 0x4e, 0x2c, 0x89, 0x4b, 0x51, 0xe6, 0x9c, 0x4c, 0x54, 0x76, 0xc0, 0x12, - 0x81, 0x53, 0x9b, 0xec, 0xa0, 0xfc, 0x2c, 0x9c, 0xda, 0x18, 0x95, 0x6e, - 0x1e, 0x38, 0x26, 0x42, 0x27, 0x78, 0x60, 0x08, 0xdf, 0x7f, 0x6d, 0x32, - 0xe8, 0xd8, 0xc0, 0x6f, 0x1f, 0xeb, 0x26, 0x75, 0x9f, 0x93, 0xfc, 0x7b, - 0x1b, 0xfe, 0x35, 0x90, 0xdc, 0x53, 0xa3, 0x07, 0xa6, 0x3f, 0x83, 0x55, - 0x0a, 0x2b, 0x4e, 0x62, 0x82, 0x25, 0xce, 0x66, 0x30, 0x5d, 0x2c, 0xe0, - 0xf9, 0x19, 0x1b, 0x75, 0xb9, 0x9d, 0x98, 0x56, 0xa6, 0x83, 0x27, 0x7a, - 0xd1, 0x8f, 0x8d, 0x59, 0x93, 0xfc, 0x3f, 0x73, 0xd7, 0x2e, 0xb4, 0x2c, - 0x95, 0xd8, 0x8b, 0xf7, 0xc9, 0x7e, 0xc7, 0xfc, 0x9d, 0xac, 0x72, 0x04, - 0x1f, 0xd2, 0xcc, 0x17, 0xf4, 0xed, 0x34, 0x60, 0x9b, 0x9e, 0x4a, 0x97, - 0x04, 0xfe, 0xdd, 0x72, 0x0e, 0x57, 0x54, 0x51, 0x06, 0x70, 0x4d, 0xef, - 0xaa, 0x1c, 0xa4, 0x82, 0xe0, 0x33, 0xc7, 0xf4, -} - -var certSet2Cert51 = []byte{ - 0x30, 0x82, 0x06, 0x58, 0x30, 0x82, 0x05, 0x40, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x0a, 0x5f, 0x11, 0x4d, 0x03, 0x5b, 0x17, 0x91, 0x17, - 0xd2, 0xef, 0xd4, 0x03, 0x8c, 0x3f, 0x3b, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x6c, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, - 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, - 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x10, 0x77, - 0x77, 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x22, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x48, - 0x69, 0x67, 0x68, 0x20, 0x41, 0x73, 0x73, 0x75, 0x72, 0x61, 0x6e, 0x63, - 0x65, 0x20, 0x45, 0x56, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, - 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x34, 0x30, 0x32, 0x31, 0x32, - 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x34, 0x30, - 0x33, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x66, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x44, 0x69, - 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x31, 0x19, - 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x10, 0x77, 0x77, 0x77, - 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, - 0x6d, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1c, - 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x48, 0x69, 0x67, - 0x68, 0x20, 0x41, 0x73, 0x73, 0x75, 0x72, 0x61, 0x6e, 0x63, 0x65, 0x20, - 0x43, 0x41, 0x2d, 0x33, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xbf, 0x61, 0x0a, 0x29, 0x10, 0x1f, 0x5e, 0xfe, 0x34, 0x37, 0x51, - 0x08, 0xf8, 0x1e, 0xfb, 0x22, 0xed, 0x61, 0xbe, 0x0b, 0x0d, 0x70, 0x4c, - 0x50, 0x63, 0x26, 0x75, 0x15, 0xb9, 0x41, 0x88, 0x97, 0xb6, 0xf0, 0xa0, - 0x15, 0xbb, 0x08, 0x60, 0xe0, 0x42, 0xe8, 0x05, 0x29, 0x10, 0x87, 0x36, - 0x8a, 0x28, 0x65, 0xa8, 0xef, 0x31, 0x07, 0x74, 0x6d, 0x36, 0x97, 0x2f, - 0x28, 0x46, 0x66, 0x04, 0xc7, 0x2a, 0x79, 0x26, 0x7a, 0x99, 0xd5, 0x8e, - 0xc3, 0x6d, 0x4f, 0xa0, 0x5e, 0xad, 0xbc, 0x3d, 0x91, 0xc2, 0x59, 0x7b, - 0x5e, 0x36, 0x6c, 0xc0, 0x53, 0xcf, 0x00, 0x08, 0x32, 0x3e, 0x10, 0x64, - 0x58, 0x10, 0x13, 0x69, 0xc7, 0x0c, 0xee, 0x9c, 0x42, 0x51, 0x00, 0xf9, - 0x05, 0x44, 0xee, 0x24, 0xce, 0x7a, 0x1f, 0xed, 0x8c, 0x11, 0xbd, 0x12, - 0xa8, 0xf3, 0x15, 0xf4, 0x1c, 0x7a, 0x31, 0x69, 0x01, 0x1b, 0xa7, 0xe6, - 0x5d, 0xc0, 0x9a, 0x6c, 0x7e, 0x09, 0x9e, 0xe7, 0x52, 0x44, 0x4a, 0x10, - 0x3a, 0x23, 0xe4, 0x9b, 0xb6, 0x03, 0xaf, 0xa8, 0x9c, 0xb4, 0x5b, 0x9f, - 0xd4, 0x4b, 0xad, 0x92, 0x8c, 0xce, 0xb5, 0x11, 0x2a, 0xaa, 0x37, 0x18, - 0x8d, 0xb4, 0xc2, 0xb8, 0xd8, 0x5c, 0x06, 0x8c, 0xf8, 0xff, 0x23, 0xbd, - 0x35, 0x5e, 0xd4, 0x7c, 0x3e, 0x7e, 0x83, 0x0e, 0x91, 0x96, 0x05, 0x98, - 0xc3, 0xb2, 0x1f, 0xe3, 0xc8, 0x65, 0xeb, 0xa9, 0x7b, 0x5d, 0xa0, 0x2c, - 0xcc, 0xfc, 0x3c, 0xd9, 0x6d, 0xed, 0xcc, 0xfa, 0x4b, 0x43, 0x8c, 0xc9, - 0xd4, 0xb8, 0xa5, 0x61, 0x1c, 0xb2, 0x40, 0xb6, 0x28, 0x12, 0xdf, 0xb9, - 0xf8, 0x5f, 0xfe, 0xd3, 0xb2, 0xc9, 0xef, 0x3d, 0xb4, 0x1e, 0x4b, 0x7c, - 0x1c, 0x4c, 0x99, 0x36, 0x9e, 0x3d, 0xeb, 0xec, 0xa7, 0x68, 0x5e, 0x1d, - 0xdf, 0x67, 0x6e, 0x5e, 0xfb, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, - 0x02, 0xfa, 0x30, 0x82, 0x02, 0xf6, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x82, - 0x01, 0xc6, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x82, 0x01, 0xbd, 0x30, - 0x82, 0x01, 0xb9, 0x30, 0x82, 0x01, 0xb5, 0x06, 0x0b, 0x60, 0x86, 0x48, - 0x01, 0x86, 0xfd, 0x6c, 0x01, 0x03, 0x00, 0x02, 0x30, 0x82, 0x01, 0xa4, - 0x30, 0x3a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, - 0x16, 0x2e, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, - 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x73, 0x73, 0x6c, 0x2d, 0x63, 0x70, 0x73, 0x2d, 0x72, 0x65, - 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2e, 0x68, 0x74, 0x6d, - 0x30, 0x82, 0x01, 0x64, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x02, 0x02, 0x30, 0x82, 0x01, 0x56, 0x1e, 0x82, 0x01, 0x52, 0x00, 0x41, - 0x00, 0x6e, 0x00, 0x79, 0x00, 0x20, 0x00, 0x75, 0x00, 0x73, 0x00, 0x65, - 0x00, 0x20, 0x00, 0x6f, 0x00, 0x66, 0x00, 0x20, 0x00, 0x74, 0x00, 0x68, - 0x00, 0x69, 0x00, 0x73, 0x00, 0x20, 0x00, 0x43, 0x00, 0x65, 0x00, 0x72, - 0x00, 0x74, 0x00, 0x69, 0x00, 0x66, 0x00, 0x69, 0x00, 0x63, 0x00, 0x61, - 0x00, 0x74, 0x00, 0x65, 0x00, 0x20, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x6e, - 0x00, 0x73, 0x00, 0x74, 0x00, 0x69, 0x00, 0x74, 0x00, 0x75, 0x00, 0x74, - 0x00, 0x65, 0x00, 0x73, 0x00, 0x20, 0x00, 0x61, 0x00, 0x63, 0x00, 0x63, - 0x00, 0x65, 0x00, 0x70, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x63, - 0x00, 0x65, 0x00, 0x20, 0x00, 0x6f, 0x00, 0x66, 0x00, 0x20, 0x00, 0x74, - 0x00, 0x68, 0x00, 0x65, 0x00, 0x20, 0x00, 0x44, 0x00, 0x69, 0x00, 0x67, - 0x00, 0x69, 0x00, 0x43, 0x00, 0x65, 0x00, 0x72, 0x00, 0x74, 0x00, 0x20, - 0x00, 0x43, 0x00, 0x50, 0x00, 0x2f, 0x00, 0x43, 0x00, 0x50, 0x00, 0x53, - 0x00, 0x20, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x64, 0x00, 0x20, 0x00, 0x74, - 0x00, 0x68, 0x00, 0x65, 0x00, 0x20, 0x00, 0x52, 0x00, 0x65, 0x00, 0x6c, - 0x00, 0x79, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x20, 0x00, 0x50, - 0x00, 0x61, 0x00, 0x72, 0x00, 0x74, 0x00, 0x79, 0x00, 0x20, 0x00, 0x41, - 0x00, 0x67, 0x00, 0x72, 0x00, 0x65, 0x00, 0x65, 0x00, 0x6d, 0x00, 0x65, - 0x00, 0x6e, 0x00, 0x74, 0x00, 0x20, 0x00, 0x77, 0x00, 0x68, 0x00, 0x69, - 0x00, 0x63, 0x00, 0x68, 0x00, 0x20, 0x00, 0x6c, 0x00, 0x69, 0x00, 0x6d, - 0x00, 0x69, 0x00, 0x74, 0x00, 0x20, 0x00, 0x6c, 0x00, 0x69, 0x00, 0x61, - 0x00, 0x62, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x69, 0x00, 0x74, 0x00, 0x79, - 0x00, 0x20, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x64, 0x00, 0x20, 0x00, 0x61, - 0x00, 0x72, 0x00, 0x65, 0x00, 0x20, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x63, - 0x00, 0x6f, 0x00, 0x72, 0x00, 0x70, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x61, - 0x00, 0x74, 0x00, 0x65, 0x00, 0x64, 0x00, 0x20, 0x00, 0x68, 0x00, 0x65, - 0x00, 0x72, 0x00, 0x65, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x20, 0x00, 0x62, - 0x00, 0x79, 0x00, 0x20, 0x00, 0x72, 0x00, 0x65, 0x00, 0x66, 0x00, 0x65, - 0x00, 0x72, 0x00, 0x65, 0x00, 0x6e, 0x00, 0x63, 0x00, 0x65, 0x00, 0x2e, - 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, - 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x34, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x28, 0x30, 0x26, - 0x30, 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, - 0x86, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, - 0x70, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, - 0x6f, 0x6d, 0x30, 0x81, 0x8f, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x81, - 0x87, 0x30, 0x81, 0x84, 0x30, 0x40, 0xa0, 0x3e, 0xa0, 0x3c, 0x86, 0x3a, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x33, 0x2e, - 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x48, 0x69, 0x67, - 0x68, 0x41, 0x73, 0x73, 0x75, 0x72, 0x61, 0x6e, 0x63, 0x65, 0x45, 0x56, - 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x40, - 0xa0, 0x3e, 0xa0, 0x3c, 0x86, 0x3a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x63, 0x72, 0x6c, 0x34, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, - 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x44, 0x69, 0x67, 0x69, 0x43, - 0x65, 0x72, 0x74, 0x48, 0x69, 0x67, 0x68, 0x41, 0x73, 0x73, 0x75, 0x72, - 0x61, 0x6e, 0x63, 0x65, 0x45, 0x56, 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x41, - 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, - 0x18, 0x30, 0x16, 0x80, 0x14, 0xb1, 0x3e, 0xc3, 0x69, 0x03, 0xf8, 0xbf, - 0x47, 0x01, 0xd4, 0x98, 0x26, 0x1a, 0x08, 0x02, 0xef, 0x63, 0x64, 0x2b, - 0xc3, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0x50, 0xea, 0x73, 0x89, 0xdb, 0x29, 0xfb, 0x10, 0x8f, 0x9e, 0xe5, 0x01, - 0x20, 0xd4, 0xde, 0x79, 0x99, 0x48, 0x83, 0xf7, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x1e, 0xe2, 0xa5, 0x48, 0x9e, 0x6c, 0xdb, 0x53, - 0x38, 0x0f, 0xef, 0xa6, 0x1a, 0x2a, 0xac, 0xe2, 0x03, 0x43, 0xed, 0x9a, - 0xbc, 0x3e, 0x8e, 0x75, 0x1b, 0xf0, 0xfd, 0x2e, 0x22, 0x59, 0xac, 0x13, - 0xc0, 0x61, 0xe2, 0xe7, 0xfa, 0xe9, 0x99, 0xcd, 0x87, 0x09, 0x75, 0x54, - 0x28, 0xbf, 0x46, 0x60, 0xdc, 0xbe, 0x51, 0x2c, 0x92, 0xf3, 0x1b, 0x91, - 0x7c, 0x31, 0x08, 0x70, 0xe2, 0x37, 0xb9, 0xc1, 0x5b, 0xa8, 0xbd, 0xa3, - 0x0b, 0x00, 0xfb, 0x1a, 0x15, 0xfd, 0x03, 0xad, 0x58, 0x6a, 0xc5, 0xc7, - 0x24, 0x99, 0x48, 0x47, 0x46, 0x31, 0x1e, 0x92, 0xef, 0xb4, 0x5f, 0x4e, - 0x34, 0xc7, 0x90, 0xbf, 0x31, 0xc1, 0xf8, 0xb1, 0x84, 0x86, 0xd0, 0x9c, - 0x01, 0xaa, 0xdf, 0x8a, 0x56, 0x06, 0xce, 0x3a, 0xe9, 0x0e, 0xae, 0x97, - 0x74, 0x5d, 0xd7, 0x71, 0x9a, 0x42, 0x74, 0x5f, 0xde, 0x8d, 0x43, 0x7c, - 0xde, 0xe9, 0x55, 0xed, 0x69, 0x00, 0xcb, 0x05, 0xe0, 0x7a, 0x61, 0x61, - 0x33, 0xd1, 0x19, 0x4d, 0xf9, 0x08, 0xee, 0xa0, 0x39, 0xc5, 0x25, 0x35, - 0xb7, 0x2b, 0xc4, 0x0f, 0xb2, 0xdd, 0xf1, 0xa5, 0xb7, 0x0e, 0x24, 0xc4, - 0x26, 0x28, 0x8d, 0x79, 0x77, 0xf5, 0x2f, 0xf0, 0x57, 0xba, 0x7c, 0x07, - 0xd4, 0xe1, 0xfc, 0xcd, 0x5a, 0x30, 0x57, 0x7e, 0x86, 0x10, 0x47, 0xdd, - 0x31, 0x1f, 0xd7, 0xfc, 0xa2, 0xc2, 0xbf, 0x30, 0x7c, 0x5d, 0x24, 0xaa, - 0xe8, 0xf9, 0xae, 0x5f, 0x6a, 0x74, 0xc2, 0xce, 0x6b, 0xb3, 0x46, 0xd8, - 0x21, 0xbe, 0x29, 0xd4, 0x8e, 0x5e, 0x15, 0xd6, 0x42, 0x4a, 0xe7, 0x32, - 0x6f, 0xa4, 0xb1, 0x6b, 0x51, 0x83, 0x58, 0xbe, 0x3f, 0x6d, 0xc7, 0xfb, - 0xda, 0x03, 0x21, 0xcb, 0x6a, 0x16, 0x19, 0x4e, 0x0a, 0xf0, 0xad, 0x84, - 0xca, 0x5d, 0x94, 0xb3, 0x5a, 0x76, 0xf7, 0x61, -} - -var certSet2Cert52 = []byte{ - 0x30, 0x82, 0x06, 0x5c, 0x30, 0x82, 0x04, 0x44, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x07, 0x19, 0xc2, 0x85, 0x30, 0xe9, 0x3b, 0x36, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x30, 0x7d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x49, 0x4c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, - 0x4c, 0x74, 0x64, 0x2e, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x22, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x44, 0x69, - 0x67, 0x69, 0x74, 0x61, 0x6c, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, - 0x67, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x20, - 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, 0x43, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, - 0x30, 0x36, 0x30, 0x39, 0x31, 0x37, 0x32, 0x32, 0x34, 0x36, 0x33, 0x36, - 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, - 0x39, 0x35, 0x39, 0x5a, 0x30, 0x55, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, 0x31, 0x1a, 0x30, 0x18, 0x06, - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x57, 0x6f, 0x53, 0x69, 0x67, 0x6e, - 0x20, 0x43, 0x41, 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, - 0x2a, 0x30, 0x28, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x6f, 0x66, - 0x20, 0x57, 0x6f, 0x53, 0x69, 0x67, 0x6e, 0x30, 0x82, 0x02, 0x22, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, - 0x82, 0x02, 0x01, 0x00, 0xbd, 0xca, 0x8d, 0xac, 0xb8, 0x91, 0x15, 0x56, - 0x97, 0x7b, 0x6b, 0x5c, 0x7a, 0xc2, 0xde, 0x6b, 0xd9, 0xa1, 0xb0, 0xc3, - 0x10, 0x23, 0xfa, 0xa7, 0xa1, 0xb2, 0xcc, 0x31, 0xfa, 0x3e, 0xd9, 0xa6, - 0x29, 0x6f, 0x16, 0x3d, 0xe0, 0x6b, 0xf8, 0xb8, 0x40, 0x5f, 0xdb, 0x39, - 0xa8, 0x00, 0x7a, 0x8b, 0xa0, 0x4d, 0x54, 0x7d, 0xc2, 0x22, 0x78, 0xfc, - 0x8e, 0x09, 0xb8, 0xa8, 0x85, 0xd7, 0xcc, 0x95, 0x97, 0x4b, 0x74, 0xd8, - 0x9e, 0x7e, 0xf0, 0x00, 0xe4, 0x0e, 0x89, 0xae, 0x49, 0x28, 0x44, 0x1a, - 0x10, 0x99, 0x32, 0x0f, 0x25, 0x88, 0x53, 0xa4, 0x0d, 0xb3, 0x0f, 0x12, - 0x08, 0x16, 0x0b, 0x03, 0x71, 0x27, 0x1c, 0x7f, 0xe1, 0xdb, 0xd2, 0xfd, - 0x67, 0x68, 0xc4, 0x05, 0x5d, 0x0a, 0x0e, 0x5d, 0x70, 0xd7, 0xd8, 0x97, - 0xa0, 0xbc, 0x53, 0x41, 0x9a, 0x91, 0x8d, 0xf4, 0x9e, 0x36, 0x66, 0x7a, - 0x7e, 0x56, 0xc1, 0x90, 0x5f, 0xe6, 0xb1, 0x68, 0x20, 0x36, 0xa4, 0x8c, - 0x24, 0x2c, 0x2c, 0x47, 0x0b, 0x59, 0x76, 0x66, 0x30, 0xb5, 0xbe, 0xde, - 0xed, 0x8f, 0xf8, 0x9d, 0xd3, 0xbb, 0x01, 0x30, 0xe6, 0xf2, 0xf3, 0x0e, - 0xe0, 0x2c, 0x92, 0x80, 0xf3, 0x85, 0xf9, 0x28, 0x8a, 0xb4, 0x54, 0x2e, - 0x9a, 0xed, 0xf7, 0x76, 0xfc, 0x15, 0x68, 0x16, 0xeb, 0x4a, 0x6c, 0xeb, - 0x2e, 0x12, 0x8f, 0xd4, 0xcf, 0xfe, 0x0c, 0xc7, 0x5c, 0x1d, 0x0b, 0x7e, - 0x05, 0x32, 0xbe, 0x5e, 0xb0, 0x09, 0x2a, 0x42, 0xd5, 0xc9, 0x4e, 0x90, - 0xb3, 0x59, 0x0d, 0xbb, 0x7a, 0x7e, 0xcd, 0xd5, 0x08, 0x5a, 0xb4, 0x7f, - 0xd8, 0x1c, 0x69, 0x11, 0xf9, 0x27, 0x0f, 0x7b, 0x06, 0xaf, 0x54, 0x83, - 0x18, 0x7b, 0xe1, 0xdd, 0x54, 0x7a, 0x51, 0x68, 0x6e, 0x77, 0xfc, 0xc6, - 0xbf, 0x52, 0x4a, 0x66, 0x46, 0xa1, 0xb2, 0x67, 0x1a, 0xbb, 0xa3, 0x4f, - 0x77, 0xa0, 0xbe, 0x5d, 0xff, 0xfc, 0x56, 0x0b, 0x43, 0x72, 0x77, 0x90, - 0xca, 0x9e, 0xf9, 0xf2, 0x39, 0xf5, 0x0d, 0xa9, 0xf4, 0xea, 0xd7, 0xe7, - 0xb3, 0x10, 0x2f, 0x30, 0x42, 0x37, 0x21, 0xcc, 0x30, 0x70, 0xc9, 0x86, - 0x98, 0x0f, 0xcc, 0x58, 0x4d, 0x83, 0xbb, 0x7d, 0xe5, 0x1a, 0xa5, 0x37, - 0x8d, 0xb6, 0xac, 0x32, 0x97, 0x00, 0x3a, 0x63, 0x71, 0x24, 0x1e, 0x9e, - 0x37, 0xc4, 0xff, 0x74, 0xd4, 0x37, 0xc0, 0xe2, 0xfe, 0x88, 0x46, 0x60, - 0x11, 0xdd, 0x08, 0x3f, 0x50, 0x36, 0xab, 0xb8, 0x7a, 0xa4, 0x95, 0x62, - 0x6a, 0x6e, 0xb0, 0xca, 0x6a, 0x21, 0x5a, 0x69, 0xf3, 0xf3, 0xfb, 0x1d, - 0x70, 0x39, 0x95, 0xf3, 0xa7, 0x6e, 0xa6, 0x81, 0x89, 0xa1, 0x88, 0xc5, - 0x3b, 0x71, 0xca, 0xa3, 0x52, 0xee, 0x83, 0xbb, 0xfd, 0xa0, 0x77, 0xf4, - 0xe4, 0x6f, 0xe7, 0x42, 0xdb, 0x6d, 0x4a, 0x99, 0x8a, 0x34, 0x48, 0xbc, - 0x17, 0xdc, 0xe4, 0x80, 0x08, 0x22, 0xb6, 0xf2, 0x31, 0xc0, 0x3f, 0x04, - 0x3e, 0xeb, 0x9f, 0x20, 0x79, 0xd6, 0xb8, 0x06, 0x64, 0x64, 0x02, 0x31, - 0xd7, 0xa9, 0xcd, 0x52, 0xfb, 0x84, 0x45, 0x69, 0x09, 0x00, 0x2a, 0xdc, - 0x55, 0x8b, 0xc4, 0x06, 0x46, 0x4b, 0xc0, 0x4a, 0x1d, 0x09, 0x5b, 0x39, - 0x28, 0xfd, 0xa9, 0xab, 0xce, 0x00, 0xf9, 0x2e, 0x48, 0x4b, 0x26, 0xe6, - 0x30, 0x4c, 0xa5, 0x58, 0xca, 0xb4, 0x44, 0x82, 0x4f, 0xe7, 0x91, 0x1e, - 0x33, 0xc3, 0xb0, 0x93, 0xff, 0x11, 0xfc, 0x81, 0xd2, 0xca, 0x1f, 0x71, - 0x29, 0xdd, 0x76, 0x4f, 0x92, 0x25, 0xaf, 0x1d, 0x81, 0xb7, 0x0f, 0x2f, - 0x8c, 0xc3, 0x06, 0xcc, 0x2f, 0x27, 0xa3, 0x4a, 0xe4, 0x0e, 0x99, 0xba, - 0x7c, 0x1e, 0x45, 0x1f, 0x7f, 0xaa, 0x19, 0x45, 0x96, 0xfd, 0xfc, 0x3d, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x07, 0x30, 0x82, 0x01, - 0x03, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, - 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x02, 0x30, 0x0e, 0x06, - 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, - 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0xe1, 0x66, 0xcf, 0x0e, 0xd1, 0xf1, 0xb3, 0x4b, 0xb7, 0x06, 0x20, 0x14, - 0xfe, 0x87, 0x12, 0xd5, 0xf6, 0xfe, 0xfb, 0x3e, 0x30, 0x1f, 0x06, 0x03, - 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x4e, 0x0b, 0xef, - 0x1a, 0xa4, 0x40, 0x5b, 0xa5, 0x17, 0x69, 0x87, 0x30, 0xca, 0x34, 0x68, - 0x43, 0xd0, 0x41, 0xae, 0xf2, 0x30, 0x69, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x5d, 0x30, 0x5b, 0x30, 0x27, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x1b, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x73, - 0x74, 0x61, 0x72, 0x74, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x63, 0x61, 0x30, 0x30, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x02, 0x86, 0x24, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x61, - 0x69, 0x61, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x74, 0x73, 0x73, 0x6c, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x73, 0x2f, 0x63, 0x61, - 0x2e, 0x63, 0x72, 0x74, 0x30, 0x32, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, - 0x2b, 0x30, 0x29, 0x30, 0x27, 0xa0, 0x25, 0xa0, 0x23, 0x86, 0x21, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x73, 0x74, - 0x61, 0x72, 0x74, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, - 0x66, 0x73, 0x63, 0x61, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, - 0x82, 0x02, 0x01, 0x00, 0xb6, 0x6d, 0xf8, 0x70, 0xfb, 0xe2, 0x0d, 0x4c, - 0x98, 0xb3, 0x07, 0x49, 0x15, 0xf5, 0x04, 0xc4, 0x6c, 0xca, 0xca, 0xf5, - 0x68, 0xa0, 0x08, 0xfe, 0x12, 0x6d, 0x9c, 0x04, 0x06, 0xc9, 0xad, 0x9a, - 0x91, 0x52, 0x3e, 0x78, 0xc4, 0x5c, 0xee, 0x9f, 0x54, 0x1d, 0xee, 0xe3, - 0xf1, 0x5e, 0x30, 0xc9, 0x49, 0xe1, 0x39, 0xe0, 0xa6, 0x9d, 0x36, 0x6c, - 0x57, 0xfa, 0xe6, 0x34, 0x4f, 0x55, 0xe8, 0x87, 0xa8, 0x2c, 0xdd, 0x05, - 0xf1, 0x58, 0x12, 0x91, 0xe8, 0xca, 0xce, 0x28, 0x78, 0x8f, 0xdf, 0x07, - 0x85, 0x01, 0xa5, 0xdc, 0x45, 0x96, 0x05, 0xd4, 0x80, 0xb2, 0x2b, 0x05, - 0x9a, 0xcb, 0x9a, 0xa5, 0x8b, 0xe0, 0x3a, 0x67, 0xe6, 0x73, 0x47, 0xbe, - 0x4a, 0xfd, 0x27, 0xb1, 0x88, 0xef, 0xe6, 0xca, 0xcf, 0x8d, 0x0e, 0x26, - 0x9f, 0xfa, 0x5f, 0x57, 0x78, 0xad, 0x6d, 0xfe, 0xae, 0x9b, 0x35, 0x08, - 0xb1, 0xc3, 0xba, 0xc1, 0x00, 0x4a, 0x4b, 0x7d, 0x14, 0xbd, 0xf7, 0xf1, - 0xd3, 0x55, 0x18, 0xac, 0xd0, 0x33, 0x70, 0x88, 0x6d, 0xc4, 0x09, 0x71, - 0x14, 0xa6, 0x2b, 0x4f, 0x88, 0x81, 0xe7, 0x0b, 0x00, 0x37, 0xa9, 0x15, - 0x7d, 0x7e, 0xd7, 0x01, 0x96, 0x3f, 0x2f, 0xaf, 0x7b, 0x62, 0xae, 0x0a, - 0x4a, 0xbf, 0x4b, 0x39, 0x2e, 0x35, 0x10, 0x8b, 0xfe, 0x04, 0x39, 0xe4, - 0x3c, 0x3a, 0x0c, 0x09, 0x56, 0x40, 0x3a, 0xb5, 0xf4, 0xc2, 0x68, 0x0c, - 0xb5, 0xf9, 0x52, 0xcd, 0xee, 0x9d, 0xf8, 0x98, 0xfc, 0x78, 0xe7, 0x58, - 0x47, 0x8f, 0x1c, 0x73, 0x58, 0x69, 0x33, 0xab, 0xff, 0xdd, 0xdf, 0x8e, - 0x24, 0x01, 0x77, 0x98, 0x19, 0x3a, 0xb0, 0x66, 0x79, 0xbc, 0xe1, 0x08, - 0xa3, 0x0e, 0x4f, 0xc1, 0x04, 0xb3, 0xf3, 0x01, 0xc8, 0xeb, 0xd3, 0x59, - 0x1c, 0x35, 0xd2, 0x93, 0x1e, 0x70, 0x65, 0x82, 0x7f, 0xdb, 0xcf, 0xfb, - 0xc8, 0x99, 0x12, 0x60, 0xc3, 0x44, 0x6f, 0x3a, 0x80, 0x4b, 0xd7, 0xbe, - 0x21, 0xaa, 0x14, 0x7a, 0x64, 0xcb, 0xdd, 0x37, 0x43, 0x45, 0x5b, 0x32, - 0x2e, 0x45, 0xf0, 0xd9, 0x59, 0x1f, 0x6b, 0x18, 0xf0, 0x7c, 0xe9, 0x55, - 0x36, 0x19, 0x61, 0x5f, 0xb5, 0x7d, 0xf1, 0x8d, 0xbd, 0x88, 0xe4, 0x75, - 0x4b, 0x98, 0xdd, 0x27, 0xb0, 0xe4, 0x84, 0x44, 0x2a, 0x61, 0x84, 0x57, - 0x05, 0x82, 0x11, 0x1f, 0xaa, 0x35, 0x58, 0xf3, 0x20, 0x0e, 0xaf, 0x59, - 0xef, 0xfa, 0x55, 0x72, 0x72, 0x0d, 0x26, 0xd0, 0x9b, 0x53, 0x49, 0xac, - 0xce, 0x37, 0x2e, 0x65, 0x61, 0xff, 0xf6, 0xec, 0x1b, 0xea, 0xf6, 0xf1, - 0xa6, 0xd3, 0xd1, 0xb5, 0x7b, 0xbe, 0x35, 0xf4, 0x22, 0xc1, 0xbc, 0x8d, - 0x01, 0xbd, 0x68, 0x5e, 0x83, 0x0d, 0x2f, 0xec, 0xd6, 0xda, 0x63, 0x0c, - 0x27, 0xd1, 0x54, 0x3e, 0xe4, 0xa8, 0xd3, 0xce, 0x4b, 0x32, 0xb8, 0x91, - 0x94, 0xff, 0xfb, 0x5b, 0x49, 0x2d, 0x75, 0x18, 0xa8, 0xba, 0x71, 0x9a, - 0x3b, 0xae, 0xd9, 0xc0, 0xa9, 0x4f, 0x87, 0x91, 0xed, 0x8b, 0x7b, 0x6b, - 0x20, 0x98, 0x89, 0x39, 0x83, 0x4f, 0x80, 0xc4, 0x69, 0xcc, 0x17, 0xc9, - 0xc8, 0x4e, 0xbe, 0xe4, 0xa9, 0xa5, 0x81, 0x76, 0x70, 0x06, 0x04, 0x32, - 0xcd, 0x83, 0x65, 0xf4, 0xbc, 0x7d, 0x3e, 0x13, 0xbc, 0xd2, 0xe8, 0x6f, - 0x63, 0xaa, 0xb5, 0x3b, 0xda, 0x8d, 0x86, 0x32, 0x82, 0x78, 0x9d, 0xd9, - 0xcc, 0xff, 0xbf, 0x57, 0x64, 0x74, 0xed, 0x28, 0x3d, 0x44, 0x62, 0x15, - 0x61, 0x4b, 0xf7, 0x94, 0xb0, 0x0d, 0x2a, 0x67, 0x1c, 0xf0, 0xcb, 0x9b, - 0xa5, 0x92, 0xbf, 0xf8, 0x41, 0x5a, 0xc1, 0x3d, 0x60, 0xed, 0x9f, 0xbb, - 0xb8, 0x6d, 0x9b, 0xce, 0xa9, 0x6a, 0x16, 0x3f, 0x7e, 0xea, 0x06, 0xf1, -} - -var certSet2Cert53 = []byte{ - 0x30, 0x82, 0x06, 0xe6, 0x30, 0x82, 0x05, 0xce, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x03, 0x37, 0xb9, 0x28, 0x34, 0x7c, 0x60, 0xa6, 0xae, - 0xc5, 0xad, 0xb1, 0x21, 0x7f, 0x38, 0x60, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x6c, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, - 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, - 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x10, 0x77, - 0x77, 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x22, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x48, - 0x69, 0x67, 0x68, 0x20, 0x41, 0x73, 0x73, 0x75, 0x72, 0x61, 0x6e, 0x63, - 0x65, 0x20, 0x45, 0x56, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, - 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x37, 0x31, 0x31, 0x30, 0x39, 0x31, 0x32, - 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x31, 0x31, 0x31, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x69, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x44, 0x69, - 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x31, 0x19, - 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x10, 0x77, 0x77, 0x77, - 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, - 0x6d, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1f, - 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x48, 0x69, 0x67, - 0x68, 0x20, 0x41, 0x73, 0x73, 0x75, 0x72, 0x61, 0x6e, 0x63, 0x65, 0x20, - 0x45, 0x56, 0x20, 0x43, 0x41, 0x2d, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, - 0x82, 0x01, 0x01, 0x00, 0xf3, 0x96, 0x62, 0xd8, 0x75, 0x6e, 0x19, 0xff, - 0x3f, 0x34, 0x7c, 0x49, 0x4f, 0x31, 0x7e, 0x0d, 0x04, 0x4e, 0x99, 0x81, - 0xe2, 0xb3, 0x85, 0x55, 0x91, 0x30, 0xb1, 0xc0, 0xaf, 0x70, 0xbb, 0x2c, - 0xa8, 0xe7, 0x18, 0xaa, 0x3f, 0x78, 0xf7, 0x90, 0x68, 0x52, 0x86, 0x01, - 0x88, 0x97, 0xe2, 0x3b, 0x06, 0x65, 0x90, 0xaa, 0xbd, 0x65, 0x76, 0xc2, - 0xec, 0xbe, 0x10, 0x5b, 0x37, 0x78, 0x83, 0x60, 0x75, 0x45, 0xc6, 0xbd, - 0x74, 0xaa, 0xb6, 0x9f, 0xa4, 0x3a, 0x01, 0x50, 0x17, 0xc4, 0x39, 0x69, - 0xb9, 0xf1, 0x4f, 0xef, 0x82, 0xc1, 0xca, 0xf3, 0x4a, 0xdb, 0xcc, 0x9e, - 0x50, 0x4f, 0x4d, 0x40, 0xa3, 0x3a, 0x90, 0xe7, 0x86, 0x66, 0xbc, 0xf0, - 0x3e, 0x76, 0x28, 0x4c, 0xd1, 0x75, 0x80, 0x9e, 0x6a, 0x35, 0x14, 0x35, - 0x03, 0x9e, 0xdb, 0x0c, 0x8c, 0xc2, 0x28, 0xad, 0x50, 0xb2, 0xce, 0xf6, - 0x91, 0xa3, 0xc3, 0xa5, 0x0a, 0x58, 0x49, 0xf6, 0x75, 0x44, 0x6c, 0xba, - 0xf9, 0xce, 0xe9, 0xab, 0x3a, 0x02, 0xe0, 0x4d, 0xf3, 0xac, 0xe2, 0x7a, - 0xe0, 0x60, 0x22, 0x05, 0x3c, 0x82, 0xd3, 0x52, 0xe2, 0xf3, 0x9c, 0x47, - 0xf8, 0x3b, 0xd8, 0xb2, 0x4b, 0x93, 0x56, 0x4a, 0xbf, 0x70, 0xab, 0x3e, - 0xe9, 0x68, 0xc8, 0x1d, 0x8f, 0x58, 0x1d, 0x2a, 0x4d, 0x5e, 0x27, 0x3d, - 0xad, 0x0a, 0x59, 0x2f, 0x5a, 0x11, 0x20, 0x40, 0xd9, 0x68, 0x04, 0x68, - 0x2d, 0xf4, 0xc0, 0x84, 0x0b, 0x0a, 0x1b, 0x78, 0xdf, 0xed, 0x1a, 0x58, - 0xdc, 0xfb, 0x41, 0x5a, 0x6d, 0x6b, 0xf2, 0xed, 0x1c, 0xee, 0x5c, 0x32, - 0xb6, 0x5c, 0xec, 0xd7, 0xa6, 0x03, 0x32, 0xa6, 0xe8, 0xde, 0xb7, 0x28, - 0x27, 0x59, 0x88, 0x80, 0xff, 0x7b, 0xad, 0x89, 0x58, 0xd5, 0x1e, 0x14, - 0xa4, 0xf2, 0xb0, 0x70, 0xd4, 0xa0, 0x3e, 0xa7, 0x02, 0x03, 0x01, 0x00, - 0x01, 0xa3, 0x82, 0x03, 0x85, 0x30, 0x82, 0x03, 0x81, 0x30, 0x0e, 0x06, - 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, - 0x86, 0x30, 0x3b, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x34, 0x30, 0x32, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x03, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x03, 0x04, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x03, 0x08, 0x30, 0x82, 0x01, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, - 0x82, 0x01, 0xbb, 0x30, 0x82, 0x01, 0xb7, 0x30, 0x82, 0x01, 0xb3, 0x06, - 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xfd, 0x6c, 0x02, 0x01, 0x30, 0x82, - 0x01, 0xa4, 0x30, 0x3a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x02, 0x01, 0x16, 0x2e, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, - 0x77, 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x73, 0x6c, 0x2d, 0x63, 0x70, 0x73, 0x2d, - 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2e, 0x68, - 0x74, 0x6d, 0x30, 0x82, 0x01, 0x64, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x02, 0x02, 0x30, 0x82, 0x01, 0x56, 0x1e, 0x82, 0x01, 0x52, - 0x00, 0x41, 0x00, 0x6e, 0x00, 0x79, 0x00, 0x20, 0x00, 0x75, 0x00, 0x73, - 0x00, 0x65, 0x00, 0x20, 0x00, 0x6f, 0x00, 0x66, 0x00, 0x20, 0x00, 0x74, - 0x00, 0x68, 0x00, 0x69, 0x00, 0x73, 0x00, 0x20, 0x00, 0x43, 0x00, 0x65, - 0x00, 0x72, 0x00, 0x74, 0x00, 0x69, 0x00, 0x66, 0x00, 0x69, 0x00, 0x63, - 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00, 0x20, 0x00, 0x63, 0x00, 0x6f, - 0x00, 0x6e, 0x00, 0x73, 0x00, 0x74, 0x00, 0x69, 0x00, 0x74, 0x00, 0x75, - 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00, 0x20, 0x00, 0x61, 0x00, 0x63, - 0x00, 0x63, 0x00, 0x65, 0x00, 0x70, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6e, - 0x00, 0x63, 0x00, 0x65, 0x00, 0x20, 0x00, 0x6f, 0x00, 0x66, 0x00, 0x20, - 0x00, 0x74, 0x00, 0x68, 0x00, 0x65, 0x00, 0x20, 0x00, 0x44, 0x00, 0x69, - 0x00, 0x67, 0x00, 0x69, 0x00, 0x43, 0x00, 0x65, 0x00, 0x72, 0x00, 0x74, - 0x00, 0x20, 0x00, 0x45, 0x00, 0x56, 0x00, 0x20, 0x00, 0x43, 0x00, 0x50, - 0x00, 0x53, 0x00, 0x20, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x64, 0x00, 0x20, - 0x00, 0x74, 0x00, 0x68, 0x00, 0x65, 0x00, 0x20, 0x00, 0x52, 0x00, 0x65, - 0x00, 0x6c, 0x00, 0x79, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x20, - 0x00, 0x50, 0x00, 0x61, 0x00, 0x72, 0x00, 0x74, 0x00, 0x79, 0x00, 0x20, - 0x00, 0x41, 0x00, 0x67, 0x00, 0x72, 0x00, 0x65, 0x00, 0x65, 0x00, 0x6d, - 0x00, 0x65, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x20, 0x00, 0x77, 0x00, 0x68, - 0x00, 0x69, 0x00, 0x63, 0x00, 0x68, 0x00, 0x20, 0x00, 0x6c, 0x00, 0x69, - 0x00, 0x6d, 0x00, 0x69, 0x00, 0x74, 0x00, 0x20, 0x00, 0x6c, 0x00, 0x69, - 0x00, 0x61, 0x00, 0x62, 0x00, 0x69, 0x00, 0x6c, 0x00, 0x69, 0x00, 0x74, - 0x00, 0x79, 0x00, 0x20, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x64, 0x00, 0x20, - 0x00, 0x61, 0x00, 0x72, 0x00, 0x65, 0x00, 0x20, 0x00, 0x69, 0x00, 0x6e, - 0x00, 0x63, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x70, 0x00, 0x6f, 0x00, 0x72, - 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00, 0x64, 0x00, 0x20, 0x00, 0x68, - 0x00, 0x65, 0x00, 0x72, 0x00, 0x65, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x20, - 0x00, 0x62, 0x00, 0x79, 0x00, 0x20, 0x00, 0x72, 0x00, 0x65, 0x00, 0x66, - 0x00, 0x65, 0x00, 0x72, 0x00, 0x65, 0x00, 0x6e, 0x00, 0x63, 0x00, 0x65, - 0x00, 0x2e, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, - 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x81, - 0x83, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, - 0x77, 0x30, 0x75, 0x30, 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, - 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x4d, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x41, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, - 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x41, 0x43, 0x65, 0x72, - 0x74, 0x73, 0x2f, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x48, - 0x69, 0x67, 0x68, 0x41, 0x73, 0x73, 0x75, 0x72, 0x61, 0x6e, 0x63, 0x65, - 0x45, 0x56, 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x74, - 0x30, 0x81, 0x8f, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x81, 0x87, 0x30, - 0x81, 0x84, 0x30, 0x40, 0xa0, 0x3e, 0xa0, 0x3c, 0x86, 0x3a, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x33, 0x2e, 0x64, 0x69, - 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x44, - 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x48, 0x69, 0x67, 0x68, 0x41, - 0x73, 0x73, 0x75, 0x72, 0x61, 0x6e, 0x63, 0x65, 0x45, 0x56, 0x52, 0x6f, - 0x6f, 0x74, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x40, 0xa0, 0x3e, - 0xa0, 0x3c, 0x86, 0x3a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, - 0x72, 0x6c, 0x34, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, - 0x74, 0x48, 0x69, 0x67, 0x68, 0x41, 0x73, 0x73, 0x75, 0x72, 0x61, 0x6e, - 0x63, 0x65, 0x45, 0x56, 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x41, 0x2e, 0x63, - 0x72, 0x6c, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, - 0x14, 0x4c, 0x58, 0xcb, 0x25, 0xf0, 0x41, 0x4f, 0x52, 0xf4, 0x28, 0xc8, - 0x81, 0x43, 0x9b, 0xa6, 0xa8, 0xa0, 0xe6, 0x92, 0xe5, 0x30, 0x1f, 0x06, - 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb1, 0x3e, - 0xc3, 0x69, 0x03, 0xf8, 0xbf, 0x47, 0x01, 0xd4, 0x98, 0x26, 0x1a, 0x08, - 0x02, 0xef, 0x63, 0x64, 0x2b, 0xc3, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x01, 0x00, 0x4c, 0x7a, 0x17, 0x87, 0x28, 0x5d, 0x17, 0xbc, 0xb2, 0x32, - 0x73, 0xbf, 0xcd, 0x2e, 0xf5, 0x58, 0x31, 0x1d, 0xf0, 0xb1, 0x71, 0x54, - 0x9c, 0xd6, 0x9b, 0x67, 0x93, 0xdb, 0x2f, 0x03, 0x3e, 0x16, 0x6f, 0x1e, - 0x03, 0xc9, 0x53, 0x84, 0xa3, 0x56, 0x60, 0x1e, 0x78, 0x94, 0x1b, 0xa2, - 0xa8, 0x6f, 0xa3, 0xa4, 0x8b, 0x52, 0x91, 0xd7, 0xdd, 0x5c, 0x95, 0xbb, - 0xef, 0xb5, 0x16, 0x49, 0xe9, 0xa5, 0x42, 0x4f, 0x34, 0xf2, 0x47, 0xff, - 0xae, 0x81, 0x7f, 0x13, 0x54, 0xb7, 0x20, 0xc4, 0x70, 0x15, 0xcb, 0x81, - 0x0a, 0x81, 0xcb, 0x74, 0x57, 0xdc, 0x9c, 0xdf, 0x24, 0xa4, 0x29, 0x0c, - 0x18, 0xf0, 0x1c, 0xe4, 0xae, 0x07, 0x33, 0xec, 0xf1, 0x49, 0x3e, 0x55, - 0xcf, 0x6e, 0x4f, 0x0d, 0x54, 0x7b, 0xd3, 0xc9, 0xe8, 0x15, 0x48, 0xd4, - 0xc5, 0xbb, 0xdc, 0x35, 0x1c, 0x77, 0x45, 0x07, 0x48, 0x45, 0x85, 0xbd, - 0xd7, 0x7e, 0x53, 0xb8, 0xc0, 0x16, 0xd9, 0x95, 0xcd, 0x8b, 0x8d, 0x7d, - 0xc9, 0x60, 0x4f, 0xd1, 0xa2, 0x9b, 0xe3, 0xd0, 0x30, 0xd6, 0xb4, 0x73, - 0x36, 0xe6, 0xd2, 0xf9, 0x03, 0xb2, 0xe3, 0xa4, 0xf5, 0xe5, 0xb8, 0x3e, - 0x04, 0x49, 0x00, 0xba, 0x2e, 0xa6, 0x4a, 0x72, 0x83, 0x72, 0x9d, 0xf7, - 0x0b, 0x8c, 0xa9, 0x89, 0xe7, 0xb3, 0xd7, 0x64, 0x1f, 0xd6, 0xe3, 0x60, - 0xcb, 0x03, 0xc4, 0xdc, 0x88, 0xe9, 0x9d, 0x25, 0x01, 0x00, 0x71, 0xcb, - 0x03, 0xb4, 0x29, 0x60, 0x25, 0x8f, 0xf9, 0x46, 0xd1, 0x7b, 0x71, 0xae, - 0xcd, 0x53, 0x12, 0x5b, 0x84, 0x8e, 0xc2, 0x0f, 0xc7, 0xed, 0x93, 0x19, - 0xd9, 0xc9, 0xfa, 0x8f, 0x58, 0x34, 0x76, 0x32, 0x2f, 0xae, 0xe1, 0x50, - 0x14, 0x61, 0xd4, 0xa8, 0x58, 0xa3, 0xc8, 0x30, 0x13, 0x23, 0xef, 0xc6, - 0x25, 0x8c, 0x36, 0x8f, 0x1c, 0x80, -} diff --git a/vendor/github.com/lucas-clemente/quic-go-certificates/cert_set_3.go b/vendor/github.com/lucas-clemente/quic-go-certificates/cert_set_3.go deleted file mode 100644 index e3dfed9c..00000000 --- a/vendor/github.com/lucas-clemente/quic-go-certificates/cert_set_3.go +++ /dev/null @@ -1,5456 +0,0 @@ -package certsets - -var CertSet3 = [][]byte{ - certSet3Cert0, - certSet3Cert1, - certSet3Cert2, - certSet3Cert3, - certSet3Cert4, - certSet3Cert5, - certSet3Cert6, - certSet3Cert7, - certSet3Cert8, - certSet3Cert9, - certSet3Cert10, - certSet3Cert11, - certSet3Cert12, - certSet3Cert13, - certSet3Cert14, - certSet3Cert15, - certSet3Cert16, - certSet3Cert17, - certSet3Cert18, - certSet3Cert19, - certSet3Cert20, - certSet3Cert21, - certSet3Cert22, - certSet3Cert23, - certSet3Cert24, - certSet3Cert25, - certSet3Cert26, - certSet3Cert27, - certSet3Cert28, - certSet3Cert29, - certSet3Cert30, - certSet3Cert31, - certSet3Cert32, - certSet3Cert33, - certSet3Cert34, - certSet3Cert35, - certSet3Cert36, - certSet3Cert37, - certSet3Cert38, - certSet3Cert39, - certSet3Cert40, - certSet3Cert41, - certSet3Cert42, - certSet3Cert43, - certSet3Cert44, - certSet3Cert45, - certSet3Cert46, - certSet3Cert47, - certSet3Cert48, - certSet3Cert49, - certSet3Cert50, - certSet3Cert51, -} - -const CertSet3Hash uint64 = (0x918215a28680ed7e) - -var certSet3Cert0 = []byte{ - 0x30, 0x82, 0x03, 0x7d, 0x30, 0x82, 0x02, 0xe6, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x12, 0xbb, 0xe6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x4e, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x45, - 0x71, 0x75, 0x69, 0x66, 0x61, 0x78, 0x31, 0x2d, 0x30, 0x2b, 0x06, 0x03, - 0x55, 0x04, 0x0b, 0x13, 0x24, 0x45, 0x71, 0x75, 0x69, 0x66, 0x61, 0x78, - 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x32, 0x30, - 0x35, 0x32, 0x31, 0x30, 0x34, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, - 0x31, 0x38, 0x30, 0x38, 0x32, 0x31, 0x30, 0x34, 0x30, 0x30, 0x30, 0x30, - 0x5a, 0x30, 0x42, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x12, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, - 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, - 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xda, 0xcc, 0x18, 0x63, 0x30, 0xfd, - 0xf4, 0x17, 0x23, 0x1a, 0x56, 0x7e, 0x5b, 0xdf, 0x3c, 0x6c, 0x38, 0xe4, - 0x71, 0xb7, 0x78, 0x91, 0xd4, 0xbc, 0xa1, 0xd8, 0x4c, 0xf8, 0xa8, 0x43, - 0xb6, 0x03, 0xe9, 0x4d, 0x21, 0x07, 0x08, 0x88, 0xda, 0x58, 0x2f, 0x66, - 0x39, 0x29, 0xbd, 0x05, 0x78, 0x8b, 0x9d, 0x38, 0xe8, 0x05, 0xb7, 0x6a, - 0x7e, 0x71, 0xa4, 0xe6, 0xc4, 0x60, 0xa6, 0xb0, 0xef, 0x80, 0xe4, 0x89, - 0x28, 0x0f, 0x9e, 0x25, 0xd6, 0xed, 0x83, 0xf3, 0xad, 0xa6, 0x91, 0xc7, - 0x98, 0xc9, 0x42, 0x18, 0x35, 0x14, 0x9d, 0xad, 0x98, 0x46, 0x92, 0x2e, - 0x4f, 0xca, 0xf1, 0x87, 0x43, 0xc1, 0x16, 0x95, 0x57, 0x2d, 0x50, 0xef, - 0x89, 0x2d, 0x80, 0x7a, 0x57, 0xad, 0xf2, 0xee, 0x5f, 0x6b, 0xd2, 0x00, - 0x8d, 0xb9, 0x14, 0xf8, 0x14, 0x15, 0x35, 0xd9, 0xc0, 0x46, 0xa3, 0x7b, - 0x72, 0xc8, 0x91, 0xbf, 0xc9, 0x55, 0x2b, 0xcd, 0xd0, 0x97, 0x3e, 0x9c, - 0x26, 0x64, 0xcc, 0xdf, 0xce, 0x83, 0x19, 0x71, 0xca, 0x4e, 0xe6, 0xd4, - 0xd5, 0x7b, 0xa9, 0x19, 0xcd, 0x55, 0xde, 0xc8, 0xec, 0xd2, 0x5e, 0x38, - 0x53, 0xe5, 0x5c, 0x4f, 0x8c, 0x2d, 0xfe, 0x50, 0x23, 0x36, 0xfc, 0x66, - 0xe6, 0xcb, 0x8e, 0xa4, 0x39, 0x19, 0x00, 0xb7, 0x95, 0x02, 0x39, 0x91, - 0x0b, 0x0e, 0xfe, 0x38, 0x2e, 0xd1, 0x1d, 0x05, 0x9a, 0xf6, 0x4d, 0x3e, - 0x6f, 0x0f, 0x07, 0x1d, 0xaf, 0x2c, 0x1e, 0x8f, 0x60, 0x39, 0xe2, 0xfa, - 0x36, 0x53, 0x13, 0x39, 0xd4, 0x5e, 0x26, 0x2b, 0xdb, 0x3d, 0xa8, 0x14, - 0xbd, 0x32, 0xeb, 0x18, 0x03, 0x28, 0x52, 0x04, 0x71, 0xe5, 0xab, 0x33, - 0x3d, 0xe1, 0x38, 0xbb, 0x07, 0x36, 0x84, 0x62, 0x9c, 0x79, 0xea, 0x16, - 0x30, 0xf4, 0x5f, 0xc0, 0x2b, 0xe8, 0x71, 0x6b, 0xe4, 0xf9, 0x02, 0x03, - 0x01, 0x00, 0x01, 0xa3, 0x81, 0xf0, 0x30, 0x81, 0xed, 0x30, 0x1f, 0x06, - 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x48, 0xe6, - 0x68, 0xf9, 0x2b, 0xd2, 0xb2, 0x95, 0xd7, 0x47, 0xd8, 0x23, 0x20, 0x10, - 0x4f, 0x33, 0x98, 0x90, 0x9f, 0xd4, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, - 0x0e, 0x04, 0x16, 0x04, 0x14, 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, - 0xab, 0x05, 0x64, 0x0c, 0x11, 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc, - 0x4e, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, - 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x3a, - 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x33, 0x30, 0x31, 0x30, 0x2f, 0xa0, - 0x2d, 0xa0, 0x2b, 0x86, 0x29, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x63, 0x72, 0x6c, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x73, 0x2f, 0x73, 0x65, - 0x63, 0x75, 0x72, 0x65, 0x63, 0x61, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x4e, - 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x47, 0x30, 0x45, 0x30, 0x43, 0x06, - 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x3b, 0x30, 0x39, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x2d, 0x68, 0x74, 0x74, - 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, - 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x72, 0x65, 0x70, 0x6f, - 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, - 0x00, 0x76, 0xe1, 0x12, 0x6e, 0x4e, 0x4b, 0x16, 0x12, 0x86, 0x30, 0x06, - 0xb2, 0x81, 0x08, 0xcf, 0xf0, 0x08, 0xc7, 0xc7, 0x71, 0x7e, 0x66, 0xee, - 0xc2, 0xed, 0xd4, 0x3b, 0x1f, 0xff, 0xf0, 0xf0, 0xc8, 0x4e, 0xd6, 0x43, - 0x38, 0xb0, 0xb9, 0x30, 0x7d, 0x18, 0xd0, 0x55, 0x83, 0xa2, 0x6a, 0xcb, - 0x36, 0x11, 0x9c, 0xe8, 0x48, 0x66, 0xa3, 0x6d, 0x7f, 0xb8, 0x13, 0xd4, - 0x47, 0xfe, 0x8b, 0x5a, 0x5c, 0x73, 0xfc, 0xae, 0xd9, 0x1b, 0x32, 0x19, - 0x38, 0xab, 0x97, 0x34, 0x14, 0xaa, 0x96, 0xd2, 0xeb, 0xa3, 0x1c, 0x14, - 0x08, 0x49, 0xb6, 0xbb, 0xe5, 0x91, 0xef, 0x83, 0x36, 0xeb, 0x1d, 0x56, - 0x6f, 0xca, 0xda, 0xbc, 0x73, 0x63, 0x90, 0xe4, 0x7f, 0x7b, 0x3e, 0x22, - 0xcb, 0x3d, 0x07, 0xed, 0x5f, 0x38, 0x74, 0x9c, 0xe3, 0x03, 0x50, 0x4e, - 0xa1, 0xaf, 0x98, 0xee, 0x61, 0xf2, 0x84, 0x3f, 0x12, -} - -var certSet3Cert1 = []byte{ - 0x30, 0x82, 0x03, 0x8b, 0x30, 0x82, 0x02, 0xf4, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x0d, 0x6e, 0x62, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x4e, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x45, - 0x71, 0x75, 0x69, 0x66, 0x61, 0x78, 0x31, 0x2d, 0x30, 0x2b, 0x06, 0x03, - 0x55, 0x04, 0x0b, 0x13, 0x24, 0x45, 0x71, 0x75, 0x69, 0x66, 0x61, 0x78, - 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x31, - 0x31, 0x32, 0x37, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, - 0x31, 0x38, 0x30, 0x38, 0x32, 0x31, 0x31, 0x36, 0x31, 0x35, 0x30, 0x30, - 0x5a, 0x30, 0x58, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x31, 0x30, 0x2f, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x28, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x82, 0x01, 0x22, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, - 0x82, 0x01, 0x01, 0x00, 0xbe, 0xb8, 0x15, 0x7b, 0xff, 0xd4, 0x7c, 0x7d, - 0x67, 0xad, 0x83, 0x64, 0x7b, 0xc8, 0x42, 0x53, 0x2d, 0xdf, 0xf6, 0x84, - 0x08, 0x20, 0x61, 0xd6, 0x01, 0x59, 0x6a, 0x9c, 0x44, 0x11, 0xaf, 0xef, - 0x76, 0xfd, 0x95, 0x7e, 0xce, 0x61, 0x30, 0xbb, 0x7a, 0x83, 0x5f, 0x02, - 0xbd, 0x01, 0x66, 0xca, 0xee, 0x15, 0x8d, 0x6f, 0xa1, 0x30, 0x9c, 0xbd, - 0xa1, 0x85, 0x9e, 0x94, 0x3a, 0xf3, 0x56, 0x88, 0x00, 0x31, 0xcf, 0xd8, - 0xee, 0x6a, 0x96, 0x02, 0xd9, 0xed, 0x03, 0x8c, 0xfb, 0x75, 0x6d, 0xe7, - 0xea, 0xb8, 0x55, 0x16, 0x05, 0x16, 0x9a, 0xf4, 0xe0, 0x5e, 0xb1, 0x88, - 0xc0, 0x64, 0x85, 0x5c, 0x15, 0x4d, 0x88, 0xc7, 0xb7, 0xba, 0xe0, 0x75, - 0xe9, 0xad, 0x05, 0x3d, 0x9d, 0xc7, 0x89, 0x48, 0xe0, 0xbb, 0x28, 0xc8, - 0x03, 0xe1, 0x30, 0x93, 0x64, 0x5e, 0x52, 0xc0, 0x59, 0x70, 0x22, 0x35, - 0x57, 0x88, 0x8a, 0xf1, 0x95, 0x0a, 0x83, 0xd7, 0xbc, 0x31, 0x73, 0x01, - 0x34, 0xed, 0xef, 0x46, 0x71, 0xe0, 0x6b, 0x02, 0xa8, 0x35, 0x72, 0x6b, - 0x97, 0x9b, 0x66, 0xe0, 0xcb, 0x1c, 0x79, 0x5f, 0xd8, 0x1a, 0x04, 0x68, - 0x1e, 0x47, 0x02, 0xe6, 0x9d, 0x60, 0xe2, 0x36, 0x97, 0x01, 0xdf, 0xce, - 0x35, 0x92, 0xdf, 0xbe, 0x67, 0xc7, 0x6d, 0x77, 0x59, 0x3b, 0x8f, 0x9d, - 0xd6, 0x90, 0x15, 0x94, 0xbc, 0x42, 0x34, 0x10, 0xc1, 0x39, 0xf9, 0xb1, - 0x27, 0x3e, 0x7e, 0xd6, 0x8a, 0x75, 0xc5, 0xb2, 0xaf, 0x96, 0xd3, 0xa2, - 0xde, 0x9b, 0xe4, 0x98, 0xbe, 0x7d, 0xe1, 0xe9, 0x81, 0xad, 0xb6, 0x6f, - 0xfc, 0xd7, 0x0e, 0xda, 0xe0, 0x34, 0xb0, 0x0d, 0x1a, 0x77, 0xe7, 0xe3, - 0x08, 0x98, 0xef, 0x58, 0xfa, 0x9c, 0x84, 0xb7, 0x36, 0xaf, 0xc2, 0xdf, - 0xac, 0xd2, 0xf4, 0x10, 0x06, 0x70, 0x71, 0x35, 0x02, 0x03, 0x01, 0x00, - 0x01, 0xa3, 0x81, 0xe8, 0x30, 0x81, 0xe5, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x2c, 0xd5, - 0x50, 0x41, 0x97, 0x15, 0x8b, 0xf0, 0x8f, 0x36, 0x61, 0x5b, 0x4a, 0xfb, - 0x6b, 0xd9, 0x99, 0xc9, 0x33, 0x92, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x48, 0xe6, 0x68, 0xf9, 0x2b, - 0xd2, 0xb2, 0x95, 0xd7, 0x47, 0xd8, 0x23, 0x20, 0x10, 0x4f, 0x33, 0x98, - 0x90, 0x9f, 0xd4, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, - 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x3a, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x33, 0x30, 0x31, 0x30, 0x2f, 0xa0, 0x2d, 0xa0, - 0x2b, 0x86, 0x29, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, - 0x6c, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x73, 0x2f, 0x73, 0x65, 0x63, 0x75, - 0x72, 0x65, 0x63, 0x61, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x46, 0x06, 0x03, - 0x55, 0x1d, 0x20, 0x04, 0x3f, 0x30, 0x3d, 0x30, 0x3b, 0x06, 0x04, 0x55, - 0x1d, 0x20, 0x00, 0x30, 0x33, 0x30, 0x31, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, - 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, - 0x81, 0x81, 0x00, 0xaf, 0xf3, 0x0e, 0xd6, 0x72, 0xab, 0xc7, 0xa9, 0x97, - 0xca, 0x2a, 0x6b, 0x84, 0x39, 0xde, 0x79, 0xa9, 0xf0, 0x81, 0xe5, 0x08, - 0x67, 0xab, 0xd7, 0x2f, 0x20, 0x02, 0x01, 0x71, 0x0c, 0x04, 0x22, 0xc9, - 0x1e, 0x88, 0x95, 0x03, 0xc9, 0x49, 0x3a, 0xaf, 0x67, 0x08, 0x49, 0xb0, - 0xd5, 0x08, 0xf5, 0x20, 0x3d, 0x80, 0x91, 0xa0, 0xc5, 0x87, 0xa3, 0xfb, - 0xc9, 0xa3, 0x17, 0x91, 0xf9, 0xa8, 0x2f, 0xae, 0xe9, 0x0f, 0xdf, 0x96, - 0x72, 0x0f, 0x75, 0x17, 0x80, 0x5d, 0x78, 0x01, 0x4d, 0x9f, 0x1f, 0x6d, - 0x7b, 0xd8, 0xf5, 0x42, 0x38, 0x23, 0x1a, 0x99, 0x93, 0xf4, 0x83, 0xbe, - 0x3b, 0x35, 0x74, 0xe7, 0x37, 0x13, 0x35, 0x7a, 0xac, 0xb4, 0xb6, 0x90, - 0x82, 0x6c, 0x27, 0xa4, 0xe0, 0xec, 0x9e, 0x35, 0xbd, 0xbf, 0xe5, 0x29, - 0xa1, 0x47, 0x9f, 0x5b, 0x32, 0xfc, 0xe9, 0x99, 0x7d, 0x2b, 0x39, -} - -var certSet3Cert2 = []byte{ - 0x30, 0x82, 0x03, 0xf0, 0x30, 0x82, 0x02, 0xd8, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x02, 0x3a, 0x92, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x42, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x35, 0x30, - 0x34, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, - 0x31, 0x37, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, - 0x5a, 0x30, 0x49, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0a, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e, - 0x63, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1c, - 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0x9c, 0x2a, 0x04, 0x77, 0x5c, 0xd8, 0x50, 0x91, 0x3a, 0x06, 0xa3, - 0x82, 0xe0, 0xd8, 0x50, 0x48, 0xbc, 0x89, 0x3f, 0xf1, 0x19, 0x70, 0x1a, - 0x88, 0x46, 0x7e, 0xe0, 0x8f, 0xc5, 0xf1, 0x89, 0xce, 0x21, 0xee, 0x5a, - 0xfe, 0x61, 0x0d, 0xb7, 0x32, 0x44, 0x89, 0xa0, 0x74, 0x0b, 0x53, 0x4f, - 0x55, 0xa4, 0xce, 0x82, 0x62, 0x95, 0xee, 0xeb, 0x59, 0x5f, 0xc6, 0xe1, - 0x05, 0x80, 0x12, 0xc4, 0x5e, 0x94, 0x3f, 0xbc, 0x5b, 0x48, 0x38, 0xf4, - 0x53, 0xf7, 0x24, 0xe6, 0xfb, 0x91, 0xe9, 0x15, 0xc4, 0xcf, 0xf4, 0x53, - 0x0d, 0xf4, 0x4a, 0xfc, 0x9f, 0x54, 0xde, 0x7d, 0xbe, 0xa0, 0x6b, 0x6f, - 0x87, 0xc0, 0xd0, 0x50, 0x1f, 0x28, 0x30, 0x03, 0x40, 0xda, 0x08, 0x73, - 0x51, 0x6c, 0x7f, 0xff, 0x3a, 0x3c, 0xa7, 0x37, 0x06, 0x8e, 0xbd, 0x4b, - 0x11, 0x04, 0xeb, 0x7d, 0x24, 0xde, 0xe6, 0xf9, 0xfc, 0x31, 0x71, 0xfb, - 0x94, 0xd5, 0x60, 0xf3, 0x2e, 0x4a, 0xaf, 0x42, 0xd2, 0xcb, 0xea, 0xc4, - 0x6a, 0x1a, 0xb2, 0xcc, 0x53, 0xdd, 0x15, 0x4b, 0x8b, 0x1f, 0xc8, 0x19, - 0x61, 0x1f, 0xcd, 0x9d, 0xa8, 0x3e, 0x63, 0x2b, 0x84, 0x35, 0x69, 0x65, - 0x84, 0xc8, 0x19, 0xc5, 0x46, 0x22, 0xf8, 0x53, 0x95, 0xbe, 0xe3, 0x80, - 0x4a, 0x10, 0xc6, 0x2a, 0xec, 0xba, 0x97, 0x20, 0x11, 0xc7, 0x39, 0x99, - 0x10, 0x04, 0xa0, 0xf0, 0x61, 0x7a, 0x95, 0x25, 0x8c, 0x4e, 0x52, 0x75, - 0xe2, 0xb6, 0xed, 0x08, 0xca, 0x14, 0xfc, 0xce, 0x22, 0x6a, 0xb3, 0x4e, - 0xcf, 0x46, 0x03, 0x97, 0x97, 0x03, 0x7e, 0xc0, 0xb1, 0xde, 0x7b, 0xaf, - 0x45, 0x33, 0xcf, 0xba, 0x3e, 0x71, 0xb7, 0xde, 0xf4, 0x25, 0x25, 0xc2, - 0x0d, 0x35, 0x89, 0x9d, 0x9d, 0xfb, 0x0e, 0x11, 0x79, 0x89, 0x1e, 0x37, - 0xc5, 0xaf, 0x8e, 0x72, 0x69, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, - 0xe7, 0x30, 0x81, 0xe4, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, - 0x18, 0x30, 0x16, 0x80, 0x14, 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, - 0xab, 0x05, 0x64, 0x0c, 0x11, 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc, - 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0x4a, 0xdd, 0x06, 0x16, 0x1b, 0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, - 0xb6, 0xbb, 0x62, 0x1a, 0xba, 0x5a, 0x81, 0x2f, 0x30, 0x0e, 0x06, 0x03, - 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, - 0x30, 0x2e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, - 0x04, 0x22, 0x30, 0x20, 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x30, 0x01, 0x86, 0x12, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x67, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x64, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, - 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x35, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x2e, 0x30, 0x2c, 0x30, 0x2a, 0xa0, 0x28, 0xa0, - 0x26, 0x86, 0x24, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x2e, - 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, - 0x6c, 0x73, 0x2f, 0x67, 0x74, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x17, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x10, - 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, - 0x79, 0x02, 0x05, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0x08, 0x4e, 0x04, 0xa7, 0x80, 0x7f, 0x10, 0x16, 0x43, 0x5e, 0x02, 0xad, - 0xd7, 0x42, 0x80, 0xf4, 0xb0, 0x8e, 0xd2, 0xae, 0xb3, 0xeb, 0x11, 0x7d, - 0x90, 0x84, 0x18, 0x7d, 0xe7, 0x90, 0x15, 0xfb, 0x49, 0x7f, 0xa8, 0x99, - 0x05, 0x91, 0xbb, 0x7a, 0xc9, 0xd6, 0x3c, 0x37, 0x18, 0x09, 0x9a, 0xb6, - 0xc7, 0x92, 0x20, 0x07, 0x35, 0x33, 0x09, 0xe4, 0x28, 0x63, 0x72, 0x0d, - 0xb4, 0xe0, 0x32, 0x9c, 0x87, 0x98, 0xc4, 0x1b, 0x76, 0x89, 0x67, 0xc1, - 0x50, 0x58, 0xb0, 0x13, 0xaa, 0x13, 0x1a, 0x1b, 0x32, 0xa5, 0xbe, 0xea, - 0x11, 0x95, 0x4c, 0x48, 0x63, 0x49, 0xe9, 0x99, 0x5d, 0x20, 0x37, 0xcc, - 0xfe, 0x2a, 0x69, 0x51, 0x16, 0x95, 0x4b, 0xa9, 0xde, 0x49, 0x82, 0xc0, - 0x10, 0x70, 0xf4, 0x2c, 0xf3, 0xec, 0xbc, 0x24, 0x24, 0xd0, 0x4e, 0xac, - 0xa5, 0xd9, 0x5e, 0x1e, 0x6d, 0x92, 0xc1, 0xa7, 0xac, 0x48, 0x35, 0x81, - 0xf9, 0xe5, 0xe4, 0x9c, 0x65, 0x69, 0xcd, 0x87, 0xa4, 0x41, 0x50, 0x3f, - 0x2e, 0x57, 0xa5, 0x91, 0x51, 0x12, 0x58, 0x0e, 0x8c, 0x09, 0xa1, 0xac, - 0x7a, 0xa4, 0x12, 0xa5, 0x27, 0xf3, 0x9a, 0x10, 0x97, 0x7d, 0x55, 0x03, - 0x06, 0xf7, 0x66, 0x58, 0x5f, 0x5f, 0x64, 0xe1, 0xab, 0x5d, 0x6d, 0xa5, - 0x39, 0x48, 0x75, 0x98, 0x4c, 0x29, 0x5a, 0x3a, 0x8d, 0xd3, 0x2b, 0xca, - 0x9c, 0x55, 0x04, 0xbf, 0xf4, 0xe6, 0x14, 0xd5, 0x80, 0xac, 0x26, 0xed, - 0x17, 0x89, 0xa6, 0x93, 0x6c, 0x5c, 0xa4, 0xcc, 0xb8, 0xf0, 0x66, 0x8e, - 0x64, 0xe3, 0x7d, 0x9a, 0xe2, 0x00, 0xb3, 0x49, 0xc7, 0xe4, 0x0a, 0xaa, - 0xdd, 0x5b, 0x83, 0xc7, 0x70, 0x90, 0x46, 0x4e, 0xbe, 0xd0, 0xdb, 0x59, - 0x96, 0x6c, 0x2e, 0xf5, 0x16, 0x36, 0xde, 0x71, 0xcc, 0x01, 0xc2, 0x12, - 0xc1, 0x21, 0xc6, 0x16, -} - -var certSet3Cert3 = []byte{ - 0x30, 0x82, 0x04, 0x15, 0x30, 0x82, 0x03, 0x7e, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x04, 0x07, 0x27, 0x8e, 0xed, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x75, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0f, - 0x47, 0x54, 0x45, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x1e, 0x47, 0x54, 0x45, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x20, 0x53, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x23, 0x30, 0x21, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1a, 0x47, 0x54, 0x45, 0x20, 0x43, - 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, - 0x6f, 0x62, 0x61, 0x6c, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, - 0x0d, 0x31, 0x32, 0x30, 0x34, 0x31, 0x38, 0x31, 0x36, 0x33, 0x36, 0x31, - 0x38, 0x5a, 0x17, 0x0d, 0x31, 0x38, 0x30, 0x38, 0x31, 0x33, 0x31, 0x36, - 0x33, 0x35, 0x31, 0x37, 0x5a, 0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x45, 0x31, 0x12, 0x30, 0x10, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x09, 0x42, 0x61, 0x6c, 0x74, 0x69, - 0x6d, 0x6f, 0x72, 0x65, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x0a, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, - 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x20, 0x43, 0x79, - 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x52, 0x6f, 0x6f, - 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, - 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa3, 0x04, - 0xbb, 0x22, 0xab, 0x98, 0x3d, 0x57, 0xe8, 0x26, 0x72, 0x9a, 0xb5, 0x79, - 0xd4, 0x29, 0xe2, 0xe1, 0xe8, 0x95, 0x80, 0xb1, 0xb0, 0xe3, 0x5b, 0x8e, - 0x2b, 0x29, 0x9a, 0x64, 0xdf, 0xa1, 0x5d, 0xed, 0xb0, 0x09, 0x05, 0x6d, - 0xdb, 0x28, 0x2e, 0xce, 0x62, 0xa2, 0x62, 0xfe, 0xb4, 0x88, 0xda, 0x12, - 0xeb, 0x38, 0xeb, 0x21, 0x9d, 0xc0, 0x41, 0x2b, 0x01, 0x52, 0x7b, 0x88, - 0x77, 0xd3, 0x1c, 0x8f, 0xc7, 0xba, 0xb9, 0x88, 0xb5, 0x6a, 0x09, 0xe7, - 0x73, 0xe8, 0x11, 0x40, 0xa7, 0xd1, 0xcc, 0xca, 0x62, 0x8d, 0x2d, 0xe5, - 0x8f, 0x0b, 0xa6, 0x50, 0xd2, 0xa8, 0x50, 0xc3, 0x28, 0xea, 0xf5, 0xab, - 0x25, 0x87, 0x8a, 0x9a, 0x96, 0x1c, 0xa9, 0x67, 0xb8, 0x3f, 0x0c, 0xd5, - 0xf7, 0xf9, 0x52, 0x13, 0x2f, 0xc2, 0x1b, 0xd5, 0x70, 0x70, 0xf0, 0x8f, - 0xc0, 0x12, 0xca, 0x06, 0xcb, 0x9a, 0xe1, 0xd9, 0xca, 0x33, 0x7a, 0x77, - 0xd6, 0xf8, 0xec, 0xb9, 0xf1, 0x68, 0x44, 0x42, 0x48, 0x13, 0xd2, 0xc0, - 0xc2, 0xa4, 0xae, 0x5e, 0x60, 0xfe, 0xb6, 0xa6, 0x05, 0xfc, 0xb4, 0xdd, - 0x07, 0x59, 0x02, 0xd4, 0x59, 0x18, 0x98, 0x63, 0xf5, 0xa5, 0x63, 0xe0, - 0x90, 0x0c, 0x7d, 0x5d, 0xb2, 0x06, 0x7a, 0xf3, 0x85, 0xea, 0xeb, 0xd4, - 0x03, 0xae, 0x5e, 0x84, 0x3e, 0x5f, 0xff, 0x15, 0xed, 0x69, 0xbc, 0xf9, - 0x39, 0x36, 0x72, 0x75, 0xcf, 0x77, 0x52, 0x4d, 0xf3, 0xc9, 0x90, 0x2c, - 0xb9, 0x3d, 0xe5, 0xc9, 0x23, 0x53, 0x3f, 0x1f, 0x24, 0x98, 0x21, 0x5c, - 0x07, 0x99, 0x29, 0xbd, 0xc6, 0x3a, 0xec, 0xe7, 0x6e, 0x86, 0x3a, 0x6b, - 0x97, 0x74, 0x63, 0x33, 0xbd, 0x68, 0x18, 0x31, 0xf0, 0x78, 0x8d, 0x76, - 0xbf, 0xfc, 0x9e, 0x8e, 0x5d, 0x2a, 0x86, 0xa7, 0x4d, 0x90, 0xdc, 0x27, - 0x1a, 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x47, 0x30, - 0x82, 0x01, 0x43, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, - 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x03, 0x30, - 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41, 0x30, 0x3f, - 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x37, 0x30, 0x35, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x29, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x79, 0x62, 0x65, 0x72, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x2e, 0x6f, 0x6d, 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, - 0x6f, 0x72, 0x79, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, - 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x81, 0x89, 0x06, 0x03, - 0x55, 0x1d, 0x23, 0x04, 0x81, 0x81, 0x30, 0x7f, 0xa1, 0x79, 0xa4, 0x77, - 0x30, 0x75, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x55, 0x53, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0f, 0x47, 0x54, 0x45, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x1e, 0x47, 0x54, 0x45, 0x20, 0x43, 0x79, 0x62, 0x65, - 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x53, 0x6f, 0x6c, 0x75, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x23, - 0x30, 0x21, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1a, 0x47, 0x54, 0x45, - 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x82, - 0x02, 0x01, 0xa5, 0x30, 0x45, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x3e, - 0x30, 0x3c, 0x30, 0x3a, 0xa0, 0x38, 0xa0, 0x36, 0x86, 0x34, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x70, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x2d, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x63, 0x67, 0x69, 0x2d, 0x62, 0x69, 0x6e, 0x2f, 0x43, 0x52, - 0x4c, 0x2f, 0x32, 0x30, 0x31, 0x38, 0x2f, 0x63, 0x64, 0x70, 0x2e, 0x63, - 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x93, 0x1d, 0xfe, - 0x8b, 0xae, 0x46, 0xec, 0xcb, 0xa9, 0x0f, 0xab, 0xe5, 0xef, 0xca, 0xb2, - 0x68, 0x16, 0x68, 0xd8, 0x8f, 0xfa, 0x13, 0xa9, 0xaf, 0xb3, 0xcb, 0x2d, - 0xe7, 0x4b, 0x6e, 0x8e, 0x69, 0x2a, 0xc2, 0x2b, 0x10, 0x0a, 0x8d, 0xf6, - 0xae, 0x73, 0xb6, 0xb9, 0xfb, 0x14, 0xfd, 0x5f, 0x6d, 0xb8, 0x50, 0xb6, - 0xc4, 0x8a, 0xd6, 0x40, 0x7e, 0xd7, 0xc3, 0xcb, 0x73, 0xdc, 0xc9, 0x5d, - 0x5b, 0xaf, 0xb0, 0x41, 0xb5, 0x37, 0xeb, 0xea, 0xdc, 0x20, 0x91, 0xc4, - 0x34, 0x6a, 0xf4, 0xa1, 0xf3, 0x96, 0x9d, 0x37, 0x86, 0x97, 0xe1, 0x71, - 0xa4, 0xdd, 0x7d, 0xfa, 0x44, 0x84, 0x94, 0xae, 0xd7, 0x09, 0x04, 0x22, - 0x76, 0x0f, 0x64, 0x51, 0x35, 0xa9, 0x24, 0x0f, 0xf9, 0x0b, 0xdb, 0x32, - 0xda, 0xc2, 0xfe, 0xc1, 0xb9, 0x2a, 0x5c, 0x7a, 0x27, 0x13, 0xca, 0xb1, - 0x48, 0x3a, 0x71, 0xd0, 0x43, -} - -var certSet3Cert4 = []byte{ - 0x30, 0x82, 0x04, 0x25, 0x30, 0x82, 0x03, 0x0d, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x02, 0x3a, 0x77, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x42, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, - 0x38, 0x32, 0x39, 0x32, 0x31, 0x33, 0x39, 0x33, 0x32, 0x5a, 0x17, 0x0d, - 0x32, 0x32, 0x30, 0x35, 0x32, 0x30, 0x32, 0x31, 0x33, 0x39, 0x33, 0x32, - 0x5a, 0x30, 0x47, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x17, 0x52, 0x61, 0x70, 0x69, 0x64, 0x53, 0x53, 0x4c, 0x20, - 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, - 0x47, 0x33, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xaf, - 0x54, 0x9b, 0xd9, 0x58, 0x5d, 0x1e, 0x2c, 0x56, 0xc6, 0xd5, 0xe8, 0x7f, - 0xf4, 0x7d, 0x16, 0x03, 0xff, 0xd0, 0x8b, 0x5a, 0xe4, 0x8e, 0xa7, 0xdd, - 0x54, 0x2e, 0xd4, 0x04, 0xc0, 0x5d, 0x98, 0x9c, 0x8d, 0x90, 0x0f, 0xbc, - 0x10, 0x65, 0x5f, 0xda, 0x9a, 0xd6, 0x44, 0x7c, 0xc0, 0x9f, 0xb5, 0xe9, - 0x4a, 0x8c, 0x0b, 0x06, 0x43, 0x04, 0xbb, 0xf4, 0x96, 0xe2, 0x26, 0xf6, - 0x61, 0x01, 0x91, 0x66, 0x31, 0x22, 0xc3, 0x34, 0x34, 0x5f, 0x3f, 0x3f, - 0x91, 0x2f, 0x44, 0x5f, 0xdc, 0xc7, 0x14, 0xb6, 0x03, 0x9f, 0x86, 0x4b, - 0x0e, 0xa3, 0xff, 0xa0, 0x80, 0x02, 0x83, 0xc3, 0xd3, 0x1f, 0x69, 0x52, - 0xd6, 0x9d, 0x64, 0x0f, 0xc9, 0x83, 0xe7, 0x1b, 0xc4, 0x70, 0xac, 0x94, - 0xe7, 0xc3, 0xa4, 0x6a, 0x2c, 0xbd, 0xb8, 0x9e, 0x69, 0xd8, 0xbe, 0x0a, - 0x8f, 0x16, 0x63, 0x5a, 0x68, 0x71, 0x80, 0x7b, 0x30, 0xde, 0x15, 0x04, - 0xbf, 0xcc, 0xd3, 0xbf, 0x3e, 0x48, 0x05, 0x55, 0x7a, 0xb3, 0xd7, 0x10, - 0x0c, 0x03, 0xfc, 0x9b, 0xfd, 0x08, 0xa7, 0x8c, 0x8c, 0xdb, 0xa7, 0x8e, - 0xf1, 0x1e, 0x63, 0xdc, 0xb3, 0x01, 0x2f, 0x7f, 0xaf, 0x57, 0xc3, 0x3c, - 0x48, 0xa7, 0x83, 0x68, 0x21, 0xa7, 0x2f, 0xe7, 0xa7, 0x3f, 0xf0, 0xb5, - 0x0c, 0xfc, 0xf5, 0x84, 0xd1, 0x53, 0xbc, 0x0e, 0x72, 0x4f, 0x60, 0x0c, - 0x42, 0xb8, 0x98, 0xad, 0x19, 0x88, 0x57, 0xd7, 0x04, 0xec, 0x87, 0xbf, - 0x7e, 0x87, 0x4e, 0xa3, 0x21, 0xf9, 0x53, 0xfd, 0x36, 0x98, 0x48, 0x8d, - 0xd6, 0xf8, 0xbb, 0x48, 0xf2, 0x29, 0xc8, 0x64, 0xd1, 0xcc, 0x54, 0x48, - 0x53, 0x8b, 0xaf, 0xb7, 0x65, 0x1e, 0xbf, 0x29, 0x33, 0x29, 0xd9, 0x29, - 0x60, 0x48, 0xf8, 0xff, 0x91, 0xbc, 0x57, 0x58, 0xe5, 0x35, 0x2e, 0xbb, - 0x69, 0xb6, 0x59, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x1d, - 0x30, 0x82, 0x01, 0x19, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, - 0x18, 0x30, 0x16, 0x80, 0x14, 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, - 0xab, 0x05, 0x64, 0x0c, 0x11, 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc, - 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0xc3, 0x9c, 0xf3, 0xfc, 0xd3, 0x46, 0x08, 0x34, 0xbb, 0xce, 0x46, 0x7f, - 0xa0, 0x7c, 0x5b, 0xf3, 0xe2, 0x08, 0xcb, 0x59, 0x30, 0x12, 0x06, 0x03, - 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, - 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, - 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x35, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x2e, 0x30, 0x2c, 0x30, 0x2a, 0xa0, 0x28, 0xa0, - 0x26, 0x86, 0x24, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x2e, - 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, - 0x6c, 0x73, 0x2f, 0x67, 0x74, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x2e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x01, 0x01, 0x04, 0x22, 0x30, 0x20, 0x30, 0x1e, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x12, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x64, 0x2e, - 0x63, 0x6f, 0x6d, 0x30, 0x4c, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x45, - 0x30, 0x43, 0x30, 0x41, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, - 0x45, 0x01, 0x07, 0x36, 0x30, 0x33, 0x30, 0x31, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x01, 0x00, 0xa3, 0x58, 0x1e, 0xc6, 0x43, 0x32, 0xac, - 0xac, 0x2f, 0x93, 0x78, 0xb7, 0xea, 0xae, 0x54, 0x40, 0x47, 0x2d, 0x7e, - 0x78, 0x8d, 0x50, 0xf6, 0xf8, 0x66, 0xac, 0xd6, 0x4f, 0x73, 0xd6, 0x44, - 0xef, 0xaf, 0x0b, 0xcc, 0x5b, 0xc1, 0xf4, 0x4f, 0x9a, 0x8f, 0x49, 0x7e, - 0x60, 0xaf, 0xc2, 0x27, 0xc7, 0x16, 0xf1, 0xfb, 0x93, 0x81, 0x90, 0xa9, - 0x7c, 0xef, 0x6f, 0x7e, 0x6e, 0x45, 0x94, 0x16, 0x84, 0xbd, 0xec, 0x49, - 0xf1, 0xc4, 0x0e, 0xf4, 0xaf, 0x04, 0x59, 0x83, 0x87, 0x0f, 0x2c, 0x3b, - 0x97, 0xc3, 0x5a, 0x12, 0x9b, 0x7b, 0x04, 0x35, 0x7b, 0xa3, 0x95, 0x33, - 0x08, 0x7b, 0x93, 0x71, 0x22, 0x42, 0xb3, 0xa9, 0xd9, 0x6f, 0x4f, 0x81, - 0x92, 0xfc, 0x07, 0xb6, 0x79, 0xbc, 0x84, 0x4a, 0x9d, 0x77, 0x09, 0xf1, - 0xc5, 0x89, 0xf2, 0xf0, 0xb4, 0x9c, 0x54, 0xaa, 0x12, 0x7b, 0x0d, 0xba, - 0x4f, 0xef, 0x93, 0x19, 0xec, 0xef, 0x7d, 0x4e, 0x61, 0xa3, 0x8e, 0x76, - 0x9c, 0x59, 0xcf, 0x8c, 0x94, 0xb1, 0x84, 0x97, 0xf7, 0x1a, 0xb9, 0x07, - 0xb8, 0xb2, 0xc6, 0x4f, 0x13, 0x79, 0xdb, 0xbf, 0x4f, 0x51, 0x1b, 0x7f, - 0x69, 0x0d, 0x51, 0x2a, 0xc1, 0xd6, 0x15, 0xff, 0x37, 0x51, 0x34, 0x65, - 0x51, 0xf4, 0x1e, 0xbe, 0x38, 0x6a, 0xec, 0x0e, 0xab, 0xbf, 0x3d, 0x7b, - 0x39, 0x05, 0x7b, 0xf4, 0xf3, 0xfb, 0x1a, 0xa1, 0xd0, 0xc8, 0x7e, 0x4e, - 0x64, 0x8d, 0xcd, 0x8c, 0x61, 0x55, 0x90, 0xfe, 0x3a, 0xca, 0x5d, 0x25, - 0x0f, 0xf8, 0x1d, 0xa3, 0x4a, 0x74, 0x56, 0x4f, 0x1a, 0x55, 0x40, 0x70, - 0x75, 0x25, 0xa6, 0x33, 0x2e, 0xba, 0x4b, 0xa5, 0x5d, 0x53, 0x9a, 0x0d, - 0x30, 0xe1, 0x8d, 0x5f, 0x61, 0x2c, 0xaf, 0xcc, 0xef, 0xb0, 0x99, 0xa1, - 0x80, 0xff, 0x0b, 0xf2, 0x62, 0x4c, 0x70, 0x26, 0x98, -} - -var certSet3Cert5 = []byte{ - 0x30, 0x82, 0x04, 0x44, 0x30, 0x82, 0x03, 0x2c, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x02, 0x3a, 0x78, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x42, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, - 0x38, 0x32, 0x39, 0x32, 0x32, 0x32, 0x34, 0x35, 0x38, 0x5a, 0x17, 0x0d, - 0x32, 0x32, 0x30, 0x35, 0x32, 0x30, 0x32, 0x32, 0x32, 0x34, 0x35, 0x38, - 0x5a, 0x30, 0x66, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x14, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x61, - 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x64, 0x20, 0x53, 0x53, 0x4c, 0x31, - 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x17, 0x47, 0x65, - 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x44, 0x56, 0x20, 0x53, 0x53, - 0x4c, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x34, 0x30, 0x82, 0x01, - 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, - 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xdf, 0x41, 0x94, 0x7a, 0xda, 0xf7, - 0xe4, 0x31, 0x43, 0xb6, 0xea, 0x01, 0x1b, 0x5c, 0xce, 0x63, 0xea, 0xfa, - 0x6d, 0xa3, 0xd9, 0x6a, 0xee, 0x2d, 0x9a, 0x75, 0xf9, 0xd5, 0x9c, 0x5b, - 0xbd, 0x34, 0xdf, 0xd8, 0x1c, 0xc9, 0x6d, 0xd8, 0x04, 0x88, 0xda, 0x6e, - 0xb5, 0xb7, 0xb5, 0xf0, 0x30, 0xae, 0x40, 0xd6, 0x5d, 0xfa, 0xc4, 0x53, - 0xc1, 0xd4, 0x22, 0x9d, 0x04, 0x4e, 0x11, 0xa6, 0x95, 0xd5, 0x45, 0x7c, - 0x41, 0x05, 0x58, 0xe0, 0x4c, 0xdd, 0xf9, 0xee, 0x55, 0xbd, 0x5f, 0x46, - 0xdc, 0xad, 0x13, 0x08, 0x9d, 0x2c, 0xe4, 0xf7, 0x82, 0xe6, 0x07, 0x2b, - 0x9e, 0x0e, 0x8c, 0x34, 0xa1, 0xce, 0xc4, 0xa1, 0xe0, 0x81, 0x70, 0x86, - 0x00, 0x06, 0x3f, 0x2d, 0xea, 0x7c, 0x9b, 0x28, 0xae, 0x1b, 0x28, 0x8b, - 0x39, 0x09, 0xd3, 0xe7, 0xf0, 0x45, 0xa4, 0xb1, 0xba, 0x11, 0x67, 0x90, - 0x55, 0x7b, 0x8f, 0xde, 0xed, 0x38, 0x5c, 0xa1, 0xe1, 0xe3, 0x83, 0xc4, - 0xc3, 0x72, 0x91, 0x4f, 0x98, 0xee, 0x1c, 0xc2, 0x80, 0xaa, 0x64, 0xa5, - 0x3e, 0x83, 0x62, 0x1c, 0xcc, 0xe0, 0x9e, 0xf8, 0x5a, 0xc0, 0x13, 0x12, - 0x7d, 0xa2, 0xa7, 0x8b, 0xa3, 0xe7, 0x9f, 0x2a, 0xd7, 0x9b, 0xca, 0xcb, - 0xed, 0x97, 0x01, 0x9c, 0x28, 0x84, 0x51, 0x04, 0x50, 0x41, 0xbc, 0xb4, - 0xfc, 0x78, 0xe9, 0x1b, 0xcf, 0x14, 0xea, 0x1f, 0x0f, 0xfc, 0x2e, 0x01, - 0x32, 0x8d, 0xb6, 0x35, 0xcb, 0x0a, 0x18, 0x3b, 0xec, 0x5a, 0x3e, 0x3c, - 0x1b, 0xd3, 0x99, 0x43, 0x1e, 0x2f, 0xf7, 0xbd, 0xf3, 0x5b, 0x12, 0xb9, - 0x07, 0x5e, 0xed, 0x3e, 0xd1, 0xa9, 0x87, 0xcc, 0x77, 0x72, 0x27, 0xd4, - 0xd9, 0x75, 0xa2, 0x63, 0x4b, 0x93, 0x36, 0xbd, 0xe5, 0x5c, 0xd7, 0xbf, - 0x5f, 0x79, 0x0d, 0xb3, 0x32, 0xa7, 0x0b, 0xb2, 0x63, 0x23, 0x02, 0x03, - 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x1d, 0x30, 0x82, 0x01, 0x19, 0x30, - 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, - 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, 0xab, 0x05, 0x64, 0x0c, 0x11, - 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc, 0x4e, 0x30, 0x1d, 0x06, 0x03, - 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x0b, 0x50, 0xec, 0x77, 0xef, - 0x2a, 0x9b, 0xff, 0xec, 0x03, 0xa1, 0x0a, 0xff, 0xad, 0xc6, 0xe4, 0x2a, - 0x18, 0xc7, 0x3e, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, - 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, - 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, - 0x02, 0x01, 0x06, 0x30, 0x35, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2e, - 0x30, 0x2c, 0x30, 0x2a, 0xa0, 0x28, 0xa0, 0x26, 0x86, 0x24, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x73, 0x2f, 0x67, 0x74, - 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x2e, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x22, - 0x30, 0x20, 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x01, 0x86, 0x12, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, - 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x64, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x4c, - 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x45, 0x30, 0x43, 0x30, 0x41, 0x06, - 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, 0x07, 0x36, 0x30, - 0x33, 0x30, 0x31, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, - 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, - 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, - 0x2f, 0x63, 0x70, 0x73, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0x33, 0x24, 0xd5, 0x90, 0xaa, 0x29, 0x0c, 0x35, 0xb9, 0x2f, 0xc3, 0xc7, - 0x42, 0x93, 0xc0, 0xc6, 0x10, 0x4b, 0x03, 0x08, 0x76, 0x84, 0x10, 0xa2, - 0xe0, 0xe7, 0x53, 0x12, 0x27, 0xf2, 0x0a, 0xda, 0x7f, 0x3a, 0xdc, 0xfd, - 0x5c, 0x79, 0x5a, 0x8f, 0x17, 0x74, 0x43, 0x53, 0xb1, 0xd5, 0xd1, 0x5d, - 0x59, 0xb9, 0xa6, 0x84, 0x64, 0xca, 0xf1, 0x3a, 0x0a, 0x59, 0x96, 0x10, - 0xbf, 0xa9, 0x81, 0x57, 0x8b, 0x5c, 0x87, 0xdc, 0x7f, 0xe3, 0xe4, 0xbb, - 0x05, 0x7a, 0xa0, 0x32, 0x09, 0x13, 0x4e, 0x10, 0x81, 0x28, 0x1f, 0x9c, - 0x03, 0x62, 0xbc, 0xf4, 0x01, 0xb5, 0x29, 0x83, 0x46, 0x07, 0xb9, 0xe7, - 0xb8, 0x5d, 0xc8, 0xe9, 0xd1, 0xdd, 0xad, 0x3b, 0xf8, 0x34, 0xdb, 0xc1, - 0xd1, 0x95, 0xa9, 0x91, 0x18, 0xed, 0x3c, 0x2c, 0x37, 0x11, 0x4d, 0xcc, - 0xfe, 0x53, 0x3e, 0x50, 0x43, 0xf9, 0xc3, 0x56, 0x41, 0xac, 0x53, 0x9b, - 0x6c, 0x05, 0xb2, 0x9a, 0xe2, 0xe0, 0x59, 0x57, 0x30, 0x32, 0xb6, 0x26, - 0x4e, 0x13, 0x25, 0xcd, 0xfa, 0x48, 0x70, 0x0f, 0x75, 0x55, 0x60, 0x11, - 0xf5, 0x3b, 0xd5, 0x5e, 0x5a, 0x3c, 0x8b, 0x5b, 0x0f, 0x0f, 0x62, 0x42, - 0x48, 0x61, 0x85, 0x8b, 0x10, 0xf4, 0xc1, 0x88, 0xbf, 0x7f, 0x5f, 0x8a, - 0xc2, 0xd7, 0xcd, 0x2b, 0x94, 0x5c, 0x1f, 0x34, 0x4a, 0x08, 0xaf, 0xeb, - 0xae, 0x89, 0xa8, 0x48, 0x75, 0x55, 0x95, 0x1d, 0xbb, 0xc0, 0x9a, 0x01, - 0xb9, 0xf4, 0x03, 0x22, 0x3e, 0xd4, 0xe6, 0x52, 0x30, 0x0d, 0x67, 0xb9, - 0xc0, 0x91, 0xfd, 0x2d, 0x4c, 0x30, 0x8e, 0xbd, 0x8c, 0xa5, 0x04, 0x91, - 0xbb, 0xa4, 0xab, 0x7f, 0x0f, 0xd8, 0x6f, 0xf0, 0x66, 0x00, 0xc9, 0xa3, - 0x5c, 0xf5, 0xb0, 0x8f, 0x83, 0xe6, 0x9c, 0x5a, 0xe6, 0xb6, 0xb9, 0xc5, - 0xbc, 0xbe, 0xe4, 0x02, -} - -var certSet3Cert6 = []byte{ - 0x30, 0x82, 0x04, 0x45, 0x30, 0x82, 0x03, 0xae, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x33, 0x65, 0x50, 0x08, 0x79, 0xad, 0x73, 0xe2, 0x30, - 0xb9, 0xe0, 0x1d, 0x0d, 0x7f, 0xac, 0x91, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, - 0xce, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x5a, 0x41, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, - 0x0c, 0x57, 0x65, 0x73, 0x74, 0x65, 0x72, 0x6e, 0x20, 0x43, 0x61, 0x70, - 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x09, - 0x43, 0x61, 0x70, 0x65, 0x20, 0x54, 0x6f, 0x77, 0x6e, 0x31, 0x1d, 0x30, - 0x1b, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x14, 0x54, 0x68, 0x61, 0x77, - 0x74, 0x65, 0x20, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, - 0x67, 0x20, 0x63, 0x63, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x1f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x73, 0x20, 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, 0x21, - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x18, 0x54, 0x68, 0x61, - 0x77, 0x74, 0x65, 0x20, 0x50, 0x72, 0x65, 0x6d, 0x69, 0x75, 0x6d, 0x20, - 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, 0x31, 0x28, 0x30, - 0x26, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, - 0x16, 0x19, 0x70, 0x72, 0x65, 0x6d, 0x69, 0x75, 0x6d, 0x2d, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x40, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, - 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x31, 0x31, 0x31, - 0x37, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x30, - 0x31, 0x32, 0x33, 0x30, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, - 0x81, 0xa9, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x1f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, - 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, 0x38, 0x30, 0x36, - 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, - 0x30, 0x30, 0x36, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, - 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x16, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, - 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, - 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xac, 0xa0, 0xf0, 0xfb, 0x80, 0x59, 0xd4, 0x9c, 0xc7, 0xa4, 0xcf, 0x9d, - 0xa1, 0x59, 0x73, 0x09, 0x10, 0x45, 0x0c, 0x0d, 0x2c, 0x6e, 0x68, 0xf1, - 0x6c, 0x5b, 0x48, 0x68, 0x49, 0x59, 0x37, 0xfc, 0x0b, 0x33, 0x19, 0xc2, - 0x77, 0x7f, 0xcc, 0x10, 0x2d, 0x95, 0x34, 0x1c, 0xe6, 0xeb, 0x4d, 0x09, - 0xa7, 0x1c, 0xd2, 0xb8, 0xc9, 0x97, 0x36, 0x02, 0xb7, 0x89, 0xd4, 0x24, - 0x5f, 0x06, 0xc0, 0xcc, 0x44, 0x94, 0x94, 0x8d, 0x02, 0x62, 0x6f, 0xeb, - 0x5a, 0xdd, 0x11, 0x8d, 0x28, 0x9a, 0x5c, 0x84, 0x90, 0x10, 0x7a, 0x0d, - 0xbd, 0x74, 0x66, 0x2f, 0x6a, 0x38, 0xa0, 0xe2, 0xd5, 0x54, 0x44, 0xeb, - 0x1d, 0x07, 0x9f, 0x07, 0xba, 0x6f, 0xee, 0xe9, 0xfd, 0x4e, 0x0b, 0x29, - 0xf5, 0x3e, 0x84, 0xa0, 0x01, 0xf1, 0x9c, 0xab, 0xf8, 0x1c, 0x7e, 0x89, - 0xa4, 0xe8, 0xa1, 0xd8, 0x71, 0x65, 0x0d, 0xa3, 0x51, 0x7b, 0xee, 0xbc, - 0xd2, 0x22, 0x60, 0x0d, 0xb9, 0x5b, 0x9d, 0xdf, 0xba, 0xfc, 0x51, 0x5b, - 0x0b, 0xaf, 0x98, 0xb2, 0xe9, 0x2e, 0xe9, 0x04, 0xe8, 0x62, 0x87, 0xde, - 0x2b, 0xc8, 0xd7, 0x4e, 0xc1, 0x4c, 0x64, 0x1e, 0xdd, 0xcf, 0x87, 0x58, - 0xba, 0x4a, 0x4f, 0xca, 0x68, 0x07, 0x1d, 0x1c, 0x9d, 0x4a, 0xc6, 0xd5, - 0x2f, 0x91, 0xcc, 0x7c, 0x71, 0x72, 0x1c, 0xc5, 0xc0, 0x67, 0xeb, 0x32, - 0xfd, 0xc9, 0x92, 0x5c, 0x94, 0xda, 0x85, 0xc0, 0x9b, 0xbf, 0x53, 0x7d, - 0x2b, 0x09, 0xf4, 0x8c, 0x9d, 0x91, 0x1f, 0x97, 0x6a, 0x52, 0xcb, 0xde, - 0x09, 0x36, 0xa4, 0x77, 0xd8, 0x7b, 0x87, 0x50, 0x44, 0xd5, 0x3e, 0x6e, - 0x29, 0x69, 0xfb, 0x39, 0x49, 0x26, 0x1e, 0x09, 0xa5, 0x80, 0x7b, 0x40, - 0x2d, 0xeb, 0xe8, 0x27, 0x85, 0xc9, 0xfe, 0x61, 0xfd, 0x7e, 0xe6, 0x7c, - 0x97, 0x1d, 0xd5, 0x9d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xc2, - 0x30, 0x81, 0xbf, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, - 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x3b, 0x06, 0x03, - 0x55, 0x1d, 0x20, 0x04, 0x34, 0x30, 0x32, 0x30, 0x30, 0x06, 0x04, 0x55, - 0x1d, 0x20, 0x00, 0x30, 0x28, 0x30, 0x26, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x73, - 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, - 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x0e, 0x06, - 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, - 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0x7b, 0x5b, 0x45, 0xcf, 0xaf, 0xce, 0xcb, 0x7a, 0xfd, 0x31, 0x92, 0x1a, - 0x6a, 0xb6, 0xf3, 0x46, 0xeb, 0x57, 0x48, 0x50, 0x30, 0x40, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x39, 0x30, 0x37, 0x30, 0x35, 0xa0, 0x33, 0xa0, - 0x31, 0x86, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, - 0x6c, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x50, 0x72, 0x65, 0x6d, 0x69, - 0x75, 0x6d, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x41, 0x2e, 0x63, - 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x84, 0xa8, 0x4c, - 0xc9, 0x3e, 0x2a, 0xbc, 0x9a, 0xe2, 0xcc, 0x8f, 0x0b, 0xb2, 0x25, 0x77, - 0xc4, 0x61, 0x89, 0x89, 0x63, 0x5a, 0xd4, 0xa3, 0x15, 0x40, 0xd4, 0xfb, - 0x5e, 0x3f, 0xb4, 0x43, 0xea, 0x63, 0x17, 0x2b, 0x6b, 0x99, 0x74, 0x9e, - 0x09, 0xa8, 0xdd, 0xd4, 0x56, 0x15, 0x2e, 0x7a, 0x79, 0x31, 0x5f, 0x63, - 0x96, 0x53, 0x1b, 0x34, 0xd9, 0x15, 0xea, 0x4f, 0x6d, 0x70, 0xca, 0xbe, - 0xf6, 0x82, 0xa9, 0xed, 0xda, 0x85, 0x77, 0xcc, 0x76, 0x1c, 0x6a, 0x81, - 0x0a, 0x21, 0xd8, 0x41, 0x99, 0x7f, 0x5e, 0x2e, 0x82, 0xc1, 0xe8, 0xaa, - 0xf7, 0x93, 0x81, 0x05, 0xaa, 0x92, 0xb4, 0x1f, 0xb7, 0x9a, 0xc0, 0x07, - 0x17, 0xf5, 0xcb, 0xc6, 0xb4, 0x4c, 0x0e, 0xd7, 0x56, 0xdc, 0x71, 0x20, - 0x74, 0x38, 0xd6, 0x74, 0xc6, 0xd6, 0x8f, 0x6b, 0xaf, 0x8b, 0x8d, 0xa0, - 0x6c, 0x29, 0x0b, 0x61, 0xe0, -} - -var certSet3Cert7 = []byte{ - 0x30, 0x82, 0x04, 0x49, 0x30, 0x82, 0x03, 0x31, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x13, 0x06, 0x7f, 0x94, 0x57, 0x85, 0x87, 0xe8, 0xac, 0x77, - 0xde, 0xb2, 0x53, 0x32, 0x5b, 0xbc, 0x99, 0x8b, 0x56, 0x0d, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x30, 0x39, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x06, 0x41, 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x31, 0x19, 0x30, - 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x10, 0x41, 0x6d, 0x61, 0x7a, - 0x6f, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x31, - 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x35, 0x31, 0x30, 0x32, 0x32, 0x30, 0x30, - 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x35, 0x31, 0x30, 0x31, - 0x39, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x46, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x06, 0x41, 0x6d, - 0x61, 0x7a, 0x6f, 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, - 0x20, 0x31, 0x42, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x06, 0x41, 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xc2, 0x4e, 0x16, 0x67, 0xdd, 0xce, 0xbc, - 0x6a, 0xc8, 0x37, 0x5a, 0xec, 0x3a, 0x30, 0xb0, 0x1d, 0xe6, 0xd1, 0x12, - 0xe8, 0x12, 0x28, 0x48, 0xcc, 0xe8, 0x29, 0xc1, 0xb9, 0x6e, 0x53, 0xd5, - 0xa3, 0xeb, 0x03, 0x39, 0x1a, 0xcc, 0x77, 0x87, 0xf6, 0x01, 0xb9, 0xd9, - 0x70, 0xcc, 0xcf, 0x6b, 0x8d, 0xe3, 0xe3, 0x03, 0x71, 0x86, 0x99, 0x6d, - 0xcb, 0xa6, 0x94, 0x2a, 0x4e, 0x13, 0xd6, 0xa7, 0xbd, 0x04, 0xec, 0x0a, - 0x16, 0x3c, 0x0a, 0xeb, 0x39, 0xb1, 0xc4, 0xb5, 0x58, 0xa3, 0xb6, 0xc7, - 0x56, 0x25, 0xec, 0x3e, 0x52, 0x7a, 0xa8, 0xe3, 0x29, 0x16, 0x07, 0xb9, - 0x6e, 0x50, 0xcf, 0xfb, 0x5f, 0x31, 0xf8, 0x1d, 0xba, 0x03, 0x4a, 0x62, - 0x89, 0x03, 0xae, 0x3e, 0x47, 0xf2, 0x0f, 0x27, 0x91, 0xe3, 0x14, 0x20, - 0x85, 0xf8, 0xfa, 0xe9, 0x8a, 0x35, 0xf5, 0x5f, 0x9e, 0x99, 0x4d, 0xe7, - 0x6b, 0x37, 0xef, 0xa4, 0x50, 0x3e, 0x44, 0xec, 0xfa, 0x5a, 0x85, 0x66, - 0x07, 0x9c, 0x7e, 0x17, 0x6a, 0x55, 0xf3, 0x17, 0x8a, 0x35, 0x1e, 0xee, - 0xe9, 0xac, 0xc3, 0x75, 0x4e, 0x58, 0x55, 0x7d, 0x53, 0x6b, 0x0a, 0x6b, - 0x9b, 0x14, 0x42, 0xd7, 0xe5, 0xac, 0x01, 0x89, 0xb3, 0xea, 0xa3, 0xfe, - 0xcf, 0xc0, 0x2b, 0x0c, 0x84, 0xc2, 0xd8, 0x53, 0x15, 0xcb, 0x67, 0xf0, - 0xd0, 0x88, 0xca, 0x3a, 0xd1, 0x17, 0x73, 0xf5, 0x5f, 0x9a, 0xd4, 0xc5, - 0x72, 0x1e, 0x7e, 0x01, 0xf1, 0x98, 0x30, 0x63, 0x2a, 0xaa, 0xf2, 0x7a, - 0x2d, 0xc5, 0xe2, 0x02, 0x1a, 0x86, 0xe5, 0x32, 0x3e, 0x0e, 0xbd, 0x11, - 0xb4, 0xcf, 0x3c, 0x93, 0xef, 0x17, 0x50, 0x10, 0x9e, 0x43, 0xc2, 0x06, - 0x2a, 0xe0, 0x0d, 0x68, 0xbe, 0xd3, 0x88, 0x8b, 0x4a, 0x65, 0x8c, 0x4a, - 0xd4, 0xc3, 0x2e, 0x4c, 0x9b, 0x55, 0xf4, 0x86, 0xe5, 0x02, 0x03, 0x01, - 0x00, 0x01, 0xa3, 0x82, 0x01, 0x3b, 0x30, 0x82, 0x01, 0x37, 0x30, 0x12, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, - 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x1d, - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x59, 0xa4, 0x66, - 0x06, 0x52, 0xa0, 0x7b, 0x95, 0x92, 0x3c, 0xa3, 0x94, 0x07, 0x27, 0x96, - 0x74, 0x5b, 0xf9, 0x3d, 0xd0, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, - 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x84, 0x18, 0xcc, 0x85, 0x34, 0xec, - 0xbc, 0x0c, 0x94, 0x94, 0x2e, 0x08, 0x59, 0x9c, 0xc7, 0xb2, 0x10, 0x4e, - 0x0a, 0x08, 0x30, 0x7b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x01, 0x01, 0x04, 0x6f, 0x30, 0x6d, 0x30, 0x2f, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x23, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x72, 0x6f, 0x6f, 0x74, - 0x63, 0x61, 0x31, 0x2e, 0x61, 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x3a, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x2e, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x74, 0x2e, 0x72, 0x6f, 0x6f, 0x74, - 0x63, 0x61, 0x31, 0x2e, 0x61, 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x6f, 0x6f, 0x74, - 0x63, 0x61, 0x31, 0x2e, 0x63, 0x65, 0x72, 0x30, 0x3f, 0x06, 0x03, 0x55, - 0x1d, 0x1f, 0x04, 0x38, 0x30, 0x36, 0x30, 0x34, 0xa0, 0x32, 0xa0, 0x30, - 0x86, 0x2e, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, - 0x2e, 0x72, 0x6f, 0x6f, 0x74, 0x63, 0x61, 0x31, 0x2e, 0x61, 0x6d, 0x61, - 0x7a, 0x6f, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x72, 0x6f, 0x6f, 0x74, 0x63, 0x61, 0x31, 0x2e, 0x63, 0x72, 0x6c, - 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x0c, 0x30, 0x0a, 0x30, - 0x08, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01, 0x02, 0x01, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x01, 0x00, 0x85, 0x92, 0xbe, 0x35, 0xbb, 0x79, 0xcf, - 0xa3, 0x81, 0x42, 0x1c, 0xe4, 0xe3, 0x63, 0x73, 0x53, 0x39, 0x52, 0x35, - 0xe7, 0xd1, 0xad, 0xfd, 0xae, 0x99, 0x8a, 0xac, 0x89, 0x12, 0x2f, 0xbb, - 0xe7, 0x6f, 0x9a, 0xd5, 0x4e, 0x72, 0xea, 0x20, 0x30, 0x61, 0xf9, 0x97, - 0xb2, 0xcd, 0xa5, 0x27, 0x02, 0x45, 0xa8, 0xca, 0x76, 0x3e, 0x98, 0x4a, - 0x83, 0x9e, 0xb6, 0xe6, 0x45, 0xe0, 0xf2, 0x43, 0xf6, 0x08, 0xde, 0x6d, - 0xe8, 0x6e, 0xdb, 0x31, 0x07, 0x13, 0xf0, 0x2f, 0x31, 0x0d, 0x93, 0x6d, - 0x61, 0x37, 0x7b, 0x58, 0xf0, 0xfc, 0x51, 0x98, 0x91, 0x28, 0x02, 0x4f, - 0x05, 0x76, 0xb7, 0xd3, 0xf0, 0x1b, 0xc2, 0xe6, 0x5e, 0xd0, 0x66, 0x85, - 0x11, 0x0f, 0x2e, 0x81, 0xc6, 0x10, 0x81, 0x29, 0xfe, 0x20, 0x60, 0x48, - 0xf3, 0xf2, 0xf0, 0x84, 0x13, 0x53, 0x65, 0x35, 0x15, 0x11, 0x6b, 0x82, - 0x51, 0x40, 0x55, 0x57, 0x5f, 0x18, 0xb5, 0xb0, 0x22, 0x3e, 0xad, 0xf2, - 0x5e, 0xa3, 0x01, 0xe3, 0xc3, 0xb3, 0xf9, 0xcb, 0x41, 0x5a, 0xe6, 0x52, - 0x91, 0xbb, 0xe4, 0x36, 0x87, 0x4f, 0x2d, 0xa9, 0xa4, 0x07, 0x68, 0x35, - 0xba, 0x94, 0x72, 0xcd, 0x0e, 0xea, 0x0e, 0x7d, 0x57, 0xf2, 0x79, 0xfc, - 0x37, 0xc5, 0x7b, 0x60, 0x9e, 0xb2, 0xeb, 0xc0, 0x2d, 0x90, 0x77, 0x0d, - 0x49, 0x10, 0x27, 0xa5, 0x38, 0xad, 0xc4, 0x12, 0xa3, 0xb4, 0xa3, 0xc8, - 0x48, 0xb3, 0x15, 0x0b, 0x1e, 0xe2, 0xe2, 0x19, 0xdc, 0xc4, 0x76, 0x52, - 0xc8, 0xbc, 0x8a, 0x41, 0x78, 0x70, 0xd9, 0x6d, 0x97, 0xb3, 0x4a, 0x8b, - 0x78, 0x2d, 0x5e, 0xb4, 0x0f, 0xa3, 0x4c, 0x60, 0xca, 0xe1, 0x47, 0xcb, - 0x78, 0x2d, 0x12, 0x17, 0xb1, 0x52, 0x8b, 0xca, 0x39, 0x2c, 0xbd, 0xb5, - 0x2f, 0xc2, 0x33, 0x02, 0x96, 0xab, 0xda, 0x94, 0x7f, -} - -var certSet3Cert8 = []byte{ - 0x30, 0x82, 0x04, 0x4d, 0x30, 0x82, 0x03, 0x35, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x02, 0x3a, 0x71, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x42, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x31, - 0x32, 0x31, 0x31, 0x32, 0x33, 0x34, 0x35, 0x35, 0x31, 0x5a, 0x17, 0x0d, - 0x32, 0x32, 0x30, 0x35, 0x32, 0x30, 0x32, 0x33, 0x34, 0x35, 0x35, 0x31, - 0x5a, 0x30, 0x42, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x12, 0x52, 0x61, 0x70, 0x69, 0x64, 0x53, 0x53, 0x4c, 0x20, - 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, - 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, - 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbb, 0x58, 0xc1, 0x12, 0x01, 0x2e, - 0x97, 0xd8, 0x7d, 0x18, 0xaa, 0xc8, 0xc2, 0xe5, 0x85, 0xe2, 0x17, 0x6c, - 0x60, 0x2e, 0xc9, 0x8d, 0x31, 0x05, 0x39, 0x1a, 0x06, 0x98, 0x56, 0xdd, - 0x54, 0xd7, 0x11, 0x8c, 0x59, 0x5b, 0x3d, 0xb1, 0x54, 0xae, 0x4b, 0x21, - 0x85, 0x32, 0x16, 0x5f, 0x54, 0x86, 0xe6, 0xd9, 0xb1, 0xd8, 0x60, 0x89, - 0x6b, 0x58, 0xbe, 0x72, 0xda, 0xa0, 0x00, 0x42, 0x76, 0xb1, 0x27, 0x59, - 0x4c, 0xcd, 0xe3, 0xba, 0xd4, 0x5c, 0xd9, 0xa6, 0x7f, 0xbb, 0x2b, 0x75, - 0xd5, 0x46, 0x44, 0xbd, 0xec, 0x40, 0x5c, 0x59, 0xb7, 0xdd, 0x59, 0x9f, - 0xf1, 0x6a, 0xf7, 0x06, 0xfc, 0xd6, 0x2f, 0x19, 0x8a, 0x95, 0x12, 0xba, - 0x9a, 0xca, 0xd5, 0x30, 0xd2, 0x38, 0xfc, 0x19, 0x3b, 0x5b, 0x15, 0x3b, - 0x36, 0xd0, 0x43, 0x4d, 0xd1, 0x65, 0xa1, 0xd4, 0x8b, 0xc1, 0x60, 0x41, - 0xb3, 0xd6, 0x70, 0x17, 0xcc, 0x39, 0xc0, 0x9c, 0x0c, 0xa0, 0x3d, 0xb7, - 0x11, 0x22, 0x4e, 0xce, 0xd9, 0xa9, 0x7a, 0xd2, 0x2a, 0x62, 0x9c, 0xa0, - 0x0b, 0x4e, 0x2a, 0xd7, 0xc3, 0x61, 0x5a, 0x85, 0xdd, 0x5c, 0x10, 0xb9, - 0x54, 0x3d, 0x2d, 0x03, 0xf8, 0x49, 0xf0, 0xbc, 0x92, 0xb7, 0xb7, 0x9c, - 0x31, 0xc7, 0xe9, 0xb8, 0xaa, 0x82, 0x0b, 0x05, 0xb9, 0x31, 0xcd, 0x08, - 0x5b, 0xbb, 0x22, 0x0b, 0xf6, 0x9c, 0x8e, 0x8a, 0x55, 0x1c, 0x76, 0x43, - 0x76, 0xf0, 0xe2, 0x6e, 0xf0, 0xdf, 0xa8, 0x29, 0x75, 0xe7, 0xc8, 0xa4, - 0x87, 0x8b, 0x6a, 0xf1, 0xbb, 0x08, 0xc9, 0x36, 0x18, 0x65, 0xee, 0x50, - 0x43, 0xb8, 0x5d, 0x72, 0xd5, 0x28, 0x39, 0xe1, 0x53, 0x3e, 0x25, 0x2c, - 0xda, 0x2b, 0x4f, 0xdd, 0x8a, 0x9e, 0x50, 0x50, 0xe0, 0x6f, 0x9a, 0xc4, - 0xd5, 0x19, 0x26, 0x89, 0x01, 0x75, 0x73, 0x09, 0x9b, 0x3b, 0x02, 0x03, - 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4a, 0x30, 0x82, 0x01, 0x46, 0x30, - 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, - 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, 0xab, 0x05, 0x64, 0x0c, 0x11, - 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc, 0x4e, 0x30, 0x1d, 0x06, 0x03, - 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x97, 0xc2, 0x27, 0x50, 0x9e, - 0xc2, 0xc9, 0xec, 0x0c, 0x88, 0x32, 0xc8, 0x7c, 0xad, 0xe2, 0xa6, 0x01, - 0x4f, 0xda, 0x6f, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, - 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, - 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, - 0x02, 0x01, 0x06, 0x30, 0x36, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2f, - 0x30, 0x2d, 0x30, 0x2b, 0xa0, 0x29, 0xa0, 0x27, 0x86, 0x25, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x31, 0x2e, 0x73, 0x79, 0x6d, 0x63, - 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x73, 0x2f, 0x67, - 0x74, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x2e, 0x63, 0x72, 0x6c, 0x30, - 0x2f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, - 0x23, 0x30, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x30, 0x01, 0x86, 0x13, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x67, 0x32, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x4c, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x45, 0x30, 0x43, 0x30, - 0x41, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, 0x07, - 0x36, 0x30, 0x33, 0x30, 0x31, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x77, 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x29, 0x06, 0x03, 0x55, 0x1d, - 0x11, 0x04, 0x22, 0x30, 0x20, 0xa4, 0x1e, 0x30, 0x1c, 0x31, 0x1a, 0x30, - 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x53, 0x79, 0x6d, 0x61, - 0x6e, 0x74, 0x65, 0x63, 0x50, 0x4b, 0x49, 0x2d, 0x31, 0x2d, 0x35, 0x36, - 0x39, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x35, 0xeb, 0xe1, - 0x8b, 0x20, 0x56, 0x94, 0xba, 0x7a, 0xbd, 0x79, 0xa9, 0xf6, 0xe3, 0xfe, - 0x6e, 0x38, 0xb4, 0x32, 0xc1, 0xa3, 0xdb, 0x58, 0x56, 0x20, 0x3e, 0x7d, - 0xc7, 0x3a, 0xb1, 0x67, 0x69, 0xd5, 0x79, 0x14, 0x1b, 0xf6, 0xfa, 0xec, - 0x60, 0xf2, 0x79, 0xcd, 0x0a, 0x0c, 0x60, 0x8a, 0x74, 0x4c, 0xa3, 0x93, - 0x2a, 0xa0, 0xf0, 0x51, 0x7f, 0xcd, 0xe9, 0xf9, 0x92, 0xfd, 0x96, 0xab, - 0x45, 0xf5, 0x62, 0x3d, 0x3f, 0x60, 0x46, 0x50, 0x13, 0x3d, 0x20, 0x13, - 0x18, 0x2e, 0x94, 0x46, 0xae, 0xd5, 0x21, 0xfe, 0x43, 0xa1, 0xc9, 0x23, - 0xfe, 0x53, 0xc4, 0xbf, 0x1a, 0xd8, 0xac, 0x3a, 0xca, 0xde, 0x66, 0x97, - 0x23, 0xae, 0xd3, 0xdf, 0x4a, 0x4d, 0x73, 0x1f, 0x6f, 0x31, 0xa2, 0x51, - 0x04, 0x16, 0x6a, 0x00, 0xeb, 0xf9, 0x8d, 0x43, 0x81, 0xf0, 0x50, 0xa1, - 0x1f, 0xa6, 0xca, 0x3a, 0xf3, 0x28, 0x3c, 0x5f, 0x51, 0xac, 0xd7, 0x0a, - 0x45, 0x77, 0x4b, 0x0e, 0x52, 0x62, 0x1b, 0xd8, 0x38, 0x51, 0xa0, 0x92, - 0x2d, 0x3f, 0x90, 0x6e, 0xc8, 0x7e, 0x40, 0x9f, 0x20, 0x46, 0x15, 0x5d, - 0xe0, 0x50, 0x7c, 0xe1, 0x76, 0xaf, 0x5e, 0xed, 0x11, 0xd3, 0x2f, 0x13, - 0xb9, 0xb8, 0x25, 0xa4, 0xaf, 0x58, 0x09, 0xaf, 0x35, 0xb4, 0x62, 0x54, - 0x85, 0xe3, 0x48, 0xde, 0xbc, 0xd2, 0x90, 0x7a, 0x7a, 0xa4, 0x84, 0x0d, - 0xa3, 0x42, 0xf2, 0x51, 0xc0, 0xd4, 0xad, 0x53, 0x65, 0x5d, 0x6c, 0xf8, - 0x3f, 0x1f, 0x06, 0xf2, 0x4f, 0xcb, 0x97, 0xa0, 0x4a, 0x59, 0xc6, 0x78, - 0xd1, 0xe8, 0x03, 0xb9, 0x85, 0x6d, 0x2c, 0xba, 0xe1, 0x5f, 0xb6, 0xad, - 0x2b, 0x3e, 0x25, 0x79, 0xc5, 0x8b, 0x56, 0xd5, 0xe3, 0x09, 0x80, 0xea, - 0xc1, 0x27, 0xc2, 0xd9, 0x0e, 0xec, 0x47, 0x0a, 0xe9, 0xd0, 0xca, 0xfc, - 0xd8, -} - -var certSet3Cert9 = []byte{ - 0x30, 0x82, 0x04, 0x4d, 0x30, 0x82, 0x03, 0x35, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x0b, 0x04, 0x00, 0x00, 0x00, 0x00, 0x01, 0x44, 0x4e, 0xf0, - 0x36, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19, 0x30, 0x17, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10, 0x47, 0x6c, 0x6f, 0x62, 0x61, - 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, 0x73, 0x61, 0x31, - 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x07, 0x52, 0x6f, - 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x12, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, - 0x67, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, - 0x17, 0x0d, 0x31, 0x34, 0x30, 0x32, 0x32, 0x30, 0x31, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x32, 0x32, 0x30, 0x31, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x4c, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19, 0x30, - 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, 0x73, 0x61, - 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x41, - 0x6c, 0x70, 0x68, 0x61, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, 0x20, 0x2d, - 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x2d, 0x20, 0x47, 0x32, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xda, 0x01, 0xec, - 0xe4, 0xec, 0x73, 0x60, 0xfb, 0x7e, 0x8f, 0x6a, 0xb7, 0xc6, 0x17, 0xe3, - 0x92, 0x64, 0x32, 0xd4, 0xac, 0x00, 0xd9, 0xa2, 0x0f, 0xb9, 0xed, 0xee, - 0x6b, 0x8a, 0x86, 0xca, 0x92, 0x67, 0xd9, 0x74, 0xd7, 0x5d, 0x47, 0x02, - 0x3c, 0x8f, 0x40, 0xd6, 0x9e, 0x6d, 0x14, 0xcd, 0xc3, 0xda, 0x29, 0x39, - 0xa7, 0x0f, 0x05, 0x0a, 0x68, 0xa2, 0x66, 0x1a, 0x1e, 0xc4, 0xb2, 0x8b, - 0x76, 0x58, 0xe5, 0xab, 0x5d, 0x1d, 0x8f, 0x40, 0xb3, 0x39, 0x8b, 0xef, - 0x1e, 0x83, 0x7d, 0x22, 0xd0, 0xe3, 0xa9, 0x00, 0x2e, 0xec, 0x53, 0xcf, - 0x62, 0x19, 0x85, 0x44, 0x28, 0x4c, 0xc0, 0x27, 0xcb, 0x7b, 0x0e, 0xec, - 0x10, 0x64, 0x00, 0x10, 0xa4, 0x05, 0xcc, 0xa0, 0x72, 0xbe, 0x41, 0x6c, - 0x31, 0x5b, 0x48, 0xe4, 0xb1, 0xec, 0xb9, 0x23, 0xeb, 0x55, 0x4d, 0xd0, - 0x7d, 0x62, 0x4a, 0xa5, 0xb4, 0xa5, 0xa4, 0x59, 0x85, 0xc5, 0x25, 0x91, - 0xa6, 0xfe, 0xa6, 0x09, 0x9f, 0x06, 0x10, 0x6d, 0x8f, 0x81, 0x0c, 0x64, - 0x40, 0x5e, 0x73, 0x00, 0x9a, 0xe0, 0x2e, 0x65, 0x98, 0x54, 0x10, 0x00, - 0x70, 0x98, 0xc8, 0xe1, 0xed, 0x34, 0x5f, 0xd8, 0x9c, 0xc7, 0x0d, 0xc0, - 0xd6, 0x23, 0x59, 0x45, 0xfc, 0xfe, 0x55, 0x7a, 0x86, 0xee, 0x94, 0x60, - 0x22, 0xf1, 0xae, 0xd1, 0xe6, 0x55, 0x46, 0xf6, 0x99, 0xc5, 0x1b, 0x08, - 0x74, 0x5f, 0xac, 0xb0, 0x64, 0x84, 0x8f, 0x89, 0x38, 0x1c, 0xa1, 0xa7, - 0x90, 0x21, 0x4f, 0x02, 0x6e, 0xbd, 0xe0, 0x61, 0x67, 0xd4, 0xf8, 0x42, - 0x87, 0x0f, 0x0a, 0xf7, 0xc9, 0x04, 0x6d, 0x2a, 0xa9, 0x2f, 0xef, 0x42, - 0xa5, 0xdf, 0xdd, 0xa3, 0x53, 0xdb, 0x98, 0x1e, 0x81, 0xf9, 0x9a, 0x72, - 0x7b, 0x5a, 0xde, 0x4f, 0x3e, 0x7f, 0xa2, 0x58, 0xa0, 0xe2, 0x17, 0xad, - 0x67, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x23, 0x30, 0x82, - 0x01, 0x1f, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, - 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, - 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, - 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, - 0x14, 0xf5, 0xcd, 0xd5, 0x3c, 0x08, 0x50, 0xf9, 0x6a, 0x4f, 0x3a, 0xb7, - 0x97, 0xda, 0x56, 0x83, 0xe6, 0x69, 0xd2, 0x68, 0xf7, 0x30, 0x45, 0x06, - 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3e, 0x30, 0x3c, 0x30, 0x3a, 0x06, 0x04, - 0x55, 0x1d, 0x20, 0x00, 0x30, 0x32, 0x30, 0x30, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x24, 0x68, 0x74, 0x74, 0x70, - 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, - 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, 0x30, 0x33, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x2c, 0x30, 0x2a, 0x30, 0x28, 0xa0, 0x26, 0xa0, - 0x24, 0x86, 0x22, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, - 0x6c, 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x73, 0x69, 0x67, 0x6e, - 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x72, - 0x6c, 0x30, 0x3d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, - 0x01, 0x04, 0x31, 0x30, 0x2f, 0x30, 0x2d, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x21, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61, - 0x6c, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x6f, - 0x6f, 0x74, 0x72, 0x31, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, - 0x18, 0x30, 0x16, 0x80, 0x14, 0x60, 0x7b, 0x66, 0x1a, 0x45, 0x0d, 0x97, - 0xca, 0x89, 0x50, 0x2f, 0x7d, 0x04, 0xcd, 0x34, 0xa8, 0xff, 0xfc, 0xfd, - 0x4b, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x60, 0x40, 0x68, - 0x16, 0x47, 0xe7, 0x16, 0x8d, 0xdb, 0x5c, 0xa1, 0x56, 0x2a, 0xcb, 0xf4, - 0x5c, 0x9b, 0xb0, 0x1e, 0xa2, 0x4b, 0xf5, 0xcb, 0x02, 0x3f, 0xf8, 0x0b, - 0xa1, 0xf2, 0xa7, 0x42, 0xd4, 0xb7, 0x4c, 0xeb, 0xe3, 0x66, 0x80, 0xf3, - 0x25, 0x43, 0x78, 0x2e, 0x1b, 0x17, 0x56, 0x07, 0x52, 0x18, 0xcb, 0xd1, - 0xa8, 0xec, 0xe6, 0xfb, 0x73, 0x3e, 0xa4, 0x62, 0x8c, 0x80, 0xb4, 0xd2, - 0xc5, 0x12, 0x73, 0xa3, 0xd3, 0xfa, 0x02, 0x38, 0xbe, 0x63, 0x3d, 0x84, - 0xb8, 0x99, 0xc1, 0xf1, 0xba, 0xf7, 0x9f, 0xc3, 0x40, 0xd1, 0x58, 0x18, - 0x53, 0xc1, 0x62, 0xdd, 0xaf, 0x18, 0x42, 0x7f, 0x34, 0x4e, 0xc5, 0x43, - 0xd5, 0x71, 0xb0, 0x30, 0x00, 0xc7, 0xe3, 0x90, 0xae, 0x3f, 0x57, 0x86, - 0x97, 0xce, 0xea, 0x0c, 0x12, 0x8e, 0x22, 0x70, 0xe3, 0x66, 0xa7, 0x54, - 0x7f, 0x2e, 0x28, 0xcb, 0xd4, 0x54, 0xd0, 0xb3, 0x1e, 0x62, 0x67, 0x08, - 0xf9, 0x27, 0xe1, 0xcb, 0xe3, 0x66, 0xb8, 0x24, 0x1b, 0x89, 0x6a, 0x89, - 0x44, 0x65, 0xf2, 0xd9, 0x4c, 0xd2, 0x58, 0x1c, 0x8c, 0x4e, 0xc0, 0x95, - 0xa1, 0xd4, 0xef, 0x67, 0x2f, 0x38, 0x20, 0xe8, 0x2e, 0xff, 0x96, 0x51, - 0xf0, 0xba, 0xd8, 0x3d, 0x92, 0x70, 0x47, 0x65, 0x1c, 0x9e, 0x73, 0x72, - 0xb4, 0x60, 0x0c, 0x5c, 0xe2, 0xd1, 0x73, 0x76, 0xe0, 0xaf, 0x4e, 0xe2, - 0xe5, 0x37, 0xa5, 0x45, 0x2f, 0x8a, 0x23, 0x3e, 0x87, 0xc7, 0x30, 0xe6, - 0x31, 0x38, 0x7c, 0xf4, 0xdd, 0x52, 0xca, 0xf3, 0x53, 0x04, 0x25, 0x57, - 0x56, 0x66, 0x94, 0xe8, 0x0b, 0xee, 0xe6, 0x03, 0x14, 0x4e, 0xee, 0xfd, - 0x6d, 0x94, 0x64, 0x9e, 0x5e, 0xce, 0x79, 0xd4, 0xb2, 0xa6, 0xcf, 0x40, - 0xb1, 0x44, 0xa8, 0x3e, 0x87, 0x19, 0x5e, 0xe9, 0xf8, 0x21, 0x16, 0x59, - 0x53, -} - -var certSet3Cert10 = []byte{ - 0x30, 0x82, 0x04, 0x4f, 0x30, 0x82, 0x03, 0x37, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x02, 0x3a, 0x6f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x42, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x31, - 0x31, 0x30, 0x35, 0x32, 0x31, 0x33, 0x36, 0x35, 0x30, 0x5a, 0x17, 0x0d, - 0x32, 0x32, 0x30, 0x35, 0x32, 0x30, 0x32, 0x31, 0x33, 0x36, 0x35, 0x30, - 0x5a, 0x30, 0x44, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x14, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, - 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, - 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xe3, 0xbe, 0x7e, 0x0a, - 0x86, 0xa3, 0xcf, 0x6b, 0x6d, 0x3d, 0x2b, 0xa1, 0x97, 0xad, 0x49, 0x24, - 0x4d, 0xd7, 0x77, 0xb9, 0x34, 0x79, 0x08, 0xa5, 0x9e, 0xa2, 0x9e, 0xde, - 0x47, 0x12, 0x92, 0x3d, 0x7e, 0xea, 0x19, 0x86, 0xb1, 0xe8, 0x4f, 0x3d, - 0x5f, 0xf7, 0xd0, 0xa7, 0x77, 0x9a, 0x5b, 0x1f, 0x0a, 0x03, 0xb5, 0x19, - 0x53, 0xdb, 0xa5, 0x21, 0x94, 0x69, 0x63, 0x9d, 0x6a, 0x4c, 0x91, 0x0c, - 0x10, 0x47, 0xbe, 0x11, 0xfa, 0x6c, 0x86, 0x25, 0xb7, 0xab, 0x04, 0x68, - 0x42, 0x38, 0x09, 0x65, 0xf0, 0x14, 0xda, 0x19, 0x9e, 0xfa, 0x6b, 0x0b, - 0xab, 0x62, 0xef, 0x8d, 0xa7, 0xef, 0x63, 0x70, 0x23, 0xa8, 0xaf, 0x81, - 0xf3, 0xd1, 0x6e, 0x88, 0x67, 0x53, 0xec, 0x12, 0xa4, 0x29, 0x75, 0x8a, - 0xa7, 0xf2, 0x57, 0x3d, 0xa2, 0x83, 0x98, 0x97, 0xf2, 0x0a, 0x7d, 0xd4, - 0xe7, 0x43, 0x6e, 0x30, 0x78, 0x62, 0x22, 0x59, 0x59, 0xb8, 0x71, 0x27, - 0x45, 0xaa, 0x0f, 0x66, 0xc6, 0x55, 0x3f, 0xfa, 0x32, 0x17, 0x2b, 0x31, - 0x8f, 0x46, 0xa0, 0xfa, 0x69, 0x14, 0x7c, 0x9d, 0x9f, 0x5a, 0xe2, 0xeb, - 0x33, 0x4e, 0x10, 0xa6, 0xb3, 0xed, 0x77, 0x63, 0xd8, 0xc3, 0x9e, 0xf4, - 0xdd, 0xdf, 0x79, 0x9a, 0x7a, 0xd4, 0xee, 0xde, 0xdd, 0x9a, 0xcc, 0xc3, - 0xb7, 0xa9, 0x5d, 0xcc, 0x11, 0x3a, 0x07, 0xbb, 0x6f, 0x97, 0xa4, 0x01, - 0x23, 0x47, 0x95, 0x1f, 0xa3, 0x77, 0xfa, 0x58, 0x92, 0xc6, 0xc7, 0xd0, - 0xbd, 0xcf, 0x93, 0x18, 0x42, 0xb7, 0x7e, 0xf7, 0x9e, 0x65, 0xea, 0xd5, - 0x3b, 0xca, 0xed, 0xac, 0xc5, 0x70, 0xa1, 0xfe, 0xd4, 0x10, 0x9a, 0xf0, - 0x12, 0x04, 0x44, 0xac, 0x1a, 0x5b, 0x78, 0x50, 0x45, 0x57, 0x4c, 0x6f, - 0xbd, 0x80, 0xcb, 0x81, 0x5c, 0x2d, 0xb3, 0xbc, 0x76, 0xa1, 0x1e, 0x65, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4a, 0x30, 0x82, 0x01, - 0x46, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, - 0x80, 0x14, 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, 0xab, 0x05, 0x64, - 0x0c, 0x11, 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc, 0x4e, 0x30, 0x1d, - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xd2, 0x6f, 0xf7, - 0x96, 0xf4, 0x85, 0x3f, 0x72, 0x3c, 0x30, 0x7d, 0x23, 0xda, 0x85, 0x78, - 0x9b, 0xa3, 0x7c, 0x5a, 0x7c, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, - 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, - 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, - 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x36, 0x06, 0x03, 0x55, 0x1d, 0x1f, - 0x04, 0x2f, 0x30, 0x2d, 0x30, 0x2b, 0xa0, 0x29, 0xa0, 0x27, 0x86, 0x25, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x31, 0x2e, 0x73, 0x79, - 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x73, - 0x2f, 0x67, 0x74, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x2e, 0x63, 0x72, - 0x6c, 0x30, 0x2f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, - 0x01, 0x04, 0x23, 0x30, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x13, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x67, 0x32, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, - 0x6f, 0x6d, 0x30, 0x4c, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x45, 0x30, - 0x43, 0x30, 0x41, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, - 0x01, 0x07, 0x36, 0x30, 0x33, 0x30, 0x31, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, - 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x29, 0x06, 0x03, - 0x55, 0x1d, 0x11, 0x04, 0x22, 0x30, 0x20, 0xa4, 0x1e, 0x30, 0x1c, 0x31, - 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x53, 0x79, - 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, 0x50, 0x4b, 0x49, 0x2d, 0x31, 0x2d, - 0x35, 0x33, 0x39, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xa0, - 0xd4, 0xf7, 0x2c, 0xfb, 0x74, 0x0b, 0x7f, 0x64, 0xf1, 0xcd, 0x43, 0x6a, - 0x9f, 0x62, 0x53, 0x1c, 0x02, 0x7c, 0x98, 0x90, 0xa2, 0xee, 0x4f, 0x68, - 0xd4, 0x20, 0x1a, 0x73, 0x12, 0x3e, 0x77, 0xb3, 0x50, 0xeb, 0x72, 0xbc, - 0xee, 0x88, 0xbe, 0x7f, 0x17, 0xea, 0x77, 0x8f, 0x83, 0x61, 0x95, 0x4f, - 0x84, 0xa1, 0xcb, 0x32, 0x4f, 0x6c, 0x21, 0xbe, 0xd2, 0x69, 0x96, 0x7d, - 0x63, 0xbd, 0xdc, 0x2b, 0xa8, 0x1f, 0xd0, 0x13, 0x84, 0x70, 0xfe, 0xf6, - 0x35, 0x95, 0x89, 0xf9, 0xa6, 0x77, 0xb0, 0x46, 0xc8, 0xbb, 0xb7, 0x13, - 0xf5, 0xc9, 0x60, 0x69, 0xd6, 0x4c, 0xfe, 0xd2, 0x8e, 0xef, 0xd3, 0x60, - 0xc1, 0x80, 0x80, 0xe1, 0xe7, 0xfb, 0x8b, 0x6f, 0x21, 0x79, 0x4a, 0xe0, - 0xdc, 0xa9, 0x1b, 0xc1, 0xb7, 0xfb, 0xc3, 0x49, 0x59, 0x5c, 0xb5, 0x77, - 0x07, 0x44, 0xd4, 0x97, 0xfc, 0x49, 0x00, 0x89, 0x6f, 0x06, 0x4e, 0x01, - 0x70, 0x19, 0xac, 0x2f, 0x11, 0xc0, 0xe2, 0xe6, 0x0f, 0x2f, 0x86, 0x4b, - 0x8d, 0x7b, 0xc3, 0xb9, 0xa7, 0x2e, 0xf4, 0xf1, 0xac, 0x16, 0x3e, 0x39, - 0x49, 0x51, 0x9e, 0x17, 0x4b, 0x4f, 0x10, 0x3a, 0x5b, 0xa5, 0xa8, 0x92, - 0x6f, 0xfd, 0xfa, 0xd6, 0x0b, 0x03, 0x4d, 0x47, 0x56, 0x57, 0x19, 0xf3, - 0xcb, 0x6b, 0xf5, 0xf3, 0xd6, 0xcf, 0xb0, 0xf5, 0xf5, 0xa3, 0x11, 0xd2, - 0x20, 0x53, 0x13, 0x34, 0x37, 0x05, 0x2c, 0x43, 0x5a, 0x63, 0xdf, 0x8d, - 0x40, 0xd6, 0x85, 0x1e, 0x51, 0xe9, 0x51, 0x17, 0x1e, 0x03, 0x56, 0xc9, - 0xf1, 0x30, 0xad, 0xe7, 0x9b, 0x11, 0xa2, 0xb9, 0xd0, 0x31, 0x81, 0x9b, - 0x68, 0xb1, 0xd9, 0xe8, 0xf3, 0xe6, 0x94, 0x7e, 0xc7, 0xae, 0x13, 0x2f, - 0x87, 0xed, 0xd0, 0x25, 0xb0, 0x68, 0xf9, 0xde, 0x08, 0x5a, 0xf3, 0x29, - 0xcc, 0xd4, 0x92, -} - -var certSet3Cert11 = []byte{ - 0x30, 0x82, 0x04, 0x59, 0x30, 0x82, 0x03, 0x41, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x02, 0x3a, 0x63, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x42, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, - 0x38, 0x32, 0x37, 0x32, 0x30, 0x34, 0x30, 0x34, 0x30, 0x5a, 0x17, 0x0d, - 0x32, 0x32, 0x30, 0x35, 0x32, 0x30, 0x32, 0x30, 0x34, 0x30, 0x34, 0x30, - 0x5a, 0x30, 0x44, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x14, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, - 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, - 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb9, 0x27, 0xf9, 0x4f, - 0xd8, 0xf6, 0xb7, 0x15, 0x3f, 0x8f, 0xcd, 0xce, 0xd6, 0x8d, 0x1c, 0x6b, - 0xfd, 0x7f, 0xda, 0x54, 0x21, 0x4e, 0x03, 0xd8, 0xca, 0xd0, 0x72, 0x52, - 0x15, 0xb8, 0xc9, 0x82, 0x5b, 0x58, 0x79, 0x84, 0xff, 0x24, 0x72, 0x6f, - 0xf2, 0x69, 0x7f, 0xbc, 0x96, 0xd9, 0x9a, 0x7a, 0xc3, 0x3e, 0xa9, 0xcf, - 0x50, 0x22, 0x13, 0x0e, 0x86, 0x19, 0xdb, 0xe8, 0x49, 0xef, 0x8b, 0xe6, - 0xd6, 0x47, 0xf2, 0xfd, 0x73, 0x45, 0x08, 0xae, 0x8f, 0xac, 0x5e, 0xb6, - 0xf8, 0x9e, 0x7c, 0xf7, 0x10, 0xff, 0x92, 0x43, 0x66, 0xef, 0x1c, 0xd4, - 0xee, 0xa1, 0x46, 0x88, 0x11, 0x89, 0x49, 0x79, 0x7a, 0x25, 0xce, 0x4b, - 0x6a, 0xf0, 0xd7, 0x1c, 0x76, 0x1a, 0x29, 0x3c, 0xc9, 0xe4, 0xfd, 0x1e, - 0x85, 0xdc, 0xe0, 0x31, 0x65, 0x05, 0x47, 0x16, 0xac, 0x0a, 0x07, 0x4b, - 0x2e, 0x70, 0x5e, 0x6b, 0x06, 0xa7, 0x6b, 0x3a, 0x6c, 0xaf, 0x05, 0x12, - 0xc4, 0xb2, 0x11, 0x25, 0xd6, 0x3e, 0x97, 0x29, 0xf0, 0x83, 0x6c, 0x57, - 0x1c, 0xd8, 0xa5, 0xef, 0xcc, 0xec, 0xfd, 0xd6, 0x12, 0xf1, 0x3f, 0xdb, - 0x40, 0xb4, 0xae, 0x0f, 0x18, 0xd3, 0xc5, 0xaf, 0x40, 0x92, 0x5d, 0x07, - 0x5e, 0x4e, 0xfe, 0x62, 0x17, 0x37, 0x89, 0xe9, 0x8b, 0x74, 0x26, 0xa2, - 0xed, 0xb8, 0x0a, 0xe7, 0x6c, 0x15, 0x5b, 0x35, 0x90, 0x72, 0xdd, 0xd8, - 0x4d, 0x21, 0xd4, 0x40, 0x23, 0x5c, 0x8f, 0xee, 0x80, 0x31, 0x16, 0xab, - 0x68, 0x55, 0xf4, 0x0e, 0x3b, 0x54, 0xe9, 0x04, 0x4d, 0xf0, 0xcc, 0x4e, - 0x81, 0x5e, 0xe9, 0x6f, 0x52, 0x69, 0x4e, 0xbe, 0xa6, 0x16, 0x6d, 0x42, - 0xf5, 0x51, 0xff, 0xe0, 0x0b, 0x56, 0x3c, 0x98, 0x4f, 0x73, 0x8f, 0x0e, - 0x6f, 0x1a, 0x23, 0xf1, 0xc9, 0xc8, 0xd9, 0xdf, 0xbc, 0xec, 0x52, 0xd7, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x54, 0x30, 0x82, 0x01, - 0x50, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, - 0x80, 0x14, 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, 0xab, 0x05, 0x64, - 0x0c, 0x11, 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc, 0x4e, 0x30, 0x1d, - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x11, 0x4a, 0xd0, - 0x73, 0x39, 0xd5, 0x5b, 0x69, 0x08, 0x5c, 0xba, 0x3d, 0xbf, 0x64, 0x9a, - 0xa8, 0x8b, 0x1c, 0x55, 0xbc, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, - 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, - 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, - 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x3a, 0x06, 0x03, 0x55, 0x1d, 0x1f, - 0x04, 0x33, 0x30, 0x31, 0x30, 0x2f, 0xa0, 0x2d, 0xa0, 0x2b, 0x86, 0x29, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x67, - 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x63, 0x72, 0x6c, 0x73, 0x2f, 0x67, 0x74, 0x67, 0x6c, 0x6f, 0x62, 0x61, - 0x6c, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, - 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, - 0x4c, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x45, 0x30, 0x43, 0x30, 0x41, - 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, 0x07, 0x36, - 0x30, 0x33, 0x30, 0x31, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, - 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x1d, 0x11, - 0x04, 0x23, 0x30, 0x21, 0xa4, 0x1f, 0x30, 0x1d, 0x31, 0x1b, 0x30, 0x19, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x56, 0x65, 0x72, 0x69, 0x53, - 0x69, 0x67, 0x6e, 0x4d, 0x50, 0x4b, 0x49, 0x2d, 0x32, 0x2d, 0x32, 0x35, - 0x34, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x3c, 0xe5, 0x3d, - 0x5a, 0x1b, 0xa2, 0x37, 0x2a, 0xe3, 0x46, 0xcf, 0x36, 0x96, 0x18, 0x3c, - 0x7b, 0xf1, 0x84, 0xc5, 0x57, 0x86, 0x77, 0x40, 0x9d, 0x35, 0xf0, 0x12, - 0xf0, 0x78, 0x18, 0xfb, 0x22, 0xa4, 0xde, 0x98, 0x4b, 0x78, 0x81, 0xe6, - 0x4d, 0x86, 0xe3, 0x91, 0x0f, 0x42, 0xe3, 0xb9, 0xdc, 0xa0, 0xd6, 0xff, - 0xa9, 0xf8, 0xb1, 0x79, 0x97, 0x99, 0xd1, 0xc3, 0x6c, 0x42, 0xa5, 0x92, - 0x94, 0xe0, 0x5d, 0x0c, 0x33, 0x18, 0x25, 0xc9, 0x2b, 0x95, 0x53, 0xe0, - 0xe5, 0xa9, 0x0c, 0x7d, 0x47, 0xfe, 0x7f, 0x51, 0x31, 0x44, 0x5e, 0xf7, - 0x2a, 0x1e, 0x35, 0xa2, 0x94, 0x32, 0xf7, 0xc9, 0xee, 0xc0, 0xb6, 0xc6, - 0x9a, 0xac, 0xde, 0x99, 0x21, 0x6a, 0x23, 0xa0, 0x38, 0x64, 0xee, 0xa3, - 0xc4, 0x88, 0x73, 0x32, 0x3b, 0x50, 0xce, 0xbf, 0xad, 0xd3, 0x75, 0x1e, - 0xa6, 0xf4, 0xe9, 0xf9, 0x42, 0x6b, 0x60, 0xb2, 0xdd, 0x45, 0xfd, 0x5d, - 0x57, 0x08, 0xce, 0x2d, 0x50, 0xe6, 0x12, 0x32, 0x16, 0x13, 0x8a, 0xf2, - 0x94, 0xa2, 0x9b, 0x47, 0xa8, 0x86, 0x7f, 0xd9, 0x98, 0xe5, 0xf7, 0xe5, - 0x76, 0x74, 0x64, 0xd8, 0x91, 0xbc, 0x84, 0x16, 0x28, 0xd8, 0x25, 0x44, - 0x30, 0x7e, 0x82, 0xd8, 0xac, 0xb1, 0xe4, 0xc0, 0xe4, 0x15, 0x6c, 0xdb, - 0xb6, 0x24, 0x27, 0x02, 0x2a, 0x01, 0x12, 0x85, 0xba, 0x31, 0x88, 0x58, - 0x47, 0x74, 0xe3, 0xb8, 0xd2, 0x64, 0xa6, 0xc3, 0x32, 0x59, 0x2e, 0x29, - 0x4b, 0x45, 0xf1, 0x5b, 0x89, 0x49, 0x2e, 0x82, 0x9a, 0xc6, 0x18, 0x15, - 0x44, 0xd0, 0x2e, 0x64, 0x01, 0x15, 0x68, 0x38, 0xf9, 0xf6, 0xf9, 0x66, - 0x03, 0x0c, 0x55, 0x1b, 0x9d, 0xbf, 0x00, 0x40, 0xae, 0xf0, 0x48, 0x27, - 0x4c, 0xe0, 0x80, 0x5e, 0x2d, 0xb9, 0x2a, 0x15, 0x7a, 0xbc, 0x66, 0xf8, - 0x35, -} - -var certSet3Cert12 = []byte{ - 0x30, 0x82, 0x04, 0x63, 0x30, 0x82, 0x03, 0x4b, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x0b, 0x04, 0x00, 0x00, 0x00, 0x00, 0x01, 0x44, 0x4e, 0xf0, - 0x3e, 0x20, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19, 0x30, 0x17, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10, 0x47, 0x6c, 0x6f, 0x62, 0x61, - 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, 0x73, 0x61, 0x31, - 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x07, 0x52, 0x6f, - 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x12, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, - 0x67, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, - 0x17, 0x0d, 0x31, 0x34, 0x30, 0x32, 0x32, 0x30, 0x31, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x32, 0x32, 0x30, 0x31, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x60, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19, 0x30, - 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, 0x73, 0x61, - 0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2d, 0x47, - 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x44, 0x6f, - 0x6d, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x53, 0x48, 0x41, - 0x32, 0x35, 0x36, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xa9, 0xdd, 0xcc, 0x0e, 0xb3, 0xe2, 0x32, - 0x39, 0xdd, 0x49, 0x22, 0xa8, 0x13, 0x69, 0x93, 0x87, 0x88, 0xe1, 0x0c, - 0xee, 0x71, 0x7d, 0xbd, 0x90, 0x87, 0x96, 0x5d, 0x59, 0xf2, 0xcc, 0xb3, - 0xd2, 0x58, 0x57, 0x57, 0xf9, 0x46, 0xef, 0x6c, 0x26, 0xd8, 0x36, 0x42, - 0x8e, 0x7e, 0x30, 0xb3, 0x2f, 0x9a, 0x3e, 0x53, 0x7b, 0x1f, 0x6e, 0xb6, - 0xa2, 0x4c, 0x45, 0x1f, 0x3c, 0xd3, 0x15, 0x93, 0x1c, 0x89, 0xed, 0x3c, - 0xf4, 0x57, 0xde, 0xca, 0xbd, 0xec, 0x06, 0x9a, 0x6a, 0x2a, 0xa0, 0x19, - 0x52, 0x7f, 0x51, 0xd1, 0x74, 0x39, 0x08, 0x9f, 0xab, 0xeb, 0xd7, 0x86, - 0x13, 0x15, 0x97, 0xae, 0x36, 0xc3, 0x54, 0x66, 0x0e, 0x5a, 0xf2, 0xa0, - 0x73, 0x85, 0x31, 0xe3, 0xb2, 0x64, 0x14, 0x6a, 0xff, 0xa5, 0xa2, 0x8e, - 0x24, 0xbb, 0xbd, 0x85, 0x52, 0x15, 0xa2, 0x79, 0xee, 0xf0, 0xb5, 0xee, - 0x3d, 0xb8, 0xf4, 0x7d, 0x80, 0xbc, 0xd9, 0x90, 0x35, 0x65, 0xb8, 0x17, - 0xa9, 0xad, 0xb3, 0x98, 0x9f, 0xa0, 0x7e, 0x7d, 0x6e, 0xfb, 0x3f, 0xad, - 0x7c, 0xc2, 0x1b, 0x59, 0x36, 0x96, 0xda, 0x37, 0x32, 0x4b, 0x4b, 0x5d, - 0x35, 0x02, 0x63, 0x8e, 0xdb, 0xa7, 0xcf, 0x62, 0xee, 0xcc, 0x2e, 0xd4, - 0x8d, 0xc9, 0xbd, 0x3c, 0x6a, 0x91, 0x72, 0xa2, 0x22, 0xa7, 0x72, 0x2d, - 0x20, 0xd1, 0xfa, 0xca, 0x37, 0xda, 0x18, 0x98, 0xe6, 0x16, 0x24, 0x71, - 0x25, 0x4b, 0xc4, 0xe5, 0x7b, 0x89, 0x52, 0x09, 0x02, 0xfd, 0x59, 0x2b, - 0x04, 0x6e, 0xca, 0x07, 0x81, 0xd4, 0xb3, 0xda, 0xda, 0xdb, 0xe3, 0xcc, - 0x80, 0xa8, 0x56, 0x07, 0x06, 0x7c, 0x96, 0x08, 0x37, 0x9d, 0xdb, 0x38, - 0xb6, 0x62, 0x34, 0x91, 0x62, 0x07, 0x74, 0x01, 0x38, 0xd8, 0x72, 0x30, - 0xe2, 0xeb, 0x90, 0x71, 0x26, 0x62, 0xc0, 0x57, 0xf3, 0x02, 0x03, 0x01, - 0x00, 0x01, 0xa3, 0x82, 0x01, 0x25, 0x30, 0x82, 0x01, 0x21, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, - 0x01, 0x06, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, - 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x1d, - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xea, 0x4e, 0x7c, - 0xd4, 0x80, 0x2d, 0xe5, 0x15, 0x81, 0x86, 0x26, 0x8c, 0x82, 0x6d, 0xc0, - 0x98, 0xa4, 0xcf, 0x97, 0x0f, 0x30, 0x47, 0x06, 0x03, 0x55, 0x1d, 0x20, - 0x04, 0x40, 0x30, 0x3e, 0x30, 0x3c, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, - 0x30, 0x34, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x02, 0x01, 0x16, 0x26, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, - 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x73, 0x69, - 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, - 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, 0x30, 0x33, 0x06, 0x03, 0x55, 0x1d, - 0x1f, 0x04, 0x2c, 0x30, 0x2a, 0x30, 0x28, 0xa0, 0x26, 0xa0, 0x24, 0x86, - 0x22, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, - 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x6e, - 0x65, 0x74, 0x2f, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x72, 0x6c, 0x30, - 0x3d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, - 0x31, 0x30, 0x2f, 0x30, 0x2d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x30, 0x01, 0x86, 0x21, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x73, - 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x6f, 0x6f, 0x74, - 0x72, 0x31, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, - 0x16, 0x80, 0x14, 0x60, 0x7b, 0x66, 0x1a, 0x45, 0x0d, 0x97, 0xca, 0x89, - 0x50, 0x2f, 0x7d, 0x04, 0xcd, 0x34, 0xa8, 0xff, 0xfc, 0xfd, 0x4b, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xd7, 0x45, 0x9e, 0xa0, 0xdc, - 0xe0, 0xe3, 0x61, 0x5a, 0x0b, 0x7d, 0x77, 0x84, 0x17, 0x2d, 0x65, 0x5a, - 0x82, 0x9a, 0x8d, 0xa3, 0x27, 0x2a, 0x85, 0xf7, 0xc9, 0xef, 0xe9, 0x86, - 0xfd, 0xd4, 0x47, 0xcd, 0x01, 0x52, 0x96, 0xc5, 0x43, 0xbd, 0x37, 0xb1, - 0xe1, 0xb8, 0xf2, 0xa9, 0xd2, 0x8a, 0x11, 0x84, 0x71, 0x91, 0x15, 0x89, - 0xdc, 0x02, 0x9d, 0x0b, 0xcb, 0x6c, 0x33, 0x85, 0x34, 0x28, 0x9e, 0x20, - 0xb2, 0xb1, 0x97, 0xdc, 0x6d, 0x0b, 0x10, 0xc1, 0x3c, 0xcd, 0x5f, 0xea, - 0x5d, 0xd7, 0x98, 0x31, 0xc5, 0x34, 0x99, 0x5c, 0x00, 0x61, 0x55, 0xc4, - 0x1b, 0x02, 0x5b, 0xc5, 0xe3, 0x89, 0xc8, 0xb4, 0xb8, 0x6f, 0x1e, 0x38, - 0xf2, 0x56, 0x26, 0xe9, 0x41, 0xef, 0x3d, 0xcd, 0xac, 0x99, 0x4f, 0x59, - 0x4a, 0x57, 0x2d, 0x4b, 0x7d, 0xae, 0xc7, 0x88, 0xfb, 0xd6, 0x98, 0x3b, - 0xf5, 0xe5, 0xf0, 0xe8, 0x89, 0x89, 0xb9, 0x8b, 0x03, 0xcb, 0x5a, 0x23, - 0x1f, 0xa4, 0xfd, 0xb8, 0xea, 0xfb, 0x2e, 0x9d, 0xae, 0x6a, 0x73, 0x09, - 0xbc, 0xfc, 0xd5, 0xa0, 0xb5, 0x44, 0x82, 0xab, 0x44, 0x91, 0x2e, 0x50, - 0x2e, 0x57, 0xc1, 0x43, 0xd8, 0x91, 0x04, 0x8b, 0xe9, 0x11, 0x2e, 0x5f, - 0xb4, 0x3f, 0x79, 0xdf, 0x1e, 0xfb, 0x3f, 0x30, 0x00, 0x8b, 0x53, 0xe3, - 0xb7, 0x2c, 0x1d, 0x3b, 0x4d, 0x8b, 0xdc, 0xe4, 0x64, 0x1d, 0x04, 0x58, - 0x33, 0xaf, 0x1b, 0x55, 0xe7, 0xab, 0x0c, 0xbf, 0x30, 0x04, 0x74, 0xe4, - 0xf3, 0x0e, 0x2f, 0x30, 0x39, 0x8d, 0x4b, 0x04, 0x8c, 0x1e, 0x75, 0x66, - 0x66, 0x49, 0xe0, 0xbe, 0x40, 0x34, 0xc7, 0x5c, 0x5a, 0x51, 0x92, 0xba, - 0x12, 0x3c, 0x52, 0xd5, 0x04, 0x82, 0x55, 0x2d, 0x67, 0xa5, 0xdf, 0xb7, - 0x95, 0x7c, 0xee, 0x3f, 0xc3, 0x08, 0xba, 0x04, 0xbe, 0xc0, 0x46, -} - -var certSet3Cert13 = []byte{ - 0x30, 0x82, 0x04, 0x69, 0x30, 0x82, 0x03, 0x51, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x0b, 0x04, 0x00, 0x00, 0x00, 0x00, 0x01, 0x44, 0x4e, 0xf0, - 0x42, 0x47, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19, 0x30, 0x17, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10, 0x47, 0x6c, 0x6f, 0x62, 0x61, - 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, 0x73, 0x61, 0x31, - 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x07, 0x52, 0x6f, - 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x12, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, - 0x67, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, - 0x17, 0x0d, 0x31, 0x34, 0x30, 0x32, 0x32, 0x30, 0x31, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x32, 0x32, 0x30, 0x31, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x66, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19, 0x30, - 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, 0x73, 0x61, - 0x31, 0x3c, 0x30, 0x3a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x33, 0x47, - 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x4f, 0x72, - 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x56, - 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x43, 0x41, - 0x20, 0x2d, 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x2d, 0x20, - 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc7, - 0x0e, 0x6c, 0x3f, 0x23, 0x93, 0x7f, 0xcc, 0x70, 0xa5, 0x9d, 0x20, 0xc3, - 0x0e, 0x53, 0x3f, 0x7e, 0xc0, 0x4e, 0xc2, 0x98, 0x49, 0xca, 0x47, 0xd5, - 0x23, 0xef, 0x03, 0x34, 0x85, 0x74, 0xc8, 0xa3, 0x02, 0x2e, 0x46, 0x5c, - 0x0b, 0x7d, 0xc9, 0x88, 0x9d, 0x4f, 0x8b, 0xf0, 0xf8, 0x9c, 0x6c, 0x8c, - 0x55, 0x35, 0xdb, 0xbf, 0xf2, 0xb3, 0xea, 0xfb, 0xe3, 0x56, 0xe7, 0x4a, - 0x46, 0xd9, 0x13, 0x22, 0xca, 0x36, 0xd5, 0x9b, 0xc1, 0xa8, 0xe3, 0x96, - 0x43, 0x93, 0xf2, 0x0c, 0xbc, 0xe6, 0xf9, 0xe6, 0xe8, 0x99, 0xc8, 0x63, - 0x48, 0x78, 0x7f, 0x57, 0x36, 0x69, 0x1a, 0x19, 0x1d, 0x5a, 0xd1, 0xd4, - 0x7d, 0xc2, 0x9c, 0xd4, 0x7f, 0xe1, 0x80, 0x12, 0xae, 0x7a, 0xea, 0x88, - 0xea, 0x57, 0xd8, 0xca, 0x0a, 0x0a, 0x3a, 0x12, 0x49, 0xa2, 0x62, 0x19, - 0x7a, 0x0d, 0x24, 0xf7, 0x37, 0xeb, 0xb4, 0x73, 0x92, 0x7b, 0x05, 0x23, - 0x9b, 0x12, 0xb5, 0xce, 0xeb, 0x29, 0xdf, 0xa4, 0x14, 0x02, 0xb9, 0x01, - 0xa5, 0xd4, 0xa6, 0x9c, 0x43, 0x64, 0x88, 0xde, 0xf8, 0x7e, 0xfe, 0xe3, - 0xf5, 0x1e, 0xe5, 0xfe, 0xdc, 0xa3, 0xa8, 0xe4, 0x66, 0x31, 0xd9, 0x4c, - 0x25, 0xe9, 0x18, 0xb9, 0x89, 0x59, 0x09, 0xae, 0xe9, 0x9d, 0x1c, 0x6d, - 0x37, 0x0f, 0x4a, 0x1e, 0x35, 0x20, 0x28, 0xe2, 0xaf, 0xd4, 0x21, 0x8b, - 0x01, 0xc4, 0x45, 0xad, 0x6e, 0x2b, 0x63, 0xab, 0x92, 0x6b, 0x61, 0x0a, - 0x4d, 0x20, 0xed, 0x73, 0xba, 0x7c, 0xce, 0xfe, 0x16, 0xb5, 0xdb, 0x9f, - 0x80, 0xf0, 0xd6, 0x8b, 0x6c, 0xd9, 0x08, 0x79, 0x4a, 0x4f, 0x78, 0x65, - 0xda, 0x92, 0xbc, 0xbe, 0x35, 0xf9, 0xb3, 0xc4, 0xf9, 0x27, 0x80, 0x4e, - 0xff, 0x96, 0x52, 0xe6, 0x02, 0x20, 0xe1, 0x07, 0x73, 0xe9, 0x5d, 0x2b, - 0xbd, 0xb2, 0xf1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x25, - 0x30, 0x82, 0x01, 0x21, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, - 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x12, 0x06, 0x03, - 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, - 0xff, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, - 0x16, 0x04, 0x14, 0x96, 0xde, 0x61, 0xf1, 0xbd, 0x1c, 0x16, 0x29, 0x53, - 0x1c, 0xc0, 0xcc, 0x7d, 0x3b, 0x83, 0x00, 0x40, 0xe6, 0x1a, 0x7c, 0x30, - 0x47, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x40, 0x30, 0x3e, 0x30, 0x3c, - 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x34, 0x30, 0x32, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x26, 0x68, 0x74, - 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6c, - 0x6f, 0x62, 0x61, 0x6c, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, - 0x30, 0x33, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2c, 0x30, 0x2a, 0x30, - 0x28, 0xa0, 0x26, 0xa0, 0x24, 0x86, 0x22, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, - 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x72, 0x6f, 0x6f, - 0x74, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x3d, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x31, 0x30, 0x2f, 0x30, 0x2d, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x21, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, - 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x72, 0x6f, 0x6f, 0x74, 0x72, 0x31, 0x30, 0x1f, 0x06, 0x03, - 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x60, 0x7b, 0x66, - 0x1a, 0x45, 0x0d, 0x97, 0xca, 0x89, 0x50, 0x2f, 0x7d, 0x04, 0xcd, 0x34, - 0xa8, 0xff, 0xfc, 0xfd, 0x4b, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, - 0x00, 0x46, 0x2a, 0xee, 0x5e, 0xbd, 0xae, 0x01, 0x60, 0x37, 0x31, 0x11, - 0x86, 0x71, 0x74, 0xb6, 0x46, 0x49, 0xc8, 0x10, 0x16, 0xfe, 0x2f, 0x62, - 0x23, 0x17, 0xab, 0x1f, 0x87, 0xf8, 0x82, 0xed, 0xca, 0xdf, 0x0e, 0x2c, - 0xdf, 0x64, 0x75, 0x8e, 0xe5, 0x18, 0x72, 0xa7, 0x8c, 0x3a, 0x8b, 0xc9, - 0xac, 0xa5, 0x77, 0x50, 0xf7, 0xef, 0x9e, 0xa4, 0xe0, 0xa0, 0x8f, 0x14, - 0x57, 0xa3, 0x2a, 0x5f, 0xec, 0x7e, 0x6d, 0x10, 0xe6, 0xba, 0x8d, 0xb0, - 0x08, 0x87, 0x76, 0x0e, 0x4c, 0xb2, 0xd9, 0x51, 0xbb, 0x11, 0x02, 0xf2, - 0x5c, 0xdd, 0x1c, 0xbd, 0xf3, 0x55, 0x96, 0x0f, 0xd4, 0x06, 0xc0, 0xfc, - 0xe2, 0x23, 0x8a, 0x24, 0x70, 0xd3, 0xbb, 0xf0, 0x79, 0x1a, 0xa7, 0x61, - 0x70, 0x83, 0x8a, 0xaf, 0x06, 0xc5, 0x20, 0xd8, 0xa1, 0x63, 0xd0, 0x6c, - 0xae, 0x4f, 0x32, 0xd7, 0xae, 0x7c, 0x18, 0x45, 0x75, 0x05, 0x29, 0x77, - 0xdf, 0x42, 0x40, 0x64, 0x64, 0x86, 0xbe, 0x2a, 0x76, 0x09, 0x31, 0x6f, - 0x1d, 0x24, 0xf4, 0x99, 0xd0, 0x85, 0xfe, 0xf2, 0x21, 0x08, 0xf9, 0xc6, - 0xf6, 0xf1, 0xd0, 0x59, 0xed, 0xd6, 0x56, 0x3c, 0x08, 0x28, 0x03, 0x67, - 0xba, 0xf0, 0xf9, 0xf1, 0x90, 0x16, 0x47, 0xae, 0x67, 0xe6, 0xbc, 0x80, - 0x48, 0xe9, 0x42, 0x76, 0x34, 0x97, 0x55, 0x69, 0x24, 0x0e, 0x83, 0xd6, - 0xa0, 0x2d, 0xb4, 0xf5, 0xf3, 0x79, 0x8a, 0x49, 0x28, 0x74, 0x1a, 0x41, - 0xa1, 0xc2, 0xd3, 0x24, 0x88, 0x35, 0x30, 0x60, 0x94, 0x17, 0xb4, 0xe1, - 0x04, 0x22, 0x31, 0x3d, 0x3b, 0x2f, 0x17, 0x06, 0xb2, 0xb8, 0x9d, 0x86, - 0x2b, 0x5a, 0x69, 0xef, 0x83, 0xf5, 0x4b, 0xc4, 0xaa, 0xb4, 0x2a, 0xf8, - 0x7c, 0xa1, 0xb1, 0x85, 0x94, 0x8c, 0xf4, 0x0c, 0x87, 0x0c, 0xf4, 0xac, - 0x40, 0xf8, 0x59, 0x49, 0x98, -} - -var certSet3Cert14 = []byte{ - 0x30, 0x82, 0x04, 0x6c, 0x30, 0x82, 0x03, 0x54, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x4d, 0x5f, 0x2c, 0x34, 0x08, 0xb2, 0x4c, 0x20, 0xcd, - 0x6d, 0x50, 0x7e, 0x24, 0x4d, 0xc9, 0xec, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, - 0xa9, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, - 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, 0x38, 0x30, 0x36, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, - 0x30, 0x36, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, - 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x16, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, - 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x30, 0x32, 0x30, 0x38, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x30, - 0x32, 0x30, 0x37, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x3c, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, - 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0d, 0x54, - 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x99, 0xe4, 0x85, - 0x5b, 0x76, 0x49, 0x7d, 0x2f, 0x05, 0xd8, 0xc5, 0xac, 0xc8, 0xc8, 0xa9, - 0xd3, 0xdc, 0x98, 0xe6, 0xd7, 0x34, 0xa6, 0x2f, 0x0c, 0xf2, 0x22, 0x26, - 0xd8, 0xa3, 0xc9, 0x14, 0x4c, 0x8f, 0x05, 0xa4, 0x45, 0xe8, 0x14, 0x0c, - 0x58, 0x90, 0x05, 0x1a, 0xb7, 0xc5, 0xc1, 0x06, 0xa5, 0x80, 0xaf, 0xbb, - 0x1d, 0x49, 0x6b, 0x52, 0x34, 0x88, 0xc3, 0x59, 0xe7, 0xef, 0x6b, 0xc4, - 0x27, 0x41, 0x8c, 0x2b, 0x66, 0x1d, 0xd0, 0xe0, 0xa3, 0x97, 0x98, 0x19, - 0x34, 0x4b, 0x41, 0xd5, 0x98, 0xd5, 0xc7, 0x05, 0xad, 0xa2, 0xe4, 0xd7, - 0xed, 0x0c, 0xad, 0x4f, 0xc1, 0xb5, 0xb0, 0x21, 0xfd, 0x3e, 0x50, 0x53, - 0xb2, 0xc4, 0x90, 0xd0, 0xd4, 0x30, 0x67, 0x6c, 0x9a, 0xf1, 0x0e, 0x74, - 0xc4, 0xc2, 0xdc, 0x8a, 0xe8, 0x97, 0xff, 0xc9, 0x92, 0xae, 0x01, 0x8a, - 0x56, 0x0a, 0x98, 0x32, 0xb0, 0x00, 0x23, 0xec, 0x90, 0x1a, 0x60, 0xc3, - 0xed, 0xbb, 0x3a, 0xcb, 0x0f, 0x63, 0x9f, 0x0d, 0x44, 0xc9, 0x52, 0xe1, - 0x25, 0x96, 0xbf, 0xed, 0x50, 0x95, 0x89, 0x7f, 0x56, 0x14, 0xb1, 0xb7, - 0x61, 0x1d, 0x1c, 0x07, 0x8c, 0x3a, 0x2c, 0xf7, 0xff, 0x80, 0xde, 0x39, - 0x45, 0xd5, 0xaf, 0x1a, 0xd1, 0x78, 0xd8, 0xc7, 0x71, 0x6a, 0xa3, 0x19, - 0xa7, 0x32, 0x50, 0x21, 0xe9, 0xf2, 0x0e, 0xa1, 0xc6, 0x13, 0x03, 0x44, - 0x48, 0xd1, 0x66, 0xa8, 0x52, 0x57, 0xd7, 0x11, 0xb4, 0x93, 0x8b, 0xe5, - 0x99, 0x9f, 0x5d, 0xe7, 0x78, 0x51, 0xe5, 0x4d, 0xf6, 0xb7, 0x59, 0xb4, - 0x76, 0xb5, 0x09, 0x37, 0x4d, 0x06, 0x38, 0x13, 0x7a, 0x1c, 0x08, 0x98, - 0x5c, 0xc4, 0x48, 0x4a, 0xcb, 0x52, 0xa0, 0xa9, 0xf8, 0xb1, 0x9d, 0x8e, - 0x7b, 0x79, 0xb0, 0x20, 0x2f, 0x3c, 0x96, 0xa8, 0x11, 0x62, 0x47, 0xbb, - 0x11, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xfb, 0x30, 0x81, 0xf8, - 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, - 0x04, 0x26, 0x30, 0x24, 0x30, 0x22, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x30, 0x01, 0x86, 0x16, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, - 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, - 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, - 0x30, 0x34, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2d, 0x30, 0x2b, 0x30, - 0x29, 0xa0, 0x27, 0xa0, 0x25, 0x86, 0x23, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x50, - 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x28, - 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x21, 0x30, 0x1f, 0xa4, 0x1d, 0x30, - 0x1b, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x10, - 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x4d, 0x50, 0x4b, 0x49, - 0x2d, 0x32, 0x2d, 0x39, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, - 0x16, 0x04, 0x14, 0xa7, 0xa2, 0x83, 0xbb, 0x34, 0x45, 0x40, 0x3d, 0xfc, - 0xd5, 0x30, 0x4f, 0x12, 0xb9, 0x3e, 0xa1, 0x01, 0x9f, 0xf6, 0xdb, 0x30, - 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, - 0x7b, 0x5b, 0x45, 0xcf, 0xaf, 0xce, 0xcb, 0x7a, 0xfd, 0x31, 0x92, 0x1a, - 0x6a, 0xb6, 0xf3, 0x46, 0xeb, 0x57, 0x48, 0x50, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x80, 0x22, 0x80, 0xe0, 0x6c, 0xc8, 0x95, 0x16, - 0xd7, 0x57, 0x26, 0x87, 0xf3, 0x72, 0x34, 0xdb, 0xc6, 0x72, 0x56, 0x27, - 0x3e, 0xd3, 0x96, 0xf6, 0x2e, 0x25, 0x91, 0xa5, 0x3e, 0x33, 0x97, 0xa7, - 0x4b, 0xe5, 0x2f, 0xfb, 0x25, 0x7d, 0x2f, 0x07, 0x61, 0xfa, 0x6f, 0x83, - 0x74, 0x4c, 0x4c, 0x53, 0x72, 0x20, 0xa4, 0x7a, 0xcf, 0x51, 0x51, 0x56, - 0x81, 0x88, 0xb0, 0x6d, 0x1f, 0x36, 0x2c, 0xc8, 0x2b, 0xb1, 0x88, 0x99, - 0xc1, 0xfe, 0x44, 0xab, 0x48, 0x51, 0x7c, 0xd8, 0xf2, 0x44, 0x64, 0x2a, - 0xd8, 0x71, 0xa7, 0xfb, 0x1a, 0x2f, 0xf9, 0x19, 0x8d, 0x34, 0xb2, 0x23, - 0xbf, 0xc4, 0x4c, 0x55, 0x1d, 0x8e, 0x44, 0xe8, 0xaa, 0x5d, 0x9a, 0xdd, - 0x9f, 0xfd, 0x03, 0xc7, 0xba, 0x24, 0x43, 0x8d, 0x2d, 0x47, 0x44, 0xdb, - 0xf6, 0xd8, 0x98, 0xc8, 0xb2, 0xf9, 0xda, 0xef, 0xed, 0x29, 0x5c, 0x69, - 0x12, 0xfa, 0xd1, 0x23, 0x96, 0x0f, 0xbf, 0x9c, 0x0d, 0xf2, 0x79, 0x45, - 0x53, 0x37, 0x9a, 0x56, 0x2f, 0xe8, 0x57, 0x10, 0x70, 0xf6, 0xee, 0x89, - 0x0c, 0x49, 0x89, 0x9a, 0xc1, 0x23, 0xf5, 0xc2, 0x2a, 0xcc, 0x41, 0xcf, - 0x22, 0xab, 0x65, 0x6e, 0xb7, 0x94, 0x82, 0x6d, 0x2f, 0x40, 0x5f, 0x58, - 0xde, 0xeb, 0x95, 0x2b, 0xa6, 0x72, 0x68, 0x52, 0x19, 0x91, 0x2a, 0xae, - 0x75, 0x9d, 0x4e, 0x92, 0xe6, 0xca, 0xde, 0x54, 0xea, 0x18, 0xab, 0x25, - 0x3c, 0xe6, 0x64, 0xa6, 0x79, 0x1f, 0x26, 0x7d, 0x61, 0xed, 0x7d, 0xd2, - 0xe5, 0x71, 0x55, 0xd8, 0x93, 0x17, 0x7c, 0x14, 0x38, 0x30, 0x3c, 0xdf, - 0x86, 0xe3, 0x4c, 0xad, 0x49, 0xe3, 0x97, 0x59, 0xce, 0x1b, 0x9b, 0x2b, - 0xce, 0xdc, 0x65, 0xd4, 0x0b, 0x28, 0x6b, 0x4e, 0x84, 0x46, 0x51, 0x44, - 0xf7, 0x33, 0x08, 0x2d, 0x58, 0x97, 0x21, 0xae, -} - -var certSet3Cert15 = []byte{ - 0x30, 0x82, 0x04, 0x6e, 0x30, 0x82, 0x03, 0x56, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x6e, 0x8a, 0x90, 0xeb, 0xcf, 0xf0, 0x44, 0x8a, 0x72, - 0x0d, 0x08, 0x05, 0xd0, 0x82, 0xa5, 0x44, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x58, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, - 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x31, 0x30, 0x2f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x28, - 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x50, 0x72, 0x69, - 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x30, - 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, - 0x33, 0x31, 0x30, 0x33, 0x30, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, - 0x30, 0x47, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x17, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, - 0x56, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, - 0x34, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, - 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd9, 0xb4, - 0x05, 0xf2, 0x38, 0x67, 0x0f, 0x09, 0xe7, 0x7c, 0xf5, 0x63, 0x2a, 0xe5, - 0xb9, 0x5e, 0xa8, 0x11, 0xae, 0x75, 0x71, 0xd9, 0x4c, 0x84, 0x67, 0xad, - 0x89, 0x5d, 0xfc, 0x28, 0x3d, 0x2a, 0xb0, 0xa5, 0xd5, 0xd4, 0xe6, 0x30, - 0x0a, 0x84, 0xd4, 0xe4, 0x18, 0xcb, 0x85, 0x37, 0xc5, 0x46, 0x71, 0xeb, - 0x1c, 0x7b, 0x69, 0xdb, 0x65, 0x69, 0x8c, 0x30, 0x05, 0x3e, 0x07, 0xe1, - 0x6f, 0x3c, 0xc1, 0x0b, 0x61, 0xe6, 0x38, 0x44, 0xfc, 0xbc, 0x8c, 0x2f, - 0x4e, 0x75, 0x57, 0xf5, 0x96, 0x99, 0x7c, 0x3e, 0x87, 0x1f, 0x0f, 0x90, - 0x4b, 0x70, 0xc3, 0x3f, 0x39, 0x45, 0x3b, 0x3a, 0x6b, 0xcb, 0xbb, 0x7b, - 0x40, 0x54, 0xd1, 0x8b, 0x4b, 0xa1, 0x72, 0xd2, 0x04, 0xe9, 0xe0, 0x72, - 0x1a, 0x93, 0x11, 0x7a, 0x2f, 0xf1, 0xab, 0x9d, 0x9c, 0x98, 0x58, 0xae, - 0x2c, 0xea, 0x77, 0x5f, 0x2f, 0x2e, 0x87, 0xaf, 0xb8, 0x6b, 0xe3, 0xe2, - 0xe2, 0x3f, 0xd6, 0x3d, 0xe0, 0x96, 0x44, 0xdf, 0x11, 0x55, 0x63, 0x52, - 0x2f, 0xf4, 0x26, 0x78, 0xc4, 0x0f, 0x20, 0x4d, 0x0a, 0xc0, 0x68, 0x70, - 0x15, 0x86, 0x38, 0xee, 0xb7, 0x76, 0x88, 0xab, 0x18, 0x8f, 0x4f, 0x35, - 0x1e, 0xd4, 0x8c, 0xc9, 0xdb, 0x7e, 0x3d, 0x44, 0xd4, 0x36, 0x8c, 0xc1, - 0x37, 0xb5, 0x59, 0x5b, 0x87, 0xf9, 0xe9, 0xf1, 0xd4, 0xc5, 0x28, 0xbd, - 0x1d, 0xdc, 0xcc, 0x96, 0x72, 0xd1, 0x7a, 0xa1, 0xa7, 0x20, 0xb5, 0xb8, - 0xaf, 0xf8, 0x6e, 0xa5, 0x60, 0x7b, 0x2b, 0x8d, 0x1f, 0xee, 0xf4, 0x2b, - 0xd6, 0x69, 0xcd, 0xaf, 0xca, 0x80, 0x58, 0x29, 0xe8, 0x4c, 0x00, 0x20, - 0x8a, 0x49, 0x0a, 0x6e, 0x8e, 0x8c, 0xa8, 0xd1, 0x00, 0x12, 0x84, 0xb6, - 0xc5, 0xe2, 0x95, 0xa2, 0xc0, 0x3b, 0xa4, 0x6b, 0xf0, 0x82, 0xd0, 0x96, - 0x5d, 0x25, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, - 0x82, 0x01, 0x3f, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, - 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, - 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, - 0x02, 0x01, 0x06, 0x30, 0x2f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x01, 0x01, 0x04, 0x23, 0x30, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x13, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x32, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x47, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, - 0x40, 0x30, 0x3e, 0x30, 0x3c, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, - 0x34, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, - 0x01, 0x16, 0x26, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, - 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x34, 0x06, 0x03, 0x55, 0x1d, 0x1f, - 0x04, 0x2d, 0x30, 0x2b, 0x30, 0x29, 0xa0, 0x27, 0xa0, 0x25, 0x86, 0x23, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x31, 0x2e, 0x73, 0x79, - 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x47, 0x65, 0x6f, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x50, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, 0x30, - 0x29, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x22, 0x30, 0x20, 0xa4, 0x1e, - 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x11, 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, 0x50, 0x4b, 0x49, - 0x2d, 0x31, 0x2d, 0x35, 0x33, 0x38, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, - 0x0e, 0x04, 0x16, 0x04, 0x14, 0xde, 0xcf, 0x5c, 0x50, 0xb7, 0xae, 0x02, - 0x1f, 0x15, 0x17, 0xaa, 0x16, 0xe8, 0x0d, 0xb5, 0x28, 0x9d, 0x6a, 0x5a, - 0xf3, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, - 0x80, 0x14, 0x2c, 0xd5, 0x50, 0x41, 0x97, 0x15, 0x8b, 0xf0, 0x8f, 0x36, - 0x61, 0x5b, 0x4a, 0xfb, 0x6b, 0xd9, 0x99, 0xc9, 0x33, 0x92, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xb4, 0x8e, 0xbd, 0x07, 0xb9, 0x9a, - 0x85, 0xec, 0x3b, 0x67, 0xbd, 0x07, 0x60, 0x61, 0xe6, 0x84, 0xd1, 0xd4, - 0xef, 0xeb, 0x1b, 0xba, 0x0b, 0x82, 0x4b, 0x95, 0x64, 0xb6, 0x66, 0x53, - 0x23, 0xbd, 0xb7, 0x84, 0xdd, 0xe4, 0x7b, 0x8d, 0x09, 0xda, 0xcf, 0xb2, - 0xf5, 0xf1, 0xc3, 0xbf, 0x87, 0x84, 0xbe, 0x4e, 0xa6, 0xa8, 0xc2, 0xe7, - 0x12, 0x39, 0x28, 0x34, 0xe0, 0xa4, 0x56, 0x44, 0x40, 0x0c, 0x9f, 0x88, - 0xa3, 0x15, 0xd3, 0xe8, 0xd3, 0x5e, 0xe3, 0x1c, 0x04, 0x60, 0xfb, 0x69, - 0x36, 0x4f, 0x6a, 0x7e, 0x0c, 0x2a, 0x28, 0xc1, 0xf3, 0xaa, 0x58, 0x0e, - 0x6c, 0xce, 0x1d, 0x07, 0xc3, 0x4a, 0xc0, 0x9c, 0x8d, 0xc3, 0x74, 0xb1, - 0xae, 0x82, 0xf0, 0x1a, 0xe1, 0xf9, 0x4e, 0x29, 0xbd, 0x46, 0xde, 0xb7, - 0x1d, 0xf9, 0x7d, 0xdb, 0xd9, 0x0f, 0x84, 0xcb, 0x92, 0x45, 0xcc, 0x1c, - 0xb3, 0x18, 0xf6, 0xa0, 0xcf, 0x71, 0x6f, 0x0c, 0x2e, 0x9b, 0xd2, 0x2d, - 0xb3, 0x99, 0x93, 0x83, 0x44, 0xac, 0x15, 0xaa, 0x9b, 0x2e, 0x67, 0xec, - 0x4f, 0x88, 0x69, 0x05, 0x56, 0x7b, 0x8b, 0xb2, 0x43, 0xa9, 0x3a, 0x6c, - 0x1c, 0x13, 0x33, 0x25, 0x1b, 0xfd, 0xa8, 0xc8, 0x57, 0x02, 0xfb, 0x1c, - 0xe0, 0xd1, 0xbd, 0x3b, 0x56, 0x44, 0x65, 0xc3, 0x63, 0xf5, 0x1b, 0xef, - 0xec, 0x30, 0xd9, 0xe3, 0x6e, 0x2e, 0x13, 0xe9, 0x39, 0x08, 0x2a, 0x0c, - 0x72, 0xf3, 0x9a, 0xcc, 0xf6, 0x27, 0x29, 0x84, 0xd3, 0xef, 0x4c, 0xc7, - 0x84, 0x11, 0x65, 0x1f, 0xc6, 0xe3, 0x81, 0x03, 0xdb, 0x87, 0xcc, 0x78, - 0xf7, 0xb5, 0x9d, 0x96, 0x3e, 0x6a, 0x7f, 0xbc, 0x11, 0x85, 0x7a, 0x75, - 0xe6, 0x41, 0x7d, 0x0d, 0xcf, 0xf9, 0xe5, 0x85, 0x69, 0x25, 0x8f, 0xc7, - 0x8d, 0x07, 0x2d, 0xf8, 0x69, 0x0f, 0xcb, 0x41, 0x53, 0x00, -} - -var certSet3Cert16 = []byte{ - 0x30, 0x82, 0x04, 0x6f, 0x30, 0x82, 0x03, 0x57, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x02, 0x3a, 0x73, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x42, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, - 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, - 0x36, 0x31, 0x31, 0x32, 0x32, 0x30, 0x32, 0x35, 0x39, 0x5a, 0x17, 0x0d, - 0x32, 0x32, 0x30, 0x35, 0x32, 0x30, 0x32, 0x32, 0x30, 0x32, 0x35, 0x39, - 0x5a, 0x30, 0x66, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x14, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x61, - 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x64, 0x20, 0x53, 0x53, 0x4c, 0x31, - 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x17, 0x47, 0x65, - 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x44, 0x56, 0x20, 0x53, 0x53, - 0x4c, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, 0x82, 0x01, - 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, - 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb3, 0x44, 0x3a, 0x6c, 0xb0, 0xae, - 0xcb, 0x14, 0xf9, 0x8c, 0x19, 0x74, 0x34, 0x5c, 0xa9, 0x69, 0xe3, 0x88, - 0x53, 0x77, 0xa5, 0xa7, 0xff, 0xbd, 0xd1, 0x3c, 0x0d, 0x27, 0xe4, 0xde, - 0xad, 0x7f, 0xbc, 0xd1, 0x90, 0x58, 0x93, 0xd6, 0xa6, 0xda, 0x39, 0x9c, - 0xad, 0xe1, 0x0e, 0x56, 0x46, 0xee, 0x95, 0x9e, 0x10, 0x68, 0x4c, 0x9c, - 0x2b, 0xf6, 0x6a, 0x3a, 0x8b, 0x80, 0x81, 0x87, 0x06, 0x57, 0x25, 0x1a, - 0x56, 0x52, 0x94, 0xdd, 0x90, 0xeb, 0x67, 0x3b, 0xde, 0xfa, 0xae, 0x36, - 0x68, 0xd3, 0x62, 0x69, 0xf6, 0x6c, 0x82, 0x24, 0x44, 0x4f, 0x87, 0x5c, - 0x98, 0x11, 0x95, 0x64, 0x6b, 0xe8, 0x0c, 0xd1, 0xdd, 0xe6, 0x27, 0x97, - 0xae, 0xcc, 0xe2, 0x91, 0x6a, 0x41, 0x12, 0xb6, 0xab, 0xe5, 0xcc, 0x6e, - 0xcc, 0x23, 0xb8, 0x63, 0x8a, 0x1f, 0x31, 0x93, 0x2d, 0x06, 0xc4, 0xf7, - 0xe8, 0x3d, 0x58, 0xcd, 0x97, 0x08, 0x46, 0x6c, 0x7b, 0x74, 0xc0, 0xf8, - 0xfc, 0x31, 0x3b, 0xa7, 0x7f, 0xd7, 0x8f, 0xb0, 0xc9, 0x15, 0x63, 0x50, - 0x7a, 0x12, 0x4d, 0xf5, 0x12, 0x1e, 0xa3, 0x7e, 0x55, 0xe3, 0x75, 0xb7, - 0xea, 0x1e, 0xea, 0x31, 0x2c, 0x08, 0x4e, 0xd8, 0xcb, 0x43, 0x74, 0x89, - 0x24, 0xbc, 0xd2, 0x0e, 0x1e, 0xf0, 0xdb, 0x05, 0x24, 0xf6, 0x8a, 0xbf, - 0x10, 0x27, 0x84, 0x41, 0x1a, 0xf6, 0x18, 0x53, 0xee, 0x91, 0xd0, 0x54, - 0x17, 0xd3, 0x7d, 0x3e, 0x7e, 0xb2, 0x7d, 0xa8, 0xbf, 0xdb, 0xb9, 0x21, - 0x2a, 0xf0, 0x89, 0xb9, 0x08, 0x6e, 0x5a, 0xb3, 0x5e, 0xea, 0x82, 0xb8, - 0x7e, 0x27, 0x0b, 0xcc, 0x56, 0x73, 0x81, 0x05, 0x4f, 0xe3, 0x96, 0x2d, - 0x71, 0xd5, 0x78, 0xa7, 0x60, 0xc3, 0xd7, 0xec, 0xaa, 0x39, 0x1a, 0x05, - 0x39, 0x82, 0x81, 0xe0, 0x15, 0x2c, 0x35, 0xd1, 0xee, 0x25, 0x02, 0x03, - 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x48, 0x30, 0x82, 0x01, 0x44, 0x30, - 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, - 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, 0xab, 0x05, 0x64, 0x0c, 0x11, - 0x7d, 0xaa, 0x7d, 0x65, 0xb8, 0xca, 0xcc, 0x4e, 0x30, 0x1d, 0x06, 0x03, - 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xad, 0x65, 0x22, 0x85, 0x90, - 0xd0, 0x3b, 0xe3, 0xa1, 0x49, 0x8b, 0x37, 0xf9, 0xf1, 0x0b, 0x1d, 0x5f, - 0x17, 0xa0, 0x77, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, - 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, - 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, - 0x02, 0x01, 0x06, 0x30, 0x35, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2e, - 0x30, 0x2c, 0x30, 0x2a, 0xa0, 0x28, 0xa0, 0x26, 0x86, 0x24, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x73, 0x2f, 0x67, 0x74, - 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x2e, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x22, - 0x30, 0x20, 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x01, 0x86, 0x12, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, - 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x64, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x4c, - 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x45, 0x30, 0x43, 0x30, 0x41, 0x06, - 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, 0x07, 0x36, 0x30, - 0x33, 0x30, 0x31, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, - 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, - 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, - 0x2f, 0x63, 0x70, 0x73, 0x30, 0x29, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, - 0x22, 0x30, 0x20, 0xa4, 0x1e, 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, - 0x65, 0x63, 0x50, 0x4b, 0x49, 0x2d, 0x31, 0x2d, 0x36, 0x39, 0x39, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x4e, 0x27, 0xb8, 0x1a, 0xc7, - 0x3b, 0xdc, 0x5d, 0xbb, 0x9e, 0x1a, 0x35, 0x23, 0x1e, 0x88, 0x55, 0x90, - 0xd1, 0xec, 0x86, 0x9c, 0x88, 0xb7, 0xe0, 0x1f, 0x67, 0x87, 0xe2, 0x7c, - 0xb5, 0x43, 0x03, 0x0e, 0xb6, 0x02, 0xe8, 0xe0, 0xff, 0x86, 0x84, 0x19, - 0x71, 0xe9, 0xf2, 0x4b, 0xf5, 0x9e, 0x2e, 0x2e, 0x5e, 0xdb, 0xab, 0xd6, - 0x1c, 0x4e, 0xc4, 0x3e, 0xb8, 0x2c, 0x78, 0x86, 0x71, 0x10, 0xae, 0x8d, - 0xc5, 0x70, 0xbf, 0xa4, 0xf9, 0x89, 0xe6, 0xb4, 0xed, 0xe8, 0x4b, 0xed, - 0x7c, 0x09, 0x2a, 0x09, 0x08, 0x06, 0x3e, 0xd4, 0xe1, 0xde, 0x82, 0x92, - 0x0c, 0x34, 0x30, 0x35, 0x0a, 0xc1, 0x60, 0x75, 0xca, 0xb6, 0x55, 0x6b, - 0xaa, 0x00, 0x42, 0xcb, 0x3f, 0xfb, 0x10, 0xe1, 0xfb, 0x85, 0xc1, 0x21, - 0x90, 0x72, 0x2b, 0x6e, 0xc0, 0xe8, 0x9d, 0xd9, 0xb5, 0x5a, 0x50, 0x8e, - 0x34, 0x1e, 0xbb, 0x38, 0xa7, 0x3c, 0x31, 0xbd, 0x7a, 0xf2, 0x43, 0x8b, - 0xeb, 0x16, 0xca, 0xad, 0x9b, 0xde, 0x6b, 0x1e, 0xf8, 0x4f, 0xb6, 0x5e, - 0x4a, 0x29, 0x1f, 0x7a, 0x14, 0xee, 0x91, 0xf4, 0x94, 0x4f, 0xa4, 0xbd, - 0x9b, 0x76, 0x7a, 0xbc, 0xf1, 0x51, 0x7a, 0x96, 0xa8, 0x81, 0x0e, 0x83, - 0x87, 0x3f, 0x8b, 0xae, 0x5e, 0x32, 0x9b, 0x34, 0x9e, 0xb2, 0xe7, 0xdb, - 0x2f, 0xec, 0x02, 0xa0, 0xe1, 0xfd, 0x51, 0x52, 0xfe, 0x2c, 0xdb, 0x36, - 0xba, 0xc1, 0xd6, 0x5e, 0x4b, 0x58, 0x6d, 0xde, 0xc6, 0xe1, 0xe1, 0xfa, - 0x9a, 0x03, 0x2c, 0x5b, 0xa2, 0xe1, 0xb3, 0x9b, 0xf9, 0x36, 0xec, 0xc1, - 0x73, 0xfa, 0x33, 0x12, 0x66, 0x95, 0xe3, 0x69, 0x10, 0xb6, 0xd7, 0xaa, - 0x33, 0xfa, 0xf6, 0x9d, 0x41, 0x6d, 0x96, 0x2a, 0xba, 0xbe, 0x83, 0x31, - 0x41, 0x7f, 0x0c, 0x0a, 0xd2, 0x69, 0xd6, 0xfc, 0x35, 0x4c, 0xc3, -} - -var certSet3Cert17 = []byte{ - 0x30, 0x82, 0x04, 0x75, 0x30, 0x82, 0x03, 0x5d, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x09, 0x00, 0xa7, 0x0e, 0x4a, 0x4c, 0x34, 0x82, 0xb7, 0x7f, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x05, 0x00, 0x30, 0x68, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, - 0x55, 0x04, 0x0a, 0x13, 0x1c, 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, - 0x6c, 0x64, 0x20, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, - 0x69, 0x65, 0x73, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x32, 0x30, - 0x30, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x29, 0x53, 0x74, 0x61, 0x72, - 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, - 0x32, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x39, 0x30, 0x39, 0x30, 0x32, 0x30, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34, 0x30, 0x36, - 0x32, 0x38, 0x31, 0x37, 0x33, 0x39, 0x31, 0x36, 0x5a, 0x30, 0x81, 0x98, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, - 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31, 0x13, 0x30, 0x11, 0x06, - 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63, 0x6f, 0x74, 0x74, 0x73, - 0x64, 0x61, 0x6c, 0x65, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x1c, 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, - 0x20, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x69, 0x65, - 0x73, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x3b, 0x30, 0x39, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, - 0x65, 0x6c, 0x64, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, - 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xd5, 0x0c, 0x3a, 0xc4, 0x2a, 0xf9, 0x4e, - 0xe2, 0xf5, 0xbe, 0x19, 0x97, 0x5f, 0x8e, 0x88, 0x53, 0xb1, 0x1f, 0x3f, - 0xcb, 0xcf, 0x9f, 0x20, 0x13, 0x6d, 0x29, 0x3a, 0xc8, 0x0f, 0x7d, 0x3c, - 0xf7, 0x6b, 0x76, 0x38, 0x63, 0xd9, 0x36, 0x60, 0xa8, 0x9b, 0x5e, 0x5c, - 0x00, 0x80, 0xb2, 0x2f, 0x59, 0x7f, 0xf6, 0x87, 0xf9, 0x25, 0x43, 0x86, - 0xe7, 0x69, 0x1b, 0x52, 0x9a, 0x90, 0xe1, 0x71, 0xe3, 0xd8, 0x2d, 0x0d, - 0x4e, 0x6f, 0xf6, 0xc8, 0x49, 0xd9, 0xb6, 0xf3, 0x1a, 0x56, 0xae, 0x2b, - 0xb6, 0x74, 0x14, 0xeb, 0xcf, 0xfb, 0x26, 0xe3, 0x1a, 0xba, 0x1d, 0x96, - 0x2e, 0x6a, 0x3b, 0x58, 0x94, 0x89, 0x47, 0x56, 0xff, 0x25, 0xa0, 0x93, - 0x70, 0x53, 0x83, 0xda, 0x84, 0x74, 0x14, 0xc3, 0x67, 0x9e, 0x04, 0x68, - 0x3a, 0xdf, 0x8e, 0x40, 0x5a, 0x1d, 0x4a, 0x4e, 0xcf, 0x43, 0x91, 0x3b, - 0xe7, 0x56, 0xd6, 0x00, 0x70, 0xcb, 0x52, 0xee, 0x7b, 0x7d, 0xae, 0x3a, - 0xe7, 0xbc, 0x31, 0xf9, 0x45, 0xf6, 0xc2, 0x60, 0xcf, 0x13, 0x59, 0x02, - 0x2b, 0x80, 0xcc, 0x34, 0x47, 0xdf, 0xb9, 0xde, 0x90, 0x65, 0x6d, 0x02, - 0xcf, 0x2c, 0x91, 0xa6, 0xa6, 0xe7, 0xde, 0x85, 0x18, 0x49, 0x7c, 0x66, - 0x4e, 0xa3, 0x3a, 0x6d, 0xa9, 0xb5, 0xee, 0x34, 0x2e, 0xba, 0x0d, 0x03, - 0xb8, 0x33, 0xdf, 0x47, 0xeb, 0xb1, 0x6b, 0x8d, 0x25, 0xd9, 0x9b, 0xce, - 0x81, 0xd1, 0x45, 0x46, 0x32, 0x96, 0x70, 0x87, 0xde, 0x02, 0x0e, 0x49, - 0x43, 0x85, 0xb6, 0x6c, 0x73, 0xbb, 0x64, 0xea, 0x61, 0x41, 0xac, 0xc9, - 0xd4, 0x54, 0xdf, 0x87, 0x2f, 0xc7, 0x22, 0xb2, 0x26, 0xcc, 0x9f, 0x59, - 0x54, 0x68, 0x9f, 0xfc, 0xbe, 0x2a, 0x2f, 0xc4, 0x55, 0x1c, 0x75, 0x40, - 0x60, 0x17, 0x85, 0x02, 0x55, 0x39, 0x8b, 0x7f, 0x05, 0x02, 0x03, 0x01, - 0x00, 0x01, 0xa3, 0x81, 0xf0, 0x30, 0x81, 0xed, 0x30, 0x0f, 0x06, 0x03, - 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, - 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, - 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, - 0x04, 0x16, 0x04, 0x14, 0x9c, 0x5f, 0x00, 0xdf, 0xaa, 0x01, 0xd7, 0x30, - 0x2b, 0x38, 0x88, 0xa2, 0xb8, 0x6d, 0x4a, 0x9c, 0xf2, 0x11, 0x91, 0x83, - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, - 0x14, 0xbf, 0x5f, 0xb7, 0xd1, 0xce, 0xdd, 0x1f, 0x86, 0xf4, 0x5b, 0x55, - 0xac, 0xdc, 0xd7, 0x10, 0xc2, 0x0e, 0xa9, 0x88, 0xe7, 0x30, 0x4f, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x43, 0x30, - 0x41, 0x30, 0x1c, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, - 0x01, 0x86, 0x10, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x2e, - 0x73, 0x73, 0x32, 0x2e, 0x75, 0x73, 0x2f, 0x30, 0x21, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x15, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x78, 0x2e, 0x73, 0x73, 0x32, 0x2e, 0x75, 0x73, - 0x2f, 0x78, 0x2e, 0x63, 0x65, 0x72, 0x30, 0x26, 0x06, 0x03, 0x55, 0x1d, - 0x1f, 0x04, 0x1f, 0x30, 0x1d, 0x30, 0x1b, 0xa0, 0x19, 0xa0, 0x17, 0x86, - 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x73, 0x2e, 0x73, 0x73, - 0x32, 0x2e, 0x75, 0x73, 0x2f, 0x72, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x11, - 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x0a, 0x30, 0x08, 0x30, 0x06, 0x06, - 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, - 0x00, 0x23, 0x1d, 0xe3, 0x8a, 0x57, 0xca, 0x7d, 0xe9, 0x17, 0x79, 0x4c, - 0xf1, 0x1e, 0x55, 0xfd, 0xcc, 0x53, 0x6e, 0x3e, 0x47, 0x0f, 0xdf, 0xc6, - 0x55, 0xf2, 0xb2, 0x04, 0x36, 0xed, 0x80, 0x1f, 0x53, 0xc4, 0x5d, 0x34, - 0x28, 0x6b, 0xbe, 0xc7, 0x55, 0xfc, 0x67, 0xea, 0xcb, 0x3f, 0x7f, 0x90, - 0xb2, 0x33, 0xcd, 0x1b, 0x58, 0x10, 0x82, 0x02, 0xf8, 0xf8, 0x2f, 0xf5, - 0x13, 0x60, 0xd4, 0x05, 0xce, 0xf1, 0x81, 0x08, 0xc1, 0xdd, 0xa7, 0x75, - 0x97, 0x4f, 0x18, 0xb9, 0x6d, 0xde, 0xf7, 0x93, 0x91, 0x08, 0xba, 0x7e, - 0x40, 0x2c, 0xed, 0xc1, 0xea, 0xbb, 0x76, 0x9e, 0x33, 0x06, 0x77, 0x1d, - 0x0d, 0x08, 0x7f, 0x53, 0xdd, 0x1b, 0x64, 0xab, 0x82, 0x27, 0xf1, 0x69, - 0xd5, 0x4d, 0x5e, 0xae, 0xf4, 0xa1, 0xc3, 0x75, 0xa7, 0x58, 0x44, 0x2d, - 0xf2, 0x3c, 0x70, 0x98, 0xac, 0xba, 0x69, 0xb6, 0x95, 0x77, 0x7f, 0x0f, - 0x31, 0x5e, 0x2c, 0xfc, 0xa0, 0x87, 0x3a, 0x47, 0x69, 0xf0, 0x79, 0x5f, - 0xf4, 0x14, 0x54, 0xa4, 0x95, 0x5e, 0x11, 0x78, 0x12, 0x60, 0x27, 0xce, - 0x9f, 0xc2, 0x77, 0xff, 0x23, 0x53, 0x77, 0x5d, 0xba, 0xff, 0xea, 0x59, - 0xe7, 0xdb, 0xcf, 0xaf, 0x92, 0x96, 0xef, 0x24, 0x9a, 0x35, 0x10, 0x7a, - 0x9c, 0x91, 0xc6, 0x0e, 0x7d, 0x99, 0xf6, 0x3f, 0x19, 0xdf, 0xf5, 0x72, - 0x54, 0xe1, 0x15, 0xa9, 0x07, 0x59, 0x7b, 0x83, 0xbf, 0x52, 0x2e, 0x46, - 0x8c, 0xb2, 0x00, 0x64, 0x76, 0x1c, 0x48, 0xd3, 0xd8, 0x79, 0xe8, 0x6e, - 0x56, 0xcc, 0xae, 0x2c, 0x03, 0x90, 0xd7, 0x19, 0x38, 0x99, 0xe4, 0xca, - 0x09, 0x19, 0x5b, 0xff, 0x07, 0x96, 0xb0, 0xa8, 0x7f, 0x34, 0x49, 0xdf, - 0x56, 0xa9, 0xf7, 0xb0, 0x5f, 0xed, 0x33, 0xed, 0x8c, 0x47, 0xb7, 0x30, - 0x03, 0x5d, 0xf4, 0x03, 0x8c, -} - -var certSet3Cert18 = []byte{ - 0x30, 0x82, 0x04, 0x79, 0x30, 0x82, 0x03, 0x61, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x04, 0x07, 0x27, 0xa2, 0x76, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x5a, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, - 0x45, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x09, - 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x31, 0x13, 0x30, - 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0a, 0x43, 0x79, 0x62, 0x65, - 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x19, 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, - 0x72, 0x65, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, - 0x30, 0x32, 0x32, 0x37, 0x31, 0x38, 0x30, 0x39, 0x32, 0x37, 0x5a, 0x17, - 0x0d, 0x32, 0x30, 0x30, 0x36, 0x30, 0x39, 0x31, 0x37, 0x30, 0x37, 0x32, - 0x39, 0x5a, 0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x4a, 0x50, 0x31, 0x23, 0x30, 0x21, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x13, 0x1a, 0x43, 0x79, 0x62, 0x65, 0x72, 0x74, 0x72, 0x75, - 0x73, 0x74, 0x20, 0x4a, 0x61, 0x70, 0x61, 0x6e, 0x20, 0x43, 0x6f, 0x2e, - 0x2c, 0x20, 0x4c, 0x74, 0x64, 0x2e, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x1d, 0x43, 0x79, 0x62, 0x65, 0x72, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x20, 0x4a, 0x61, 0x70, 0x61, 0x6e, 0x20, 0x50, 0x75, - 0x62, 0x6c, 0x69, 0x63, 0x20, 0x43, 0x41, 0x20, 0x47, 0x33, 0x30, 0x82, - 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, - 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x94, 0x56, 0xa3, 0x45, 0x44, - 0x54, 0xaa, 0x60, 0x64, 0xbf, 0xb8, 0x57, 0x9f, 0x4e, 0xdb, 0xd4, 0x79, - 0x68, 0x5f, 0x13, 0x05, 0xf4, 0x3f, 0xcd, 0x25, 0xdd, 0x3c, 0x5e, 0x58, - 0x77, 0x1c, 0x9d, 0xe6, 0x9f, 0xe3, 0x32, 0x49, 0xef, 0x02, 0x3a, 0x34, - 0x53, 0x8d, 0x52, 0xe5, 0xe3, 0x39, 0x66, 0x1f, 0xe7, 0x33, 0x61, 0xb6, - 0x27, 0xc6, 0x24, 0x55, 0x50, 0x27, 0x02, 0x65, 0xf0, 0xb0, 0x8c, 0x41, - 0x8d, 0x30, 0x5e, 0x47, 0x5b, 0x82, 0x6f, 0xc7, 0x9c, 0xa3, 0x28, 0x43, - 0x6d, 0x58, 0x7b, 0xc8, 0x15, 0x98, 0x4e, 0x25, 0x6f, 0xcb, 0x76, 0x27, - 0x5b, 0x0b, 0x2c, 0x2c, 0xb5, 0x98, 0x23, 0xe7, 0x8b, 0x7c, 0xfd, 0x77, - 0x1a, 0xc4, 0x52, 0xba, 0x5d, 0x19, 0xee, 0x78, 0x21, 0x4d, 0x21, 0x9a, - 0xd9, 0x12, 0x7c, 0x33, 0x15, 0x6b, 0x1a, 0xc9, 0x81, 0xea, 0xda, 0xda, - 0x57, 0xb7, 0xd5, 0x2f, 0xce, 0x1f, 0x4b, 0xfc, 0xb4, 0x33, 0xe0, 0xa0, - 0xc9, 0x94, 0x27, 0xbb, 0x27, 0x40, 0xb6, 0x90, 0xdb, 0xac, 0x9e, 0x75, - 0xa6, 0x11, 0x2b, 0x49, 0x19, 0x2d, 0xc3, 0xc2, 0x43, 0x07, 0x09, 0xbb, - 0x3d, 0x6e, 0x88, 0xa3, 0xe3, 0x8a, 0xc5, 0xd2, 0x86, 0xf6, 0x65, 0x5b, - 0x34, 0xc3, 0x9f, 0x4c, 0x02, 0xe5, 0x09, 0xba, 0x2c, 0xc6, 0x76, 0x66, - 0xeb, 0xd1, 0x76, 0x25, 0xf4, 0x30, 0x13, 0xfb, 0x58, 0x60, 0xa8, 0x58, - 0xe3, 0x51, 0x6f, 0x4b, 0x08, 0x04, 0x61, 0x8d, 0xac, 0xa9, 0x30, 0x2f, - 0x52, 0x41, 0xa3, 0x22, 0xc1, 0x33, 0x59, 0xab, 0x7b, 0x59, 0xf9, 0x93, - 0x67, 0x4b, 0xc9, 0x89, 0x75, 0x52, 0xef, 0x29, 0x49, 0x34, 0x93, 0x1c, - 0x9c, 0x93, 0x73, 0x9c, 0x19, 0xce, 0x5c, 0x18, 0xcd, 0x4c, 0x09, 0x27, - 0xc1, 0x3f, 0xf5, 0x49, 0xec, 0xf4, 0xe2, 0xdf, 0x4b, 0xaf, 0x8f, 0x02, - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x45, 0x30, 0x82, 0x01, 0x41, - 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, - 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x53, 0x06, 0x03, - 0x55, 0x1d, 0x20, 0x04, 0x4c, 0x30, 0x4a, 0x30, 0x48, 0x06, 0x09, 0x2b, - 0x06, 0x01, 0x04, 0x01, 0xb1, 0x3e, 0x01, 0x00, 0x30, 0x3b, 0x30, 0x39, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x2d, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x79, 0x62, 0x65, 0x72, - 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6f, 0x6d, 0x6e, 0x69, 0x72, 0x6f, - 0x6f, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, - 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2e, 0x63, 0x66, 0x6d, 0x30, 0x42, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x36, 0x30, - 0x34, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, - 0x01, 0x86, 0x26, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, - 0x73, 0x70, 0x2e, 0x6f, 0x6d, 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x62, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, - 0x65, 0x72, 0x6f, 0x6f, 0x74, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, - 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1f, 0x06, - 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xe5, 0x9d, - 0x59, 0x30, 0x82, 0x47, 0x58, 0xcc, 0xac, 0xfa, 0x08, 0x54, 0x36, 0x86, - 0x7b, 0x3a, 0xb5, 0x04, 0x4d, 0xf0, 0x30, 0x42, 0x06, 0x03, 0x55, 0x1d, - 0x1f, 0x04, 0x3b, 0x30, 0x39, 0x30, 0x37, 0xa0, 0x35, 0xa0, 0x33, 0x86, - 0x31, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x64, 0x70, 0x31, - 0x2e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2d, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x52, 0x4c, 0x2f, 0x4f, 0x6d, - 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x32, 0x30, 0x32, 0x35, 0x2e, 0x63, - 0x72, 0x6c, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, - 0x14, 0x73, 0xa8, 0x08, 0x53, 0x29, 0xb8, 0x15, 0xfb, 0x99, 0x80, 0xe5, - 0xc5, 0x37, 0xd8, 0xf8, 0x39, 0x7b, 0xa4, 0x13, 0x06, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x01, 0x00, 0x68, 0xdf, 0xfe, 0x72, 0x54, 0x4e, 0x1b, - 0xfb, 0x5c, 0x6e, 0x5a, 0x45, 0x46, 0xcf, 0x42, 0xbe, 0xb2, 0x02, 0x9c, - 0x9d, 0x90, 0x6a, 0x09, 0x2e, 0xb7, 0x36, 0x64, 0x24, 0xb6, 0xb1, 0xe2, - 0x48, 0x67, 0xce, 0x17, 0x46, 0x9b, 0x23, 0x75, 0x78, 0x11, 0xf6, 0xc6, - 0x09, 0x38, 0x42, 0x62, 0x96, 0x97, 0x30, 0x7b, 0x51, 0x77, 0xdf, 0x33, - 0xb5, 0x00, 0x51, 0x29, 0xd5, 0x24, 0xfe, 0xb7, 0x98, 0xa2, 0xac, 0x6c, - 0xa1, 0x13, 0x7f, 0xca, 0xf3, 0xb7, 0xa6, 0x52, 0xc2, 0x16, 0x0d, 0xec, - 0x3a, 0xbf, 0xa3, 0x37, 0x77, 0x4f, 0xae, 0x7b, 0x55, 0x1d, 0x46, 0xe9, - 0x10, 0xda, 0xc3, 0xb4, 0x05, 0x5c, 0x5b, 0xf6, 0x48, 0x21, 0x00, 0x89, - 0xf4, 0xbb, 0x38, 0x8e, 0x1e, 0x33, 0xf3, 0x49, 0x97, 0x81, 0x31, 0x6c, - 0x16, 0x74, 0x08, 0x91, 0x17, 0xc0, 0xd3, 0x25, 0xb3, 0xbc, 0xc1, 0x15, - 0xb5, 0xa4, 0xcd, 0x84, 0x4d, 0xb9, 0xc8, 0xeb, 0xc5, 0x59, 0x42, 0x10, - 0x14, 0x25, 0x79, 0xf8, 0xdb, 0xb6, 0xd0, 0xe6, 0xd3, 0xa0, 0x14, 0x7c, - 0x17, 0x1c, 0x20, 0x1e, 0xed, 0x99, 0x90, 0x65, 0xc0, 0x41, 0x71, 0xc3, - 0xab, 0x3f, 0x29, 0x41, 0x67, 0xf9, 0xe2, 0xd1, 0x98, 0xe3, 0xf8, 0xdf, - 0x3a, 0xb8, 0xca, 0xa3, 0x6f, 0x68, 0x8b, 0x6c, 0x9f, 0x6e, 0x88, 0x7c, - 0x9d, 0x41, 0x5c, 0xba, 0xcb, 0x19, 0x05, 0x83, 0x9c, 0x99, 0xf4, 0x1a, - 0xd2, 0x24, 0x69, 0x57, 0x0a, 0x0f, 0x7a, 0xc3, 0x1b, 0x2c, 0x4b, 0x06, - 0xd3, 0x2a, 0x97, 0x7e, 0x07, 0xb0, 0xf9, 0x20, 0x5a, 0xb5, 0x92, 0x4b, - 0x5b, 0xa8, 0xeb, 0xeb, 0x36, 0x33, 0x47, 0x36, 0xda, 0x72, 0x9c, 0xbf, - 0x68, 0x45, 0x81, 0x31, 0xbe, 0xd2, 0xfd, 0x3b, 0xe9, 0x72, 0xd5, 0x70, - 0xdd, 0xa6, 0xde, 0x5f, 0x0d, 0xb6, 0x5e, 0x00, 0x49, -} - -var certSet3Cert19 = []byte{ - 0x30, 0x82, 0x04, 0x7d, 0x30, 0x82, 0x03, 0x65, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x1b, 0xe7, 0x15, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x63, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x18, 0x54, - 0x68, 0x65, 0x20, 0x47, 0x6f, 0x20, 0x44, 0x61, 0x64, 0x64, 0x79, 0x20, - 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, - 0x31, 0x30, 0x2f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x28, 0x47, 0x6f, - 0x20, 0x44, 0x61, 0x64, 0x64, 0x79, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, - 0x20, 0x32, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x31, 0x30, 0x31, - 0x30, 0x37, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x31, 0x30, - 0x35, 0x33, 0x30, 0x30, 0x37, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, - 0x83, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, - 0x07, 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31, 0x13, 0x30, 0x11, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63, 0x6f, 0x74, 0x74, - 0x73, 0x64, 0x61, 0x6c, 0x65, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x13, 0x11, 0x47, 0x6f, 0x44, 0x61, 0x64, 0x64, 0x79, 0x2e, - 0x63, 0x6f, 0x6d, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x31, 0x30, - 0x2f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x28, 0x47, 0x6f, 0x20, 0x44, - 0x61, 0x64, 0x64, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x32, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0x71, 0x62, - 0x08, 0xf1, 0xfa, 0x59, 0x34, 0xf7, 0x1b, 0xc9, 0x18, 0xa3, 0xf7, 0x80, - 0x49, 0x58, 0xe9, 0x22, 0x83, 0x13, 0xa6, 0xc5, 0x20, 0x43, 0x01, 0x3b, - 0x84, 0xf1, 0xe6, 0x85, 0x49, 0x9f, 0x27, 0xea, 0xf6, 0x84, 0x1b, 0x4e, - 0xa0, 0xb4, 0xdb, 0x70, 0x98, 0xc7, 0x32, 0x01, 0xb1, 0x05, 0x3e, 0x07, - 0x4e, 0xee, 0xf4, 0xfa, 0x4f, 0x2f, 0x59, 0x30, 0x22, 0xe7, 0xab, 0x19, - 0x56, 0x6b, 0xe2, 0x80, 0x07, 0xfc, 0xf3, 0x16, 0x75, 0x80, 0x39, 0x51, - 0x7b, 0xe5, 0xf9, 0x35, 0xb6, 0x74, 0x4e, 0xa9, 0x8d, 0x82, 0x13, 0xe4, - 0xb6, 0x3f, 0xa9, 0x03, 0x83, 0xfa, 0xa2, 0xbe, 0x8a, 0x15, 0x6a, 0x7f, - 0xde, 0x0b, 0xc3, 0xb6, 0x19, 0x14, 0x05, 0xca, 0xea, 0xc3, 0xa8, 0x04, - 0x94, 0x3b, 0x46, 0x7c, 0x32, 0x0d, 0xf3, 0x00, 0x66, 0x22, 0xc8, 0x8d, - 0x69, 0x6d, 0x36, 0x8c, 0x11, 0x18, 0xb7, 0xd3, 0xb2, 0x1c, 0x60, 0xb4, - 0x38, 0xfa, 0x02, 0x8c, 0xce, 0xd3, 0xdd, 0x46, 0x07, 0xde, 0x0a, 0x3e, - 0xeb, 0x5d, 0x7c, 0xc8, 0x7c, 0xfb, 0xb0, 0x2b, 0x53, 0xa4, 0x92, 0x62, - 0x69, 0x51, 0x25, 0x05, 0x61, 0x1a, 0x44, 0x81, 0x8c, 0x2c, 0xa9, 0x43, - 0x96, 0x23, 0xdf, 0xac, 0x3a, 0x81, 0x9a, 0x0e, 0x29, 0xc5, 0x1c, 0xa9, - 0xe9, 0x5d, 0x1e, 0xb6, 0x9e, 0x9e, 0x30, 0x0a, 0x39, 0xce, 0xf1, 0x88, - 0x80, 0xfb, 0x4b, 0x5d, 0xcc, 0x32, 0xec, 0x85, 0x62, 0x43, 0x25, 0x34, - 0x02, 0x56, 0x27, 0x01, 0x91, 0xb4, 0x3b, 0x70, 0x2a, 0x3f, 0x6e, 0xb1, - 0xe8, 0x9c, 0x88, 0x01, 0x7d, 0x9f, 0xd4, 0xf9, 0xdb, 0x53, 0x6d, 0x60, - 0x9d, 0xbf, 0x2c, 0xe7, 0x58, 0xab, 0xb8, 0x5f, 0x46, 0xfc, 0xce, 0xc4, - 0x1b, 0x03, 0x3c, 0x09, 0xeb, 0x49, 0x31, 0x5c, 0x69, 0x46, 0xb3, 0xe0, - 0x47, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x17, 0x30, 0x82, - 0x01, 0x13, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, - 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3a, 0x9a, - 0x85, 0x07, 0x10, 0x67, 0x28, 0xb6, 0xef, 0xf6, 0xbd, 0x05, 0x41, 0x6e, - 0x20, 0xc1, 0x94, 0xda, 0x0f, 0xde, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xd2, 0xc4, 0xb0, 0xd2, 0x91, - 0xd4, 0x4c, 0x11, 0x71, 0xb3, 0x61, 0xcb, 0x3d, 0xa1, 0xfe, 0xdd, 0xa8, - 0x6a, 0xd4, 0xe3, 0x30, 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x01, 0x01, 0x04, 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x6f, 0x64, - 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x30, 0x32, 0x06, - 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2b, 0x30, 0x29, 0x30, 0x27, 0xa0, 0x25, - 0xa0, 0x23, 0x86, 0x21, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, - 0x72, 0x6c, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x67, 0x64, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x72, - 0x6c, 0x30, 0x46, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3f, 0x30, 0x3d, - 0x30, 0x3b, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x33, 0x30, 0x31, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, - 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, - 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, - 0x2f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x59, 0x0b, 0x53, - 0xbd, 0x92, 0x86, 0x11, 0xa7, 0x24, 0x7b, 0xed, 0x5b, 0x31, 0xcf, 0x1d, - 0x1f, 0x6c, 0x70, 0xc5, 0xb8, 0x6e, 0xbe, 0x4e, 0xbb, 0xf6, 0xbe, 0x97, - 0x50, 0xe1, 0x30, 0x7f, 0xba, 0x28, 0x5c, 0x62, 0x94, 0xc2, 0xe3, 0x7e, - 0x33, 0xf7, 0xfb, 0x42, 0x76, 0x85, 0xdb, 0x95, 0x1c, 0x8c, 0x22, 0x58, - 0x75, 0x09, 0x0c, 0x88, 0x65, 0x67, 0x39, 0x0a, 0x16, 0x09, 0xc5, 0xa0, - 0x38, 0x97, 0xa4, 0xc5, 0x23, 0x93, 0x3f, 0xb4, 0x18, 0xa6, 0x01, 0x06, - 0x44, 0x91, 0xe3, 0xa7, 0x69, 0x27, 0xb4, 0x5a, 0x25, 0x7f, 0x3a, 0xb7, - 0x32, 0xcd, 0xdd, 0x84, 0xff, 0x2a, 0x38, 0x29, 0x33, 0xa4, 0xdd, 0x67, - 0xb2, 0x85, 0xfe, 0xa1, 0x88, 0x20, 0x1c, 0x50, 0x89, 0xc8, 0xdc, 0x2a, - 0xf6, 0x42, 0x03, 0x37, 0x4c, 0xe6, 0x88, 0xdf, 0xd5, 0xaf, 0x24, 0xf2, - 0xb1, 0xc3, 0xdf, 0xcc, 0xb5, 0xec, 0xe0, 0x99, 0x5e, 0xb7, 0x49, 0x54, - 0x20, 0x3c, 0x94, 0x18, 0x0c, 0xc7, 0x1c, 0x52, 0x18, 0x49, 0xa4, 0x6d, - 0xe1, 0xb3, 0x58, 0x0b, 0xc9, 0xd8, 0xec, 0xd9, 0xae, 0x1c, 0x32, 0x8e, - 0x28, 0x70, 0x0d, 0xe2, 0xfe, 0xa6, 0x17, 0x9e, 0x84, 0x0f, 0xbd, 0x57, - 0x70, 0xb3, 0x5a, 0xe9, 0x1f, 0xa0, 0x86, 0x53, 0xbb, 0xef, 0x7c, 0xff, - 0x69, 0x0b, 0xe0, 0x48, 0xc3, 0xb7, 0x93, 0x0b, 0xc8, 0x0a, 0x54, 0xc4, - 0xac, 0x5d, 0x14, 0x67, 0x37, 0x6c, 0xca, 0xa5, 0x2f, 0x31, 0x08, 0x37, - 0xaa, 0x6e, 0x6f, 0x8c, 0xbc, 0x9b, 0xe2, 0x57, 0x5d, 0x24, 0x81, 0xaf, - 0x97, 0x97, 0x9c, 0x84, 0xad, 0x6c, 0xac, 0x37, 0x4c, 0x66, 0xf3, 0x61, - 0x91, 0x11, 0x20, 0xe4, 0xbe, 0x30, 0x9f, 0x7a, 0xa4, 0x29, 0x09, 0xb0, - 0xe1, 0x34, 0x5f, 0x64, 0x77, 0x18, 0x40, 0x51, 0xdf, 0x8c, 0x30, 0xa6, - 0xaf, -} - -var certSet3Cert20 = []byte{ - 0x30, 0x82, 0x04, 0x8b, 0x30, 0x82, 0x03, 0x73, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x0e, 0x46, 0xf0, 0x8c, 0xdb, 0xcf, 0x2c, 0x54, 0x66, 0xef, - 0x33, 0x01, 0xdd, 0x5f, 0x34, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x57, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, - 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10, 0x47, 0x6c, - 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, - 0x73, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1b, 0x30, 0x19, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, 0x6c, 0x6f, 0x62, 0x61, - 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, - 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x38, 0x31, 0x39, 0x30, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x35, 0x30, 0x38, - 0x31, 0x39, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x57, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, - 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10, 0x47, - 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x6e, 0x76, - 0x2d, 0x73, 0x61, 0x31, 0x2d, 0x30, 0x2b, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x24, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, - 0x20, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, - 0x20, 0x2d, 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x2d, 0x20, - 0x47, 0x33, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa3, - 0xc0, 0x75, 0xe1, 0x32, 0x98, 0xe5, 0xd9, 0xae, 0x84, 0x7c, 0x8d, 0xe8, - 0x23, 0x5f, 0x46, 0x95, 0x5b, 0x4c, 0xa2, 0x25, 0x70, 0xd7, 0x90, 0x04, - 0x85, 0x80, 0xc9, 0xb5, 0xf4, 0x8a, 0x65, 0x4d, 0x92, 0xcb, 0xa5, 0xc4, - 0x42, 0xa0, 0xb6, 0x79, 0x25, 0x31, 0xed, 0xf1, 0x85, 0x20, 0xcd, 0x13, - 0x51, 0x3d, 0x67, 0xac, 0x97, 0x4d, 0x68, 0x9b, 0x33, 0x86, 0x5c, 0xb3, - 0x7b, 0x2d, 0xaa, 0xdf, 0x77, 0xa0, 0x61, 0xd1, 0xf5, 0x3c, 0xfb, 0x9a, - 0xfc, 0xd3, 0xd5, 0x94, 0xca, 0xc9, 0x1e, 0x80, 0x1b, 0x90, 0x90, 0xc8, - 0xac, 0x8d, 0xf6, 0x60, 0x17, 0x9c, 0x31, 0xb8, 0xc5, 0x61, 0xa2, 0xe2, - 0x6e, 0x57, 0x25, 0x08, 0x6f, 0x24, 0x99, 0x99, 0xcf, 0x94, 0xbf, 0xc7, - 0x8b, 0x6b, 0xb0, 0x1f, 0xca, 0x14, 0xfa, 0x18, 0x9b, 0x6c, 0x10, 0x7c, - 0x99, 0x2b, 0xda, 0x4a, 0x63, 0xe5, 0xb2, 0x4e, 0xc2, 0xfd, 0x3e, 0x10, - 0x0b, 0x48, 0xf4, 0x77, 0x0b, 0x2f, 0xf0, 0x96, 0x4b, 0x3a, 0xee, 0xbd, - 0x35, 0xde, 0x85, 0x8d, 0xda, 0x13, 0x0e, 0xce, 0x01, 0xc4, 0x71, 0xd3, - 0xd3, 0x77, 0xc5, 0x08, 0xa6, 0x60, 0x39, 0x25, 0xa7, 0x27, 0x69, 0x5c, - 0x83, 0xd1, 0x6f, 0x76, 0x78, 0xee, 0xc5, 0x44, 0x5b, 0x45, 0xbd, 0x29, - 0x3b, 0xe2, 0xc6, 0x09, 0x0f, 0xa2, 0xbe, 0x2b, 0xdc, 0xe3, 0x5c, 0xda, - 0x5a, 0x6f, 0x8e, 0xe7, 0xc9, 0x07, 0x6b, 0x7e, 0xa1, 0xc0, 0x53, 0x95, - 0x82, 0x89, 0xe0, 0x78, 0x5c, 0x72, 0xa8, 0x6c, 0xbe, 0x67, 0x6b, 0xab, - 0xe7, 0x33, 0xd9, 0x87, 0xf2, 0xf8, 0x5c, 0x27, 0xf4, 0xf6, 0x2a, 0x3b, - 0x87, 0xef, 0xda, 0xc2, 0x47, 0xda, 0xbf, 0xac, 0xeb, 0x27, 0x64, 0x7b, - 0x4c, 0x53, 0xeb, 0x34, 0xe1, 0x2f, 0x9b, 0x20, 0x4d, 0x54, 0x12, 0x6b, - 0x7d, 0x28, 0xbd, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x53, - 0x30, 0x82, 0x01, 0x4f, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, - 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, - 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x03, 0x02, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, - 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa9, 0x2b, - 0x87, 0xe1, 0xce, 0x24, 0x47, 0x3b, 0x1b, 0xbf, 0xcf, 0x85, 0x37, 0x02, - 0x55, 0x9d, 0x0d, 0x94, 0x58, 0xe6, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x60, 0x7b, 0x66, 0x1a, 0x45, - 0x0d, 0x97, 0xca, 0x89, 0x50, 0x2f, 0x7d, 0x04, 0xcd, 0x34, 0xa8, 0xff, - 0xfc, 0xfd, 0x4b, 0x30, 0x3d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x01, 0x01, 0x04, 0x31, 0x30, 0x2f, 0x30, 0x2d, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x21, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x6c, 0x6f, - 0x62, 0x61, 0x6c, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x72, 0x6f, 0x6f, 0x74, 0x72, 0x31, 0x30, 0x33, 0x06, 0x03, 0x55, 0x1d, - 0x1f, 0x04, 0x2c, 0x30, 0x2a, 0x30, 0x28, 0xa0, 0x26, 0xa0, 0x24, 0x86, - 0x22, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, - 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x72, 0x6c, 0x30, - 0x56, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x0b, - 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xa0, 0x32, 0x01, 0x14, 0x30, - 0x3e, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01, 0x02, 0x02, 0x30, 0x34, 0x30, - 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, - 0x26, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, - 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x73, 0x69, 0x67, 0x6e, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, - 0x72, 0x79, 0x2f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xa2, - 0x1d, 0x69, 0x8a, 0x0a, 0x8e, 0xc4, 0x14, 0x83, 0x2a, 0x2a, 0x12, 0x4d, - 0x39, 0x27, 0x90, 0x4e, 0xf0, 0x8d, 0xac, 0xd2, 0x96, 0x62, 0x47, 0x36, - 0x5e, 0x92, 0xd1, 0xfa, 0xc5, 0x93, 0xb5, 0x37, 0x07, 0x65, 0x29, 0xd2, - 0xf4, 0x53, 0x50, 0x6b, 0xc9, 0xf4, 0xfe, 0x34, 0xf5, 0xdd, 0xb8, 0x1d, - 0xfa, 0xfc, 0xdc, 0x14, 0xac, 0x56, 0x94, 0x27, 0x9c, 0x42, 0xaa, 0x04, - 0x4d, 0xb7, 0xed, 0x58, 0xd9, 0x99, 0xd2, 0x49, 0xe6, 0x20, 0x2f, 0xd3, - 0xa7, 0x77, 0xb8, 0x2a, 0x89, 0x1a, 0xef, 0xa7, 0xcf, 0x86, 0x2d, 0xd6, - 0x53, 0xe9, 0x0b, 0x93, 0x9c, 0x4e, 0xab, 0xd9, 0x45, 0xee, 0xa4, 0x84, - 0x85, 0xff, 0x34, 0xe4, 0x0e, 0xc0, 0xbb, 0xa5, 0xce, 0x5f, 0x95, 0x89, - 0x85, 0x70, 0xaa, 0xc1, 0x5d, 0xec, 0xcf, 0x2b, 0xd3, 0xd9, 0x83, 0xdf, - 0x03, 0xca, 0x81, 0xa7, 0x02, 0x32, 0xb7, 0x77, 0x61, 0x10, 0x25, 0x4e, - 0xd9, 0x74, 0xf3, 0xd9, 0x79, 0x82, 0xb5, 0x26, 0x70, 0xb4, 0x52, 0xbc, - 0x8f, 0x33, 0xd7, 0x8a, 0xae, 0x19, 0xd0, 0xfc, 0x92, 0xad, 0x2f, 0xba, - 0x3c, 0xa0, 0x48, 0x58, 0x47, 0x5e, 0xfd, 0x20, 0x56, 0x95, 0x20, 0xc1, - 0x72, 0x1d, 0xab, 0x66, 0x99, 0xa4, 0xd5, 0x78, 0x37, 0x48, 0x1b, 0x9f, - 0xb2, 0x4c, 0x37, 0x67, 0x7a, 0xfd, 0x42, 0xd2, 0xd3, 0x56, 0x9e, 0xd3, - 0x1d, 0x8e, 0xc4, 0x0c, 0x68, 0x96, 0xb6, 0x47, 0x51, 0x10, 0xf7, 0x7b, - 0xeb, 0x15, 0x09, 0x64, 0xf5, 0xf9, 0xf0, 0x63, 0x16, 0x2d, 0x3d, 0xdf, - 0x23, 0x42, 0x3a, 0x93, 0x63, 0xcc, 0xab, 0xaf, 0x4f, 0x57, 0x06, 0xc7, - 0xfe, 0x14, 0x55, 0x62, 0xce, 0x27, 0x11, 0x19, 0xe1, 0xf4, 0x42, 0xed, - 0x22, 0x30, 0x6b, 0x35, 0x1a, 0x4a, 0x05, 0x80, 0xa4, 0x65, 0xdf, 0xcc, - 0xcb, 0x6f, 0xd0, -} - -var certSet3Cert21 = []byte{ - 0x30, 0x82, 0x04, 0x90, 0x30, 0x82, 0x03, 0xf9, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x1b, 0x09, 0x3b, 0x78, 0x60, 0x96, 0xda, 0x37, 0xbb, - 0xa4, 0x51, 0x94, 0x46, 0xc8, 0x96, 0x78, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5f, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, - 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x2e, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x50, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, - 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x31, 0x31, 0x30, 0x38, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x31, 0x31, 0x30, 0x37, - 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x81, 0xca, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, - 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x3a, 0x30, - 0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x31, 0x28, 0x63, 0x29, 0x20, - 0x32, 0x30, 0x30, 0x36, 0x20, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, - 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, - 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, - 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x45, 0x30, - 0x43, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x3c, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, - 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, - 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x35, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xaf, 0x24, 0x08, 0x08, 0x29, 0x7a, 0x35, - 0x9e, 0x60, 0x0c, 0xaa, 0xe7, 0x4b, 0x3b, 0x4e, 0xdc, 0x7c, 0xbc, 0x3c, - 0x45, 0x1c, 0xbb, 0x2b, 0xe0, 0xfe, 0x29, 0x02, 0xf9, 0x57, 0x08, 0xa3, - 0x64, 0x85, 0x15, 0x27, 0xf5, 0xf1, 0xad, 0xc8, 0x31, 0x89, 0x5d, 0x22, - 0xe8, 0x2a, 0xaa, 0xa6, 0x42, 0xb3, 0x8f, 0xf8, 0xb9, 0x55, 0xb7, 0xb1, - 0xb7, 0x4b, 0xb3, 0xfe, 0x8f, 0x7e, 0x07, 0x57, 0xec, 0xef, 0x43, 0xdb, - 0x66, 0x62, 0x15, 0x61, 0xcf, 0x60, 0x0d, 0xa4, 0xd8, 0xde, 0xf8, 0xe0, - 0xc3, 0x62, 0x08, 0x3d, 0x54, 0x13, 0xeb, 0x49, 0xca, 0x59, 0x54, 0x85, - 0x26, 0xe5, 0x2b, 0x8f, 0x1b, 0x9f, 0xeb, 0xf5, 0xa1, 0x91, 0xc2, 0x33, - 0x49, 0xd8, 0x43, 0x63, 0x6a, 0x52, 0x4b, 0xd2, 0x8f, 0xe8, 0x70, 0x51, - 0x4d, 0xd1, 0x89, 0x69, 0x7b, 0xc7, 0x70, 0xf6, 0xb3, 0xdc, 0x12, 0x74, - 0xdb, 0x7b, 0x5d, 0x4b, 0x56, 0xd3, 0x96, 0xbf, 0x15, 0x77, 0xa1, 0xb0, - 0xf4, 0xa2, 0x25, 0xf2, 0xaf, 0x1c, 0x92, 0x67, 0x18, 0xe5, 0xf4, 0x06, - 0x04, 0xef, 0x90, 0xb9, 0xe4, 0x00, 0xe4, 0xdd, 0x3a, 0xb5, 0x19, 0xff, - 0x02, 0xba, 0xf4, 0x3c, 0xee, 0xe0, 0x8b, 0xeb, 0x37, 0x8b, 0xec, 0xf4, - 0xd7, 0xac, 0xf2, 0xf6, 0xf0, 0x3d, 0xaf, 0xdd, 0x75, 0x91, 0x33, 0x19, - 0x1d, 0x1c, 0x40, 0xcb, 0x74, 0x24, 0x19, 0x21, 0x93, 0xd9, 0x14, 0xfe, - 0xac, 0x2a, 0x52, 0xc7, 0x8f, 0xd5, 0x04, 0x49, 0xe4, 0x8d, 0x63, 0x47, - 0x88, 0x3c, 0x69, 0x83, 0xcb, 0xfe, 0x47, 0xbd, 0x2b, 0x7e, 0x4f, 0xc5, - 0x95, 0xae, 0x0e, 0x9d, 0xd4, 0xd1, 0x43, 0xc0, 0x67, 0x73, 0xe3, 0x14, - 0x08, 0x7e, 0xe5, 0x3f, 0x9f, 0x73, 0xb8, 0x33, 0x0a, 0xcf, 0x5d, 0x3f, - 0x34, 0x87, 0x96, 0x8a, 0xee, 0x53, 0xe8, 0x25, 0x15, 0x02, 0x03, 0x01, - 0x00, 0x01, 0xa3, 0x82, 0x01, 0x5b, 0x30, 0x82, 0x01, 0x57, 0x30, 0x0f, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, - 0x01, 0x01, 0xff, 0x30, 0x31, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2a, - 0x30, 0x28, 0x30, 0x26, 0xa0, 0x24, 0xa0, 0x22, 0x86, 0x20, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x76, 0x65, 0x72, - 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x63, - 0x61, 0x33, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x3d, - 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x36, 0x30, 0x34, 0x30, 0x32, 0x06, - 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x2a, 0x30, 0x28, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1c, 0x68, 0x74, 0x74, - 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x76, 0x65, 0x72, - 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, - 0x73, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0x7f, 0xd3, 0x65, 0xa7, 0xc2, 0xdd, 0xec, 0xbb, 0xf0, 0x30, 0x09, 0xf3, - 0x43, 0x39, 0xfa, 0x02, 0xaf, 0x33, 0x31, 0x33, 0x30, 0x6d, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0c, 0x04, 0x61, 0x30, 0x5f, - 0xa1, 0x5d, 0xa0, 0x5b, 0x30, 0x59, 0x30, 0x57, 0x30, 0x55, 0x16, 0x09, - 0x69, 0x6d, 0x61, 0x67, 0x65, 0x2f, 0x67, 0x69, 0x66, 0x30, 0x21, 0x30, - 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, - 0x8f, 0xe5, 0xd3, 0x1a, 0x86, 0xac, 0x8d, 0x8e, 0x6b, 0xc3, 0xcf, 0x80, - 0x6a, 0xd4, 0x48, 0x18, 0x2c, 0x7b, 0x19, 0x2e, 0x30, 0x25, 0x16, 0x23, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6c, 0x6f, 0x67, 0x6f, 0x2e, - 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x76, 0x73, 0x6c, 0x6f, 0x67, 0x6f, 0x2e, 0x67, 0x69, 0x66, 0x30, - 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, - 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, - 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, - 0xa3, 0xcd, 0x7d, 0x1e, 0xf7, 0xc7, 0x75, 0x8d, 0x48, 0xe7, 0x56, 0x34, - 0x4c, 0x00, 0x90, 0x75, 0xa9, 0x51, 0xa5, 0x56, 0xc1, 0x6d, 0xbc, 0xfe, - 0xf5, 0x53, 0x22, 0xe9, 0x98, 0xa2, 0xac, 0x9a, 0x7e, 0x70, 0x1e, 0xb3, - 0x8e, 0x3b, 0x45, 0xe3, 0x86, 0x95, 0x31, 0xda, 0x6d, 0x4c, 0xfb, 0x34, - 0x50, 0x80, 0x96, 0xcd, 0x24, 0xf2, 0x40, 0xdf, 0x04, 0x3f, 0xe2, 0x65, - 0xce, 0x34, 0x22, 0x61, 0x15, 0xea, 0x66, 0x70, 0x64, 0xd2, 0xf1, 0x6e, - 0xf3, 0xca, 0x18, 0x59, 0x6a, 0x41, 0x46, 0x7e, 0x82, 0xde, 0x19, 0xb0, - 0x70, 0x31, 0x56, 0x69, 0x0d, 0x0c, 0xe6, 0x1d, 0x9d, 0x71, 0x58, 0xdc, - 0xcc, 0xde, 0x62, 0xf5, 0xe1, 0x7a, 0x10, 0x02, 0xd8, 0x7a, 0xdc, 0x3b, - 0xfa, 0x57, 0xbd, 0xc9, 0xe9, 0x8f, 0x46, 0x21, 0x39, 0x9f, 0x51, 0x65, - 0x4c, 0x8e, 0x3a, 0xbe, 0x28, 0x41, 0x70, 0x1d, -} - -var certSet3Cert22 = []byte{ - 0x30, 0x82, 0x04, 0x92, 0x30, 0x82, 0x03, 0x7a, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x0a, 0x01, 0x41, 0x42, 0x00, 0x00, 0x01, 0x53, 0x85, - 0x73, 0x6a, 0x0b, 0x85, 0xec, 0xa7, 0x08, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3f, - 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1b, 0x44, - 0x69, 0x67, 0x69, 0x74, 0x61, 0x6c, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, - 0x74, 0x75, 0x72, 0x65, 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x43, - 0x6f, 0x2e, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x0e, 0x44, 0x53, 0x54, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, - 0x20, 0x58, 0x33, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x33, 0x31, - 0x37, 0x31, 0x36, 0x34, 0x30, 0x34, 0x36, 0x5a, 0x17, 0x0d, 0x32, 0x31, - 0x30, 0x33, 0x31, 0x37, 0x31, 0x36, 0x34, 0x30, 0x34, 0x36, 0x5a, 0x30, - 0x4a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0d, 0x4c, 0x65, 0x74, 0x27, 0x73, 0x20, 0x45, 0x6e, 0x63, 0x72, 0x79, - 0x70, 0x74, 0x31, 0x23, 0x30, 0x21, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x1a, 0x4c, 0x65, 0x74, 0x27, 0x73, 0x20, 0x45, 0x6e, 0x63, 0x72, 0x79, - 0x70, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x20, 0x58, 0x33, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, - 0x9c, 0xd3, 0x0c, 0xf0, 0x5a, 0xe5, 0x2e, 0x47, 0xb7, 0x72, 0x5d, 0x37, - 0x83, 0xb3, 0x68, 0x63, 0x30, 0xea, 0xd7, 0x35, 0x26, 0x19, 0x25, 0xe1, - 0xbd, 0xbe, 0x35, 0xf1, 0x70, 0x92, 0x2f, 0xb7, 0xb8, 0x4b, 0x41, 0x05, - 0xab, 0xa9, 0x9e, 0x35, 0x08, 0x58, 0xec, 0xb1, 0x2a, 0xc4, 0x68, 0x87, - 0x0b, 0xa3, 0xe3, 0x75, 0xe4, 0xe6, 0xf3, 0xa7, 0x62, 0x71, 0xba, 0x79, - 0x81, 0x60, 0x1f, 0xd7, 0x91, 0x9a, 0x9f, 0xf3, 0xd0, 0x78, 0x67, 0x71, - 0xc8, 0x69, 0x0e, 0x95, 0x91, 0xcf, 0xfe, 0xe6, 0x99, 0xe9, 0x60, 0x3c, - 0x48, 0xcc, 0x7e, 0xca, 0x4d, 0x77, 0x12, 0x24, 0x9d, 0x47, 0x1b, 0x5a, - 0xeb, 0xb9, 0xec, 0x1e, 0x37, 0x00, 0x1c, 0x9c, 0xac, 0x7b, 0xa7, 0x05, - 0xea, 0xce, 0x4a, 0xeb, 0xbd, 0x41, 0xe5, 0x36, 0x98, 0xb9, 0xcb, 0xfd, - 0x6d, 0x3c, 0x96, 0x68, 0xdf, 0x23, 0x2a, 0x42, 0x90, 0x0c, 0x86, 0x74, - 0x67, 0xc8, 0x7f, 0xa5, 0x9a, 0xb8, 0x52, 0x61, 0x14, 0x13, 0x3f, 0x65, - 0xe9, 0x82, 0x87, 0xcb, 0xdb, 0xfa, 0x0e, 0x56, 0xf6, 0x86, 0x89, 0xf3, - 0x85, 0x3f, 0x97, 0x86, 0xaf, 0xb0, 0xdc, 0x1a, 0xef, 0x6b, 0x0d, 0x95, - 0x16, 0x7d, 0xc4, 0x2b, 0xa0, 0x65, 0xb2, 0x99, 0x04, 0x36, 0x75, 0x80, - 0x6b, 0xac, 0x4a, 0xf3, 0x1b, 0x90, 0x49, 0x78, 0x2f, 0xa2, 0x96, 0x4f, - 0x2a, 0x20, 0x25, 0x29, 0x04, 0xc6, 0x74, 0xc0, 0xd0, 0x31, 0xcd, 0x8f, - 0x31, 0x38, 0x95, 0x16, 0xba, 0xa8, 0x33, 0xb8, 0x43, 0xf1, 0xb1, 0x1f, - 0xc3, 0x30, 0x7f, 0xa2, 0x79, 0x31, 0x13, 0x3d, 0x2d, 0x36, 0xf8, 0xe3, - 0xfc, 0xf2, 0x33, 0x6a, 0xb9, 0x39, 0x31, 0xc5, 0xaf, 0xc4, 0x8d, 0x0d, - 0x1d, 0x64, 0x16, 0x33, 0xaa, 0xfa, 0x84, 0x29, 0xb6, 0xd4, 0x0b, 0xc0, - 0xd8, 0x7d, 0xc3, 0x93, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, - 0x7d, 0x30, 0x82, 0x01, 0x79, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, - 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, - 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, - 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x7f, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x73, 0x30, 0x71, 0x30, 0x32, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x26, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x69, 0x73, 0x72, 0x67, 0x2e, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x69, 0x64, 0x2e, 0x6f, 0x63, 0x73, 0x70, 0x2e, - 0x69, 0x64, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, - 0x6d, 0x30, 0x3b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, - 0x02, 0x86, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x61, 0x70, - 0x70, 0x73, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x6f, 0x6f, 0x74, 0x73, 0x2f, 0x64, - 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x63, 0x61, 0x78, 0x33, 0x2e, 0x70, - 0x37, 0x63, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, - 0x16, 0x80, 0x14, 0xc4, 0xa7, 0xb1, 0xa4, 0x7b, 0x2c, 0x71, 0xfa, 0xdb, - 0xe1, 0x4b, 0x90, 0x75, 0xff, 0xc4, 0x15, 0x60, 0x85, 0x89, 0x10, 0x30, - 0x54, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x4d, 0x30, 0x4b, 0x30, 0x08, - 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01, 0x02, 0x01, 0x30, 0x3f, 0x06, 0x0b, - 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xdf, 0x13, 0x01, 0x01, 0x01, 0x30, - 0x30, 0x30, 0x2e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, - 0x01, 0x16, 0x22, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x70, - 0x73, 0x2e, 0x72, 0x6f, 0x6f, 0x74, 0x2d, 0x78, 0x31, 0x2e, 0x6c, 0x65, - 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2e, 0x6f, 0x72, - 0x67, 0x30, 0x3c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x35, 0x30, 0x33, - 0x30, 0x31, 0xa0, 0x2f, 0xa0, 0x2d, 0x86, 0x2b, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x44, 0x53, 0x54, - 0x52, 0x4f, 0x4f, 0x54, 0x43, 0x41, 0x58, 0x33, 0x43, 0x52, 0x4c, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, - 0x04, 0x14, 0xa8, 0x4a, 0x6a, 0x63, 0x04, 0x7d, 0xdd, 0xba, 0xe6, 0xd1, - 0x39, 0xb7, 0xa6, 0x45, 0x65, 0xef, 0xf3, 0xa8, 0xec, 0xa1, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xdd, 0x33, 0xd7, 0x11, 0xf3, 0x63, - 0x58, 0x38, 0xdd, 0x18, 0x15, 0xfb, 0x09, 0x55, 0xbe, 0x76, 0x56, 0xb9, - 0x70, 0x48, 0xa5, 0x69, 0x47, 0x27, 0x7b, 0xc2, 0x24, 0x08, 0x92, 0xf1, - 0x5a, 0x1f, 0x4a, 0x12, 0x29, 0x37, 0x24, 0x74, 0x51, 0x1c, 0x62, 0x68, - 0xb8, 0xcd, 0x95, 0x70, 0x67, 0xe5, 0xf7, 0xa4, 0xbc, 0x4e, 0x28, 0x51, - 0xcd, 0x9b, 0xe8, 0xae, 0x87, 0x9d, 0xea, 0xd8, 0xba, 0x5a, 0xa1, 0x01, - 0x9a, 0xdc, 0xf0, 0xdd, 0x6a, 0x1d, 0x6a, 0xd8, 0x3e, 0x57, 0x23, 0x9e, - 0xa6, 0x1e, 0x04, 0x62, 0x9a, 0xff, 0xd7, 0x05, 0xca, 0xb7, 0x1f, 0x3f, - 0xc0, 0x0a, 0x48, 0xbc, 0x94, 0xb0, 0xb6, 0x65, 0x62, 0xe0, 0xc1, 0x54, - 0xe5, 0xa3, 0x2a, 0xad, 0x20, 0xc4, 0xe9, 0xe6, 0xbb, 0xdc, 0xc8, 0xf6, - 0xb5, 0xc3, 0x32, 0xa3, 0x98, 0xcc, 0x77, 0xa8, 0xe6, 0x79, 0x65, 0x07, - 0x2b, 0xcb, 0x28, 0xfe, 0x3a, 0x16, 0x52, 0x81, 0xce, 0x52, 0x0c, 0x2e, - 0x5f, 0x83, 0xe8, 0xd5, 0x06, 0x33, 0xfb, 0x77, 0x6c, 0xce, 0x40, 0xea, - 0x32, 0x9e, 0x1f, 0x92, 0x5c, 0x41, 0xc1, 0x74, 0x6c, 0x5b, 0x5d, 0x0a, - 0x5f, 0x33, 0xcc, 0x4d, 0x9f, 0xac, 0x38, 0xf0, 0x2f, 0x7b, 0x2c, 0x62, - 0x9d, 0xd9, 0xa3, 0x91, 0x6f, 0x25, 0x1b, 0x2f, 0x90, 0xb1, 0x19, 0x46, - 0x3d, 0xf6, 0x7e, 0x1b, 0xa6, 0x7a, 0x87, 0xb9, 0xa3, 0x7a, 0x6d, 0x18, - 0xfa, 0x25, 0xa5, 0x91, 0x87, 0x15, 0xe0, 0xf2, 0x16, 0x2f, 0x58, 0xb0, - 0x06, 0x2f, 0x2c, 0x68, 0x26, 0xc6, 0x4b, 0x98, 0xcd, 0xda, 0x9f, 0x0c, - 0xf9, 0x7f, 0x90, 0xed, 0x43, 0x4a, 0x12, 0x44, 0x4e, 0x6f, 0x73, 0x7a, - 0x28, 0xea, 0xa4, 0xaa, 0x6e, 0x7b, 0x4c, 0x7d, 0x87, 0xdd, 0xe0, 0xc9, - 0x02, 0x44, 0xa7, 0x87, 0xaf, 0xc3, 0x34, 0x5b, 0xb4, 0x42, -} - -var certSet3Cert23 = []byte{ - 0x30, 0x82, 0x04, 0x92, 0x30, 0x82, 0x03, 0x7a, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x13, 0x06, 0x7f, 0x94, 0x4a, 0x2a, 0x27, 0xcd, 0xf3, 0xfa, - 0xc2, 0xae, 0x2b, 0x01, 0xf9, 0x08, 0xee, 0xb9, 0xc4, 0xc6, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x30, 0x81, 0x98, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31, - 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63, - 0x6f, 0x74, 0x74, 0x73, 0x64, 0x61, 0x6c, 0x65, 0x31, 0x25, 0x30, 0x23, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1c, 0x53, 0x74, 0x61, 0x72, 0x66, - 0x69, 0x65, 0x6c, 0x64, 0x20, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, - 0x6f, 0x67, 0x69, 0x65, 0x73, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, - 0x3b, 0x30, 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x53, 0x74, - 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x73, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x32, - 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x35, 0x32, 0x35, 0x31, 0x32, - 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x37, 0x31, 0x32, 0x33, - 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x39, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x06, 0x41, 0x6d, - 0x61, 0x7a, 0x6f, 0x6e, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x10, 0x41, 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x20, 0x52, 0x6f, - 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, - 0x82, 0x01, 0x01, 0x00, 0xb2, 0x78, 0x80, 0x71, 0xca, 0x78, 0xd5, 0xe3, - 0x71, 0xaf, 0x47, 0x80, 0x50, 0x74, 0x7d, 0x6e, 0xd8, 0xd7, 0x88, 0x76, - 0xf4, 0x99, 0x68, 0xf7, 0x58, 0x21, 0x60, 0xf9, 0x74, 0x84, 0x01, 0x2f, - 0xac, 0x02, 0x2d, 0x86, 0xd3, 0xa0, 0x43, 0x7a, 0x4e, 0xb2, 0xa4, 0xd0, - 0x36, 0xba, 0x01, 0xbe, 0x8d, 0xdb, 0x48, 0xc8, 0x07, 0x17, 0x36, 0x4c, - 0xf4, 0xee, 0x88, 0x23, 0xc7, 0x3e, 0xeb, 0x37, 0xf5, 0xb5, 0x19, 0xf8, - 0x49, 0x68, 0xb0, 0xde, 0xd7, 0xb9, 0x76, 0x38, 0x1d, 0x61, 0x9e, 0xa4, - 0xfe, 0x82, 0x36, 0xa5, 0xe5, 0x4a, 0x56, 0xe4, 0x45, 0xe1, 0xf9, 0xfd, - 0xb4, 0x16, 0xfa, 0x74, 0xda, 0x9c, 0x9b, 0x35, 0x39, 0x2f, 0xfa, 0xb0, - 0x20, 0x50, 0x06, 0x6c, 0x7a, 0xd0, 0x80, 0xb2, 0xa6, 0xf9, 0xaf, 0xec, - 0x47, 0x19, 0x8f, 0x50, 0x38, 0x07, 0xdc, 0xa2, 0x87, 0x39, 0x58, 0xf8, - 0xba, 0xd5, 0xa9, 0xf9, 0x48, 0x67, 0x30, 0x96, 0xee, 0x94, 0x78, 0x5e, - 0x6f, 0x89, 0xa3, 0x51, 0xc0, 0x30, 0x86, 0x66, 0xa1, 0x45, 0x66, 0xba, - 0x54, 0xeb, 0xa3, 0xc3, 0x91, 0xf9, 0x48, 0xdc, 0xff, 0xd1, 0xe8, 0x30, - 0x2d, 0x7d, 0x2d, 0x74, 0x70, 0x35, 0xd7, 0x88, 0x24, 0xf7, 0x9e, 0xc4, - 0x59, 0x6e, 0xbb, 0x73, 0x87, 0x17, 0xf2, 0x32, 0x46, 0x28, 0xb8, 0x43, - 0xfa, 0xb7, 0x1d, 0xaa, 0xca, 0xb4, 0xf2, 0x9f, 0x24, 0x0e, 0x2d, 0x4b, - 0xf7, 0x71, 0x5c, 0x5e, 0x69, 0xff, 0xea, 0x95, 0x02, 0xcb, 0x38, 0x8a, - 0xae, 0x50, 0x38, 0x6f, 0xdb, 0xfb, 0x2d, 0x62, 0x1b, 0xc5, 0xc7, 0x1e, - 0x54, 0xe1, 0x77, 0xe0, 0x67, 0xc8, 0x0f, 0x9c, 0x87, 0x23, 0xd6, 0x3f, - 0x40, 0x20, 0x7f, 0x20, 0x80, 0xc4, 0x80, 0x4c, 0x3e, 0x3b, 0x24, 0x26, - 0x8e, 0x04, 0xae, 0x6c, 0x9a, 0xc8, 0xaa, 0x0d, 0x02, 0x03, 0x01, 0x00, - 0x01, 0xa3, 0x82, 0x01, 0x31, 0x30, 0x82, 0x01, 0x2d, 0x30, 0x0f, 0x06, - 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, - 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, - 0x0e, 0x04, 0x16, 0x04, 0x14, 0x84, 0x18, 0xcc, 0x85, 0x34, 0xec, 0xbc, - 0x0c, 0x94, 0x94, 0x2e, 0x08, 0x59, 0x9c, 0xc7, 0xb2, 0x10, 0x4e, 0x0a, - 0x08, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, - 0x80, 0x14, 0x9c, 0x5f, 0x00, 0xdf, 0xaa, 0x01, 0xd7, 0x30, 0x2b, 0x38, - 0x88, 0xa2, 0xb8, 0x6d, 0x4a, 0x9c, 0xf2, 0x11, 0x91, 0x83, 0x30, 0x78, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x6c, - 0x30, 0x6a, 0x30, 0x2e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x01, 0x86, 0x22, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, - 0x63, 0x73, 0x70, 0x2e, 0x72, 0x6f, 0x6f, 0x74, 0x67, 0x32, 0x2e, 0x61, - 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, - 0x6f, 0x6d, 0x30, 0x38, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x02, 0x86, 0x2c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, - 0x72, 0x74, 0x2e, 0x72, 0x6f, 0x6f, 0x74, 0x67, 0x32, 0x2e, 0x61, 0x6d, - 0x61, 0x7a, 0x6f, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x72, 0x6f, 0x6f, 0x74, 0x67, 0x32, 0x2e, 0x63, 0x65, 0x72, - 0x30, 0x3d, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x36, 0x30, 0x34, 0x30, - 0x32, 0xa0, 0x30, 0xa0, 0x2e, 0x86, 0x2c, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x72, 0x6f, 0x6f, 0x74, 0x67, 0x32, - 0x2e, 0x61, 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x6f, 0x6f, 0x74, 0x67, 0x32, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x11, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x0a, - 0x30, 0x08, 0x30, 0x06, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x62, 0x37, 0x42, 0x5c, 0xbc, 0x10, - 0xb5, 0x3e, 0x8b, 0x2c, 0xe9, 0x0c, 0x9b, 0x6c, 0x45, 0xe2, 0x07, 0x00, - 0x7a, 0xf9, 0xc5, 0x58, 0x0b, 0xb9, 0x08, 0x8c, 0x3e, 0xed, 0xb3, 0x25, - 0x3c, 0xb5, 0x6f, 0x50, 0xe4, 0xcd, 0x35, 0x6a, 0xa7, 0x93, 0x34, 0x96, - 0x32, 0x21, 0xa9, 0x48, 0x44, 0xab, 0x9c, 0xed, 0x3d, 0xb4, 0xaa, 0x73, - 0x6d, 0xe4, 0x7f, 0x16, 0x80, 0x89, 0x6c, 0xcf, 0x28, 0x03, 0x18, 0x83, - 0x47, 0x79, 0xa3, 0x10, 0x7e, 0x30, 0x5b, 0xac, 0x3b, 0xb0, 0x60, 0xe0, - 0x77, 0xd4, 0x08, 0xa6, 0xe1, 0x1d, 0x7c, 0x5e, 0xc0, 0xbb, 0xf9, 0x9a, - 0x7b, 0x22, 0x9d, 0xa7, 0x00, 0x09, 0x7e, 0xac, 0x46, 0x17, 0x83, 0xdc, - 0x9c, 0x26, 0x57, 0x99, 0x30, 0x39, 0x62, 0x96, 0x8f, 0xed, 0xda, 0xde, - 0xaa, 0xc5, 0xcc, 0x1b, 0x3e, 0xca, 0x43, 0x68, 0x6c, 0x57, 0x16, 0xbc, - 0xd5, 0x0e, 0x20, 0x2e, 0xfe, 0xff, 0xc2, 0x6a, 0x5d, 0x2e, 0xa0, 0x4a, - 0x6d, 0x14, 0x58, 0x87, 0x94, 0xe6, 0x39, 0x31, 0x5f, 0x7c, 0x73, 0xcb, - 0x90, 0x88, 0x6a, 0x84, 0x11, 0x96, 0x27, 0xa6, 0xed, 0xd9, 0x81, 0x46, - 0xa6, 0x7e, 0xa3, 0x72, 0x00, 0x0a, 0x52, 0x3e, 0x83, 0x88, 0x07, 0x63, - 0x77, 0x89, 0x69, 0x17, 0x0f, 0x39, 0x85, 0xd2, 0xab, 0x08, 0x45, 0x4d, - 0xd0, 0x51, 0x3a, 0xfd, 0x5d, 0x5d, 0x37, 0x64, 0x4c, 0x7e, 0x30, 0xb2, - 0x55, 0x24, 0x42, 0x9d, 0x36, 0xb0, 0x5d, 0x9c, 0x17, 0x81, 0x61, 0xf1, - 0xca, 0xf9, 0x10, 0x02, 0x24, 0xab, 0xeb, 0x0d, 0x74, 0x91, 0x8d, 0x7b, - 0x45, 0x29, 0x50, 0x39, 0x88, 0xb2, 0xa6, 0x89, 0x35, 0x25, 0x1e, 0x14, - 0x6a, 0x47, 0x23, 0x31, 0x2f, 0x5c, 0x9a, 0xfa, 0xad, 0x9a, 0x0e, 0x62, - 0x51, 0xa4, 0x2a, 0xa9, 0xc4, 0xf9, 0x34, 0x9d, 0x21, 0x18, -} - -var certSet3Cert24 = []byte{ - 0x30, 0x82, 0x04, 0x94, 0x30, 0x82, 0x03, 0x7c, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x01, 0xfd, 0xa3, 0xeb, 0x6e, 0xca, 0x75, 0xc8, 0x88, - 0x43, 0x8b, 0x72, 0x4b, 0xcf, 0xbc, 0x91, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x61, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, - 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, - 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x10, 0x77, - 0x77, 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x17, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x47, - 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, - 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x30, 0x33, 0x30, 0x38, 0x31, - 0x32, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x33, - 0x30, 0x38, 0x31, 0x32, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x4d, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x44, - 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x31, - 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1e, 0x44, 0x69, - 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x48, 0x41, 0x32, 0x20, - 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xdc, 0xae, 0x58, 0x90, 0x4d, 0xc1, 0xc4, 0x30, 0x15, 0x90, 0x35, - 0x5b, 0x6e, 0x3c, 0x82, 0x15, 0xf5, 0x2c, 0x5c, 0xbd, 0xe3, 0xdb, 0xff, - 0x71, 0x43, 0xfa, 0x64, 0x25, 0x80, 0xd4, 0xee, 0x18, 0xa2, 0x4d, 0xf0, - 0x66, 0xd0, 0x0a, 0x73, 0x6e, 0x11, 0x98, 0x36, 0x17, 0x64, 0xaf, 0x37, - 0x9d, 0xfd, 0xfa, 0x41, 0x84, 0xaf, 0xc7, 0xaf, 0x8c, 0xfe, 0x1a, 0x73, - 0x4d, 0xcf, 0x33, 0x97, 0x90, 0xa2, 0x96, 0x87, 0x53, 0x83, 0x2b, 0xb9, - 0xa6, 0x75, 0x48, 0x2d, 0x1d, 0x56, 0x37, 0x7b, 0xda, 0x31, 0x32, 0x1a, - 0xd7, 0xac, 0xab, 0x06, 0xf4, 0xaa, 0x5d, 0x4b, 0xb7, 0x47, 0x46, 0xdd, - 0x2a, 0x93, 0xc3, 0x90, 0x2e, 0x79, 0x80, 0x80, 0xef, 0x13, 0x04, 0x6a, - 0x14, 0x3b, 0xb5, 0x9b, 0x92, 0xbe, 0xc2, 0x07, 0x65, 0x4e, 0xfc, 0xda, - 0xfc, 0xff, 0x7a, 0xae, 0xdc, 0x5c, 0x7e, 0x55, 0x31, 0x0c, 0xe8, 0x39, - 0x07, 0xa4, 0xd7, 0xbe, 0x2f, 0xd3, 0x0b, 0x6a, 0xd2, 0xb1, 0xdf, 0x5f, - 0xfe, 0x57, 0x74, 0x53, 0x3b, 0x35, 0x80, 0xdd, 0xae, 0x8e, 0x44, 0x98, - 0xb3, 0x9f, 0x0e, 0xd3, 0xda, 0xe0, 0xd7, 0xf4, 0x6b, 0x29, 0xab, 0x44, - 0xa7, 0x4b, 0x58, 0x84, 0x6d, 0x92, 0x4b, 0x81, 0xc3, 0xda, 0x73, 0x8b, - 0x12, 0x97, 0x48, 0x90, 0x04, 0x45, 0x75, 0x1a, 0xdd, 0x37, 0x31, 0x97, - 0x92, 0xe8, 0xcd, 0x54, 0x0d, 0x3b, 0xe4, 0xc1, 0x3f, 0x39, 0x5e, 0x2e, - 0xb8, 0xf3, 0x5c, 0x7e, 0x10, 0x8e, 0x86, 0x41, 0x00, 0x8d, 0x45, 0x66, - 0x47, 0xb0, 0xa1, 0x65, 0xce, 0xa0, 0xaa, 0x29, 0x09, 0x4e, 0xf3, 0x97, - 0xeb, 0xe8, 0x2e, 0xab, 0x0f, 0x72, 0xa7, 0x30, 0x0e, 0xfa, 0xc7, 0xf4, - 0xfd, 0x14, 0x77, 0xc3, 0xa4, 0x5b, 0x28, 0x57, 0xc2, 0xb3, 0xf9, 0x82, - 0xfd, 0xb7, 0x45, 0x58, 0x9b, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, - 0x01, 0x5a, 0x30, 0x82, 0x01, 0x56, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, - 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, - 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, - 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x34, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x28, 0x30, 0x26, 0x30, 0x24, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x18, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, - 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x7b, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x74, 0x30, 0x72, 0x30, - 0x37, 0xa0, 0x35, 0xa0, 0x33, 0x86, 0x31, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x33, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, - 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x44, 0x69, 0x67, 0x69, - 0x43, 0x65, 0x72, 0x74, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x52, 0x6f, - 0x6f, 0x74, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x37, 0xa0, 0x35, - 0xa0, 0x33, 0x86, 0x31, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, - 0x72, 0x6c, 0x34, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, - 0x74, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x52, 0x6f, 0x6f, 0x74, 0x43, - 0x41, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x3d, 0x06, 0x03, 0x55, 0x1d, 0x20, - 0x04, 0x36, 0x30, 0x34, 0x30, 0x32, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, - 0x30, 0x2a, 0x30, 0x28, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x02, 0x01, 0x16, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, - 0x77, 0x77, 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x50, 0x53, 0x30, 0x1d, 0x06, 0x03, - 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x0f, 0x80, 0x61, 0x1c, 0x82, - 0x31, 0x61, 0xd5, 0x2f, 0x28, 0xe7, 0x8d, 0x46, 0x38, 0xb4, 0x2c, 0xe1, - 0xc6, 0xd9, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, - 0x30, 0x16, 0x80, 0x14, 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, - 0x66, 0xf0, 0xa3, 0xe2, 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x23, 0x3e, 0xdf, 0x4b, - 0xd2, 0x31, 0x42, 0xa5, 0xb6, 0x7e, 0x42, 0x5c, 0x1a, 0x44, 0xcc, 0x69, - 0xd1, 0x68, 0xb4, 0x5d, 0x4b, 0xe0, 0x04, 0x21, 0x6c, 0x4b, 0xe2, 0x6d, - 0xcc, 0xb1, 0xe0, 0x97, 0x8f, 0xa6, 0x53, 0x09, 0xcd, 0xaa, 0x2a, 0x65, - 0xe5, 0x39, 0x4f, 0x1e, 0x83, 0xa5, 0x6e, 0x5c, 0x98, 0xa2, 0x24, 0x26, - 0xe6, 0xfb, 0xa1, 0xed, 0x93, 0xc7, 0x2e, 0x02, 0xc6, 0x4d, 0x4a, 0xbf, - 0xb0, 0x42, 0xdf, 0x78, 0xda, 0xb3, 0xa8, 0xf9, 0x6d, 0xff, 0x21, 0x85, - 0x53, 0x36, 0x60, 0x4c, 0x76, 0xce, 0xec, 0x38, 0xdc, 0xd6, 0x51, 0x80, - 0xf0, 0xc5, 0xd6, 0xe5, 0xd4, 0x4d, 0x27, 0x64, 0xab, 0x9b, 0xc7, 0x3e, - 0x71, 0xfb, 0x48, 0x97, 0xb8, 0x33, 0x6d, 0xc9, 0x13, 0x07, 0xee, 0x96, - 0xa2, 0x1b, 0x18, 0x15, 0xf6, 0x5c, 0x4c, 0x40, 0xed, 0xb3, 0xc2, 0xec, - 0xff, 0x71, 0xc1, 0xe3, 0x47, 0xff, 0xd4, 0xb9, 0x00, 0xb4, 0x37, 0x42, - 0xda, 0x20, 0xc9, 0xea, 0x6e, 0x8a, 0xee, 0x14, 0x06, 0xae, 0x7d, 0xa2, - 0x59, 0x98, 0x88, 0xa8, 0x1b, 0x6f, 0x2d, 0xf4, 0xf2, 0xc9, 0x14, 0x5f, - 0x26, 0xcf, 0x2c, 0x8d, 0x7e, 0xed, 0x37, 0xc0, 0xa9, 0xd5, 0x39, 0xb9, - 0x82, 0xbf, 0x19, 0x0c, 0xea, 0x34, 0xaf, 0x00, 0x21, 0x68, 0xf8, 0xad, - 0x73, 0xe2, 0xc9, 0x32, 0xda, 0x38, 0x25, 0x0b, 0x55, 0xd3, 0x9a, 0x1d, - 0xf0, 0x68, 0x86, 0xed, 0x2e, 0x41, 0x34, 0xef, 0x7c, 0xa5, 0x50, 0x1d, - 0xbf, 0x3a, 0xf9, 0xd3, 0xc1, 0x08, 0x0c, 0xe6, 0xed, 0x1e, 0x8a, 0x58, - 0x25, 0xe4, 0xb8, 0x77, 0xad, 0x2d, 0x6e, 0xf5, 0x52, 0xdd, 0xb4, 0x74, - 0x8f, 0xab, 0x49, 0x2e, 0x9d, 0x3b, 0x93, 0x34, 0x28, 0x1f, 0x78, 0xce, - 0x94, 0xea, 0xc7, 0xbd, 0xd3, 0xc9, 0x6d, 0x1c, 0xde, 0x5c, 0x32, 0xf3, -} - -var certSet3Cert25 = []byte{ - 0x30, 0x82, 0x04, 0xa0, 0x30, 0x82, 0x03, 0x88, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x03, 0x39, 0x14, 0x84, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x68, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1c, 0x53, - 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x54, 0x65, 0x63, - 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x69, 0x65, 0x73, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x29, 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, - 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x32, 0x20, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, - 0x34, 0x30, 0x31, 0x30, 0x31, 0x30, 0x37, 0x30, 0x30, 0x30, 0x30, 0x5a, - 0x17, 0x0d, 0x33, 0x31, 0x30, 0x35, 0x33, 0x30, 0x30, 0x37, 0x30, 0x30, - 0x30, 0x30, 0x5a, 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, - 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, - 0x61, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, - 0x53, 0x63, 0x6f, 0x74, 0x74, 0x73, 0x64, 0x61, 0x6c, 0x65, 0x31, 0x25, - 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1c, 0x53, 0x74, 0x61, - 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x54, 0x65, 0x63, 0x68, 0x6e, - 0x6f, 0x6c, 0x6f, 0x67, 0x69, 0x65, 0x73, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, - 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x52, 0x6f, - 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, - 0x01, 0x00, 0xbd, 0xed, 0xc1, 0x03, 0xfc, 0xf6, 0x8f, 0xfc, 0x02, 0xb1, - 0x6f, 0x5b, 0x9f, 0x48, 0xd9, 0x9d, 0x79, 0xe2, 0xa2, 0xb7, 0x03, 0x61, - 0x56, 0x18, 0xc3, 0x47, 0xb6, 0xd7, 0xca, 0x3d, 0x35, 0x2e, 0x89, 0x43, - 0xf7, 0xa1, 0x69, 0x9b, 0xde, 0x8a, 0x1a, 0xfd, 0x13, 0x20, 0x9c, 0xb4, - 0x49, 0x77, 0x32, 0x29, 0x56, 0xfd, 0xb9, 0xec, 0x8c, 0xdd, 0x22, 0xfa, - 0x72, 0xdc, 0x27, 0x61, 0x97, 0xee, 0xf6, 0x5a, 0x84, 0xec, 0x6e, 0x19, - 0xb9, 0x89, 0x2c, 0xdc, 0x84, 0x5b, 0xd5, 0x74, 0xfb, 0x6b, 0x5f, 0xc5, - 0x89, 0xa5, 0x10, 0x52, 0x89, 0x46, 0x55, 0xf4, 0xb8, 0x75, 0x1c, 0xe6, - 0x7f, 0xe4, 0x54, 0xae, 0x4b, 0xf8, 0x55, 0x72, 0x57, 0x02, 0x19, 0xf8, - 0x17, 0x71, 0x59, 0xeb, 0x1e, 0x28, 0x07, 0x74, 0xc5, 0x9d, 0x48, 0xbe, - 0x6c, 0xb4, 0xf4, 0xa4, 0xb0, 0xf3, 0x64, 0x37, 0x79, 0x92, 0xc0, 0xec, - 0x46, 0x5e, 0x7f, 0xe1, 0x6d, 0x53, 0x4c, 0x62, 0xaf, 0xcd, 0x1f, 0x0b, - 0x63, 0xbb, 0x3a, 0x9d, 0xfb, 0xfc, 0x79, 0x00, 0x98, 0x61, 0x74, 0xcf, - 0x26, 0x82, 0x40, 0x63, 0xf3, 0xb2, 0x72, 0x6a, 0x19, 0x0d, 0x99, 0xca, - 0xd4, 0x0e, 0x75, 0xcc, 0x37, 0xfb, 0x8b, 0x89, 0xc1, 0x59, 0xf1, 0x62, - 0x7f, 0x5f, 0xb3, 0x5f, 0x65, 0x30, 0xf8, 0xa7, 0xb7, 0x4d, 0x76, 0x5a, - 0x1e, 0x76, 0x5e, 0x34, 0xc0, 0xe8, 0x96, 0x56, 0x99, 0x8a, 0xb3, 0xf0, - 0x7f, 0xa4, 0xcd, 0xbd, 0xdc, 0x32, 0x31, 0x7c, 0x91, 0xcf, 0xe0, 0x5f, - 0x11, 0xf8, 0x6b, 0xaa, 0x49, 0x5c, 0xd1, 0x99, 0x94, 0xd1, 0xa2, 0xe3, - 0x63, 0x5b, 0x09, 0x76, 0xb5, 0x56, 0x62, 0xe1, 0x4b, 0x74, 0x1d, 0x96, - 0xd4, 0x26, 0xd4, 0x08, 0x04, 0x59, 0xd0, 0x98, 0x0e, 0x0e, 0xe6, 0xde, - 0xfc, 0xc3, 0xec, 0x1f, 0x90, 0xf1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, - 0x82, 0x01, 0x29, 0x30, 0x82, 0x01, 0x25, 0x30, 0x0f, 0x06, 0x03, 0x55, - 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, - 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, - 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, - 0x16, 0x04, 0x14, 0x7c, 0x0c, 0x32, 0x1f, 0xa7, 0xd9, 0x30, 0x7f, 0xc4, - 0x7d, 0x68, 0xa3, 0x62, 0xa8, 0xa1, 0xce, 0xab, 0x07, 0x5b, 0x27, 0x30, - 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, - 0xbf, 0x5f, 0xb7, 0xd1, 0xce, 0xdd, 0x1f, 0x86, 0xf4, 0x5b, 0x55, 0xac, - 0xdc, 0xd7, 0x10, 0xc2, 0x0e, 0xa9, 0x88, 0xe7, 0x30, 0x3a, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x2e, 0x30, 0x2c, - 0x30, 0x2a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, - 0x86, 0x1e, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, - 0x70, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x74, - 0x65, 0x63, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x30, 0x38, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x31, 0x30, 0x2f, 0x30, 0x2d, 0xa0, 0x2b, 0xa0, - 0x29, 0x86, 0x27, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, - 0x6c, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x74, - 0x65, 0x63, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x66, 0x72, 0x6f, - 0x6f, 0x74, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x4c, 0x06, 0x03, 0x55, 0x1d, - 0x20, 0x04, 0x45, 0x30, 0x43, 0x30, 0x41, 0x06, 0x04, 0x55, 0x1d, 0x20, - 0x00, 0x30, 0x39, 0x30, 0x37, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x02, 0x01, 0x16, 0x2b, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, - 0x2f, 0x63, 0x65, 0x72, 0x74, 0x73, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x66, - 0x69, 0x65, 0x6c, 0x64, 0x74, 0x65, 0x63, 0x68, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x85, 0x63, 0xc1, 0xd9, - 0xdd, 0xb9, 0xff, 0xa9, 0xbd, 0xa6, 0x19, 0xdc, 0xbf, 0x13, 0x3a, 0x11, - 0x38, 0x22, 0x54, 0xb1, 0xac, 0x05, 0x10, 0xfb, 0x7c, 0xb3, 0x96, 0x3f, - 0x31, 0x8b, 0x66, 0xff, 0x88, 0xf3, 0xe1, 0xbf, 0xfb, 0xc7, 0x1f, 0x00, - 0xff, 0x46, 0x6a, 0x8b, 0x61, 0x32, 0xc9, 0x01, 0x51, 0x76, 0xfb, 0x9a, - 0xc6, 0xfa, 0x20, 0x51, 0xc8, 0x46, 0xc4, 0x98, 0xd7, 0x79, 0xa3, 0xe3, - 0x04, 0x72, 0x3f, 0x8b, 0x4d, 0x34, 0x53, 0x67, 0xec, 0x33, 0x2c, 0x7b, - 0xe8, 0x94, 0x01, 0x28, 0x7c, 0x3a, 0x34, 0x5b, 0x02, 0x77, 0x16, 0x8d, - 0x40, 0x25, 0x33, 0xb0, 0xbc, 0x6c, 0x97, 0xd7, 0x05, 0x7a, 0xff, 0x8c, - 0x85, 0xce, 0x6f, 0xa0, 0x53, 0x00, 0x17, 0x6e, 0x1e, 0x6c, 0xbd, 0x22, - 0xd7, 0x0a, 0x88, 0x37, 0xf6, 0x7d, 0xeb, 0x99, 0x41, 0xef, 0x27, 0xcb, - 0x8c, 0x60, 0x6b, 0x4c, 0x01, 0x7e, 0x65, 0x50, 0x0b, 0x4f, 0xb8, 0x95, - 0x9a, 0x9a, 0x6e, 0x34, 0xfd, 0x73, 0x3a, 0x33, 0xf1, 0x91, 0xd5, 0xf3, - 0x4e, 0x2d, 0x74, 0xe8, 0xef, 0xd3, 0x90, 0x35, 0xf1, 0x06, 0x68, 0x64, - 0xd4, 0xd0, 0x13, 0xfd, 0x52, 0xd3, 0xc6, 0x6d, 0xc1, 0x3a, 0x8a, 0x31, - 0xdd, 0x05, 0x26, 0x35, 0x4a, 0x8c, 0x65, 0xb8, 0x52, 0x6b, 0x81, 0xec, - 0xd2, 0x9c, 0xb5, 0x34, 0x10, 0x97, 0x9c, 0x3e, 0xc6, 0x2f, 0xed, 0x8e, - 0x42, 0x42, 0x24, 0x2e, 0xe9, 0x73, 0x9a, 0x25, 0xf9, 0x11, 0xf1, 0xf2, - 0x23, 0x69, 0xcb, 0xe5, 0x94, 0x69, 0xa0, 0xd2, 0xdc, 0xb0, 0xfc, 0x44, - 0x89, 0xac, 0x17, 0xa8, 0xcc, 0xd5, 0x37, 0x77, 0x16, 0xc5, 0x80, 0xb9, - 0x0c, 0x8f, 0x57, 0x02, 0x55, 0x99, 0x85, 0x7b, 0x49, 0xf0, 0x2e, 0x5b, - 0xa0, 0xc2, 0x57, 0x53, 0x5d, 0xa2, 0xe8, 0xa6, 0x37, 0xc3, 0x01, 0xfa, -} - -var certSet3Cert26 = []byte{ - 0x30, 0x82, 0x04, 0xa6, 0x30, 0x82, 0x03, 0x8e, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x28, 0x1c, 0x89, 0x29, 0x66, 0x14, 0x43, 0x80, 0x42, - 0x63, 0x55, 0x3a, 0x32, 0x40, 0xae, 0xb3, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0x98, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x39, 0x30, 0x37, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x30, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x38, 0x20, 0x47, 0x65, - 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, - 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, - 0x79, 0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2d, - 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x50, 0x72, 0x69, - 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, 0x1e, 0x17, - 0x0d, 0x31, 0x35, 0x30, 0x36, 0x33, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, - 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x35, 0x30, 0x36, 0x32, 0x39, 0x32, 0x33, - 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x47, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, - 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x20, 0x30, 0x1e, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x17, 0x52, 0x61, 0x70, 0x69, 0x64, - 0x53, 0x53, 0x4c, 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x43, - 0x41, 0x20, 0x2d, 0x20, 0x47, 0x34, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, - 0x01, 0x01, 0x00, 0xc0, 0x9e, 0x3a, 0x0f, 0x9a, 0xb2, 0xba, 0xd3, 0xd2, - 0xdc, 0x15, 0xec, 0xd0, 0x30, 0x54, 0x59, 0x30, 0x4d, 0x40, 0x51, 0xae, - 0x42, 0x71, 0x71, 0xd2, 0x8d, 0x53, 0x73, 0x81, 0xfe, 0xb8, 0xe0, 0xc4, - 0x96, 0xc5, 0x8e, 0x7e, 0xc2, 0xf1, 0xb7, 0x63, 0x4a, 0xcf, 0xa7, 0x1e, - 0x3f, 0xa8, 0xe7, 0xce, 0x53, 0xa0, 0xfa, 0x2d, 0xf7, 0xd6, 0xe6, 0xce, - 0x70, 0x11, 0xa6, 0xee, 0xe1, 0x03, 0x52, 0xd2, 0x68, 0xde, 0x3d, 0x08, - 0x0d, 0x87, 0xfd, 0x1c, 0xd7, 0x0b, 0x97, 0x62, 0x6d, 0x82, 0x30, 0x76, - 0x1b, 0x47, 0x3a, 0xc4, 0xf7, 0xce, 0xed, 0x1d, 0x7c, 0x8c, 0xb7, 0x17, - 0x8e, 0x53, 0x80, 0x1e, 0x1d, 0x0f, 0x5d, 0x8c, 0xf9, 0x90, 0xe4, 0x04, - 0x1e, 0x02, 0x7e, 0xcb, 0xb0, 0x49, 0xef, 0xda, 0x52, 0x25, 0xfb, 0xfb, - 0x67, 0xed, 0xdd, 0x84, 0x74, 0x59, 0x84, 0x0e, 0xf3, 0xde, 0x70, 0x66, - 0x8d, 0xe4, 0x52, 0x38, 0xf7, 0x53, 0x5a, 0x37, 0x13, 0x67, 0x0b, 0x3e, - 0xbb, 0xa8, 0x58, 0xb7, 0x2e, 0xed, 0xff, 0xb7, 0x5e, 0x11, 0x73, 0xb9, - 0x77, 0x45, 0x52, 0x67, 0x46, 0xae, 0xc4, 0xdc, 0x24, 0x81, 0x89, 0x76, - 0x0a, 0xca, 0xa1, 0x6c, 0x66, 0x73, 0x04, 0x82, 0xaa, 0xf5, 0x70, 0x6c, - 0x5f, 0x1b, 0x9a, 0x00, 0x79, 0x46, 0xd6, 0x7f, 0x7a, 0x26, 0x17, 0x30, - 0xcf, 0x39, 0x4b, 0x2c, 0x74, 0xd9, 0x89, 0x44, 0x76, 0x10, 0xd0, 0xed, - 0xf7, 0x8b, 0xbb, 0x89, 0x05, 0x75, 0x4d, 0x0b, 0x0d, 0xb3, 0xda, 0xe9, - 0xbf, 0xf1, 0x6a, 0x7d, 0x2a, 0x11, 0xdb, 0x1e, 0x9f, 0x8c, 0xe3, 0xc4, - 0x06, 0x69, 0xe1, 0x1d, 0x88, 0x45, 0x39, 0xd1, 0x6e, 0x55, 0xd8, 0xaa, - 0xb7, 0x9b, 0x6f, 0xea, 0xf4, 0xde, 0xac, 0x17, 0x11, 0x92, 0x5d, 0x40, - 0x9b, 0x83, 0x7b, 0x9a, 0xe2, 0xf7, 0xa9, 0x02, 0x03, 0x01, 0x00, 0x01, - 0xa3, 0x82, 0x01, 0x3a, 0x30, 0x82, 0x01, 0x36, 0x30, 0x2e, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x22, 0x30, 0x20, - 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, - 0x86, 0x12, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x2e, 0x73, - 0x79, 0x6d, 0x63, 0x64, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x12, 0x06, 0x03, - 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, - 0xff, 0x02, 0x01, 0x00, 0x30, 0x49, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, - 0x42, 0x30, 0x40, 0x30, 0x3e, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01, 0x02, - 0x01, 0x30, 0x34, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x02, 0x01, 0x16, 0x26, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, - 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x36, 0x06, 0x03, 0x55, - 0x1d, 0x1f, 0x04, 0x2f, 0x30, 0x2d, 0x30, 0x2b, 0xa0, 0x29, 0xa0, 0x27, - 0x86, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x2e, 0x73, - 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x47, 0x65, 0x6f, - 0x54, 0x72, 0x75, 0x73, 0x74, 0x50, 0x43, 0x41, 0x2d, 0x47, 0x33, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, - 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, - 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, - 0x14, 0xf3, 0xb5, 0x56, 0x0c, 0xc4, 0x09, 0xb0, 0xb4, 0xcf, 0x1f, 0xaa, - 0xf9, 0xdd, 0x23, 0x56, 0xf0, 0x77, 0xe8, 0xa1, 0xf9, 0x30, 0x1f, 0x06, - 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xc4, 0x79, - 0xca, 0x8e, 0xa1, 0x4e, 0x03, 0x1d, 0x1c, 0xdc, 0x6b, 0xdb, 0x31, 0x5b, - 0x94, 0x3e, 0x3f, 0x30, 0x7f, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x01, 0x00, 0xc3, 0x7e, 0xd8, 0x83, 0x4b, 0x04, 0x4c, 0x55, 0x29, 0x2a, - 0x4f, 0x14, 0x9d, 0x9a, 0x6e, 0xde, 0x90, 0x70, 0xc1, 0xa4, 0x26, 0x4c, - 0x88, 0x8e, 0x78, 0x48, 0xef, 0xbd, 0x9c, 0xb0, 0xa0, 0xf5, 0xf0, 0x66, - 0xfc, 0xfe, 0x59, 0x26, 0xe1, 0x79, 0xef, 0xc8, 0xb7, 0x60, 0x64, 0xa8, - 0x8b, 0x47, 0xea, 0x2f, 0xe0, 0x83, 0x99, 0xda, 0x41, 0x19, 0xd7, 0xc5, - 0xbe, 0x05, 0xfa, 0xf2, 0x90, 0x11, 0xf0, 0x0a, 0xff, 0x6c, 0xdc, 0x05, - 0xb4, 0xd8, 0x06, 0x6f, 0xa4, 0x6f, 0x8d, 0xbe, 0x20, 0x2b, 0x54, 0xdb, - 0xf9, 0xa2, 0x45, 0x83, 0x9a, 0x1e, 0xa5, 0x21, 0x89, 0x35, 0x1d, 0x7c, - 0x20, 0x5c, 0x17, 0xfd, 0x04, 0x2e, 0x45, 0xd8, 0xb2, 0xc6, 0xf8, 0x42, - 0x99, 0xfc, 0x54, 0x08, 0x4e, 0x4b, 0x80, 0x5f, 0x39, 0x37, 0xba, 0x95, - 0x4e, 0xa6, 0x37, 0x0a, 0x9e, 0x93, 0x5e, 0x87, 0x5b, 0xe9, 0x90, 0xd6, - 0xa8, 0xb6, 0x65, 0x08, 0x8d, 0x61, 0x49, 0xeb, 0x83, 0x20, 0xa9, 0x5d, - 0x1b, 0x16, 0x60, 0x62, 0x6b, 0x2f, 0x54, 0xfb, 0x5a, 0x02, 0x0d, 0x7a, - 0x27, 0xe2, 0x4b, 0xe1, 0x05, 0x14, 0xc2, 0xe4, 0xe9, 0xf9, 0x70, 0xc0, - 0xd9, 0xf7, 0x34, 0x65, 0x0e, 0xa2, 0x91, 0x4b, 0xac, 0x28, 0xf2, 0xb7, - 0x08, 0x0f, 0x98, 0xca, 0xd7, 0x3e, 0x70, 0xb6, 0xc8, 0x0b, 0xf1, 0x8b, - 0x9c, 0x51, 0xf8, 0xc6, 0x10, 0x6c, 0xd2, 0x53, 0x4f, 0x62, 0x8c, 0x11, - 0x00, 0x3e, 0x88, 0xdf, 0xbf, 0xe6, 0xd2, 0xcc, 0x70, 0xbd, 0xed, 0x25, - 0x9c, 0xfb, 0xdd, 0x24, 0x0a, 0xbd, 0x59, 0x91, 0x4a, 0x42, 0x03, 0x38, - 0x12, 0x71, 0x32, 0x88, 0x76, 0xa0, 0x8e, 0x7c, 0xbb, 0x32, 0xef, 0x88, - 0x2a, 0x1b, 0xd4, 0x6a, 0x6f, 0x50, 0xb9, 0x52, 0x67, 0x8b, 0xab, 0x30, - 0xfa, 0x1f, 0xfd, 0xe3, 0x24, 0x9a, -} - -var certSet3Cert27 = []byte{ - 0x30, 0x82, 0x04, 0xa8, 0x30, 0x82, 0x03, 0x90, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x11, 0x00, 0xe4, 0x05, 0x47, 0x83, 0x0e, 0x0c, 0x64, 0x52, - 0x97, 0x6f, 0x7a, 0x35, 0x49, 0xc0, 0xdd, 0x48, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, - 0x7e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x50, 0x4c, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x19, 0x55, 0x6e, 0x69, 0x7a, 0x65, 0x74, 0x6f, 0x20, 0x54, 0x65, 0x63, - 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x69, 0x65, 0x73, 0x20, 0x53, 0x2e, - 0x41, 0x2e, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x1e, 0x43, 0x65, 0x72, 0x74, 0x75, 0x6d, 0x20, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x22, 0x30, 0x20, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x65, 0x72, 0x74, 0x75, 0x6d, - 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x20, 0x4e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, - 0x35, 0x30, 0x31, 0x32, 0x31, 0x31, 0x32, 0x30, 0x30, 0x30, 0x30, 0x5a, - 0x17, 0x0d, 0x32, 0x35, 0x30, 0x31, 0x31, 0x38, 0x31, 0x32, 0x30, 0x30, - 0x30, 0x30, 0x5a, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x52, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, - 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x59, 0x61, 0x6e, 0x64, 0x65, 0x78, 0x20, - 0x4c, 0x4c, 0x43, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x1e, 0x59, 0x61, 0x6e, 0x64, 0x65, 0x78, 0x20, 0x43, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x12, 0x30, 0x10, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x09, 0x59, 0x61, 0x6e, 0x64, 0x65, - 0x78, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xa6, 0x05, 0x24, 0x76, 0x61, 0xb9, 0x9e, 0x42, 0x60, 0x22, 0x63, - 0x85, 0x59, 0xe5, 0x9d, 0x88, 0x0d, 0xdf, 0xef, 0x21, 0x64, 0x5a, 0x26, - 0x94, 0x71, 0x3a, 0xa4, 0x7f, 0x2b, 0x53, 0xc3, 0xac, 0x7b, 0xba, 0x95, - 0x42, 0x6d, 0x6a, 0x5b, 0xd6, 0x7e, 0x78, 0x0c, 0x67, 0x40, 0x98, 0x2f, - 0x6a, 0x2d, 0xd0, 0xb7, 0x18, 0x3a, 0x7e, 0x99, 0x60, 0x01, 0xe5, 0x27, - 0xbf, 0xff, 0x49, 0xf5, 0xcd, 0xc4, 0x58, 0xc3, 0x4c, 0xe1, 0x70, 0xd5, - 0xfd, 0x08, 0xa8, 0x79, 0x95, 0x76, 0x1c, 0x0e, 0x05, 0x41, 0xfa, 0xbd, - 0x80, 0x38, 0x2a, 0x87, 0x4f, 0xc1, 0x67, 0x42, 0xaa, 0x17, 0xa6, 0xee, - 0xa7, 0x8c, 0x8e, 0xef, 0x2d, 0x7f, 0x7a, 0x1d, 0x05, 0x17, 0x8f, 0x7e, - 0x3b, 0x92, 0x35, 0xf5, 0x68, 0xed, 0x93, 0x03, 0x55, 0x23, 0x4f, 0x4b, - 0xa2, 0x00, 0x86, 0x65, 0x91, 0x0f, 0xeb, 0xf6, 0x3c, 0xd5, 0xdb, 0x6d, - 0x0e, 0xed, 0xe8, 0x7c, 0x3a, 0xc8, 0xba, 0xb7, 0x53, 0xc1, 0xa4, 0xd8, - 0x40, 0x02, 0xe5, 0xb5, 0xa2, 0xca, 0xbf, 0xda, 0x9c, 0x94, 0x0d, 0xfc, - 0xc5, 0x1c, 0x2a, 0x59, 0x88, 0x62, 0x57, 0x93, 0x2e, 0x11, 0xf0, 0x38, - 0x2c, 0x7a, 0x81, 0x2a, 0xf2, 0x25, 0x15, 0x17, 0x35, 0x70, 0x2c, 0x4b, - 0xf7, 0x23, 0x4c, 0x82, 0xef, 0x33, 0x9f, 0xc2, 0x9a, 0x0b, 0xa3, 0xe2, - 0x5d, 0x6b, 0x38, 0x77, 0xf9, 0x60, 0x33, 0xcf, 0x2e, 0x7b, 0x56, 0xb7, - 0x13, 0x93, 0x1f, 0x34, 0x97, 0x71, 0x99, 0x76, 0x02, 0x46, 0x35, 0x14, - 0x7c, 0xdc, 0xca, 0x48, 0x8a, 0x0a, 0x72, 0x4b, 0x78, 0x6d, 0x82, 0x34, - 0x96, 0x13, 0x45, 0xcf, 0x02, 0x2f, 0x50, 0x13, 0x39, 0x43, 0x89, 0xc0, - 0xe1, 0x74, 0xd7, 0x28, 0x71, 0x21, 0xe5, 0xaa, 0x97, 0x0e, 0xee, 0x46, - 0xec, 0x93, 0xf7, 0x23, 0x7d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, - 0x01, 0x3e, 0x30, 0x82, 0x01, 0x3a, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, - 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x37, 0x5c, - 0xe3, 0x19, 0xe0, 0xb2, 0x8e, 0xa1, 0xa8, 0x4e, 0xd2, 0xcf, 0xab, 0xd0, - 0xdc, 0xe3, 0x0b, 0x5c, 0x35, 0x4d, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x08, 0x76, 0xcd, 0xcb, 0x07, - 0xff, 0x24, 0xf6, 0xc5, 0xcd, 0xed, 0xbb, 0x90, 0xbc, 0xe2, 0x84, 0x37, - 0x46, 0x75, 0xf7, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, - 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x2f, 0x06, 0x03, 0x55, - 0x1d, 0x1f, 0x04, 0x28, 0x30, 0x26, 0x30, 0x24, 0xa0, 0x22, 0xa0, 0x20, - 0x86, 0x1e, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, - 0x2e, 0x63, 0x65, 0x72, 0x74, 0x75, 0x6d, 0x2e, 0x70, 0x6c, 0x2f, 0x63, - 0x74, 0x6e, 0x63, 0x61, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x6b, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x5f, 0x30, 0x5d, - 0x30, 0x28, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, - 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x73, 0x75, 0x62, - 0x63, 0x61, 0x2e, 0x6f, 0x63, 0x73, 0x70, 0x2d, 0x63, 0x65, 0x72, 0x74, - 0x75, 0x6d, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x31, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x25, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, - 0x79, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x75, 0x6d, 0x2e, 0x70, 0x6c, 0x2f, - 0x63, 0x74, 0x6e, 0x63, 0x61, 0x2e, 0x63, 0x65, 0x72, 0x30, 0x39, 0x06, - 0x03, 0x55, 0x1d, 0x20, 0x04, 0x32, 0x30, 0x30, 0x30, 0x2e, 0x06, 0x04, - 0x55, 0x1d, 0x20, 0x00, 0x30, 0x26, 0x30, 0x24, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x18, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x75, - 0x6d, 0x2e, 0x70, 0x6c, 0x2f, 0x43, 0x50, 0x53, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x02, 0x5e, 0x8e, 0x7b, 0xe0, 0x66, 0xa1, 0xc6, - 0xab, 0x8b, 0x18, 0x1f, 0x0e, 0xb9, 0xc4, 0xcd, 0x71, 0xdb, 0x44, 0x5c, - 0x03, 0x7d, 0x65, 0xea, 0xb8, 0x47, 0xb5, 0x1e, 0xce, 0x24, 0x70, 0xa0, - 0x7f, 0xd3, 0xdf, 0x66, 0x4b, 0x8c, 0x90, 0xe2, 0xa5, 0xed, 0x9b, 0x94, - 0x36, 0xb4, 0xa8, 0xbe, 0xf0, 0x74, 0x8c, 0x26, 0x92, 0x75, 0x9d, 0x56, - 0x50, 0x9e, 0xad, 0xd0, 0x1a, 0xa0, 0xdf, 0xa4, 0x14, 0x56, 0x10, 0x75, - 0x93, 0x7a, 0xc1, 0xf4, 0x53, 0xa0, 0x76, 0x74, 0x2c, 0x72, 0xba, 0xb5, - 0xd1, 0xc9, 0xe2, 0xdc, 0x46, 0x86, 0x3f, 0x1d, 0xf6, 0x33, 0x87, 0x59, - 0xec, 0x9c, 0xdc, 0x2d, 0x1e, 0x4d, 0x43, 0x1a, 0xce, 0xba, 0xd9, 0x87, - 0x7e, 0xe2, 0x47, 0x45, 0x72, 0x3d, 0x28, 0x03, 0xc9, 0x0a, 0x4d, 0xe0, - 0x57, 0xa3, 0x5e, 0x6e, 0x7e, 0xcc, 0x5a, 0xc8, 0xc4, 0x78, 0x01, 0x57, - 0x68, 0x7a, 0x38, 0x3b, 0x53, 0x36, 0xe7, 0x92, 0x6d, 0x8a, 0x2c, 0x2f, - 0xd7, 0x8b, 0xb6, 0x34, 0xa8, 0xd1, 0xb6, 0xf8, 0x5e, 0x3b, 0xab, 0xed, - 0xa5, 0x8f, 0x39, 0x6f, 0x45, 0xad, 0xcb, 0x63, 0xed, 0x6a, 0x64, 0xc9, - 0x10, 0xa7, 0x03, 0x08, 0x12, 0x53, 0xb1, 0x1c, 0xaf, 0xca, 0xf7, 0x53, - 0xfc, 0xd8, 0x29, 0x4b, 0x1b, 0xfb, 0x38, 0xcd, 0xc0, 0x63, 0xff, 0x5f, - 0xe4, 0xb9, 0x8d, 0x5e, 0xaa, 0x2b, 0xd2, 0xc3, 0x22, 0x35, 0x31, 0xf6, - 0x30, 0x0e, 0x53, 0x32, 0xf4, 0x93, 0xc5, 0x43, 0xcb, 0xc8, 0xf0, 0x15, - 0x56, 0x8f, 0x00, 0x19, 0x87, 0xca, 0x78, 0x22, 0x8d, 0xa0, 0x2e, 0xdb, - 0x2f, 0xa0, 0xc3, 0x7e, 0x29, 0x5d, 0x91, 0x25, 0x84, 0x1d, 0x1d, 0x39, - 0xab, 0x1b, 0xc5, 0xd6, 0x91, 0xfe, 0x69, 0x0e, 0x46, 0x80, 0xbc, 0x45, - 0x7b, 0x35, 0x53, 0x2a, 0xdf, 0x00, 0xb6, 0x77, -} - -var certSet3Cert28 = []byte{ - 0x30, 0x82, 0x04, 0xaf, 0x30, 0x82, 0x03, 0x97, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x5d, 0x72, 0xfb, 0x33, 0x76, 0x20, 0xf6, 0x4c, 0x72, - 0x80, 0xdb, 0xe9, 0x12, 0x81, 0xff, 0x6a, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xa9, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, - 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, 0x38, 0x30, 0x36, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, - 0x30, 0x36, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, - 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x16, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, - 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x30, 0x33, 0x31, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x31, - 0x30, 0x33, 0x30, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x44, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, - 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x15, 0x74, - 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x45, 0x56, 0x20, 0x53, 0x53, 0x4c, - 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xdd, 0xda, 0x94, 0x1e, 0x32, 0xb2, - 0x2e, 0xa0, 0x83, 0xc0, 0xa6, 0x7d, 0x5f, 0x65, 0x2d, 0xfd, 0x27, 0xb8, - 0x73, 0x0e, 0xf8, 0x0b, 0xa9, 0xd4, 0x56, 0x26, 0x69, 0x98, 0x67, 0x35, - 0x39, 0x64, 0x58, 0xce, 0x82, 0x6f, 0x98, 0x94, 0xd1, 0x8f, 0xe0, 0x90, - 0xd6, 0xed, 0x55, 0x4b, 0x98, 0x4b, 0xd7, 0x10, 0x59, 0x34, 0x02, 0x1b, - 0xe7, 0x51, 0x31, 0x51, 0xc4, 0x38, 0xc2, 0xbc, 0xdb, 0x03, 0x5c, 0xca, - 0xe1, 0x7c, 0xdc, 0x4f, 0x59, 0x97, 0xea, 0x07, 0x7f, 0x0f, 0x85, 0x3e, - 0x92, 0xea, 0xaa, 0xa7, 0xd9, 0xbe, 0x01, 0x41, 0xe4, 0x62, 0x56, 0x47, - 0x36, 0xbd, 0x57, 0x91, 0xe6, 0x21, 0xd3, 0xf8, 0x41, 0x0b, 0xd8, 0xba, - 0xe8, 0xed, 0x81, 0xad, 0x70, 0xc0, 0x8b, 0x6e, 0xf3, 0x89, 0x6e, 0x27, - 0x9e, 0xa6, 0xa6, 0x73, 0x59, 0xbb, 0x71, 0x00, 0xd4, 0x4f, 0x4b, 0x48, - 0xe9, 0xd5, 0xc9, 0x27, 0x36, 0x9c, 0x7c, 0x1c, 0x02, 0xaa, 0xac, 0xbd, - 0x3b, 0xd1, 0x53, 0x83, 0x6a, 0x1f, 0xe6, 0x08, 0x47, 0x33, 0xa7, 0xb1, - 0x9f, 0x02, 0xbe, 0x9b, 0x47, 0xed, 0x33, 0x04, 0xdc, 0x1c, 0x80, 0x27, - 0xd1, 0x4a, 0x33, 0xa0, 0x8c, 0xeb, 0x01, 0x47, 0xa1, 0x32, 0x90, 0x64, - 0x7b, 0xc4, 0xe0, 0x84, 0xc9, 0x32, 0xe9, 0xdd, 0x34, 0x1f, 0x8a, 0x68, - 0x67, 0xf3, 0xad, 0x10, 0x63, 0xeb, 0xee, 0x8a, 0x9a, 0xb1, 0x2a, 0x1b, - 0x26, 0x74, 0xa1, 0x2a, 0xb0, 0x8f, 0xfe, 0x52, 0x98, 0x46, 0x97, 0xcf, - 0xa3, 0x56, 0x1c, 0x6f, 0x6e, 0x99, 0x97, 0x8d, 0x26, 0x0e, 0xa9, 0xec, - 0xc2, 0x53, 0x70, 0xfc, 0x7a, 0xa5, 0x19, 0x49, 0xbd, 0xb5, 0x17, 0x82, - 0x55, 0xde, 0x97, 0xe0, 0x5d, 0x62, 0x84, 0x81, 0xf0, 0x70, 0xa8, 0x34, - 0x53, 0x4f, 0x14, 0xfd, 0x3d, 0x5d, 0x3d, 0x6f, 0xb9, 0x02, 0x03, 0x01, - 0x00, 0x01, 0xa3, 0x82, 0x01, 0x35, 0x30, 0x82, 0x01, 0x31, 0x30, 0x12, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, - 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x2f, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x23, - 0x30, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x01, 0x86, 0x13, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x74, - 0x32, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x30, - 0x3b, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x34, 0x30, 0x32, 0x30, 0x30, - 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x28, 0x30, 0x26, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, - 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x74, 0x68, - 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, 0x73, - 0x30, 0x32, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2b, 0x30, 0x29, 0x30, - 0x27, 0xa0, 0x25, 0xa0, 0x23, 0x86, 0x21, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x74, 0x31, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x50, 0x43, 0x41, - 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x29, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, - 0x22, 0x30, 0x20, 0xa4, 0x1e, 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, - 0x65, 0x63, 0x50, 0x4b, 0x49, 0x2d, 0x31, 0x2d, 0x35, 0x33, 0x36, 0x30, - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xf0, 0x70, - 0x51, 0xda, 0xd3, 0x2a, 0x91, 0x4f, 0x52, 0x77, 0xd7, 0x86, 0x77, 0x74, - 0x0f, 0xce, 0x71, 0x1a, 0x6c, 0x22, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7b, 0x5b, 0x45, 0xcf, 0xaf, - 0xce, 0xcb, 0x7a, 0xfd, 0x31, 0x92, 0x1a, 0x6a, 0xb6, 0xf3, 0x46, 0xeb, - 0x57, 0x48, 0x50, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xa1, - 0x2e, 0x94, 0x3e, 0x9b, 0x16, 0xf4, 0x58, 0x1a, 0x6f, 0xc1, 0xfa, 0xc1, - 0x7e, 0x43, 0x93, 0xb2, 0xc3, 0xf7, 0x89, 0xeb, 0x13, 0x62, 0x5d, 0xdd, - 0xcc, 0x61, 0x13, 0x2b, 0x1d, 0x4e, 0x88, 0x79, 0x11, 0x62, 0x14, 0x37, - 0x30, 0x46, 0xff, 0x89, 0x62, 0x10, 0x85, 0x2a, 0x87, 0x1e, 0xf8, 0xe2, - 0xaf, 0xfe, 0x93, 0x02, 0x93, 0xca, 0xf2, 0xe9, 0x46, 0x03, 0x6b, 0xa1, - 0x1a, 0xac, 0xd5, 0xf0, 0x80, 0x1b, 0x98, 0x6f, 0xb8, 0x3a, 0x50, 0xf8, - 0x54, 0x71, 0x06, 0x03, 0xe7, 0x84, 0xcc, 0x8e, 0x61, 0xd2, 0x5f, 0x4d, - 0x0c, 0x97, 0x02, 0x65, 0xb5, 0x8c, 0x26, 0xbc, 0x05, 0x98, 0xf4, 0xdc, - 0xc6, 0xaf, 0xe4, 0x57, 0x7f, 0xe3, 0xdc, 0xa1, 0xd7, 0x27, 0x47, 0x2a, - 0xe0, 0x2c, 0x3f, 0x09, 0x74, 0xdc, 0x5a, 0xe5, 0xb5, 0x7c, 0xfa, 0x82, - 0x9a, 0x15, 0xfa, 0x74, 0x2b, 0x84, 0x2e, 0x6b, 0xac, 0xef, 0x35, 0xa6, - 0x30, 0xfa, 0x47, 0x4a, 0xaa, 0x36, 0x44, 0xf6, 0x5a, 0x91, 0x07, 0xd3, - 0xe4, 0x4e, 0x97, 0x3f, 0xa6, 0x53, 0xd8, 0x29, 0x33, 0x32, 0x6f, 0x8b, - 0x3d, 0xb5, 0xa5, 0x0d, 0xe5, 0xe4, 0x8a, 0xe8, 0xf5, 0xc0, 0xfa, 0xaf, - 0xd8, 0x37, 0x28, 0x27, 0xc3, 0xed, 0x34, 0x31, 0xd9, 0x7c, 0xa6, 0xaf, - 0x4d, 0x12, 0x4f, 0xd0, 0x2b, 0x92, 0x9c, 0x69, 0x95, 0xf2, 0x28, 0xa6, - 0xfe, 0xa8, 0xc6, 0xe0, 0x2c, 0x4d, 0x36, 0xeb, 0x11, 0x34, 0xd6, 0xe1, - 0x81, 0x99, 0x9d, 0x41, 0xf2, 0xe7, 0xc5, 0x57, 0x05, 0x0e, 0x19, 0xca, - 0xaf, 0x42, 0x39, 0x1f, 0xa7, 0x27, 0x5e, 0xe0, 0x0a, 0x17, 0xb8, 0xae, - 0x47, 0xab, 0x92, 0xf1, 0x8a, 0x04, 0xdf, 0x30, 0xe0, 0xbb, 0x4f, 0x8a, - 0xf9, 0x1b, 0x88, 0x4f, 0x03, 0xb4, 0x25, 0x7a, 0x78, 0xde, 0x2e, 0x7d, - 0x29, 0xd1, 0x31, -} - -var certSet3Cert29 = []byte{ - 0x30, 0x82, 0x04, 0xb1, 0x30, 0x82, 0x03, 0x99, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x04, 0xe1, 0xe7, 0xa4, 0xdc, 0x5c, 0xf2, 0xf3, 0x6d, - 0xc0, 0x2b, 0x42, 0xb8, 0x5d, 0x15, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x6c, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, - 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, - 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x10, 0x77, - 0x77, 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x22, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x48, - 0x69, 0x67, 0x68, 0x20, 0x41, 0x73, 0x73, 0x75, 0x72, 0x61, 0x6e, 0x63, - 0x65, 0x20, 0x45, 0x56, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, - 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x30, 0x32, 0x32, 0x31, 0x32, - 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x31, 0x30, 0x32, - 0x32, 0x31, 0x32, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x70, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x44, 0x69, - 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x31, 0x19, - 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x10, 0x77, 0x77, 0x77, - 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, - 0x6d, 0x31, 0x2f, 0x30, 0x2d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x26, - 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x48, 0x41, - 0x32, 0x20, 0x48, 0x69, 0x67, 0x68, 0x20, 0x41, 0x73, 0x73, 0x75, 0x72, - 0x61, 0x6e, 0x63, 0x65, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, - 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb6, - 0xe0, 0x2f, 0xc2, 0x24, 0x06, 0xc8, 0x6d, 0x04, 0x5f, 0xd7, 0xef, 0x0a, - 0x64, 0x06, 0xb2, 0x7d, 0x22, 0x26, 0x65, 0x16, 0xae, 0x42, 0x40, 0x9b, - 0xce, 0xdc, 0x9f, 0x9f, 0x76, 0x07, 0x3e, 0xc3, 0x30, 0x55, 0x87, 0x19, - 0xb9, 0x4f, 0x94, 0x0e, 0x5a, 0x94, 0x1f, 0x55, 0x56, 0xb4, 0xc2, 0x02, - 0x2a, 0xaf, 0xd0, 0x98, 0xee, 0x0b, 0x40, 0xd7, 0xc4, 0xd0, 0x3b, 0x72, - 0xc8, 0x14, 0x9e, 0xef, 0x90, 0xb1, 0x11, 0xa9, 0xae, 0xd2, 0xc8, 0xb8, - 0x43, 0x3a, 0xd9, 0x0b, 0x0b, 0xd5, 0xd5, 0x95, 0xf5, 0x40, 0xaf, 0xc8, - 0x1d, 0xed, 0x4d, 0x9c, 0x5f, 0x57, 0xb7, 0x86, 0x50, 0x68, 0x99, 0xf5, - 0x8a, 0xda, 0xd2, 0xc7, 0x05, 0x1f, 0xa8, 0x97, 0xc9, 0xdc, 0xa4, 0xb1, - 0x82, 0x84, 0x2d, 0xc6, 0xad, 0xa5, 0x9c, 0xc7, 0x19, 0x82, 0xa6, 0x85, - 0x0f, 0x5e, 0x44, 0x58, 0x2a, 0x37, 0x8f, 0xfd, 0x35, 0xf1, 0x0b, 0x08, - 0x27, 0x32, 0x5a, 0xf5, 0xbb, 0x8b, 0x9e, 0xa4, 0xbd, 0x51, 0xd0, 0x27, - 0xe2, 0xdd, 0x3b, 0x42, 0x33, 0xa3, 0x05, 0x28, 0xc4, 0xbb, 0x28, 0xcc, - 0x9a, 0xac, 0x2b, 0x23, 0x0d, 0x78, 0xc6, 0x7b, 0xe6, 0x5e, 0x71, 0xb7, - 0x4a, 0x3e, 0x08, 0xfb, 0x81, 0xb7, 0x16, 0x16, 0xa1, 0x9d, 0x23, 0x12, - 0x4d, 0xe5, 0xd7, 0x92, 0x08, 0xac, 0x75, 0xa4, 0x9c, 0xba, 0xcd, 0x17, - 0xb2, 0x1e, 0x44, 0x35, 0x65, 0x7f, 0x53, 0x25, 0x39, 0xd1, 0x1c, 0x0a, - 0x9a, 0x63, 0x1b, 0x19, 0x92, 0x74, 0x68, 0x0a, 0x37, 0xc2, 0xc2, 0x52, - 0x48, 0xcb, 0x39, 0x5a, 0xa2, 0xb6, 0xe1, 0x5d, 0xc1, 0xdd, 0xa0, 0x20, - 0xb8, 0x21, 0xa2, 0x93, 0x26, 0x6f, 0x14, 0x4a, 0x21, 0x41, 0xc7, 0xed, - 0x6d, 0x9b, 0xf2, 0x48, 0x2f, 0xf3, 0x03, 0xf5, 0xa2, 0x68, 0x92, 0x53, - 0x2f, 0x5e, 0xe3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x49, - 0x30, 0x82, 0x01, 0x45, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, - 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, - 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, - 0x03, 0x02, 0x01, 0x86, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, - 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, - 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, - 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, - 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, - 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x4b, 0x06, 0x03, 0x55, 0x1d, 0x1f, - 0x04, 0x44, 0x30, 0x42, 0x30, 0x40, 0xa0, 0x3e, 0xa0, 0x3c, 0x86, 0x3a, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x34, 0x2e, - 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x48, 0x69, 0x67, - 0x68, 0x41, 0x73, 0x73, 0x75, 0x72, 0x61, 0x6e, 0x63, 0x65, 0x45, 0x56, - 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x3d, - 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x36, 0x30, 0x34, 0x30, 0x32, 0x06, - 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x2a, 0x30, 0x28, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1c, 0x68, 0x74, 0x74, - 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x64, 0x69, 0x67, - 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x50, - 0x53, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0x51, 0x68, 0xff, 0x90, 0xaf, 0x02, 0x07, 0x75, 0x3c, 0xcc, 0xd9, 0x65, - 0x64, 0x62, 0xa2, 0x12, 0xb8, 0x59, 0x72, 0x3b, 0x30, 0x1f, 0x06, 0x03, - 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb1, 0x3e, 0xc3, - 0x69, 0x03, 0xf8, 0xbf, 0x47, 0x01, 0xd4, 0x98, 0x26, 0x1a, 0x08, 0x02, - 0xef, 0x63, 0x64, 0x2b, 0xc3, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, - 0x00, 0x18, 0x8a, 0x95, 0x89, 0x03, 0xe6, 0x6d, 0xdf, 0x5c, 0xfc, 0x1d, - 0x68, 0xea, 0x4a, 0x8f, 0x83, 0xd6, 0x51, 0x2f, 0x8d, 0x6b, 0x44, 0x16, - 0x9e, 0xac, 0x63, 0xf5, 0xd2, 0x6e, 0x6c, 0x84, 0x99, 0x8b, 0xaa, 0x81, - 0x71, 0x84, 0x5b, 0xed, 0x34, 0x4e, 0xb0, 0xb7, 0x79, 0x92, 0x29, 0xcc, - 0x2d, 0x80, 0x6a, 0xf0, 0x8e, 0x20, 0xe1, 0x79, 0xa4, 0xfe, 0x03, 0x47, - 0x13, 0xea, 0xf5, 0x86, 0xca, 0x59, 0x71, 0x7d, 0xf4, 0x04, 0x96, 0x6b, - 0xd3, 0x59, 0x58, 0x3d, 0xfe, 0xd3, 0x31, 0x25, 0x5c, 0x18, 0x38, 0x84, - 0xa3, 0xe6, 0x9f, 0x82, 0xfd, 0x8c, 0x5b, 0x98, 0x31, 0x4e, 0xcd, 0x78, - 0x9e, 0x1a, 0xfd, 0x85, 0xcb, 0x49, 0xaa, 0xf2, 0x27, 0x8b, 0x99, 0x72, - 0xfc, 0x3e, 0xaa, 0xd5, 0x41, 0x0b, 0xda, 0xd5, 0x36, 0xa1, 0xbf, 0x1c, - 0x6e, 0x47, 0x49, 0x7f, 0x5e, 0xd9, 0x48, 0x7c, 0x03, 0xd9, 0xfd, 0x8b, - 0x49, 0xa0, 0x98, 0x26, 0x42, 0x40, 0xeb, 0xd6, 0x92, 0x11, 0xa4, 0x64, - 0x0a, 0x57, 0x54, 0xc4, 0xf5, 0x1d, 0xd6, 0x02, 0x5e, 0x6b, 0xac, 0xee, - 0xc4, 0x80, 0x9a, 0x12, 0x72, 0xfa, 0x56, 0x93, 0xd7, 0xff, 0xbf, 0x30, - 0x85, 0x06, 0x30, 0xbf, 0x0b, 0x7f, 0x4e, 0xff, 0x57, 0x05, 0x9d, 0x24, - 0xed, 0x85, 0xc3, 0x2b, 0xfb, 0xa6, 0x75, 0xa8, 0xac, 0x2d, 0x16, 0xef, - 0x7d, 0x79, 0x27, 0xb2, 0xeb, 0xc2, 0x9d, 0x0b, 0x07, 0xea, 0xaa, 0x85, - 0xd3, 0x01, 0xa3, 0x20, 0x28, 0x41, 0x59, 0x43, 0x28, 0xd2, 0x81, 0xe3, - 0xaa, 0xf6, 0xec, 0x7b, 0x3b, 0x77, 0xb6, 0x40, 0x62, 0x80, 0x05, 0x41, - 0x45, 0x01, 0xef, 0x17, 0x06, 0x3e, 0xde, 0xc0, 0x33, 0x9b, 0x67, 0xd3, - 0x61, 0x2e, 0x72, 0x87, 0xe4, 0x69, 0xfc, 0x12, 0x00, 0x57, 0x40, 0x1e, - 0x70, 0xf5, 0x1e, 0xc9, 0xb4, -} - -var certSet3Cert30 = []byte{ - 0x30, 0x82, 0x04, 0xb2, 0x30, 0x82, 0x03, 0x9a, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x16, 0x87, 0xd6, 0x88, 0x6d, 0xe2, 0x30, 0x06, 0x85, - 0x23, 0x3d, 0xbf, 0x11, 0xbf, 0x65, 0x97, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xa9, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, - 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, 0x38, 0x30, 0x36, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, - 0x30, 0x36, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, - 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x16, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, - 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x30, 0x33, 0x31, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x31, - 0x30, 0x33, 0x30, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x41, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, - 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x74, - 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, - 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, - 0x01, 0x00, 0xb2, 0xfc, 0x06, 0xfb, 0x04, 0x93, 0xd2, 0xea, 0x59, 0x20, - 0x3b, 0x44, 0x85, 0x97, 0x52, 0x39, 0xe7, 0x10, 0xf0, 0x7a, 0xe0, 0xb0, - 0x94, 0x40, 0xda, 0x46, 0xf8, 0x0c, 0x28, 0xbb, 0xb9, 0xce, 0x60, 0x38, - 0x3f, 0xd2, 0xd8, 0x11, 0x42, 0x1b, 0x91, 0xad, 0x49, 0xee, 0x8f, 0xc7, - 0xde, 0x6c, 0xde, 0x37, 0x6f, 0xfd, 0x8b, 0x20, 0x3c, 0x6d, 0xe7, 0x74, - 0xd3, 0xdc, 0xd5, 0x24, 0x88, 0x41, 0x80, 0x89, 0xee, 0x36, 0xbe, 0xc4, - 0xd5, 0xbe, 0x8d, 0x53, 0x13, 0xaa, 0xe4, 0xa5, 0xb8, 0x93, 0x0a, 0xbe, - 0xec, 0xda, 0xcd, 0x3c, 0xd4, 0x32, 0x56, 0xef, 0xd0, 0x4e, 0xa0, 0xb8, - 0x97, 0xbb, 0x39, 0x50, 0x1e, 0x6e, 0x65, 0xc3, 0xfd, 0xb2, 0xce, 0xe0, - 0x59, 0xa9, 0x48, 0x09, 0xc6, 0xfe, 0xbe, 0xae, 0xfc, 0x3e, 0x3b, 0x81, - 0x20, 0x97, 0x8b, 0x8f, 0x46, 0xdf, 0x60, 0x64, 0x07, 0x75, 0xbb, 0x1b, - 0x86, 0x38, 0x9f, 0x47, 0x7b, 0x34, 0xce, 0xa1, 0xd1, 0x97, 0xad, 0x76, - 0xd8, 0x9f, 0xb7, 0x26, 0xdb, 0x79, 0x80, 0x36, 0x48, 0xf2, 0xc5, 0x37, - 0xf8, 0xd9, 0x32, 0xae, 0x7c, 0xa4, 0x53, 0x81, 0xc7, 0x99, 0xa1, 0x54, - 0x38, 0x2f, 0x4f, 0x75, 0xa0, 0xbb, 0x5a, 0xa5, 0xbb, 0xcd, 0xac, 0x02, - 0x5b, 0x19, 0x02, 0xd5, 0x13, 0x18, 0xa7, 0xce, 0xac, 0x74, 0x55, 0x12, - 0x05, 0x8b, 0x9b, 0xa2, 0x95, 0x46, 0x64, 0x72, 0x38, 0xcd, 0x5a, 0x1b, - 0x3a, 0x16, 0xa7, 0xbe, 0x71, 0x99, 0x8c, 0x54, 0x03, 0xb8, 0x96, 0x6c, - 0x01, 0xd3, 0x3e, 0x06, 0x98, 0x3f, 0x21, 0x81, 0x3b, 0x02, 0x7e, 0x00, - 0x47, 0x53, 0x01, 0x1e, 0x0e, 0x46, 0x43, 0xfb, 0x4b, 0x2d, 0xdc, 0x0b, - 0x1a, 0xe8, 0x2f, 0x98, 0xf8, 0x7e, 0xd1, 0x99, 0xab, 0x13, 0x6c, 0xa4, - 0x17, 0xde, 0x6f, 0xf6, 0x15, 0xf5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, - 0x82, 0x01, 0x3b, 0x30, 0x82, 0x01, 0x37, 0x30, 0x12, 0x06, 0x03, 0x55, - 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, - 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, - 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x32, 0x06, 0x03, 0x55, - 0x1d, 0x1f, 0x04, 0x2b, 0x30, 0x29, 0x30, 0x27, 0xa0, 0x25, 0xa0, 0x23, - 0x86, 0x21, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x74, 0x31, 0x2e, - 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x54, 0x68, - 0x61, 0x77, 0x74, 0x65, 0x50, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, 0x30, - 0x2f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, - 0x23, 0x30, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x30, 0x01, 0x86, 0x13, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x74, 0x32, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x41, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3a, 0x30, 0x38, 0x30, - 0x36, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, 0x07, - 0x36, 0x30, 0x28, 0x30, 0x26, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, - 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x29, 0x06, 0x03, 0x55, - 0x1d, 0x11, 0x04, 0x22, 0x30, 0x20, 0xa4, 0x1e, 0x30, 0x1c, 0x31, 0x1a, - 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x53, 0x79, 0x6d, - 0x61, 0x6e, 0x74, 0x65, 0x63, 0x50, 0x4b, 0x49, 0x2d, 0x31, 0x2d, 0x35, - 0x33, 0x37, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, - 0x14, 0xc2, 0x4f, 0x48, 0x57, 0xfc, 0xd1, 0x4f, 0x9a, 0xc0, 0x5d, 0x38, - 0x7d, 0x0e, 0x05, 0xdb, 0xd9, 0x2e, 0xb5, 0x52, 0x60, 0x30, 0x1f, 0x06, - 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7b, 0x5b, - 0x45, 0xcf, 0xaf, 0xce, 0xcb, 0x7a, 0xfd, 0x31, 0x92, 0x1a, 0x6a, 0xb6, - 0xf3, 0x46, 0xeb, 0x57, 0x48, 0x50, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x01, 0x00, 0x8d, 0x06, 0xde, 0x43, 0xc9, 0x76, 0x02, 0xca, 0xd9, 0x23, - 0x97, 0x5e, 0xf3, 0x63, 0xd7, 0x7d, 0x44, 0xc2, 0x0f, 0x6b, 0x0a, 0xf5, - 0x07, 0xe5, 0x8b, 0xb8, 0xfa, 0xe0, 0xa3, 0xfa, 0x6b, 0x80, 0x92, 0xb5, - 0x03, 0x2c, 0xc5, 0x37, 0xe0, 0xc2, 0xe5, 0x95, 0xb5, 0x92, 0x70, 0x18, - 0x28, 0x42, 0x94, 0xee, 0x4b, 0x77, 0x6a, 0x01, 0x0f, 0x8b, 0x23, 0xec, - 0x56, 0x4d, 0xf4, 0x00, 0x69, 0xe5, 0x84, 0xc8, 0xe2, 0xea, 0xde, 0x5b, - 0x3e, 0xf6, 0x3c, 0x07, 0x3a, 0x94, 0xca, 0x6c, 0x27, 0xb1, 0xcc, 0x83, - 0x1a, 0x60, 0x71, 0x27, 0xd2, 0xbf, 0x02, 0xf5, 0x1e, 0x44, 0xd3, 0x48, - 0xd5, 0xa6, 0xd3, 0x76, 0x21, 0x00, 0x9c, 0xfa, 0x98, 0x64, 0xeb, 0x17, - 0x36, 0x3f, 0xeb, 0x1b, 0x3c, 0x3e, 0xa6, 0xb1, 0xd9, 0x58, 0x06, 0x0e, - 0x72, 0xd9, 0x68, 0xbe, 0xf1, 0xa7, 0x20, 0xd7, 0x52, 0xe4, 0xa4, 0x77, - 0x1f, 0x71, 0x70, 0x9d, 0x55, 0x35, 0x85, 0x37, 0xe1, 0x1d, 0x4d, 0x94, - 0xc2, 0x70, 0x7f, 0x95, 0x40, 0x6e, 0x4b, 0x7d, 0xb2, 0xb4, 0x29, 0x2a, - 0x03, 0x79, 0xc8, 0xb9, 0x4c, 0x67, 0x61, 0x04, 0xa0, 0x8b, 0x27, 0xff, - 0x59, 0x00, 0xeb, 0x55, 0x7f, 0xc6, 0xb7, 0x33, 0x35, 0x2d, 0x5e, 0x4e, - 0xac, 0xb8, 0xea, 0x12, 0xc5, 0xe8, 0xf7, 0xb9, 0xab, 0xbe, 0x74, 0x92, - 0x2c, 0xb7, 0xd9, 0x4d, 0xca, 0x84, 0x2f, 0x1c, 0xc2, 0xf0, 0x72, 0x7c, - 0xb2, 0x31, 0x6e, 0xcf, 0x80, 0xe5, 0x88, 0x07, 0x36, 0x51, 0x7b, 0xba, - 0x61, 0xaf, 0x6d, 0x8d, 0x23, 0x5b, 0x34, 0xa3, 0x95, 0xbc, 0xa2, 0x31, - 0x7f, 0xf2, 0xf5, 0xe7, 0xb7, 0xe8, 0xef, 0xc4, 0xb5, 0x27, 0x32, 0xe9, - 0xf7, 0x9e, 0x69, 0xc7, 0x2b, 0xe8, 0xbe, 0xbb, 0x0c, 0xaa, 0xe7, 0xea, - 0x60, 0x12, 0xea, 0x26, 0x8a, 0x78, -} - -var certSet3Cert31 = []byte{ - 0x30, 0x82, 0x04, 0xb4, 0x30, 0x82, 0x03, 0x9c, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x11, 0x00, 0x93, 0x92, 0x85, 0x40, 0x01, 0x65, 0x71, 0x5f, - 0x94, 0x7f, 0x28, 0x8f, 0xef, 0xc9, 0x9b, 0x28, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, - 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x50, 0x4c, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x12, 0x55, 0x6e, 0x69, 0x7a, 0x65, 0x74, 0x6f, 0x20, 0x53, 0x70, 0x2e, - 0x20, 0x7a, 0x20, 0x6f, 0x2e, 0x6f, 0x2e, 0x31, 0x12, 0x30, 0x10, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x09, 0x43, 0x65, 0x72, 0x74, 0x75, 0x6d, - 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x31, 0x30, 0x32, - 0x32, 0x31, 0x32, 0x30, 0x37, 0x33, 0x37, 0x5a, 0x17, 0x0d, 0x32, 0x37, - 0x30, 0x36, 0x31, 0x30, 0x31, 0x30, 0x34, 0x36, 0x33, 0x39, 0x5a, 0x30, - 0x7e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x50, 0x4c, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x19, 0x55, 0x6e, 0x69, 0x7a, 0x65, 0x74, 0x6f, 0x20, 0x54, 0x65, 0x63, - 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x69, 0x65, 0x73, 0x20, 0x53, 0x2e, - 0x41, 0x2e, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x1e, 0x43, 0x65, 0x72, 0x74, 0x75, 0x6d, 0x20, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x22, 0x30, 0x20, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x65, 0x72, 0x74, 0x75, 0x6d, - 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x20, 0x4e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, - 0x82, 0x01, 0x01, 0x00, 0xe3, 0xfb, 0x7d, 0xa3, 0x72, 0xba, 0xc2, 0xf0, - 0xc9, 0x14, 0x87, 0xf5, 0x6b, 0x01, 0x4e, 0xe1, 0x6e, 0x40, 0x07, 0xba, - 0x6d, 0x27, 0x5d, 0x7f, 0xf7, 0x5b, 0x2d, 0xb3, 0x5a, 0xc7, 0x51, 0x5f, - 0xab, 0xa4, 0x32, 0xa6, 0x61, 0x87, 0xb6, 0x6e, 0x0f, 0x86, 0xd2, 0x30, - 0x02, 0x97, 0xf8, 0xd7, 0x69, 0x57, 0xa1, 0x18, 0x39, 0x5d, 0x6a, 0x64, - 0x79, 0xc6, 0x01, 0x59, 0xac, 0x3c, 0x31, 0x4a, 0x38, 0x7c, 0xd2, 0x04, - 0xd2, 0x4b, 0x28, 0xe8, 0x20, 0x5f, 0x3b, 0x07, 0xa2, 0xcc, 0x4d, 0x73, - 0xdb, 0xf3, 0xae, 0x4f, 0xc7, 0x56, 0xd5, 0x5a, 0xa7, 0x96, 0x89, 0xfa, - 0xf3, 0xab, 0x68, 0xd4, 0x23, 0x86, 0x59, 0x27, 0xcf, 0x09, 0x27, 0xbc, - 0xac, 0x6e, 0x72, 0x83, 0x1c, 0x30, 0x72, 0xdf, 0xe0, 0xa2, 0xe9, 0xd2, - 0xe1, 0x74, 0x75, 0x19, 0xbd, 0x2a, 0x9e, 0x7b, 0x15, 0x54, 0x04, 0x1b, - 0xd7, 0x43, 0x39, 0xad, 0x55, 0x28, 0xc5, 0xe2, 0x1a, 0xbb, 0xf4, 0xc0, - 0xe4, 0xae, 0x38, 0x49, 0x33, 0xcc, 0x76, 0x85, 0x9f, 0x39, 0x45, 0xd2, - 0xa4, 0x9e, 0xf2, 0x12, 0x8c, 0x51, 0xf8, 0x7c, 0xe4, 0x2d, 0x7f, 0xf5, - 0xac, 0x5f, 0xeb, 0x16, 0x9f, 0xb1, 0x2d, 0xd1, 0xba, 0xcc, 0x91, 0x42, - 0x77, 0x4c, 0x25, 0xc9, 0x90, 0x38, 0x6f, 0xdb, 0xf0, 0xcc, 0xfb, 0x8e, - 0x1e, 0x97, 0x59, 0x3e, 0xd5, 0x60, 0x4e, 0xe6, 0x05, 0x28, 0xed, 0x49, - 0x79, 0x13, 0x4b, 0xba, 0x48, 0xdb, 0x2f, 0xf9, 0x72, 0xd3, 0x39, 0xca, - 0xfe, 0x1f, 0xd8, 0x34, 0x72, 0xf5, 0xb4, 0x40, 0xcf, 0x31, 0x01, 0xc3, - 0xec, 0xde, 0x11, 0x2d, 0x17, 0x5d, 0x1f, 0xb8, 0x50, 0xd1, 0x5e, 0x19, - 0xa7, 0x69, 0xde, 0x07, 0x33, 0x28, 0xca, 0x50, 0x95, 0xf9, 0xa7, 0x54, - 0xcb, 0x54, 0x86, 0x50, 0x45, 0xa9, 0xf9, 0x49, 0x02, 0x03, 0x01, 0x00, - 0x01, 0xa3, 0x82, 0x01, 0x6b, 0x30, 0x82, 0x01, 0x67, 0x30, 0x0f, 0x06, - 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, - 0x14, 0x08, 0x76, 0xcd, 0xcb, 0x07, 0xff, 0x24, 0xf6, 0xc5, 0xcd, 0xed, - 0xbb, 0x90, 0xbc, 0xe2, 0x84, 0x37, 0x46, 0x75, 0xf7, 0x30, 0x52, 0x06, - 0x03, 0x55, 0x1d, 0x23, 0x04, 0x4b, 0x30, 0x49, 0xa1, 0x42, 0xa4, 0x40, - 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x50, 0x4c, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x12, 0x55, 0x6e, 0x69, 0x7a, 0x65, 0x74, 0x6f, 0x20, 0x53, 0x70, - 0x2e, 0x20, 0x7a, 0x20, 0x6f, 0x2e, 0x6f, 0x2e, 0x31, 0x12, 0x30, 0x10, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x09, 0x43, 0x65, 0x72, 0x74, 0x75, - 0x6d, 0x20, 0x43, 0x41, 0x82, 0x03, 0x01, 0x00, 0x20, 0x30, 0x0e, 0x06, - 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, - 0x06, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x25, 0x30, 0x23, - 0x30, 0x21, 0xa0, 0x1f, 0xa0, 0x1d, 0x86, 0x1b, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x75, - 0x6d, 0x2e, 0x70, 0x6c, 0x2f, 0x63, 0x61, 0x2e, 0x63, 0x72, 0x6c, 0x30, - 0x68, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, - 0x5c, 0x30, 0x5a, 0x30, 0x28, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x30, 0x01, 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x73, 0x75, 0x62, 0x63, 0x61, 0x2e, 0x6f, 0x63, 0x73, 0x70, 0x2d, 0x63, - 0x65, 0x72, 0x74, 0x75, 0x6d, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x2e, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x22, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, - 0x74, 0x6f, 0x72, 0x79, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x75, 0x6d, 0x2e, - 0x70, 0x6c, 0x2f, 0x63, 0x61, 0x2e, 0x63, 0x65, 0x72, 0x30, 0x39, 0x06, - 0x03, 0x55, 0x1d, 0x20, 0x04, 0x32, 0x30, 0x30, 0x30, 0x2e, 0x06, 0x04, - 0x55, 0x1d, 0x20, 0x00, 0x30, 0x26, 0x30, 0x24, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x18, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x75, - 0x6d, 0x2e, 0x70, 0x6c, 0x2f, 0x43, 0x50, 0x53, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x8d, 0xe6, 0xfd, 0x40, 0x66, 0xa3, 0x4c, 0x9c, - 0xa7, 0xab, 0xa1, 0xda, 0x84, 0xdd, 0x1c, 0x30, 0x07, 0xe6, 0xdb, 0xc7, - 0x2d, 0xec, 0x83, 0xa1, 0x56, 0xe4, 0x1d, 0x3c, 0x26, 0xa1, 0xa5, 0x09, - 0x2b, 0xe8, 0x7d, 0x62, 0xbe, 0xb2, 0x75, 0x94, 0xdd, 0x08, 0xf2, 0x7f, - 0x28, 0x41, 0xe4, 0x80, 0x67, 0x02, 0x4e, 0x8a, 0x8f, 0xc3, 0x35, 0xd0, - 0xd5, 0xa9, 0x27, 0x28, 0xea, 0xd2, 0xf4, 0xab, 0x06, 0x86, 0x43, 0xae, - 0x8c, 0xe3, 0xf9, 0x88, 0x7d, 0xe0, 0xdb, 0xbd, 0x42, 0x81, 0x80, 0x02, - 0x12, 0x75, 0xb2, 0xe8, 0x17, 0x71, 0xab, 0x21, 0x95, 0x31, 0x46, 0x42, - 0x0d, 0x88, 0x10, 0x39, 0xd3, 0x6f, 0xec, 0x2f, 0x42, 0xea, 0x40, 0x53, - 0x62, 0xbf, 0xeb, 0xca, 0x78, 0x9e, 0xab, 0xa2, 0xd5, 0x2e, 0x05, 0xea, - 0x33, 0xab, 0xe9, 0xd6, 0x97, 0x94, 0x42, 0x5e, 0x04, 0xed, 0x2c, 0xed, - 0x6a, 0x9c, 0x7a, 0x95, 0x7d, 0x05, 0x2a, 0x05, 0x7f, 0x08, 0x5d, 0x66, - 0xad, 0x61, 0xd4, 0x76, 0xac, 0x75, 0x96, 0x97, 0x73, 0x63, 0xbd, 0x1a, - 0x41, 0x59, 0x29, 0xa5, 0x5e, 0x22, 0x83, 0xc3, 0x8b, 0x59, 0xfa, 0x9a, - 0xa2, 0xf6, 0xbd, 0x30, 0xbf, 0x72, 0x1d, 0x1c, 0x99, 0x86, 0x9c, 0xf2, - 0x85, 0x3c, 0x1d, 0xf7, 0x26, 0x96, 0x2f, 0x2e, 0xf9, 0x02, 0xb1, 0xb5, - 0xa9, 0x50, 0xe8, 0x38, 0xfa, 0x9b, 0x0a, 0x5e, 0xb4, 0x04, 0xc0, 0xce, - 0x4e, 0x39, 0x2c, 0xca, 0x0b, 0x5b, 0x62, 0xf0, 0x4d, 0x58, 0x50, 0x34, - 0x99, 0xe6, 0x9a, 0x2c, 0xd2, 0x90, 0xd7, 0x09, 0x81, 0xd6, 0xc0, 0xaa, - 0x5e, 0xce, 0xfe, 0xd2, 0xf7, 0xa1, 0xba, 0x4b, 0xd9, 0xd6, 0x86, 0x8e, - 0x19, 0x1f, 0xa6, 0x06, 0x47, 0x42, 0x72, 0xe0, 0x56, 0x0a, 0x00, 0x1c, - 0x78, 0xb9, 0x8d, 0xcc, 0x99, 0x04, 0x37, 0x49, -} - -var certSet3Cert32 = []byte{ - 0x30, 0x82, 0x04, 0xb5, 0x30, 0x82, 0x03, 0x9d, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x48, 0xe9, 0x94, 0x40, 0xd4, 0x36, 0x49, 0x1c, 0xb8, - 0xb8, 0x82, 0x3d, 0x09, 0x43, 0x94, 0xc7, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0x98, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x39, 0x30, 0x37, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x30, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x38, 0x20, 0x47, 0x65, - 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, - 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, - 0x79, 0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2d, - 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x50, 0x72, 0x69, - 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, 0x1e, 0x17, - 0x0d, 0x31, 0x34, 0x30, 0x36, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, - 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x36, 0x30, 0x39, 0x32, 0x33, - 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x47, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, - 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x20, 0x30, 0x1e, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x17, 0x52, 0x61, 0x70, 0x69, 0x64, - 0x53, 0x53, 0x4c, 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x43, - 0x41, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, - 0x01, 0x01, 0x00, 0xc4, 0x95, 0x63, 0x28, 0xd0, 0x4e, 0x30, 0x45, 0xaf, - 0x8b, 0x97, 0x34, 0x14, 0x45, 0xf8, 0x5c, 0x58, 0x4a, 0xfa, 0x33, 0x8e, - 0x6e, 0x9c, 0x60, 0xab, 0xf3, 0x86, 0xff, 0x34, 0x74, 0xb2, 0x2b, 0xbe, - 0xa1, 0x8c, 0xd5, 0xa2, 0xa3, 0x60, 0x7a, 0x40, 0xb9, 0xe1, 0xfc, 0x22, - 0xca, 0x67, 0xba, 0x60, 0xaa, 0xc7, 0x9a, 0xf9, 0x06, 0x7f, 0xee, 0xf7, - 0xba, 0x85, 0x05, 0xb0, 0x03, 0xff, 0x72, 0xae, 0x15, 0x41, 0x4a, 0x98, - 0x64, 0xd7, 0x17, 0x4b, 0x54, 0xef, 0x05, 0xc6, 0x98, 0x07, 0x93, 0x27, - 0x3e, 0x4f, 0xdc, 0x0f, 0xc6, 0x7b, 0x8b, 0xe7, 0xf3, 0x06, 0x5e, 0x8d, - 0xe8, 0xb4, 0xae, 0x29, 0xb4, 0x1e, 0x1e, 0x2d, 0x16, 0x90, 0xd3, 0xea, - 0xaa, 0xe7, 0x8c, 0x3b, 0x6d, 0xaf, 0x36, 0x59, 0xff, 0xc5, 0x0a, 0xfa, - 0xc7, 0x4c, 0xbd, 0x36, 0x8b, 0x64, 0xc4, 0x4a, 0xf5, 0xce, 0x33, 0xf9, - 0x07, 0xbe, 0x7f, 0x45, 0x90, 0xa8, 0x08, 0x14, 0xb0, 0xd0, 0xa5, 0x4f, - 0xdf, 0x82, 0x80, 0xda, 0x1b, 0xee, 0xc3, 0x13, 0xb0, 0x98, 0xf5, 0x0f, - 0xf9, 0x7e, 0x76, 0xb5, 0xe6, 0xb9, 0x5d, 0x68, 0xb9, 0x5c, 0x50, 0x90, - 0x89, 0xa4, 0x36, 0xb1, 0x70, 0x16, 0xea, 0xb1, 0x10, 0xb5, 0x6a, 0x76, - 0xdf, 0xe1, 0xbb, 0xfc, 0x78, 0xf2, 0x72, 0x99, 0xcf, 0xc9, 0xa2, 0xd4, - 0x73, 0x54, 0x77, 0xbf, 0xc0, 0x39, 0x77, 0xe5, 0xae, 0x12, 0xc5, 0x78, - 0x5a, 0x19, 0x45, 0xd4, 0x41, 0x19, 0xd3, 0x7c, 0xf5, 0x6f, 0x99, 0x6b, - 0xd7, 0x8b, 0xbc, 0x2d, 0x09, 0x9d, 0x4b, 0x10, 0x61, 0xc0, 0xda, 0x52, - 0xc3, 0xaf, 0x22, 0x43, 0xc6, 0xeb, 0x37, 0x7e, 0x63, 0x74, 0x30, 0x0d, - 0x6a, 0x71, 0x8e, 0xde, 0x5d, 0x5b, 0x8a, 0xc8, 0xc5, 0xd7, 0x9b, 0x29, - 0xe8, 0xae, 0xb6, 0x25, 0x61, 0x81, 0xeb, 0x02, 0x03, 0x01, 0x00, 0x01, - 0xa3, 0x82, 0x01, 0x49, 0x30, 0x82, 0x01, 0x45, 0x30, 0x2e, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x22, 0x30, 0x20, - 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, - 0x86, 0x12, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x67, 0x2e, 0x73, - 0x79, 0x6d, 0x63, 0x64, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x12, 0x06, 0x03, - 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, - 0xff, 0x02, 0x01, 0x00, 0x30, 0x4c, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, - 0x45, 0x30, 0x43, 0x30, 0x41, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, - 0xf8, 0x45, 0x01, 0x07, 0x36, 0x30, 0x33, 0x30, 0x31, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x36, - 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2f, 0x30, 0x2d, 0x30, 0x2b, 0xa0, - 0x29, 0xa0, 0x27, 0x86, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x67, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x50, 0x43, 0x41, 0x2d, - 0x47, 0x33, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x29, - 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x22, 0x30, 0x20, 0xa4, 0x1e, 0x30, - 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, - 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, 0x50, 0x4b, 0x49, 0x2d, - 0x31, 0x2d, 0x36, 0x39, 0x37, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, - 0x04, 0x16, 0x04, 0x14, 0x4c, 0xf4, 0xbf, 0xe8, 0x3b, 0xbe, 0xc2, 0x24, - 0xf3, 0x1b, 0x47, 0x3b, 0xb5, 0x6e, 0x48, 0x8e, 0x16, 0xab, 0xaf, 0x12, - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, - 0x14, 0xc4, 0x79, 0xca, 0x8e, 0xa1, 0x4e, 0x03, 0x1d, 0x1c, 0xdc, 0x6b, - 0xdb, 0x31, 0x5b, 0x94, 0x3e, 0x3f, 0x30, 0x7f, 0x2d, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x01, 0x00, 0x7a, 0x53, 0xb5, 0xde, 0xb6, 0xef, 0x52, - 0xa3, 0x5f, 0x8a, 0xf5, 0x89, 0xf1, 0x42, 0xcc, 0x5e, 0x46, 0x88, 0xae, - 0xa5, 0x08, 0x87, 0x51, 0xde, 0x0f, 0x0f, 0x02, 0xeb, 0x0c, 0x82, 0x78, - 0xe3, 0x73, 0x7d, 0x71, 0xbd, 0x43, 0xe9, 0xca, 0x8a, 0x3f, 0xe0, 0x25, - 0x92, 0x9b, 0x33, 0x33, 0x74, 0x49, 0x5e, 0x00, 0xd9, 0x73, 0x14, 0x1c, - 0x0b, 0x46, 0x76, 0x1c, 0x8a, 0x0d, 0x4d, 0x8c, 0x6c, 0x7e, 0x4b, 0xf7, - 0x60, 0xd8, 0x81, 0x78, 0xa0, 0x78, 0xd0, 0x25, 0x62, 0xab, 0x10, 0xca, - 0x22, 0xe8, 0x1c, 0x19, 0xdd, 0x52, 0x83, 0x64, 0x05, 0xe5, 0x87, 0x66, - 0xae, 0xe7, 0x7a, 0xa4, 0x3b, 0x3e, 0xd8, 0x70, 0x7a, 0x76, 0xa2, 0x67, - 0x39, 0xd4, 0xc9, 0xfa, 0xe5, 0xb7, 0x1e, 0x41, 0xe2, 0x09, 0x39, 0x88, - 0x1c, 0x18, 0x55, 0x0a, 0xc4, 0x41, 0xaf, 0xb2, 0xf3, 0xf3, 0x0f, 0x42, - 0x14, 0x61, 0x74, 0x81, 0xe3, 0xda, 0x87, 0x5a, 0x9a, 0x4d, 0x8b, 0xd3, - 0xc9, 0x8f, 0x89, 0x66, 0x13, 0x29, 0x11, 0xe4, 0xff, 0xe2, 0xdf, 0x8e, - 0x96, 0x0c, 0x5a, 0xa1, 0xaa, 0x6b, 0x9b, 0xfd, 0xfc, 0x03, 0x3b, 0x55, - 0x0d, 0xa6, 0xa2, 0x25, 0x48, 0x17, 0x1f, 0x42, 0xa8, 0xda, 0x6c, 0x7e, - 0x69, 0x6e, 0xa0, 0xdf, 0x67, 0xd2, 0x6d, 0xf4, 0x0e, 0x6a, 0x12, 0x79, - 0xf5, 0x7c, 0xc8, 0xa5, 0x32, 0x1c, 0xc4, 0x31, 0xb2, 0xe6, 0xbb, 0xa8, - 0x6b, 0x6a, 0xa2, 0x8a, 0x60, 0x69, 0xc0, 0x57, 0x7d, 0xb2, 0xf2, 0x31, - 0x0c, 0x98, 0x65, 0x32, 0xec, 0x08, 0x5a, 0xce, 0xc6, 0x98, 0xe9, 0x21, - 0x97, 0x3f, 0x2c, 0x79, 0x29, 0x03, 0xf5, 0xf6, 0x94, 0x2b, 0x53, 0x31, - 0xf3, 0x93, 0x68, 0x57, 0xe1, 0xd7, 0x4f, 0x3a, 0xd1, 0x61, 0xa1, 0x60, - 0xce, 0xb9, 0xab, 0x98, 0xae, 0x35, 0x54, 0x63, 0x8b, -} - -var certSet3Cert33 = []byte{ - 0x30, 0x82, 0x04, 0xb6, 0x30, 0x82, 0x03, 0x9e, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x0c, 0x79, 0xa9, 0x44, 0xb0, 0x8c, 0x11, 0x95, 0x20, - 0x92, 0x61, 0x5f, 0xe2, 0x6b, 0x1d, 0x83, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x6c, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, - 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, - 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x10, 0x77, - 0x77, 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x22, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x48, - 0x69, 0x67, 0x68, 0x20, 0x41, 0x73, 0x73, 0x75, 0x72, 0x61, 0x6e, 0x63, - 0x65, 0x20, 0x45, 0x56, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, - 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x30, 0x32, 0x32, 0x31, 0x32, - 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x31, 0x30, 0x32, - 0x32, 0x31, 0x32, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x75, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x44, 0x69, - 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x31, 0x19, - 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x10, 0x77, 0x77, 0x77, - 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, - 0x6d, 0x31, 0x34, 0x30, 0x32, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2b, - 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x48, 0x41, - 0x32, 0x20, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x20, 0x56, - 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, - 0x82, 0x01, 0x01, 0x00, 0xd7, 0x53, 0xa4, 0x04, 0x51, 0xf8, 0x99, 0xa6, - 0x16, 0x48, 0x4b, 0x67, 0x27, 0xaa, 0x93, 0x49, 0xd0, 0x39, 0xed, 0x0c, - 0xb0, 0xb0, 0x00, 0x87, 0xf1, 0x67, 0x28, 0x86, 0x85, 0x8c, 0x8e, 0x63, - 0xda, 0xbc, 0xb1, 0x40, 0x38, 0xe2, 0xd3, 0xf5, 0xec, 0xa5, 0x05, 0x18, - 0xb8, 0x3d, 0x3e, 0xc5, 0x99, 0x17, 0x32, 0xec, 0x18, 0x8c, 0xfa, 0xf1, - 0x0c, 0xa6, 0x64, 0x21, 0x85, 0xcb, 0x07, 0x10, 0x34, 0xb0, 0x52, 0x88, - 0x2b, 0x1f, 0x68, 0x9b, 0xd2, 0xb1, 0x8f, 0x12, 0xb0, 0xb3, 0xd2, 0xe7, - 0x88, 0x1f, 0x1f, 0xef, 0x38, 0x77, 0x54, 0x53, 0x5f, 0x80, 0x79, 0x3f, - 0x2e, 0x1a, 0xaa, 0xa8, 0x1e, 0x4b, 0x2b, 0x0d, 0xab, 0xb7, 0x63, 0xb9, - 0x35, 0xb7, 0x7d, 0x14, 0xbc, 0x59, 0x4b, 0xdf, 0x51, 0x4a, 0xd2, 0xa1, - 0xe2, 0x0c, 0xe2, 0x90, 0x82, 0x87, 0x6a, 0xae, 0xea, 0xd7, 0x64, 0xd6, - 0x98, 0x55, 0xe8, 0xfd, 0xaf, 0x1a, 0x50, 0x6c, 0x54, 0xbc, 0x11, 0xf2, - 0xfd, 0x4a, 0xf2, 0x9d, 0xbb, 0x7f, 0x0e, 0xf4, 0xd5, 0xbe, 0x8e, 0x16, - 0x89, 0x12, 0x55, 0xd8, 0xc0, 0x71, 0x34, 0xee, 0xf6, 0xdc, 0x2d, 0xec, - 0xc4, 0x87, 0x25, 0x86, 0x8d, 0xd8, 0x21, 0xe4, 0xb0, 0x4d, 0x0c, 0x89, - 0xdc, 0x39, 0x26, 0x17, 0xdd, 0xf6, 0xd7, 0x94, 0x85, 0xd8, 0x04, 0x21, - 0x70, 0x9d, 0x6f, 0x6f, 0xff, 0x5c, 0xba, 0x19, 0xe1, 0x45, 0xcb, 0x56, - 0x57, 0x28, 0x7e, 0x1c, 0x0d, 0x41, 0x57, 0xaa, 0xb7, 0xb8, 0x27, 0xbb, - 0xb1, 0xe4, 0xfa, 0x2a, 0xef, 0x21, 0x23, 0x75, 0x1a, 0xad, 0x2d, 0x9b, - 0x86, 0x35, 0x8c, 0x9c, 0x77, 0xb5, 0x73, 0xad, 0xd8, 0x94, 0x2d, 0xe4, - 0xf3, 0x0c, 0x9d, 0xee, 0xc1, 0x4e, 0x62, 0x7e, 0x17, 0xc0, 0x71, 0x9e, - 0x2c, 0xde, 0xf1, 0xf9, 0x10, 0x28, 0x19, 0x33, 0x02, 0x03, 0x01, 0x00, - 0x01, 0xa3, 0x82, 0x01, 0x49, 0x30, 0x82, 0x01, 0x45, 0x30, 0x12, 0x06, - 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, - 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, - 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x1d, 0x06, - 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x03, 0x02, 0x30, 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x01, 0x01, 0x04, 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x64, 0x69, - 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x4b, - 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x44, 0x30, 0x42, 0x30, 0x40, 0xa0, - 0x3e, 0xa0, 0x3c, 0x86, 0x3a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x63, 0x72, 0x6c, 0x34, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, - 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, - 0x72, 0x74, 0x48, 0x69, 0x67, 0x68, 0x41, 0x73, 0x73, 0x75, 0x72, 0x61, - 0x6e, 0x63, 0x65, 0x45, 0x56, 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x41, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x3d, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x36, - 0x30, 0x34, 0x30, 0x32, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x2a, - 0x30, 0x28, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, - 0x16, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, - 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x43, 0x50, 0x53, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, - 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3d, 0xd3, 0x50, 0xa5, 0xd6, 0xa0, 0xad, - 0xee, 0xf3, 0x4a, 0x60, 0x0a, 0x65, 0xd3, 0x21, 0xd4, 0xf8, 0xf8, 0xd6, - 0x0f, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, - 0x80, 0x14, 0xb1, 0x3e, 0xc3, 0x69, 0x03, 0xf8, 0xbf, 0x47, 0x01, 0xd4, - 0x98, 0x26, 0x1a, 0x08, 0x02, 0xef, 0x63, 0x64, 0x2b, 0xc3, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x9d, 0xb6, 0xd0, 0x90, 0x86, 0xe1, - 0x86, 0x02, 0xed, 0xc5, 0xa0, 0xf0, 0x34, 0x1c, 0x74, 0xc1, 0x8d, 0x76, - 0xcc, 0x86, 0x0a, 0xa8, 0xf0, 0x4a, 0x8a, 0x42, 0xd6, 0x3f, 0xc8, 0xa9, - 0x4d, 0xad, 0x7c, 0x08, 0xad, 0xe6, 0xb6, 0x50, 0xb8, 0xa2, 0x1a, 0x4d, - 0x88, 0x07, 0xb1, 0x29, 0x21, 0xdc, 0xe7, 0xda, 0xc6, 0x3c, 0x21, 0xe0, - 0xe3, 0x11, 0x49, 0x70, 0xac, 0x7a, 0x1d, 0x01, 0xa4, 0xca, 0x11, 0x3a, - 0x57, 0xab, 0x7d, 0x57, 0x2a, 0x40, 0x74, 0xfd, 0xd3, 0x1d, 0x85, 0x18, - 0x50, 0xdf, 0x57, 0x47, 0x75, 0xa1, 0x7d, 0x55, 0x20, 0x2e, 0x47, 0x37, - 0x50, 0x72, 0x8c, 0x7f, 0x82, 0x1b, 0xd2, 0x62, 0x8f, 0x2d, 0x03, 0x5a, - 0xda, 0xc3, 0xc8, 0xa1, 0xce, 0x2c, 0x52, 0xa2, 0x00, 0x63, 0xeb, 0x73, - 0xba, 0x71, 0xc8, 0x49, 0x27, 0x23, 0x97, 0x64, 0x85, 0x9e, 0x38, 0x0e, - 0xad, 0x63, 0x68, 0x3c, 0xba, 0x52, 0x81, 0x58, 0x79, 0xa3, 0x2c, 0x0c, - 0xdf, 0xde, 0x6d, 0xeb, 0x31, 0xf2, 0xba, 0xa0, 0x7c, 0x6c, 0xf1, 0x2c, - 0xd4, 0xe1, 0xbd, 0x77, 0x84, 0x37, 0x03, 0xce, 0x32, 0xb5, 0xc8, 0x9a, - 0x81, 0x1a, 0x4a, 0x92, 0x4e, 0x3b, 0x46, 0x9a, 0x85, 0xfe, 0x83, 0xa2, - 0xf9, 0x9e, 0x8c, 0xa3, 0xcc, 0x0d, 0x5e, 0xb3, 0x3d, 0xcf, 0x04, 0x78, - 0x8f, 0x14, 0x14, 0x7b, 0x32, 0x9c, 0xc7, 0x00, 0xa6, 0x5c, 0xc4, 0xb5, - 0xa1, 0x55, 0x8d, 0x5a, 0x56, 0x68, 0xa4, 0x22, 0x70, 0xaa, 0x3c, 0x81, - 0x71, 0xd9, 0x9d, 0xa8, 0x45, 0x3b, 0xf4, 0xe5, 0xf6, 0xa2, 0x51, 0xdd, - 0xc7, 0x7b, 0x62, 0xe8, 0x6f, 0x0c, 0x74, 0xeb, 0xb8, 0xda, 0xf8, 0xbf, - 0x87, 0x0d, 0x79, 0x50, 0x91, 0x90, 0x9b, 0x18, 0x3b, 0x91, 0x59, 0x27, - 0xf1, 0x35, 0x28, 0x13, 0xab, 0x26, 0x7e, 0xd5, 0xf7, 0x7a, -} - -var certSet3Cert34 = []byte{ - 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x03, 0xaa, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x36, 0x34, 0x9e, 0x18, 0xc9, 0x9c, 0x26, 0x69, 0xb6, - 0x56, 0x2e, 0x6c, 0xe5, 0xad, 0x71, 0x32, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, - 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, 0x38, 0x30, 0x36, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, - 0x30, 0x38, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, - 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x1b, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, - 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, 0x1e, 0x17, 0x0d, 0x31, - 0x33, 0x30, 0x35, 0x32, 0x33, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, - 0x17, 0x0d, 0x32, 0x33, 0x30, 0x35, 0x32, 0x32, 0x32, 0x33, 0x35, 0x39, - 0x35, 0x39, 0x5a, 0x30, 0x43, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, - 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, - 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x14, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x53, - 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa3, 0x63, 0x2b, - 0xd4, 0xba, 0x5d, 0x38, 0xae, 0xb0, 0xcf, 0xb9, 0x4c, 0x38, 0xdf, 0x20, - 0x7d, 0xf1, 0x2b, 0x47, 0x71, 0x1d, 0x8b, 0x68, 0xf3, 0x56, 0xf9, 0x9c, - 0xda, 0xaa, 0xe5, 0x84, 0x26, 0xde, 0xa5, 0x71, 0x30, 0xbc, 0xf3, 0x31, - 0x23, 0x9d, 0xe8, 0x3b, 0x80, 0xc8, 0x66, 0x57, 0x75, 0xb6, 0x57, 0x0e, - 0xdb, 0x93, 0xf5, 0x26, 0x8e, 0x70, 0xba, 0x64, 0x52, 0x66, 0x8a, 0x2a, - 0x88, 0x5c, 0x44, 0x18, 0x4d, 0xa8, 0xa2, 0x7c, 0xbd, 0x56, 0x61, 0x32, - 0x90, 0x12, 0xf9, 0x35, 0x87, 0x48, 0x60, 0xb0, 0x6e, 0x90, 0x67, 0x44, - 0x01, 0x8d, 0xe7, 0xc9, 0x0d, 0x63, 0x68, 0x72, 0x72, 0xab, 0x63, 0x3c, - 0x86, 0xb8, 0x1f, 0x7d, 0xad, 0x88, 0x25, 0xa7, 0x6a, 0x88, 0x29, 0xfb, - 0x59, 0xc6, 0x78, 0x71, 0x5f, 0x2c, 0xba, 0x89, 0xe6, 0xd3, 0x80, 0xfd, - 0x57, 0xec, 0xb9, 0x51, 0x5f, 0x43, 0x33, 0x2e, 0x7e, 0x25, 0x3b, 0xa4, - 0x04, 0xd1, 0x60, 0x8c, 0xb3, 0x44, 0x33, 0x93, 0x0c, 0xad, 0x2a, 0xb6, - 0x44, 0xa2, 0x19, 0x3b, 0xaf, 0xc4, 0x90, 0x6f, 0x7b, 0x05, 0x87, 0x86, - 0x9b, 0x2c, 0x6a, 0x9d, 0x2b, 0x6c, 0x77, 0xc9, 0x00, 0x9f, 0xc9, 0xcf, - 0xac, 0xed, 0x3e, 0x1b, 0xf7, 0xc3, 0xf3, 0xd9, 0xf8, 0x6c, 0xd4, 0xa0, - 0x57, 0xc4, 0xfb, 0x28, 0x32, 0xaa, 0x33, 0xf0, 0xe6, 0xba, 0x98, 0xdf, - 0xe5, 0xc2, 0x4e, 0x9c, 0x74, 0xbf, 0x8a, 0x48, 0xc2, 0xf2, 0x1b, 0xf0, - 0x77, 0x40, 0x41, 0x07, 0x04, 0xb2, 0x3a, 0xd5, 0x4c, 0xc4, 0x29, 0xa9, - 0x11, 0x40, 0x3f, 0x02, 0x46, 0xf0, 0x91, 0xd5, 0xd2, 0x81, 0x83, 0x86, - 0x13, 0xb3, 0x31, 0xed, 0x46, 0xab, 0xa8, 0x87, 0x76, 0xa9, 0x99, 0x7d, - 0xbc, 0xcd, 0x31, 0x50, 0xf4, 0xa5, 0xb5, 0xdc, 0xa5, 0x32, 0xb3, 0x8b, - 0x8b, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x44, 0x30, 0x82, - 0x01, 0x40, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x01, 0x01, 0x04, 0x26, 0x30, 0x24, 0x30, 0x22, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x16, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x74, 0x68, 0x61, 0x77, - 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, - 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, - 0x01, 0x00, 0x30, 0x41, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3a, 0x30, - 0x38, 0x30, 0x36, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, - 0x01, 0x07, 0x36, 0x30, 0x28, 0x30, 0x26, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x73, - 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, - 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x37, 0x06, - 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x30, 0x30, 0x2e, 0x30, 0x2c, 0xa0, 0x2a, - 0xa0, 0x28, 0x86, 0x26, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, - 0x72, 0x6c, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x50, 0x43, 0x41, 0x2d, - 0x47, 0x33, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x2a, - 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x23, 0x30, 0x21, 0xa4, 0x1f, 0x30, - 0x1d, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, - 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x4d, 0x50, 0x4b, 0x49, - 0x2d, 0x32, 0x2d, 0x34, 0x31, 0x35, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, - 0x0e, 0x04, 0x16, 0x04, 0x14, 0x2b, 0x9a, 0x35, 0xae, 0x01, 0x18, 0x38, - 0x30, 0xe1, 0x70, 0x7a, 0x05, 0xe0, 0x11, 0x76, 0xa3, 0xce, 0xbd, 0x90, - 0x14, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, - 0x80, 0x14, 0xad, 0x6c, 0xaa, 0x94, 0x60, 0x9c, 0xed, 0xe4, 0xff, 0xfa, - 0x3e, 0x0a, 0x74, 0x2b, 0x63, 0x03, 0xf7, 0xb6, 0x59, 0xbf, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x74, 0xa6, 0x56, 0xe8, 0xaf, 0x93, - 0x96, 0x19, 0xfb, 0x26, 0xf9, 0x0d, 0xb0, 0x44, 0xa5, 0xcd, 0xe9, 0x7a, - 0x48, 0x03, 0x74, 0x01, 0x6c, 0x13, 0x71, 0xb7, 0xe0, 0x82, 0x90, 0x99, - 0x62, 0x23, 0xe3, 0xd6, 0x99, 0xaf, 0xf0, 0xc7, 0x1e, 0x9e, 0xa8, 0x18, - 0x21, 0xdb, 0xb4, 0x94, 0x3f, 0x34, 0x56, 0x1b, 0x99, 0x55, 0x2f, 0x8e, - 0xf0, 0x45, 0x33, 0x32, 0xb7, 0x72, 0xc1, 0x13, 0x5b, 0x34, 0xd3, 0xf5, - 0x60, 0xe5, 0x2e, 0x18, 0xd1, 0x5c, 0xc5, 0x6a, 0xc1, 0xaa, 0x87, 0x50, - 0x0c, 0x1c, 0x9d, 0x64, 0x2b, 0xff, 0x1b, 0xdc, 0xd5, 0x2e, 0x61, 0x0b, - 0xe7, 0xb9, 0xb6, 0x91, 0x53, 0x86, 0xd9, 0x03, 0x2a, 0xd1, 0x3d, 0x7b, - 0x4a, 0xda, 0x2b, 0x07, 0xbe, 0x29, 0xf2, 0x60, 0x42, 0xa9, 0x91, 0x1a, - 0x0e, 0x2e, 0x3c, 0xd1, 0x7d, 0xa5, 0x13, 0x14, 0x02, 0xfa, 0xee, 0x8b, - 0x8d, 0xb6, 0xc8, 0xb8, 0x3e, 0x56, 0x81, 0x57, 0x21, 0x24, 0x3f, 0x65, - 0xc3, 0xb4, 0xc9, 0xce, 0x5c, 0x8d, 0x46, 0xac, 0x53, 0xf3, 0xf9, 0x55, - 0x74, 0xc8, 0x2b, 0xfd, 0xd2, 0x78, 0x70, 0xf5, 0xf8, 0x11, 0xe5, 0xf4, - 0xa7, 0xad, 0x20, 0xf5, 0x9d, 0xf1, 0xec, 0x70, 0xf6, 0x13, 0xac, 0xe6, - 0x8c, 0x8d, 0xdb, 0x3f, 0xc6, 0xf2, 0x79, 0x0e, 0xab, 0x52, 0xf2, 0xcc, - 0x1b, 0x79, 0x27, 0xcf, 0x16, 0xb3, 0xd6, 0xf3, 0xc6, 0x36, 0x80, 0x43, - 0xec, 0xc5, 0x94, 0xf0, 0xdd, 0x90, 0x8d, 0xf8, 0xc6, 0x52, 0x46, 0x56, - 0xeb, 0x74, 0x47, 0xbe, 0xa6, 0xf3, 0x19, 0xae, 0x71, 0x4c, 0xc0, 0xe1, - 0xe7, 0xd4, 0xcf, 0xed, 0xd4, 0x06, 0x28, 0x2a, 0x11, 0x3c, 0xba, 0xd9, - 0x41, 0x6e, 0x00, 0xe7, 0x81, 0x37, 0x93, 0xe4, 0xda, 0x62, 0xc6, 0x1d, - 0x67, 0x6f, 0x63, 0xb4, 0x14, 0x86, 0xd9, 0xa6, 0x62, 0xf0, -} - -var certSet3Cert35 = []byte{ - 0x30, 0x82, 0x04, 0xc7, 0x30, 0x82, 0x03, 0xaf, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x41, 0x82, 0x12, 0x7d, 0x12, 0xd9, 0xc6, 0xb3, 0x21, - 0x39, 0x43, 0x12, 0x56, 0x64, 0x00, 0xb8, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0x98, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x39, 0x30, 0x37, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x30, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x38, 0x20, 0x47, 0x65, - 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, - 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, - 0x79, 0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2d, - 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x50, 0x72, 0x69, - 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, 0x1e, 0x17, - 0x0d, 0x31, 0x33, 0x30, 0x35, 0x32, 0x33, 0x30, 0x30, 0x30, 0x30, 0x30, - 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x35, 0x32, 0x32, 0x32, 0x33, - 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x46, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72, - 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1f, 0x30, 0x1d, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x16, 0x47, 0x65, 0x6f, 0x54, 0x72, - 0x75, 0x73, 0x74, 0x20, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x53, - 0x53, 0x4c, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, - 0x01, 0x00, 0xc6, 0xa9, 0x0b, 0x5d, 0x17, 0xa5, 0x7d, 0xc6, 0xcf, 0x2a, - 0xef, 0xc6, 0x66, 0xd1, 0x42, 0x1e, 0x5f, 0x83, 0x78, 0x68, 0x91, 0xaf, - 0xe6, 0xa7, 0x8b, 0xf0, 0x1d, 0x44, 0x01, 0x0a, 0x19, 0xca, 0x9c, 0xd4, - 0x8b, 0x1d, 0xe1, 0xa1, 0x90, 0xa3, 0xc1, 0x5b, 0xb4, 0xd7, 0x5b, 0x6a, - 0x8b, 0xfc, 0x0e, 0x49, 0x1e, 0xc2, 0x62, 0x29, 0xfe, 0x80, 0x15, 0x39, - 0x8b, 0x81, 0x2a, 0x27, 0xb5, 0xfb, 0x12, 0xa8, 0x05, 0x22, 0x0b, 0xc5, - 0x2c, 0xf5, 0xd9, 0x98, 0xdd, 0x16, 0x2f, 0x3b, 0x66, 0xe7, 0x62, 0xa2, - 0x43, 0x32, 0xac, 0x8f, 0xb5, 0x85, 0xc8, 0x52, 0x06, 0x2c, 0x5c, 0xc0, - 0x77, 0xfa, 0x67, 0xf7, 0x83, 0xe8, 0x5e, 0x05, 0x8d, 0xc8, 0xab, 0xa1, - 0x16, 0x32, 0x8a, 0xd2, 0x40, 0xec, 0x86, 0x3a, 0x1c, 0x23, 0xa9, 0x8d, - 0xb5, 0x00, 0xde, 0x72, 0xbd, 0x85, 0x55, 0xfe, 0x06, 0x01, 0x60, 0x5d, - 0xad, 0xb3, 0xe0, 0x65, 0x73, 0xa5, 0x92, 0x14, 0x9e, 0x94, 0x56, 0x6f, - 0x93, 0xee, 0xaf, 0xa9, 0x3a, 0x30, 0x25, 0x4a, 0x8e, 0x09, 0x84, 0xef, - 0xb7, 0xd2, 0xd5, 0xd7, 0x9b, 0x49, 0xcd, 0xe9, 0xc0, 0x5e, 0x67, 0x71, - 0x22, 0xac, 0x50, 0x90, 0x43, 0x20, 0x5d, 0xa1, 0xa3, 0x15, 0x83, 0xfd, - 0xfc, 0xa7, 0x39, 0xbc, 0x6b, 0x65, 0x48, 0x12, 0x60, 0xff, 0xdd, 0x23, - 0xb3, 0x3a, 0xaa, 0xf4, 0x9f, 0x9c, 0x37, 0x53, 0x41, 0xa2, 0x47, 0x93, - 0x81, 0x33, 0x09, 0xe5, 0x22, 0xc6, 0xc8, 0x1c, 0x49, 0xa1, 0x6e, 0x8d, - 0xcc, 0x83, 0xb3, 0x9a, 0xcd, 0xea, 0x43, 0xf2, 0x19, 0xd3, 0x24, 0xcb, - 0xa8, 0x29, 0xae, 0x52, 0xcc, 0xf4, 0x08, 0x27, 0xb0, 0x84, 0xea, 0xce, - 0x27, 0xb5, 0xe1, 0x34, 0x13, 0x73, 0x92, 0x5c, 0x87, 0x86, 0x2a, 0xc6, - 0xb0, 0x68, 0x36, 0xad, 0xcb, 0x09, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, - 0x82, 0x01, 0x5c, 0x30, 0x82, 0x01, 0x58, 0x30, 0x3b, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x2f, 0x30, 0x2d, 0x30, - 0x2b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, - 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x63, 0x61, 0x2d, - 0x67, 0x33, 0x2d, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x65, 0x6f, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x12, 0x06, 0x03, - 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, - 0xff, 0x02, 0x01, 0x00, 0x30, 0x4c, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, - 0x45, 0x30, 0x43, 0x30, 0x41, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, - 0xf8, 0x45, 0x01, 0x07, 0x36, 0x30, 0x33, 0x30, 0x31, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x65, 0x6f, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x3b, - 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x34, 0x30, 0x32, 0x30, 0x30, 0xa0, - 0x2e, 0xa0, 0x2c, 0x86, 0x2a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x63, 0x72, 0x6c, 0x2e, 0x67, 0x65, 0x6f, 0x74, 0x72, 0x75, 0x73, 0x74, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x50, 0x43, 0x41, 0x2d, 0x47, 0x33, 0x2e, 0x63, 0x72, 0x6c, 0x30, - 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, - 0x02, 0x01, 0x06, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x23, - 0x30, 0x21, 0xa4, 0x1f, 0x30, 0x1d, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x12, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, - 0x6e, 0x4d, 0x50, 0x4b, 0x49, 0x2d, 0x32, 0x2d, 0x34, 0x31, 0x36, 0x30, - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x14, 0x67, - 0x8e, 0xed, 0x83, 0x4f, 0xd6, 0x1e, 0x9d, 0x40, 0x04, 0x0c, 0x04, 0x46, - 0xa1, 0x70, 0x34, 0xb2, 0x0f, 0x72, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xc4, 0x79, 0xca, 0x8e, 0xa1, - 0x4e, 0x03, 0x1d, 0x1c, 0xdc, 0x6b, 0xdb, 0x31, 0x5b, 0x94, 0x3e, 0x3f, - 0x30, 0x7f, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x10, - 0x10, 0xea, 0xf2, 0x10, 0xd6, 0x08, 0x46, 0xe2, 0xc1, 0x8f, 0x3e, 0x36, - 0x59, 0xc8, 0x2b, 0x0f, 0xfe, 0x4d, 0xec, 0xe3, 0xf8, 0xb6, 0x56, 0x31, - 0x78, 0x25, 0xd4, 0x76, 0xf2, 0x08, 0xdd, 0xef, 0x3f, 0xcd, 0x8b, 0x1c, - 0x7e, 0xaa, 0x7f, 0xfc, 0x0b, 0xa8, 0x23, 0x64, 0x51, 0xb3, 0x87, 0xd6, - 0x09, 0xfa, 0x22, 0xfa, 0xc7, 0x0a, 0x51, 0xe8, 0xce, 0xb8, 0xf6, 0x03, - 0x70, 0xe0, 0x1b, 0x5a, 0xb9, 0xb1, 0xb2, 0x93, 0x11, 0x10, 0xf9, 0x97, - 0x05, 0x07, 0x29, 0x6c, 0x6d, 0x57, 0x25, 0x54, 0xe8, 0xf9, 0x66, 0x9b, - 0x0e, 0xfb, 0xdb, 0x9f, 0xee, 0x96, 0x6f, 0x65, 0xcb, 0x1f, 0xd8, 0x55, - 0xce, 0x31, 0xfa, 0xcf, 0x02, 0xf4, 0xd0, 0x7f, 0x50, 0x66, 0xff, 0x2f, - 0x79, 0x9b, 0xa5, 0xc2, 0xdf, 0xd6, 0xcf, 0xc8, 0x15, 0x83, 0x96, 0x84, - 0x98, 0xb2, 0x46, 0xd4, 0x5f, 0x13, 0xa8, 0x3e, 0xa7, 0x34, 0x9c, 0x05, - 0x38, 0xda, 0xcf, 0xd6, 0x69, 0x95, 0xa9, 0x26, 0x87, 0x76, 0x01, 0xd7, - 0xb2, 0x51, 0x0f, 0x81, 0x69, 0x46, 0x26, 0x1c, 0x99, 0xb6, 0x83, 0x58, - 0xe3, 0x3b, 0x58, 0x8f, 0xdc, 0xb4, 0x71, 0xc0, 0xb9, 0xbf, 0x42, 0x9c, - 0x1c, 0x03, 0x9e, 0xe4, 0x46, 0xa8, 0xea, 0xb9, 0xc1, 0xcd, 0xf6, 0x5b, - 0xa9, 0x3c, 0x96, 0xfb, 0x79, 0xa4, 0x33, 0x73, 0xa7, 0x9e, 0x78, 0xb9, - 0x70, 0xdc, 0x72, 0x74, 0xc4, 0x32, 0xc8, 0x00, 0x1b, 0xc9, 0xef, 0x48, - 0xd3, 0xfb, 0x3a, 0x9b, 0xfa, 0xfe, 0x7a, 0x9a, 0x40, 0x69, 0x1c, 0xc8, - 0xda, 0x28, 0x37, 0x0b, 0xd3, 0xa3, 0xb9, 0x7e, 0x96, 0xcc, 0x2b, 0x28, - 0xc3, 0x56, 0x6c, 0x6f, 0xe9, 0xdb, 0x52, 0xb1, 0xfa, 0x9a, 0xfb, 0xe7, - 0xaf, 0xb5, 0x97, 0xa6, 0x22, 0xc3, 0xc5, 0xa8, 0x93, 0xb1, 0x00, 0xc9, - 0x07, 0xb2, 0x7d, -} - -var certSet3Cert36 = []byte{ - 0x30, 0x82, 0x04, 0xd0, 0x30, 0x82, 0x03, 0xb8, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x01, 0x07, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x83, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, - 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63, 0x6f, 0x74, 0x74, 0x73, 0x64, 0x61, - 0x6c, 0x65, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x11, 0x47, 0x6f, 0x44, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, - 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x31, 0x30, 0x2f, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x28, 0x47, 0x6f, 0x20, 0x44, 0x61, 0x64, 0x64, - 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x1e, 0x17, - 0x0d, 0x31, 0x31, 0x30, 0x35, 0x30, 0x33, 0x30, 0x37, 0x30, 0x30, 0x30, - 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x31, 0x30, 0x35, 0x30, 0x33, 0x30, 0x37, - 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0xb4, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, - 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, 0x69, 0x7a, - 0x6f, 0x6e, 0x61, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, - 0x13, 0x0a, 0x53, 0x63, 0x6f, 0x74, 0x74, 0x73, 0x64, 0x61, 0x6c, 0x65, - 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x47, - 0x6f, 0x44, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x2d, 0x30, 0x2b, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x24, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, - 0x72, 0x74, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, - 0x72, 0x79, 0x2f, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x2a, 0x47, 0x6f, 0x20, 0x44, 0x61, 0x64, 0x64, 0x79, 0x20, 0x53, - 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xb9, 0xe0, 0xcb, 0x10, 0xd4, 0xaf, 0x76, - 0xbd, 0xd4, 0x93, 0x62, 0xeb, 0x30, 0x64, 0xb8, 0x81, 0x08, 0x6c, 0xc3, - 0x04, 0xd9, 0x62, 0x17, 0x8e, 0x2f, 0xff, 0x3e, 0x65, 0xcf, 0x8f, 0xce, - 0x62, 0xe6, 0x3c, 0x52, 0x1c, 0xda, 0x16, 0x45, 0x4b, 0x55, 0xab, 0x78, - 0x6b, 0x63, 0x83, 0x62, 0x90, 0xce, 0x0f, 0x69, 0x6c, 0x99, 0xc8, 0x1a, - 0x14, 0x8b, 0x4c, 0xcc, 0x45, 0x33, 0xea, 0x88, 0xdc, 0x9e, 0xa3, 0xaf, - 0x2b, 0xfe, 0x80, 0x61, 0x9d, 0x79, 0x57, 0xc4, 0xcf, 0x2e, 0xf4, 0x3f, - 0x30, 0x3c, 0x5d, 0x47, 0xfc, 0x9a, 0x16, 0xbc, 0xc3, 0x37, 0x96, 0x41, - 0x51, 0x8e, 0x11, 0x4b, 0x54, 0xf8, 0x28, 0xbe, 0xd0, 0x8c, 0xbe, 0xf0, - 0x30, 0x38, 0x1e, 0xf3, 0xb0, 0x26, 0xf8, 0x66, 0x47, 0x63, 0x6d, 0xde, - 0x71, 0x26, 0x47, 0x8f, 0x38, 0x47, 0x53, 0xd1, 0x46, 0x1d, 0xb4, 0xe3, - 0xdc, 0x00, 0xea, 0x45, 0xac, 0xbd, 0xbc, 0x71, 0xd9, 0xaa, 0x6f, 0x00, - 0xdb, 0xdb, 0xcd, 0x30, 0x3a, 0x79, 0x4f, 0x5f, 0x4c, 0x47, 0xf8, 0x1d, - 0xef, 0x5b, 0xc2, 0xc4, 0x9d, 0x60, 0x3b, 0xb1, 0xb2, 0x43, 0x91, 0xd8, - 0xa4, 0x33, 0x4e, 0xea, 0xb3, 0xd6, 0x27, 0x4f, 0xad, 0x25, 0x8a, 0xa5, - 0xc6, 0xf4, 0xd5, 0xd0, 0xa6, 0xae, 0x74, 0x05, 0x64, 0x57, 0x88, 0xb5, - 0x44, 0x55, 0xd4, 0x2d, 0x2a, 0x3a, 0x3e, 0xf8, 0xb8, 0xbd, 0xe9, 0x32, - 0x0a, 0x02, 0x94, 0x64, 0xc4, 0x16, 0x3a, 0x50, 0xf1, 0x4a, 0xae, 0xe7, - 0x79, 0x33, 0xaf, 0x0c, 0x20, 0x07, 0x7f, 0xe8, 0xdf, 0x04, 0x39, 0xc2, - 0x69, 0x02, 0x6c, 0x63, 0x52, 0xfa, 0x77, 0xc1, 0x1b, 0xc8, 0x74, 0x87, - 0xc8, 0xb9, 0x93, 0x18, 0x50, 0x54, 0x35, 0x4b, 0x69, 0x4e, 0xbc, 0x3b, - 0xd3, 0x49, 0x2e, 0x1f, 0xdc, 0xc1, 0xd2, 0x52, 0xfb, 0x02, 0x03, 0x01, - 0x00, 0x01, 0xa3, 0x82, 0x01, 0x1a, 0x30, 0x82, 0x01, 0x16, 0x30, 0x0f, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, - 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, - 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x40, 0xc2, 0xbd, 0x27, 0x8e, 0xcc, - 0x34, 0x83, 0x30, 0xa2, 0x33, 0xd7, 0xfb, 0x6c, 0xb3, 0xf0, 0xb4, 0x2c, - 0x80, 0xce, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, - 0x16, 0x80, 0x14, 0x3a, 0x9a, 0x85, 0x07, 0x10, 0x67, 0x28, 0xb6, 0xef, - 0xf6, 0xbd, 0x05, 0x41, 0x6e, 0x20, 0xc1, 0x94, 0xda, 0x0f, 0xde, 0x30, - 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, - 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x30, 0x35, 0x06, 0x03, 0x55, 0x1d, 0x1f, - 0x04, 0x2e, 0x30, 0x2c, 0x30, 0x2a, 0xa0, 0x28, 0xa0, 0x26, 0x86, 0x24, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x67, - 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, - 0x64, 0x72, 0x6f, 0x6f, 0x74, 0x2d, 0x67, 0x32, 0x2e, 0x63, 0x72, 0x6c, - 0x30, 0x46, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3f, 0x30, 0x3d, 0x30, - 0x3b, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x33, 0x30, 0x31, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, - 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x73, - 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x08, 0x7e, 0x6c, 0x93, - 0x10, 0xc8, 0x38, 0xb8, 0x96, 0xa9, 0x90, 0x4b, 0xff, 0xa1, 0x5f, 0x4f, - 0x04, 0xef, 0x6c, 0x3e, 0x9c, 0x88, 0x06, 0xc9, 0x50, 0x8f, 0xa6, 0x73, - 0xf7, 0x57, 0x31, 0x1b, 0xbe, 0xbc, 0xe4, 0x2f, 0xdb, 0xf8, 0xba, 0xd3, - 0x5b, 0xe0, 0xb4, 0xe7, 0xe6, 0x79, 0x62, 0x0e, 0x0c, 0xa2, 0xd7, 0x6a, - 0x63, 0x73, 0x31, 0xb5, 0xf5, 0xa8, 0x48, 0xa4, 0x3b, 0x08, 0x2d, 0xa2, - 0x5d, 0x90, 0xd7, 0xb4, 0x7c, 0x25, 0x4f, 0x11, 0x56, 0x30, 0xc4, 0xb6, - 0x44, 0x9d, 0x7b, 0x2c, 0x9d, 0xe5, 0x5e, 0xe6, 0xef, 0x0c, 0x61, 0xaa, - 0xbf, 0xe4, 0x2a, 0x1b, 0xee, 0x84, 0x9e, 0xb8, 0x83, 0x7d, 0xc1, 0x43, - 0xce, 0x44, 0xa7, 0x13, 0x70, 0x0d, 0x91, 0x1f, 0xf4, 0xc8, 0x13, 0xad, - 0x83, 0x60, 0xd9, 0xd8, 0x72, 0xa8, 0x73, 0x24, 0x1e, 0xb5, 0xac, 0x22, - 0x0e, 0xca, 0x17, 0x89, 0x62, 0x58, 0x44, 0x1b, 0xab, 0x89, 0x25, 0x01, - 0x00, 0x0f, 0xcd, 0xc4, 0x1b, 0x62, 0xdb, 0x51, 0xb4, 0xd3, 0x0f, 0x51, - 0x2a, 0x9b, 0xf4, 0xbc, 0x73, 0xfc, 0x76, 0xce, 0x36, 0xa4, 0xcd, 0xd9, - 0xd8, 0x2c, 0xea, 0xae, 0x9b, 0xf5, 0x2a, 0xb2, 0x90, 0xd1, 0x4d, 0x75, - 0x18, 0x8a, 0x3f, 0x8a, 0x41, 0x90, 0x23, 0x7d, 0x5b, 0x4b, 0xfe, 0xa4, - 0x03, 0x58, 0x9b, 0x46, 0xb2, 0xc3, 0x60, 0x60, 0x83, 0xf8, 0x7d, 0x50, - 0x41, 0xce, 0xc2, 0xa1, 0x90, 0xc3, 0xbb, 0xef, 0x02, 0x2f, 0xd2, 0x15, - 0x54, 0xee, 0x44, 0x15, 0xd9, 0x0a, 0xae, 0xa7, 0x8a, 0x33, 0xed, 0xb1, - 0x2d, 0x76, 0x36, 0x26, 0xdc, 0x04, 0xeb, 0x9f, 0xf7, 0x61, 0x1f, 0x15, - 0xdc, 0x87, 0x6f, 0xee, 0x46, 0x96, 0x28, 0xad, 0xa1, 0x26, 0x7d, 0x0a, - 0x09, 0xa7, 0x2e, 0x04, 0xa3, 0x8d, 0xbc, 0xf8, 0xbc, 0x04, 0x30, 0x01, -} - -var certSet3Cert37 = []byte{ - 0x30, 0x82, 0x04, 0xd0, 0x30, 0x82, 0x04, 0x39, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x25, 0x0c, 0xe8, 0xe0, 0x30, 0x61, 0x2e, 0x9f, 0x2b, - 0x89, 0xf7, 0x05, 0x4d, 0x7c, 0xf8, 0xfd, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5f, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, - 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x2e, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x50, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, - 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x31, 0x31, 0x30, 0x38, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x31, 0x31, 0x30, 0x37, - 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x81, 0xca, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, - 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x3a, 0x30, - 0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x31, 0x28, 0x63, 0x29, 0x20, - 0x32, 0x30, 0x30, 0x36, 0x20, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, - 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, - 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, - 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x45, 0x30, - 0x43, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x3c, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, - 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, - 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x35, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xaf, 0x24, 0x08, 0x08, 0x29, 0x7a, 0x35, - 0x9e, 0x60, 0x0c, 0xaa, 0xe7, 0x4b, 0x3b, 0x4e, 0xdc, 0x7c, 0xbc, 0x3c, - 0x45, 0x1c, 0xbb, 0x2b, 0xe0, 0xfe, 0x29, 0x02, 0xf9, 0x57, 0x08, 0xa3, - 0x64, 0x85, 0x15, 0x27, 0xf5, 0xf1, 0xad, 0xc8, 0x31, 0x89, 0x5d, 0x22, - 0xe8, 0x2a, 0xaa, 0xa6, 0x42, 0xb3, 0x8f, 0xf8, 0xb9, 0x55, 0xb7, 0xb1, - 0xb7, 0x4b, 0xb3, 0xfe, 0x8f, 0x7e, 0x07, 0x57, 0xec, 0xef, 0x43, 0xdb, - 0x66, 0x62, 0x15, 0x61, 0xcf, 0x60, 0x0d, 0xa4, 0xd8, 0xde, 0xf8, 0xe0, - 0xc3, 0x62, 0x08, 0x3d, 0x54, 0x13, 0xeb, 0x49, 0xca, 0x59, 0x54, 0x85, - 0x26, 0xe5, 0x2b, 0x8f, 0x1b, 0x9f, 0xeb, 0xf5, 0xa1, 0x91, 0xc2, 0x33, - 0x49, 0xd8, 0x43, 0x63, 0x6a, 0x52, 0x4b, 0xd2, 0x8f, 0xe8, 0x70, 0x51, - 0x4d, 0xd1, 0x89, 0x69, 0x7b, 0xc7, 0x70, 0xf6, 0xb3, 0xdc, 0x12, 0x74, - 0xdb, 0x7b, 0x5d, 0x4b, 0x56, 0xd3, 0x96, 0xbf, 0x15, 0x77, 0xa1, 0xb0, - 0xf4, 0xa2, 0x25, 0xf2, 0xaf, 0x1c, 0x92, 0x67, 0x18, 0xe5, 0xf4, 0x06, - 0x04, 0xef, 0x90, 0xb9, 0xe4, 0x00, 0xe4, 0xdd, 0x3a, 0xb5, 0x19, 0xff, - 0x02, 0xba, 0xf4, 0x3c, 0xee, 0xe0, 0x8b, 0xeb, 0x37, 0x8b, 0xec, 0xf4, - 0xd7, 0xac, 0xf2, 0xf6, 0xf0, 0x3d, 0xaf, 0xdd, 0x75, 0x91, 0x33, 0x19, - 0x1d, 0x1c, 0x40, 0xcb, 0x74, 0x24, 0x19, 0x21, 0x93, 0xd9, 0x14, 0xfe, - 0xac, 0x2a, 0x52, 0xc7, 0x8f, 0xd5, 0x04, 0x49, 0xe4, 0x8d, 0x63, 0x47, - 0x88, 0x3c, 0x69, 0x83, 0xcb, 0xfe, 0x47, 0xbd, 0x2b, 0x7e, 0x4f, 0xc5, - 0x95, 0xae, 0x0e, 0x9d, 0xd4, 0xd1, 0x43, 0xc0, 0x67, 0x73, 0xe3, 0x14, - 0x08, 0x7e, 0xe5, 0x3f, 0x9f, 0x73, 0xb8, 0x33, 0x0a, 0xcf, 0x5d, 0x3f, - 0x34, 0x87, 0x96, 0x8a, 0xee, 0x53, 0xe8, 0x25, 0x15, 0x02, 0x03, 0x01, - 0x00, 0x01, 0xa3, 0x82, 0x01, 0x9b, 0x30, 0x82, 0x01, 0x97, 0x30, 0x0f, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, - 0x01, 0x01, 0xff, 0x30, 0x31, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2a, - 0x30, 0x28, 0x30, 0x26, 0xa0, 0x24, 0xa0, 0x22, 0x86, 0x20, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x76, 0x65, 0x72, - 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x63, - 0x61, 0x33, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x3d, - 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x36, 0x30, 0x34, 0x30, 0x32, 0x06, - 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x2a, 0x30, 0x28, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1c, 0x68, 0x74, 0x74, - 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x76, 0x65, 0x72, - 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, - 0x73, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0x7f, 0xd3, 0x65, 0xa7, 0xc2, 0xdd, 0xec, 0xbb, 0xf0, 0x30, 0x09, 0xf3, - 0x43, 0x39, 0xfa, 0x02, 0xaf, 0x33, 0x31, 0x33, 0x30, 0x6d, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0c, 0x04, 0x61, 0x30, 0x5f, - 0xa1, 0x5d, 0xa0, 0x5b, 0x30, 0x59, 0x30, 0x57, 0x30, 0x55, 0x16, 0x09, - 0x69, 0x6d, 0x61, 0x67, 0x65, 0x2f, 0x67, 0x69, 0x66, 0x30, 0x21, 0x30, - 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, - 0x8f, 0xe5, 0xd3, 0x1a, 0x86, 0xac, 0x8d, 0x8e, 0x6b, 0xc3, 0xcf, 0x80, - 0x6a, 0xd4, 0x48, 0x18, 0x2c, 0x7b, 0x19, 0x2e, 0x30, 0x25, 0x16, 0x23, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6c, 0x6f, 0x67, 0x6f, 0x2e, - 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x76, 0x73, 0x6c, 0x6f, 0x67, 0x6f, 0x2e, 0x67, 0x69, 0x66, 0x30, - 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, - 0x28, 0x30, 0x26, 0x30, 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, - 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x3e, 0x06, 0x03, 0x55, 0x1d, 0x25, - 0x04, 0x37, 0x30, 0x35, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03, 0x06, 0x09, - 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x04, 0x01, 0x06, 0x0a, 0x60, - 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, 0x08, 0x01, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, - 0x03, 0x81, 0x81, 0x00, 0x13, 0x02, 0xdd, 0xf8, 0xe8, 0x86, 0x00, 0xf2, - 0x5a, 0xf8, 0xf8, 0x20, 0x0c, 0x59, 0x88, 0x62, 0x07, 0xce, 0xce, 0xf7, - 0x4e, 0xf9, 0xbb, 0x59, 0xa1, 0x98, 0xe5, 0xe1, 0x38, 0xdd, 0x4e, 0xbc, - 0x66, 0x18, 0xd3, 0xad, 0xeb, 0x18, 0xf2, 0x0d, 0xc9, 0x6d, 0x3e, 0x4a, - 0x94, 0x20, 0xc3, 0x3c, 0xba, 0xbd, 0x65, 0x54, 0xc6, 0xaf, 0x44, 0xb3, - 0x10, 0xad, 0x2c, 0x6b, 0x3e, 0xab, 0xd7, 0x07, 0xb6, 0xb8, 0x81, 0x63, - 0xc5, 0xf9, 0x5e, 0x2e, 0xe5, 0x2a, 0x67, 0xce, 0xcd, 0x33, 0x0c, 0x2a, - 0xd7, 0x89, 0x56, 0x03, 0x23, 0x1f, 0xb3, 0xbe, 0xe8, 0x3a, 0x08, 0x59, - 0xb4, 0xec, 0x45, 0x35, 0xf7, 0x8a, 0x5b, 0xff, 0x66, 0xcf, 0x50, 0xaf, - 0xc6, 0x6d, 0x57, 0x8d, 0x19, 0x78, 0xb7, 0xb9, 0xa2, 0xd1, 0x57, 0xea, - 0x1f, 0x9a, 0x4b, 0xaf, 0xba, 0xc9, 0x8e, 0x12, 0x7e, 0xc6, 0xbd, 0xff, -} - -var certSet3Cert38 = []byte{ - 0x30, 0x82, 0x04, 0xd2, 0x30, 0x82, 0x03, 0xba, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x2c, 0x69, 0xe1, 0x2f, 0x6a, 0x67, 0x0b, 0xd9, 0x9d, - 0xd2, 0x0f, 0x91, 0x9e, 0xf0, 0x9e, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xa9, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, - 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, 0x38, 0x30, 0x36, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, - 0x30, 0x36, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, - 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x16, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, - 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x36, 0x31, 0x30, - 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x34, 0x30, - 0x36, 0x30, 0x39, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x63, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, - 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x14, 0x44, - 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, - 0x74, 0x65, 0x64, 0x20, 0x53, 0x53, 0x4c, 0x31, 0x1e, 0x30, 0x1c, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x15, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, - 0x20, 0x44, 0x56, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, 0x20, 0x2d, - 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xea, 0x94, 0x07, 0x85, 0xc8, 0x41, 0x2c, 0xf6, 0x83, 0x12, 0x6c, 0x92, - 0x5f, 0xab, 0x1f, 0x00, 0xd4, 0x96, 0x6f, 0x74, 0xcd, 0x2e, 0x11, 0xe9, - 0x6c, 0x0f, 0x39, 0x01, 0xb9, 0x48, 0x90, 0x40, 0x39, 0x4d, 0xc4, 0xa2, - 0xc8, 0x79, 0x6a, 0xa5, 0x9a, 0xbd, 0x91, 0x44, 0x65, 0x77, 0x54, 0xad, - 0xff, 0x25, 0x5f, 0xee, 0x42, 0xfb, 0xb3, 0x02, 0x0f, 0xea, 0x5d, 0x7a, - 0xdd, 0x1a, 0x54, 0x9e, 0xd7, 0x73, 0x42, 0x9b, 0xcc, 0x79, 0x5f, 0xc5, - 0x4d, 0xf4, 0xb7, 0x0b, 0x18, 0x39, 0x20, 0x7a, 0xdd, 0x50, 0x01, 0x5d, - 0x34, 0x45, 0x5f, 0x4c, 0x11, 0x0e, 0xf5, 0x87, 0x26, 0x26, 0xb4, 0xb0, - 0xf3, 0x7e, 0x71, 0xa0, 0x31, 0x71, 0x50, 0x89, 0x68, 0x5a, 0x63, 0x8a, - 0x14, 0x62, 0xe5, 0x8c, 0x3a, 0x16, 0x55, 0x0d, 0x3e, 0xeb, 0xaa, 0x80, - 0x1d, 0x71, 0x7a, 0xe3, 0x87, 0x07, 0xab, 0xbd, 0xa2, 0x74, 0xcd, 0xda, - 0x08, 0x01, 0x9d, 0x1b, 0xcc, 0x27, 0x88, 0x8c, 0x47, 0xd4, 0x69, 0x25, - 0x42, 0xd6, 0xbb, 0x50, 0x6d, 0x85, 0x50, 0xd0, 0x48, 0x82, 0x0d, 0x08, - 0x9f, 0xe9, 0x23, 0xe3, 0x42, 0xc6, 0x3c, 0x98, 0xb8, 0xbb, 0x6e, 0xc5, - 0x70, 0x13, 0xdf, 0x19, 0x1d, 0x01, 0xfd, 0xd2, 0xb5, 0x4e, 0xe6, 0x62, - 0xf4, 0x07, 0xfa, 0x6b, 0x7d, 0x11, 0x77, 0xc4, 0x62, 0x4f, 0x40, 0x4e, - 0xa5, 0x78, 0x97, 0xab, 0x2c, 0x4d, 0x0c, 0xa7, 0x7c, 0xc3, 0xc4, 0x50, - 0x32, 0x9f, 0xd0, 0x70, 0x9b, 0x0f, 0xff, 0xff, 0x75, 0x59, 0x34, 0x85, - 0xad, 0x49, 0xd5, 0x35, 0xee, 0x4f, 0x5b, 0xd4, 0xd4, 0x36, 0x95, 0xa0, - 0x7e, 0xe8, 0xc5, 0xa1, 0x1c, 0xbd, 0x13, 0x4e, 0x7d, 0xee, 0x63, 0x6a, - 0x96, 0x19, 0x99, 0xc8, 0xa7, 0x2a, 0x00, 0xe6, 0x51, 0x8d, 0x46, 0xeb, - 0x30, 0x58, 0xe8, 0x2d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, - 0x39, 0x30, 0x82, 0x01, 0x35, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, - 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, - 0x00, 0x30, 0x41, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3a, 0x30, 0x38, - 0x30, 0x36, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, - 0x07, 0x36, 0x30, 0x28, 0x30, 0x26, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, - 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x0e, 0x06, 0x03, - 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, - 0x30, 0x2e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, - 0x04, 0x22, 0x30, 0x20, 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x30, 0x01, 0x86, 0x12, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x74, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x64, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x31, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2a, 0x30, 0x28, 0x30, - 0x26, 0xa0, 0x24, 0xa0, 0x22, 0x86, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x74, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x50, 0x43, 0x41, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x29, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x22, - 0x30, 0x20, 0xa4, 0x1e, 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x11, 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, - 0x63, 0x50, 0x4b, 0x49, 0x2d, 0x31, 0x2d, 0x36, 0x39, 0x38, 0x30, 0x1d, - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9f, 0xb8, 0xc1, - 0xa9, 0x6c, 0xf2, 0xf5, 0xc0, 0x22, 0x2a, 0x94, 0xed, 0x5c, 0x99, 0xac, - 0xd4, 0xec, 0xd7, 0xc6, 0x07, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, - 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7b, 0x5b, 0x45, 0xcf, 0xaf, 0xce, - 0xcb, 0x7a, 0xfd, 0x31, 0x92, 0x1a, 0x6a, 0xb6, 0xf3, 0x46, 0xeb, 0x57, - 0x48, 0x50, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x53, 0x54, - 0xf2, 0x47, 0xa8, 0x02, 0xd7, 0xef, 0xaa, 0x35, 0x78, 0xbe, 0x4a, 0x08, - 0x0d, 0x90, 0x18, 0x4b, 0x6d, 0x9e, 0x2a, 0x53, 0x2b, 0xe9, 0x54, 0x17, - 0x77, 0x74, 0x29, 0x7e, 0xd0, 0x37, 0x07, 0x05, 0xb8, 0xe4, 0xfa, 0xb8, - 0xb4, 0x63, 0x98, 0x44, 0xdc, 0xc6, 0x4f, 0x81, 0x06, 0x8c, 0x3a, 0xbe, - 0xc7, 0x30, 0x57, 0xc6, 0x70, 0xfc, 0xd6, 0x93, 0x19, 0x9f, 0xc3, 0x55, - 0xd7, 0x3e, 0x1f, 0x72, 0x8a, 0x9d, 0x30, 0x5a, 0x35, 0x97, 0x32, 0xcb, - 0x63, 0xe4, 0xc6, 0x72, 0xdf, 0xfb, 0x68, 0xca, 0x69, 0x2f, 0xdb, 0xcd, - 0x50, 0x38, 0x3e, 0x2b, 0xbb, 0xab, 0x3b, 0x82, 0xc7, 0xfd, 0x4b, 0x9b, - 0xbd, 0x7c, 0x41, 0x98, 0xef, 0x01, 0x53, 0xd8, 0x35, 0x8f, 0x25, 0xc9, - 0x03, 0x06, 0xe6, 0x9c, 0x57, 0xc1, 0x51, 0x0f, 0x9e, 0xf6, 0x7d, 0x93, - 0x4d, 0xf8, 0x76, 0xc8, 0x3a, 0x6b, 0xf4, 0xc4, 0x8f, 0x33, 0x32, 0x7f, - 0x9d, 0x21, 0x84, 0x34, 0xd9, 0xa7, 0xf9, 0x92, 0xfa, 0x41, 0x91, 0x61, - 0x84, 0x05, 0x9d, 0xa3, 0x79, 0x46, 0xce, 0x67, 0xe7, 0x81, 0xf2, 0x5e, - 0xac, 0x4c, 0xbc, 0xa8, 0xab, 0x6a, 0x6d, 0x15, 0xe2, 0x9c, 0x4e, 0x5a, - 0xd9, 0x63, 0x80, 0xbc, 0xf7, 0x42, 0xeb, 0x9a, 0x44, 0xc6, 0x8c, 0x6b, - 0x06, 0x36, 0xb4, 0x8b, 0x32, 0x89, 0xde, 0xc2, 0xf1, 0xa8, 0x26, 0xaa, - 0xa9, 0xac, 0xff, 0xea, 0x71, 0xa6, 0xe7, 0x8c, 0x41, 0xfa, 0x17, 0x35, - 0xbb, 0xb3, 0x87, 0x31, 0xa9, 0x93, 0xc2, 0xc8, 0x58, 0xe1, 0x0a, 0x4e, - 0x95, 0x83, 0x9c, 0xb9, 0xed, 0x3b, 0xa5, 0xef, 0x08, 0xe0, 0x74, 0xf9, - 0xc3, 0x1b, 0xe6, 0x07, 0xa3, 0xee, 0x07, 0xd7, 0x42, 0x22, 0x79, 0x21, - 0xa0, 0xa1, 0xd4, 0x1d, 0x26, 0xd3, 0xd0, 0xd6, 0xa6, 0x5d, 0x2b, 0x41, - 0xc0, 0x79, -} - -var certSet3Cert39 = []byte{ - 0x30, 0x82, 0x04, 0xff, 0x30, 0x82, 0x03, 0xe7, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x04, 0x51, 0xd3, 0x40, 0x44, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xb0, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0d, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x39, 0x30, 0x37, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x30, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, - 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x43, 0x50, 0x53, 0x20, 0x69, 0x73, 0x20, - 0x69, 0x6e, 0x63, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x65, 0x64, - 0x20, 0x62, 0x79, 0x20, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, - 0x65, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, - 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x36, 0x20, 0x45, 0x6e, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x2d, - 0x30, 0x2b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x24, 0x45, 0x6e, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, - 0x0d, 0x31, 0x34, 0x30, 0x39, 0x32, 0x32, 0x31, 0x37, 0x31, 0x34, 0x35, - 0x37, 0x5a, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x39, 0x32, 0x33, 0x30, 0x31, - 0x33, 0x31, 0x35, 0x33, 0x5a, 0x30, 0x81, 0xbe, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, - 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x45, 0x6e, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, 0x30, - 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, 0x53, 0x65, 0x65, 0x20, - 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x6e, 0x65, 0x74, 0x2f, 0x6c, 0x65, 0x67, 0x61, 0x6c, 0x2d, 0x74, 0x65, - 0x72, 0x6d, 0x73, 0x31, 0x39, 0x30, 0x37, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x30, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x39, 0x20, 0x45, - 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x20, 0x2d, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, - 0x6c, 0x79, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x29, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x20, 0x52, 0x6f, 0x6f, - 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, - 0x01, 0x01, 0x00, 0xba, 0x84, 0xb6, 0x72, 0xdb, 0x9e, 0x0c, 0x6b, 0xe2, - 0x99, 0xe9, 0x30, 0x01, 0xa7, 0x76, 0xea, 0x32, 0xb8, 0x95, 0x41, 0x1a, - 0xc9, 0xda, 0x61, 0x4e, 0x58, 0x72, 0xcf, 0xfe, 0xf6, 0x82, 0x79, 0xbf, - 0x73, 0x61, 0x06, 0x0a, 0xa5, 0x27, 0xd8, 0xb3, 0x5f, 0xd3, 0x45, 0x4e, - 0x1c, 0x72, 0xd6, 0x4e, 0x32, 0xf2, 0x72, 0x8a, 0x0f, 0xf7, 0x83, 0x19, - 0xd0, 0x6a, 0x80, 0x80, 0x00, 0x45, 0x1e, 0xb0, 0xc7, 0xe7, 0x9a, 0xbf, - 0x12, 0x57, 0x27, 0x1c, 0xa3, 0x68, 0x2f, 0x0a, 0x87, 0xbd, 0x6a, 0x6b, - 0x0e, 0x5e, 0x65, 0xf3, 0x1c, 0x77, 0xd5, 0xd4, 0x85, 0x8d, 0x70, 0x21, - 0xb4, 0xb3, 0x32, 0xe7, 0x8b, 0xa2, 0xd5, 0x86, 0x39, 0x02, 0xb1, 0xb8, - 0xd2, 0x47, 0xce, 0xe4, 0xc9, 0x49, 0xc4, 0x3b, 0xa7, 0xde, 0xfb, 0x54, - 0x7d, 0x57, 0xbe, 0xf0, 0xe8, 0x6e, 0xc2, 0x79, 0xb2, 0x3a, 0x0b, 0x55, - 0xe2, 0x50, 0x98, 0x16, 0x32, 0x13, 0x5c, 0x2f, 0x78, 0x56, 0xc1, 0xc2, - 0x94, 0xb3, 0xf2, 0x5a, 0xe4, 0x27, 0x9a, 0x9f, 0x24, 0xd7, 0xc6, 0xec, - 0xd0, 0x9b, 0x25, 0x82, 0xe3, 0xcc, 0xc2, 0xc4, 0x45, 0xc5, 0x8c, 0x97, - 0x7a, 0x06, 0x6b, 0x2a, 0x11, 0x9f, 0xa9, 0x0a, 0x6e, 0x48, 0x3b, 0x6f, - 0xdb, 0xd4, 0x11, 0x19, 0x42, 0xf7, 0x8f, 0x07, 0xbf, 0xf5, 0x53, 0x5f, - 0x9c, 0x3e, 0xf4, 0x17, 0x2c, 0xe6, 0x69, 0xac, 0x4e, 0x32, 0x4c, 0x62, - 0x77, 0xea, 0xb7, 0xe8, 0xe5, 0xbb, 0x34, 0xbc, 0x19, 0x8b, 0xae, 0x9c, - 0x51, 0xe7, 0xb7, 0x7e, 0xb5, 0x53, 0xb1, 0x33, 0x22, 0xe5, 0x6d, 0xcf, - 0x70, 0x3c, 0x1a, 0xfa, 0xe2, 0x9b, 0x67, 0xb6, 0x83, 0xf4, 0x8d, 0xa5, - 0xaf, 0x62, 0x4c, 0x4d, 0xe0, 0x58, 0xac, 0x64, 0x34, 0x12, 0x03, 0xf8, - 0xb6, 0x8d, 0x94, 0x63, 0x24, 0xa4, 0x71, 0x02, 0x03, 0x01, 0x00, 0x01, - 0xa3, 0x82, 0x01, 0x0f, 0x30, 0x82, 0x01, 0x0b, 0x30, 0x0e, 0x06, 0x03, - 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, - 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, - 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01, 0x30, 0x33, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x27, 0x30, 0x25, - 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, - 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, - 0x70, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, - 0x74, 0x30, 0x33, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2c, 0x30, 0x2a, - 0x30, 0x28, 0xa0, 0x26, 0xa0, 0x24, 0x86, 0x22, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, - 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x72, 0x6f, 0x6f, 0x74, 0x63, - 0x61, 0x31, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x3b, 0x06, 0x03, 0x55, 0x1d, - 0x20, 0x04, 0x34, 0x30, 0x32, 0x30, 0x30, 0x06, 0x04, 0x55, 0x1d, 0x20, - 0x00, 0x30, 0x28, 0x30, 0x26, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x6e, 0x65, 0x74, 0x2f, 0x43, 0x50, 0x53, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x6a, 0x72, 0x26, 0x7a, 0xd0, 0x1e, - 0xef, 0x7d, 0xe7, 0x3b, 0x69, 0x51, 0xd4, 0x6c, 0x8d, 0x9f, 0x90, 0x12, - 0x66, 0xab, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, - 0x16, 0x80, 0x14, 0x68, 0x90, 0xe4, 0x67, 0xa4, 0xa6, 0x53, 0x80, 0xc7, - 0x86, 0x66, 0xa4, 0xf1, 0xf7, 0x4b, 0x43, 0xfb, 0x84, 0xbd, 0x6d, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x69, 0x33, 0x83, 0xfc, 0x28, - 0x7a, 0x6f, 0x7d, 0xef, 0x9d, 0x55, 0xeb, 0xc5, 0x3e, 0x7a, 0x9d, 0x75, - 0xb3, 0xcc, 0xc3, 0x38, 0x36, 0xd9, 0x34, 0xa2, 0x28, 0x68, 0x18, 0xea, - 0x1e, 0x69, 0xd3, 0xbd, 0xe7, 0xd0, 0x77, 0xda, 0xb8, 0x00, 0x83, 0x4e, - 0x4a, 0xcf, 0x6f, 0xd1, 0xf1, 0xc1, 0x22, 0x3f, 0x74, 0xe4, 0xf7, 0x98, - 0x49, 0x9e, 0x9b, 0xb6, 0x9e, 0xe1, 0xdb, 0x98, 0x77, 0x2d, 0x56, 0x34, - 0xb1, 0xa8, 0x3c, 0xd9, 0xfd, 0xc0, 0xcd, 0xc7, 0xbf, 0x05, 0x03, 0xd4, - 0x02, 0xc5, 0xf1, 0xe5, 0xc6, 0xda, 0x08, 0xa5, 0x13, 0xc7, 0x62, 0x23, - 0x11, 0xd1, 0x61, 0x30, 0x1d, 0x60, 0x84, 0x45, 0xef, 0x79, 0xa8, 0xc6, - 0x26, 0x93, 0xa4, 0xb7, 0xcd, 0x34, 0xb8, 0x69, 0xc5, 0x13, 0xf6, 0x91, - 0xb3, 0xc9, 0x45, 0x73, 0x76, 0xb6, 0x92, 0xf6, 0x76, 0x0a, 0x5b, 0xe1, - 0x03, 0x47, 0xb7, 0xe9, 0x29, 0x4c, 0x91, 0x32, 0x23, 0x37, 0x4a, 0x9c, - 0x35, 0xd8, 0x78, 0xfd, 0x1d, 0x1f, 0xe4, 0x83, 0x89, 0x24, 0x80, 0xad, - 0xb7, 0xf9, 0xcf, 0xe4, 0x5d, 0xa5, 0xd4, 0x71, 0xc4, 0x85, 0x5b, 0x70, - 0x1f, 0xdb, 0x3f, 0x1c, 0x01, 0xeb, 0x1a, 0x45, 0x26, 0x31, 0x14, 0xcc, - 0x65, 0xbf, 0x67, 0xde, 0xca, 0xcc, 0x33, 0x65, 0xe5, 0x41, 0x91, 0xd7, - 0x37, 0xbe, 0x41, 0x1a, 0x96, 0x9d, 0xe6, 0x8a, 0x97, 0x9d, 0xa7, 0xce, - 0xac, 0x4e, 0x9a, 0x3d, 0xbd, 0x01, 0xa0, 0x6a, 0xd9, 0x4f, 0x22, 0x00, - 0x8b, 0x44, 0xd5, 0x69, 0x62, 0x7b, 0x2e, 0xeb, 0xcc, 0xba, 0xe7, 0x92, - 0x7d, 0x69, 0x67, 0x3d, 0xfc, 0xb8, 0x7c, 0xde, 0x41, 0x87, 0xd0, 0x69, - 0xea, 0xba, 0x0a, 0x18, 0x7a, 0x1a, 0x95, 0x43, 0xb3, 0x79, 0x71, 0x28, - 0x76, 0x6d, 0xa1, 0xfb, 0x57, 0x4a, 0xec, 0x4d, 0xc8, 0x0e, 0x10, -} - -var certSet3Cert40 = []byte{ - 0x30, 0x82, 0x05, 0x00, 0x30, 0x82, 0x03, 0xe8, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x01, 0x07, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x8f, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, - 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63, 0x6f, 0x74, 0x74, 0x73, 0x64, 0x61, - 0x6c, 0x65, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x1c, 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x54, - 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x69, 0x65, 0x73, 0x2c, - 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x29, 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, - 0x64, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x1e, 0x17, - 0x0d, 0x31, 0x31, 0x30, 0x35, 0x30, 0x33, 0x30, 0x37, 0x30, 0x30, 0x30, - 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x31, 0x30, 0x35, 0x30, 0x33, 0x30, 0x37, - 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0xc6, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, - 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, 0x69, 0x7a, - 0x6f, 0x6e, 0x61, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, - 0x13, 0x0a, 0x53, 0x63, 0x6f, 0x74, 0x74, 0x73, 0x64, 0x61, 0x6c, 0x65, - 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1c, 0x53, - 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x54, 0x65, 0x63, - 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x69, 0x65, 0x73, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x2a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, - 0x74, 0x73, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, - 0x74, 0x65, 0x63, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, - 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, 0x31, 0x34, 0x30, 0x32, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2b, 0x53, 0x74, 0x61, 0x72, 0x66, - 0x69, 0x65, 0x6c, 0x64, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, - 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xe5, - 0x90, 0x66, 0x4b, 0xec, 0xf9, 0x46, 0x71, 0xa9, 0x20, 0x83, 0xbe, 0xe9, - 0x6c, 0xbf, 0x4a, 0xc9, 0x48, 0x69, 0x81, 0x75, 0x4e, 0x6d, 0x24, 0xf6, - 0xcb, 0x17, 0x13, 0xf8, 0xb0, 0x71, 0x59, 0x84, 0x7a, 0x6b, 0x2b, 0x85, - 0xa4, 0x34, 0xb5, 0x16, 0xe5, 0xcb, 0xcc, 0xe9, 0x41, 0x70, 0x2c, 0xa4, - 0x2e, 0xd6, 0xfa, 0x32, 0x7d, 0xe1, 0xa8, 0xde, 0x94, 0x10, 0xac, 0x31, - 0xc1, 0xc0, 0xd8, 0x6a, 0xff, 0x59, 0x27, 0xab, 0x76, 0xd6, 0xfc, 0x0b, - 0x74, 0x6b, 0xb8, 0xa7, 0xae, 0x3f, 0xc4, 0x54, 0xf4, 0xb4, 0x31, 0x44, - 0xdd, 0x93, 0x56, 0x8c, 0xa4, 0x4c, 0x5e, 0x9b, 0x89, 0xcb, 0x24, 0x83, - 0x9b, 0xe2, 0x57, 0x7d, 0xb7, 0xd8, 0x12, 0x1f, 0xc9, 0x85, 0x6d, 0xf4, - 0xd1, 0x80, 0xf1, 0x50, 0x9b, 0x87, 0xae, 0xd4, 0x0b, 0x10, 0x05, 0xfb, - 0x27, 0xba, 0x28, 0x6d, 0x17, 0xe9, 0x0e, 0xd6, 0x4d, 0xb9, 0x39, 0x55, - 0x06, 0xff, 0x0a, 0x24, 0x05, 0x7e, 0x2f, 0xc6, 0x1d, 0x72, 0x6c, 0xd4, - 0x8b, 0x29, 0x8c, 0x57, 0x7d, 0xda, 0xd9, 0xeb, 0x66, 0x1a, 0xd3, 0x4f, - 0xa7, 0xdf, 0x7f, 0x52, 0xc4, 0x30, 0xc5, 0xa5, 0xc9, 0x0e, 0x02, 0xc5, - 0x53, 0xbf, 0x77, 0x38, 0x68, 0x06, 0x24, 0xc3, 0x66, 0xc8, 0x37, 0x7e, - 0x30, 0x1e, 0x45, 0x71, 0x23, 0x35, 0xff, 0x90, 0xd8, 0x2a, 0x9d, 0x8d, - 0xe7, 0xb0, 0x92, 0x4d, 0x3c, 0x7f, 0x2a, 0x0a, 0x93, 0xdc, 0xcd, 0x16, - 0x46, 0x65, 0xf7, 0x60, 0x84, 0x8b, 0x76, 0x4b, 0x91, 0x27, 0x73, 0x14, - 0x92, 0xe0, 0xea, 0xee, 0x8f, 0x16, 0xea, 0x8d, 0x0e, 0x3e, 0x76, 0x17, - 0xbf, 0x7d, 0x89, 0x80, 0x80, 0x44, 0x43, 0xe7, 0x2d, 0xe0, 0x43, 0x09, - 0x75, 0xda, 0x36, 0xe8, 0xad, 0xdb, 0x89, 0x3a, 0xf5, 0x5d, 0x12, 0x8e, - 0x23, 0x04, 0x83, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x2c, - 0x30, 0x82, 0x01, 0x28, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, - 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, - 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, - 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0x25, 0x45, 0x81, 0x68, 0x50, 0x26, 0x38, 0x3d, 0x3b, 0x2d, 0x2c, 0xbe, - 0xcd, 0x6a, 0xd9, 0xb6, 0x3d, 0xb3, 0x66, 0x63, 0x30, 0x1f, 0x06, 0x03, - 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7c, 0x0c, 0x32, - 0x1f, 0xa7, 0xd9, 0x30, 0x7f, 0xc4, 0x7d, 0x68, 0xa3, 0x62, 0xa8, 0xa1, - 0xce, 0xab, 0x07, 0x5b, 0x27, 0x30, 0x3a, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x2e, 0x30, 0x2c, 0x30, 0x2a, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x1e, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x73, - 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x74, 0x65, 0x63, 0x68, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x30, 0x3b, 0x06, 0x03, 0x55, 0x1d, 0x1f, - 0x04, 0x34, 0x30, 0x32, 0x30, 0x30, 0xa0, 0x2e, 0xa0, 0x2c, 0x86, 0x2a, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x73, - 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x74, 0x65, 0x63, 0x68, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x66, 0x72, 0x6f, 0x6f, 0x74, 0x2d, - 0x67, 0x32, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x4c, 0x06, 0x03, 0x55, 0x1d, - 0x20, 0x04, 0x45, 0x30, 0x43, 0x30, 0x41, 0x06, 0x04, 0x55, 0x1d, 0x20, - 0x00, 0x30, 0x39, 0x30, 0x37, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x02, 0x01, 0x16, 0x2b, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, - 0x2f, 0x63, 0x65, 0x72, 0x74, 0x73, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x66, - 0x69, 0x65, 0x6c, 0x64, 0x74, 0x65, 0x63, 0x68, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x56, 0x65, 0xca, 0xfe, - 0xf3, 0x3f, 0x0a, 0xa8, 0x93, 0x8b, 0x18, 0xc7, 0xde, 0x43, 0x69, 0x13, - 0x34, 0x20, 0xbe, 0x4e, 0x5f, 0x78, 0xa8, 0x6b, 0x9c, 0xdb, 0x6a, 0x4d, - 0x41, 0xdb, 0xc1, 0x13, 0xec, 0xdc, 0x31, 0x00, 0x22, 0x5e, 0xf7, 0x00, - 0x9e, 0x0c, 0xe0, 0x34, 0x65, 0x34, 0xf9, 0xb1, 0x3a, 0x4e, 0x48, 0xc8, - 0x12, 0x81, 0x88, 0x5c, 0x5b, 0x3e, 0x08, 0x53, 0x7a, 0xf7, 0x1a, 0x64, - 0xdf, 0xb8, 0x50, 0x61, 0xcc, 0x53, 0x51, 0x40, 0x29, 0x4b, 0xc2, 0xf4, - 0xae, 0x3a, 0x5f, 0xe4, 0xca, 0xad, 0x26, 0xcc, 0x4e, 0x61, 0x43, 0xe5, - 0xfd, 0x57, 0xa6, 0x37, 0x70, 0xce, 0x43, 0x2b, 0xb0, 0x94, 0xc3, 0x92, - 0xe9, 0xe1, 0x5f, 0xaa, 0x10, 0x49, 0xb7, 0x69, 0xe4, 0xe0, 0xd0, 0x1f, - 0x64, 0xa4, 0x2b, 0xcd, 0x1f, 0x6f, 0xa0, 0xf8, 0x84, 0x24, 0x18, 0xce, - 0x79, 0x3d, 0xa9, 0x91, 0xbf, 0x54, 0x18, 0x13, 0x89, 0x99, 0x54, 0x11, - 0x0d, 0x55, 0xc5, 0x26, 0x0b, 0x79, 0x4f, 0x5a, 0x1c, 0x6e, 0xf9, 0x63, - 0xdb, 0x14, 0x80, 0xa4, 0x07, 0xab, 0xfa, 0xb2, 0xa5, 0xb9, 0x88, 0xdd, - 0x91, 0xfe, 0x65, 0x3b, 0xa4, 0xa3, 0x79, 0xbe, 0x89, 0x4d, 0xe1, 0xd0, - 0xb0, 0xf4, 0xc8, 0x17, 0x0c, 0x0a, 0x96, 0x14, 0x7c, 0x09, 0xb7, 0x6c, - 0xe1, 0xc2, 0xd8, 0x55, 0xd4, 0x18, 0xa0, 0xaa, 0x41, 0x69, 0x70, 0x24, - 0xa3, 0xb9, 0xef, 0xe9, 0x5a, 0xdc, 0x3e, 0xeb, 0x94, 0x4a, 0xf0, 0xb7, - 0xde, 0x5f, 0x0e, 0x76, 0xfa, 0xfb, 0xfb, 0x69, 0x03, 0x45, 0x40, 0x50, - 0xee, 0x72, 0x0c, 0xa4, 0x12, 0x86, 0x81, 0xcd, 0x13, 0xd1, 0x4e, 0xc4, - 0x3c, 0xca, 0x4e, 0x0d, 0xd2, 0x26, 0xf1, 0x00, 0xb7, 0xb4, 0xa6, 0xa2, - 0xe1, 0x6e, 0x7a, 0x81, 0xfd, 0x30, 0xac, 0x7a, 0x1f, 0xc7, 0x59, 0x7b, -} - -var certSet3Cert41 = []byte{ - 0x30, 0x82, 0x05, 0x03, 0x30, 0x82, 0x03, 0xeb, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x04, 0x51, 0xd3, 0x60, 0xee, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xbe, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0d, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x1f, 0x53, 0x65, 0x65, 0x20, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x6c, 0x65, 0x67, - 0x61, 0x6c, 0x2d, 0x74, 0x65, 0x72, 0x6d, 0x73, 0x31, 0x39, 0x30, 0x37, - 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x30, 0x28, 0x63, 0x29, 0x20, 0x32, - 0x30, 0x30, 0x39, 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2c, - 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x66, 0x6f, 0x72, 0x20, - 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, - 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x32, 0x30, 0x30, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, - 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30, 0x32, 0x32, 0x31, 0x37, 0x30, - 0x35, 0x31, 0x34, 0x5a, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x30, 0x32, 0x33, - 0x30, 0x37, 0x33, 0x33, 0x32, 0x32, 0x5a, 0x30, 0x81, 0xba, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x45, 0x6e, - 0x74, 0x72, 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, - 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, 0x53, 0x65, - 0x65, 0x20, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x6c, 0x65, 0x67, 0x61, 0x6c, 0x2d, - 0x74, 0x65, 0x72, 0x6d, 0x73, 0x31, 0x39, 0x30, 0x37, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x30, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, 0x31, 0x32, - 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x20, 0x2d, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, - 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x25, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x20, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, - 0x20, 0x4c, 0x31, 0x4b, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xda, 0x3f, 0x96, 0xd0, 0x4d, 0xb9, 0x2f, 0x44, 0xe7, 0xdb, 0x39, - 0x5e, 0x9b, 0x50, 0xee, 0x5c, 0xa5, 0x61, 0xda, 0x41, 0x67, 0x53, 0x09, - 0xaa, 0x00, 0x9a, 0x8e, 0x57, 0x7f, 0x29, 0x6b, 0xdb, 0xc7, 0xe1, 0x21, - 0x24, 0xaa, 0x3a, 0xd0, 0x8d, 0x47, 0x23, 0xd2, 0xed, 0x72, 0x16, 0xf0, - 0x91, 0x21, 0xd2, 0x5d, 0xb7, 0xb8, 0x4b, 0xa8, 0x83, 0x8f, 0xb7, 0x91, - 0x32, 0x68, 0xcf, 0xce, 0x25, 0x93, 0x2c, 0xb2, 0x7d, 0x97, 0xc8, 0xfe, - 0xc1, 0xb4, 0x17, 0xba, 0x09, 0x9e, 0x03, 0x90, 0x93, 0x7b, 0x7c, 0x49, - 0x83, 0x22, 0x68, 0x8a, 0x9b, 0xde, 0x47, 0xc3, 0x31, 0x98, 0x7a, 0x2e, - 0x7d, 0x40, 0x0b, 0xd2, 0xef, 0x3e, 0xd3, 0xb2, 0x8c, 0xaa, 0x8f, 0x48, - 0xa9, 0xff, 0x00, 0xe8, 0x29, 0x58, 0x06, 0xf7, 0xb6, 0x93, 0x5a, 0x94, - 0x73, 0x26, 0x26, 0xad, 0x58, 0x0e, 0xe5, 0x42, 0xb8, 0xd5, 0xea, 0x73, - 0x79, 0x64, 0x68, 0x53, 0x25, 0xb8, 0x84, 0xcf, 0x94, 0x7a, 0xae, 0x06, - 0x45, 0x0c, 0xa3, 0x6b, 0x4d, 0xd0, 0xc6, 0xbe, 0xea, 0x18, 0xa4, 0x36, - 0xf0, 0x92, 0xb2, 0xba, 0x1c, 0x88, 0x8f, 0x3a, 0x52, 0x7f, 0xf7, 0x5e, - 0x6d, 0x83, 0x1c, 0x9d, 0xf0, 0x1f, 0xe5, 0xc3, 0xd6, 0xdd, 0xa5, 0x78, - 0x92, 0x3d, 0xb0, 0x6d, 0x2c, 0xea, 0xc9, 0xcf, 0x94, 0x41, 0x19, 0x71, - 0x44, 0x68, 0xba, 0x47, 0x3c, 0x04, 0xe9, 0x5d, 0xba, 0x3e, 0xf0, 0x35, - 0xf7, 0x15, 0xb6, 0x9e, 0xf2, 0x2e, 0x15, 0x1e, 0x3f, 0x47, 0xc8, 0xc8, - 0x38, 0xa7, 0x73, 0x45, 0x5d, 0x4d, 0xb0, 0x3b, 0xb1, 0x8e, 0x17, 0x29, - 0x37, 0xea, 0xdd, 0x05, 0x01, 0x22, 0xbb, 0x94, 0x36, 0x2a, 0x8d, 0x5b, - 0x35, 0xfe, 0x53, 0x19, 0x2f, 0x08, 0x46, 0xc1, 0x2a, 0xb3, 0x1a, 0x62, - 0x1d, 0x4e, 0x2b, 0xd9, 0x1b, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, - 0x01, 0x09, 0x30, 0x82, 0x01, 0x05, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, - 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0f, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, - 0x02, 0x01, 0x00, 0x30, 0x33, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x01, 0x01, 0x04, 0x27, 0x30, 0x25, 0x30, 0x23, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x65, 0x6e, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x30, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0, 0x23, 0xa0, - 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, - 0x6c, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, - 0x74, 0x2f, 0x67, 0x32, 0x63, 0x61, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x3b, - 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x34, 0x30, 0x32, 0x30, 0x30, 0x06, - 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, 0x28, 0x30, 0x26, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x72, 0x70, 0x61, 0x30, - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x82, 0xa2, - 0x70, 0x74, 0xdd, 0xbc, 0x53, 0x3f, 0xcf, 0x7b, 0xd4, 0xf7, 0xcd, 0x7f, - 0xa7, 0x60, 0xc6, 0x0a, 0x4c, 0xbf, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x6a, 0x72, 0x26, 0x7a, 0xd0, - 0x1e, 0xef, 0x7d, 0xe7, 0x3b, 0x69, 0x51, 0xd4, 0x6c, 0x8d, 0x9f, 0x90, - 0x12, 0x66, 0xab, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x3f, - 0x1c, 0x1a, 0x5b, 0xff, 0x40, 0x22, 0x1d, 0x8f, 0x35, 0x0c, 0x2d, 0xaa, - 0x99, 0x27, 0xab, 0xc0, 0x11, 0x32, 0x70, 0xd7, 0x36, 0x28, 0x69, 0xa5, - 0x8d, 0xb1, 0x27, 0x99, 0x42, 0xbe, 0xc4, 0x93, 0xeb, 0x48, 0x57, 0x43, - 0x71, 0x23, 0xc4, 0xe5, 0x4e, 0xad, 0xae, 0x43, 0x6f, 0x92, 0x76, 0xc5, - 0x19, 0xef, 0xca, 0xbc, 0x6f, 0x42, 0x4c, 0x16, 0x9a, 0x86, 0xa9, 0x04, - 0x38, 0xc7, 0x65, 0xf0, 0xf5, 0x0c, 0xe0, 0x4a, 0xdf, 0xa2, 0xfa, 0xce, - 0x1a, 0x11, 0xa8, 0x9c, 0x69, 0x2f, 0x1b, 0xdf, 0xea, 0xe2, 0x32, 0xf3, - 0xce, 0x4c, 0xbc, 0x46, 0x0c, 0xc0, 0x89, 0x80, 0xd1, 0x87, 0x6b, 0xa2, - 0xcf, 0x6b, 0xd4, 0x7f, 0xfd, 0xf5, 0x60, 0x52, 0x67, 0x57, 0xa0, 0x6d, - 0xd1, 0x64, 0x41, 0x14, 0x6d, 0x34, 0x62, 0xed, 0x06, 0x6c, 0x24, 0xf2, - 0x06, 0xbc, 0x28, 0x02, 0xaf, 0x03, 0x2d, 0xc2, 0x33, 0x05, 0xfb, 0xcb, - 0xaa, 0x16, 0xe8, 0x65, 0x10, 0x43, 0xf5, 0x69, 0x5c, 0xe3, 0x81, 0x58, - 0x99, 0xcd, 0x6b, 0xd3, 0xb8, 0xc7, 0x7b, 0x19, 0x55, 0xc9, 0x40, 0xce, - 0x79, 0x55, 0xb8, 0x73, 0x89, 0xe9, 0x5c, 0x40, 0x66, 0x43, 0x12, 0x7f, - 0x07, 0xb8, 0x65, 0x56, 0xd5, 0x8d, 0xc3, 0xa7, 0xf5, 0xb1, 0xb6, 0x65, - 0x9e, 0xc0, 0x83, 0x36, 0x7f, 0x16, 0x45, 0x3c, 0x74, 0x4b, 0x93, 0x8a, - 0x3c, 0xf1, 0x2b, 0xf5, 0x35, 0x70, 0x73, 0x7b, 0xe7, 0x82, 0x04, 0xb1, - 0x18, 0x98, 0x0e, 0xd4, 0x9c, 0x6f, 0x1a, 0xfc, 0xfc, 0xa7, 0x33, 0xa5, - 0xbb, 0xbb, 0x18, 0xf3, 0x6b, 0x7a, 0x5d, 0x32, 0x87, 0xf7, 0x6d, 0x25, - 0xe4, 0xe2, 0x76, 0x86, 0x21, 0x1e, 0x11, 0x46, 0xcd, 0x76, 0x0e, 0x6f, - 0x4f, 0xa4, 0x21, 0x71, 0x0a, 0x84, 0xa7, 0x2d, 0x36, 0xa9, 0x48, 0x22, - 0x51, 0x7e, 0x82, -} - -var certSet3Cert42 = []byte{ - 0x30, 0x82, 0x05, 0x0e, 0x30, 0x82, 0x03, 0xf6, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x0c, 0x0e, 0xe9, 0x4c, 0xc3, 0x00, 0x00, 0x00, 0x00, 0x51, - 0xd3, 0x77, 0x85, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0xbe, 0x31, 0x0b, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, - 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x45, 0x6e, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, - 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, 0x53, 0x65, 0x65, - 0x20, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, - 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x6c, 0x65, 0x67, 0x61, 0x6c, 0x2d, 0x74, - 0x65, 0x72, 0x6d, 0x73, 0x31, 0x39, 0x30, 0x37, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x30, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x39, 0x20, - 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x20, 0x2d, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, - 0x6e, 0x6c, 0x79, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x29, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x20, 0x52, 0x6f, - 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x1e, 0x17, 0x0d, 0x31, - 0x35, 0x31, 0x30, 0x30, 0x35, 0x31, 0x39, 0x31, 0x33, 0x35, 0x36, 0x5a, - 0x17, 0x0d, 0x33, 0x30, 0x31, 0x32, 0x30, 0x35, 0x31, 0x39, 0x34, 0x33, - 0x35, 0x36, 0x5a, 0x30, 0x81, 0xba, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, 0x53, 0x65, 0x65, 0x20, 0x77, 0x77, - 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, - 0x74, 0x2f, 0x6c, 0x65, 0x67, 0x61, 0x6c, 0x2d, 0x74, 0x65, 0x72, 0x6d, - 0x73, 0x31, 0x39, 0x30, 0x37, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x30, - 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, 0x31, 0x32, 0x20, 0x45, 0x6e, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, - 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, - 0x31, 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x45, - 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x4c, 0x31, 0x4b, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xda, 0x3f, 0x96, - 0xd0, 0x4d, 0xb9, 0x2f, 0x44, 0xe7, 0xdb, 0x39, 0x5e, 0x9b, 0x50, 0xee, - 0x5c, 0xa5, 0x61, 0xda, 0x41, 0x67, 0x53, 0x09, 0xaa, 0x00, 0x9a, 0x8e, - 0x57, 0x7f, 0x29, 0x6b, 0xdb, 0xc7, 0xe1, 0x21, 0x24, 0xaa, 0x3a, 0xd0, - 0x8d, 0x47, 0x23, 0xd2, 0xed, 0x72, 0x16, 0xf0, 0x91, 0x21, 0xd2, 0x5d, - 0xb7, 0xb8, 0x4b, 0xa8, 0x83, 0x8f, 0xb7, 0x91, 0x32, 0x68, 0xcf, 0xce, - 0x25, 0x93, 0x2c, 0xb2, 0x7d, 0x97, 0xc8, 0xfe, 0xc1, 0xb4, 0x17, 0xba, - 0x09, 0x9e, 0x03, 0x90, 0x93, 0x7b, 0x7c, 0x49, 0x83, 0x22, 0x68, 0x8a, - 0x9b, 0xde, 0x47, 0xc3, 0x31, 0x98, 0x7a, 0x2e, 0x7d, 0x40, 0x0b, 0xd2, - 0xef, 0x3e, 0xd3, 0xb2, 0x8c, 0xaa, 0x8f, 0x48, 0xa9, 0xff, 0x00, 0xe8, - 0x29, 0x58, 0x06, 0xf7, 0xb6, 0x93, 0x5a, 0x94, 0x73, 0x26, 0x26, 0xad, - 0x58, 0x0e, 0xe5, 0x42, 0xb8, 0xd5, 0xea, 0x73, 0x79, 0x64, 0x68, 0x53, - 0x25, 0xb8, 0x84, 0xcf, 0x94, 0x7a, 0xae, 0x06, 0x45, 0x0c, 0xa3, 0x6b, - 0x4d, 0xd0, 0xc6, 0xbe, 0xea, 0x18, 0xa4, 0x36, 0xf0, 0x92, 0xb2, 0xba, - 0x1c, 0x88, 0x8f, 0x3a, 0x52, 0x7f, 0xf7, 0x5e, 0x6d, 0x83, 0x1c, 0x9d, - 0xf0, 0x1f, 0xe5, 0xc3, 0xd6, 0xdd, 0xa5, 0x78, 0x92, 0x3d, 0xb0, 0x6d, - 0x2c, 0xea, 0xc9, 0xcf, 0x94, 0x41, 0x19, 0x71, 0x44, 0x68, 0xba, 0x47, - 0x3c, 0x04, 0xe9, 0x5d, 0xba, 0x3e, 0xf0, 0x35, 0xf7, 0x15, 0xb6, 0x9e, - 0xf2, 0x2e, 0x15, 0x1e, 0x3f, 0x47, 0xc8, 0xc8, 0x38, 0xa7, 0x73, 0x45, - 0x5d, 0x4d, 0xb0, 0x3b, 0xb1, 0x8e, 0x17, 0x29, 0x37, 0xea, 0xdd, 0x05, - 0x01, 0x22, 0xbb, 0x94, 0x36, 0x2a, 0x8d, 0x5b, 0x35, 0xfe, 0x53, 0x19, - 0x2f, 0x08, 0x46, 0xc1, 0x2a, 0xb3, 0x1a, 0x62, 0x1d, 0x4e, 0x2b, 0xd9, - 0x1b, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x0c, 0x30, 0x82, - 0x01, 0x08, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, - 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, - 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, - 0x01, 0x00, 0x30, 0x33, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x01, 0x01, 0x04, 0x27, 0x30, 0x25, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x65, 0x6e, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x30, 0x06, 0x03, 0x55, - 0x1d, 0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0, 0x23, 0xa0, 0x21, - 0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, - 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, - 0x2f, 0x67, 0x32, 0x63, 0x61, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x3b, 0x06, - 0x03, 0x55, 0x1d, 0x20, 0x04, 0x34, 0x30, 0x32, 0x30, 0x30, 0x06, 0x04, - 0x55, 0x1d, 0x20, 0x00, 0x30, 0x28, 0x30, 0x26, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, - 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x72, 0x70, 0x61, 0x30, 0x1d, - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x82, 0xa2, 0x70, - 0x74, 0xdd, 0xbc, 0x53, 0x3f, 0xcf, 0x7b, 0xd4, 0xf7, 0xcd, 0x7f, 0xa7, - 0x60, 0xc6, 0x0a, 0x4c, 0xbf, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, - 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x6a, 0x72, 0x26, 0x7a, 0xd0, 0x1e, - 0xef, 0x7d, 0xe7, 0x3b, 0x69, 0x51, 0xd4, 0x6c, 0x8d, 0x9f, 0x90, 0x12, - 0x66, 0xab, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x39, 0xd5, - 0x8e, 0x98, 0x83, 0x61, 0xc8, 0x2c, 0x63, 0xd3, 0x70, 0x1d, 0x19, 0x30, - 0xcb, 0xf6, 0x09, 0xac, 0xcc, 0x69, 0xd5, 0xc9, 0xdc, 0x37, 0x41, 0xf2, - 0x32, 0x0f, 0xef, 0x74, 0xc3, 0x58, 0xf6, 0x78, 0x27, 0x09, 0x34, 0x08, - 0x95, 0x92, 0x2f, 0xd7, 0xdf, 0xb8, 0xa3, 0xfd, 0x0e, 0x81, 0xe9, 0xa4, - 0x9c, 0xd3, 0x3f, 0x4d, 0x68, 0x2b, 0x15, 0x31, 0x0a, 0x15, 0xcc, 0x52, - 0x04, 0x93, 0xe8, 0x93, 0x50, 0xc3, 0xd9, 0xb1, 0xe2, 0xe1, 0x68, 0xb7, - 0x3a, 0x09, 0x74, 0xf1, 0x34, 0x58, 0x0a, 0x3f, 0x77, 0x98, 0x40, 0xb8, - 0xe6, 0x68, 0xff, 0x5d, 0xe4, 0xc8, 0x46, 0xc5, 0xec, 0x81, 0xd7, 0xc9, - 0x82, 0x18, 0x5c, 0x83, 0xce, 0x71, 0xd8, 0xbc, 0xbf, 0xac, 0x99, 0x02, - 0x93, 0xdb, 0x94, 0x98, 0x84, 0xd2, 0x9c, 0xa6, 0xb5, 0xfe, 0x5c, 0xbb, - 0xf0, 0x4a, 0xaf, 0x21, 0xac, 0xc2, 0x3f, 0x49, 0x24, 0x67, 0xd6, 0x2e, - 0x8e, 0xcf, 0xac, 0xcc, 0x64, 0x15, 0x18, 0x72, 0xe5, 0x6c, 0x77, 0xd3, - 0x52, 0xa8, 0xb9, 0xdd, 0x8d, 0xac, 0x00, 0x4a, 0x35, 0x19, 0xd4, 0x6f, - 0x73, 0xa3, 0x75, 0xef, 0x6b, 0x64, 0xc3, 0xe0, 0x8d, 0x83, 0x12, 0xa1, - 0x8a, 0xe7, 0x0e, 0x86, 0x4d, 0xd8, 0xb4, 0x20, 0x1b, 0xbe, 0x6a, 0xa5, - 0x8c, 0x4b, 0x68, 0x66, 0xe3, 0x2b, 0xc7, 0x58, 0x0b, 0xfb, 0x56, 0x10, - 0xd4, 0x91, 0xfb, 0x1d, 0xd3, 0x31, 0x58, 0x10, 0x8c, 0x44, 0xe3, 0x75, - 0x7b, 0x10, 0x9d, 0xb5, 0x38, 0xb1, 0xf6, 0xaa, 0xca, 0x81, 0x64, 0x6c, - 0xe8, 0xf2, 0xe2, 0x81, 0x55, 0x97, 0x51, 0x7f, 0xe1, 0xc2, 0x27, 0x50, - 0xa2, 0xc9, 0x3c, 0x5b, 0x00, 0x43, 0xf6, 0x5b, 0xb9, 0xd5, 0xa5, 0xfc, - 0xff, 0x07, 0x50, 0x40, 0x67, 0x07, 0xb0, 0x55, 0xf0, 0xb7, 0x7e, 0x6e, - 0x2d, 0xcc, -} - -var certSet3Cert43 = []byte{ - 0x30, 0x82, 0x05, 0x1f, 0x30, 0x82, 0x04, 0x07, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x04, 0x07, 0x27, 0xa4, 0x6b, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x5a, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, - 0x45, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x09, - 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x31, 0x13, 0x30, - 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0a, 0x43, 0x79, 0x62, 0x65, - 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x19, 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, - 0x72, 0x65, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, - 0x30, 0x34, 0x30, 0x32, 0x31, 0x34, 0x33, 0x36, 0x31, 0x30, 0x5a, 0x17, - 0x0d, 0x32, 0x31, 0x30, 0x34, 0x30, 0x32, 0x31, 0x34, 0x33, 0x35, 0x35, - 0x32, 0x5a, 0x30, 0x81, 0x8d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, - 0x55, 0x04, 0x07, 0x13, 0x09, 0x41, 0x6d, 0x73, 0x74, 0x65, 0x72, 0x64, - 0x61, 0x6d, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x1c, 0x56, 0x65, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x20, 0x45, 0x6e, 0x74, - 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x20, 0x53, 0x6f, 0x6c, 0x75, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x0a, 0x43, 0x79, 0x62, 0x65, 0x72, 0x74, 0x72, 0x75, - 0x73, 0x74, 0x31, 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x25, 0x56, 0x65, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x20, 0x41, 0x6b, 0x61, - 0x6d, 0x61, 0x69, 0x20, 0x53, 0x75, 0x72, 0x65, 0x53, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x20, 0x43, 0x41, 0x20, 0x47, 0x31, 0x34, 0x2d, 0x53, 0x48, - 0x41, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xdd, - 0x6e, 0x9e, 0x02, 0x69, 0x02, 0xb5, 0xa3, 0x99, 0x2e, 0x08, 0x64, 0x32, - 0x6a, 0x59, 0xf3, 0xc6, 0x9e, 0xa6, 0x20, 0x07, 0xd2, 0x48, 0xd1, 0xa8, - 0x93, 0xc7, 0xea, 0x47, 0x8f, 0x83, 0x39, 0x40, 0xd7, 0x20, 0x5d, 0x8d, - 0x9a, 0xba, 0xab, 0xd8, 0x70, 0xec, 0x9d, 0x88, 0xd1, 0xbd, 0x62, 0xf6, - 0xdb, 0xec, 0x9d, 0x5e, 0x35, 0x01, 0x76, 0x03, 0x23, 0xe5, 0x6f, 0xd2, - 0xaf, 0x46, 0x35, 0x59, 0x5a, 0x5c, 0xd1, 0xa8, 0x23, 0xc1, 0xeb, 0xe9, - 0x20, 0xd4, 0x49, 0xd6, 0x3f, 0x00, 0xd8, 0xa8, 0x22, 0xde, 0x43, 0x79, - 0x81, 0xac, 0xe9, 0xa4, 0x92, 0xf5, 0x77, 0x70, 0x05, 0x1e, 0x5c, 0xb6, - 0xa0, 0xf7, 0x90, 0xa4, 0xcd, 0xab, 0x28, 0x2c, 0x90, 0xc2, 0xe7, 0x0f, - 0xc3, 0xaf, 0x1c, 0x47, 0x59, 0xd5, 0x84, 0x2e, 0xdf, 0x26, 0x07, 0x45, - 0x23, 0x5a, 0xc6, 0xe8, 0x90, 0xc8, 0x85, 0x4b, 0x8c, 0x16, 0x1e, 0x60, - 0xf9, 0x01, 0x13, 0xf1, 0x14, 0x1f, 0xe6, 0xe8, 0x14, 0xed, 0xc5, 0xd2, - 0x6f, 0x63, 0x28, 0x6e, 0x72, 0x8c, 0x49, 0xae, 0x08, 0x72, 0xc7, 0x93, - 0x95, 0xb4, 0x0b, 0x0c, 0xae, 0x8f, 0x9a, 0x67, 0x84, 0xf5, 0x57, 0x1b, - 0xdb, 0x81, 0xd7, 0x17, 0x9d, 0x41, 0x11, 0x43, 0x19, 0xbd, 0x6d, 0x4a, - 0x85, 0xed, 0x8f, 0x70, 0x25, 0xab, 0x66, 0xab, 0xf6, 0xfa, 0x6d, 0x1c, - 0x3c, 0xab, 0xed, 0x17, 0xbd, 0x56, 0x84, 0xe1, 0xdb, 0x75, 0x33, 0xb2, - 0x28, 0x4b, 0x99, 0x8e, 0xf9, 0x4b, 0x82, 0x33, 0x50, 0x9f, 0x92, 0x53, - 0xed, 0xfa, 0xad, 0x0f, 0x95, 0x9c, 0xa3, 0xf2, 0xcb, 0x60, 0xf0, 0x77, - 0x1d, 0xc9, 0x01, 0x8b, 0x5f, 0x2d, 0x86, 0xbe, 0xbf, 0x36, 0xb8, 0x24, - 0x96, 0x13, 0x7c, 0xc1, 0x86, 0x5a, 0x6c, 0xc1, 0x48, 0x2a, 0x7f, 0x3e, - 0x93, 0x60, 0xc5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0xb7, - 0x30, 0x82, 0x01, 0xb3, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, - 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x02, - 0x30, 0x4c, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x45, 0x30, 0x43, 0x30, - 0x41, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xb1, 0x3e, 0x01, 0x32, - 0x30, 0x34, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x02, 0x01, 0x16, 0x26, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, - 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x2e, 0x6f, 0x6d, 0x6e, 0x69, 0x72, - 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, - 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x30, 0x81, 0xba, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x81, 0xad, 0x30, 0x81, - 0xaa, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, - 0x01, 0x86, 0x26, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, - 0x73, 0x70, 0x2e, 0x6f, 0x6d, 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x62, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, - 0x65, 0x72, 0x6f, 0x6f, 0x74, 0x30, 0x39, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x2d, 0x68, 0x74, 0x74, 0x70, 0x73, - 0x3a, 0x2f, 0x2f, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x6d, - 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x62, - 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x72, 0x6f, 0x6f, 0x74, - 0x2e, 0x63, 0x72, 0x74, 0x30, 0x39, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x30, 0x02, 0x86, 0x2d, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, - 0x2f, 0x2f, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x6d, 0x6e, - 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x62, 0x61, - 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x72, 0x6f, 0x6f, 0x74, 0x2e, - 0x64, 0x65, 0x72, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, - 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0xc6, 0x30, 0x1f, 0x06, 0x03, 0x55, - 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xe5, 0x9d, 0x59, 0x30, - 0x82, 0x47, 0x58, 0xcc, 0xac, 0xfa, 0x08, 0x54, 0x36, 0x86, 0x7b, 0x3a, - 0xb5, 0x04, 0x4d, 0xf0, 0x30, 0x42, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, - 0x3b, 0x30, 0x39, 0x30, 0x37, 0xa0, 0x35, 0xa0, 0x33, 0x86, 0x31, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x64, 0x70, 0x31, 0x2e, 0x70, - 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2d, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x52, 0x4c, 0x2f, 0x4f, 0x6d, 0x6e, 0x69, - 0x72, 0x6f, 0x6f, 0x74, 0x32, 0x30, 0x32, 0x35, 0x2e, 0x63, 0x72, 0x6c, - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xf8, - 0xbd, 0xfa, 0xaf, 0x73, 0x77, 0xc6, 0xc7, 0x1b, 0xf9, 0x4b, 0x4d, 0x11, - 0xa7, 0xd1, 0x33, 0xaf, 0xaf, 0x72, 0x11, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x01, 0x00, 0x80, 0xd9, 0x7a, 0xed, 0x72, 0x05, 0x37, 0x8f, 0x61, - 0xaa, 0x73, 0x7c, 0x9a, 0x6a, 0xfc, 0xfe, 0x01, 0xe2, 0x19, 0x81, 0x70, - 0x07, 0x25, 0x32, 0xb0, 0xf0, 0x6f, 0x3b, 0xc7, 0x6a, 0x28, 0x3d, 0xe4, - 0x51, 0x87, 0xe6, 0x7e, 0x82, 0xec, 0xae, 0x48, 0xa7, 0xb1, 0x77, 0x38, - 0xc2, 0xd6, 0x56, 0xaf, 0x8f, 0xf2, 0x01, 0xfc, 0x65, 0x65, 0x10, 0x09, - 0xf7, 0x74, 0x29, 0xb5, 0x0e, 0x92, 0xee, 0x90, 0x98, 0xd1, 0x88, 0xa2, - 0x65, 0xb7, 0xcd, 0x9c, 0x0e, 0xa7, 0x86, 0x98, 0x28, 0xbc, 0xae, 0x15, - 0x83, 0xb6, 0x1a, 0xd7, 0x1d, 0xec, 0x19, 0xda, 0x7a, 0x8e, 0x40, 0xf9, - 0x99, 0x15, 0xd5, 0x7d, 0xa5, 0xba, 0xab, 0xfd, 0x26, 0x98, 0x6e, 0x9c, - 0x41, 0x3b, 0xb6, 0x81, 0x18, 0xec, 0x70, 0x48, 0xd7, 0x6e, 0x7f, 0xa6, - 0xe1, 0x77, 0x25, 0xd6, 0xdd, 0x62, 0xe8, 0x52, 0xf3, 0x8c, 0x16, 0x39, - 0x67, 0xe2, 0x22, 0x0d, 0x77, 0x2e, 0xfb, 0x11, 0x6c, 0xe4, 0xdd, 0x38, - 0xb4, 0x27, 0x5f, 0x03, 0xa8, 0x3d, 0x44, 0xe2, 0xf2, 0x84, 0x4b, 0x84, - 0xfd, 0x56, 0xa6, 0x9e, 0x4d, 0x7b, 0xa2, 0x16, 0x4f, 0x07, 0xf5, 0x34, - 0x24, 0x72, 0xa5, 0xa2, 0xfa, 0x16, 0x66, 0x2a, 0xa4, 0x4a, 0x0e, 0xc8, - 0x0d, 0x27, 0x44, 0x9c, 0x77, 0xd4, 0x12, 0x10, 0x87, 0xd2, 0x00, 0x2c, - 0x7a, 0xbb, 0x8e, 0x88, 0x22, 0x91, 0x15, 0xbe, 0xa2, 0x59, 0xca, 0x34, - 0xe0, 0x1c, 0x61, 0x94, 0x86, 0x20, 0x33, 0xcd, 0xe7, 0x4c, 0x5d, 0x3b, - 0x92, 0x3e, 0xcb, 0xd6, 0x2d, 0xea, 0x54, 0xfa, 0xfb, 0xaf, 0x54, 0xf5, - 0xa8, 0xc5, 0x0b, 0xca, 0x8b, 0x87, 0x00, 0xe6, 0x9f, 0xe6, 0x95, 0xbf, - 0xb7, 0xc4, 0xa3, 0x59, 0xf5, 0x16, 0x6c, 0x5f, 0x3e, 0x69, 0x55, 0x80, - 0x39, 0xf6, 0x75, 0x50, 0x14, 0x3e, 0x32, -} - -var certSet3Cert44 = []byte{ - 0x30, 0x82, 0x05, 0x2b, 0x30, 0x82, 0x04, 0x13, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x7e, 0xe1, 0x4a, 0x6f, 0x6f, 0xef, 0xf2, 0xd3, 0x7f, - 0x3f, 0xad, 0x65, 0x4d, 0x3a, 0xda, 0xb4, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xca, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x16, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x31, 0x3a, 0x30, 0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x31, 0x28, - 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x36, 0x20, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, - 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, - 0x31, 0x45, 0x30, 0x43, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x3c, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6c, 0x61, 0x73, - 0x73, 0x20, 0x33, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x35, 0x30, - 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x30, 0x33, 0x31, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x31, 0x30, 0x33, 0x30, - 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x77, 0x31, 0x0b, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x1d, - 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x14, 0x53, 0x79, 0x6d, - 0x61, 0x6e, 0x74, 0x65, 0x63, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x16, 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, - 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x1f, 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, 0x20, 0x43, 0x6c, - 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x45, 0x56, 0x20, 0x53, 0x53, 0x4c, - 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xd8, 0xa1, 0x65, 0x74, 0x23, 0xe8, 0x2b, - 0x64, 0xe2, 0x32, 0xd7, 0x33, 0x37, 0x3d, 0x8e, 0xf5, 0x34, 0x16, 0x48, - 0xdd, 0x4f, 0x7f, 0x87, 0x1c, 0xf8, 0x44, 0x23, 0x13, 0x8e, 0xfb, 0x11, - 0xd8, 0x44, 0x5a, 0x18, 0x71, 0x8e, 0x60, 0x16, 0x26, 0x92, 0x9b, 0xfd, - 0x17, 0x0b, 0xe1, 0x71, 0x70, 0x42, 0xfe, 0xbf, 0xfa, 0x1c, 0xc0, 0xaa, - 0xa3, 0xa7, 0xb5, 0x71, 0xe8, 0xff, 0x18, 0x83, 0xf6, 0xdf, 0x10, 0x0a, - 0x13, 0x62, 0xc8, 0x3d, 0x9c, 0xa7, 0xde, 0x2e, 0x3f, 0x0c, 0xd9, 0x1d, - 0xe7, 0x2e, 0xfb, 0x2a, 0xce, 0xc8, 0x9a, 0x7f, 0x87, 0xbf, 0xd8, 0x4c, - 0x04, 0x15, 0x32, 0xc9, 0xd1, 0xcc, 0x95, 0x71, 0xa0, 0x4e, 0x28, 0x4f, - 0x84, 0xd9, 0x35, 0xfb, 0xe3, 0x86, 0x6f, 0x94, 0x53, 0xe6, 0x72, 0x8a, - 0x63, 0x67, 0x2e, 0xbe, 0x69, 0xf6, 0xf7, 0x6e, 0x8e, 0x9c, 0x60, 0x04, - 0xeb, 0x29, 0xfa, 0xc4, 0x47, 0x42, 0xd2, 0x78, 0x98, 0xe3, 0xec, 0x0b, - 0xa5, 0x92, 0xdc, 0xb7, 0x9a, 0xbd, 0x80, 0x64, 0x2b, 0x38, 0x7c, 0x38, - 0x09, 0x5b, 0x66, 0xf6, 0x2d, 0x95, 0x7a, 0x86, 0xb2, 0x34, 0x2e, 0x85, - 0x9e, 0x90, 0x0e, 0x5f, 0xb7, 0x5d, 0xa4, 0x51, 0x72, 0x46, 0x70, 0x13, - 0xbf, 0x67, 0xf2, 0xb6, 0xa7, 0x4d, 0x14, 0x1e, 0x6c, 0xb9, 0x53, 0xee, - 0x23, 0x1a, 0x4e, 0x8d, 0x48, 0x55, 0x43, 0x41, 0xb1, 0x89, 0x75, 0x6a, - 0x40, 0x28, 0xc5, 0x7d, 0xdd, 0xd2, 0x6e, 0xd2, 0x02, 0x19, 0x2f, 0x7b, - 0x24, 0x94, 0x4b, 0xeb, 0xf1, 0x1a, 0xa9, 0x9b, 0xe3, 0x23, 0x9a, 0xea, - 0xfa, 0x33, 0xab, 0x0a, 0x2c, 0xb7, 0xf4, 0x60, 0x08, 0xdd, 0x9f, 0x1c, - 0xcd, 0xdd, 0x2d, 0x01, 0x66, 0x80, 0xaf, 0xb3, 0x2f, 0x29, 0x1d, 0x23, - 0xb8, 0x8a, 0xe1, 0xa1, 0x70, 0x07, 0x0c, 0x34, 0x0f, 0x02, 0x03, 0x01, - 0x00, 0x01, 0xa3, 0x82, 0x01, 0x5d, 0x30, 0x82, 0x01, 0x59, 0x30, 0x2f, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x23, - 0x30, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x01, 0x86, 0x13, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x73, - 0x32, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x30, - 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, - 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x65, 0x06, 0x03, 0x55, - 0x1d, 0x20, 0x04, 0x5e, 0x30, 0x5c, 0x30, 0x5a, 0x06, 0x04, 0x55, 0x1d, - 0x20, 0x00, 0x30, 0x52, 0x30, 0x26, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x73, 0x79, 0x6d, 0x61, 0x75, 0x74, 0x68, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x28, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02, 0x30, 0x1c, 0x1a, 0x1a, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x73, - 0x79, 0x6d, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, - 0x70, 0x61, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x29, 0x30, - 0x27, 0x30, 0x25, 0xa0, 0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x73, 0x31, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x63, 0x61, 0x33, 0x2d, 0x67, 0x35, - 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, - 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x29, 0x06, 0x03, - 0x55, 0x1d, 0x11, 0x04, 0x22, 0x30, 0x20, 0xa4, 0x1e, 0x30, 0x1c, 0x31, - 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x53, 0x79, - 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, 0x50, 0x4b, 0x49, 0x2d, 0x31, 0x2d, - 0x35, 0x33, 0x33, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, - 0x04, 0x14, 0x01, 0x59, 0xab, 0xe7, 0xdd, 0x3a, 0x0b, 0x59, 0xa6, 0x64, - 0x63, 0xd6, 0xcf, 0x20, 0x07, 0x57, 0xd5, 0x91, 0xe7, 0x6a, 0x30, 0x1f, - 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7f, - 0xd3, 0x65, 0xa7, 0xc2, 0xdd, 0xec, 0xbb, 0xf0, 0x30, 0x09, 0xf3, 0x43, - 0x39, 0xfa, 0x02, 0xaf, 0x33, 0x31, 0x33, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x01, 0x00, 0x42, 0x01, 0x55, 0x7b, 0xd0, 0x16, 0x1a, 0x5d, 0x58, - 0xe8, 0xbb, 0x9b, 0xa8, 0x4d, 0xd7, 0xf3, 0xd7, 0xeb, 0x13, 0x94, 0x86, - 0xd6, 0x7f, 0x21, 0x0b, 0x47, 0xbc, 0x57, 0x9b, 0x92, 0x5d, 0x4f, 0x05, - 0x9f, 0x38, 0xa4, 0x10, 0x7c, 0xcf, 0x83, 0xbe, 0x06, 0x43, 0x46, 0x8d, - 0x08, 0xbc, 0x6a, 0xd7, 0x10, 0xa6, 0xfa, 0xab, 0xaf, 0x2f, 0x61, 0xa8, - 0x63, 0xf2, 0x65, 0xdf, 0x7f, 0x4c, 0x88, 0x12, 0x88, 0x4f, 0xb3, 0x69, - 0xd9, 0xff, 0x27, 0xc0, 0x0a, 0x97, 0x91, 0x8f, 0x56, 0xfb, 0x89, 0xc4, - 0xa8, 0xbb, 0x92, 0x2d, 0x1b, 0x73, 0xb0, 0xc6, 0xab, 0x36, 0xf4, 0x96, - 0x6c, 0x20, 0x08, 0xef, 0x0a, 0x1e, 0x66, 0x24, 0x45, 0x4f, 0x67, 0x00, - 0x40, 0xc8, 0x07, 0x54, 0x74, 0x33, 0x3b, 0xa6, 0xad, 0xbb, 0x23, 0x9f, - 0x66, 0xed, 0xa2, 0x44, 0x70, 0x34, 0xfb, 0x0e, 0xea, 0x01, 0xfd, 0xcf, - 0x78, 0x74, 0xdf, 0xa7, 0xad, 0x55, 0xb7, 0x5f, 0x4d, 0xf6, 0xd6, 0x3f, - 0xe0, 0x86, 0xce, 0x24, 0xc7, 0x42, 0xa9, 0x13, 0x14, 0x44, 0x35, 0x4b, - 0xb6, 0xdf, 0xc9, 0x60, 0xac, 0x0c, 0x7f, 0xd9, 0x93, 0x21, 0x4b, 0xee, - 0x9c, 0xe4, 0x49, 0x02, 0x98, 0xd3, 0x60, 0x7b, 0x5c, 0xbc, 0xd5, 0x30, - 0x2f, 0x07, 0xce, 0x44, 0x42, 0xc4, 0x0b, 0x99, 0xfe, 0xe6, 0x9f, 0xfc, - 0xb0, 0x78, 0x86, 0x51, 0x6d, 0xd1, 0x2c, 0x9d, 0xc6, 0x96, 0xfb, 0x85, - 0x82, 0xbb, 0x04, 0x2f, 0xf7, 0x62, 0x80, 0xef, 0x62, 0xda, 0x7f, 0xf6, - 0x0e, 0xac, 0x90, 0xb8, 0x56, 0xbd, 0x79, 0x3f, 0xf2, 0x80, 0x6e, 0xa3, - 0xd9, 0xb9, 0x0f, 0x5d, 0x3a, 0x07, 0x1d, 0x91, 0x93, 0x86, 0x4b, 0x29, - 0x4c, 0xe1, 0xdc, 0xb5, 0xe1, 0xe0, 0x33, 0x9d, 0xb3, 0xcb, 0x36, 0x91, - 0x4b, 0xfe, 0xa1, 0xb4, 0xee, 0xf0, 0xf9, -} - -var certSet3Cert45 = []byte{ - 0x30, 0x82, 0x05, 0x38, 0x30, 0x82, 0x04, 0x20, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x51, 0x3f, 0xb9, 0x74, 0x38, 0x70, 0xb7, 0x34, 0x40, - 0x41, 0x8d, 0x30, 0x93, 0x06, 0x99, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xca, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x16, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x31, 0x3a, 0x30, 0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x31, 0x28, - 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x36, 0x20, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, - 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, - 0x31, 0x45, 0x30, 0x43, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x3c, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6c, 0x61, 0x73, - 0x73, 0x20, 0x33, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, - 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x35, 0x30, - 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x30, 0x33, 0x31, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x31, 0x30, 0x33, 0x30, - 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x7e, 0x31, 0x0b, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x1d, - 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x14, 0x53, 0x79, 0x6d, - 0x61, 0x6e, 0x74, 0x65, 0x63, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x16, 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, - 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x31, 0x2f, 0x30, 0x2d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x26, 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, 0x20, 0x43, 0x6c, - 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, - 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, 0x20, 0x2d, - 0x20, 0x47, 0x34, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xb2, 0xd8, 0x05, 0xca, 0x1c, 0x74, 0x2d, 0xb5, 0x17, 0x56, 0x39, 0xc5, - 0x4a, 0x52, 0x09, 0x96, 0xe8, 0x4b, 0xd8, 0x0c, 0xf1, 0x68, 0x9f, 0x9a, - 0x42, 0x28, 0x62, 0xc3, 0xa5, 0x30, 0x53, 0x7e, 0x55, 0x11, 0x82, 0x5b, - 0x03, 0x7a, 0x0d, 0x2f, 0xe1, 0x79, 0x04, 0xc9, 0xb4, 0x96, 0x77, 0x19, - 0x81, 0x01, 0x94, 0x59, 0xf9, 0xbc, 0xf7, 0x7a, 0x99, 0x27, 0x82, 0x2d, - 0xb7, 0x83, 0xdd, 0x5a, 0x27, 0x7f, 0xb2, 0x03, 0x7a, 0x9c, 0x53, 0x25, - 0xe9, 0x48, 0x1f, 0x46, 0x4f, 0xc8, 0x9d, 0x29, 0xf8, 0xbe, 0x79, 0x56, - 0xf6, 0xf7, 0xfd, 0xd9, 0x3a, 0x68, 0xda, 0x8b, 0x4b, 0x82, 0x33, 0x41, - 0x12, 0xc3, 0xc8, 0x3c, 0xcc, 0xd6, 0x96, 0x7a, 0x84, 0x21, 0x1a, 0x22, - 0x04, 0x03, 0x27, 0x17, 0x8b, 0x1c, 0x68, 0x61, 0x93, 0x0f, 0x0e, 0x51, - 0x80, 0x33, 0x1d, 0xb4, 0xb5, 0xce, 0xeb, 0x7e, 0xd0, 0x62, 0xac, 0xee, - 0xb3, 0x7b, 0x01, 0x74, 0xef, 0x69, 0x35, 0xeb, 0xca, 0xd5, 0x3d, 0xa9, - 0xee, 0x97, 0x98, 0xca, 0x8d, 0xaa, 0x44, 0x0e, 0x25, 0x99, 0x4a, 0x15, - 0x96, 0xa4, 0xce, 0x6d, 0x02, 0x54, 0x1f, 0x2a, 0x6a, 0x26, 0xe2, 0x06, - 0x3a, 0x63, 0x48, 0xac, 0xb4, 0x4c, 0xd1, 0x75, 0x93, 0x50, 0xff, 0x13, - 0x2f, 0xd6, 0xda, 0xe1, 0xc6, 0x18, 0xf5, 0x9f, 0xc9, 0x25, 0x5d, 0xf3, - 0x00, 0x3a, 0xde, 0x26, 0x4d, 0xb4, 0x29, 0x09, 0xcd, 0x0f, 0x3d, 0x23, - 0x6f, 0x16, 0x4a, 0x81, 0x16, 0xfb, 0xf2, 0x83, 0x10, 0xc3, 0xb8, 0xd6, - 0xd8, 0x55, 0x32, 0x3d, 0xf1, 0xbd, 0x0f, 0xbd, 0x8c, 0x52, 0x95, 0x4a, - 0x16, 0x97, 0x7a, 0x52, 0x21, 0x63, 0x75, 0x2f, 0x16, 0xf9, 0xc4, 0x66, - 0xbe, 0xf5, 0xb5, 0x09, 0xd8, 0xff, 0x27, 0x00, 0xcd, 0x44, 0x7c, 0x6f, - 0x4b, 0x3f, 0xb0, 0xf7, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, - 0x63, 0x30, 0x82, 0x01, 0x5f, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, - 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, - 0x00, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x29, 0x30, 0x27, - 0x30, 0x25, 0xa0, 0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x73, 0x31, 0x2e, 0x73, 0x79, 0x6d, 0x63, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x63, 0x61, 0x33, 0x2d, 0x67, 0x35, 0x2e, - 0x63, 0x72, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, - 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x2f, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x23, 0x30, 0x21, 0x30, - 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, - 0x13, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x73, 0x32, 0x2e, 0x73, - 0x79, 0x6d, 0x63, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x6b, 0x06, 0x03, - 0x55, 0x1d, 0x20, 0x04, 0x64, 0x30, 0x62, 0x30, 0x60, 0x06, 0x0a, 0x60, - 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, 0x07, 0x36, 0x30, 0x52, 0x30, - 0x26, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, - 0x1a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, - 0x73, 0x79, 0x6d, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x63, 0x70, 0x73, 0x30, 0x28, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x02, 0x02, 0x30, 0x1c, 0x1a, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x73, 0x79, 0x6d, 0x61, 0x75, 0x74, - 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x70, 0x61, 0x30, 0x29, 0x06, - 0x03, 0x55, 0x1d, 0x11, 0x04, 0x22, 0x30, 0x20, 0xa4, 0x1e, 0x30, 0x1c, - 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x53, - 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, 0x50, 0x4b, 0x49, 0x2d, 0x31, - 0x2d, 0x35, 0x33, 0x34, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, - 0x16, 0x04, 0x14, 0x5f, 0x60, 0xcf, 0x61, 0x90, 0x55, 0xdf, 0x84, 0x43, - 0x14, 0x8a, 0x60, 0x2a, 0xb2, 0xf5, 0x7a, 0xf4, 0x43, 0x18, 0xef, 0x30, - 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, - 0x7f, 0xd3, 0x65, 0xa7, 0xc2, 0xdd, 0xec, 0xbb, 0xf0, 0x30, 0x09, 0xf3, - 0x43, 0x39, 0xfa, 0x02, 0xaf, 0x33, 0x31, 0x33, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x5e, 0x94, 0x56, 0x49, 0xdd, 0x8e, 0x2d, 0x65, - 0xf5, 0xc1, 0x36, 0x51, 0xb6, 0x03, 0xe3, 0xda, 0x9e, 0x73, 0x19, 0xf2, - 0x1f, 0x59, 0xab, 0x58, 0x7e, 0x6c, 0x26, 0x05, 0x2c, 0xfa, 0x81, 0xd7, - 0x5c, 0x23, 0x17, 0x22, 0x2c, 0x37, 0x93, 0xf7, 0x86, 0xec, 0x85, 0xe6, - 0xb0, 0xa3, 0xfd, 0x1f, 0xe2, 0x32, 0xa8, 0x45, 0x6f, 0xe1, 0xd9, 0xfb, - 0xb9, 0xaf, 0xd2, 0x70, 0xa0, 0x32, 0x42, 0x65, 0xbf, 0x84, 0xfe, 0x16, - 0x2a, 0x8f, 0x3f, 0xc5, 0xa6, 0xd6, 0xa3, 0x93, 0x7d, 0x43, 0xe9, 0x74, - 0x21, 0x91, 0x35, 0x28, 0xf4, 0x63, 0xe9, 0x2e, 0xed, 0xf7, 0xf5, 0x5c, - 0x7f, 0x4b, 0x9a, 0xb5, 0x20, 0xe9, 0x0a, 0xbd, 0xe0, 0x45, 0x10, 0x0c, - 0x14, 0x94, 0x9a, 0x5d, 0xa5, 0xe3, 0x4b, 0x91, 0xe8, 0x24, 0x9b, 0x46, - 0x40, 0x65, 0xf4, 0x22, 0x72, 0xcd, 0x99, 0xf8, 0x88, 0x11, 0xf5, 0xf3, - 0x7f, 0xe6, 0x33, 0x82, 0xe6, 0xa8, 0xc5, 0x7e, 0xfe, 0xd0, 0x08, 0xe2, - 0x25, 0x58, 0x08, 0x71, 0x68, 0xe6, 0xcd, 0xa2, 0xe6, 0x14, 0xde, 0x4e, - 0x52, 0x24, 0x2d, 0xfd, 0xe5, 0x79, 0x13, 0x53, 0xe7, 0x5e, 0x2f, 0x2d, - 0x4d, 0x1b, 0x6d, 0x40, 0x15, 0x52, 0x2b, 0xf7, 0x87, 0x89, 0x78, 0x12, - 0x81, 0x6e, 0xd9, 0x4d, 0xaa, 0x2d, 0x78, 0xd4, 0xc2, 0x2c, 0x3d, 0x08, - 0x5f, 0x87, 0x91, 0x9e, 0x1f, 0x0e, 0xb0, 0xde, 0x30, 0x52, 0x64, 0x86, - 0x89, 0xaa, 0x9d, 0x66, 0x9c, 0x0e, 0x76, 0x0c, 0x80, 0xf2, 0x74, 0xd8, - 0x2a, 0xf8, 0xb8, 0x3a, 0xce, 0xd7, 0xd6, 0x0f, 0x11, 0xbe, 0x6b, 0xab, - 0x14, 0xf5, 0xbd, 0x41, 0xa0, 0x22, 0x63, 0x89, 0xf1, 0xba, 0x0f, 0x6f, - 0x29, 0x63, 0x66, 0x2d, 0x3f, 0xac, 0x8c, 0x72, 0xc5, 0xfb, 0xc7, 0xe4, - 0xd4, 0x0f, 0xf2, 0x3b, 0x4f, 0x8c, 0x29, 0xc7, -} - -var certSet3Cert46 = []byte{ - 0x30, 0x82, 0x05, 0x49, 0x30, 0x82, 0x04, 0x31, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x69, 0x87, 0x94, 0x19, 0xd9, 0xe3, 0x62, 0x70, 0x74, - 0x9d, 0xbb, 0xe5, 0x9d, 0xc6, 0x68, 0x5e, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xbd, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, - 0x6e, 0x63, 0x2e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x13, 0x16, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x31, 0x3a, 0x30, 0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x31, 0x28, - 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x38, 0x20, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, 0x2d, - 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, - 0x31, 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2f, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x55, 0x6e, 0x69, 0x76, - 0x65, 0x72, 0x73, 0x61, 0x6c, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, - 0x17, 0x0d, 0x31, 0x33, 0x30, 0x34, 0x30, 0x39, 0x30, 0x30, 0x30, 0x30, - 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x34, 0x30, 0x38, 0x32, - 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x1d, - 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x14, 0x53, 0x79, 0x6d, - 0x61, 0x6e, 0x74, 0x65, 0x63, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x16, 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, - 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x31, 0x35, 0x30, 0x33, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x2c, 0x53, 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, 0x20, 0x43, 0x6c, - 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, - 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x53, 0x48, 0x41, 0x32, - 0x35, 0x36, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, - 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, - 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbe, 0x38, 0x16, 0x51, 0x8b, 0x80, - 0xdb, 0xea, 0x0e, 0x4d, 0xec, 0xe8, 0x3f, 0x5c, 0xc4, 0x7c, 0xa2, 0x5d, - 0xed, 0x3b, 0xaf, 0xa5, 0xd6, 0x9e, 0x10, 0x35, 0x2c, 0xe3, 0xc5, 0xe5, - 0xa8, 0xde, 0x8c, 0x86, 0x17, 0x26, 0xe6, 0xde, 0x0b, 0x51, 0x4a, 0x2c, - 0xd0, 0xfb, 0xd1, 0x14, 0x5a, 0x72, 0xf7, 0xc9, 0xdd, 0xb8, 0x83, 0x1c, - 0xc6, 0x46, 0x8c, 0x31, 0x25, 0x91, 0x0e, 0x59, 0x17, 0xa3, 0xd0, 0x13, - 0x8c, 0x92, 0xc1, 0xaf, 0x81, 0x54, 0x4e, 0xbc, 0x62, 0x02, 0x9e, 0xaa, - 0xa7, 0x1a, 0x57, 0xd8, 0xca, 0xa6, 0x99, 0x7a, 0x70, 0x56, 0x4f, 0x98, - 0x07, 0x2e, 0x4b, 0x96, 0xd0, 0x4c, 0x39, 0x53, 0xb9, 0x61, 0x2f, 0x3b, - 0x76, 0x7c, 0x8e, 0x05, 0x9e, 0x99, 0x44, 0xd1, 0x03, 0x54, 0x77, 0x29, - 0x2b, 0x56, 0x2a, 0xaa, 0x61, 0xe4, 0x84, 0x2f, 0x12, 0x15, 0x3c, 0xbd, - 0xd7, 0x8a, 0xe8, 0x09, 0x1e, 0x56, 0xf1, 0xb5, 0x14, 0xac, 0x8a, 0x84, - 0xce, 0xae, 0x78, 0xa2, 0x60, 0x0a, 0x53, 0x7e, 0x13, 0x4c, 0x1a, 0x40, - 0x70, 0x0e, 0x52, 0x59, 0xff, 0x5a, 0x68, 0x2e, 0x4c, 0x46, 0x13, 0x3b, - 0x39, 0x09, 0x82, 0x78, 0x02, 0x35, 0x49, 0x20, 0x08, 0x82, 0xb3, 0xb1, - 0x6c, 0x89, 0x0f, 0x6e, 0x1e, 0x35, 0x25, 0xb0, 0x2c, 0x24, 0x83, 0xe3, - 0xc5, 0x50, 0x2c, 0xba, 0x46, 0x90, 0x45, 0x87, 0x0d, 0x72, 0xff, 0x5d, - 0x11, 0x38, 0xc5, 0x91, 0x76, 0xc5, 0x2c, 0xfb, 0x05, 0x2a, 0x82, 0x95, - 0xa1, 0x59, 0x63, 0xe3, 0xd0, 0x26, 0x58, 0xcd, 0x67, 0x56, 0x3a, 0xba, - 0xdf, 0x7c, 0xd2, 0xd2, 0x3b, 0xd8, 0xde, 0x1a, 0x7a, 0x77, 0xe4, 0x0c, - 0x8c, 0x0b, 0xeb, 0x2b, 0xc2, 0x22, 0xb0, 0xbd, 0x55, 0xba, 0xd9, 0xb9, - 0x55, 0xd1, 0x22, 0x7a, 0xc6, 0x02, 0x4e, 0x3f, 0xc3, 0x35, 0x02, 0x03, - 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x7a, 0x30, 0x82, 0x01, 0x76, 0x30, - 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, - 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x3e, 0x06, 0x03, 0x55, - 0x1d, 0x1f, 0x04, 0x37, 0x30, 0x35, 0x30, 0x33, 0xa0, 0x31, 0xa0, 0x2f, - 0x86, 0x2d, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, - 0x2e, 0x77, 0x73, 0x2e, 0x73, 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x75, 0x6e, 0x69, 0x76, 0x65, 0x72, 0x73, - 0x61, 0x6c, 0x2d, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x72, 0x6c, 0x30, - 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, - 0x02, 0x01, 0x06, 0x30, 0x37, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x01, 0x01, 0x04, 0x2b, 0x30, 0x29, 0x30, 0x27, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x1b, 0x68, 0x74, 0x74, - 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x77, 0x73, 0x2e, - 0x73, 0x79, 0x6d, 0x61, 0x6e, 0x74, 0x65, 0x63, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x6b, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x64, 0x30, 0x62, 0x30, - 0x60, 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45, 0x01, 0x07, - 0x36, 0x30, 0x52, 0x30, 0x26, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x02, 0x01, 0x16, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x77, 0x77, 0x77, 0x2e, 0x73, 0x79, 0x6d, 0x61, 0x75, 0x74, 0x68, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x70, 0x73, 0x30, 0x28, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02, 0x30, 0x1c, 0x1a, 0x1a, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x73, 0x79, - 0x6d, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x70, - 0x61, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x23, 0x30, 0x21, - 0xa4, 0x1f, 0x30, 0x1d, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x12, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x4d, - 0x50, 0x4b, 0x49, 0x2d, 0x32, 0x2d, 0x33, 0x37, 0x33, 0x30, 0x1d, 0x06, - 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xdb, 0x62, 0x20, 0xfb, - 0x7d, 0x02, 0x89, 0x7c, 0xd2, 0x3b, 0x6f, 0xc7, 0xe4, 0x32, 0x6c, 0x05, - 0x52, 0x1d, 0xad, 0xb1, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, - 0x18, 0x30, 0x16, 0x80, 0x14, 0xb6, 0x77, 0xfa, 0x69, 0x48, 0x47, 0x9f, - 0x53, 0x12, 0xd5, 0xc2, 0xea, 0x07, 0x32, 0x76, 0x07, 0xd1, 0x97, 0x07, - 0x19, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x19, 0xcc, 0x95, - 0xe2, 0x2f, 0x7b, 0x49, 0xd0, 0x48, 0x90, 0x53, 0xf4, 0x07, 0xb1, 0x20, - 0x44, 0x35, 0x70, 0x14, 0xd5, 0x44, 0x37, 0x31, 0xef, 0xef, 0x70, 0xd1, - 0x2d, 0x4c, 0xe9, 0x2d, 0xb0, 0x53, 0x91, 0x01, 0x4c, 0x54, 0xe7, 0x7d, - 0x9b, 0xda, 0x3a, 0xff, 0xb7, 0xcb, 0x14, 0xad, 0x30, 0x0f, 0x69, 0x1a, - 0x2a, 0xf0, 0xbc, 0xcd, 0x35, 0xeb, 0x48, 0xdc, 0xb9, 0x87, 0xfd, 0xcf, - 0xb1, 0x5a, 0xf6, 0x05, 0xda, 0x3c, 0x64, 0xe6, 0x2b, 0xe6, 0xdc, 0x73, - 0x5e, 0x9a, 0xd8, 0x0c, 0x9b, 0xd2, 0x97, 0xb3, 0xe8, 0xfa, 0x87, 0x95, - 0x53, 0xe1, 0x99, 0xad, 0x88, 0xe8, 0xfa, 0xbc, 0x09, 0x4d, 0xa2, 0xc4, - 0x6a, 0x1b, 0x28, 0x3b, 0x2d, 0xc3, 0x21, 0x15, 0xee, 0x14, 0xfa, 0x9d, - 0x98, 0x10, 0xeb, 0x9f, 0x3e, 0xe6, 0x24, 0x24, 0x5f, 0x7a, 0x1c, 0x05, - 0xbb, 0x9a, 0x31, 0x23, 0x58, 0x79, 0x4c, 0xec, 0x6d, 0x18, 0x19, 0x4d, - 0x51, 0x1f, 0x08, 0x61, 0xbd, 0x91, 0x05, 0x0c, 0x5a, 0x9c, 0x26, 0xfc, - 0x0b, 0xa5, 0x20, 0x25, 0xbf, 0x6a, 0x1b, 0x2b, 0xf7, 0x02, 0x09, 0x72, - 0x69, 0x83, 0x32, 0x14, 0xc3, 0x60, 0x5b, 0x7e, 0xfd, 0x9a, 0x32, 0xfa, - 0xb4, 0x95, 0x0e, 0x1a, 0xf9, 0x3b, 0x09, 0xa4, 0x54, 0x47, 0x9a, 0x0c, - 0xce, 0x32, 0xaf, 0xd1, 0x21, 0xcc, 0x7f, 0xd2, 0x06, 0xef, 0x60, 0x0e, - 0x62, 0x6f, 0x6f, 0x81, 0x1a, 0x17, 0x9d, 0xc8, 0xcb, 0x28, 0xcc, 0xe2, - 0x5f, 0x6e, 0x2c, 0x7a, 0xb4, 0xcb, 0x47, 0x7c, 0x74, 0x68, 0x7b, 0x48, - 0x71, 0x02, 0x9c, 0x23, 0x09, 0xf3, 0x5a, 0xae, 0x5f, 0x42, 0x2e, 0x5f, - 0x2b, 0x59, 0x2d, 0x52, 0x88, 0xe5, 0x8d, 0x0b, 0xb3, 0xa8, 0x61, 0xf9, - 0x4b, 0x9b, 0x55, 0xd6, 0xda, 0xb1, 0x92, 0x3b, 0xbf, 0xc3, 0x9b, 0xf9, - 0x2c, -} - -var certSet3Cert47 = []byte{ - 0x30, 0x82, 0x05, 0x86, 0x30, 0x82, 0x04, 0x6e, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x04, 0x07, 0x27, 0x9a, 0xa9, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x5a, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, - 0x45, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x09, - 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x31, 0x13, 0x30, - 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0a, 0x43, 0x79, 0x62, 0x65, - 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x19, 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, - 0x72, 0x65, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, - 0x31, 0x32, 0x31, 0x39, 0x32, 0x30, 0x30, 0x37, 0x33, 0x32, 0x5a, 0x17, - 0x0d, 0x31, 0x37, 0x31, 0x32, 0x31, 0x39, 0x32, 0x30, 0x30, 0x36, 0x35, - 0x35, 0x5a, 0x30, 0x81, 0x8b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, - 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, - 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, - 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, - 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x0c, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, - 0x74, 0x20, 0x49, 0x54, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, - 0x20, 0x49, 0x54, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x53, 0x48, 0x41, 0x32, - 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, - 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xd1, 0xe8, 0x37, - 0xa7, 0x76, 0x8a, 0x70, 0x4b, 0x19, 0xf0, 0x20, 0x37, 0x09, 0x24, 0x37, - 0x7f, 0xea, 0xfb, 0x78, 0xe6, 0x05, 0xba, 0x6a, 0xad, 0x4e, 0x27, 0x0d, - 0xfc, 0x72, 0x6a, 0xd9, 0x6c, 0x21, 0xc4, 0x64, 0x11, 0x95, 0x73, 0x10, - 0x0a, 0x5c, 0x25, 0x7b, 0x88, 0x6c, 0x94, 0x04, 0xfd, 0xc7, 0xdb, 0xae, - 0x7b, 0xdc, 0x4a, 0x08, 0xb3, 0x3e, 0x16, 0xf1, 0xd0, 0xad, 0xdb, 0x30, - 0x6d, 0xd7, 0x1a, 0x1e, 0x52, 0xb5, 0x3d, 0xf0, 0x47, 0x19, 0x03, 0xe2, - 0x7d, 0xa6, 0xbd, 0x57, 0x13, 0x3f, 0x54, 0xea, 0x3a, 0xa3, 0xb1, 0x77, - 0xfc, 0x42, 0xf0, 0x63, 0x49, 0x6a, 0x91, 0x80, 0x2e, 0x30, 0x49, 0xc0, - 0x8a, 0xeb, 0x2b, 0xaf, 0xfe, 0x3a, 0xeb, 0x07, 0x5d, 0x06, 0xf7, 0xe9, - 0xfd, 0x84, 0x0e, 0x91, 0xbd, 0x09, 0x20, 0x29, 0xe8, 0x6e, 0x5d, 0x09, - 0xce, 0x15, 0xd3, 0xe7, 0xef, 0xdb, 0x50, 0xeb, 0x44, 0xef, 0x18, 0x57, - 0xab, 0x04, 0x1d, 0xbc, 0x31, 0xf9, 0xf7, 0x7b, 0x2a, 0x13, 0xcf, 0xd1, - 0x3d, 0x51, 0xaf, 0x1b, 0xc5, 0xb5, 0x7b, 0xe7, 0xb0, 0xfc, 0x53, 0xbb, - 0x9a, 0xe7, 0x63, 0xde, 0x41, 0x33, 0xb6, 0x47, 0x24, 0x69, 0x5d, 0xb8, - 0x46, 0xa7, 0xff, 0xad, 0xab, 0xdf, 0x4f, 0x7a, 0x78, 0x25, 0x27, 0x21, - 0x26, 0x34, 0xca, 0x02, 0x6e, 0x37, 0x51, 0xf0, 0xed, 0x58, 0x1a, 0x60, - 0x94, 0xf6, 0xc4, 0x93, 0xd8, 0xdd, 0x30, 0x24, 0x25, 0xd7, 0x1c, 0xeb, - 0x19, 0x94, 0x35, 0x5d, 0x93, 0xb2, 0xae, 0xaa, 0x29, 0x83, 0x73, 0xc4, - 0x74, 0x59, 0x05, 0x52, 0x67, 0x9d, 0xda, 0x67, 0x51, 0x39, 0x05, 0x3a, - 0x36, 0xea, 0xf2, 0x1e, 0x76, 0x2b, 0x14, 0xae, 0xec, 0x3d, 0xf9, 0x14, - 0x99, 0x8b, 0x07, 0x6e, 0xbc, 0xe7, 0x0c, 0x56, 0xde, 0xac, 0xbe, 0xae, - 0xdb, 0x75, 0x32, 0x90, 0x9e, 0x63, 0xbd, 0x74, 0xbf, 0xe0, 0x0a, 0xca, - 0xf8, 0x34, 0x96, 0x67, 0x84, 0xcd, 0xd1, 0x42, 0x38, 0x78, 0xc7, 0x99, - 0xb6, 0x0c, 0xce, 0xb6, 0x0f, 0xe9, 0x1b, 0xcb, 0xf4, 0x59, 0xbe, 0x11, - 0x0e, 0xcb, 0x2c, 0x32, 0xc8, 0xfa, 0x83, 0x29, 0x64, 0x79, 0x3c, 0x8b, - 0x4b, 0xf0, 0x32, 0x74, 0x6c, 0xf3, 0x93, 0xb8, 0x96, 0x6b, 0x5d, 0x57, - 0x5a, 0x68, 0xc1, 0xcc, 0x0c, 0x79, 0x8a, 0x19, 0xde, 0xf5, 0x49, 0x02, - 0x5e, 0x08, 0x80, 0x01, 0x89, 0x0c, 0x32, 0xcd, 0xd2, 0xd6, 0x96, 0xd5, - 0x4b, 0xa0, 0xf3, 0xec, 0xbf, 0xab, 0xf4, 0x7d, 0xb3, 0xa1, 0xb9, 0x7c, - 0xda, 0x4e, 0xd7, 0xe5, 0xb7, 0xac, 0xb9, 0xf2, 0x25, 0x5f, 0x01, 0xcb, - 0x8c, 0x96, 0xa8, 0x28, 0xae, 0xc1, 0x33, 0x5a, 0xf6, 0x3f, 0x08, 0x90, - 0xdc, 0xeb, 0xff, 0x39, 0xd8, 0x26, 0xc8, 0x12, 0x9d, 0x1c, 0x9a, 0xaa, - 0xa9, 0xc0, 0x16, 0x8e, 0x86, 0xed, 0x67, 0x52, 0x96, 0x00, 0x7f, 0x0d, - 0x92, 0x3d, 0x3d, 0xd9, 0x70, 0x36, 0xe5, 0xea, 0x42, 0x6f, 0x1f, 0xae, - 0x95, 0xe5, 0x5b, 0x5d, 0xf8, 0xd0, 0x3a, 0xc7, 0xd4, 0xde, 0x77, 0x86, - 0xd0, 0xfc, 0x9e, 0x4e, 0xe2, 0xe2, 0xb8, 0xa9, 0x68, 0x37, 0x09, 0xc4, - 0x39, 0xe3, 0x85, 0xb8, 0x89, 0xf3, 0x1f, 0x6e, 0xb7, 0x6d, 0x1f, 0x4a, - 0x2f, 0x18, 0x09, 0x6f, 0xde, 0x4a, 0x01, 0x8f, 0x14, 0xc9, 0xb7, 0xa6, - 0xee, 0xa7, 0x63, 0x9f, 0x33, 0xa4, 0x54, 0x7c, 0x42, 0x83, 0x68, 0xb8, - 0xa5, 0xdf, 0xbf, 0xec, 0xb9, 0x1a, 0x5d, 0x13, 0x3b, 0xd9, 0xad, 0x68, - 0xfd, 0x20, 0x0a, 0x55, 0x91, 0x21, 0x64, 0xf9, 0xd7, 0x13, 0x01, 0xa0, - 0x08, 0x5d, 0x59, 0x89, 0x1b, 0x44, 0xaf, 0xa4, 0xac, 0xc7, 0x05, 0x10, - 0xfa, 0x41, 0x4a, 0xa8, 0xfb, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, - 0x01, 0x20, 0x30, 0x82, 0x01, 0x1c, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, - 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, - 0x01, 0x00, 0x30, 0x53, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x4c, 0x30, - 0x4a, 0x30, 0x48, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xb1, 0x3e, - 0x01, 0x00, 0x30, 0x3b, 0x30, 0x39, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x02, 0x01, 0x16, 0x2d, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x63, 0x79, 0x62, 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x6f, 0x6d, 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2e, - 0x63, 0x66, 0x6d, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, - 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x03, 0x02, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, - 0x16, 0x80, 0x14, 0xe5, 0x9d, 0x59, 0x30, 0x82, 0x47, 0x58, 0xcc, 0xac, - 0xfa, 0x08, 0x54, 0x36, 0x86, 0x7b, 0x3a, 0xb5, 0x04, 0x4d, 0xf0, 0x30, - 0x42, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x3b, 0x30, 0x39, 0x30, 0x37, - 0xa0, 0x35, 0xa0, 0x33, 0x86, 0x31, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x63, 0x64, 0x70, 0x31, 0x2e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, - 0x2d, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, - 0x52, 0x4c, 0x2f, 0x4f, 0x6d, 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x32, - 0x30, 0x32, 0x35, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x51, 0xaf, 0x24, 0x26, 0x9c, 0xf4, - 0x68, 0x22, 0x57, 0x80, 0x26, 0x2b, 0x3b, 0x46, 0x62, 0x15, 0x7b, 0x1e, - 0xcc, 0xa5, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x76, 0x85, - 0xc5, 0x23, 0x31, 0x1f, 0xb4, 0x73, 0xea, 0xa0, 0xbc, 0xa5, 0xed, 0xdf, - 0x45, 0x43, 0x6a, 0x7f, 0x69, 0x20, 0x1b, 0x80, 0xb2, 0xfb, 0x1c, 0xdd, - 0xaa, 0x7f, 0x88, 0xd3, 0x31, 0x41, 0x36, 0xf7, 0xfb, 0xfb, 0x6b, 0xad, - 0x98, 0x8c, 0x78, 0x1f, 0x9d, 0x11, 0x67, 0x3a, 0xcd, 0x4b, 0xec, 0xa8, - 0xbc, 0x9d, 0x15, 0x19, 0xc4, 0x3b, 0x0b, 0xa7, 0x93, 0xce, 0xe8, 0xfc, - 0x9d, 0x5b, 0xe8, 0x1f, 0xcb, 0x56, 0xae, 0x76, 0x43, 0x2b, 0xc7, 0x13, - 0x51, 0x77, 0x41, 0xa8, 0x66, 0x4c, 0x5f, 0xa7, 0xd1, 0xd7, 0xaa, 0x75, - 0xc5, 0x1b, 0x29, 0x4c, 0xc9, 0xf4, 0x6d, 0xa1, 0x5e, 0xa1, 0x85, 0x93, - 0x16, 0xc2, 0xcb, 0x3b, 0xab, 0x14, 0x7d, 0x44, 0xfd, 0xda, 0x25, 0x29, - 0x86, 0x2a, 0xfe, 0x63, 0x20, 0xca, 0xd2, 0x0b, 0xc2, 0x34, 0x15, 0xbb, - 0xaf, 0x5b, 0x7f, 0x8a, 0xe0, 0xaa, 0xed, 0x45, 0xa6, 0xea, 0x79, 0xdb, - 0xd8, 0x35, 0x66, 0x54, 0x43, 0xde, 0x37, 0x33, 0xd1, 0xe4, 0xe0, 0xcd, - 0x57, 0xca, 0x71, 0xb0, 0x7d, 0xe9, 0x16, 0x77, 0x64, 0xe8, 0x59, 0x97, - 0xb9, 0xd5, 0x2e, 0xd1, 0xb4, 0x91, 0xda, 0x77, 0x71, 0xf3, 0x4a, 0x0f, - 0x48, 0xd2, 0x34, 0x99, 0x60, 0x95, 0x37, 0xac, 0x1f, 0x01, 0xcd, 0x10, - 0x9d, 0xe8, 0x2a, 0xa5, 0x20, 0xc7, 0x50, 0x9b, 0xb3, 0x6c, 0x49, 0x78, - 0x2b, 0x58, 0x92, 0x64, 0x89, 0xb8, 0x95, 0x36, 0xa8, 0x34, 0xaa, 0xf0, - 0x41, 0xd2, 0x95, 0x5a, 0x24, 0x54, 0x97, 0x4d, 0x6e, 0x05, 0xc4, 0x95, - 0xad, 0xc4, 0x7a, 0xa3, 0x39, 0xfb, 0x79, 0x06, 0x8a, 0x9b, 0xa6, 0x4f, - 0xd9, 0x22, 0xfa, 0x44, 0x4e, 0x36, 0xf3, 0xc9, 0x0f, 0xa6, 0x39, 0xe7, - 0x80, 0xb2, 0x5e, 0xbf, 0xbd, 0x39, 0xd1, 0x46, 0xe5, 0x55, 0x47, 0xdb, - 0xbc, 0x6e, -} - -var certSet3Cert48 = []byte{ - 0x30, 0x82, 0x05, 0xa3, 0x30, 0x82, 0x03, 0x8b, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x75, 0x96, 0xc2, 0x3e, 0xfa, 0x89, 0x59, 0x45, 0x6e, - 0x79, 0xf7, 0x17, 0xba, 0xcf, 0x64, 0xf3, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x55, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, - 0x4e, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, - 0x57, 0x6f, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x41, 0x20, 0x4c, 0x69, - 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, 0x2a, 0x30, 0x28, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x21, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x20, 0x6f, 0x66, 0x20, 0x57, 0x6f, 0x53, 0x69, 0x67, - 0x6e, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x31, 0x30, 0x38, 0x30, - 0x30, 0x35, 0x38, 0x35, 0x38, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x31, 0x31, - 0x30, 0x38, 0x30, 0x30, 0x35, 0x38, 0x35, 0x38, 0x5a, 0x30, 0x52, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, - 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x57, - 0x6f, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x41, 0x20, 0x4c, 0x69, 0x6d, - 0x69, 0x74, 0x65, 0x64, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x1e, 0x57, 0x6f, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6c, - 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x4f, 0x56, 0x20, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, - 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, - 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd6, 0x74, 0x87, 0xaf, 0x99, 0xc0, - 0x57, 0x96, 0x99, 0xc2, 0x89, 0x74, 0x3c, 0x92, 0x55, 0x99, 0xbf, 0x1f, - 0x07, 0x00, 0x35, 0x05, 0x26, 0x96, 0x16, 0x5b, 0x03, 0xc1, 0x42, 0x37, - 0x33, 0xbe, 0x3f, 0x0d, 0x4f, 0xff, 0xbb, 0x94, 0x26, 0x91, 0xd7, 0x14, - 0x16, 0x78, 0x1b, 0xf7, 0x13, 0xa2, 0x4b, 0x4c, 0xe5, 0x5c, 0xa7, 0x10, - 0x40, 0x35, 0x59, 0x30, 0xd1, 0x77, 0x99, 0xe3, 0x9d, 0x29, 0xc2, 0xbe, - 0x31, 0x95, 0xbd, 0x92, 0x61, 0x5b, 0xb0, 0x23, 0xfb, 0x67, 0x58, 0xd5, - 0x52, 0xe4, 0x7b, 0x2f, 0xf0, 0x73, 0x1c, 0x73, 0x94, 0x55, 0xba, 0xc8, - 0x68, 0x59, 0x02, 0x10, 0x10, 0xe4, 0xf7, 0x11, 0xf0, 0xc3, 0xb6, 0xd7, - 0xae, 0x56, 0x80, 0x00, 0x9e, 0x65, 0x64, 0xa6, 0x83, 0x91, 0x41, 0xe6, - 0xed, 0xa7, 0x7a, 0x65, 0xa5, 0x1f, 0x30, 0x2e, 0x13, 0x3c, 0xbf, 0xdf, - 0x63, 0x97, 0xf3, 0x96, 0xf0, 0x52, 0x32, 0xb4, 0xf4, 0x7b, 0x98, 0x57, - 0xed, 0x36, 0x4f, 0xf7, 0x21, 0x4a, 0x28, 0x9d, 0xdd, 0x1c, 0x92, 0xb3, - 0x4d, 0x8d, 0x9c, 0x58, 0x8b, 0x17, 0x21, 0xd8, 0xdc, 0xa1, 0xb7, 0xae, - 0x73, 0x78, 0x8a, 0xc4, 0xb6, 0xe9, 0x7f, 0x28, 0x8e, 0x9a, 0xd5, 0x2e, - 0x9e, 0x39, 0xe9, 0xda, 0x59, 0x74, 0xe3, 0xc8, 0x97, 0x10, 0x32, 0x94, - 0x19, 0x59, 0xd4, 0x0f, 0x89, 0x57, 0x44, 0xe6, 0xe5, 0x2b, 0x17, 0x30, - 0x62, 0x52, 0x98, 0x7f, 0xab, 0x0d, 0xa5, 0x01, 0xea, 0x04, 0x41, 0xca, - 0xfa, 0x13, 0x0e, 0x3b, 0x87, 0x06, 0xba, 0xbd, 0x47, 0x31, 0xd7, 0x63, - 0x03, 0x01, 0xf4, 0xbe, 0xa1, 0x37, 0x11, 0x9f, 0x1e, 0x01, 0x95, 0x4e, - 0x0f, 0x3f, 0x54, 0x1e, 0x92, 0xa6, 0x9f, 0x30, 0x8c, 0xfe, 0x98, 0xe8, - 0x56, 0x96, 0x66, 0x04, 0xe1, 0x35, 0xfe, 0x59, 0xac, 0x57, 0x02, 0x03, - 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x70, 0x30, 0x82, 0x01, 0x6c, 0x30, - 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, - 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, - 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x12, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, - 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d, - 0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0, 0x23, 0xa0, 0x21, 0x86, - 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x73, - 0x31, 0x2e, 0x77, 0x6f, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x63, 0x61, 0x31, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x6d, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x61, 0x30, 0x5f, - 0x30, 0x27, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, - 0x86, 0x1b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, - 0x70, 0x31, 0x2e, 0x77, 0x6f, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x63, 0x61, 0x31, 0x30, 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x28, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x61, 0x69, 0x61, 0x31, 0x2e, 0x77, 0x6f, 0x73, 0x69, 0x67, - 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x61, 0x31, 0x67, 0x32, 0x2d, - 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x33, 0x2e, 0x63, 0x65, 0x72, 0x30, - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xf9, 0x8b, - 0xec, 0x04, 0x38, 0x6a, 0x3f, 0xaa, 0x06, 0xc6, 0x94, 0xad, 0x73, 0x95, - 0x2a, 0xb0, 0xc8, 0xe6, 0xb8, 0xfb, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xe1, 0x66, 0xcf, 0x0e, 0xd1, - 0xf1, 0xb3, 0x4b, 0xb7, 0x06, 0x20, 0x14, 0xfe, 0x87, 0x12, 0xd5, 0xf6, - 0xfe, 0xfb, 0x3e, 0x30, 0x46, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3f, - 0x30, 0x3d, 0x30, 0x3b, 0x06, 0x0c, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, - 0x9b, 0x51, 0x06, 0x03, 0x02, 0x01, 0x30, 0x2b, 0x30, 0x29, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1d, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x73, - 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x2f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x5e, - 0x67, 0xba, 0x78, 0x32, 0x05, 0xb6, 0xb7, 0xaf, 0xe7, 0xde, 0x6a, 0x7a, - 0x82, 0x64, 0x0e, 0xa0, 0x0b, 0xf2, 0x9e, 0x9a, 0xba, 0xc6, 0x2b, 0x6f, - 0x56, 0x3a, 0xb4, 0x62, 0x57, 0xab, 0x7c, 0xad, 0x60, 0x50, 0x96, 0x34, - 0x9c, 0xa3, 0x88, 0xcf, 0xd9, 0x8f, 0x50, 0xaf, 0xf6, 0xf0, 0x00, 0x36, - 0x1b, 0x1f, 0x1f, 0x87, 0x55, 0x3c, 0x60, 0x9a, 0xf0, 0xb0, 0x0d, 0x9a, - 0x80, 0x2d, 0x8a, 0x3b, 0xbe, 0x05, 0xb3, 0xd7, 0xa0, 0x80, 0xb6, 0xb8, - 0x19, 0xeb, 0x51, 0xdb, 0xec, 0x64, 0x54, 0xf1, 0x1a, 0x89, 0x4a, 0x48, - 0xa1, 0x4d, 0x3f, 0x31, 0x7d, 0xc4, 0x79, 0x94, 0x4b, 0xf1, 0xde, 0xab, - 0x83, 0xaf, 0x5f, 0x86, 0xbe, 0x96, 0x1c, 0xb3, 0x3e, 0x1c, 0xe7, 0xbc, - 0x96, 0xb2, 0xe8, 0x5a, 0xac, 0xb5, 0x58, 0xcb, 0x3c, 0x56, 0x6f, 0x0a, - 0xa7, 0xa5, 0xd0, 0x36, 0x89, 0x82, 0x26, 0x8c, 0xb9, 0x1f, 0xb6, 0xeb, - 0x8f, 0x7e, 0x78, 0xfc, 0x5b, 0x8b, 0x79, 0x1c, 0xd6, 0xdf, 0x47, 0xa7, - 0x56, 0xf4, 0x98, 0x4e, 0xc7, 0xa9, 0xd5, 0x0e, 0x75, 0x56, 0x06, 0x7f, - 0xb4, 0x37, 0x46, 0x08, 0xc6, 0xe9, 0x4f, 0x8b, 0x5b, 0x43, 0x1c, 0xe0, - 0x45, 0x3e, 0x95, 0x20, 0x71, 0xc0, 0x1c, 0x98, 0x16, 0xef, 0xf2, 0x78, - 0xdf, 0xac, 0x4d, 0xbb, 0xbf, 0x56, 0x0e, 0xcf, 0x85, 0xaf, 0xcf, 0xbf, - 0x04, 0xed, 0x72, 0x6b, 0xfd, 0x1f, 0x57, 0x0e, 0x58, 0x91, 0x44, 0x11, - 0x58, 0x3b, 0x62, 0x3b, 0x09, 0x78, 0xb3, 0xa4, 0x75, 0x6a, 0xec, 0xb3, - 0xc2, 0x2b, 0x32, 0xcc, 0xb3, 0x8d, 0xc3, 0xa3, 0x6e, 0xdc, 0x8a, 0xd5, - 0xe8, 0x4a, 0xc4, 0x0b, 0x7b, 0xdb, 0x30, 0x5d, 0x95, 0x33, 0xc3, 0xd1, - 0xa3, 0x69, 0x64, 0x5b, 0xa8, 0xaa, 0x96, 0x48, 0x73, 0x73, 0xe3, 0xc9, - 0xb9, 0x24, 0xdf, 0x17, 0x75, 0xaa, 0xaf, 0x07, 0x3a, 0xcf, 0xbe, 0x9b, - 0x8a, 0x80, 0xa7, 0xbf, 0x7c, 0xe2, 0xe9, 0x2a, 0xe6, 0xfd, 0xb0, 0x2c, - 0xe7, 0xe6, 0xe6, 0x7e, 0xb3, 0x35, 0x15, 0x65, 0x00, 0xf4, 0xe1, 0x39, - 0x73, 0x0e, 0x28, 0x4b, 0xf0, 0x0c, 0x98, 0x9e, 0x3a, 0xeb, 0xce, 0x7b, - 0x7a, 0x9e, 0x40, 0xc1, 0x50, 0x65, 0x96, 0x9a, 0xe7, 0x4b, 0x77, 0xcd, - 0xdd, 0xcb, 0x7d, 0x97, 0xb4, 0xea, 0x09, 0xb2, 0xe9, 0x49, 0x28, 0xc3, - 0x30, 0xe0, 0x87, 0x15, 0xf0, 0x26, 0xea, 0xd8, 0x03, 0xfd, 0xec, 0xda, - 0x08, 0x83, 0x65, 0xdc, 0x77, 0xc5, 0x6e, 0x3d, 0x34, 0xf7, 0x87, 0xc3, - 0x1c, 0x1d, 0x26, 0x33, 0xec, 0x33, 0xac, 0xc6, 0x99, 0x53, 0xab, 0x60, - 0xf4, 0xb0, 0xd9, 0xee, 0x64, 0x5a, 0x33, 0x07, 0x70, 0x13, 0x74, 0x88, - 0x07, 0xf5, 0x86, 0xf9, 0x18, 0xd3, 0xb2, 0x47, 0xc8, 0xae, 0x03, 0x4a, - 0x53, 0xde, 0x1c, 0x65, 0xd6, 0x0a, 0x2e, 0x3a, 0x51, 0x93, 0xee, 0xb7, - 0xe3, 0x6f, 0x0a, 0xfb, 0xe9, 0xfe, 0x4e, 0xe8, 0xbb, 0x1d, 0xc2, 0x97, - 0xab, 0x0a, 0xb9, 0xed, 0x36, 0x32, 0x1b, 0x4d, 0xa1, 0xcc, 0x03, 0xa6, - 0x9d, 0xb3, 0xd9, 0x1c, 0xd5, 0x67, 0xe2, 0x8f, 0x74, 0x3c, 0x92, 0x2a, - 0x74, 0xb1, 0x56, 0x50, 0xdf, 0x53, 0x15, 0xd7, 0x21, 0xd6, 0xeb, 0xf3, - 0xfb, 0x63, 0xe3, 0x20, 0x2c, 0x0a, 0x74, 0x37, 0x0b, 0xc1, 0xa1, 0x35, - 0x6a, 0x84, 0x70, 0xf4, 0x45, 0xf8, 0xb2, 0xb6, 0x81, 0x49, 0xaa, 0xfd, - 0x54, 0x45, 0x90, 0x4d, 0xe7, 0x04, 0x07, 0x5f, 0x78, 0x14, 0xdd, 0x3a, - 0xbb, 0x2b, 0xf9, 0x72, 0x50, 0xec, 0x68, 0xea, 0x3c, 0xa8, 0xd1, 0x80, - 0xbb, 0xbe, 0x35, 0x43, 0x97, 0xc3, 0x32, 0xb2, 0xf5, 0xaa, 0xad, 0xc9, - 0x7f, 0x83, 0x9f, 0x7d, 0x69, 0x1e, 0x15, -} - -var certSet3Cert49 = []byte{ - 0x30, 0x82, 0x05, 0xe1, 0x30, 0x82, 0x04, 0xc9, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x04, 0x07, 0x27, 0xaa, 0x47, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x5a, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, - 0x45, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x09, - 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x31, 0x13, 0x30, - 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0a, 0x43, 0x79, 0x62, 0x65, - 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x19, 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, - 0x72, 0x65, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, - 0x30, 0x35, 0x30, 0x37, 0x31, 0x37, 0x30, 0x34, 0x30, 0x39, 0x5a, 0x17, - 0x0d, 0x31, 0x38, 0x30, 0x35, 0x30, 0x37, 0x31, 0x37, 0x30, 0x33, 0x33, - 0x30, 0x5a, 0x30, 0x81, 0x8b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, - 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, - 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, - 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, - 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x0c, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, - 0x74, 0x20, 0x49, 0x54, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, - 0x20, 0x49, 0x54, 0x20, 0x53, 0x53, 0x4c, 0x20, 0x53, 0x48, 0x41, 0x32, - 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, - 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xd1, 0xe8, 0x37, - 0xa7, 0x76, 0x8a, 0x70, 0x4b, 0x19, 0xf0, 0x20, 0x37, 0x09, 0x24, 0x37, - 0x7f, 0xea, 0xfb, 0x78, 0xe6, 0x05, 0xba, 0x6a, 0xad, 0x4e, 0x27, 0x0d, - 0xfc, 0x72, 0x6a, 0xd9, 0x6c, 0x21, 0xc4, 0x64, 0x11, 0x95, 0x73, 0x10, - 0x0a, 0x5c, 0x25, 0x7b, 0x88, 0x6c, 0x94, 0x04, 0xfd, 0xc7, 0xdb, 0xae, - 0x7b, 0xdc, 0x4a, 0x08, 0xb3, 0x3e, 0x16, 0xf1, 0xd0, 0xad, 0xdb, 0x30, - 0x6d, 0xd7, 0x1a, 0x1e, 0x52, 0xb5, 0x3d, 0xf0, 0x47, 0x19, 0x03, 0xe2, - 0x7d, 0xa6, 0xbd, 0x57, 0x13, 0x3f, 0x54, 0xea, 0x3a, 0xa3, 0xb1, 0x77, - 0xfc, 0x42, 0xf0, 0x63, 0x49, 0x6a, 0x91, 0x80, 0x2e, 0x30, 0x49, 0xc0, - 0x8a, 0xeb, 0x2b, 0xaf, 0xfe, 0x3a, 0xeb, 0x07, 0x5d, 0x06, 0xf7, 0xe9, - 0xfd, 0x84, 0x0e, 0x91, 0xbd, 0x09, 0x20, 0x29, 0xe8, 0x6e, 0x5d, 0x09, - 0xce, 0x15, 0xd3, 0xe7, 0xef, 0xdb, 0x50, 0xeb, 0x44, 0xef, 0x18, 0x57, - 0xab, 0x04, 0x1d, 0xbc, 0x31, 0xf9, 0xf7, 0x7b, 0x2a, 0x13, 0xcf, 0xd1, - 0x3d, 0x51, 0xaf, 0x1b, 0xc5, 0xb5, 0x7b, 0xe7, 0xb0, 0xfc, 0x53, 0xbb, - 0x9a, 0xe7, 0x63, 0xde, 0x41, 0x33, 0xb6, 0x47, 0x24, 0x69, 0x5d, 0xb8, - 0x46, 0xa7, 0xff, 0xad, 0xab, 0xdf, 0x4f, 0x7a, 0x78, 0x25, 0x27, 0x21, - 0x26, 0x34, 0xca, 0x02, 0x6e, 0x37, 0x51, 0xf0, 0xed, 0x58, 0x1a, 0x60, - 0x94, 0xf6, 0xc4, 0x93, 0xd8, 0xdd, 0x30, 0x24, 0x25, 0xd7, 0x1c, 0xeb, - 0x19, 0x94, 0x35, 0x5d, 0x93, 0xb2, 0xae, 0xaa, 0x29, 0x83, 0x73, 0xc4, - 0x74, 0x59, 0x05, 0x52, 0x67, 0x9d, 0xda, 0x67, 0x51, 0x39, 0x05, 0x3a, - 0x36, 0xea, 0xf2, 0x1e, 0x76, 0x2b, 0x14, 0xae, 0xec, 0x3d, 0xf9, 0x14, - 0x99, 0x8b, 0x07, 0x6e, 0xbc, 0xe7, 0x0c, 0x56, 0xde, 0xac, 0xbe, 0xae, - 0xdb, 0x75, 0x32, 0x90, 0x9e, 0x63, 0xbd, 0x74, 0xbf, 0xe0, 0x0a, 0xca, - 0xf8, 0x34, 0x96, 0x67, 0x84, 0xcd, 0xd1, 0x42, 0x38, 0x78, 0xc7, 0x99, - 0xb6, 0x0c, 0xce, 0xb6, 0x0f, 0xe9, 0x1b, 0xcb, 0xf4, 0x59, 0xbe, 0x11, - 0x0e, 0xcb, 0x2c, 0x32, 0xc8, 0xfa, 0x83, 0x29, 0x64, 0x79, 0x3c, 0x8b, - 0x4b, 0xf0, 0x32, 0x74, 0x6c, 0xf3, 0x93, 0xb8, 0x96, 0x6b, 0x5d, 0x57, - 0x5a, 0x68, 0xc1, 0xcc, 0x0c, 0x79, 0x8a, 0x19, 0xde, 0xf5, 0x49, 0x02, - 0x5e, 0x08, 0x80, 0x01, 0x89, 0x0c, 0x32, 0xcd, 0xd2, 0xd6, 0x96, 0xd5, - 0x4b, 0xa0, 0xf3, 0xec, 0xbf, 0xab, 0xf4, 0x7d, 0xb3, 0xa1, 0xb9, 0x7c, - 0xda, 0x4e, 0xd7, 0xe5, 0xb7, 0xac, 0xb9, 0xf2, 0x25, 0x5f, 0x01, 0xcb, - 0x8c, 0x96, 0xa8, 0x28, 0xae, 0xc1, 0x33, 0x5a, 0xf6, 0x3f, 0x08, 0x90, - 0xdc, 0xeb, 0xff, 0x39, 0xd8, 0x26, 0xc8, 0x12, 0x9d, 0x1c, 0x9a, 0xaa, - 0xa9, 0xc0, 0x16, 0x8e, 0x86, 0xed, 0x67, 0x52, 0x96, 0x00, 0x7f, 0x0d, - 0x92, 0x3d, 0x3d, 0xd9, 0x70, 0x36, 0xe5, 0xea, 0x42, 0x6f, 0x1f, 0xae, - 0x95, 0xe5, 0x5b, 0x5d, 0xf8, 0xd0, 0x3a, 0xc7, 0xd4, 0xde, 0x77, 0x86, - 0xd0, 0xfc, 0x9e, 0x4e, 0xe2, 0xe2, 0xb8, 0xa9, 0x68, 0x37, 0x09, 0xc4, - 0x39, 0xe3, 0x85, 0xb8, 0x89, 0xf3, 0x1f, 0x6e, 0xb7, 0x6d, 0x1f, 0x4a, - 0x2f, 0x18, 0x09, 0x6f, 0xde, 0x4a, 0x01, 0x8f, 0x14, 0xc9, 0xb7, 0xa6, - 0xee, 0xa7, 0x63, 0x9f, 0x33, 0xa4, 0x54, 0x7c, 0x42, 0x83, 0x68, 0xb8, - 0xa5, 0xdf, 0xbf, 0xec, 0xb9, 0x1a, 0x5d, 0x13, 0x3b, 0xd9, 0xad, 0x68, - 0xfd, 0x20, 0x0a, 0x55, 0x91, 0x21, 0x64, 0xf9, 0xd7, 0x13, 0x01, 0xa0, - 0x08, 0x5d, 0x59, 0x89, 0x1b, 0x44, 0xaf, 0xa4, 0xac, 0xc7, 0x05, 0x10, - 0xfa, 0x41, 0x4a, 0xa8, 0xfb, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, - 0x01, 0x7b, 0x30, 0x82, 0x01, 0x77, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, - 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, - 0x01, 0x00, 0x30, 0x60, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x59, 0x30, - 0x57, 0x30, 0x48, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xb1, 0x3e, - 0x01, 0x00, 0x30, 0x3b, 0x30, 0x39, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x02, 0x01, 0x16, 0x2d, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, - 0x2f, 0x63, 0x79, 0x62, 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x6f, 0x6d, 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2e, - 0x63, 0x66, 0x6d, 0x30, 0x0b, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, - 0x82, 0x37, 0x2a, 0x01, 0x30, 0x42, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x01, 0x01, 0x04, 0x36, 0x30, 0x34, 0x30, 0x32, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x26, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x6f, 0x6d, - 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x62, - 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x72, 0x6f, 0x6f, 0x74, - 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, - 0x03, 0x02, 0x01, 0x86, 0x30, 0x27, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, - 0x20, 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, - 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x1f, 0x06, - 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xe5, 0x9d, - 0x59, 0x30, 0x82, 0x47, 0x58, 0xcc, 0xac, 0xfa, 0x08, 0x54, 0x36, 0x86, - 0x7b, 0x3a, 0xb5, 0x04, 0x4d, 0xf0, 0x30, 0x42, 0x06, 0x03, 0x55, 0x1d, - 0x1f, 0x04, 0x3b, 0x30, 0x39, 0x30, 0x37, 0xa0, 0x35, 0xa0, 0x33, 0x86, - 0x31, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x64, 0x70, 0x31, - 0x2e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2d, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x52, 0x4c, 0x2f, 0x4f, 0x6d, - 0x6e, 0x69, 0x72, 0x6f, 0x6f, 0x74, 0x32, 0x30, 0x32, 0x35, 0x2e, 0x63, - 0x72, 0x6c, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, - 0x14, 0x51, 0xaf, 0x24, 0x26, 0x9c, 0xf4, 0x68, 0x22, 0x57, 0x80, 0x26, - 0x2b, 0x3b, 0x46, 0x62, 0x15, 0x7b, 0x1e, 0xcc, 0xa5, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x01, 0x00, 0x69, 0x62, 0xf6, 0x84, 0x91, 0x00, 0xc4, - 0x6f, 0x82, 0x7b, 0x24, 0xe1, 0x42, 0xa2, 0xa5, 0x8b, 0x82, 0x5c, 0xa7, - 0xc5, 0x44, 0xcb, 0xe7, 0x52, 0x76, 0x63, 0xd3, 0x76, 0x9e, 0x78, 0xe2, - 0x69, 0x35, 0xb1, 0x38, 0xba, 0xb0, 0x96, 0xc6, 0x1f, 0xac, 0x7b, 0xc6, - 0xb2, 0x65, 0x77, 0x8b, 0x7d, 0x8d, 0xae, 0x64, 0xb9, 0xa5, 0x8c, 0x17, - 0xca, 0x58, 0x65, 0xc3, 0xad, 0x82, 0xf5, 0xc5, 0xa2, 0xf5, 0x01, 0x13, - 0x93, 0xc6, 0x7e, 0x44, 0xe5, 0xc4, 0x61, 0xfa, 0x03, 0xb6, 0x56, 0xc1, - 0x72, 0xe1, 0xc8, 0x28, 0xc5, 0x69, 0x21, 0x8f, 0xac, 0x6e, 0xfd, 0x7f, - 0x43, 0x83, 0x36, 0xb8, 0xc0, 0xd6, 0xa0, 0x28, 0xfe, 0x1a, 0x45, 0xbe, - 0xfd, 0x93, 0x8c, 0x8d, 0xa4, 0x64, 0x79, 0x1f, 0x14, 0xdb, 0xa1, 0x9f, - 0x21, 0xdc, 0xc0, 0x4e, 0x7b, 0x17, 0x22, 0x17, 0xb1, 0xb6, 0x3c, 0xd3, - 0x9b, 0xe2, 0x0a, 0xa3, 0x7e, 0x99, 0xb0, 0xc1, 0xac, 0xd8, 0xf4, 0x86, - 0xdf, 0x3c, 0xda, 0x7d, 0x14, 0x9c, 0x40, 0xc1, 0x7c, 0xd2, 0x18, 0x6f, - 0xf1, 0x4f, 0x26, 0x45, 0x09, 0x95, 0x94, 0x5c, 0xda, 0xd0, 0x98, 0xf8, - 0xf4, 0x4c, 0x82, 0x96, 0x10, 0xde, 0xac, 0x30, 0xcb, 0x2b, 0xae, 0xf9, - 0x92, 0xea, 0xbf, 0x79, 0x03, 0xfc, 0x1e, 0x3f, 0xac, 0x09, 0xa4, 0x3f, - 0x65, 0xfd, 0x91, 0x4f, 0x96, 0x24, 0xa7, 0xce, 0xb4, 0x4e, 0x6a, 0x96, - 0x29, 0x17, 0xae, 0xc0, 0xa8, 0xdf, 0x17, 0x22, 0xf4, 0x17, 0xe3, 0xdc, - 0x1c, 0x39, 0x06, 0x56, 0x10, 0xea, 0xea, 0xb5, 0x74, 0x17, 0x3c, 0x4e, - 0xdd, 0x7e, 0x91, 0x0a, 0xa8, 0x0b, 0x78, 0x07, 0xa7, 0x31, 0x44, 0x08, - 0x31, 0xab, 0x18, 0x84, 0x0f, 0x12, 0x9c, 0xe7, 0xde, 0x84, 0x2c, 0xe9, - 0x6d, 0x93, 0x45, 0xbf, 0xa8, 0xc1, 0x3f, 0x34, 0xdc, -} - -var certSet3Cert50 = []byte{ - 0x30, 0x82, 0x05, 0xe5, 0x30, 0x82, 0x03, 0xcd, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x10, 0x13, 0x8b, 0xfe, 0xf3, 0x32, 0x94, 0xf9, 0xd8, 0x16, - 0xf9, 0x45, 0xc2, 0x71, 0x95, 0x29, 0x98, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x7d, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, - 0x4c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, - 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, 0x4c, 0x74, 0x64, - 0x2e, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x22, - 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x44, 0x69, 0x67, 0x69, 0x74, - 0x61, 0x6c, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x31, 0x29, - 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x20, 0x53, 0x74, 0x61, - 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x35, 0x31, - 0x32, 0x31, 0x36, 0x30, 0x31, 0x30, 0x30, 0x30, 0x35, 0x5a, 0x17, 0x0d, - 0x33, 0x30, 0x31, 0x32, 0x31, 0x36, 0x30, 0x31, 0x30, 0x30, 0x30, 0x35, - 0x5a, 0x30, 0x78, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x49, 0x4c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, - 0x4c, 0x74, 0x64, 0x2e, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x20, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, - 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1d, 0x53, 0x74, - 0x61, 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, - 0x20, 0x33, 0x20, 0x4f, 0x56, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xaf, 0x67, 0x1c, 0x6f, 0xe5, 0x45, 0xe0, 0xd7, 0x46, 0x4b, 0x75, 0x2c, - 0xb6, 0x80, 0xf2, 0x9a, 0x17, 0x4d, 0x2d, 0xff, 0xde, 0xae, 0xd2, 0xd4, - 0x00, 0x8a, 0x3a, 0xb8, 0x31, 0xfe, 0x8e, 0x37, 0x9e, 0xfa, 0xaa, 0xd5, - 0xa3, 0x5b, 0x16, 0x12, 0xc1, 0x19, 0x3e, 0x34, 0x85, 0x96, 0xc3, 0xbe, - 0xd3, 0xb3, 0x43, 0xf4, 0x8d, 0x6f, 0x16, 0xbd, 0x30, 0xba, 0x07, 0xfc, - 0xd8, 0x9a, 0xc1, 0x79, 0x89, 0x80, 0x6d, 0xa0, 0x8c, 0xbe, 0xdd, 0x37, - 0xf7, 0xeb, 0x05, 0xd3, 0x53, 0x7f, 0x57, 0x58, 0x76, 0x55, 0xb6, 0xa8, - 0xa8, 0x86, 0x44, 0xb8, 0xbb, 0xd0, 0x13, 0xda, 0xfd, 0x8f, 0xe1, 0xf2, - 0xcd, 0xa0, 0x15, 0x38, 0x55, 0x56, 0xce, 0x26, 0xcf, 0x7c, 0x93, 0x75, - 0x29, 0x7a, 0x0a, 0xab, 0xfb, 0xba, 0x09, 0x38, 0x20, 0x11, 0x57, 0x07, - 0x5d, 0x7f, 0x49, 0x9f, 0x2a, 0x4a, 0x67, 0x1e, 0x9e, 0x58, 0xe9, 0xc7, - 0x7f, 0xf9, 0xc3, 0xed, 0xfe, 0x5f, 0x4d, 0xaf, 0xb8, 0x4f, 0x9d, 0xdf, - 0x69, 0x2d, 0x69, 0x1b, 0x3a, 0x58, 0x81, 0x69, 0x63, 0x30, 0xea, 0x87, - 0x8d, 0x0f, 0x52, 0x9d, 0x5a, 0xda, 0x39, 0x44, 0xba, 0x9f, 0x89, 0x9f, - 0x36, 0xb6, 0xc2, 0x19, 0x5c, 0xd9, 0x26, 0x78, 0xd9, 0xae, 0x5e, 0xfc, - 0x95, 0x90, 0xbf, 0xe8, 0x11, 0xc0, 0x47, 0x0f, 0x77, 0x89, 0xdd, 0x6a, - 0x28, 0x4f, 0x0a, 0xbc, 0x32, 0x64, 0x57, 0x43, 0x3d, 0x08, 0x65, 0x93, - 0xe5, 0x45, 0xae, 0xdd, 0x28, 0x0c, 0x27, 0x2c, 0x8e, 0xa6, 0x2b, 0x09, - 0x03, 0x5d, 0xa1, 0x78, 0xd2, 0x8c, 0xab, 0xb6, 0x6b, 0xb9, 0x46, 0xc9, - 0x19, 0x00, 0x39, 0xb9, 0xbf, 0xc6, 0x13, 0x2b, 0x73, 0x72, 0x1f, 0xf2, - 0x3e, 0x37, 0xb8, 0xe8, 0xb9, 0x14, 0x65, 0x88, 0x4d, 0xe2, 0xf1, 0x1b, - 0xd8, 0xa5, 0x1d, 0x3b, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, - 0x64, 0x30, 0x82, 0x01, 0x60, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, - 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, - 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x03, 0x01, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, - 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, - 0x30, 0x32, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2b, 0x30, 0x29, 0x30, - 0x27, 0xa0, 0x25, 0xa0, 0x23, 0x86, 0x21, 0x68, 0x74, 0x74, 0x70, 0x3a, - 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x74, 0x73, - 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x66, 0x73, 0x63, 0x61, - 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x66, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x01, 0x01, 0x04, 0x5a, 0x30, 0x58, 0x30, 0x24, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x73, 0x74, - 0x61, 0x72, 0x74, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x30, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x24, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x61, 0x69, 0x61, 0x2e, 0x73, - 0x74, 0x61, 0x72, 0x74, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x63, 0x65, 0x72, 0x74, 0x73, 0x2f, 0x63, 0x61, 0x2e, 0x63, 0x72, 0x74, - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xb1, - 0x3f, 0x1c, 0x92, 0x7b, 0x92, 0xb0, 0x5a, 0x25, 0xb3, 0x38, 0xfb, 0x9c, - 0x07, 0xa4, 0x26, 0x50, 0x32, 0xe3, 0x51, 0x30, 0x1f, 0x06, 0x03, 0x55, - 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x4e, 0x0b, 0xef, 0x1a, - 0xa4, 0x40, 0x5b, 0xa5, 0x17, 0x69, 0x87, 0x30, 0xca, 0x34, 0x68, 0x43, - 0xd0, 0x41, 0xae, 0xf2, 0x30, 0x3f, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, - 0x38, 0x30, 0x36, 0x30, 0x34, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30, - 0x2c, 0x30, 0x2a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, - 0x01, 0x16, 0x1e, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, - 0x77, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x74, 0x73, 0x73, 0x6c, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, - 0x03, 0x82, 0x02, 0x01, 0x00, 0x85, 0xf2, 0xe8, 0x14, 0xd3, 0x1b, 0xc1, - 0xa1, 0x16, 0x1d, 0xa4, 0xf4, 0x4d, 0xba, 0x51, 0x8b, 0x5c, 0x52, 0xb1, - 0x54, 0x54, 0x12, 0x16, 0x17, 0x9c, 0x96, 0x78, 0x6f, 0xd3, 0xbf, 0xdf, - 0x43, 0x36, 0xf5, 0x12, 0x89, 0x61, 0x72, 0x44, 0xdf, 0x1c, 0x9b, 0x09, - 0x4f, 0x60, 0x26, 0x68, 0xc1, 0xe6, 0x66, 0x50, 0x70, 0xb3, 0x6a, 0xf1, - 0xa8, 0x6a, 0x0c, 0x1e, 0x2e, 0x93, 0xf1, 0xee, 0x07, 0x3e, 0x09, 0xdd, - 0x30, 0x45, 0xb2, 0x56, 0x8e, 0xdc, 0x2c, 0x5c, 0xab, 0x49, 0xfa, 0xb9, - 0x04, 0x03, 0x40, 0x15, 0x7a, 0xb5, 0x30, 0xe0, 0x1d, 0x91, 0x8f, 0xa6, - 0xd6, 0x6f, 0x1f, 0x99, 0xa0, 0x84, 0x95, 0x39, 0xbd, 0xac, 0x77, 0x7f, - 0x72, 0x4b, 0xdd, 0x2d, 0xae, 0xff, 0xa8, 0x58, 0x1d, 0x46, 0x27, 0xd4, - 0x83, 0xc7, 0x69, 0x64, 0x9f, 0x19, 0xbb, 0x10, 0xf8, 0x04, 0x42, 0x87, - 0x59, 0x5d, 0x02, 0xb1, 0xd6, 0xe5, 0xc8, 0xda, 0x43, 0x30, 0xa3, 0xe8, - 0x37, 0xa5, 0xd2, 0x48, 0x0b, 0xa2, 0x83, 0x4e, 0x9d, 0x4f, 0x83, 0x58, - 0x9d, 0xd7, 0x47, 0x22, 0xb1, 0x89, 0xf0, 0x89, 0x3b, 0x3d, 0x28, 0x43, - 0x2c, 0x9b, 0x17, 0x7c, 0x03, 0xee, 0x9d, 0x26, 0x25, 0xe0, 0x04, 0xb8, - 0x1d, 0x04, 0x57, 0x42, 0x47, 0xda, 0x58, 0x69, 0xf0, 0xd3, 0x29, 0xab, - 0x12, 0x02, 0x99, 0x2b, 0x2a, 0xd8, 0x9d, 0xa0, 0x1f, 0x54, 0x5e, 0x23, - 0x9a, 0x0c, 0xd2, 0x99, 0x58, 0xc4, 0xa1, 0xe5, 0x49, 0xc2, 0x25, 0xa7, - 0x64, 0x20, 0x52, 0x2e, 0xe7, 0x89, 0xf5, 0x19, 0xc0, 0x8b, 0xd0, 0x63, - 0xb1, 0x78, 0x1e, 0xbe, 0x01, 0x47, 0xbe, 0x76, 0x81, 0x46, 0xf1, 0x99, - 0x1f, 0x94, 0x9a, 0xbe, 0xfa, 0x82, 0x15, 0xb5, 0x84, 0x84, 0x79, 0x75, - 0x93, 0xba, 0x9f, 0xb5, 0xe4, 0x9b, 0xc2, 0xcb, 0x69, 0x5c, 0xbd, 0x1f, - 0x55, 0x0a, 0xa7, 0x26, 0x30, 0x05, 0x51, 0xbe, 0x65, 0xee, 0x57, 0xa9, - 0x6a, 0xdf, 0xbd, 0xf9, 0x36, 0x2f, 0xad, 0x1e, 0x46, 0x41, 0x2b, 0xb1, - 0x88, 0xd0, 0x88, 0x25, 0x85, 0x40, 0x17, 0x79, 0xbf, 0x3d, 0x8d, 0xe2, - 0xf4, 0x2d, 0xea, 0x30, 0x31, 0xdf, 0xa1, 0x40, 0xcb, 0x35, 0xff, 0x82, - 0x9f, 0xf5, 0x99, 0x3c, 0x4a, 0xfd, 0x9d, 0xa1, 0xd1, 0x55, 0xcc, 0x20, - 0xa8, 0x1c, 0xd8, 0x20, 0x05, 0xab, 0xb3, 0x14, 0x65, 0x95, 0x53, 0xd8, - 0xe8, 0x8e, 0x57, 0xc5, 0x77, 0x6b, 0x2d, 0x4d, 0x88, 0xe9, 0x5d, 0x62, - 0xd5, 0xa2, 0xf8, 0x70, 0xe1, 0x70, 0xeb, 0x45, 0x23, 0x0e, 0xf0, 0x00, - 0x46, 0xc2, 0x48, 0x31, 0xe8, 0xe7, 0x36, 0x80, 0x36, 0x2d, 0x22, 0xf2, - 0x01, 0x27, 0x53, 0xeb, 0xce, 0xa7, 0x69, 0x49, 0x82, 0xbf, 0xe7, 0x0f, - 0x9c, 0xf3, 0x20, 0x2e, 0xf5, 0xfa, 0x5d, 0xce, 0xea, 0x58, 0x3a, 0x8f, - 0xd8, 0xaa, 0x7d, 0x30, 0xb7, 0x74, 0x96, 0x7c, 0x3d, 0x6e, 0xb4, 0xec, - 0x4a, 0x3b, 0x59, 0xb6, 0xa9, 0x50, 0x0d, 0x0f, 0x05, 0x06, 0x70, 0x26, - 0xb9, 0x95, 0x91, 0xd1, 0x5e, 0x24, 0x8c, 0x8f, 0xca, 0x74, 0x57, 0x97, - 0x90, 0x8b, 0x5a, 0xb7, 0xfe, 0x8d, 0xad, 0xd8, 0xe8, 0xc2, 0x06, 0xbc, - 0x08, 0x56, 0x21, 0x02, 0x12, 0x53, 0xc6, 0x9f, 0x86, 0x04, 0x58, 0xca, - 0x2d, 0xf8, 0x03, 0x0d, 0x57, 0x0b, 0x1c, 0x37, 0xbd, 0xf0, 0x5a, 0x35, - 0xf2, 0xfe, 0x3b, 0xd6, 0xa4, 0x37, 0x15, 0xe9, 0xf8, 0x08, 0x92, 0x96, - 0x3d, 0x74, 0xc8, 0xb5, 0x5c, 0x6e, 0x65, 0x08, 0xe7, 0xdf, 0x69, 0x73, - 0x9c, 0xec, 0xe3, 0x30, 0x5a, 0xa6, 0xdf, 0x5c, 0xbe, 0xda, 0x7f, 0x00, - 0xee, 0xa5, 0xda, 0x2b, 0x5c, 0x1e, 0x2a, 0x6a, 0xc0, 0xa3, 0xae, 0x1e, - 0xf1, -} - -var certSet3Cert51 = []byte{ - 0x30, 0x82, 0x06, 0x5c, 0x30, 0x82, 0x04, 0x44, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x07, 0x19, 0xc2, 0x85, 0x30, 0xe9, 0x3b, 0x36, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x30, 0x7d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x49, 0x4c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0d, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, - 0x4c, 0x74, 0x64, 0x2e, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x22, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x44, 0x69, - 0x67, 0x69, 0x74, 0x61, 0x6c, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, - 0x67, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x20, - 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, 0x43, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, - 0x30, 0x36, 0x30, 0x39, 0x31, 0x37, 0x32, 0x32, 0x34, 0x36, 0x33, 0x36, - 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, - 0x39, 0x35, 0x39, 0x5a, 0x30, 0x55, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, 0x31, 0x1a, 0x30, 0x18, 0x06, - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x57, 0x6f, 0x53, 0x69, 0x67, 0x6e, - 0x20, 0x43, 0x41, 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, - 0x2a, 0x30, 0x28, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x6f, 0x66, - 0x20, 0x57, 0x6f, 0x53, 0x69, 0x67, 0x6e, 0x30, 0x82, 0x02, 0x22, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, - 0x82, 0x02, 0x01, 0x00, 0xbd, 0xca, 0x8d, 0xac, 0xb8, 0x91, 0x15, 0x56, - 0x97, 0x7b, 0x6b, 0x5c, 0x7a, 0xc2, 0xde, 0x6b, 0xd9, 0xa1, 0xb0, 0xc3, - 0x10, 0x23, 0xfa, 0xa7, 0xa1, 0xb2, 0xcc, 0x31, 0xfa, 0x3e, 0xd9, 0xa6, - 0x29, 0x6f, 0x16, 0x3d, 0xe0, 0x6b, 0xf8, 0xb8, 0x40, 0x5f, 0xdb, 0x39, - 0xa8, 0x00, 0x7a, 0x8b, 0xa0, 0x4d, 0x54, 0x7d, 0xc2, 0x22, 0x78, 0xfc, - 0x8e, 0x09, 0xb8, 0xa8, 0x85, 0xd7, 0xcc, 0x95, 0x97, 0x4b, 0x74, 0xd8, - 0x9e, 0x7e, 0xf0, 0x00, 0xe4, 0x0e, 0x89, 0xae, 0x49, 0x28, 0x44, 0x1a, - 0x10, 0x99, 0x32, 0x0f, 0x25, 0x88, 0x53, 0xa4, 0x0d, 0xb3, 0x0f, 0x12, - 0x08, 0x16, 0x0b, 0x03, 0x71, 0x27, 0x1c, 0x7f, 0xe1, 0xdb, 0xd2, 0xfd, - 0x67, 0x68, 0xc4, 0x05, 0x5d, 0x0a, 0x0e, 0x5d, 0x70, 0xd7, 0xd8, 0x97, - 0xa0, 0xbc, 0x53, 0x41, 0x9a, 0x91, 0x8d, 0xf4, 0x9e, 0x36, 0x66, 0x7a, - 0x7e, 0x56, 0xc1, 0x90, 0x5f, 0xe6, 0xb1, 0x68, 0x20, 0x36, 0xa4, 0x8c, - 0x24, 0x2c, 0x2c, 0x47, 0x0b, 0x59, 0x76, 0x66, 0x30, 0xb5, 0xbe, 0xde, - 0xed, 0x8f, 0xf8, 0x9d, 0xd3, 0xbb, 0x01, 0x30, 0xe6, 0xf2, 0xf3, 0x0e, - 0xe0, 0x2c, 0x92, 0x80, 0xf3, 0x85, 0xf9, 0x28, 0x8a, 0xb4, 0x54, 0x2e, - 0x9a, 0xed, 0xf7, 0x76, 0xfc, 0x15, 0x68, 0x16, 0xeb, 0x4a, 0x6c, 0xeb, - 0x2e, 0x12, 0x8f, 0xd4, 0xcf, 0xfe, 0x0c, 0xc7, 0x5c, 0x1d, 0x0b, 0x7e, - 0x05, 0x32, 0xbe, 0x5e, 0xb0, 0x09, 0x2a, 0x42, 0xd5, 0xc9, 0x4e, 0x90, - 0xb3, 0x59, 0x0d, 0xbb, 0x7a, 0x7e, 0xcd, 0xd5, 0x08, 0x5a, 0xb4, 0x7f, - 0xd8, 0x1c, 0x69, 0x11, 0xf9, 0x27, 0x0f, 0x7b, 0x06, 0xaf, 0x54, 0x83, - 0x18, 0x7b, 0xe1, 0xdd, 0x54, 0x7a, 0x51, 0x68, 0x6e, 0x77, 0xfc, 0xc6, - 0xbf, 0x52, 0x4a, 0x66, 0x46, 0xa1, 0xb2, 0x67, 0x1a, 0xbb, 0xa3, 0x4f, - 0x77, 0xa0, 0xbe, 0x5d, 0xff, 0xfc, 0x56, 0x0b, 0x43, 0x72, 0x77, 0x90, - 0xca, 0x9e, 0xf9, 0xf2, 0x39, 0xf5, 0x0d, 0xa9, 0xf4, 0xea, 0xd7, 0xe7, - 0xb3, 0x10, 0x2f, 0x30, 0x42, 0x37, 0x21, 0xcc, 0x30, 0x70, 0xc9, 0x86, - 0x98, 0x0f, 0xcc, 0x58, 0x4d, 0x83, 0xbb, 0x7d, 0xe5, 0x1a, 0xa5, 0x37, - 0x8d, 0xb6, 0xac, 0x32, 0x97, 0x00, 0x3a, 0x63, 0x71, 0x24, 0x1e, 0x9e, - 0x37, 0xc4, 0xff, 0x74, 0xd4, 0x37, 0xc0, 0xe2, 0xfe, 0x88, 0x46, 0x60, - 0x11, 0xdd, 0x08, 0x3f, 0x50, 0x36, 0xab, 0xb8, 0x7a, 0xa4, 0x95, 0x62, - 0x6a, 0x6e, 0xb0, 0xca, 0x6a, 0x21, 0x5a, 0x69, 0xf3, 0xf3, 0xfb, 0x1d, - 0x70, 0x39, 0x95, 0xf3, 0xa7, 0x6e, 0xa6, 0x81, 0x89, 0xa1, 0x88, 0xc5, - 0x3b, 0x71, 0xca, 0xa3, 0x52, 0xee, 0x83, 0xbb, 0xfd, 0xa0, 0x77, 0xf4, - 0xe4, 0x6f, 0xe7, 0x42, 0xdb, 0x6d, 0x4a, 0x99, 0x8a, 0x34, 0x48, 0xbc, - 0x17, 0xdc, 0xe4, 0x80, 0x08, 0x22, 0xb6, 0xf2, 0x31, 0xc0, 0x3f, 0x04, - 0x3e, 0xeb, 0x9f, 0x20, 0x79, 0xd6, 0xb8, 0x06, 0x64, 0x64, 0x02, 0x31, - 0xd7, 0xa9, 0xcd, 0x52, 0xfb, 0x84, 0x45, 0x69, 0x09, 0x00, 0x2a, 0xdc, - 0x55, 0x8b, 0xc4, 0x06, 0x46, 0x4b, 0xc0, 0x4a, 0x1d, 0x09, 0x5b, 0x39, - 0x28, 0xfd, 0xa9, 0xab, 0xce, 0x00, 0xf9, 0x2e, 0x48, 0x4b, 0x26, 0xe6, - 0x30, 0x4c, 0xa5, 0x58, 0xca, 0xb4, 0x44, 0x82, 0x4f, 0xe7, 0x91, 0x1e, - 0x33, 0xc3, 0xb0, 0x93, 0xff, 0x11, 0xfc, 0x81, 0xd2, 0xca, 0x1f, 0x71, - 0x29, 0xdd, 0x76, 0x4f, 0x92, 0x25, 0xaf, 0x1d, 0x81, 0xb7, 0x0f, 0x2f, - 0x8c, 0xc3, 0x06, 0xcc, 0x2f, 0x27, 0xa3, 0x4a, 0xe4, 0x0e, 0x99, 0xba, - 0x7c, 0x1e, 0x45, 0x1f, 0x7f, 0xaa, 0x19, 0x45, 0x96, 0xfd, 0xfc, 0x3d, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x07, 0x30, 0x82, 0x01, - 0x03, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, - 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x02, 0x30, 0x0e, 0x06, - 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, - 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0xe1, 0x66, 0xcf, 0x0e, 0xd1, 0xf1, 0xb3, 0x4b, 0xb7, 0x06, 0x20, 0x14, - 0xfe, 0x87, 0x12, 0xd5, 0xf6, 0xfe, 0xfb, 0x3e, 0x30, 0x1f, 0x06, 0x03, - 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x4e, 0x0b, 0xef, - 0x1a, 0xa4, 0x40, 0x5b, 0xa5, 0x17, 0x69, 0x87, 0x30, 0xca, 0x34, 0x68, - 0x43, 0xd0, 0x41, 0xae, 0xf2, 0x30, 0x69, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x5d, 0x30, 0x5b, 0x30, 0x27, 0x06, - 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x1b, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x73, - 0x74, 0x61, 0x72, 0x74, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x63, 0x61, 0x30, 0x30, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x02, 0x86, 0x24, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x61, - 0x69, 0x61, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x74, 0x73, 0x73, 0x6c, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x73, 0x2f, 0x63, 0x61, - 0x2e, 0x63, 0x72, 0x74, 0x30, 0x32, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, - 0x2b, 0x30, 0x29, 0x30, 0x27, 0xa0, 0x25, 0xa0, 0x23, 0x86, 0x21, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x73, 0x74, - 0x61, 0x72, 0x74, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, - 0x66, 0x73, 0x63, 0x61, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, - 0x82, 0x02, 0x01, 0x00, 0xb6, 0x6d, 0xf8, 0x70, 0xfb, 0xe2, 0x0d, 0x4c, - 0x98, 0xb3, 0x07, 0x49, 0x15, 0xf5, 0x04, 0xc4, 0x6c, 0xca, 0xca, 0xf5, - 0x68, 0xa0, 0x08, 0xfe, 0x12, 0x6d, 0x9c, 0x04, 0x06, 0xc9, 0xad, 0x9a, - 0x91, 0x52, 0x3e, 0x78, 0xc4, 0x5c, 0xee, 0x9f, 0x54, 0x1d, 0xee, 0xe3, - 0xf1, 0x5e, 0x30, 0xc9, 0x49, 0xe1, 0x39, 0xe0, 0xa6, 0x9d, 0x36, 0x6c, - 0x57, 0xfa, 0xe6, 0x34, 0x4f, 0x55, 0xe8, 0x87, 0xa8, 0x2c, 0xdd, 0x05, - 0xf1, 0x58, 0x12, 0x91, 0xe8, 0xca, 0xce, 0x28, 0x78, 0x8f, 0xdf, 0x07, - 0x85, 0x01, 0xa5, 0xdc, 0x45, 0x96, 0x05, 0xd4, 0x80, 0xb2, 0x2b, 0x05, - 0x9a, 0xcb, 0x9a, 0xa5, 0x8b, 0xe0, 0x3a, 0x67, 0xe6, 0x73, 0x47, 0xbe, - 0x4a, 0xfd, 0x27, 0xb1, 0x88, 0xef, 0xe6, 0xca, 0xcf, 0x8d, 0x0e, 0x26, - 0x9f, 0xfa, 0x5f, 0x57, 0x78, 0xad, 0x6d, 0xfe, 0xae, 0x9b, 0x35, 0x08, - 0xb1, 0xc3, 0xba, 0xc1, 0x00, 0x4a, 0x4b, 0x7d, 0x14, 0xbd, 0xf7, 0xf1, - 0xd3, 0x55, 0x18, 0xac, 0xd0, 0x33, 0x70, 0x88, 0x6d, 0xc4, 0x09, 0x71, - 0x14, 0xa6, 0x2b, 0x4f, 0x88, 0x81, 0xe7, 0x0b, 0x00, 0x37, 0xa9, 0x15, - 0x7d, 0x7e, 0xd7, 0x01, 0x96, 0x3f, 0x2f, 0xaf, 0x7b, 0x62, 0xae, 0x0a, - 0x4a, 0xbf, 0x4b, 0x39, 0x2e, 0x35, 0x10, 0x8b, 0xfe, 0x04, 0x39, 0xe4, - 0x3c, 0x3a, 0x0c, 0x09, 0x56, 0x40, 0x3a, 0xb5, 0xf4, 0xc2, 0x68, 0x0c, - 0xb5, 0xf9, 0x52, 0xcd, 0xee, 0x9d, 0xf8, 0x98, 0xfc, 0x78, 0xe7, 0x58, - 0x47, 0x8f, 0x1c, 0x73, 0x58, 0x69, 0x33, 0xab, 0xff, 0xdd, 0xdf, 0x8e, - 0x24, 0x01, 0x77, 0x98, 0x19, 0x3a, 0xb0, 0x66, 0x79, 0xbc, 0xe1, 0x08, - 0xa3, 0x0e, 0x4f, 0xc1, 0x04, 0xb3, 0xf3, 0x01, 0xc8, 0xeb, 0xd3, 0x59, - 0x1c, 0x35, 0xd2, 0x93, 0x1e, 0x70, 0x65, 0x82, 0x7f, 0xdb, 0xcf, 0xfb, - 0xc8, 0x99, 0x12, 0x60, 0xc3, 0x44, 0x6f, 0x3a, 0x80, 0x4b, 0xd7, 0xbe, - 0x21, 0xaa, 0x14, 0x7a, 0x64, 0xcb, 0xdd, 0x37, 0x43, 0x45, 0x5b, 0x32, - 0x2e, 0x45, 0xf0, 0xd9, 0x59, 0x1f, 0x6b, 0x18, 0xf0, 0x7c, 0xe9, 0x55, - 0x36, 0x19, 0x61, 0x5f, 0xb5, 0x7d, 0xf1, 0x8d, 0xbd, 0x88, 0xe4, 0x75, - 0x4b, 0x98, 0xdd, 0x27, 0xb0, 0xe4, 0x84, 0x44, 0x2a, 0x61, 0x84, 0x57, - 0x05, 0x82, 0x11, 0x1f, 0xaa, 0x35, 0x58, 0xf3, 0x20, 0x0e, 0xaf, 0x59, - 0xef, 0xfa, 0x55, 0x72, 0x72, 0x0d, 0x26, 0xd0, 0x9b, 0x53, 0x49, 0xac, - 0xce, 0x37, 0x2e, 0x65, 0x61, 0xff, 0xf6, 0xec, 0x1b, 0xea, 0xf6, 0xf1, - 0xa6, 0xd3, 0xd1, 0xb5, 0x7b, 0xbe, 0x35, 0xf4, 0x22, 0xc1, 0xbc, 0x8d, - 0x01, 0xbd, 0x68, 0x5e, 0x83, 0x0d, 0x2f, 0xec, 0xd6, 0xda, 0x63, 0x0c, - 0x27, 0xd1, 0x54, 0x3e, 0xe4, 0xa8, 0xd3, 0xce, 0x4b, 0x32, 0xb8, 0x91, - 0x94, 0xff, 0xfb, 0x5b, 0x49, 0x2d, 0x75, 0x18, 0xa8, 0xba, 0x71, 0x9a, - 0x3b, 0xae, 0xd9, 0xc0, 0xa9, 0x4f, 0x87, 0x91, 0xed, 0x8b, 0x7b, 0x6b, - 0x20, 0x98, 0x89, 0x39, 0x83, 0x4f, 0x80, 0xc4, 0x69, 0xcc, 0x17, 0xc9, - 0xc8, 0x4e, 0xbe, 0xe4, 0xa9, 0xa5, 0x81, 0x76, 0x70, 0x06, 0x04, 0x32, - 0xcd, 0x83, 0x65, 0xf4, 0xbc, 0x7d, 0x3e, 0x13, 0xbc, 0xd2, 0xe8, 0x6f, - 0x63, 0xaa, 0xb5, 0x3b, 0xda, 0x8d, 0x86, 0x32, 0x82, 0x78, 0x9d, 0xd9, - 0xcc, 0xff, 0xbf, 0x57, 0x64, 0x74, 0xed, 0x28, 0x3d, 0x44, 0x62, 0x15, - 0x61, 0x4b, 0xf7, 0x94, 0xb0, 0x0d, 0x2a, 0x67, 0x1c, 0xf0, 0xcb, 0x9b, - 0xa5, 0x92, 0xbf, 0xf8, 0x41, 0x5a, 0xc1, 0x3d, 0x60, 0xed, 0x9f, 0xbb, - 0xb8, 0x6d, 0x9b, 0xce, 0xa9, 0x6a, 0x16, 0x3f, 0x7e, 0xea, 0x06, 0xf1, -} diff --git a/vendor/github.com/lucas-clemente/quic-go-certificates/createCertSets.rb b/vendor/github.com/lucas-clemente/quic-go-certificates/createCertSets.rb deleted file mode 100755 index 6d28e83c..00000000 --- a/vendor/github.com/lucas-clemente/quic-go-certificates/createCertSets.rb +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env ruby -# -# Extract the common certificate sets from the chromium source to go -# -# Usage: -# createCertSets.rb 1 ~/src/chromium/src/net/quic/crypto/common_cert_set_1* -# createCertSets.rb 2 ~/src/chromium/src/net/quic/crypto/common_cert_set_2* - -n = ARGV.shift -mainFile = ARGV.shift -dataFiles = ARGV - -data = "package certsets\n" -data += File.read(mainFile) -data += (dataFiles.map{|p| File.read(p)}).join - -# Good enough -data.gsub!(/\/\*(.*?)\*\//m, '') -data.gsub!(/^#include.+/, '') -data.gsub!(/^#if 0(.*?)\n#endif/m, '') - -data.gsub!(/^static const size_t kNumCerts.+/, '') -data.gsub!(/static const size_t kLens[^}]+};/m, '') - -data.gsub!('static const unsigned char* const kCerts[] = {', "var CertSet#{n} = [][]byte{") -data.gsub!('static const uint64_t kHash = UINT64_C', "const CertSet#{n}Hash uint64 = ") - -data.gsub!(/static const unsigned char kDERCert(\d+)\[\] = /, "var kDERCert\\1 = []byte") - -data.gsub!(/kDERCert(\d+)/, "certSet#{n}Cert\\1") - -File.write("cert_set_#{n}.go", data) - -system("gofmt -w -s cert_set_#{n}.go") diff --git a/vendor/vendor.json b/vendor/vendor.json index 8b65dcf6..dcf4f67d 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -8,30 +8,6 @@ "revision": "9127e812e1e9e501ce899a18121d316ecb52e4ba", "revisionTime": "2017-03-28T20:00:08Z" }, - { - "checksumSHA1": "UquR8kc0nKU285HwLbkievlLQz4=", - "path": "github.com/hashicorp/golang-lru", - "revision": "0fb14efe8c47ae851c0034ed7a448854d3d34cf3", - "revisionTime": "2018-02-01T23:52:37Z" - }, - { - "checksumSHA1": "8Z637dcPkbR5HdLQQBp/9jTbx9Y=", - "path": "github.com/hashicorp/golang-lru/simplelru", - "revision": "0fb14efe8c47ae851c0034ed7a448854d3d34cf3", - "revisionTime": "2018-02-01T23:52:37Z" - }, - { - "checksumSHA1": "2RFzGcdTeQrFkkhT70WhQcMWF6c=", - "path": "github.com/lucas-clemente/aes12", - "revision": "cd47fb39b79f867c6e4e5cd39cf7abd799f71670", - "revisionTime": "2017-10-27T16:34:21Z" - }, - { - "checksumSHA1": "OA9E+y7g05x/mWJJHmA7oPxWKQo=", - "path": "github.com/lucas-clemente/quic-go-certificates", - "revision": "d2f86524cced5186554df90d92529757d22c1cb6", - "revisionTime": "2016-08-23T09:51:56Z" - }, { "checksumSHA1": "tMUbiAxGypX/0kCJpIFg31Q6vOU=", "path": "github.com/marten-seemann/qtls",