diff --git a/src/test/docker/README.adoc b/src/test/docker/README.adoc new file mode 100644 index 0000000..7250ea3 --- /dev/null +++ b/src/test/docker/README.adoc @@ -0,0 +1,5 @@ += Integration example + +This directory contains sample configuration for integrating Grouper external authentication. Integration is provided primarily through the Shibboleth IdP. + +*!!!WARNING!!!* This is a full integration example that should be able to be run with minimal effort. As such, there are private keys included that should be replaced if used in any way outside of testing. \ No newline at end of file diff --git a/src/test/docker/docker-compose.yml b/src/test/docker/docker-compose.yml index 0d2de12..58e6e69 100644 --- a/src/test/docker/docker-compose.yml +++ b/src/test/docker/docker-compose.yml @@ -85,7 +85,7 @@ services: - ../../../target/grouper-authentication-plugin-0.0.1-SNAPSHOT.jar:/opt/grouper/plugins/grouper-authentication-plugin.jar - ./grouper/config/grouper.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/grouper.properties - ./grouper/config/grouper-ui.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/grouper-ui.properties - - ./shibboleth-idp/config/shib-idp/metadata/idp-metadata.xml:/opt/grouper/idp-metadata.xml + - ./shibboleth-idp/opt-shibboleth-idp/metadata/idp-metadata.xml:/opt/grouper/idp-metadata.xml - ./grouper/cacerts:/usr/lib/jvm/java-17-amazon-corretto/lib/security/cacerts environment: GROUPER_DATABASE_URL: "jdbc:postgresql://database/grouper" diff --git a/src/test/docker/shibboleth-idp/Dockerfile b/src/test/docker/shibboleth-idp/Dockerfile index 2b10847..c6de413 100644 --- a/src/test/docker/shibboleth-idp/Dockerfile +++ b/src/test/docker/shibboleth-idp/Dockerfile @@ -1,25 +1,33 @@ -FROM tier/shib-idp:4.0.0_20200518 - -# The build args below can be used at build-time to tell the build process where to find your config files. This is for a completely burned-in config. -ARG TOMCFG=config/tomcat -ARG TOMCERT=credentials/tomcat -ARG TOMWWWROOT=wwwroot -ARG SHBCFG=config/shib-idp/conf -ARG SHBCREDS=credentials/shib-idp -ARG SHBVIEWS=config/shib-idp/views -ARG SHBEDWAPP=config/shib-idp/edit-webapp -ARG SHBMSGS=config/shib-idp/messages -ARG SHBMD=config/shib-idp/metadata - -# copy in the needed config files -ADD ${TOMCFG} /usr/local/tomcat/conf -ADD ${TOMCERT} /opt/certs -ADD ${TOMWWWROOT} /usr/local/tomcat/webapps/ROOT -ADD ${SHBCFG} /opt/shibboleth-idp/conf -ADD ${SHBCREDS} /opt/shibboleth-idp/credentials -#ADD ${SHBVIEWS} /opt/shibboleth-idp/views -#ADD ${SHBEDWAPP} /opt/shibboleth-idp/edit-webapp -#ADD ${SHBMSGS} /opt/shibboleth-idp/messages -ADD ${SHBMD} /opt/shibboleth-idp/metadata - -EXPOSE 8080 +FROM amazoncorretto:17 as install + +ARG TOMCAT_VERSION=10.1.15 + +COPY keys/* /tmp/keys/ + +RUN yum install -y tar gzip + +RUN gpg --import /tmp/keys/TOMCAT_PGP_KEYS + +RUN curl -L https://archive.apache.org/dist/tomcat/tomcat-10/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz -o apache-tomcat-$TOMCAT_VERSION.tar.gz \ + && curl https://archive.apache.org/dist/tomcat/tomcat-10/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc -o apache-tomcat-$TOMCAT_VERSION.tar.gz.asc \ + && gpg --verify apache-tomcat-$TOMCAT_VERSION.tar.gz.asc apache-tomcat-$TOMCAT_VERSION.tar.gz \ + && tar -zxvf apache-tomcat-$TOMCAT_VERSION.tar.gz -C /opt \ + && rm apache-tomcat-$TOMCAT_VERSION.tar.gz \ + && mv /opt/apache-tomcat-$TOMCAT_VERSION/ /opt/tomcat \ + && rm -rf /opt/tomcat/webapps/* + +FROM amazoncorretto:17 as prod + +COPY --from=install /opt/tomcat /opt/tomcat/ + +COPY opt-shibboleth-idp /opt/shibboleth-idp/ + +COPY tomcat/idp.xml /opt/tomcat/conf/Catalina/localhost/ +COPY tomcat/server.xml /opt/tomcat/conf/ +COPY tomcat/setenv.sh /opt/tomcat/bin/ + +ENTRYPOINT /opt/shibboleth-idp/bin/build.sh && /opt/tomcat/bin/catalina.sh run + +FROM prod as dev + +FROM prod \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/config/shib-idp/conf/attribute-resolver.xml b/src/test/docker/shibboleth-idp/config/shib-idp/conf/attribute-resolver.xml deleted file mode 100644 index 135b4bc..0000000 --- a/src/test/docker/shibboleth-idp/config/shib-idp/conf/attribute-resolver.xml +++ /dev/null @@ -1,270 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/src/test/docker/shibboleth-idp/config/shib-idp/conf/idp.properties.dist b/src/test/docker/shibboleth-idp/config/shib-idp/conf/idp.properties.dist deleted file mode 100644 index 7ea2766..0000000 --- a/src/test/docker/shibboleth-idp/config/shib-idp/conf/idp.properties.dist +++ /dev/null @@ -1,226 +0,0 @@ -# Load any additional property resources from a comma-delimited list -idp.additionalProperties=/conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/authn/duo.properties, /credentials/secrets.properties - -# In most cases (and unless noted in the surrounding comments) the -# commented settings in the distributed files document default behavior. -# Uncomment them and change the value to change functionality. -# -# Uncommented properties are either required or ship non-defaulted. - -# Set the entityID of the IdP -idp.entityID=https://idp.example.org/idp/shibboleth - -# Set the file path which backs the IdP's own metadata publishing endpoint at /shibboleth. -# Set to empty value to disable and return a 404. -#idp.entityID.metadataFile=%{idp.home}/metadata/idp-metadata.xml - -# Set the scope used in the attribute resolver for scoped attributes -idp.scope=example.org - -# General cookie properties (maxAge only applies to persistent cookies) -#idp.cookie.secure = true -#idp.cookie.httpOnly = true -#idp.cookie.domain = -#idp.cookie.path = -#idp.cookie.maxAge = 31536000 -# These control operation of the SameSite filter, which is off by default. -#idp.cookie.sameSite = None -#idp.cookie.sameSiteCondition = shibboleth.Conditions.FALSE - -# Enable cross-site request forgery mitigation for views. -idp.csrf.enabled=true -# Name of the HTTP parameter that stores the CSRF token. -#idp.csrf.token.parameter = csrf_token - -# HSTS/CSP response headers -#idp.hsts = max-age=0 -# X-Frame-Options value, set to DENY or SAMEORIGIN to block framing -#idp.frameoptions = DENY -# Content-Security-Policy value, set to match X-Frame-Options default -#idp.csp = frame-ancestors 'none'; - -# Set the location of user-supplied web flow definitions -#idp.webflows = %{idp.home}/flows - -# Set the location of Velocity view templates -#idp.views = %{idp.home}/views - -# Settings for internal AES encryption key -#idp.sealer.keyStrategy = shibboleth.DataSealerKeyStrategy -#idp.sealer.storeType = JCEKS -#idp.sealer.updateInterval = PT15M -#idp.sealer.aliasBase = secret -idp.sealer.storeResource=%{idp.home}/credentials/sealer.jks -idp.sealer.versionResource=%{idp.home}/credentials/sealer.kver - -# Settings for public/private signing and encryption key(s) -# During decryption key rollover, point the ".2" properties at a second -# keypair, uncomment in credentials.xml, then publish it in your metadata. -idp.signing.key=%{idp.home}/credentials/idp-signing.key -idp.signing.cert=%{idp.home}/credentials/idp-signing.crt -idp.encryption.key=%{idp.home}/credentials/idp-encryption.key -idp.encryption.cert=%{idp.home}/credentials/idp-encryption.crt -#idp.encryption.key.2 = %{idp.home}/credentials/idp-encryption-old.key -#idp.encryption.cert.2 = %{idp.home}/credentials/idp-encryption-old.crt - -# Sets the bean ID to use as a default security configuration set -#idp.security.config = shibboleth.DefaultSecurityConfiguration - -# To downgrade to SHA-1, set to shibboleth.SigningConfiguration.SHA1 -#idp.signing.config = shibboleth.SigningConfiguration.SHA256 - -# The new install default for encryption is now AES-GCM. -idp.encryption.config=shibboleth.EncryptionConfiguration.GCM - -# Configures trust evaluation of keys used by services at runtime -# Internal default is Chaining, overriden for new installs -idp.trust.signatures=shibboleth.ExplicitKeySignatureTrustEngine -# Other options: -# shibboleth.ChainingSignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine -idp.trust.certificates=shibboleth.ExplicitKeyX509TrustEngine -# Other options: -# shibboleth.ChainingX509TrustEngine, shibboleth.PKIXX509TrustEngine - -# If true, encryption will happen whenever a key to use can be located, but -# failure to encrypt won't result in request failure. -#idp.encryption.optional = false - -# Configuration of client- and server-side storage plugins -#idp.storage.cleanupInterval = PT10M -idp.storage.htmlLocalStorage=true - -# Set to true to expose more detailed errors in responses to SPs -#idp.errors.detailed = false -# Set to false to skip signing of SAML response messages that signal errors -#idp.errors.signed = true -# Name of bean containing a list of Java exception classes to ignore -#idp.errors.excludedExceptions = ExceptionClassListBean -# Name of bean containing a property set mapping exception names to views -#idp.errors.exceptionMappings = ExceptionToViewPropertyBean -# Set if a different default view name for events and exceptions is needed -#idp.errors.defaultView = error - -# Set to false to disable the IdP session layer -#idp.session.enabled = true - -# Set to "shibboleth.StorageService" for server-side storage of user sessions -#idp.session.StorageService = shibboleth.ClientSessionStorageService - -# Size of session IDs -#idp.session.idSize = 32 -# Bind sessions to IP addresses -#idp.session.consistentAddress = true -# Inactivity timeout -#idp.session.timeout = PT60M -# Extra time to store sessions for logout -#idp.session.slop = PT0S -# Tolerate storage-related errors -#idp.session.maskStorageFailure = false -# Track information about SPs logged into -idp.session.trackSPSessions=true -# Support lookup by SP for SAML logout -idp.session.secondaryServiceIndex=true -# Length of time to track SP sessions -#idp.session.defaultSPlifetime = PT2H - -# Regular expression matching login flows to enable, e.g. IPAddress|Password -idp.authn.flows=Password - -# Default lifetime and timeout of various authentication methods -#idp.authn.defaultLifetime = PT60M -#idp.authn.defaultTimeout = PT30M - -# Whether to populate relying party user interface information for display -# during authentication, consent, terms-of-use. -#idp.authn.rpui = true - -# Whether to prioritize "active" results when an SP requests more than -# one possible matching login method (V2 behavior was to favor them) -#idp.authn.favorSSO = false - -# Whether to fail requests when a user identity after authentication -# doesn't match the identity in a pre-existing session. -#idp.authn.identitySwitchIsError = false - -# Set to "shibboleth.StorageService" or custom bean for alternate storage of consent -#idp.consent.StorageService = shibboleth.ClientPersistentStorageService - -# Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute -# to key user consent storage records (and set the attribute name) -#idp.consent.attribute-release.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey -#idp.consent.attribute-release.userStorageKeyAttribute = uid -#idp.consent.terms-of-use.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey -#idp.consent.terms-of-use.userStorageKeyAttribute = uid - -# Suffix of message property used as value of consent storage records when idp.consent.compareValues is true. -# Defaults to text displayed to the user. -#idp.consent.terms-of-use.consentValueMessageCodeSuffix = .text - -# Flags controlling how built-in attribute consent feature operates -#idp.consent.allowDoNotRemember = true -#idp.consent.allowGlobal = true -#idp.consent.allowPerAttribute = false - -# Whether attribute values and terms of use text are compared -#idp.consent.compareValues = false -# Maximum number of consent records for space-limited storage (e.g. cookies) -#idp.consent.maxStoredRecords = 10 -# Maximum number of consent records for larger/server-side storage (0 = no limit) -#idp.consent.expandedMaxStoredRecords = 0 - -# Time in milliseconds to expire consent storage records. -#idp.consent.storageRecordLifetime = P1Y - -# Whether to lookup metadata, etc. for every SP involved in a logout -# for use by user interface logic; adds overhead so off by default. -#idp.logout.elaboration = false - -# Whether to require logout requests/responses be signed/authenticated. -#idp.logout.authenticated = true - -# Bean to determine whether user should be allowed to cancel logout -#idp.logout.promptUser=shibboleth.Conditions.FALSE - -# Message freshness and replay cache tuning -#idp.policy.messageLifetime = PT3M -#idp.policy.clockSkew = PT3M - -# Set to custom bean for alternate storage of replay cache -#idp.replayCache.StorageService = shibboleth.StorageService -#idp.replayCache.strict = true - -# Toggles whether to allow outbound messages via SAML artifact -#idp.artifact.enabled = true -# Suppresses typical signing/encryption when artifact binding used -#idp.artifact.secureChannel = true -# May differ to direct SAML 2 artifact lookups to specific server nodes -#idp.artifact.endpointIndex = 2 -# Set to custom bean for alternate storage of artifact map state -#idp.artifact.StorageService = shibboleth.StorageService - -# Comma-delimited languages to use if not match can be found with the -# browser-supported languages, defaults to an empty list. -idp.ui.fallbackLanguages=en,fr,de - -# Storage service used by CAS protocol -# Defaults to shibboleth.StorageService (in-memory) -# MUST be server-side storage (e.g. in-memory, memcached, database) -# NOTE that idp.session.StorageService requires server-side storage -# when CAS protocol is enabled -#idp.cas.StorageService=shibboleth.StorageService - -# CAS service registry implementation class -#idp.cas.serviceRegistryClass=net.shibboleth.idp.cas.service.PatternServiceRegistry - -# If true, CAS services provisioned with SAML metadata are identified via entityID -#idp.cas.relyingPartyIdFromMetadata=false - -# F-TICKS auditing - set a salt to include hashed username -#idp.fticks.federation=MyFederation -#idp.fticks.algorithm=SHA-256 -#idp.fticks.salt=somethingsecret -#idp.fticks.loghost=localhost -#idp.fticks.logport=514 - -# Set false if you want SAML bindings "spelled out" in audit log -idp.audit.shortenBindings=true diff --git a/src/test/docker/shibboleth-idp/config/shib-idp/conf/ldap.properties b/src/test/docker/shibboleth-idp/config/shib-idp/conf/ldap.properties deleted file mode 100644 index 2b1774c..0000000 --- a/src/test/docker/shibboleth-idp/config/shib-idp/conf/ldap.properties +++ /dev/null @@ -1,61 +0,0 @@ -# LDAP authentication configuration, see authn/ldap-authn-config.xml -# Note, this doesn't apply to the use of JAAS - -## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator -idp.authn.LDAP.authenticator = bindSearchAuthenticator - -## Connection properties ## -idp.authn.LDAP.ldapURL=ldaps://directory -#set below to true if your LDAP server is configured for it -idp.authn.LDAP.useStartTLS = false -#idp.authn.LDAP.useSSL = false -# Time in milliseconds that connects will block -#idp.authn.LDAP.connectTimeout = PT3S -# Time in milliseconds to wait for responses -#idp.authn.LDAP.responseTimeout = PT3S - -## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust -idp.authn.LDAP.sslConfig = certificateTrust -## If using certificateTrust above, set to the trusted certificate's path -idp.authn.LDAP.trustCertificates=%{idp.home}/credentials/ldap-server.crt -## If using keyStoreTrust above, set to the truststore path -idp.authn.LDAP.trustStore=%{idp.home}/credentials/ldap-server.truststore - -## Return attributes during authentication -idp.authn.LDAP.returnAttributes=passwordExpirationTime,loginGraceRemaining - -## DN resolution properties ## - -# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator -# for AD: CN=Users,DC=example,DC=org -idp.authn.LDAP.baseDN=dc=unicon,dc=local -idp.authn.LDAP.subtreeSearch = true -idp.authn.LDAP.userFilter=(uid={user}) -# bind search configuration -# for AD: idp.authn.LDAP.bindDN=adminuser@domain.com -idp.authn.LDAP.bindDN=cn=admin,dc=unicon,dc=local - -# Format DN resolution, used by directAuthenticator, adAuthenticator -# for AD use idp.authn.LDAP.dnFormat=%s@domain.com -idp.authn.LDAP.dnFormat=uid=%s,dc=unicon,dc=local - -# LDAP attribute configuration, see attribute-resolver.xml -# Note, this likely won't apply to the use of legacy V2 resolver configurations -idp.attribute.resolver.LDAP.ldapURL=%{idp.authn.LDAP.ldapURL} -idp.attribute.resolver.LDAP.connectTimeout=%{idp.authn.LDAP.connectTimeout:PT3S} -idp.attribute.resolver.LDAP.responseTimeout=%{idp.authn.LDAP.responseTimeout:PT3S} -idp.attribute.resolver.LDAP.baseDN=%{idp.authn.LDAP.baseDN:undefined} -idp.attribute.resolver.LDAP.bindDN=%{idp.authn.LDAP.bindDN:undefined} -idp.attribute.resolver.LDAP.useStartTLS=%{idp.authn.LDAP.useStartTLS:true} -idp.attribute.resolver.LDAP.trustCertificates=%{idp.authn.LDAP.trustCertificates:undefined} -idp.attribute.resolver.LDAP.searchFilter=(uid=$resolutionContext.principal) - -# LDAP pool configuration, used for both authn and DN resolution -#idp.pool.LDAP.minSize = 3 -#idp.pool.LDAP.maxSize = 10 -#idp.pool.LDAP.validateOnCheckout = false -#idp.pool.LDAP.validatePeriodically = true -#idp.pool.LDAP.validatePeriod = PT5M -#idp.pool.LDAP.prunePeriod = PT5M -#idp.pool.LDAP.idleTime = PT10M -#idp.pool.LDAP.blockWaitTime = PT3S diff --git a/src/test/docker/shibboleth-idp/config/shib-idp/conf/ldap.properties.dist b/src/test/docker/shibboleth-idp/config/shib-idp/conf/ldap.properties.dist deleted file mode 100644 index 74d4b77..0000000 --- a/src/test/docker/shibboleth-idp/config/shib-idp/conf/ldap.properties.dist +++ /dev/null @@ -1,61 +0,0 @@ -# LDAP authentication configuration, see authn/ldap-authn-config.xml -# Note, this doesn't apply to the use of JAAS - -## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator -#idp.authn.LDAP.authenticator = anonSearchAuthenticator - -## Connection properties ## -idp.authn.LDAP.ldapURL=ldap://localhost:10389 -#set below to true if your LDAP server is configured for it -idp.authn.LDAP.useStartTLS = false -#idp.authn.LDAP.useSSL = false -# Time in milliseconds that connects will block -#idp.authn.LDAP.connectTimeout = PT3S -# Time in milliseconds to wait for responses -#idp.authn.LDAP.responseTimeout = PT3S - -## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust -#idp.authn.LDAP.sslConfig = certificateTrust -## If using certificateTrust above, set to the trusted certificate's path -idp.authn.LDAP.trustCertificates=%{idp.home}/credentials/ldap-server.crt -## If using keyStoreTrust above, set to the truststore path -idp.authn.LDAP.trustStore=%{idp.home}/credentials/ldap-server.truststore - -## Return attributes during authentication -idp.authn.LDAP.returnAttributes=passwordExpirationTime,loginGraceRemaining - -## DN resolution properties ## - -# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator -# for AD: CN=Users,DC=example,DC=org -idp.authn.LDAP.baseDN=ou=people,dc=example,dc=org -#idp.authn.LDAP.subtreeSearch = false -idp.authn.LDAP.userFilter=(uid={user}) -# bind search configuration -# for AD: idp.authn.LDAP.bindDN=adminuser@domain.com -idp.authn.LDAP.bindDN=uid=myservice,ou=system - -# Format DN resolution, used by directAuthenticator, adAuthenticator -# for AD use idp.authn.LDAP.dnFormat=%s@domain.com -idp.authn.LDAP.dnFormat=uid=%s,ou=people,dc=example,dc=org - -# LDAP attribute configuration, see attribute-resolver.xml -# Note, this likely won't apply to the use of legacy V2 resolver configurations -idp.attribute.resolver.LDAP.ldapURL=%{idp.authn.LDAP.ldapURL} -idp.attribute.resolver.LDAP.connectTimeout=%{idp.authn.LDAP.connectTimeout:PT3S} -idp.attribute.resolver.LDAP.responseTimeout=%{idp.authn.LDAP.responseTimeout:PT3S} -idp.attribute.resolver.LDAP.baseDN=%{idp.authn.LDAP.baseDN:undefined} -idp.attribute.resolver.LDAP.bindDN=%{idp.authn.LDAP.bindDN:undefined} -idp.attribute.resolver.LDAP.useStartTLS=%{idp.authn.LDAP.useStartTLS:true} -idp.attribute.resolver.LDAP.trustCertificates=%{idp.authn.LDAP.trustCertificates:undefined} -idp.attribute.resolver.LDAP.searchFilter=(uid=$resolutionContext.principal) - -# LDAP pool configuration, used for both authn and DN resolution -#idp.pool.LDAP.minSize = 3 -#idp.pool.LDAP.maxSize = 10 -#idp.pool.LDAP.validateOnCheckout = false -#idp.pool.LDAP.validatePeriodically = true -#idp.pool.LDAP.validatePeriod = PT5M -#idp.pool.LDAP.prunePeriod = PT5M -#idp.pool.LDAP.idleTime = PT10M -#idp.pool.LDAP.blockWaitTime = PT3S diff --git a/src/test/docker/shibboleth-idp/config/tomcat/catalina.policy b/src/test/docker/shibboleth-idp/config/tomcat/catalina.policy deleted file mode 100644 index 10a33ca..0000000 --- a/src/test/docker/shibboleth-idp/config/tomcat/catalina.policy +++ /dev/null @@ -1,260 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one or more -// contributor license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright ownership. -// The ASF licenses this file to You under the Apache License, Version 2.0 -// (the "License"); you may not use this file except in compliance with -// the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// ============================================================================ -// catalina.policy - Security Policy Permissions for Tomcat -// -// This file contains a default set of security policies to be enforced (by the -// JVM) when Catalina is executed with the "-security" option. In addition -// to the permissions granted here, the following additional permissions are -// granted to each web application: -// -// * Read access to the web application's document root directory -// * Read, write and delete access to the web application's working directory -// ============================================================================ - - -// ========== SYSTEM CODE PERMISSIONS ========================================= - - -// These permissions apply to javac -grant codeBase "file:${java.home}/lib/-" { - permission java.security.AllPermission; -}; - -// These permissions apply to all shared system extensions -grant codeBase "file:${java.home}/jre/lib/ext/-" { - permission java.security.AllPermission; -}; - -// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre -grant codeBase "file:${java.home}/../lib/-" { - permission java.security.AllPermission; -}; - -// These permissions apply to all shared system extensions when -// ${java.home} points at $JAVA_HOME/jre -grant codeBase "file:${java.home}/lib/ext/-" { - permission java.security.AllPermission; -}; - - -// ========== CATALINA CODE PERMISSIONS ======================================= - - -// These permissions apply to the daemon code -grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" { - permission java.security.AllPermission; -}; - -// These permissions apply to the logging API -// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home}, -// update this section accordingly. -// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..} -grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { - permission java.io.FilePermission - "${java.home}${file.separator}lib${file.separator}logging.properties", "read"; - - permission java.io.FilePermission - "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read"; - permission java.io.FilePermission - "${catalina.base}${file.separator}logs", "read, write"; - permission java.io.FilePermission - "${catalina.base}${file.separator}logs${file.separator}*", "read, write"; - - permission java.lang.RuntimePermission "shutdownHooks"; - permission java.lang.RuntimePermission "getClassLoader"; - permission java.lang.RuntimePermission "setContextClassLoader"; - - permission java.lang.management.ManagementPermission "monitor"; - - permission java.util.logging.LoggingPermission "control"; - - permission java.util.PropertyPermission "java.util.logging.config.class", "read"; - permission java.util.PropertyPermission "java.util.logging.config.file", "read"; - permission java.util.PropertyPermission "org.apache.juli.AsyncLoggerPollInterval", "read"; - permission java.util.PropertyPermission "org.apache.juli.AsyncMaxRecordCount", "read"; - permission java.util.PropertyPermission "org.apache.juli.AsyncOverflowDropType", "read"; - permission java.util.PropertyPermission "org.apache.juli.ClassLoaderLogManager.debug", "read"; - permission java.util.PropertyPermission "catalina.base", "read"; - - // Note: To enable per context logging configuration, permit read access to - // the appropriate file. Be sure that the logging configuration is - // secure before enabling such access. - // E.g. for the examples web application (uncomment and unwrap - // the following to be on a single line): - // permission java.io.FilePermission "${catalina.base}${file.separator} - // webapps${file.separator}examples${file.separator}WEB-INF - // ${file.separator}classes${file.separator}logging.properties", "read"; -}; - -// These permissions apply to the server startup code -grant codeBase "file:${catalina.home}/bin/bootstrap.jar" { - permission java.security.AllPermission; -}; - -// These permissions apply to the servlet API classes -// and those that are shared across all class loaders -// located in the "lib" directory -grant codeBase "file:${catalina.home}/lib/-" { - permission java.security.AllPermission; -}; - - -// If using a per instance lib directory, i.e. ${catalina.base}/lib, -// then the following permission will need to be uncommented -// grant codeBase "file:${catalina.base}/lib/-" { -// permission java.security.AllPermission; -// }; - - -// ========== WEB APPLICATION PERMISSIONS ===================================== - - -// These permissions are granted by default to all web applications -// In addition, a web application will be given a read FilePermission -// for all files and directories in its document root. -grant { - // Required for JNDI lookup of named JDBC DataSource's and - // javamail named MimePart DataSource used to send mail - permission java.util.PropertyPermission "java.home", "read"; - permission java.util.PropertyPermission "java.naming.*", "read"; - permission java.util.PropertyPermission "javax.sql.*", "read"; - - // OS Specific properties to allow read access - permission java.util.PropertyPermission "os.name", "read"; - permission java.util.PropertyPermission "os.version", "read"; - permission java.util.PropertyPermission "os.arch", "read"; - permission java.util.PropertyPermission "file.separator", "read"; - permission java.util.PropertyPermission "path.separator", "read"; - permission java.util.PropertyPermission "line.separator", "read"; - - // JVM properties to allow read access - permission java.util.PropertyPermission "java.version", "read"; - permission java.util.PropertyPermission "java.vendor", "read"; - permission java.util.PropertyPermission "java.vendor.url", "read"; - permission java.util.PropertyPermission "java.class.version", "read"; - permission java.util.PropertyPermission "java.specification.version", "read"; - permission java.util.PropertyPermission "java.specification.vendor", "read"; - permission java.util.PropertyPermission "java.specification.name", "read"; - - permission java.util.PropertyPermission "java.vm.specification.version", "read"; - permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; - permission java.util.PropertyPermission "java.vm.specification.name", "read"; - permission java.util.PropertyPermission "java.vm.version", "read"; - permission java.util.PropertyPermission "java.vm.vendor", "read"; - permission java.util.PropertyPermission "java.vm.name", "read"; - - // Required for OpenJMX - permission java.lang.RuntimePermission "getAttribute"; - - // Allow read of JAXP compliant XML parser debug - permission java.util.PropertyPermission "jaxp.debug", "read"; - - // All JSPs need to be able to read this package - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat"; - - // Precompiled JSPs need access to these packages. - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime"; - permission java.lang.RuntimePermission - "accessClassInPackage.org.apache.jasper.runtime.*"; - - // Precompiled JSPs need access to these system properties. - permission java.util.PropertyPermission - "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read"; - permission java.util.PropertyPermission - "org.apache.el.parser.COERCE_TO_ZERO", "read"; - - // The cookie code needs these. - permission java.util.PropertyPermission - "org.apache.catalina.STRICT_SERVLET_COMPLIANCE", "read"; - permission java.util.PropertyPermission - "org.apache.tomcat.util.http.ServerCookie.STRICT_NAMING", "read"; - permission java.util.PropertyPermission - "org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR", "read"; - - // Applications using Comet need to be able to access this package - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.comet"; - - // Applications using WebSocket need to be able to access these packages - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket.server"; -}; - - -// The Manager application needs access to the following packages to support the -// session display functionality. These settings support the following -// configurations: -// - default CATALINA_HOME == CATALINA_BASE -// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE -// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME -grant codeBase "file:${catalina.base}/webapps/manager/-" { - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util"; -}; -grant codeBase "file:${catalina.home}/webapps/manager/-" { - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util"; -}; - -// You can assign additional permissions to particular web applications by -// adding additional "grant" entries here, based on the code base for that -// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files. -// -// Different permissions can be granted to JSP pages, classes loaded from -// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/ -// directory, or even to individual jar files in the /WEB-INF/lib/ directory. -// -// For instance, assume that the standard "examples" application -// included a JDBC driver that needed to establish a network connection to the -// corresponding database and used the scrape taglib to get the weather from -// the NOAA web server. You might create a "grant" entries like this: -// -// The permissions granted to the context root directory apply to JSP pages. -// grant codeBase "file:${catalina.base}/webapps/examples/-" { -// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; -// permission java.net.SocketPermission "*.noaa.gov:80", "connect"; -// }; -// -// The permissions granted to the context WEB-INF/classes directory -// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" { -// }; -// -// The permission granted to your JDBC driver -// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" { -// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; -// }; -// The permission granted to the scrape taglib -// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" { -// permission java.net.SocketPermission "*.noaa.gov:80", "connect"; -// }; - -// To grant permissions for web applications using packed WAR files, use the -// Tomcat specific WAR url scheme. -// -// The permissions granted to the entire web application -// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/-" { -// }; -// -// The permissions granted to a specific JAR -// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" { -// }; \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/config/tomcat/catalina.properties b/src/test/docker/shibboleth-idp/config/tomcat/catalina.properties deleted file mode 100644 index a22f1dd..0000000 --- a/src/test/docker/shibboleth-idp/config/tomcat/catalina.properties +++ /dev/null @@ -1,150 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageAccess unless the -# corresponding RuntimePermission ("accessClassInPackage."+package) has -# been granted. -package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,org.apache.tomcat. -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageDefinition unless the -# corresponding RuntimePermission ("defineClassInPackage."+package) has -# been granted. -# -# by default, no packages are restricted for definition, and none of -# the class loaders supplied with the JDK call checkPackageDefinition. -# -package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,\ -org.apache.jasper.,org.apache.naming.,org.apache.tomcat. - -# -# -# List of comma-separated paths defining the contents of the "common" -# classloader. Prefixes should be used to define what is the repository type. -# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute. -# If left as blank,the JVM system loader will be used as Catalina's "common" -# loader. -# Examples: -# "foo": Add this folder as a class repository -# "foo/*.jar": Add all the JARs of the specified folder as class -# repositories -# "foo/bar.jar": Add bar.jar as a class repository -# -# Note: Values are enclosed in double quotes ("...") in case either the -# ${catalina.base} path or the ${catalina.home} path contains a comma. -# Because double quotes are used for quoting, the double quote character -# may not appear in a path. -common.loader="${catalina.base}/lib","${catalina.base}/lib/*.jar","${catalina.home}/lib","${catalina.home}/lib/*.jar" - -# -# List of comma-separated paths defining the contents of the "server" -# classloader. Prefixes should be used to define what is the repository type. -# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute. -# If left as blank, the "common" loader will be used as Catalina's "server" -# loader. -# Examples: -# "foo": Add this folder as a class repository -# "foo/*.jar": Add all the JARs of the specified folder as class -# repositories -# "foo/bar.jar": Add bar.jar as a class repository -# -# Note: Values may be enclosed in double quotes ("...") in case either the -# ${catalina.base} path or the ${catalina.home} path contains a comma. -# Because double quotes are used for quoting, the double quote character -# may not appear in a path. -server.loader= - -# -# List of comma-separated paths defining the contents of the "shared" -# classloader. Prefixes should be used to define what is the repository type. -# Path may be relative to the CATALINA_BASE path or absolute. If left as blank, -# the "common" loader will be used as Catalina's "shared" loader. -# Examples: -# "foo": Add this folder as a class repository -# "foo/*.jar": Add all the JARs of the specified folder as class -# repositories -# "foo/bar.jar": Add bar.jar as a class repository -# Please note that for single jars, e.g. bar.jar, you need the URL form -# starting with file:. -# -# Note: Values may be enclosed in double quotes ("...") in case either the -# ${catalina.base} path or the ${catalina.home} path contains a comma. -# Because double quotes are used for quoting, the double quote character -# may not appear in a path. -shared.loader= - -# Default list of JAR files that should not be scanned using the JarScanner -# functionality. This is typically used to scan JARs for configuration -# information. JARs that do not contain such information may be excluded from -# the scan to speed up the scanning process. This is the default list. JARs on -# this list are excluded from all scans. The list must be a comma separated list -# of JAR file names. -# The list of JARs to skip may be over-ridden at a Context level for individual -# scan types by configuring a JarScanner with a nested JarScanFilter. -# The JARs listed below include: -# - Tomcat Bootstrap JARs -# - Tomcat API JARs -# - Catalina JARs -# - Jasper JARs -# - Tomcat JARs -# - Common non-Tomcat JARs -# - Test JARs (JUnit, Cobertura and dependencies) -tomcat.util.scan.StandardJarScanFilter.jarsToSkip=\ -bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\ -annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,\ -catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-storeconfig.jar,\ -catalina-tribes.jar,\ -jasper.jar,jasper-el.jar,ecj-*.jar,\ -tomcat-api.jar,tomcat-util.jar,tomcat-util-scan.jar,tomcat-coyote.jar,\ -tomcat-dbcp.jar,tomcat-jni.jar,tomcat-websocket.jar,\ -tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\ -tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\ -tomcat-jdbc.jar,\ -tools.jar,\ -commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\ -commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\ -commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\ -commons-math*.jar,commons-pool*.jar,\ -jstl.jar,taglibs-standard-spec-*.jar,\ -geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\ -ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\ -jmx-tools.jar,jta*.jar,log4j*.jar,mail*.jar,slf4j*.jar,\ -xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\ -junit.jar,junit-*.jar,ant-launcher.jar,\ -cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,\ -jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,\ -xom-*.jar - -# Default list of JAR files that should be scanned that overrides the default -# jarsToSkip list above. This is typically used to include a specific JAR that -# has been excluded by a broad file name pattern in the jarsToSkip list. -# The list of JARs to scan may be over-ridden at a Context level for individual -# scan types by configuring a JarScanner with a nested JarScanFilter. -tomcat.util.scan.StandardJarScanFilter.jarsToScan=\ -log4j-web*.jar,log4j-taglib*.jar,log4javascript*.jar,slf4j-taglib*.jar - -# String cache configuration. -tomcat.util.buf.StringCache.byte.enabled=true -#tomcat.util.buf.StringCache.char.enabled=true -#tomcat.util.buf.StringCache.trainThreshold=500000 -#tomcat.util.buf.StringCache.cacheSize=5000 - -# Allow for changes to HTTP request validation -# WARNING: Using this option will expose the server to CVE-2016-6816 -#tomcat.util.http.parser.HttpParser.requestTargetAllow=| diff --git a/src/test/docker/shibboleth-idp/config/tomcat/context.xml b/src/test/docker/shibboleth-idp/config/tomcat/context.xml deleted file mode 100644 index 98727cb..0000000 --- a/src/test/docker/shibboleth-idp/config/tomcat/context.xml +++ /dev/null @@ -1,36 +0,0 @@ - - - - - - - - WEB-INF/web.xml - ${catalina.base}/conf/web.xml - - - - - - - diff --git a/src/test/docker/shibboleth-idp/config/tomcat/logging.properties b/src/test/docker/shibboleth-idp/config/tomcat/logging.properties deleted file mode 100644 index cb5ed66..0000000 --- a/src/test/docker/shibboleth-idp/config/tomcat/logging.properties +++ /dev/null @@ -1,64 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, 3manager.org.apache.juli.AsyncFileHandler, 4host-manager.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler - -.handlers = 1catalina.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler - -############################################################ -# Handler specific properties. -# Describes specific configuration info for Handlers. -############################################################ - -1catalina.org.apache.juli.AsyncFileHandler.level = FINE -1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs -1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina. - -2localhost.org.apache.juli.AsyncFileHandler.level = FINE -2localhost.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs -2localhost.org.apache.juli.AsyncFileHandler.prefix = localhost. - -3manager.org.apache.juli.AsyncFileHandler.level = FINE -3manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs -3manager.org.apache.juli.AsyncFileHandler.prefix = manager. - -4host-manager.org.apache.juli.AsyncFileHandler.level = FINE -4host-manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs -4host-manager.org.apache.juli.AsyncFileHandler.prefix = host-manager. - -java.util.logging.ConsoleHandler.level = FINE -java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter - - -############################################################ -# Facility specific properties. -# Provides extra control for each logger. -############################################################ - -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.AsyncFileHandler - -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = 3manager.org.apache.juli.AsyncFileHandler - -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = 4host-manager.org.apache.juli.AsyncFileHandler - -# For example, set the org.apache.catalina.util.LifecycleBase logger to log -# each component that extends LifecycleBase changing state: -#org.apache.catalina.util.LifecycleBase.level = FINE - -# To see debug messages in TldLocationsCache, uncomment the following line: -#org.apache.jasper.compiler.TldLocationsCache.level = FINE diff --git a/src/test/docker/shibboleth-idp/config/tomcat/server.xml b/src/test/docker/shibboleth-idp/config/tomcat/server.xml deleted file mode 100644 index f4b875b..0000000 --- a/src/test/docker/shibboleth-idp/config/tomcat/server.xml +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - - - - - - - - - - - diff --git a/src/test/docker/shibboleth-idp/config/tomcat/tomcat-users.xml b/src/test/docker/shibboleth-idp/config/tomcat/tomcat-users.xml deleted file mode 100644 index fcac27d..0000000 --- a/src/test/docker/shibboleth-idp/config/tomcat/tomcat-users.xml +++ /dev/null @@ -1,44 +0,0 @@ - - - - - - - diff --git a/src/test/docker/shibboleth-idp/config/tomcat/tomcat-users.xsd b/src/test/docker/shibboleth-idp/config/tomcat/tomcat-users.xsd deleted file mode 100644 index 67a1d5f..0000000 --- a/src/test/docker/shibboleth-idp/config/tomcat/tomcat-users.xsd +++ /dev/null @@ -1,59 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/config/tomcat/web.xml b/src/test/docker/shibboleth-idp/config/tomcat/web.xml deleted file mode 100644 index cf08cfe..0000000 --- a/src/test/docker/shibboleth-idp/config/tomcat/web.xml +++ /dev/null @@ -1,4684 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - default - org.apache.catalina.servlets.DefaultServlet - - debug - 0 - - - listings - false - - 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - jsp - org.apache.jasper.servlet.JspServlet - - fork - false - - - xpoweredBy - false - - 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - default - / - - - - - jsp - *.jsp - *.jspx - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 30 - - - - - - - - - - - - - 123 - application/vnd.lotus-1-2-3 - - - 3dml - text/vnd.in3d.3dml - - - 3ds - image/x-3ds - - - 3g2 - video/3gpp2 - - - 3gp - video/3gpp - - - 7z - application/x-7z-compressed - - - aab - application/x-authorware-bin - - - aac - audio/x-aac - - - aam - application/x-authorware-map - - - aas - application/x-authorware-seg - - - abs - audio/x-mpeg - - - abw - application/x-abiword - - - ac - application/pkix-attr-cert - - - acc - application/vnd.americandynamics.acc - - - ace - application/x-ace-compressed - - - acu - application/vnd.acucobol - - - acutc - application/vnd.acucorp - - - adp - audio/adpcm - - - aep - application/vnd.audiograph - - - afm - application/x-font-type1 - - - afp - application/vnd.ibm.modcap - - - ahead - application/vnd.ahead.space - - - ai - application/postscript - - - aif - audio/x-aiff - - - aifc - audio/x-aiff - - - aiff - audio/x-aiff - - - aim - application/x-aim - - - air - application/vnd.adobe.air-application-installer-package+zip - - - ait - application/vnd.dvb.ait - - - ami - application/vnd.amiga.ami - - - anx - application/annodex - - - apk - application/vnd.android.package-archive - - - appcache - text/cache-manifest - - - application - application/x-ms-application - - - apr - application/vnd.lotus-approach - - - arc - application/x-freearc - - - art - image/x-jg - - - asc - application/pgp-signature - - - asf - video/x-ms-asf - - - asm - text/x-asm - - - aso - application/vnd.accpac.simply.aso - - - asx - video/x-ms-asf - - - atc - application/vnd.acucorp - - - atom - application/atom+xml - - - atomcat - application/atomcat+xml - - - atomsvc - application/atomsvc+xml - - - atx - application/vnd.antix.game-component - - - au - audio/basic - - - avi - video/x-msvideo - - - avx - video/x-rad-screenplay - - - aw - application/applixware - - - axa - audio/annodex - - - axv - video/annodex - - - azf - application/vnd.airzip.filesecure.azf - - - azs - application/vnd.airzip.filesecure.azs - - - azw - application/vnd.amazon.ebook - - - bat - application/x-msdownload - - - bcpio - application/x-bcpio - - - bdf - application/x-font-bdf - - - bdm - application/vnd.syncml.dm+wbxml - - - bed - application/vnd.realvnc.bed - - - bh2 - application/vnd.fujitsu.oasysprs - - - bin - application/octet-stream - - - blb - application/x-blorb - - - blorb - application/x-blorb - - - bmi - application/vnd.bmi - - - bmp - image/bmp - - - body - text/html - - - book - application/vnd.framemaker - - - box - application/vnd.previewsystems.box - - - boz - application/x-bzip2 - - - bpk - application/octet-stream - - - btif - image/prs.btif - - - bz - application/x-bzip - - - bz2 - application/x-bzip2 - - - c - text/x-c - - - c11amc - application/vnd.cluetrust.cartomobile-config - - - c11amz - application/vnd.cluetrust.cartomobile-config-pkg - - - c4d - application/vnd.clonk.c4group - - - c4f - application/vnd.clonk.c4group - - - c4g - application/vnd.clonk.c4group - - - c4p - application/vnd.clonk.c4group - - - c4u - application/vnd.clonk.c4group - - - cab - application/vnd.ms-cab-compressed - - - caf - audio/x-caf - - - cap - application/vnd.tcpdump.pcap - - - car - application/vnd.curl.car - - - cat - application/vnd.ms-pki.seccat - - - cb7 - application/x-cbr - - - cba - application/x-cbr - - - cbr - application/x-cbr - - - cbt - application/x-cbr - - - cbz - application/x-cbr - - - cc - text/x-c - - - cct - application/x-director - - - ccxml - application/ccxml+xml - - - cdbcmsg - application/vnd.contact.cmsg - - - cdf - application/x-cdf - - - cdkey - application/vnd.mediastation.cdkey - - - cdmia - application/cdmi-capability - - - cdmic - application/cdmi-container - - - cdmid - application/cdmi-domain - - - cdmio - application/cdmi-object - - - cdmiq - application/cdmi-queue - - - cdx - chemical/x-cdx - - - cdxml - application/vnd.chemdraw+xml - - - cdy - application/vnd.cinderella - - - cer - application/pkix-cert - - - cfs - application/x-cfs-compressed - - - cgm - image/cgm - - - chat - application/x-chat - - - chm - application/vnd.ms-htmlhelp - - - chrt - application/vnd.kde.kchart - - - cif - chemical/x-cif - - - cii - application/vnd.anser-web-certificate-issue-initiation - - - cil - application/vnd.ms-artgalry - - - cla - application/vnd.claymore - - - class - application/java - - - clkk - application/vnd.crick.clicker.keyboard - - - clkp - application/vnd.crick.clicker.palette - - - clkt - application/vnd.crick.clicker.template - - - clkw - application/vnd.crick.clicker.wordbank - - - clkx - application/vnd.crick.clicker - - - clp - application/x-msclip - - - cmc - application/vnd.cosmocaller - - - cmdf - chemical/x-cmdf - - - cml - chemical/x-cml - - - cmp - application/vnd.yellowriver-custom-menu - - - cmx - image/x-cmx - - - cod - application/vnd.rim.cod - - - com - application/x-msdownload - - - conf - text/plain - - - cpio - application/x-cpio - - - cpp - text/x-c - - - cpt - application/mac-compactpro - - - crd - application/x-mscardfile - - - crl - application/pkix-crl - - - crt - application/x-x509-ca-cert - - - cryptonote - application/vnd.rig.cryptonote - - - csh - application/x-csh - - - csml - chemical/x-csml - - - csp - application/vnd.commonspace - - - css - text/css - - - cst - application/x-director - - - csv - text/csv - - - cu - application/cu-seeme - - - curl - text/vnd.curl - - - cww - application/prs.cww - - - cxt - application/x-director - - - cxx - text/x-c - - - dae - model/vnd.collada+xml - - - daf - application/vnd.mobius.daf - - - dart - application/vnd.dart - - - dataless - application/vnd.fdsn.seed - - - davmount - application/davmount+xml - - - dbk - application/docbook+xml - - - dcr - application/x-director - - - dcurl - text/vnd.curl.dcurl - - - dd2 - application/vnd.oma.dd2+xml - - - ddd - application/vnd.fujixerox.ddd - - - deb - application/x-debian-package - - - def - text/plain - - - deploy - application/octet-stream - - - der - application/x-x509-ca-cert - - - dfac - application/vnd.dreamfactory - - - dgc - application/x-dgc-compressed - - - dib - image/bmp - - - dic - text/x-c - - - dir - application/x-director - - - dis - application/vnd.mobius.dis - - - dist - application/octet-stream - - - distz - application/octet-stream - - - djv - image/vnd.djvu - - - djvu - image/vnd.djvu - - - dll - application/x-msdownload - - - dmg - application/x-apple-diskimage - - - dmp - application/vnd.tcpdump.pcap - - - dms - application/octet-stream - - - dna - application/vnd.dna - - - doc - application/msword - - - docm - application/vnd.ms-word.document.macroenabled.12 - - - docx - application/vnd.openxmlformats-officedocument.wordprocessingml.document - - - dot - application/msword - - - dotm - application/vnd.ms-word.template.macroenabled.12 - - - dotx - application/vnd.openxmlformats-officedocument.wordprocessingml.template - - - dp - application/vnd.osgi.dp - - - dpg - application/vnd.dpgraph - - - dra - audio/vnd.dra - - - dsc - text/prs.lines.tag - - - dssc - application/dssc+der - - - dtb - application/x-dtbook+xml - - - dtd - application/xml-dtd - - - dts - audio/vnd.dts - - - dtshd - audio/vnd.dts.hd - - - dump - application/octet-stream - - - dv - video/x-dv - - - dvb - video/vnd.dvb.file - - - dvi - application/x-dvi - - - dwf - model/vnd.dwf - - - dwg - image/vnd.dwg - - - dxf - image/vnd.dxf - - - dxp - application/vnd.spotfire.dxp - - - dxr - application/x-director - - - ecelp4800 - audio/vnd.nuera.ecelp4800 - - - ecelp7470 - audio/vnd.nuera.ecelp7470 - - - ecelp9600 - audio/vnd.nuera.ecelp9600 - - - ecma - application/ecmascript - - - edm - application/vnd.novadigm.edm - - - edx - application/vnd.novadigm.edx - - - efif - application/vnd.picsel - - - ei6 - application/vnd.pg.osasli - - - elc - application/octet-stream - - - emf - application/x-msmetafile - - - eml - message/rfc822 - - - emma - application/emma+xml - - - emz - application/x-msmetafile - - - eol - audio/vnd.digital-winds - - - eot - application/vnd.ms-fontobject - - - eps - application/postscript - - - epub - application/epub+zip - - - es3 - application/vnd.eszigno3+xml - - - esa - application/vnd.osgi.subsystem - - - esf - application/vnd.epson.esf - - - et3 - application/vnd.eszigno3+xml - - - etx - text/x-setext - - - eva - application/x-eva - - - evy - application/x-envoy - - - exe - application/octet-stream - - - exi - application/exi - - - ext - application/vnd.novadigm.ext - - - ez - application/andrew-inset - - - ez2 - application/vnd.ezpix-album - - - ez3 - application/vnd.ezpix-package - - - f - text/x-fortran - - - f4v - video/x-f4v - - - f77 - text/x-fortran - - - f90 - text/x-fortran - - - fbs - image/vnd.fastbidsheet - - - fcdt - application/vnd.adobe.formscentral.fcdt - - - fcs - application/vnd.isac.fcs - - - fdf - application/vnd.fdf - - - fe_launch - application/vnd.denovo.fcselayout-link - - - fg5 - application/vnd.fujitsu.oasysgp - - - fgd - application/x-director - - - fh - image/x-freehand - - - fh4 - image/x-freehand - - - fh5 - image/x-freehand - - - fh7 - image/x-freehand - - - fhc - image/x-freehand - - - fig - application/x-xfig - - - flac - audio/flac - - - fli - video/x-fli - - - flo - application/vnd.micrografx.flo - - - flv - video/x-flv - - - flw - application/vnd.kde.kivio - - - flx - text/vnd.fmi.flexstor - - - fly - text/vnd.fly - - - fm - application/vnd.framemaker - - - fnc - application/vnd.frogans.fnc - - - for - text/x-fortran - - - fpx - image/vnd.fpx - - - frame - application/vnd.framemaker - - - fsc - application/vnd.fsc.weblaunch - - - fst - image/vnd.fst - - - ftc - application/vnd.fluxtime.clip - - - fti - application/vnd.anser-web-funds-transfer-initiation - - - fvt - video/vnd.fvt - - - fxp - application/vnd.adobe.fxp - - - fxpl - application/vnd.adobe.fxp - - - fzs - application/vnd.fuzzysheet - - - g2w - application/vnd.geoplan - - - g3 - image/g3fax - - - g3w - application/vnd.geospace - - - gac - application/vnd.groove-account - - - gam - application/x-tads - - - gbr - application/rpki-ghostbusters - - - gca - application/x-gca-compressed - - - gdl - model/vnd.gdl - - - geo - application/vnd.dynageo - - - gex - application/vnd.geometry-explorer - - - ggb - application/vnd.geogebra.file - - - ggt - application/vnd.geogebra.tool - - - ghf - application/vnd.groove-help - - - gif - image/gif - - - gim - application/vnd.groove-identity-message - - - gml - application/gml+xml - - - gmx - application/vnd.gmx - - - gnumeric - application/x-gnumeric - - - gph - application/vnd.flographit - - - gpx - application/gpx+xml - - - gqf - application/vnd.grafeq - - - gqs - application/vnd.grafeq - - - gram - application/srgs - - - gramps - application/x-gramps-xml - - - gre - application/vnd.geometry-explorer - - - grv - application/vnd.groove-injector - - - grxml - application/srgs+xml - - - gsf - application/x-font-ghostscript - - - gtar - application/x-gtar - - - gtm - application/vnd.groove-tool-message - - - gtw - model/vnd.gtw - - - gv - text/vnd.graphviz - - - gxf - application/gxf - - - gxt - application/vnd.geonext - - - gz - application/x-gzip - - - h - text/x-c - - - h261 - video/h261 - - - h263 - video/h263 - - - h264 - video/h264 - - - hal - application/vnd.hal+xml - - - hbci - application/vnd.hbci - - - hdf - application/x-hdf - - - hh - text/x-c - - - hlp - application/winhlp - - - hpgl - application/vnd.hp-hpgl - - - hpid - application/vnd.hp-hpid - - - hps - application/vnd.hp-hps - - - hqx - application/mac-binhex40 - - - htc - text/x-component - - - htke - application/vnd.kenameaapp - - - htm - text/html - - - html - text/html - - - hvd - application/vnd.yamaha.hv-dic - - - hvp - application/vnd.yamaha.hv-voice - - - hvs - application/vnd.yamaha.hv-script - - - i2g - application/vnd.intergeo - - - icc - application/vnd.iccprofile - - - ice - x-conference/x-cooltalk - - - icm - application/vnd.iccprofile - - - ico - image/x-icon - - - ics - text/calendar - - - ief - image/ief - - - ifb - text/calendar - - - ifm - application/vnd.shana.informed.formdata - - - iges - model/iges - - - igl - application/vnd.igloader - - - igm - application/vnd.insors.igm - - - igs - model/iges - - - igx - application/vnd.micrografx.igx - - - iif - application/vnd.shana.informed.interchange - - - imp - application/vnd.accpac.simply.imp - - - ims - application/vnd.ms-ims - - - in - text/plain - - - ink - application/inkml+xml - - - inkml - application/inkml+xml - - - install - application/x-install-instructions - - - iota - application/vnd.astraea-software.iota - - - ipfix - application/ipfix - - - ipk - application/vnd.shana.informed.package - - - irm - application/vnd.ibm.rights-management - - - irp - application/vnd.irepository.package+xml - - - iso - application/x-iso9660-image - - - itp - application/vnd.shana.informed.formtemplate - - - ivp - application/vnd.immervision-ivp - - - ivu - application/vnd.immervision-ivu - - - jad - text/vnd.sun.j2me.app-descriptor - - - jam - application/vnd.jam - - - jar - application/java-archive - - - java - text/x-java-source - - - jisp - application/vnd.jisp - - - jlt - application/vnd.hp-jlyt - - - jnlp - application/x-java-jnlp-file - - - joda - application/vnd.joost.joda-archive - - - jpe - image/jpeg - - - jpeg - image/jpeg - - - jpg - image/jpeg - - - jpgm - video/jpm - - - jpgv - video/jpeg - - - jpm - video/jpm - - - js - application/javascript - - - jsf - text/plain - - - json - application/json - - - jsonml - application/jsonml+json - - - jspf - text/plain - - - kar - audio/midi - - - karbon - application/vnd.kde.karbon - - - kfo - application/vnd.kde.kformula - - - kia - application/vnd.kidspiration - - - kml - application/vnd.google-earth.kml+xml - - - kmz - application/vnd.google-earth.kmz - - - kne - application/vnd.kinar - - - knp - application/vnd.kinar - - - kon - application/vnd.kde.kontour - - - kpr - application/vnd.kde.kpresenter - - - kpt - application/vnd.kde.kpresenter - - - kpxx - application/vnd.ds-keypoint - - - ksp - application/vnd.kde.kspread - - - ktr - application/vnd.kahootz - - - ktx - image/ktx - - - ktz - application/vnd.kahootz - - - kwd - application/vnd.kde.kword - - - kwt - application/vnd.kde.kword - - - lasxml - application/vnd.las.las+xml - - - latex - application/x-latex - - - lbd - application/vnd.llamagraphics.life-balance.desktop - - - lbe - application/vnd.llamagraphics.life-balance.exchange+xml - - - les - application/vnd.hhe.lesson-player - - - lha - application/x-lzh-compressed - - - link66 - application/vnd.route66.link66+xml - - - list - text/plain - - - list3820 - application/vnd.ibm.modcap - - - listafp - application/vnd.ibm.modcap - - - lnk - application/x-ms-shortcut - - - log - text/plain - - - lostxml - application/lost+xml - - - lrf - application/octet-stream - - - lrm - application/vnd.ms-lrm - - - ltf - application/vnd.frogans.ltf - - - lvp - audio/vnd.lucent.voice - - - lwp - application/vnd.lotus-wordpro - - - lzh - application/x-lzh-compressed - - - m13 - application/x-msmediaview - - - m14 - application/x-msmediaview - - - m1v - video/mpeg - - - m21 - application/mp21 - - - m2a - audio/mpeg - - - m2v - video/mpeg - - - m3a - audio/mpeg - - - m3u - audio/x-mpegurl - - - m3u8 - application/vnd.apple.mpegurl - - - m4a - audio/mp4 - - - m4b - audio/mp4 - - - m4r - audio/mp4 - - - m4u - video/vnd.mpegurl - - - m4v - video/mp4 - - - ma - application/mathematica - - - mac - image/x-macpaint - - - mads - application/mads+xml - - - mag - application/vnd.ecowin.chart - - - maker - application/vnd.framemaker - - - man - text/troff - - - mar - application/octet-stream - - - mathml - application/mathml+xml - - - mb - application/mathematica - - - mbk - application/vnd.mobius.mbk - - - mbox - application/mbox - - - mc1 - application/vnd.medcalcdata - - - mcd - application/vnd.mcd - - - mcurl - text/vnd.curl.mcurl - - - mdb - application/x-msaccess - - - mdi - image/vnd.ms-modi - - - me - text/troff - - - mesh - model/mesh - - - meta4 - application/metalink4+xml - - - metalink - application/metalink+xml - - - mets - application/mets+xml - - - mfm - application/vnd.mfmp - - - mft - application/rpki-manifest - - - mgp - application/vnd.osgeo.mapguide.package - - - mgz - application/vnd.proteus.magazine - - - mid - audio/midi - - - midi - audio/midi - - - mie - application/x-mie - - - mif - application/x-mif - - - mime - message/rfc822 - - - mj2 - video/mj2 - - - mjp2 - video/mj2 - - - mk3d - video/x-matroska - - - mka - audio/x-matroska - - - mks - video/x-matroska - - - mkv - video/x-matroska - - - mlp - application/vnd.dolby.mlp - - - mmd - application/vnd.chipnuts.karaoke-mmd - - - mmf - application/vnd.smaf - - - mmr - image/vnd.fujixerox.edmics-mmr - - - mng - video/x-mng - - - mny - application/x-msmoney - - - mobi - application/x-mobipocket-ebook - - - mods - application/mods+xml - - - mov - video/quicktime - - - movie - video/x-sgi-movie - - - mp1 - audio/mpeg - - - mp2 - audio/mpeg - - - mp21 - application/mp21 - - - mp2a - audio/mpeg - - - mp3 - audio/mpeg - - - mp4 - video/mp4 - - - mp4a - audio/mp4 - - - mp4s - application/mp4 - - - mp4v - video/mp4 - - - mpa - audio/mpeg - - - mpc - application/vnd.mophun.certificate - - - mpe - video/mpeg - - - mpeg - video/mpeg - - - mpega - audio/x-mpeg - - - mpg - video/mpeg - - - mpg4 - video/mp4 - - - mpga - audio/mpeg - - - mpkg - application/vnd.apple.installer+xml - - - mpm - application/vnd.blueice.multipass - - - mpn - application/vnd.mophun.application - - - mpp - application/vnd.ms-project - - - mpt - application/vnd.ms-project - - - mpv2 - video/mpeg2 - - - mpy - application/vnd.ibm.minipay - - - mqy - application/vnd.mobius.mqy - - - mrc - application/marc - - - mrcx - application/marcxml+xml - - - ms - text/troff - - - mscml - application/mediaservercontrol+xml - - - mseed - application/vnd.fdsn.mseed - - - mseq - application/vnd.mseq - - - msf - application/vnd.epson.msf - - - msh - model/mesh - - - msi - application/x-msdownload - - - msl - application/vnd.mobius.msl - - - msty - application/vnd.muvee.style - - - mts - model/vnd.mts - - - mus - application/vnd.musician - - - musicxml - application/vnd.recordare.musicxml+xml - - - mvb - application/x-msmediaview - - - mwf - application/vnd.mfer - - - mxf - application/mxf - - - mxl - application/vnd.recordare.musicxml - - - mxml - application/xv+xml - - - mxs - application/vnd.triscape.mxs - - - mxu - video/vnd.mpegurl - - - n-gage - application/vnd.nokia.n-gage.symbian.install - - - n3 - text/n3 - - - nb - application/mathematica - - - nbp - application/vnd.wolfram.player - - - nc - application/x-netcdf - - - ncx - application/x-dtbncx+xml - - - nfo - text/x-nfo - - - ngdat - application/vnd.nokia.n-gage.data - - - nitf - application/vnd.nitf - - - nlu - application/vnd.neurolanguage.nlu - - - nml - application/vnd.enliven - - - nnd - application/vnd.noblenet-directory - - - nns - application/vnd.noblenet-sealer - - - nnw - application/vnd.noblenet-web - - - npx - image/vnd.net-fpx - - - nsc - application/x-conference - - - nsf - application/vnd.lotus-notes - - - ntf - application/vnd.nitf - - - nzb - application/x-nzb - - - oa2 - application/vnd.fujitsu.oasys2 - - - oa3 - application/vnd.fujitsu.oasys3 - - - oas - application/vnd.fujitsu.oasys - - - obd - application/x-msbinder - - - obj - application/x-tgif - - - oda - application/oda - - - - odb - application/vnd.oasis.opendocument.database - - - - odc - application/vnd.oasis.opendocument.chart - - - - odf - application/vnd.oasis.opendocument.formula - - - odft - application/vnd.oasis.opendocument.formula-template - - - - odg - application/vnd.oasis.opendocument.graphics - - - - odi - application/vnd.oasis.opendocument.image - - - - odm - application/vnd.oasis.opendocument.text-master - - - - odp - application/vnd.oasis.opendocument.presentation - - - - ods - application/vnd.oasis.opendocument.spreadsheet - - - - odt - application/vnd.oasis.opendocument.text - - - oga - audio/ogg - - - ogg - audio/ogg - - - ogv - video/ogg - - - - ogx - application/ogg - - - omdoc - application/omdoc+xml - - - onepkg - application/onenote - - - onetmp - application/onenote - - - onetoc - application/onenote - - - onetoc2 - application/onenote - - - opf - application/oebps-package+xml - - - opml - text/x-opml - - - oprc - application/vnd.palm - - - org - application/vnd.lotus-organizer - - - osf - application/vnd.yamaha.openscoreformat - - - osfpvg - application/vnd.yamaha.openscoreformat.osfpvg+xml - - - otc - application/vnd.oasis.opendocument.chart-template - - - otf - application/x-font-otf - - - - otg - application/vnd.oasis.opendocument.graphics-template - - - - oth - application/vnd.oasis.opendocument.text-web - - - oti - application/vnd.oasis.opendocument.image-template - - - - otp - application/vnd.oasis.opendocument.presentation-template - - - - ots - application/vnd.oasis.opendocument.spreadsheet-template - - - - ott - application/vnd.oasis.opendocument.text-template - - - oxps - application/oxps - - - oxt - application/vnd.openofficeorg.extension - - - p - text/x-pascal - - - p10 - application/pkcs10 - - - p12 - application/x-pkcs12 - - - p7b - application/x-pkcs7-certificates - - - p7c - application/pkcs7-mime - - - p7m - application/pkcs7-mime - - - p7r - application/x-pkcs7-certreqresp - - - p7s - application/pkcs7-signature - - - p8 - application/pkcs8 - - - pas - text/x-pascal - - - paw - application/vnd.pawaafile - - - pbd - application/vnd.powerbuilder6 - - - pbm - image/x-portable-bitmap - - - pcap - application/vnd.tcpdump.pcap - - - pcf - application/x-font-pcf - - - pcl - application/vnd.hp-pcl - - - pclxl - application/vnd.hp-pclxl - - - pct - image/pict - - - pcurl - application/vnd.curl.pcurl - - - pcx - image/x-pcx - - - pdb - application/vnd.palm - - - pdf - application/pdf - - - pfa - application/x-font-type1 - - - pfb - application/x-font-type1 - - - pfm - application/x-font-type1 - - - pfr - application/font-tdpfr - - - pfx - application/x-pkcs12 - - - pgm - image/x-portable-graymap - - - pgn - application/x-chess-pgn - - - pgp - application/pgp-encrypted - - - pic - image/pict - - - pict - image/pict - - - pkg - application/octet-stream - - - pki - application/pkixcmp - - - pkipath - application/pkix-pkipath - - - plb - application/vnd.3gpp.pic-bw-large - - - plc - application/vnd.mobius.plc - - - plf - application/vnd.pocketlearn - - - pls - audio/x-scpls - - - pml - application/vnd.ctc-posml - - - png - image/png - - - pnm - image/x-portable-anymap - - - pnt - image/x-macpaint - - - portpkg - application/vnd.macports.portpkg - - - pot - application/vnd.ms-powerpoint - - - potm - application/vnd.ms-powerpoint.template.macroenabled.12 - - - potx - application/vnd.openxmlformats-officedocument.presentationml.template - - - ppam - application/vnd.ms-powerpoint.addin.macroenabled.12 - - - ppd - application/vnd.cups-ppd - - - ppm - image/x-portable-pixmap - - - pps - application/vnd.ms-powerpoint - - - ppsm - application/vnd.ms-powerpoint.slideshow.macroenabled.12 - - - ppsx - application/vnd.openxmlformats-officedocument.presentationml.slideshow - - - ppt - application/vnd.ms-powerpoint - - - pptm - application/vnd.ms-powerpoint.presentation.macroenabled.12 - - - pptx - application/vnd.openxmlformats-officedocument.presentationml.presentation - - - pqa - application/vnd.palm - - - prc - application/x-mobipocket-ebook - - - pre - application/vnd.lotus-freelance - - - prf - application/pics-rules - - - ps - application/postscript - - - psb - application/vnd.3gpp.pic-bw-small - - - psd - image/vnd.adobe.photoshop - - - psf - application/x-font-linux-psf - - - pskcxml - application/pskc+xml - - - ptid - application/vnd.pvi.ptid1 - - - pub - application/x-mspublisher - - - pvb - application/vnd.3gpp.pic-bw-var - - - pwn - application/vnd.3m.post-it-notes - - - pya - audio/vnd.ms-playready.media.pya - - - pyv - video/vnd.ms-playready.media.pyv - - - qam - application/vnd.epson.quickanime - - - qbo - application/vnd.intu.qbo - - - qfx - application/vnd.intu.qfx - - - qps - application/vnd.publishare-delta-tree - - - qt - video/quicktime - - - qti - image/x-quicktime - - - qtif - image/x-quicktime - - - qwd - application/vnd.quark.quarkxpress - - - qwt - application/vnd.quark.quarkxpress - - - qxb - application/vnd.quark.quarkxpress - - - qxd - application/vnd.quark.quarkxpress - - - qxl - application/vnd.quark.quarkxpress - - - qxt - application/vnd.quark.quarkxpress - - - ra - audio/x-pn-realaudio - - - ram - audio/x-pn-realaudio - - - rar - application/x-rar-compressed - - - ras - image/x-cmu-raster - - - rcprofile - application/vnd.ipunplugged.rcprofile - - - rdf - application/rdf+xml - - - rdz - application/vnd.data-vision.rdz - - - rep - application/vnd.businessobjects - - - res - application/x-dtbresource+xml - - - rgb - image/x-rgb - - - rif - application/reginfo+xml - - - rip - audio/vnd.rip - - - ris - application/x-research-info-systems - - - rl - application/resource-lists+xml - - - rlc - image/vnd.fujixerox.edmics-rlc - - - rld - application/resource-lists-diff+xml - - - rm - application/vnd.rn-realmedia - - - rmi - audio/midi - - - rmp - audio/x-pn-realaudio-plugin - - - rms - application/vnd.jcp.javame.midlet-rms - - - rmvb - application/vnd.rn-realmedia-vbr - - - rnc - application/relax-ng-compact-syntax - - - roa - application/rpki-roa - - - roff - text/troff - - - rp9 - application/vnd.cloanto.rp9 - - - rpss - application/vnd.nokia.radio-presets - - - rpst - application/vnd.nokia.radio-preset - - - rq - application/sparql-query - - - rs - application/rls-services+xml - - - rsd - application/rsd+xml - - - rss - application/rss+xml - - - rtf - application/rtf - - - rtx - text/richtext - - - s - text/x-asm - - - s3m - audio/s3m - - - saf - application/vnd.yamaha.smaf-audio - - - sbml - application/sbml+xml - - - sc - application/vnd.ibm.secure-container - - - scd - application/x-msschedule - - - scm - application/vnd.lotus-screencam - - - scq - application/scvp-cv-request - - - scs - application/scvp-cv-response - - - scurl - text/vnd.curl.scurl - - - sda - application/vnd.stardivision.draw - - - sdc - application/vnd.stardivision.calc - - - sdd - application/vnd.stardivision.impress - - - sdkd - application/vnd.solent.sdkm+xml - - - sdkm - application/vnd.solent.sdkm+xml - - - sdp - application/sdp - - - sdw - application/vnd.stardivision.writer - - - see - application/vnd.seemail - - - seed - application/vnd.fdsn.seed - - - sema - application/vnd.sema - - - semd - application/vnd.semd - - - semf - application/vnd.semf - - - ser - application/java-serialized-object - - - setpay - application/set-payment-initiation - - - setreg - application/set-registration-initiation - - - sfd-hdstx - application/vnd.hydrostatix.sof-data - - - sfs - application/vnd.spotfire.sfs - - - sfv - text/x-sfv - - - sgi - image/sgi - - - sgl - application/vnd.stardivision.writer-global - - - sgm - text/sgml - - - sgml - text/sgml - - - sh - application/x-sh - - - shar - application/x-shar - - - shf - application/shf+xml - - - - sid - image/x-mrsid-image - - - sig - application/pgp-signature - - - sil - audio/silk - - - silo - model/mesh - - - sis - application/vnd.symbian.install - - - sisx - application/vnd.symbian.install - - - sit - application/x-stuffit - - - sitx - application/x-stuffitx - - - skd - application/vnd.koan - - - skm - application/vnd.koan - - - skp - application/vnd.koan - - - skt - application/vnd.koan - - - sldm - application/vnd.ms-powerpoint.slide.macroenabled.12 - - - sldx - application/vnd.openxmlformats-officedocument.presentationml.slide - - - slt - application/vnd.epson.salt - - - sm - application/vnd.stepmania.stepchart - - - smf - application/vnd.stardivision.math - - - smi - application/smil+xml - - - smil - application/smil+xml - - - smv - video/x-smv - - - smzip - application/vnd.stepmania.package - - - snd - audio/basic - - - snf - application/x-font-snf - - - so - application/octet-stream - - - spc - application/x-pkcs7-certificates - - - spf - application/vnd.yamaha.smaf-phrase - - - spl - application/x-futuresplash - - - spot - text/vnd.in3d.spot - - - spp - application/scvp-vp-response - - - spq - application/scvp-vp-request - - - spx - audio/ogg - - - sql - application/x-sql - - - src - application/x-wais-source - - - srt - application/x-subrip - - - sru - application/sru+xml - - - srx - application/sparql-results+xml - - - ssdl - application/ssdl+xml - - - sse - application/vnd.kodak-descriptor - - - ssf - application/vnd.epson.ssf - - - ssml - application/ssml+xml - - - st - application/vnd.sailingtracker.track - - - stc - application/vnd.sun.xml.calc.template - - - std - application/vnd.sun.xml.draw.template - - - stf - application/vnd.wt.stf - - - sti - application/vnd.sun.xml.impress.template - - - stk - application/hyperstudio - - - stl - application/vnd.ms-pki.stl - - - str - application/vnd.pg.format - - - stw - application/vnd.sun.xml.writer.template - - - sub - text/vnd.dvb.subtitle - - - sus - application/vnd.sus-calendar - - - susp - application/vnd.sus-calendar - - - sv4cpio - application/x-sv4cpio - - - sv4crc - application/x-sv4crc - - - svc - application/vnd.dvb.service - - - svd - application/vnd.svd - - - svg - image/svg+xml - - - svgz - image/svg+xml - - - swa - application/x-director - - - swf - application/x-shockwave-flash - - - swi - application/vnd.aristanetworks.swi - - - sxc - application/vnd.sun.xml.calc - - - sxd - application/vnd.sun.xml.draw - - - sxg - application/vnd.sun.xml.writer.global - - - sxi - application/vnd.sun.xml.impress - - - sxm - application/vnd.sun.xml.math - - - sxw - application/vnd.sun.xml.writer - - - t - text/troff - - - t3 - application/x-t3vm-image - - - taglet - application/vnd.mynfc - - - tao - application/vnd.tao.intent-module-archive - - - tar - application/x-tar - - - tcap - application/vnd.3gpp2.tcap - - - tcl - application/x-tcl - - - teacher - application/vnd.smart.teacher - - - tei - application/tei+xml - - - teicorpus - application/tei+xml - - - tex - application/x-tex - - - texi - application/x-texinfo - - - texinfo - application/x-texinfo - - - text - text/plain - - - tfi - application/thraud+xml - - - tfm - application/x-tex-tfm - - - tga - image/x-tga - - - thmx - application/vnd.ms-officetheme - - - tif - image/tiff - - - tiff - image/tiff - - - tmo - application/vnd.tmobile-livetv - - - torrent - application/x-bittorrent - - - tpl - application/vnd.groove-tool-template - - - tpt - application/vnd.trid.tpt - - - tr - text/troff - - - tra - application/vnd.trueapp - - - trm - application/x-msterminal - - - tsd - application/timestamped-data - - - tsv - text/tab-separated-values - - - ttc - application/x-font-ttf - - - ttf - application/x-font-ttf - - - ttl - text/turtle - - - twd - application/vnd.simtech-mindmapper - - - twds - application/vnd.simtech-mindmapper - - - txd - application/vnd.genomatix.tuxedo - - - txf - application/vnd.mobius.txf - - - txt - text/plain - - - u32 - application/x-authorware-bin - - - udeb - application/x-debian-package - - - ufd - application/vnd.ufdl - - - ufdl - application/vnd.ufdl - - - ulw - audio/basic - - - ulx - application/x-glulx - - - umj - application/vnd.umajin - - - unityweb - application/vnd.unity - - - uoml - application/vnd.uoml+xml - - - uri - text/uri-list - - - uris - text/uri-list - - - urls - text/uri-list - - - ustar - application/x-ustar - - - utz - application/vnd.uiq.theme - - - uu - text/x-uuencode - - - uva - audio/vnd.dece.audio - - - uvd - application/vnd.dece.data - - - uvf - application/vnd.dece.data - - - uvg - image/vnd.dece.graphic - - - uvh - video/vnd.dece.hd - - - uvi - image/vnd.dece.graphic - - - uvm - video/vnd.dece.mobile - - - uvp - video/vnd.dece.pd - - - uvs - video/vnd.dece.sd - - - uvt - application/vnd.dece.ttml+xml - - - uvu - video/vnd.uvvu.mp4 - - - uvv - video/vnd.dece.video - - - uvva - audio/vnd.dece.audio - - - uvvd - application/vnd.dece.data - - - uvvf - application/vnd.dece.data - - - uvvg - image/vnd.dece.graphic - - - uvvh - video/vnd.dece.hd - - - uvvi - image/vnd.dece.graphic - - - uvvm - video/vnd.dece.mobile - - - uvvp - video/vnd.dece.pd - - - uvvs - video/vnd.dece.sd - - - uvvt - application/vnd.dece.ttml+xml - - - uvvu - video/vnd.uvvu.mp4 - - - uvvv - video/vnd.dece.video - - - uvvx - application/vnd.dece.unspecified - - - uvvz - application/vnd.dece.zip - - - uvx - application/vnd.dece.unspecified - - - uvz - application/vnd.dece.zip - - - vcard - text/vcard - - - vcd - application/x-cdlink - - - vcf - text/x-vcard - - - vcg - application/vnd.groove-vcard - - - vcs - text/x-vcalendar - - - vcx - application/vnd.vcx - - - vis - application/vnd.visionary - - - viv - video/vnd.vivo - - - vob - video/x-ms-vob - - - vor - application/vnd.stardivision.writer - - - vox - application/x-authorware-bin - - - vrml - model/vrml - - - vsd - application/vnd.visio - - - vsf - application/vnd.vsf - - - vss - application/vnd.visio - - - vst - application/vnd.visio - - - vsw - application/vnd.visio - - - vtu - model/vnd.vtu - - - vxml - application/voicexml+xml - - - w3d - application/x-director - - - wad - application/x-doom - - - wav - audio/x-wav - - - wax - audio/x-ms-wax - - - - wbmp - image/vnd.wap.wbmp - - - wbs - application/vnd.criticaltools.wbs+xml - - - wbxml - application/vnd.wap.wbxml - - - wcm - application/vnd.ms-works - - - wdb - application/vnd.ms-works - - - wdp - image/vnd.ms-photo - - - weba - audio/webm - - - webm - video/webm - - - webp - image/webp - - - wg - application/vnd.pmi.widget - - - wgt - application/widget - - - wks - application/vnd.ms-works - - - wm - video/x-ms-wm - - - wma - audio/x-ms-wma - - - wmd - application/x-ms-wmd - - - wmf - application/x-msmetafile - - - - wml - text/vnd.wap.wml - - - - wmlc - application/vnd.wap.wmlc - - - - wmls - text/vnd.wap.wmlscript - - - - wmlsc - application/vnd.wap.wmlscriptc - - - wmv - video/x-ms-wmv - - - wmx - video/x-ms-wmx - - - wmz - application/x-msmetafile - - - woff - application/x-font-woff - - - wpd - application/vnd.wordperfect - - - wpl - application/vnd.ms-wpl - - - wps - application/vnd.ms-works - - - wqd - application/vnd.wqd - - - wri - application/x-mswrite - - - wrl - model/vrml - - - wsdl - application/wsdl+xml - - - wspolicy - application/wspolicy+xml - - - wtb - application/vnd.webturbo - - - wvx - video/x-ms-wvx - - - x32 - application/x-authorware-bin - - - x3d - model/x3d+xml - - - x3db - model/x3d+binary - - - x3dbz - model/x3d+binary - - - x3dv - model/x3d+vrml - - - x3dvz - model/x3d+vrml - - - x3dz - model/x3d+xml - - - xaml - application/xaml+xml - - - xap - application/x-silverlight-app - - - xar - application/vnd.xara - - - xbap - application/x-ms-xbap - - - xbd - application/vnd.fujixerox.docuworks.binder - - - xbm - image/x-xbitmap - - - xdf - application/xcap-diff+xml - - - xdm - application/vnd.syncml.dm+xml - - - xdp - application/vnd.adobe.xdp+xml - - - xdssc - application/dssc+xml - - - xdw - application/vnd.fujixerox.docuworks - - - xenc - application/xenc+xml - - - xer - application/patch-ops-error+xml - - - xfdf - application/vnd.adobe.xfdf - - - xfdl - application/vnd.xfdl - - - xht - application/xhtml+xml - - - xhtml - application/xhtml+xml - - - xhvml - application/xv+xml - - - xif - image/vnd.xiff - - - xla - application/vnd.ms-excel - - - xlam - application/vnd.ms-excel.addin.macroenabled.12 - - - xlc - application/vnd.ms-excel - - - xlf - application/x-xliff+xml - - - xlm - application/vnd.ms-excel - - - xls - application/vnd.ms-excel - - - xlsb - application/vnd.ms-excel.sheet.binary.macroenabled.12 - - - xlsm - application/vnd.ms-excel.sheet.macroenabled.12 - - - xlsx - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - - - xlt - application/vnd.ms-excel - - - xltm - application/vnd.ms-excel.template.macroenabled.12 - - - xltx - application/vnd.openxmlformats-officedocument.spreadsheetml.template - - - xlw - application/vnd.ms-excel - - - xm - audio/xm - - - xml - application/xml - - - xo - application/vnd.olpc-sugar - - - xop - application/xop+xml - - - xpi - application/x-xpinstall - - - xpl - application/xproc+xml - - - xpm - image/x-xpixmap - - - xpr - application/vnd.is-xpr - - - xps - application/vnd.ms-xpsdocument - - - xpw - application/vnd.intercon.formnet - - - xpx - application/vnd.intercon.formnet - - - xsl - application/xml - - - xslt - application/xslt+xml - - - xsm - application/vnd.syncml+xml - - - xspf - application/xspf+xml - - - xul - application/vnd.mozilla.xul+xml - - - xvm - application/xv+xml - - - xvml - application/xv+xml - - - xwd - image/x-xwindowdump - - - xyz - chemical/x-xyz - - - xz - application/x-xz - - - yang - application/yang - - - yin - application/yin+xml - - - z - application/x-compress - - - Z - application/x-compress - - - z1 - application/x-zmachine - - - z2 - application/x-zmachine - - - z3 - application/x-zmachine - - - z4 - application/x-zmachine - - - z5 - application/x-zmachine - - - z6 - application/x-zmachine - - - z7 - application/x-zmachine - - - z8 - application/x-zmachine - - - zaz - application/vnd.zzazz.deck+xml - - - zip - application/zip - - - zir - application/vnd.zul - - - zirz - application/vnd.zul - - - zmm - application/vnd.handheld-entertainment+xml - - - - - - - - - - - - - - - - - - index.html - index.htm - index.jsp - - - diff --git a/src/test/docker/shibboleth-idp/credentials/tomcat/keystore.jks b/src/test/docker/shibboleth-idp/credentials/tomcat/keystore.jks deleted file mode 100644 index 5e4b2a4..0000000 Binary files a/src/test/docker/shibboleth-idp/credentials/tomcat/keystore.jks and /dev/null differ diff --git a/src/test/docker/shibboleth-idp/keys/SHIB_PGP_KEYS b/src/test/docker/shibboleth-idp/keys/SHIB_PGP_KEYS new file mode 100644 index 0000000..b24752c --- /dev/null +++ b/src/test/docker/shibboleth-idp/keys/SHIB_PGP_KEYS @@ -0,0 +1,1273 @@ +This file contains the PGP keys of Shibboleth Project developers. + +To import these keys into your keyring: + + pgp < PGP_KEYS +or gpg --import PGP_KEYS + +pub rsa4096 2020-02-05 [SC] [expires: 2024-02-05] + 6D18FD63708FCCA079B68CCE026691839355EBCA +uid Henri Mikkonen +sub rsa4096 2020-02-05 [E] [expires: 2024-02-05] + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF46zL0BEACUeQllAAViSlyL8uFBCjlCXdH12GpDL9y8fubm+N50ofonIloA +YLbJtETVrqpxfeh+SDiERbEG5W02fbM1y3wdSjef0jzAEP3PoXydv/SdNKvomvBP +U7I9eALgHJI4Nkqzf8ggTrOBHcWbRIRGbVXFRhOE1Z86akmVz3fe3aQzddvzAS7I +YYX0RxbKiNt8iaxUXUo+P1LopD9Zo2I1NTY8u27RuhtxBr5tnHnsuf38mzjG/l6U +RzJ8qhHJr6D4E+MLqRo9ndTREOT/d1TeJUvQddXC59VEL75TrYCEc2v/NZ5m9fD6 +yg0+oqgyrQHmZhPVOqoJiz0lkd3rl7lUqCH9yjREr1H5PUchiuhBKBOogwtirqw3 +NMKH6bs0Bu6qUy5fIJRqjxKVv+6fOEty/xnp0xN7xoBEUPEt1M/V3ewwH1zhOwTo +g4cr4zhTT9RNno3eM0eenEQYapQZ8dFmrNVmhvx9VJlshYGyakrxPwrF3coyC3hh +HjWE9SzmoyGmmbRgvJVt//SqoGpDyaM+d1hPys9tX2N/E1TlwZiD2brWAtjr2K49 +NC9Skizw4qHAbphq4EMGCKzrp9ksnBvwZAY9JjL0JvdjAabqkyRFVh2Mpm5xSxbw +d+Twryh5hXaT/EQXsKMC1WlQnIDREjHpm1UOXTzcsFPa9tEW8XUftPWbQQARAQAB +tCZIZW5yaSBNaWtrb25lbiA8aGVucmkubWlra29uZW5AaWtpLmZpPokCVAQTAQgA +PhYhBG0Y/WNwj8ygebaMzgJmkYOTVevKBQJeOsy9AhsDBQkHhh+ABQsJCAcCBhUK +CQgLAgQWAgMBAh4BAheAAAoJEAJmkYOTVevKwWcP+gLrjnrNxqwEx7/Ly/KdjkGD +0W7aMiQc8acvC9oo74/XXpAD0W1jkK/BXyLH1q/o5Lyjymmm6w7VvEWLSY1Q0+gC +l+hUOqccH572767UrGEeZeJV8+tNhziTU2S7NagK2A0BelHoA3hIhfGmWLJ+ooJe +HZXFCov4ThZOpGzu5d04dEYoOv2jVaWwnrjOBzoKcgws9J6RLX+6gOFhZ3Dh5Rxs +UGhl0ZJuEBQCDT7X9jI4mHsA0Ngo27inb3gxfeCm/ziZhHDV2gZtl777dKVc/sQN +fqGaRGVi1p37La6KKpfIA3KHRjGf4jfg17AQ1Ix+ZgRIpbPXb7fXQHtBElhIbbn/ +VR2CG0Jdchdc4UozelKU6WNsNlcMn3kfTNFosW7+gTiYEGSxZQC9ylSSl1s9oIFM +dvk70u4AgTY6w+27TrTRuEpdARoNZG4NhBTJ8g0BkiX6cHVyc5ir5IOVpmewsxN5 +yLg0ed6OwpcK5V8SwGT60hgkkJp71OeBsnLzyzO3/YoI5GVAIgcwtdzptRUt0iL8 +GUccO3mO6Hm4EfJAZHFWRbxX3ITTfCzw4blbXURlIXkPefprptAYX2+rn/z4iC1F +mJUANl+4WilKuPoAimKGDNi6CvlbckQW2i2i5gsoM3iMxRMsExoZUnoMpfY70Trg +ToF/jwURMQSCsJnZvyQDuQINBF46zL0BEAD9AuFJ7J1R5AOW9OzFTRdyMh4bCOtt +p761l0UmaW5tkgtmKH977E/xB+RhgXTTL7tqWZD3rAt+/uP/4/kAzO9WpaiRnFIC +oZcE1O6BU4+jbl16PJRf20LOfZlsGT5nEmYvTGTIsZYcTalE+iNiFbK3ehe2MOeZ +96GTH+r10zcOI6j0k8fKnkKzs1BeqdbgxBQlqOy4fBoS2tgGYHsqyH4/IHqfQbxM +QPQPxgNE8WMh7CqA3jkOw6tNj/RmsQ1Y8qjVmyQjNFt5p49+UEx2lRkYHfSSQADd +uCbs0D1ccyI3vlvIy5Hn+aLqKR7Y2LpLgCUkXqPWDNv/nTzvbIkbKy6ZNrDyiuq1 +7L/HOnE5nR964zR5fhEMTDBAi/TwT454xkNnnTHhvGKlP2VCe30J8z4O1XoCCy3r +BFImgU0t10lpxnIXiZFu8GeFT2ddgLph8EHXk5M/IjrKGW9I1JV2HgWF5T13Izff +k9dvHETijvGyFpFezJfjRuDP3dzPCsXR4FJJiClXm0S3H+bLYLf0rrWDQzPU3c14 +fdh7HIZsRaZIPM0PjM3as1DMjm5TtuZi089Q78Yi5WdEwivZlvPfVckvTJUGcWhe +sYR6ynQ749ORLz8jjbrhT6DDkjjvzVCepRLsARKRAvVF+I00ddeH0JxvPjHpyyUc +zhKXqTzD813SJwARAQABiQI7BBgBCAAmFiEEbRj9Y3CPzKB5tozOAmaRg5NV68oF +Al46zL0CGwwFCQeGH4AACgkQAmaRg5NV68pV3g/0C7clD4qsIU3TOLMZcWRHzvgp +Z+yhSf80B3TYPempR6aOntqkDWsqVmt7D4nIehdCHfVDyW+PF+Jf17iot7AfsrSy +lTQsOKwMM5Rw05VfqKIZBlJsHnKUmprC3yDV0CdidC9Cq0pQdiVeHzvS7R9HmMPG +da30HikBHiFsYMIS+1hJKa//X75ncKiPc8ypoM7O6HrtArXZiWRjLfpcHBBHbVea +ixOotHM271C3KsWTqURgzCX+GrumMS7QvXnHq4xketuBsVD6X/rlHzLjxSE0p7Tj +G/B2VV1WPkb+QgPDC/1rXIi6NMm9GE/tzbPXTcGHX2irHlvGvotg32vWwehRnqNF +exLuW4t30p+8E27+l03kGILCNLhhAFjjjPp4Vza/E3ZaQprSVBr9gH1HwZKUTThM +EqGmypTmvnmx3Kw6pG0tia4wdLSxfyZh5XltUnwVSqptWdvt5tlceMFJlGxvIuw1 +ubDr97aIVM7kME6E5D59IXDWnxkIbdoAtaeQegO2OeyvbffuKnnX0ogF4Gcu6Zed +ap7nWr2LBEwN3S9+hDIrXfs3QMy3bZIPkVCo0ncwaJPZFIMWWqeUkkjTzOKbQ53P +6REH0FGoCXOH3qTqbS3bPNmyD3TVtN8OwiUZsOr/zu9VdNqUW3oq+aix4tU00pu7 +A+i1fd0Gifis1HhBeA== +=ObHY +-----END PGP PUBLIC KEY BLOCK----- + +pub rsa4096/9A804E97D7079C77 2011-09-28 [SC] + 5E6D6EAE16C3DA75450B219C9A804E97D7079C77 +uid [ultimate] Ian A. Young +uid [ultimate] [jpeg image of size 6036] +sub rsa4096/8DEB9861925A5C31 2016-04-21 [E] [expires: 2020-04-21] +sub rsa4096/8F903CADB1E5A937 2020-02-26 [S] [expires: 2022-02-25] +sub rsa4096/5762741A3B7BA448 2020-02-26 [E] [expires: 2025-02-24] + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBE6DhsEBEACnuSVVQ01RIVgFa+m6Sr/3Smd9wWMPPvRMjfXC4vO/2jJkv1H0 +0fLPo1+JGhMq1z83fty1ej73xyjDR/9AB5sAOWUoH+LfwIBGs/1zXd1nk27TLyrw +VQeig5H2WihbxHTaOGs6RVfk7mOHLJ4CfoOOkuA+MZpCti42udEk7jM7UjPTuLOq +HCxYOQKhPwh+EKElTh1TkJcRg1K2ja4iF4vgoULdXPb4PuMl/aZpiv7Jb+jkaiHJ +U8T6YgdDdfqw7YCZfylVWcMXl2UYX2ITFtrG7xrVi5f6F5El6MrH9UpewjbN1ZfR +Pm1z5BlBQYm1dXXky+gUokyC7JIgc1+cuNsZ1OXZo5bFUdMP2sYg09QEZOYksTsj +0R7enEdoUYusWTHoxqK1c+S6uyf5/E/ujdQGpjTWEM2INuGYHewH7jzInMomOtAO +ZOhArjt+4ExggCJoyGZFr5bVViOcDpOStKXkFchp3dnQJJ7cDTwXxDZHCs0/EteA +osSheq++TQmdbypzxn2BO0BiBrExLKARhOb+rUlFy8CF9jwRkfWzXXuKiu+roAlq +EDYuG1nDgJHyxmAC4KWOz8/3HH6SBl4rlBMjQfyWcU1+CTtaGacUVe1N8BoI3nuC +CYR+/wOr8tAY32rnA/AU38+5v8RHOZWWo48tsfLLxY6z9880Xgc+lqaA+wARAQAB +tB1JYW4gQS4gWW91bmcgPGlhbkBpYXkub3JnLnVrPokCOgQTAQIAJAIbAwIeAQIX +gAIZAQUCToOLSwULCQgHAwUVCgkICwUWAgMBAAAKCRCagE6X1wecd9F+D/4hGwmX +GmBxHQypQ8HsWk8fmXnkCiG7T69CmWwlFLV8wY8ew8kyi40cWuTYc/LKuhhGFd3H +WtZPq9OHt9Qt86XJ1nm5GdztMFyMqojkgMCl7UMbcnwssBoKi0/XJyqI853RnS0W +bFx1BZYGkaeT+yuRf5exCholRhTltlxguA7mGWySPyE9t1yU7xKxbBBsBT94ll1G +UmnHz5j3CzG4Tm1ZEwbYQwxphRP3FnQ3r4VhhCMC6udMcvh7K2T/9Vu45yK4y3YX +91IzSb/XXkYPuoHpYNxXOqUhOTblxl2LLlsPeT98hTOhlgQIyd7YwN/yeJqkwS9N +CA4fYVJDPWkmkXuTU97w1Uv05xK5V+Rk8yuPlk3rAQyi8bTuVXGXtAWirK3cLVyn +KBuQ2XktnytcvDVloSlgg59HoeGB/HT3W9U7kqccMSQXtujOXFfnv7/P/1o3vmaB +LOl7zvSn2dZx5Mk8GZy7596E4VqKBgY4JR1itP0/y9Fm6xlWcPge/Ct+lltiHDxi +WNL0OOIXrspG+TeTSlJe1hYIMpOI0l2GFifxoZ8I/t2ZdhdB8wVNisk8UEwCJqDh +7x3dCe9wctCp6BM3oG7iLG5AEGb9r2ZnfC3qjExH0WZOvZ+iqdUV+T0b+AKwd9Lp +hJXu7rTeF9XQxJ7Vvn/7UJUKoI7Gww931k2lEIhGBBMRAgAGBQJOg4usAAoJEO9A +/CnqKIK7hgUAoOMnypfs8K/35gcHiVApcZWiiYlpAJwOCL4Xde+RoUWdKYNmcv7S +So/cL4kCHAQQAQoABgUCToOp3wAKCRA3i4RUAid5YiPJD/0WtZknlO4Mj1bcgM6P +C3ar/JCZAT+utj3fIMnANeiXnBvR1TEfRKCMXf1R0pvp9/ySEMohiMLRgzudfbbH +k1VgFr2zQ3d7uMXR//ewGE1Nf/1HA7dQCU6VKdPNh8wnXPgn8Iz0PgTe9fFahMqS +GPzcFJdEcVz/8YMvkwEE8PYVphg4Rym2xQD1bGIly92+rAb2A7jCXPCmnTeYmlt1 +TgkUx8UvTN+fyxAYX4amF+IMhvwCtEvLxbFtYnQZSJfZEjUWSce1efRfiF18b8Ad +tw76EaG8RTJtZWCRXngl8wojKJ7oQBF0msS3Iwj1q43kffRoxxWAJDEIFnwE1EzJ +Sf1Lxi+s3ZKBD5Ojx7pN8yDsWBW4Sd/3xp0xJNdw7gsinFBji3zqg7tD+C8CFVAw +4BsBz0CnFu1J41OpuqCdaDUtaVi87kAa9i+DcvgfUTywvBftgF3s8XKd/9WRjwzt +gHh+NhV+RJZ06FkbBM4eC+WTKkwA+h9KIpBW+KrKgCwgIsQRlMajgulWsRjcPvCc +g3yoIZxG8a0MQsGXLyxw+6enalLp5S7D7Dmq6UNzccNb7q0q+4UsR/xYjBMSpuzh +XIv0PNsTDwqAbAQsiHAcaEC1C8ccSQx7s+nXoSQ6x/QXRJMN0xMrAXly19F23sW7 +OZbnQFltXi9IGbQuJx69/G6fFIkCHAQQAQIABgUCTpRTXQAKCRCgs8sJ0rNzU/Ip +D/kB3dWGjWyXku/C8oLoByIAd7Tqaqs4cxesd1iP8QJkg3iVx+wYewFc9IF5BIlk +ThFAKAFKPycPjceIONVz6CHX1epXGNhX+vz0uEMmA1+xio0U4s53zwW+7hd9i9Yo +ZjMyOiURExq7n0ec4e+93XCJ1MKOH22xobkkrZg+mmLRAcI2NpXz58j3luCXAc2d +HBTYvEKCt49HQeGNAu3Bu6q5FLSue/tCti+IJZ2/UZsE7eAVOB5jAwiNig6u7u8y +0PBOr8/IgfzWnKVPtzeonRKJBhmaWBdz1NvHjFA9aMwN07MXZGjeQ6azj9XGgZ2F +4y8k9dJm73wG+c0maCDE0gdqhfxCXiEhljCqwAQ2nFGIRKnqrIFM6cwC0pFY/zid +eYTOApS3GtlO7/4zU+F1Pu7oZ/xlhBD3BXVp+zYMNHmdDNGOAK+oAyrvLisFT6eo +kZBfzYJ7yzklpQMjUOwVtKknFUQbjbYH3YgEfWExk/x2nHkLd+qPqc220rijrBu5 +C9wKtSisyp9V9ayqyp66leMbdeGPT/QA90DEVFPOWZwe6WlPT2oDXc1PY/w9v4uy +tsAdngQIRY8OcGL4wgiuBa5Hqyst6+a8OOD4/A5bkY0XkVv8Rykeq4znXiX6/O0k +FwxH+UnnMjNvhktNKATDnAaACm1wD0I809RZ1/gZu1JC+ohGBBARAgAGBQJPmNGU +AAoJEE03cFthyws/0mEAn0T/Rn/HfwK5oGagDa7NP0WrrnTmAJ9yxXoJQ0wv6DMK +vWgtKzMiDmytMIkCHAQQAQIABgUCT5htygAKCRBXxczVmKFhjPtVD/9Fq+qaTwbT +iNb8kJ1ycah/3YZtb+LhjyvOifgd02k3xeXcfAgC1Dkex9/v/ZJRlBwxA3Fy5uZU +VuTx5O+EOM6WKcIX7vINI8TSXCW1lVSwHYyZPggzKG0cu7RaPXWq7IFqsfz86h/U +IePAXXgpfFmc7R/RiU6JcJYEQeQSssRYe8hw5gbnmGiuV5oVvGVTCyyvv1C3kprn +fzXjubgz5xdoxlJS0RLMPUzfcuoahkDnS10oQbUXB4m38yV8D2LKhwNdsr+piEN/ +kcqplxmHPlZnv/mUd5bEimaEwV7zDdM2CIu7ZXwDqktCLaXIUart0oUXn23DgQca +NJtQWwwSGS1Q/YxYIW4fBf/0TP95oHnwO+RiKHo1peBfxo1AV0wHMEvTXiqrYcQT +bBfBZdJFSgOJKSIBIHrkFpfTPLaBkRpvCbrn7kVISxulbRM8eejeY3bvgSDeCngJ +jok0MdfSWvaiGMwDg4iiwQqnhQJNpS6uvJHbj+7i08gOxDYzncOeIpIVs2XySMGH +giYpfHwS+rh+EhCaeyHglcaBbAqJ6VxP4vCjAY7idMJPk0qbd57z5lXRPBSD3pw9 ++isZW4ttSNNlcse5VLffwIIj+BSM6DjJSOauzq6nyTblMKN0fpIffUqptkTYhWfW +XpF3dh4irU1hZLZLq5gONCtbFfUg/rcwfokBHAQQAQIABgUCURotJAAKCRDe8gNl +V+0nFX6aCAC5bjnL4qcK/Ij9fiOxYpK0ZRu7rK0Wo/ThmBeGDBnLS/w2WA7uO4tR +kSGbmKc6jx+8clg9bUhfx8MKP/HR3GvXwqj+DAywdnI0O4uBmvIdkTsRezSkJ0DN +eBcEPq947PTiLjpLPj046bHQw/T9qRuHtA6pPbw68w0FwRpBzZFvb6jaSiaWiu3M +Fo5ENyy5ZmQMBbD/7UzrKIg3l1UfpFpWjrRNpwcv7G81ls2p2LFWXIzoUwaMi+GH +FLVx8M+Et1rUhwOR/i3XvKTNenDE+UwGRmpo+rJQ7OrjCCZ13vpS5cmh4hXQGwef +pOcXwIKXNoJilL22LyLY1ifjEgT3xMekiQIcBBABAgAGBQJSfQK/AAoJECT9MZQA +lcDhppIQALkzlKVxnDJXE03nr52j9gfm58j9elL7NfwNQoGqIcC2MiHz1ZKh+XMy +RgxoneMUN29wfpMwNnLNWtN8yyvVdR9XDr4wo5fHMHpinwArVg48YX9vAbWBNBWQ +9dK59jq4EqBXQpmu5jY/YVCJHZ84PeW7ae3J9GF2NmkeOChLsQShmD4l6gC4K7LL +GsW5tpK0Nn1y0dqEy6Hy3I+v+Gd0xK+zYpuMrZ/4L9V4kzBJsxVZq6jYKv72pDKP +qpQojH9/dxz+3F7Iv+GpEMw9uBkuyNba5ZpLacGL+e00SAMjv7lk2HdQdhGBOhGv +4W0xzGPOoIYznLBCdX8dTQ7sbcgqnT14jOuAn96rlC9GI3vudJPANREwtjdj2fzi +i3Vl+D8IFsNxCVYiXh84GXjLhB15wiFBLkiYYBnljBFlEZ3gFHX05eme669gpZOS +E6qhhpNcsuWxH8Nrl/ZtbHWTleD8y9ysvJLeUylnNZfLzNzDYYVSvFI9ETsddtd5 +N4Q+BamQ4UcCH4TbxO5PpbxSXs2wDPMtEBvpPtt2jEKH4FG3CUirXSOzy1mzyXfB ++PA6AQzefMFLB1UvhtZ/oul7pqWFnIr1hiFrc2gnr29Ii/xoHVtbfue9AFjz8S4B +V1E3SD08564NzWr6jvYb4IU6MfQFq1a4xzVtOJAGOcGupKQJLipNiQEcBBMBAgAG +BQJTeIdOAAoJEBTitMubYA+R4iQIAOD+1zJrrJAqDdri/Ga8mAHkJGLOcLIjnWij +8lBkpbsgL2HM1izknYDem3eZJ9nmCTIU8wmiIVo1yCCR0Zv2+N9DWWmQy0oF8eFI +LISwVOSs2hDFJXpsVWuzsp22gVPAbehHeY4cId2Q40ZLF8ALZFyBy/rgqpVlGdcm +qOktHzWznUTe4I5sV3NnbwtKZZQg838by6uzbqDilGU1auu/2wCVewvBsD9hqoom +SIkbeEk3FRz8nGDHZfPT8QdcIKPZ79DNp8oobdv/wvcEgUFNBuijJZCWGDiecAmj +L9I2HieUI+xfiBOac+ZLNcaSdSWSOArprFBdSSTu2fVMiEbEbquJARwEEAECAAYF +AlN4hvoACgkQSH3u30mg8s4QmggAvWtt+kXXwnf5IaJijior/ropmdyki6OnRqQ1 +OPld3/ITPbH+7omAdAENVVhxaVBCSmH5RyAezR78/5ifQnAuNh3V8EcrscAAsm6K +haFyryaFP9p3edO5nercwiZnlu48WihyLdQsNQUiLNlaoG1fGk0O6oQNcAQXbyp8 +tISzm73Outsfh6uNb3SyvQ8YHM3fcDrrw+rLL/jgxTEZjJ1k0uwyr7j97+eW32KU +rpqA5eFYJw6BxX4JrI1lkrlrortMTExD2mam31UnUzT+QBtdsvzmdDhByo/vE1Xx +9bzfXxIl10nSP3BbB5r4gmjkqG9Z7GGXL4qnnmfVfws+UZc6aYkCHAQQAQgABgUC +U3tfXgAKCRCv9gch+Gi1mnNaD/93P7UDDu5dzrWUnGVAg213suesl5ZuIl32EuKa +oqAOIni1U2Te6ZpqJKMaGQt75OG7lXE67vtXHTCrGo3hdYKjwPQfi5NUHxMKiHqc +1n8MkrKOwNIqSJJEo80xTNEhHX2dMTz9tZTDAtcMJEX6rxUItZKGavnxponUoKkJ +XmOhrtfWdKoNDL6adL3bxnpkJQjhUUl9ULeI4yDDR0elaraKoryl4eq8lKw9xzXF +EqI2T8HmT0E1c2Fzchn+FWgPbHmVtnJQTY3VAmTG0XrQEy6usgTTms3cK2Obk/5d +J0wI6m7rixt5K0TKLT7wfzVnsmcoqs2ap0qZ2KA7wnb9Tq9fwoPXtzEBV/UrI+/t +ZMlVgeMG1rsO6PVFrR6oYOqjD6eLiWNPlJ+N5EXhK9Grf4kW/2Sv10SYKkHfmqRR +vlt/GJorsFhp2TDpHj6bdHYV4WM1F9wmNLy/nx+BddDUqeTvZW0r7P5HzOWXpBSn ++qPamBiJYgsVlXilx7BWpMg9hWSeorzt/oaLAyGG2XiHbLX2LPT4Y0XtlnlvFsRg +oP4o6/3Od0xRC34gPHX5hokxgnvtJ1I1rOCeLeeVTWckaTL+P/xsKQ3ACyhWwX9Y +NoQex+sgSEoElzoIyknBNrsoI5TWCYT0+QErCAqMAktLAJw6mstaLuhZDzpvJuFW +XzsGmokCHAQTAQIABgUCU3ybWgAKCRCyay9NBGPKMm0VD/9snwg94Kfy7gq50cfn +5jZh9B7Q8oxifBqrlaAH0vWoQ94FQR9wyr/wYVMm7iHlSbDwbbP5ieLESwiRukC6 +VPxVPpiT7LEwLXU/2akncKd90Qn6vBhPUC5/Q1TBpzJXM79EGscgvO5MHyO+PLaK +B7J+opV2AqEWaiEoFHyQflgc30xj0FN/iTcmvzM9zBrizvdIA0ENZ4SSiMBj/irV +5Y9JJZYRmzW/qKS4/6VNWnV8IOvHQrQcij6eYn8yWhkdv56PoaAl/LVnJsfupJS2 +FXXr/CGGk23EwlZcBOCtyaf+QvEKRN4ZXAcAbm1GWJ84s+uvhSr6MfqGR91Z9bsg +LzOH1xj2RfQnlSJaxMkjX+dH2rstt4t7NEoD5FPi1mE9ywdFEmKkdoxRJLx2AQxx +BG1eDK+gDF4O1bztDFjLEVln3SBO0V9qmqEO+J0trTKc8rXdZmmqIxDIKGefPXNS +UYjDIeFysFS7Pn5qebmZBwzd9vpU82o9TzQlieVIYWM7m9J36yskNK8XNAItRB2n +CupDintxDPZ1MzoUwptiHx04eMjmoJn7CTbVfh+GCSjXE2TI+Yruh26cuG74b3mH +XDyQU4Y0z9JCVwIFY0v97PmUaVSuIJWRAi1LowsI2PQ3diPUd19FQg+yLYdacSYt +RBPmgNwfcck2PoBhwRw/MQmX1tHW59blARAAAQEAAAAAAAAAAAAAAAD/2P/gABBK +RklGAAECAABkAGQAAP/sABFEdWNreQABAAQAAAAlAAD/7gAOQWRvYmUAZMAAAAAB +/9sAhAANCQkJCgkNCgoNEwwLDBMWEQ0NERYaFRUWFRUaGRQWFRUWFBkZHR8gHx0Z +JycqKicnOTg4ODlAQEBAQEBAQEBAAQ4MDA4QDhEPDxEUDhEOFBUREhIRFSAVFRcV +FSAoHRkZGRkdKCMmICAgJiMsLCgoLCw3NzU3N0BAQEBAQEBAQED/wAARCADlAMgD +ASIAAhEBAxEB/8QAlAAAAgMBAQEAAAAAAAAAAAAAAAQBAgUDBgcBAAMBAQEAAAAA +AAAAAAAAAAABAgMEBRAAAQQABAQEBAQFBAIDAAAAAQARAgMhMRIEQVFhBXGBIhOR +oTJCsdEUBvDBUiMz8WJyFUMk4aI1EQACAgECBgEEAAcAAAAAAAAAARECITEDQVFh +cRIygfChIgSRwUJighMj/9oADAMBAAIRAxEAPwD2BJQ7KHUKiS4KOKgFm+aMygZD +gFSZADHJRhxVCTIlsggCs9xIZB1Ua7S88uAVCTrYLvXjESSHBFcQxJ5q4mIYn+Cq +kCBIH0yDg9VynMZZ8gkM62SBln0KU3U2JIxk4AP5KsNxqOYJ/mFWyQ06pc8kmwgv +XYR6D92LrhfZGUyXwETgFWdzyiRgMD8sQoviHhbyz8HQ2EBTAFmwBxwXTcERABHq +lgByRQwIBxYhvAhc94WvgcwQfijgHE51buVE2ieOJWpTvYSDSPq4BYWqMIGc2x+k +DF3KuLZYTbSwy6ITgGj0QmDkrArL2u60gxl0ZPwmJY8FUyTB1c8OKOarqLc1IL58 +ExEuh8VGYUdEAWfBChwhAEZox5ofMZc0fyQADl+Cl1A6IyQMpZNhjgqVysJyaJRI +vI8ei7CLV/mkxpHKQAx4hRrbL4KLJMS5OKXlYW59eKlspKTtZeGI4jglrLdUtQwI +XP1zzLjnyUxosmMj5qXYtUFrLNMmyxxV7LJ6Iv8AVJgR04rt+kMi4i/5qk9tZH6o +uSpll+ArqlZI6Q0Y4R6lWttlpkI8I6fNVthdqIIOHJcpn0h/UeACckup2G4IAIP2 +D81yvslbOEMfHkOK5+r1SP1TwIHyiuFlsvUAdMiPTIcMPxRIvEa/UVwIjWxk+J+2 +IC52WGyX1GQJwi34dEh7goAiPXPk78MynNrOUhqYAnMZEoTE6wPVkuwLks/Rlo7W +emZBPgEjX/bGojGRcq9ciLNUsuatEGyDghc6JiUcMRwXV1ZIeKhvmpUdUCBCEIAk +fgjH4IUoAGUH5KRj55qLDpiSgZSvTqLDGWLrtJjHAPiuNNZwIL8wmSJCLDLmpKQl +bxwx5qsKYnGfwXW2JJbgFEcwc1lZm9a4Jr28BkF2FUfNEHKvkG5pFwQIAearOuEh +6guihIIELNmC5ctyzS9nboEanfotQs6rIAIkUGNPZSxw6Ok7u3MNTP8AxwW9MJO4 +4FEhB52eyAueA0niT/NPbakVMHYcCcc10sYFyHb4rvREMJNqicD4Kqsjck7QrhlM +gH+MlayNYGAIJ4vgqSEYx0l+hPBcZSLMCWOb8FZjA3sZGFmgSJBOXJaXisjYXCNg +ifuwda/JWtBW1DDPmoUoGCZIBCAhAB0U9VDqX+KBgOSibAY4upCraQIkpAWpADHM +pqwtWwxJxJSdMwAOCYslIxAUstC08M+KrXmym0tIuoqOKxtqdFdBiA9Ku3JVjyHm +rOfHmgYdFDZBsApy8FAkxKBlJBjgFztXSQxwK5zwd8eSTGkLWECKWsB0dSu9mODs +XXG5tJRIMzZk6yOHFNbPUDpOMfzSkydZCe2kTpAz5hOmpnuaF9wJR9Mvp4eKRnKU +cRiBmFrb6pqxLM5LEtlKD4kl+PFaMwRo9q0ytkWeOYK11ndmgBt/cZieHgtE/wDy +tK6E21Ix/NHh5oQ6ZIYIQ6EAQ6nDNR/BUIAsDxXLcyOhxi3AKz/6KtgePJEAUokc +DLiE5O0GLg5LMluIx9LZZqTf6XJwKhvBotRiRf8ANWgQGS+tgH4rtSQcTw4rFnQs +IZiSVYOucJA/SXV9QCIHIEsgEFGqJxBwVX9WBRA5ILu6pbE6eWC6OHzxXO2YLsUg +nIoPqMkvdLMJyIDF0puBEFnDlEBJl2Taae2loNkWykBhyWdujpmOuDK22v0zDcwi +mGTdTWTe3dgMQHyCxLyJExIeTuyeluNRL5AMfJIyHuWxBHqJwkMwCtmc6N3t8dO0 +rwzDlMk/NUqgIViIyACuwVpENkBCkBR+CYgQhCABR/JSG+CqgAVZjVEjmpKDzQBl +3SFYkTzxfmuWz3MNxea3BNbEjxVu4XVVXiFuVhAHjzKRnsK+22z7jVLQQD7oJ9Gn +mVjZ5a5anRWkJWePLQ2ZEY9Eld3OMAa4AlsGjiSUtZ3OW5NdG3IibAZ2WFiIwjy5 +mRXDdiVdZMHtsl9EX4qDWMpFtx347Wt9ekl2GZfwSo/cHcdUXthCEiGJkOPksrcb +PcXU7i6iGqdMXlYQ+o5EQHILN2tNm63kNrGc50iQ1GQA4YkAZMq8JUidlVx/I9nX ++69ttrPa3V2qePpiDLLktLa9+225AMdY/wB0okBecq7LXa9dkfcgCzS4/wDE5hMd +t7lt9gbu37/cQEtpIaJzIEpVyGqD9QM1MDajX7G3uu97SkSm5LcgVjbn957VzCt4 +46dUonApTvXfNlZZVttnZGyybyJjiNPIHmvNjY2b/eCFk9EHxbhjl4oXWASdlhvB +6Afu2w6o1k2T/pIAj1xdcbP3TvJPI7aIEeUi5+S81ue07vbX/pzVIWCRawOXjw0s +tGztu62lcZSmSREGUjwPLqFVqQLbfk4af12NSnvf6p/cgYtiDmPknqLnhqjiMwRx +6LGprFohbGOi/i2Trrub7NlODVzn+qyhDhIZyCz4l2xMmqe8UDcHbSkPdkAWfgtD +Z3x/U1zOEZEBz1Xlz22qVw3knNpDmL5YZLrTHcW9020NchXCQaIOGJVu8Ebex5zm +Imfg+kAMMfgj5oQug4wJQ/xUKAeDIAnEIQ6ECIkHDZIUqDzQMgqJEDqFJUFMBLuF +EbBGZGMSMUluBG4y29oE65xMZxORiRktS8PBuoWTnupgn6cAsb4b6nRty0v7W/uZ +/bex7La9w3G028TXXOmFsQZE46jGTOn7tpZAiB+k4FuStfVbrp3u2jr3O1f+27e5 +XL66/HiOq0K76N3ULai8DmCGlE/0yHArN5Nko0M6vbSrDVtHk6pHYVVWGyIhAy+o +wixK1/08JDVmFU7SB4YcU0+oNiFPpLRg+rIpTt3b9tu+69w3VsI2iM4UwkQDjCPq +bzT+/uO2ia9uBLdzH9uP9IP3y6BW7Ts47LbQpcmR9U5HMyljIlDfAcavoYH7o7ft +9rXVvKaxEU2RNjD7TgSPikqJCq0SkGB4jIr1PfduNxsba5BxIEMvL7OyFMI0boNU +PSLWwDf1JNlVUZieZp6JWwEq7MsQWcpPcbaVg/uSMwOHD4LV2+0pMdVZeBxEolx8 +kwNlBieBSbbDy5GTse2RrHuSDPw4Lhv6P/dpIGFcZyL8NTRAWvfu664mqhrbshCO +IHWUuAWbbCQB9yWu04zlkOgj0CnQWWxaqUTZ7ZzbUOo4pzZbY2942+jAAOfALMvs +9qwSAcyGkeC9P+34CU52yHqhAR8ziVVVLSE26VvbnK/ibxxyyQVCCy6jgD8UKHxU +8EACEITESVHFSow+KBkHwUMp4ugskBytfSMOOHksfdQjXv8A3B9MwD4PzWxafSwz +BwPBI76oemX3DLy4LHdWTp2fR9ytMvUxwfJdbNtXZMWRJruIYzhg/wDyGUvNJUzy +xD5utCuwBi+eRWZsjmId2rkRXdVOPKcCD/8AUqRDutgMbbo18/aixbxk6ahcBkxP +FFl4ET1QOBOO2r2xceuZOJOMn6krvT6ydWCU3G4spjK7QZsMIqdhvvfELJwNMyHl +XL+RQhxxGt5AGowIwZeWsBhZJhqhE4+C9Lv99XCqUiWADrxdneTZupRqhqrJIlZw +flEIcDrJubftextj7tGqgyxemZhj4DBdpdnrMf7tlt0eU7JEfAMk+022QBH2nhyW +vOzVEY5cEl1BqGJR28aXjACFY+mISm7AZ3z4J22wAl/NIXzEweaCcyJWVwnOBmHM +SCOq9V2KvTtZWHOybnyXmiMIgM+r4DNen7Lq/RgS+nUdPULTa9vgz33/AM/8jRCn +xUBkH+CtzjBA6Krt5KXCYi2DoVXYoQBZ+SEICQEIOKHKjFAyk4iUCOeSz99eIUyF +gIlFv4C0iea5WiMokEOOqm1Z6Gm3uusqJTMSkiXr+7iOjp4GWnrwSFsRVaYu3Lw5 +JyqZLH4LBrMHTS05O0SQ7q4ALykWiFWJcE5Bwld9uq67I1ks+JdJlyV39/uGO3rJ +GOJGbDNK+1NtQk9hYgcmySV/d9pXuRGsmYcxMYgyLeStX3AynKZjKGp9LgjA4IS1 +Yo3H6rBx3VW73YlCdoEISGqI4ul7u0HbkSyGoB8s+PktH3KoRlKMjKU2f0ngk+4b ++UwxqlYw+2JzATjBSruSd9juYQkISDSykOo5LXEoyBbgcl5Wq+626snbTqEQwngz +nJblU7YWRg3plFwechwUxDBt8TpfFpA8/JIXylGzDLMjotCyx4kEYkFx4ZrL3dnq +EhkA3wTJkd7XsK95uCLCfbrD4FnK9RXCNcBCA0xjhEDgsj9vbeVO1M5hjadQJ5LX +HwXRSsLTLOPcu22pwi3zQ6j8VJVmYO6HVf4ZGaQFhihVZCYHR1HHohQgCXwYKCgo +x4pDIOCggYPiFJ5cFDvmgDJ7ttjNrI4ShxS2yukB7cjjHmtq+MZQIIcDNYUoAEmt +8+Ky3K5k22r4g0RZpMAMYkvIrM3+39655Yykwfh6irV7jUNUi0cR+a52XTFtOBPE +Dhn+Sybwb1f5Gnte27bbVRiKxl6pNiSrS/SVh5RXSu8SrDlyl7q9TEFwWw805cYK +8mnqRZbWCYxrwJAOOLFcrv05b0+abFABE+AeWPNL7mANpkANOAAGWCbTiZJW65Of +twETGMQBxHRc5CNdc6YlpFvbfMk8ii3dRriRxGHwWfdu/dAEMJ4ShI/NTORxIzfM +e8RHjIMOR4pONH6reiqbmAJBZL/q5yNkpYjUQ/Xgm+zdx2tW7EL87ACJ8B5dVSic +6SRdtJxrEHqNrFqYghhy5Mu4OKpFgMFYcl0nGXCHwVXQ6AJfH5OhwquHxQCkBZzw +zQquXwQmEl+il1UlDsgAJQ/PioPPNQ6BkugnArnZbGuJlMs2XVZ125tvJAOiHIZt +1UuyQJSdt5uXHt1nP6iOXJZVkbDUJiTGWAHnmmJR9E2LOGfxV5UxPoOQYDyWdsqe +sGu3hx0kyd1OcXDEyiMObqpnIwNcydQMdR8Tl5o3tZqsMxiXI8f6UhbubBESmCHJ +EYjMyURqapvCNb9WYaYRLiTueo5LS2syNMSdWr+a8odzOqfpcyGIfryWzst3EieO +mQA0KVqy28I3N1uIQjASzLsH4JSy2XtCeD8H+CVu3dRtM3dgIjoSPySW87pXGAjW +XID6Ricclbs8kJLBw3VxO6MCWjgDzL9Fh39yMd2Ianhq9RPKJwZdbd4LtxOyUxAV +F35y5BYl83nGfEcOQJUqsmjt9jY298rJygMnfoXOCcuEazVcB9PoJHXJ0l22uRGu +RHqLtwwTu59e3vhHCUYiY8sVVFLa6My3XFZ6o3tj3y/b1RqsiLYR+kk4tyda+27x +stww1+3M/ZLDHxXjqbDKqEhxDrpI4asz0Qr2Rm6JnunByxU8V43bd23VBHt2FhkJ +ZLW2/wC4sAL68f6oH+S0W4uOCHRm2Sh0tt99tdwP7dgc/acCmVaaehBKEAoTAsSB +5qHVZTEQ5y4lJbnfCPpqx5ySbS1GlI3O2usPIt04pezeS+yPmUnCwyJP1SOZKuSI +weWfNZu74YK8UiJ2TnN5+o8FOlolviuNcjO4l8ID5ld5Fh5KUM5iWeGDxfriu+Ei +SzsTglz/AIpEcCD8CuotiNzbV0jOI6HD8VUf830Y6P8AOOaYrvdtrh9L8+i89u6T +VI2HE4xgDkCeK9bKDkE/BZ+72lVknlEEkYDrzUGx5O3cThEe5phIsxbE8F32O9nL +25EjVI6R/wAea0d92zbXPHQTIDj+ayL+221gxoJhqDPxbkCkhs6bjcNeRCbQJa6X +FgfV5kJfcbi+U7BWJRhMnQIgYBvqJ8FSzYam94SlLOYBxlLh0VWnPVEkyj9wyBI4 +HmqJFa4Vg6TiIghjiZE4+Cmrbe7d7hDVyJ0gv4JwbUTImTpcYx6nl4J2rbxBAzIy +SKWWX29QrgPTgB8URac9xHMCOjzZdLJQqrfhEYkpftXr28rpf+WUpfHBabC/P4M/ +2X+CXUNjM/paugZNO+XxSHby9BH9MpD5lOB+CyaywWhWcSMVMS/jx6q8Yv55qIwI +LcQkM61Sk4IJDZdFpbfuu7pGnW45SxSFcCcOWa7is+KE2tCWkzbp7yCwsg3MxQsq +Nf8AohX/ALLQT41Nadlln1yYf0jALhYAzAYDirkgZq7PCR4DJDyAts5YybhgAu24 +m0C4/wBEtscJzB5n4K+9Mpaa4fVYQPJSngfE67SLVajnYX8l1t9MTxPRViTFgA4i +GCJxEY9TmVXARQh6JjmCld5f7F2w3hPol/Zt5NMYH4hOwHpI6JDc0nd9msq++AeP +jA4LTbU1suhDcWo+sP5NLU3ULnMcfmlu17obnZQkT64gCXiEw5JYrE6lyFrInSWz +K4TqGLgEkJ6cH/mlrqzwQAjbtokNx5pOza0sRwjiAFo2RlwS0qSTiUSxpCMaw/pG +WQXWENIfiMUyKAODc1w3MhVWeD8PBA5M3ut5NRrj9UyIjzWlTR+m2NUeUMVlbeqz +ebyqLf24S1nyyXoO6R9vbiA5ALp2F+LfM4/2bTZV5ZMfs9ZNdr8LJfim4xaTLj+3 +4GVFzj1e5LV8U3bA63Ga59z2fdmlHhdiK4vJjkupqP1j6h80beI1Y5puMHYtln4K +UM51RGDYumIwBXID25t9ksvHku8Rx5ogA0kN80LppcdUJik6mWPi+CZj/i5JKMgZ +hO/+NvimhCW2DWWHmc0QPubmdv20jSD/ALj+SichWJN9UiwHVTWIwgK4lwMZdShD +GgSw+ZUWHBVgefFRKTnwTEXj8MEvsZRe+l30TkCOksQu0ZRd1m7Sftd43AP0WxhI +eWC12fb4Mt717MX20z2/uFu3P+OUnj4FbZAkARxxBWX3qmPuV3RwnxPgnu12e9UI +yzCjcr43a4PKOnbv50VuKwxgCQDHEcSuVkeia0GOBVJgHNRBRnzrcuMuir7GOKeF +cTwRGrHJEDEJ1EYxDiP8FYXc/r0cD5r1dtR0lYu52GuRm2JwdEAmcuw7PRCe4kMZ +ERgOgOKY7zjOEeDnzT23phRt4Qm0YxZzL058cUj3Rvd6xAYcGIfBdtV41S5Hn3t5 +Xb5vAn2SGiW5DYGwk+YCbthEyI4HkkeyXA7neQlgBPD4LSmMSTxXHue1u7Ommi7I +UrkIWdAtKtiBLgs7T/cY5HNO7eWBrJ9QyUIpnScBIGBGBGBVNvYZaoS+ussTzfIq +8rYwhO2eAEXc5MEp26MvbldMeu46iOnBPiLgaECMY/FC5xk0vBCYuJO31Pgy0IZD +WPT0OPlghCaBmd3Uy/7Ck7CMfb1R1CyUmf7nOl/kpi/6izS2hot49EISHw+Bgaui +qXfyQhMRBzGrLhyfqkbf/wBPDP2/V8cEIWmz7oz3PRjHcm9iOWvgq9o973BpAbji +hCr9j+n6ZX6ulvpG7Nm6rjJnxQhYnQB0fkrR0IQgEFmlg7Mk9zpYaWzDtmhCqnsi +L+r7Cf7m0f8AW7/l7Ib5MvLdl/7D9H/7I/8AVx/Tmb6wW+wf0/wEIXS/Za6HGvV6 +a/UDXadX/YblsnH4LYt6oQuS/tbudNdF2OA/y/7XDrsfr9OeDoQoXEZz7hq9qv3P +8Goa2zbg/RM1NpDZNghCa1B6Fyzx5cUIQmI//9mJAjcEEwECACECGwMCHgECF4AF +Ak6Di0wFCwkIBwMFFQoJCAsFFgIDAQAACgkQmoBOl9cHnHfMDw/+Kjnh7wA56+jw +pv/LOOPq53aTFTZpnodzGn9rXlZmi99k8FnGf5z0GAVIFDcNjpXdv4o6nmJ7+HmR +VePKYJvZcwaafqN0NShhsdob50ASg+MnHGwnlwXRv/aEhKGDmZmUs7V67jXUxctQ +9Ui2cRDBnbMaUD6KcMlM109yhZPH+jH7nY7bShZI6xdmFold7niSu09Ekz/on1Li +PijS9PlW7p13swkEoHrZhNByQd9nyz+u4X2L0vI25CVqRSTOkSJBvM+1m8SPYJLr +Vh50/YpeGNsbz70jlqDCgfO+/esuNSQIhLQKSihuQxmIJ3I9ax3gYZ3FSEvNfN4g +EVuXU1YNKhg+hylxlasiF8WJQeeBBtFq9BN6XrTTYpXRCV+rEMvkn2g+joKwWB0r +KpsPRTyBsUMVmw0/2+ajP+fLd4Zy767UkvQGhLD0NpOg66vzjqaWnMnE7+nnt2JF +xIg2BeRCZUX6oYlDlrTGyuq8cDiRxtYS3lw4R8IYMtnKIa1XmPDr4R7P9RUVYrwj +S8SWxZNITmkGASqbPdszg25dJ0fka6UD3CCJ0FBDt3mTsPDOCoc5OO9rD4/11HEt +5G12paGGoRI9yWiFWg8s54sccW2AtuIMCq8ahMzm3EhMGoxCsBjLwX/niPDKXJTG +/5Jlouo7s6DyoqldX2I4nXAUnzOqs46IRgQTEQIABgUCToOLsAAKCRDvQPwp6iiC +uwsZAJ93cTRlRS2NDDey5TkLZvcYJDrqEACgr+9kE6QpIcbNXy8229XL+lEmQ/2J +AhwEEAEKAAYFAk6Dqd8ACgkQN4uEVAIneWIibg//c9NnpjyGQid7GgBYNnRC3RAN +ezgEfSXby2CofU89o9efC2avxgOSPS5yRalAGcbiBh6U8ujeDVB1YSFq6cwRkbo2 ++RS206oAWLxyq/JmlzG6JuiOC/HF0s7VexLR8BqyXn6aHaE4iWEh9fveeRgFKPYL +TsVrbgCbZ8Kw8P3OTbz2/GrzqW5KaIkBrI4jLzm6Fx808Tvt+1TaGtmBkMCCrRil +VTrpS4AL18vSiPsWbV5EQwJ/c6xplVN1O/srSNFcmCVOHp0YmQlJj99E2ez/lpmJ +S/F072HkzJTJzYLTvl+3GQUThz8BCKPy3eUeIy1gqmRcYWmbQNwgi5Wo0pT+U7eK +qzVUgPdfAOYx60BHeM0L+756R8/Q1AgdFS59vZRlA0mP9uAORkgfHZk0SeiW6qzw +OJ8/G66oj+tbWrn3jXT22H6tvmwaVR4n/l0rr0k/PnVDaA85Yy79YRS1MwnSk+T6 +bBwvhUT55LlB03BaaHFYUMRfJgQDyEWYPGrG8v8+zPDlw7raiWY1Ni4tP2/6L4KM +DrBLxsV04hxBA/5ZSFJ7T7HDnDCK5RubiWeJrMGcsRPfUy9FTmYlt9UkaHImm2yT +FzHzocTaT/gk+bhjXM55A/tTy6vasbXduX2cFKI6LUDldS5kAiCN23fyHeAdjyaH +9s6UX2Rgzzm8Y2/MDs6JAhwEEAECAAYFAk6UU14ACgkQoLPLCdKzc1PoKA//Ur33 +kaG5Z8I5tpXVVfp6tdwYDJSqZT/I+ITKwJs97WMaWlvF79lzmk1p4E9x9lexA7s0 +c38wzLLIc9qhi2rKs9qxBb5iNqOS6xEPJT3H1dBjg7N8tfG3euB1wcdiydcTU3J4 +Ep20B9gA/EOs5nAPWy/fQtNQBdqlENxeKb7nEGLH8afhv1KI3iKXjTVTYBoKpQ7g ++VLo/Jvip3VHvJSL2vpq5uwL2hTz5Z3cFrA4iqX1b4bFymHV/EdseYUlVi4vkWWf +2tRt2yiu81KAcHODdrhndEmc2OqzLu4KS9I927G8EkD2RQ+89RyleNTag1e4otjb +wXJk/LmLh/2EAL6VReY3P9Xd0sioqdJl1sM03W4cNcOhu6XLMgly4x6/vvkU/eel +OA/NDKUV59j12O/lbDIeuZsDpfth+YjuK3nc8OrMlRMQn0GOaSRuNo6GX12+2/ci +pCIckx7XlieO6KYpVavN0ZAhG1OnmnncFVeAqITpQ+I5r9nobyBGl3Els4iB5H2J +B+S0KmDJ+DZWESbI6yTD4mynwNt0SoN2fTDzzHQ7cRshdW5jsBmRYwUXHsOYAE7M +K02zdVR+o3nwNB2C6uzWJiBg2COZ+FppdSsRhT6ofZQWGke2ZqVxcQO8JDSLVAkj +/5kOGiZqnP96YG/znmHr/HIgsv76A3Tjr4rDTfCIRgQQEQIABgUCT5jRlAAKCRBN +N3BbYcsLP5crAJ4qquCOgvBv/3+/GAbYdnHIuunf3ACbBWur4x5CrLa+9O+O1Hy9 +V4O94NeJAhwEEAECAAYFAlJ9AsAACgkQJP0xlACVwOGjVBAAm/RC4sm5Q3lxU7bj +S7ScNopuhDatkY4H75qRAgHgGHE+Y0Nn3tKW1a/fara+oFfcHEy2lGWtKOcMGj7m +yii7Y11B3MABrh5eNPFu8NcpklE6Ql/LYTbsIn1gl3cpDeVcaNR1EzGcPiN5WfFg +K28eyCRnfiljXCWJx6FFC92ZqudQTnMce5ru2DBZfEHxyA+5p0g/Bs75Zbh/pkGM +OLDabcjjvCe1C2otIjm9A8xEP7ofW2QqORuHFUBwSI4nqWE+8/790Nz9JH/0ereQ +kFWBfch0izp0xvno6LjO69GIEIIehJeJbsRRMa2xOXnluVavYZIcZhPNaIG+gICl +HK99cIjgeKtHxfWiwROTHg5z1ycy8n3S5C7uHHUNviEEL+r9GY4fw0GcI6KL3gZ9 +MEVjC74UXP/RD/JVMlQ8eoEeJBzoPqak5tj2D0WK4KC1c2rEllPFzC/+MdAcPL53 +pQBaKYIdfGUKgeHt7ShVlJPSDJI8659qh0Mm/XoWSHC+VIhmoidT/DDFB2jLFLu5 +CS2NgtZL9Cv04JbjBIAOL3dAuaoDrSG0MVeYVjDxsWoL5DzweVSFYNwMbyihrrwh +DK5zJn9m4Zo9HAI1nfuvASrVlrd6o01cp3xr6ZcRr6EOijmHKNdNq94rspM01M8N +cB7Cw8hgW5yI5QNBxN0YUw59yMmJARwEEwECAAYFAlN4h1gACgkQFOK0y5tgD5ES +PggAkfdoEiDA+KEO9+lyeYs7M6ljHYLCapL4lQHQo/LnAkjLJKTjGsNLdM8YAb4h +J/LYEx33aZQh1zcym8txqoKjxlN+MQ5aB1rruh2dNq5VwEnbzh+rFB9ZG41ZMV4t +RNsag/sP2j+PIE3PP2ZnT7D23ImQLz6YliglBheF759ZeaHm9M9kGJrgC730tvbP +Ty2/UmqM3soa8I2Hgdjv2x5twHBVyIIEHKevVQaqlJpZwNEdvOCfQO3MFTQKb4Wy +dPkkHW9SI9LEZW7odSJj9cTPmUFf7NgBF6O0+Qq9lglJCXQEtAxkm28noZKZDpxM +5XK/DWgGfMIlc9ZTY860B7wD2YkCHAQQAQgABgUCU3tfXgAKCRCv9gch+Gi1msUx +D/9vTxDHsyEzIwMXHI3PoKNhrK42gIdR5rdzBU8EwWKPdJx3fHwxFYC+FBxoLpEO +7T3osTgAPPIbyWyhNq2rgXPayPFWe0Cy9wPlCRXJO2w2SlKLDZoAqeykLhlPfDSc +oQzv0akXIvjNxRbkgyLgSoxGbzvCp8cXbBOWxH17MfDP9rIklu60OhyTHpek58x1 +LT5jha/Ne0klhorK0RzQg8575sBlk4m+A58RJrZMycjqHyrb2mFtSX1qSQhK+Aq2 +1Yj9vUNACna8Mu18yYhGlE4BPIsbI0D1Ank49XGSijJ1MsXKNEUclDSFpWD5Z7dy +MU64mSfZrbbhVkMHPLtwj1Cp2fUnxI06bn07O00BWgeyRCVc9DvJzgMikrOq7gAW +o5PvZT3DjnzZml2XB1vN2E1ZAU6gOKUducB3AFrelcJyTdVvQTG8lREXM2bCirTd +rK2lu9AwWN2axWVhAq+tKUHRxVTztbgs7sfseRg4loipW2fJaoj3/LDfiI+v9SiA +zSS01mUgeXz4yyE0YauEt/slYgoCSSG8URzqBpVHohxtjl7b5cL8X1OYwRpAjxsY +m0rN5MEGU2GguR/UL4yfu9QELwgvta/WquG5gRSTDBllbMCWOXCEZPSK0erxYxzN +UhuT/VrYmm7vGAOjVrd2wllrAYT62GGTTVgBk8gpgHPcnokCHAQTAQIABgUCU3yb +WgAKCRCyay9NBGPKMnV3D/0c48l7L5gKOAaopJgVTtx8UqeKOwXnMiLMx/r64tYo +MSFXwRYnCprnnOC33AHDc0SbihmIw7QTGIZNGZYPLTFHk8++p3pq1spLXUYveAF1 +C+ZJx0q1MEgX3fssoExNzBDh+zGi73jN/bUoIK3a/9HO1cg5jvZls6G91fFOFY9Y +rjyvH8JxdRgxCAZCvuUwqaUS+bus39DPkEw3Gigmw5k+smEIGzY/YujJx2fRtTvm ++2Be9PdgGK8J2pwQ8H1CqgK9QBd9T4pkT498lNqhAjyS3ZxQoCESKAF/mPGwsSTk +L4s1XhfkXwt/9Lr06JIZk33MAtlxyxCma9zpB/cECwIbBrmth8iGeDJS2YIbPx9d +TkyPqYRdeGb+gMFW9f+7HLvHk7IDLBRPQT/c1nJEiP8BtkBPpDWpB4KOh57JCRUI +WdAmntUo7ykrhn9Y+V5INoq8rCKydiGadZ3NuJFrw0va86fyW/u+Y9ohlO6wuuTR +fyCmFmMTMGNOji9M+Vto7LwLuVLUcW3f/0Y6Gkt4qozRmcfAjhhoRcL+YgmypLaw +tF7xQRwwPRUaMghQ3QIFUwDQitg6e7+Oh+oFkWt5kG5AxcNMLUzCagFnwqsbBnbc +WC/t+4mIg/NIEASBrxjl3r+NpYB37Afmbn6X08I9+hAb6wy2nZmFqh4HT9AFgubu +Y7kBDQROg4joAQgA6m/m5vrKAdsZEnvmanHPSpSizOYTFtxRDyQIlehxf7Za3LfB +1KcubsUM0lWr7x4q07uTPS00Vj18dt7Jf6ChSiQlD/aK8YSbaKcnwTgThhqv5owq +mZsUG3ZKKDvURbiX8MBaLTK84Xfna6Q72wexlJCWvFotI0W5gSRidpS1IGFSU4T+ +4pfRcbAyaNnwGYJtcKKsW5IU5xh1PJlBJUDQ7vbQJqMaDLMxEqB5biLS2Vya71f2 +KTr8P9S/xjTDIi0f/i64MnathH865AnXDambaPrO9yzd/2Z6tqwBNHYUdJu8MBd5 +o0UCBl56gOyr4kC8iOD/YiqtR0A0ZGatBKSGYwARAQABiQIlBBgBAgAPBQJOg4jo +AhsMBQkFo5qAAAoJEJqATpfXB5x3mXIP/iWIgUefg2J1LVlH7W4aAlNp4NYbhrUq +RsJY45MSlrt7/5yQz8+oOvah66b3GSQcV6tqlSCrKQTqsdhPfExIi9RTo5k2vly5 +LVlmIsPnJAYcJp35pXSfampfOwi4BSdvXotXRe6g8jeiFeZQ7ezDGa+t5+3n5Ycp +vlxTX05yRplEnpBb1Dd4T9Tf/boREGrdI0SwmuwSOHGQNUA2SyqGqrUt0EAhYvsL +tbWwqf6P9mV53OlRIik2u4/aaQ2fd85vMF5eBlCsORYrDXl3Vyy63PSUJODBpEFB +fXRtlwzCqcA7RjU1ha7c4cWkWE5CRehP34gkwiNOFk0quSraYdc0JRcxh89C24Cv +KNQ5JZE5THoCsLmPBhzxeKeof+AO4Bw2r2dzIlr4SfatsY3C1XErOcjkhqbaFAi2 +P1gGdDwyZsbHSMYkAj5XRdrbeUdGR8T/a6+AAdaRf6Sq1JfIwax2AycWIecvc+01 +SsqN+JkkCMAu/Bi4ud7QK17q5TJRzr7uXjOG33BKTq6+GqaF3QoorsWilwyv/odZ +6RdpMCfPAHQqj41E8qavicBHwdYbJxyUSkcMwIWHepm3l70DJj44wFTFwJh3mBI7 +sj/9HdPbZpB7UxHAUnqU2xs0YYSQvpMgviUesTatV60KTCDLuaJ6jY1TwqzJa1Qd +UgYpnWp/XRTfuQINBFcYpCoBEADRA2gnQdHSeC5HTK9EdmkEzXDYBg9M+k2ycnAK +vFakvrSC3CZ7Y93wcAhbwgZuHMqCcGfG0RhfBaDNEakqJVJFFABbMzd6cDwZr96A +hySS5qndyB1dtgcrkohYVn5dUB4eXcHisTeYRdYludvDz2toDVmUw5UWoIJmkhy8 +9YgZFyMJ9o8/b5h1W0XbtMILMCXW+XPm255hMox7HOMcs3rbQToj/cy6W1CqFcNL +AMh8p0fE+6UKZymllhU7VKI+/gSdcma6MxfdVM/yH7GAylvrGtkDKQLC/2LsOnFb +cXEui132iO4ioQwMsZB85KwdSuzPsDZkSJ88Mz/RAlsCCWfIaKldWRjF4zT8N78A +LH4Qj5r7+EPascwchh7lUuQU4Ex3J0JIDgQV68gVoELT9AdIdrlJecuEBb8wqvtP +jkVMxi78+TkLyAJR5xydAICk3IousfOBllVDy9K3/sSkEYszr4PIo52FlVK6WJKh +QIjQ7wrtzw1PHrxHrRw28TwnVV++P0J2hTBDYRsKbTNLzvqcO244C62XZOriXU+N +gTJrNM3zyYw7ZgrQJABsDN85UxVtzR9cP6K325KSvC4gIxZyzrTNb4cTu9dehg1M +nAhpuT3qKtxvlPq/9V1uDgamE8wgL/S0zAQmlOdJzy70zantXbSVn6AFBJyEZ0CU +BegOvQARAQABiQIlBBgBCAAPBQJXGKQqAhsMBQkHhh+AAAoJEJqATpfXB5x316sP +/02dK0IJtR9D0JOsvPfoUfbT2DtVYm7ws/0Lf0tAksq9DgI0x2T9ZJp66JWyZVLf +CzI1QsF/weGceDIgOCNTUYLFlp8dZGqmiwLwuWItEdxWpuJG08bxI3ziBIFYtqrV +cDfH76yEv3CSfvjY2boXdX/FwrghPyiMEXToqrIQfRm/Z7iDSRfz56WXjTKPj0em +wp6IRB8PE1rjXZKrZtXJfVaapoZ/DLW19kHwliCq9WrNrknBNr/aT5Izs9BxkMc0 +zh6KeDwmG6X5enpn/mfyszXHgKNKYfsZNQqcuaxdxP+CkcHsmajn02VFUxit/4FT +Vp8cnHgIjcqkJEtdjqvAMpnVoQkPae0R9SpiVsKKZzUw1gcnEG/G51XTkJznWR3h +X0x8F/fDaNDWdhrVWIjPWrHG0Oc3g8phIlKwKzzq4lDbKGrZGLBtXF598TToMVIO +9UdJdJ0B9la1NHMsjOe90EmEMgHioJG5OmjVH8FEb3u3S1MjgMjsURVmEQlf08QP +dYdCGbnBKMZZgTZDaTAwPFMU0NUQfjmQhSEjhOXs0HJWri3l7wYpOYUzCqNTc5Or +cxFY3abPMqi372QrU/VQ6AD3SuUiP3y7rRYQsJuChATDOdxtDnV9GrLN/3+QYlZE +lqPKPBRU6tb7FTIIxM+pd4/LD5x2ZDutShtZx3fhdOU6uQINBF5WlN4BEAC7vwwU +qq4MsUq1oitNiuq2i4C4pZSP1Kwt+zZloduc4yo4Gm8Yg5+4sx17v0rlyQDfm3Fo +OMTpHDHHK9cmXDhgsY2EjfjwK0wustDyQA8n/CruGATK2ZTnfvDqHXKQm/+KNCOp +dU4nGmcZtONkmSPbmGiyQoAZPhz0/+kONiISBSMoqTj2ljcout+qwRFkQvujtKZU +ruW04UG49BM3nRuLc+0R+FBExP7DawJpmq7N53K/dj/I3vHKz3TLTuzV+cFrTADp +y029s2zMr2vvDEFRkUrTrtzE6XoxXo6LVsjgb4dduAz1rKyOur3Z43lD8A84fj8l +OuVeDvtSd0L/jDYB9SDwpQT4G1cx393CpME9jyrZ5e12Y/S/uI8xuRUhUlyJSZh/ +8caXJ+HnPbXK3vBaCPaIgaFVVx0eX01n87nfXPg/zJPE56qx3opSgJgUvlVl0BXr +nOzzX8tbuhz5FBnpuiGfREgS+BZxkAxEE4m27nS9o9NwnrHLIxa2XDIo/dLlFigk +fh+n+9T1NI+qE7YIaTpMfYXNfGEfCbnEiXFdTxmPX+fO2k2Z2S1uakZ2DGNPuSHL +1a+1t4gvjFHEzlsZKYh/4Gdb9x6G5QWPstPz+mmpTj3PCk7+VxEbjAgr5xdOhQLJ +6zHCKacbVODIij3Ypeyy0LlI6TaC1nQE8JADMQARAQABiQRyBBgBCgAmFiEEXm1u +rhbD2nVFCyGcmoBOl9cHnHcFAl5WlN4CGwIFCQPCZwACQAkQmoBOl9cHnHfBdCAE +GQEKAB0WIQTHF1fRreo7hSxSdLKPkDytseWpNwUCXlaU3gAKCRCPkDytseWpN1uf +D/4smg/LkriRa4tuA7qXi/1g7/a2tFuoaP4QkeGdwvCMapluYr2yFKzxdm0wV/eK +4YmdcOphI6E45qY0IwmITzbLPqVu1gTLut7Jgvjrzq0opyPP9N3kUP0tvz+ymXSM +ZphqnoQHSOPwpGokpTN438p6bRkIfwtUIZaXWLHGlqxxUjORb4no1wz2aMAOVcjp ++bmvo97LXZ3oRO+iIIpVoF+lqmohLXdWcbWUvtRPJG9IdJrDXcz86gyW89MSlONJ +ddgUd6gkozv9Owt/gYelNMq8IofUq8/ez4L+TpFi3j/qnvc+btGBXoNX8o5rNzYU +uNJG7X8IifrzznLZrhRpFNptd+EA0K5Lj8iTMoqRcsNiE0aK9yNk9MtMAl+BSmr9 +YU05SktOptAXtgjwgE+JgoL7QUTADy1jos1LQq6MjL8lcG0HMvin+4Wzq3RQYsBx +V3ENHwD87J4nifqqZhhTwGndNVZwXW5YPSlEXFcXW8/o44sr8ikYdnvoMz0qf5B6 +eQhZT+iZ+ygzc8ry+p3wqYDO8TgIlpJSicxilQDx/w6GQnvMM9YmQu6U/MVAm3pk +l6uQhQx+gPNlujb5H4+2yQ06IyxungANiewNIBWsdS8BkovhlJ3yelfEh8vw+h7z +MJx63f3CIi8+brh0slGFb52gEnps6nGuPjeDiDZxPW7Jd7TEEACMKfLnWdPtQ0SY +i65TkQmMe6okrgz4/YC7PcpyCELyZDE+vLAJRrcP+d5Q3ESO16FHR7pHgdbFBmWd +apHe1ZJPBetzkdxTmZZwpylsxGCBnuVzywIZ2cijU77Qq6IuEpEMnwRQDT1skJ6p +kfHoSQeZjOxgeJTI+sR7wWgiAiM5DorcbTpBzaG/FeaePTwIOUhkjzgrMpW8Z+aL +bLaYJBYToDxpF68Y4K2Lyhw5qxwJP05L+oJFsuHNQ+BPk4BKw7pfxOkpLUGRD9Wi +jnQ/ZY+WErt3hTmKu+V30XQ21wbnjw+xml0+sXP3qCFl5eoMP1AMqcrRLpOL2I8K +/c7SiDbxEBWne8CaqT1kVa+mj74jJVXAOCQeeHaEwz3H4VZ3ZoTkX7U8NinzZ3jJ +YevXf0k/DC7jmzuZRZmTmUVHPEYvq86bExgzN/B1+v/458jJbOcGlKqKDem2CxtM +7PsIVqsrWTxvbIxRXT5GJ5sOHyaAqLrIUY7wJ5IH0f8oL3FDkAeEMtBXdk6lzkhF +YVAfSn2ku0C5Qcb0oUhR1TWJ+/9T5IxCUXqNPPTjZCU/yMpxqYXr8jxNFOslQHnD +3vDlzsQmjF/YYDAkfzIMIZSpyUG/BWZ4jswSdHhnJunQ1SzipTX1vs3fdb13u2I/ +1pOAXHJ5fX+k3jNTx+U+vIFo39po/LkCDQReVpUcARAAy8ir+PbyvWA0OetUQs2L +sIEIh08G1c+1oMXwtfpDUoFf1W+CFf6MSUBGk9n2XAANUHbEnF7otJMJbJoZIepK +WqDgn8DEkX8eeVKJvUNpcwFtwpWp6RZzRK+zX8A8NZdbZG4X7nM/cHm1+RnW6bJ/ +WJUI/Shi0+iYH3jkpHzfUUf6m30FI0Dnk58ohIkn0+N/MtbBIDCH2A0HWg2OXvi0 +rBH5B0pXiBf2G5x5weFHv6SxUYnf2gnLkWgV2LaI27ANO/exfHJnkPS70IVI9FlT +kvsrvTCArJwvZQwLlmCTtISHjuhwRlPakB+EOuG7hk38uOudFt1VgsmADc448Yd+ +GQXInMmicxT8/AcJCqvB27Ym5RQ6+pV0pQ4m5T00is0rM3LYNHzLDKOo/xvEBFzc +tmOHjGL/i43adPCkXcTWJBE9kQEK23ZRqtyQqOJCPfLa2PxMH2Y11+JWvDzTTfLy +BhldG3ywWXBKe3hWY5jpDqZuuQ4vr9ZHsEcPOnT9zx+Xd/LsoBBVFf4U6RaHlyUH +Mzb5xwq8Bcx91jOJeIrkQDkj++hZaB1CWGRuV7gVXqiHkJBWfh8vXJZVAziXZGOd +7vC4/KzT3X684dku+N+jvLX3EQ4qmz3DX506cfLHqUCPpY1/CT02hYFub+0mID8d +bn4f3ixMcd3AlWrg7iSZ+GEAEQEAAYkCPAQYAQoAJhYhBF5tbq4Ww9p1RQshnJqA +TpfXB5x3BQJeVpUcAhsMBQkJZgGAAAoJEJqATpfXB5x3XOYP/R7bybYqizDw2l8t +vcYaMS0TO7qhRXScLSCBs9RSsWaMDFEDW6zR6VxrAOJtr6WOr+cXEAsQT6RMPoG4 +5xUazaJWKqbqKgM+eiygi+qv9+MHFAJp2BYvR4Z/tYo3BDWPLfQ7LHUFqMfWuz6/ +Il4WtianSiiAeX7d4G6LGYjYdRgyeyq8jb1lNyM7imHbFEldYpxhEqmpJJ6hTZL1 +PiHxo0izEPPeclPQsqxdJITxzRvV0KUAiDHrECodMhp7YPyqvgxhAAEmYWgdnMPK +nJiTP9I4TVYS3VTLhu1QP4XdDJqSRvIvRXvisxp2KH1pqKMzcCK5PjWWn8ZlDF+6 +Vhool4s4TMNCqHoySMpnvo6np+oZzCg7q1u2uYrNkeE7q+Y/jHzfsc76nThEEiL+ +Jc6MgWTesLyrgHcNBZxS/Fqu1dkLajdw1+5sOGSJ0AZcFvVwQNKKqMA147CAKdFy +jNtV5w/rnnbHUxX9wAImdYgxdOCsj1k9r8rLTJrGuBNBuzTbrgpyuh67noVOP9jq +DEVSnywO6nX7U/dBoTajjksZ5MW+vPcOKLaVP8cWwZsF+wQp++lY9kNunpbKCVTZ +8JFaltGPlADYI5uBh9H1c2bnJ2KIJd8JHSm8M5TQ+fauyjCWm9Nbtw+7HSpyU+vO +Y5TOjSYpNFq8k/b5t2hVcRI6OcPe +=Eh7Q +-----END PGP PUBLIC KEY BLOCK----- + +OBS security:shibboleth RPM repository key + +pub dsa1024 2008-06-30 [SC] [expires: 2021-04-07] + 6519B5DB7C1C8340A954ED0073C937457D0A1B3D +uid security:shibboleth OBS Project + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.5 (GNU/Linux) + +mQGiBEholYgRBACW/kTYZi5mAEMP8j1qui2bRnWmYblFbiZvb5JMJYUWL/jyMjHj +LLJvVrnOre/AxexH9KmaJwBuNoa/X9l/tQGIb49QRhR346QQUbQcwlYpckg5ccqN +qlAURHEdjCxRxMhzPs+C/F6Nqa/fHpAectW0JNRqAVVd9CWjCG3l6I2CywCgk9UI +SUAvaB5bVMxEVrFAKrVh4MUEAISeUwOaTIZftIamjo0VrnYemHS4SmGqMALEtHeG +/o7ecMhLb/MvreEVISrE1hbfmnObYoiVXWJrorOEZDh1hOVdGRkHJOYHvQSRp9uC +/uy4Mmog4R7ba5Ct5wpw0RCav2HMqwOJEyCX6jnip5P5LMmaFdGg/RQZM/e9mbyF +VeL0A/0WK//+VWrQya1rQIG+v4IZ+rWvrkqXKtrzELkWd/3vWNMXi4BfeBM/itLQ +yYOdhnx55FHxBzv+dK+UErrdTM8Ingljy7oztV/G6+K15CcGvEy9ITb62v2bDdS2 +uYWEFOQJK+I6aU4paNysvtKsOlTt9FhyfJJW9G3kJDUBPM9HbLRIc2VjdXJpdHk6 +c2hpYmJvbGV0aCBPQlMgUHJvamVjdCA8c2VjdXJpdHk6c2hpYmJvbGV0aEBidWls +ZC5vcGVuc3VzZS5vcmc+iGYEExECACYFAlxPWy4CGwMFCRgFdaYGCwkIBwMCBBUC +CAMEFgIDAQIeAQIXgAAKCRBzyTdFfQobPTnPAJ9GIje/01bOgXnoE8nr64WpM/tG +CQCfZNUmLRrK292z7hyP2lr1WdvVFpuIRgQTEQIABgUCSGiViAAKCRA7MBG3a51l +Iy3vAKCUPurlZup+vzQtpij3FMo0JAVW9ACgjdkt/hWt0WsjfHb+/cPwXtgx9X8= +=IAAZ +-----END PGP PUBLIC KEY BLOCK----- + + +pub rsa4096 2021-02-25 [SC] + B5B5DD332142AD657E8D87AC7D27E610B8A3DC52 +uid [ultimate] Philip David Smart +uid [ultimate] [jpeg image of size 9378] +sub rsa4096 2021-02-25 [E] + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGA3eNkBEADXiVQf1XEUSM9gB+eMAPj4zdjtd2tflJTNI5Q6sEB2ly2rbOyg +Yo49DF6wytQSRABAJvRY36hHkK77mbRN5Usf8Rq09aGUEv0nvKO+JVT/P4w3tFva +MmKWiYX775/yDE7B1vu4eb1RQCjrXaye91EpHES74VR8Kb0TVeNEQXGR5/h77Gcg +obRog+CqxT9L33Fcs4d2C+8BLo4dOaAr29rmEGWRE576NM6wGvtzHdazipM9LvtS +POGRid4HLYuWvW5WCyAfGbkOq8xreYBtB9gGSZ8iarmcYmN50/gz3Ux3sJA/xy7Y +vMAYWtA8Rp5hFb39uoaEwHWz8IlnAbA11OfrEkt65dMJwQAX4w89aag/LqI2lrgG +VEoDWCvkKOlsbJalZr/SgG+m1k/4gqfYYkM09PI7IRn0Cb8uLDdXpeBZd2SJXi9E +gdDxsrKoi0IMUYQNv8stNa/5lTK7LJkqovpdL+1aHCYRex53Ln+y8RycNbxSGl5O +CKtFGb9ydfMnbOVX4BJ1x83OOktIkbLpVeZIsaTmUEDQ9itWmXqQ/QoIgBVFRqh8 +bhaCs7y9UPF+WtnpRY7jm3/cSL6oUXax2tT5VoU3LLxTQf90ZdWrAyWEF8auBZAP +FRXAD2HkS4rIWCuKi/GSH0v6ILu9KREFfViy9fZXFpvwvbz199CPlCkgLQARAQAB +tCxQaGlsaXAgRGF2aWQgU21hcnQgPHBoaWxpcC5zbWFydEBqaXNjLmFjLnVrPokC +TQQTAQgAOBYhBLW13TMhQq1lfo2HrH0n5hC4o9xSBQJgN3jZAhsDBQsJCAcCBhUK +CQgLAgQWAgMBAh4BAheAAAoJEH0n5hC4o9xSz4EP9Arv6WSxxkBEVzGj2XRbXAOP +U0G5KFJ1sviO9ZGotBnivHH4HWcusDqoyDvjwIYp9jycgtwGw4TuF917QPTfFwhb +TYma22+wSZ6Sn+OcZr+dSjLg5Ki+6I2BZaS+m2MYcPehCl1ILbtcs83p7AZf2JU1 +IgejhJMsMg93G88ZkSOO0tOAuvBbrO+f/de5AtSIk9ense1OUz9dbjI7JK6idB0a +1yoo5FjOuyRw11qEa7nP787jcdnh6gkcfRGK9CcYOWXXcfQSRYFx0Wz6qi76bonk +fYioCGv7LOPvsRnrjyWnM0tukS2RrDSbOfEby6ma4ZsPAhxtOrwWYOYfmjpspNbh +yPHL/qw0Bb+t+X+mBayRO3MJ1R4l5lU3cjXF/oSCxinkL4TfX5bJ+SuPmPb6cOO4 +eHBHCwTad0jy9CEQAFIwtQP1+5QpcAUQPEhHlztPPHe5hP3X8M0x0ILTEDrh29E0 +C0CP0aG9xTONBK1JnmWT7NSXDzk+BLokdbDbZs909+fJddlzPq72u0ubRUOgKNki +eo5Vbg5aOsaCkC0QJOzabO7xbnlOlXlg8XkGnfO8mIZ6Q0M5oEyGSpBakYi0rfQo +zjzKwflCvRTKEl8spTkPH45Dm7LZ+o5xWSN4P2NVTh46unfCyKxuSi1Prl2tQ6OG ++ke+A9zfGa0iHsXtT8aJAjMEEwEIAB0WIQSHQCCMDpP+yA7r+RO3fFLuwhdx3QUC +YDeIGgAKCRC3fFLuwhdx3Q0JEACRK35MbZe3mD7uKWb8pXwTxHfngDDA4TgpVLXA +Oqvmh+ISYN1RVJUdAdws/PsTS9NgWCD3YbN57G0jtCT3Q0kCAtvXNPLPgmKxk0au +Y2K1xaJs9iDjXysbWLIOgKdw2hs8FrD2YvYCQfm/jTQeG4TEqVJTvxcyLKVGBwud +Hg6coVsqz0iazwXiPBE1mLlxXi9mk2wv5a3SySPYbGGF37cXEvX1ZRYG721bSaXW +EUlZDzd2s2iv0FyM7aXjGeI77x7Ri9vG+KcCFdfoBrYjo5tQ0nm/0mWQr+uakDKr +T4JUmFnzDCzIZcMqeSRcGRgJ8aCN55TctKcjWUMwXSI4PIUu9XjeHgTmIZVFZzSo +OZGSxiPUuZ8HSjwb1g5RtOejLX0Sd5FCuzDUtNQmS1BIe3ZpW0D3iWtVGr6FWETc ++Ks2Dwa8T2ZbaOFfsJauqm8l1zJYcV8d45V1ASLnyqaMJdYlctlu+6rwgCgIx9LV +pKhnvVWEdxEVmyt5UMSZwXfNF3LXW6PFrE9GSSUWcpGwF/X3XuGLpNc8a/lF6RHA +pbRuy5RN1v10feOqfpd8sFbvxQLuN3Xfo+HFjtjqF74BxASJm+2UePPeanIifRvQ +Hd8NCGycYaNkdlkBQH3BLaTAD6pf25Hd2Iah3iRvY4gCPE0MoUhUERgXlfwd1L0H +LpLd+dH/AAAkuP8AACSzARAAAQEAAAAAAAAAAAAAAAD/2P/gABBKRklGAAEBAABI +AEgAAP/hB+ZFeGlmAABNTQAqAAAACAAMAQ8AAgAAAAYAAACeARAAAgAAAAkAAACk +ARIAAwAAAAEAAQAAARoABQAAAAEAAACuARsABQAAAAEAAAC2ASgAAwAAAAEAAgAA +ATEAAgAAAAUAAAC+ATIAAgAAABQAAADEAUIABAAAAAEAAAIAAUMABAAAAAEAAAIA +h2kABAAAAAEAAADYiCUABAAAAAEAAAbkAAAAAEFwcGxlAGlQaG9uZSA3AAAAAABI +AAAAAQAAAEgAAAABMTEuNAAAMjAxODowNzoxNiAxMDowNzozOAAAH4KaAAUAAAAB +AAACUoKdAAUAAAABAAACWogiAAMAAAABAAIAAIgnAAMAAAABADIAAJAAAAcAAAAE +MDIyMZADAAIAAAAUAAACYpAEAAIAAAAUAAACdpEBAAcAAAAEAQIDAJIBAAoAAAAB +AAACipICAAUAAAABAAACkpIDAAoAAAABAAACmpIEAAoAAAABAAACopIHAAMAAAAB +AAUAAJIJAAMAAAABABAAAJIKAAUAAAABAAACqpIUAAMAAAAEAAACspJ8AAcAAAPi +AAACupKRAAIAAAAENzEwAJKSAAIAAAAENzEwAKAAAAcAAAAEMDEwMKACAAQAAAAB +AAAAlqADAAQAAAABAAAA6qIXAAMAAAABAAIAAKMBAAcAAAABAQAAAKQCAAMAAAAB +AAAAAKQDAAMAAAABAAAAAKQFAAMAAAABABwAAKQGAAMAAAABAAAAAKQyAAUAAAAE +AAAGnKQzAAIAAAAGAAAGvKQ0AAIAAAAiAAAGwgAAAAAAAAABAAAAEQAAAAkAAAAF +MjAxODowNzoxNiAxMDowNzozOAAyMDE4OjA3OjE2IDEwOjA3OjM4AAAACnQAAAKT +AAAIbwAABPkAACjiAAAPwQAAAAAAAAABAAABjwAAAGQF1wYOA78DwUFwcGxlIGlP +UwAAAU1NABMAAQAJAAAAAQAAAAkAAgAHAAACLgAAAPgAAwAHAAAAaAAAAyYABAAJ +AAAAAQAAAAEABQAJAAAAAQAAAOgABgAJAAAAAQAAAPEABwAJAAAAAQAAAAEACAAK +AAAAAwAAA44ADAAKAAAAAgAAA6YADQAJAAAAAQAAACgADgAJAAAAAQAAAAQADwAJ +AAAAAQAAAAIAEAAJAAAAAQAAAAEAEQACAAAAJQAAA7YAFAAJAAAAAQAAAAUAFwAJ +AAAAAQAAAAAAGQAJAAAAAQAAAAAAGgACAAAABgAAA9wAHwAJAAAAAQAAAAAAAAAA +YnBsaXN0MDBPEQIARwJMAlECVQJSAksCQwI7AiwCGgJzAc4AkACIAIgAfwBLAlIC +VgJWAk4CRgI+AjECIALKAY8AfwB5AIAAgQCAAE4CVwJaAlYCTgJEAjgCJQIPAjMB +cAB3AIwAigCWAI8ATAJWAlcCUAJGAjoCKwISAuMBogBlAJIAiQCOAI0AkgBKAlIC +UAJHAjoCKgIWAvQBagF4AHQAkQCFAIUAjACLAEkCSgL2AfoAvADiAI4BiQGxAHEA +awCDAHkAegB+AIEARQKBAU0A0ACxAOEA4gC9AK4AmQCJAGMAaAB5AHUAbgBBAgQB +eQAYAbQAxwDVALkApADdAMkAkACDAHwAagBlADsC9gByACIBBAG9AKwAmACGALsA +0ACvAF4AZgBvAHgAMQIJAVAA7wCLAKsAvwCdAG0AeQBfAGQAbwB8AHQAdQAmAuYB +twB1AHYArgDcAAwBxgBiAGEAagBxAHcAbwBwAB0CGgL/AbQBowGdAYcBeAExAXMA +bQB2AHUAdABrAGcAGAIZAg0C+QHoAdoBxQGoAXIBrQBfAHYAcwByAGoAaAAVAhkC +FAIJAvwB6AHNAbABjwEWAWYAZgB5AGoAcwBmABMCEwIPAgQC+AHlAcoBswGbAX4B +zQBhAHIAaQBrAGEAEAINAgkC/wH0AeIByQGzAaABjAF8AVMBAwHgAHAAcgAACAAA +AAAAAAIBAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAIMYnBsaXN0MDDUAQIDBAUGBwhV +ZmxhZ3NVdmFsdWVZdGltZXNjYWxlVWVwb2NoEAETAAAFOs53irESO5rKABAACBEX +HSctLzg9AAAAAAAAAQEAAAAAAAAACQAAAAAAAAAAAAAAAAAAAD///8bBAAocvP// +tgwAAEoR///7/QAK1g8AAAA7AAABAAAAAGUAAAEANDJEQ0FBN0QtMDE1NC00QTU5 +LUI2NjUtN0E2QUI2QUZDODhEAABxODI1cwAAP9XfAA//tQA/1d8AD/+1AAAACQAA +AAUAAAAJAAAABUFwcGxlAGlQaG9uZSA3IGJhY2sgY2FtZXJhIDMuOTltbSBmLzEu +OAAADQABAAIAAAACTgAAAAACAAUAAAADAAAHhgADAAIAAAACVwAAAAAEAAUAAAAD +AAAHngAFAAEAAAABAAAAAAAGAAUAAAABAAAHtgAMAAIAAAACSwAAAAANAAUAAAAB +AAAHvgAQAAIAAAACVAAAAAARAAUAAAABAAAHxgAXAAIAAAACVAAAAAAYAAUAAAAB +AAAHzgAfAAUAAAABAAAH1gAAAAAAAAAzAAAAAQAAACAAAAABAAAOUAAAAGQAAAAD +AAAAAQAAAAsAAAABAAAVgwAAAGQAAFm9AAAA2QAAAK0AAASeAADdhQAAAVgAAN2F +AAABWAAAAAgAAAAB/+ENV2h0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8APD94 +cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQi +Pz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0i +WE1QIENvcmUgNi4wLjAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cu +dzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0 +aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20v +eGFwLzEuMC8iIHhtbG5zOm13Zy1ycz0iaHR0cDovL3d3dy5tZXRhZGF0YXdvcmtp +bmdncm91cC5jb20vc2NoZW1hcy9yZWdpb25zLyIgeG1sbnM6c3RBcmVhPSJodHRw +Oi8vbnMuYWRvYmUuY29tL3htcC9zVHlwZS9BcmVhIyIgeG1sbnM6YXBwbGUtZmk9 +Imh0dHA6Ly9ucy5hcHBsZS5jb20vZmFjZWluZm8vMS4wLyIgeG1sbnM6c3REaW09 +Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9EaW1lbnNpb25zIyIg +eG1sbnM6cGhvdG9zaG9wPSJodHRwOi8vbnMuYWRvYmUuY29tL3Bob3Rvc2hvcC8x +LjAvIiB4bXA6Q3JlYXRlRGF0ZT0iMjAxOC0wNy0xNlQxMDowNzozOC43MTAiIHht +cDpDcmVhdG9yVG9vbD0iMTEuNCIgeG1wOk1vZGlmeURhdGU9IjIwMTgtMDctMTZU +MTA6MDc6MzgiIHBob3Rvc2hvcDpEYXRlQ3JlYXRlZD0iMjAxOC0wNy0xNlQxMDow +NzozOC43MTAiPiA8bXdnLXJzOlJlZ2lvbnMgcmRmOnBhcnNlVHlwZT0iUmVzb3Vy +Y2UiPiA8bXdnLXJzOlJlZ2lvbkxpc3Q+IDxyZGY6U2VxPiA8cmRmOmxpPiA8cmRm +OkRlc2NyaXB0aW9uIG13Zy1yczpUeXBlPSJGYWNlIj4gPG13Zy1yczpBcmVhIHN0 +QXJlYTp5PSIwLjUxMjk5OTk5OTk5OTk5OTkiIHN0QXJlYTp3PSIwLjIzNzk5OTk5 +OTk5OTk5OTk5IiBzdEFyZWE6eD0iMC4zNzEiIHN0QXJlYTpoPSIwLjMxNzk5OTk5 +OTk5OTk5OTk1IiBzdEFyZWE6dW5pdD0ibm9ybWFsaXplZCIvPiA8bXdnLXJzOkV4 +dGVuc2lvbnMgYXBwbGUtZmk6QW5nbGVJbmZvWWF3PSIwIiBhcHBsZS1maTpBbmds +ZUluZm9Sb2xsPSIyNzAiIGFwcGxlLWZpOkNvbmZpZGVuY2VMZXZlbD0iMTAwMCIg +YXBwbGUtZmk6VGltZXN0YW1wPSIxMzc5OTk5MjE0NTAiIGFwcGxlLWZpOkZhY2VJ +RD0iOSIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6bGk+IDwvcmRmOlNlcT4g +PC9td2ctcnM6UmVnaW9uTGlzdD4gPG13Zy1yczpBcHBsaWVkVG9EaW1lbnNpb25z +IHN0RGltOmg9IjMwMjQiIHN0RGltOnc9IjQwMzIiIHN0RGltOnVuaXQ9InBpeGVs +Ii8+IDwvbXdnLXJzOlJlZ2lvbnM+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpS +REY+IDwveDp4bXBtZXRhPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +IDw/eHBhY2tldCBlbmQ9InciPz4A/+0AeFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAA +AAA/HAFaAAMbJUccAgAAAgACHAI/AAYxMDA3MzgcAj4ACDIwMTgwNzE2HAI3AAgy +MDE4MDcxNhwCPAAGMTAwNzM4ADhCSU0EJQAAAAAAEDhosdEEN5jDgBMX/jOR6uL/ +4gJASUNDX1BST0ZJTEUAAQEAAAIwQURCRQIQAABtbnRyUkdCIFhZWiAH0AAIAAsA +EwAzADthY3NwQVBQTAAAAABub25lAAAAAAAAAAAAAAAAAAAAAAAA9tYAAQAAAADT +LUFEQkUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAApjcHJ0AAAA/AAAADJkZXNjAAABMAAAAGt3dHB0AAABnAAAABRia3B0AAAB +sAAAABRyVFJDAAABxAAAAA5nVFJDAAAB1AAAAA5iVFJDAAAB5AAAAA5yWFlaAAAB +9AAAABRnWFlaAAACCAAAABRiWFlaAAACHAAAABR0ZXh0AAAAAENvcHlyaWdodCAy +MDAwIEFkb2JlIFN5c3RlbXMgSW5jb3Jwb3JhdGVkAAAAZGVzYwAAAAAAAAARQWRv +YmUgUkdCICgxOTk4KQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWFla +IAAAAAAAAPNRAAEAAAABFsxYWVogAAAAAAAAAAAAAAAAAAAAAGN1cnYAAAAAAAAA +AQIzAABjdXJ2AAAAAAAAAAECMwAAY3VydgAAAAAAAAABAjMAAFhZWiAAAAAAAACc +GAAAT6UAAAT8WFlaIAAAAAAAADSNAACgLAAAD5VYWVogAAAAAAAAJjEAABAvAAC+ +nP/AABEIAOoAlgMBIgACEQEDEQH/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUG +BwgJCgv/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGR +oQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZX +WFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0 +tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8/T19vf4+fr/xAAf +AQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv/xAC1EQACAQIEBAMEBwUEBAAB +AncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZ +GiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SF +hoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY +2dri4+Tl5ufo6ery8/T19vf4+fr/2wBDABgYGBgYGCkYGCk6KSkpOk46Ojo6TmNO +Tk5OTmN3Y2NjY2Njd3d3d3d3d3ePj4+Pj4+np6enp7u7u7u7u7u7u7v/2wBDAR0f +HzAsMFIsLFLEhW2FxMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE +xMTExMTExMTExMTExMT/3QAEAAr/2gAMAwEAAhEDEQA/AOiooorIsKWkpCeKAGSt +sXd7gfnxT9wqi8iS25EhxvB4rBTVZSoB7Dcfc+1OwHWFgOppEkSTlCDiufTVmlh2 +qm6U/ePRf8+1VLG4Ed7tfKq2QQTjB7fhRYLnS3cxgt3kHUf1OKZZ3X2qJXA+v/1q +r6oQdPkwecA/kar2d0FgDHaoAwq5xnFAG5nFZ0uoJHP9nAJY7cY/2j/SoG1SPB4z +jrgg/p1rnPOK3ImB4DA59s/4UJCO79qRTuUN61Ue6jEYlB4HWnCeOJUjY84GPekM +t0UwNlQTTgQRkd6AFooooAKKKKAP/9DoqKSjNZGg2Rwi5Nc9PfSNumU/KDtUfpml +1e43MIkPQfzrJnYIn2fqUb/P86aQmxUb92ZZSSOijPXsapFuc0Fj07U0+tWSA+Xk +U8nNRZ7GnAdqBEvnSsuwu2PTJx+VOE8mzys8Diq3qKePWgY7dTs5ph9aTPFAEyzO +FxkkccH26VZ+1O8quxyRWeOuacDzSsB2KXQOU9CfyqS0nEm1QehK/lXLQyupJzkd +639JBbLntuP5n/6xqWijcooopAFFFFAH/9HoapidRvLnGDVusfUYiFMy9+DWJoYu +oPmdZBwSM/nVAsScnrUs8hkbmq+01oiBevSjZ3pMEc07LUwGEUmakwTQUNADCc0A +4p2w04RMe1AWGGm1Y8lvSk8lvSlcLEGaUU8xkdaZimBNGecnvXWaRg25I45x+Vce +DitXTLsQzjeflKkH+Y/LmkxnZUUxHV1DqQQehHSn1AwooopiP//S3jVO8YJbuxPA +Gatk4Ga5XULh3meINlRxjGKyRbMtmyc4oVSacFycDkmtWC3CjJ61TdhJXKKWzvVp +LH1rRVQKlAqHI0USitkgqX7InpV0UtK5XKiotpGOoqYW6DnFSjNO5pXCxX8lB2ph +gUnpVqmmi4WKL2ikVmz2bLytb9RuoNUpCcTkyCDg0A4Nat3bj7y1ksDWidzJqx1u +j3UZhFsT869B6itzNefQSmOZJR/CQa9AU5AJpMEOooopDP/T07y4FtAZcZI6fWuP +dzI7St1Y5re1iXEaxf3jn8q54dKziUyzbJltxraUcVnWijFaYFTI0iOGKcKQU7mp +LHUozSDNOH1pDDBpcGjJ9aTn1oELzTTS5NJkUDG0hpcikNMCvMgZeawJ49rmukYZ +FYd2MtmriZTRRQkHI4IrudPnNxao56gYOfWuGrqNDlJjeInODkD2q2Zo36KSioKP +/9SvrBzOg7bTWQK1tW/16/7tZI5NQtima1qMLmrwqtCuxAKnFZs1Q/JpwLUwVJSK +FBNPGaaBUlIYmT7UmTS0oHFADcmkzT8UhoAj4opTSUwEPIrFvE2tn1raNUL1A0Rb ++7zVRIktDCPBrX0YlbwYxjBz+OKyWHetHSz/AKZH+NaMxO0oooqCj//Vj1iLBWX8 +Kx4hmRa6HWFzbK391h+vFYNoN0wHpk1mti+psLTiwXrUMkgjHvVPzmJyetTYu5oe +aAMmlW4TOMis8tI/bbR5PfNOwcxspIrdKlHNZEash4NaUb8UmikybFOxgUwHNOJw +KQyCWdY+pqobxT14qWVQ55qm8cQqkiW2W1mVuhzTvMHes3hfuP8AnRuk+o9qLBzG +qDkVE43KR61WjkPSrWcrmkFznW4JHpVnT2C3cZPTd/Sq8/ErD3q7paB71R6ZP5Vo +ZHaCikHAxRUDP//WvX677SQe1c5YjMpPtXQ33MHtmsKxUiRs9h/WslsWWJF3Mc1C +Qd2xOtXSO9Un3FiE4oKsSCOMffOT7mlMURHyj8RVK4i2BSOc96jhBaRFTIzgH696 +dg5i6GaM4PIq1HJnpUBUo2yTketOVCh46UhmtEcimyNio4mwKbIc1JRWkc9BUACk +/NzVhlA5PWqskTNG7dwOBVCJw8Q4OKUxqRuT9KxwAVK45znPt6VoLC8aI6HDY5FO +xKlcsqu7rUyjAxTYjkc1NipKsYN7GUmJ9eafp8rRXSuoycEfnU+pJ91/wqOxjIzJ +7Yq76GdtTrLa4FwDxgr1qziszTRw5rUqRtan/9e9eLvt2H0rJtkKNIT64ram5ib6 +Vlxng/WsjVDyM1CyYOanoIqS7FZgGGGGRSIsaHKKAfWrGwGl2U7hYh/Cg8mpiNoq +MCgCZRxQRmnL0o70iiLJHFMzjtU2Oaf5YPIoFYqiNOoRc+uKkxmpdgpwUdqdxWGq +uKfTgKaeKQ7FO+TdA3qORTbVQIlX0Aqa5P7lvcYp0a7EVT2FV0JS1NCwXarfWtHN +VLUfuzj1q1QTLc//0NOT/Vt9DWSh5YVrONykeorIzhh+RrE1RNS0wGn5pFoUUtNo +zQUI3NNpWoAzQIkU0d6eiDvQwFAxCO9LzimqcHBqQjigENpRTRmlzQMdTGNLmmMa +CWQTDdtT1OfyqQfM2f4RQF3E56YxUyrn5VH0piRo2oxD9SasU1F2IE9BTqZmz//R +1DWZcR4ff2NaRqMgHg1kaXM4Gn1H0JFPFItDqVeTSCpF4pFEchAIqt5rrJjGV9as +Pg9arbcHimiWWRNUcskpH7rGfU0BMcmpAny57UwuJGzEYbrVsdKrrhelTKwNSxoC +KaalqI0DCmGnUw0CHoDjgGr9vCyne/HoKLT/AFI+pq1VEOXQdRSUUEn/0tJqZT2p +lZFlCUYkIpoqW4GGDevFRA0mWiQUrNjpTQeM1C0uzk0WHcUkmnADqaqG4ycKDSCY +5+ZTTsCNA/N0NLlVXaTWd5vOVBp6yP12mixVi8CKOnSqO6U9hTw82cKKLCaNBW7U +NVZGbPPWrDHIFJoVxpptLTcEnA70DNS3GIV/OrNRKNoCjtxTxTMh1LSUUAf/09Jq +jqQ1GayLIpV3oR36iqIPatGqMq7HyOhoGmKh7GmMgLc0q+tLnmkURlVPWkCDsakI +Jppiz0zQUmOC49Kdg+oqDyW9TxTlhf8AvGmPnJAmepp4AXgU1YWB61KAF+tITkNK +85p7HikNITxigkQniprZN0m89F/nVbknFSQ30MTtBINuzq3amkJs16cKYpDAMOQa +eKCR1FJS0Af/1NI1EakNRVkWFRSKHG01JTTTAoj5TtPUUuQTUbMJHfH8JxUe4jg0 +rDuWgeKdmqwYVKrDpSsO5NQDTd3FAIHBoGS54puabuBpNwosFx9MY8VEZMnApQp6 +07E3JkHc1i3P+vc+px+lbqjjNYdyMyTc45B/QVUQlsWNMunW4CuxKvwQfXsa6oVy +ljGmHyQST07j0I+hrp0JKgt17/WiRKJaWmZpc1Iz/9W+aYadTDWRYlQTsVjJXGe2 +amNVLsAxnPpTQmZ1mcB1PXNWXHeqNn9960W6U3uNbFcr6UodhS0096AHiQ0vmH0q +KlFAD97dBSgM3WhasKBQAiqAOKlC5OKYetTp0qRoU8DFYdznzGK8ZrZbvWNcf6w0 +IbJNPYLMobkHgj1rpIiQWjY5ZeD9fWsZQBaIR7VoWx/efVR/WtJbGa3L9LSUVkUf +/9mJAk4EEwEIADgWIQS1td0zIUKtZX6Nh6x9J+YQuKPcUgUCYDeB8QIbAwULCQgH +AgYVCgkICwIEFgIDAQIeAQIXgAAKCRB9J+YQuKPcUpvwEADNVUOrpVRqbbKLDSWA +fh4oMSDGYl7SJ7XXaNaCdh87nIBxhdlSXpruZtjcSq3JDUHZTuQL2Ig93BrMdRgn +FAqq1SZ6VUs59MdrwFHeSLuQDulS7ln8+pS8y2BZke5XtXhFVfT1qYhaOSZoQsRZ +Zs2yfy14Nq5vm4BsGIPT2luM3iUe9tQRNGGMwHYosoodKGEKptayKaefq8xy9+FH +mozVPJK3FYlg70Oqkip5JOEUM81lqOQcow8QfVAReXl9S7PwshcwqbDWj6KCgMQt +TEMudxq0CDeFqmO9wTLHxLrTL3VsYC+f81iiEuRXfoQ/cE7TqLbtND82pgqvuQp7 +IICC6SXp6x1kkesaEoAS+omIwKtQ2i7xlL/P/oJ25S5HYdwPfpQqqm+OcgGwZWUu +MNdiZn6L/lii0nuOuFkxtFU8kpEoYa8BylpHpF8wrrMfJyKMNRSqNuezfe3zCyRV +kZQYQh3ILaGJqt2uPQlJ3agJjPTE9f/EV9tcVKv7yN2k0l6p44KPsuRDCjTOkPLt +CoFb8czUcqMoenCVoFvpVzOeV/DNUgwa7kAX0xdpZyW8atNoV8rg4Vm7boSwrNNc +9wMTuNj2VbsKiP1O3IWRswtntNgz2NE1cGxiVOkhCoOsK2RHgMx+4oEVkdgBxlBF +9AMxJGQ+9pr2WUzLVt3IuvxBmYkCMwQTAQgAHRYhBIdAIIwOk/7IDuv5E7d8Uu7C +F3HdBQJgN4hZAAoJELd8Uu7CF3HdusUP/3b43IGJFYNCnQFEFhNClhcB4FuZiVsi +E2bOT3MJAKyBoaSQp7PQkauRBsBkLi1r4VgQJaB/qhSPN8nabT6Mc7WaMu5HitbQ +nQ0zYZNkS4affOAj+aDm4esYKbjENYVbcMHYThKxqVP2rh4CK+KrUnL7Hy5YaFxw +rbc75wZIIhiovm5+4R/phkulwgw014IIeLN8EWf7J2qsvFnGqa3yt3cOU6YHJNKX +sYpFXMiOrG67rnrhsG1GeScLhTZ0UM5oz6iZOmQt7WKj7JWRQSovNx16uE9pYk0i +NpvHiv4FlOddhk+B3i5ZIkjC2DiXl/oCiNuUrZM1wakKFSkCVXOkRvMHb9+IUnRU +9IdU+sbRipm+sltHPOecha6dsnn0kvfkdwxcQRKqO2LRhdSed7/OxgXmJxTEcOr2 +Z6J/irq7bZ/GoYGT9L3sm9SbQoAVgEuh1W9qupP1MPp7fvjQGW6+va7Z8s8qzDVb +zJ7jPy9XYmHw9G53B3dTo/Ckx5hY+yfR3tsrXpXwfzBVJp5D1rQLoD7Z0DExj2Mm ++FbDhed0LEdPvGyRhiOzN7ZPwtN7FxnzKWDFMiiu7shlmyoPe4il0CyKB2iN82yG +DVDIf/ybKcQqoNeBm0MfMmiw3cnjkZ/MJoLFcvajRLHPzxyTvOuOCjWSTPcdXw4o +c7QbEW0c8I1WuQINBGA3eNkBEAC6I+a7CsOoebmyJT1fAcgTlenPBC/TfOBmTBcY +owNwu89u7lsOlIq9KxEetpogNwJizMYIkkju6wDGsUN4E6jWLhCVWc1xlGl3sq3h +WRk+0qi+x9acMLmp48A0QxXpCOVH/Ctn6CaZHBRwLo2ftMLYghF9ntnkOkWmILFU +j5DoB3NfgvuYcDoSVbLVcKDWuD5Ik1IDbnQPGdq8viMev5mN0eaNMgxkIqkC/7sm +QSbCu8EKQ247HT+/rOkE7tBSSdTe3eVigrO8GcluuVTYmBT06OaOY58421zP17UJ +VtoFQfySyZD9cc5nAG09yPcivniwA5R8hPMPyAdTTtLECbW8qXUw4S0Y+QQUu/re +Zu+msdF6VmgFVo7fxnWzSae6RIS96Dy85NJz8l6QT0vsBW4TJRxbRv5unGqR2yPD +w8k0RN0JBFBlqxdExNcFz15eeokollaAN26KbrNUGhYF/hVlQFwy6GNnrVUAPeYd +7/SoXTegQ+iGpzuIfH3Lp0LAz8Cbg9ri9WqcGlyO2ePF7LEGImv0w4yEFHqjBajW +2KPe/ayXOnNgX7uoEuQ5OlYML9cA3M4syGZaVH9yOZq1TBUauB9UYg2ndTadHzv7 +Z1wpDCvJ/ahJipDgJyRNh4iYJxYylmTn+rWuZcOn3CulEnFeboLtVDS46NpvRr/i +H1ZkBQARAQABiQI2BBgBCAAgFiEEtbXdMyFCrWV+jYesfSfmELij3FIFAmA3eNkC +GwwACgkQfSfmELij3FJHcxAArjUVeIa72kGwaQO3o7VWwtdXuhFC0l2/kfNTa2Cd +IIyUY+3bl0RZbVmy1KInv7D6iJmc0hKX4ZDYDMRsDFDDXCBVCI4M2Jy83BQ4j0gj +BoHX+V2lEu6kf/856E7XNS8MiNt4N4i6BzyOTdJqcZqfygjmQgobdtqt1WTdW62z +W25p/bFFOuZHjaQJo0h1YNitivrpUtcX7Wdk9CvvZcdqXiDKt8DsQQuAtwwIg16G +vGw+fBE+qu7TzS15/A0h22UuGXmR5i5Dmp4G1d8WVgam/zQ0ZmD3WjotKIpPEE0e +IGUAIPCw5nzKx7lNqpEDCKF5ZBxaJnJKppv5SY/WnpK8SsPE7fN0Kq/QbIDkIutd +bwulkJU3Mk+5PNX9jryjOA0qarEWTDcTFbH8ghh/92BFtvCEeeU93ZMPIvtu2gWW +4SKDpsq8ECTMpJFEwL0b7P51xmUSq0O3YXnZDI6biJhm5c728KxUa7DL7aZbIH0R +pLcdZy23qXyzeMya8z71D2+s6MUnc7TiKExG9v8fjuMKMOEgPWstHe6aqBPaYvNH +bkY+tZAbzcX0Cine8i6dOkLaG1ryd4DmzzTlodzvVtSy6TMYi2XPLa/3ChZ+VlLi +1rIQ+6ZqxGuLFBD9AjjONUBvu4WdZiK0koJsUJNMepYvQRHsZvG8peXMFlRFCtVB +pD0= +=h3zk +-----END PGP PUBLIC KEY BLOCK----- + +pub rsa4096 2020-02-25 [SC] + 8740208C0E93FEC80EEBF913B77C52EEC21771DD +uid [ full ] philsmart (gpg key) +sub rsa4096 2020-02-25 [E] + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF5Vg+kBEADDQtURshtXwGjjv+9DHElGTtit9cFdYKJYY7SvpRsTd7z6JLlq +oSjCURDvzmsihHOuUQeEwkGxTgveP1nzrXkNQvfQneLmkLPs+eNv9PRH01vyFEjc +DxP6pOaG2Oi290Yf6k0QmQrJEH1ySYS7CCDRVy/9d9bHlPWzPyCH4E/QVaHIJcWO +kghdRnbuVvpH1Qlx6NG8sh8IH2ZVT4CPcS9A3xszSHX0IRIq/1Cs60xi3iS5bhxU +vAnNv8MbLPCGYdhqkiX4Kp5dpOIPDqpm7xP63KmGHQ9VCJ783pziwH8gkqx5dMLP +iIIf7Frf2in2CyOhzGR6+uLX68+WpkW1sIw6hkqaKcmIc+I308mrMXU4kCZ+TmKD +pQQn3ji7UeQ8mLUA8kXWaUuhoP58y1e8goVOVvNbOZrGvFY5JW1NueiJne1A0ZkV +76fzaw6VYrBDf7n0FKc5WIoQV8XmF3iVaAo4pDGv+quqa6GIYHcv8RLdyqLArbwy +EkYBRC5QyI1xbhO+C+Mgq6P16Z7luhRLu4c2KYNQzOA6fvqNEAFbTs2Tl1/JW6gt +jhPvcunkks9x+8bQwUczk1KzCegx9c08xyRqQt5EddGogxWl1Wyh0m6VYf9qjlNR +lloCJlChr4KiAVqJbZcmymGHtgr3DFxy6mrvpMtdBUZswE+qCsYljO97MQARAQAB +tC1waGlsc21hcnQgKGdwZyBrZXkpIDxwaGlsaXAuc21hcnRAamlzYy5hYy51az6J +Ak4EEwEKADgCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AWIQSHQCCMDpP+yA7r ++RO3fFLuwhdx3QUCYDZ9sgAKCRC3fFLuwhdx3chUD/4xT4QJJp/1TglYdwtEYPNB +bsfchYYHdWT0YJhxukg+fTrwRGWjKmFukDgN08a3bVO2xeA1W8RnXpmmu0z/JcSJ +QEpDMddL/qq3775284gCjzFFtODH0sbUCi7RyTBXmuJzEaE3GOnqkMXcr9xu31UT +qp8Ydc04feqaJ2/3IPGqUFPvyu8LEzgpT9101qyv2LpUvUA7S5xpVcwoZmPyeHOQ +UCoNISU+Eh+aGQg5RAUXjLVcRk/kLVvZt4Uddsz217UbaUV72TL0FOKerNAYLu+Q +91oE7+WVhRWCB5eHwy5l56oQ594YWLVAFpIApDC/vfn4rBHqWMGA4/0jSCAjgMWx +03aUb2II2PAXmdCzKyVetQcRlh5fFOaLmYZ6WXewuSkpworcQErMu8n1iEGE7XzT +SAlWuNVP+6mkO5qNqJwlHhxWNRteiu93rZFR2BmyZbvDnbwG1zBZX0HgGRtvCUF7 +SGRjM3dpq8L3Hm8qR0aaGQDjxEZAyGbvLWCb51MydKjUBYfgPdAQPViTLPWPFmyc +3Txb+Uq6pz69WbN6vsZPqIigHIC+ftlMI3OGiKibWr+do+1wX6hGpxZZpjbFL88M +e33i/JGqaybAdlKWKWCaOHZQ17z+ydigFaViutXBq7iBUPUQpshZMxEFpaCiQX4n +6SuWXFJwfZQYz+82iZy9b4kCMwQTAQgAHRYhBLW13TMhQq1lfo2HrH0n5hC4o9xS +BQJgN4l+AAoJEH0n5hC4o9xSGtoQAMK9cnJssVfi8MhwjSxEx1/KalOP891Om1JF +WPXIVFA9UaD/iiY7Ecwvxp8BIzZrEDkMvgL2agEs34mxopUz9xvJcn/Yu6K8zaqs +umP6lzhqFMDZozigVkGXi33/bK5oQ5/Gv7LmUCAMp5gXR0pYaEmMVV+oXc1X1QjK +xDCR7Ay6rUQK4Tgfupf7xjwF21ekk921U/TFZXZrD7DNOsHJsXwGCOluN1VC0i/U +gnBkM/JNlMv3Am7ipK9/46hhbiTmcOfLJUzPVsx+JznjT4m0KXaLZ0n1ORA2ZSK4 +EB0cB38RSpCwKqs+vRZdIDf3wA8hnMagBlSScgY/lbcLsWIexA8ow5C5YSxclEs1 +hZ7WufX2oq5tJ2w2uLFjk+NXzSJdo27Gfq0LkFeYDRIMD25CJ+QQhQmBWbeP+oZK +9z6oRu3VXLaSFhZ2hTLm7sHjX8ZgJMys5mf7a55gfPc8BCs65SKGVXMjpy8kHJxz +Z2r2AOHbBiwvMQofMjjZztHUgZWiVro2Tp10VP+X4ZXQjlUEQE6hlRAPbB5MJMUP +25qeziRW5/CtvC4iOhCuPNkTlXWbl/JttHCdesLDD5iVwnzEEDl9iT7FxKMi8c9a +ugrw29e1JRRIVErrCC/GrfWhFLcl+mcR3nbS/LLVyWT2ScXO28kF5Xenp4C4FNG7 +JDPQ+nf4uQINBF5Vg+kBEACtMxmTGdtiKTfN+admpkGZncDx5EuhF3pnv22ajLkc +pEIIZE1FJLh+52hbiZE7xfGu4JpvnRPN8FcEFQ8PQ1sWhIW4Od2gSbxWm8GJtFKd +q+x33xAsWwNN/KOPSp9htHIMIpoOrUBxYAQ5S5pnIdxvFtEaLf5nny+yCSEZ5Ojl +fkq3lDn5c6rp9ha52iEjl+PT4tdgxApmCaRNTgxY7QhGp5JQLpd5CBFNCRRmGd4B +bQqK57ilkjfKE8EXV0i+R4udeBaGADjJWkWGSxD1dggHwpySuU3DXPSCEOZjuBKJ +g73L8Jea8JXH6KvW1v3eNPVt0qdp+K2pN+ECax/knp3daaDr5Y9C2IfF1zBSUSau +n7dP5o+fzc3xtoVQDhbRL3jHys1mLfNrf3gVBbaCkgaVFnn+EzhPJIB7Pz+H/OqE +OT8Fj2aFmAuhl4Whgj01GBe3IrzNNjT8WyyMt9iDsfAS2/U2MVhriGPpV+jcNBtX +0egKHDnqvbRgZjAvvCzmykuND4/MG1FwgqWlOonA80Gtr3aCd+9WbrAum8H1Trmw +KWOj6ZRApGfcdnYCcGW61Hcz2MPSjU4q7QgOIbqOuLin7aa7eX1v04KmYjdNBpA+ +nW+58SawsavkBFK5aW3CGGBZDn61+x7wpDppRuaOmaFgTKNcjMkmqn2pmmlmUiJ9 +iwARAQABiQI2BBgBCgAgAhsMFiEEh0AgjA6T/sgO6/kTt3xS7sIXcd0FAmA2f34A +CgkQt3xS7sIXcd0oZhAAomynC+77PpNfkrRBvM38Yu+e62bCwMYc2zJQlh/0fuE/ +eW2pfd36Y7DnbY+Ir5qUlNsBx/u4JCpe8Cshy9cr9wV/9hA/amXms1d5+IqQ3A7O +5sCukyNj2RtuIHyLD8p3knPmvCb2+PKOQMRgU33eF/t/wpru8/4MA857Wzdl5dtS +rTe0ijUT3BKTceO1kDo1kgOebLJHgoXstEryla4XY8MiBZ97VjhMj9GI+gez8mGL +5v7ngRpGzn2y1Lzp1w/oqPCmQFrT4Mx11/ipCF11cRDLDWf4N4kDuzdeaissI9Hj +5Qr+mnTH/gmwEyPj6p3r3rNxycYC95lRjnMhyC4P9ACrutP+V9PdiqR2B2Qy+uWj +uyO0UR9uGaOg/gqt2H6o1Bj+KRj0XjwyEWkKHMIO2jmyBds/dbVYo/kBh8JKNv6N +HSz485EGfxOCSwTqNI2qwlIEMD4DH9DhhrjBnJJxcbat+43F2/vVWyDcZ8I/V0JA +36+pf3MKrsiMtbZFJ3XKtDjPOmRampazn2DXA2XWjzEK6h/BqlRXHgoV751yqAj5 +SmVz1Czgq5KjZbrl0oU8FpG9auHmjOWimc8TDy2VPfF8yoBkt38c04dWUJGkSHWw +lDM9UWTIcBcbZvAx/xPQa6LJexPS6yrqYZCdbGGyMFAAp8l1WGNbvIw33appOwg= +=Xrom +-----END PGP PUBLIC KEY BLOCK----- + +pub dsa1024 2007-01-30 [SCA] [expires: 2021-03-20] + F4FCEFBF07F9E397A9345B9D4D37705B61CB0B3F +uid [ full ] Brent Putman +sig 3 4D37705B61CB0B3F 2021-03-19 Brent Putman +sig EF40FC29EA2882BB 2012-04-25 Ian A. Young +sig 57C5CCD598A1618C 2012-04-25 Rod Widdowson (RDW4096) +sig 9A804E97D7079C77 2012-04-25 Ian A. Young +sig 378B845402277962 2012-04-27 Scott Cantor +sig A0B3CB09D2B37353 2012-05-06 Chad La Joie +sig 49A1796B9B494CB8 2021-03-19 Brent Putman +sub elg2048 2007-01-30 [E] [expires: 2021-03-20] +sig 4D37705B61CB0B3F 2021-03-19 Brent Putman + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGiBEW/2aMRBADR//y8Q09eVxjblKLkHUjo05oMyjBGSzRoPs9RKwAAPB2JKMVi +c6ApBjPauW9cybtZcPjgdQA5vmodjNGMVdcDrbOBZ4x9FTX+m6BdjfKmFk4PCsB+ +dJ5vMVRaAa24S9CgbzaSURJF6/fK+Pk7V6+su0AYR3P4oLDWw+OY/DI2HwCgk6cA +knrA4mTVpPp6GoN38va2MvED/2Nz8Zt2BreTo1PUo24ejlPMjBKaxm1wN3lz7RRw +rBlAI/PnX7e/dOXURsHk6kTZigpzHuF/zqDhMTOT7yQphXT1YaDPttZtWNwkCLzL +hDClrrKVlr3DT0IELQ1ckmYrSAYO+9fjp3ms5+8F4wVi2oo1tUDnYrjf9TetLXmD +91xaA/0bx3N9jorMfrazyGhh8XFX6tFhnlI7ok1a7uDaU8ZJ1hlqsjMoxHbNAld9 +fOVYSmoighK+zbPjx6p/aajQCLp//sMLqAskq7ajQB0ywWFjmXAmKPhMLdXh/i7y +EcBcR++QDR8TGIkZnhCC35pI0e4xjf1xcapv1OZX3yiRq9i1gbQlQnJlbnQgUHV0 +bWFuIDxwdXRtYW5iQGdlb3JnZXRvd24uZWR1Poh9BBMRCgA9AhsjBgsJCAcDAgQV +AggDBBYCAwECHgECF4AWIQT0/O+/B/njl6k0W51NN3BbYcsLPwUCYFURVAUJGpaJ +MQAKCRBNN3BbYcsLP8L2AJ49+3Z1iHpB0twf1bg+6b7UUKNnjgCbBrqheOrsoTq/ +WU+Y/cN7cJU7M6OIRgQQEQIABgUCT5iJSwAKCRDvQPwp6iiCu4M8AJ4/pbZEIaW6 +vJhfauOP8dsNfZsFAACfbj1tW9MAIshJQdndKJhKv8sMmw6JAhwEEAECAAYFAk+Y +cCcACgkQV8XM1ZihYYxCaBAAlxoA9+yadlemHhY/nmR7n6pInZnGVMXgeRIbsNP5 +KBJoo4sZMdOrHxlfJnaMc+3kttmTH/a80tGPCxV1bruE8rW+IOZyVvkZaZirT4sK +Z72vPU2345cqe4lVgn8OQO/i8+yovK6H17rMAHeS/J+TRf66DPnn1hlBVUsYs1Xc +kt22FnEDPNKcUvc8lFtPGh/AJAqbUj+7HzYGRabpOsR/t/pOK3Aduy2GCvgpSAW2 +g7Hid2kh4kWVsqYlzGXXUDhehQ0f4GnVDnqE4gBKr/XQd6l9nbwmTA/3jTAzGgNj +ySvIsJ9c45PJi4L0sARenIASYe05BjOt0PJhqYZ7yqCnlwGqzwyX3ztXja1yL4Dw +ULfpHVbMxMfFkHvbi62tSg+qVk5whBFFqkWo4IwcJunYKM6MHfAM/5YMjkN120ec +VA/Vc3S6VZsNqptDh7ED/PFWVXqT3w/j32Q7uUU+VF2acLnqMGcf5a4QIjWe5Oc8 +WvpMPE4VXnufmV/EXRMnPfv8NNlKlYWvAy3Mvd5SIFXx5VXhCDnPXGZOwwMV//TL +jussHmUItEhPpAm34oVi3IqGKDoHFUSnMNQ4TDCxmJZpF6Ok9eG2oLu1SQcxyZ2M +Yw2VcfgShDvQg7RYck4fq1W5hvd1Tm2J+Nl25sH+hFEZnf+2YjYSiICy3gr4Vk3L +03GJAhwEEAECAAYFAk+YiSEACgkQmoBOl9cHnHfb5xAApHBnHtEa8XXaayQaQXT+ +b9oLIOQQXSCckGpF57jYQbjznr36xtDPwCmfp4GBbLRNUojXqCXUiwh7ydMiG7TZ +pCbssfc722NU06+gBym41Ozr024zdSRsilZ0O4ZsO+2glpSwhC93emZ32iDZRhhf +cZjGeQLOKYOrH78/Uv/meJxQOiTu0Tc8nxfvQA/ibpZo3V1YzKUISB6ymF8J2BaR +Ug8Ql8ZiJC7AwIhcm4PcSvs9DhwtqwIhYPYx/AkPxKTPY3lnw+w4FM5kCpwZWvYV +Jqlveu+War3szbTgtj4eiw/9gijag+De+vhjvmmg6bOFvmlf6mqLSQ2TiZWxsmwP +KlRPtZHLKag9DfmGFhD0QVOq0CeOQJ/iGqAGbsWq9EQ57bYOgXLnSZd/oPxdTg2R +M5tOg3XUYTVyC4AFgpLqAc/zvXzjUohAEmcAQqhRpnYR3j4NPF2U/pkHEspd7x5x +bzLFevlRguHDeENEb3d0MVxNTAh6Ye6y2dy0HCwSjV/PYLy6NYC+krTSNUfTlkON +MrXVREEe86mbbS5Wk6A2n2fSDFbDcprJtf/8FfSKmMremwFXK4X+XY2MFjTqnrkP +bYX7YHE8avBx+iCxpCD2rb9Pq0CggCQ7GZihAqPqi6CJtz9ZUdNGJXw/O/lZqApf +CnPRerq/TAAf/G7rx1uQ5meJAhwEEAEKAAYFAk+a7s0ACgkQN4uEVAIneWLOpg// +QUSRggc3M1OTGTygx018SH3E3bjGVLTEUUqP+NTSDdcxM5WlLl7bk9mBTvn28bX9 +HKa7nHxPTyT8dcmxTf1Yq2r5Gycu5tG5pF2qHYbhopK3q4oFBVPAGVs1MA9YHqjY +ZLVK6Fr/9ht0HON0WOIyUpc2X2eC/7Er4khHpk4R1wgU+IEJX8uWKM6Ave0FuUI2 +wokrrrkCWytah6ZTML1/RN94iCqTsba7VnBJYwgwA9Fz68hhbhJXqwgp1PosaXLt +ROtTLgvR5kikg5zGsa9OjD+7Qm65w5OceRPd6+zzt4fMq5lf7ih92oz4OqChPJSe +zzpqLuqXs4BEDFRRxVyfOI+tzEQ9n8v6s4+m2c1OXV6/5ZHdzOtOCH780FxXV3/H +YAecig7ikCqfcg9I+ZQuvpcp0UClQEMqgqEYFzuoiagJA4wXIr3i40fW8gWHnuop +weBqqrddhVndJeCs8MKIjiANxBbG32JMSMD6mMsvx8qPROcZB/swuyuHDDMxpqZi +Tes0jPL62s0sVJ3rochVaBYT2kgAKRzFm7/BbXkpPeH5RbmeshIFGHPZHGdTZY9m +hMA7bWbXT/SgwJcL8U9h+K7CBvDH9X7kxVaNrIWeUPViKKbSnQv10uALvuPtse9+ +aMcMldKdnvmxUKjqB/H/NgS2xS0u1XDOwofKOJwUWwCJAhwEEAECAAYFAk+mYk8A +CgkQoLPLCdKzc1NFpxAAi7mW/WipAd4xbRHAtz5eG256ygUmchcyrGoqgOSRwu9k +6XvPC5gUSIyIfH2ls8QYmc+UdjdE1/q1hM9hGwGtuXd3/AsBwmGzhKqFeH54A4hy +6BpSUH4w7r2ht5Xnd7lquWk07jw4Bdx+zmQM6z0EQZ3G1xpTuuaCoLCgozvDIyTK +t7WqjSyvMj77dGpHwhJ4HyPXqBv9B2gyDGvWA33zP/KiVadMXA+sk2qyW4MHuLHh +QesNJrc56QX8yeWFg4ZAFZK1r1msvS0gNjAsMmz7i3NBWPb/fqZKSrgipNKebSk+ +7ptDq8KE75dJkYiv50kdezdiaDkpQspK65Ejufg+EJbUtf2ImRMwCmr8n/PjbXxi +/+90rBBb9qzA/hEDqex6DVuISkvSYruW9K0ijkBBzf/hO+2zfrwNBuKFKDmTqtXU +C8U+3uBQUPYL8DhYDxI0JLCRhhrI7Tb6w4SZ3p3OyUlVEpZX+1kREMt3BATQr2Bq +v28+TlDaShq0JiV4IOQbloe2qdAkcMMG8G0GcqZBk5IF/bst/AfeDuReq5MEYu5/ +3yxHOdhp2oGV0g/sxP3arUbNd5NEhxG4ELO4bYPI87Nzh5t8Gmiqe0/kKpMpO+KF +uUpNjGXIe7UPb93BrAiAz5YOS8btDVufhOOVxonV/J+SNY5SCWk3dodosqBMNiGJ +AjMEEAEKAB0WIQQODKVtNUEyteZGwl9JoXlrm0lMuAUCYFUQrAAKCRBJoXlrm0lM +uDJiD/0e9oTfnCG94c2HpcWIeXtxOERyvmLSCMTt0GHMG0zFlsf1sYWbV0LvjSyx +FGYJGd78qcHVKkBu607jL3Uq3GCxxH0Mrs7WpluYWbaH50EnWiRLX8oQbN+rKMTA +B17yM5D0qGX2Oucw3q2OjTkiQqogVs7SVz9SzsyoZc10DQLh256wcGTO8Tkj+jzj +O0X/uh/wb/KUUfL4BBez+uQku6W1uxFJeR6Bys0HBsp0FPSugSif0JmgfNJDZiCH +ZgIAeEUQygAQPIYK/mjGx8pmT9KSQTIAR9j55OQgqMvKJVAu7dxYVIv8wlxjI8nZ +SpoN0djhoo3oniXD0rUOcBH/ZP+LCOF9p/Dv1iUmryiYeGG3NCpRkCiyIB4+fAed +OvDaAvMdaxkJIOx630ddW3wjQXbdU1yeV/tGOVNDBvzn2ZRvgoWniBMT58pitjED +X3sbTnc7yW5/lcaJrCccNREUnpcTyixV8TkN+T2JeboBQsenvaGhExkrLzQBTXSP +r0m74VQLfg7eaZZGZT6Gt7msVBjCL92fcBXCTmVIzQNMFyCxQQK1QIFHGs+6OdzZ +81m23bSQk5GM+rWkZnamrvAW3qqkfrHbQHVSjHOaShYzCx+BIwa46GvtuLkLtmCg +dfDj8w4QRnZJqvxaki+r/LQAkoim5cfg7kfRzKhrmY1qVopVOrkCDQRFv9m2EAgA +0hiUItjJyNSoMORiK82k7oGl4hSBUDhxwIudHHvfwDb/dHsILRbMUuIBrJ4ZAQxj +iACdQB1s+F1E0av77p8o2DO0WMa6xCfIngdAWkcQ1AS/mnjqMMJKPX72VP9Ncg9x +qC3sMRUigp8yKJ64gukdtGBAazIn6FT33dREPjguvJrXEUvNac1ixRX883eM3b86 +ZVfdOH54Ipnt5Bgg+vn7gGPX496mwBVXJOP9AzTNYDy0KYfa8VvbowXoaxjt3GLJ +zXaBNy0H7YsxtQa3gau4Z3usEFTxQzY3lSUCaw5vLtf27RIo0+Xg1C/m33fOJ0dA +nF0FkR/3BW2PrR/AgXDZ6wADBQf/ShTzOUhCK/Wo5Rk6X8BfzkG3h27VEMjqe8Us ++7vcY9Z4xzYY04RNyMsq/fS7feseWE0Sely0OuFyD4+CM4ug6oOehKDT8qDJ55Cn +TheD1lsLyPyHda59U+dIC03UfWgEfhGFJxAFHINmh2ef4K0innm52yXmUM+rHrFp +9UTTsKpBpmZ333z/roKyF9YN+BDXTxhOn/aPUh4CaO0PTJ8HqJ9NZOvUhKUf8GeK +15QPjdhQs3A5AZIGuNEAo0yMy3PnG3ORTdwTasy1yOx6IasBDR/E8Beya1zDCqPV +2sXDv6IOywFwOM2absa8QckBup02Z2ugz0Tzs8T97xkjHFwkz4hmBBgRCgAmAhsM +FiEE9Pzvvwf545epNFudTTdwW2HLCz8FAmBVEX4FCRqWiUgACgkQTTdwW2HLCz+z +/wCfcBAfy3K+mJwpFL1zCMnrd6YyflMAoIytTmkzGrViOc793HHzM9YzqNE+ +=UXmh +-----END PGP PUBLIC KEY BLOCK----- + +pub rsa4096 2021-03-19 [SC] + 0E0CA56D354132B5E646C25F49A1796B9B494CB8 +uid [ultimate] Brent Putman +sig 3 49A1796B9B494CB8 2021-03-19 Brent Putman +sig 4D37705B61CB0B3F 2021-03-19 Brent Putman +sub rsa4096 2021-03-19 [E] +sig 49A1796B9B494CB8 2021-03-19 Brent Putman + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGBVBOABEADBLsUa6QnLsmeR3omq+V75BlCyfBnklK3ooRyUul34kgmoMIu4 +3GZFV5yWiicTpBDT8uF464EXq83H6gYYSYck8XgzuRDNNN/MwMFNf8Qdf3LVVN7A +XE9NrsSCfHBr0Klf/wkCLY6ruHmdQLCv43BXziayJHPWyMBphUOHOihFiCI+3K6c +wQ4PXTjkSbhedPmgNlC3AR3PjUd3+KDN5BYBlqYeW16qdF6ZFv5PSPKUhU3+yvd2 +LhTVez1bWuJJJDxbz4TD7C9yboPFQ1rG/wZvzv5hTRP9VuBjjPyF8NCXYhWOQduG +K2e76OZRNHgjBYUhdmkP2aSOefxUjHI02J2leyOakX/CkA/UWzSsdx6fkREB12uT +75mlnT820Qmuni40xO5LBv5Y2aZw9Q3xaWk48VYGixMPQIdMSCJjcJ2KqQVfciiE +2gncL75h5D3XLERKWQJqGdkYxrSziLuPAL20QckcFKcaSWuegU2MbrqqcfgA4VuY +CAcDHVey2MHnFvkrozuCXaD9cpGMGfX7cgJU2X1gGrpI08+rI9tOccgpoxATiCAC +BAjA8ipL9wliH42pTp4wKzng45ctS2d7ZTmilEJvZoTfOnADA2dZT3xLiWEhJcwd +6q29jGOUQmEKZQCp8a8mTQflBBLbqvE/wsOfdMzigrwbttVHX/DXcI+F9wARAQAB +tCVCcmVudCBQdXRtYW4gPHB1dG1hbmJAZ2VvcmdldG93bi5lZHU+iQJOBBMBCgA4 +FiEEDgylbTVBMrXmRsJfSaF5a5tJTLgFAmBVBOACGwMFCwkIBwMFFQoJCAsFFgID +AQACHgECF4AACgkQSaF5a5tJTLiiCg//Ty8xCZAcoY/C4IpKHyt7AMzhQb2P4aJu +F7xk2R/EdhcHXrATzf7/JQdohml8vuay8rBniH/SyUEHbIak6OtHH7HoX4Eb5MSd +7CaE77hd8Kw3GvD/aRGne77BAwCNKNWSEo1RJpnf3R3UtfNDCbVuOatkrsym4CDC +2kHScP0yvxrLU0gQxRIEQaoPcBXLmZZzyeqo1wvxuqT5J/ixGiB4PomHrf3f8ZFh +ynZEPmTyg1fIybDuHdjgKjkzlRobzbDkcLrHH3/wLMM8rxCAaGhhCt2zRMIbOmCf +OQxdF3CT5jJRJtfkGwkZ6ig9s/e64Tolli+lVHcx0z2szgO+EQQj1ELAV9irWq5J +Klmf+1WDqbqICzEwm1Rtj0qEM3jXSRhifspxfzj674u6TK4nJ5lJE7cBqGKT6rXH +FFKKGtT9r/8dPwd0foG0dGwyLNMFv81dhxqvPTPbxKTuyB1G65WQj/D1YvqB6h9S +rxebqAw80dMyDmo64hVSv8zzqYL3lR/gWRacf87yUVsnp39xyM2k1wuYusexJViY +unqLUyL3kH7YodgCDfoXlM0dc7cDbsJWFqHuzqLxDj9HzGnTcUt8BHadJT46RgYb +h7j7GIy9AkYy2b6nRkN/A8x/nlq2Xs5b5NEyyzkwEiK7aj9KmXEtFR9WVg7KqjXs +VYXm7OTDuGSIXQQQEQoAHRYhBPT8778H+eOXqTRbnU03cFthyws/BQJgVQ6NAAoJ +EE03cFthyws/U9AAn1WVOCIcl610MlmJ3lCm+eD+dxgLAKCKL0BGICM5MaZXWQxG +Ptb3/aTOhrkCDQRgVQTgARAA4KS4RhDN4WZmrGimC/N5m+h/qIDOaovLPYOEZGm5 +kJEQSLj59C+sHoRjlEIPcZTUFU3B9NlcHMCiNui8RkWn+TvqO1gLQ4tUV0zPBAMC +QO8HUk51yKVwzYYMhz8OSUplpkWnxc0q8cAUFEqMrs4uWcbgDmlx1My/l4tqXpbU +O+bhN0MvZdsj/vzQUl0pcFSzm3rfIL3DN1iedCM2ui1UNh2Jv/rnKgl0rG9qUfhN +HgbW13T6BkTb3svDPhXYoOvOvU0BCHZXHEHc+kn5mOlsLLZAcvehIc8RzwKfW91U +S2KwcvZed7LiegNJm8EZdVpit7Twj1aPBOiWOsbWzseYEwgvkRXnfdbhy+LHygrb +p8qXhqFssMTwjFDm3SS235Gt+xX9vlc2y5Yqc4mcCI+so8FsW1ZLtYuiTCk/mG+Q +zMQ8t4HcnKB5GLyE30rVsuIq/1AsgxWAOpmtOXZOyqPVqG7eBtMWY8Ezl8utYmtH +HI3g9jQqFFbhnp5cr5MIoC6RsaSXhVbm92xta1ZR+c1B910x1zP8vYGX2nxgs9ff +olqLK2Bg0UJNpcJYbh1FMn3YzkEfrh61JiyPXV6UByYSLMML0Kb3vzCKQBSmHswN +51i34a8IralF4i2AT4sxphmyjbrlpumH4YVaCo9MCkK2aVKSYsV0ZAvp+1zXxz3Y +/V0AEQEAAYkCNgQYAQoAIBYhBA4MpW01QTK15kbCX0mheWubSUy4BQJgVQTgAhsM +AAoJEEmheWubSUy4YhIP/0/SG759CDN67R8MpeQzF1HNm5g5CouMXkd627K+lWwG +/VQwUD5AFYnXz8gGHeH1z49myLX/NF2azMbpTRmxce3APZzzC9v/Pk2J9/iR2vl0 +Qz3l3FWJZdh3xhwmamPxYiUHk07Njd6aIEp4ycjt9Yi8kIcmcF6cm/ioTPbeKmDD +4onO4CyZpb/n5augGW12eznx9iktoIbR7e4hGUTQBzYoydq/bqr2UrC7a3tvdjbm +F8IFrWeu+XG34JqhK3hqzbenYLLfZ43RjXl2MyweQGEry8XenecHWRw6BL8IJxtX +zFHfhbdrfZWtGPeHtU3SzOTBehvElY7P/JVezustiPlGDDzWGkxrR6fR3edccNzG +uSICThyx3zsm+cQhxS/S0LZCfADaEmcvEmBiNAXlm4ZcuAq0FiiIVIQbe5+LW57a +DZSefZa5f93YIIJEbaApumXetxRvA4I1BX/4qBbbB+cnHSZKV7MAFlxeNYWPdftS +MnH7K8PjMv6COveVsyHmsX9Ikoet+NW9YxWZlfWcboMkTDbbjbKKWqWoGYNC06DV +nG6/MXUvpJWdqv2UOTozdpb3lcg9f5yr6gJdmjCuhQuhuuyxDaJvl1luvx9jfasF +9me8O9a70d57htKwjrwyqHpf8UCwqz3qUf/fFYq9Xqb5IMr8YtnLXdrYoG+PrZ/q +=FpHm +-----END PGP PUBLIC KEY BLOCK----- + +pub 4096R/2A4B3FF0 2019-09-18 +uid Rod Widdowson +sub 4096R/441D628D 2019-09-18 + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF2CHx4BEADfUvo4sPc8a8uQjfvoHdBY0qmgwXlcAOyllBKZ5g/wYKZO1Lkp +LZh/dQFBK4AjqRnzs0dq0arK0W5WijOYjQ+s5cd1MMXmzqgXG02eAS4ooK6KsSwv +mo2FydddQKFbwLkGdS/UXcENWNnzGeJhmjmcPSLgRo2hsSh63cFltq2+8fwl1fQ9 +FzZwscOOkJGBb7/nqdHdnvL9yrRameYFo2iWF9P52cjfv5NiNklkDBUHeISuX48I +pI+kSOz2b7/aP4vKOKOpOaas0MAdcYT8AcwrCD9OhFFzfuIs/S9+rHGs/+M0vcWG +DPR+IY0L7Stgkc2Hz1gazuqHBiOBq5VnDOE9nkZ/mY/HwMJzYCtuwQSPyidY7sRk +lrD5NzXVXGtUri/vghOgRcT3PG8P6zL3UrJi+XgwNSmNHfWQR+wt2Rs9SqrHav+g +xqHHxCmcH/7HSZEAFi0ooxybOCLeKuAuu94TWi/KAF6/d9iNLekXpuodKl/ceO6d +9h8791Rjh9a2BR6+VkIxf2zSzb0IPrmGfCjq5Jhc7m3AzAYNWJs0e/FK6G3FYfIS +TYAGEUJgiWkm7zpV8eDiUo7Qjs9YTQPuuVjtdVCzt3BNm5NUKyrssDxYFs6ryFop +FDoFewGPhFTnh8wTo0PUYpVj6ZUC8YniFE+XAOq8hufgbiqMcFn+2A/qMQARAQAB +tChSb2QgV2lkZG93c29uIDxyZHdAc3RlYWRpbmdzb2Z0d2FyZS5jb20+iQJOBBMB +CAA4FiEESvTYPu3fQ9o8BssxAUg/JipLP/AFAl2CHx4CGwMFCwkIBwIGFQoJCAsC +BBYCAwECHgECF4AACgkQAUg/JipLP/Cr6hAA0RQyvAvWXnVNA+js6aNpqNO+rGyw +sm+ajSuPNCyrkELlR08qpTxaezQ3soDJ9iWYgpPV767szs0yZmbnEEq1QAJXYsq6 +0pGVtuEtTmqRYcxuZwwqfkGJhs8p2C7/U5IcbvrvlUpHD6G4CEaH/CHthOpyVtBV +7cHqt1l0+6+928UTdkZl3OPrbQloHHgHN14LPWY2MiGCDIbLx5wOrwrJ8hoiGeK3 +npfUZsrothsh/hClMWB4jf5sM/fltr/dT+Vi09JjE7/2wDTIq1R7UsAUte6sfhb/ +GLTVdQmG8jsWfMWP3rKDFBRiXHNzM/gNP2mHnXLO6UlSkV2JuJ9fgSKiBpXhtrI3 +7PTNnJdZz1Lm6rl1T9jgWdzRkl4x17bBzgU8GkTsRBS2vuRFDdsoywPJJgw7sdP3 +FTVBFfCGil9DAzKjGtbeIM2UBfx/7ltqVrHMR5pgto7aXpAt7N1X4ocTL/BSlZCk +nFXnMIpW+Vsg6NDg5bRyC3adaReL3APnMkmBSSiqu4hFwrD6MVXcLN9tQ70sW3QT +e1lOiUMeGQkVhiRWiZLeQd9jIeN1hoDGBnBYBgAeawGO5fGAJCTosXLP07C8lFLF +5SYN8pBx0acuZMVwG0NKGcYyP/3Z+3j4kWIlpN+x455nQs/n/ZBGLlkVygtlXCC5 +YXIbnFuzOi3Lofi5Ag0EXYIfHgEQAN1hvXOZMrBeiutbBj8l+aAb7MwAAofjiuU7 +winmi0sgIRMCwTDSgubPpcaPxBmKLSVplngJRSwnMcb1bQmx8lVRmSjEoD5Uui/c +CQsQY8yd1rQQbPUlOWrlTMjesctVVryCb4jnVQO+vsotI73JGTI2RFHTpMbPv03R +rk3arxenfwS86XAivDRR9NZP8VvysXJCgua3t+Vm4bZNOnqoEoWBEAn0d1mVxYz5 +PFcO3jP4S8ceyyhCoctcyCO3xdSWuwQWJbKCHSi9bByuex7lUbGaoWO37IMkTE4+ +7/rtlUA/NoFNzxnQVHo4FhTBj6KBOFxrL09VCk1B5kfP9jQ2/F+sWclhHmcFNTmR +xpVepkSOuAisCDAZIMTYJiI4rPJSTDrhcy1DsSTTNFv7j0U5ISNd16HMyg4xUoru +U6nu5VuSO/6F8yWRpZi08UxUSREvrAKIMfKMZd44DC3ObYVsEr5uO/jS7KL69PqP +OmLJnVcL10eZmBAA6XGinqnDZmd3mR03aFRw3QKNGgDap7Pi+kN/WHLM+O9QElyx +wgihXcw7/TIDajVqxuqGMZhz21cpJx5EcaZlCYQKFRtuzuo1L4fcabzSwd3fVw8l +QZlouja0pEcb5dQueyvnm42tSZahAi5Rb8qeh0cWG1b0bvxe+X0vH5BYpk+iB8mz +1eA3NX/JABEBAAGJAjYEGAEIACAWIQRK9Ng+7d9D2jwGyzEBSD8mKks/8AUCXYIf +HgIbDAAKCRABSD8mKks/8EPQEADGWjxyxh9HoR7d3mTUjuurLjR/9cu4JQTHxZ2k +Z1fcDua1IBeJhZRb9P2fSogDxEGeLpUNTnCxKHq5tlJUKYrtFBqab8CtvGEif5i0 +Nh1raWPw3IzqtGGu5QkRL7xebxDURPfO/vfoYUbNF+tMUNGDDUu5FObde0oxX2Cq +8vjaSrlthcQpFT/4z4K3ecU+Orq2L9sUw27/FMgwC0DN1xIvi8no/wwZD557XgVJ +WL6VYn1UQxz0h1zJiOUSNS6uEm33dKzp4kay0p4em7kLmsMu4zp/Z9ICDlo1CdK+ +IzKZQMjVbwfowe6i+I0wVYTTRhSGignjErI5sw7jp1PLUIwYswj+tm0QFi5b40Bj ++xgnJaqX6SCQ9tE8mdewFIqyrzIikQAcWp1tl3T8jHogAnubuRmMjt+BFvgfif8o +AtPC4OBOWnp2K4Ci8ZOqvH0iFYxiHofftRw3nrIdQYcOD7dtv6CmM6FhxZtg9DMl +R8x9igyDtzaPp7FKgHaMxLtdxo5De3vgIoQWdKG1tWLxMt5DCOPHpis0MobeiYMv +D9taEWhR7lgkn9ONep8eUNvWKcDZQ6m8Lyl0JyWn2z2kj3Pt+pEcunof7xaDz5sS +daJ1j+TzGXUXZuHI/dSxHi1ZluexNi8x5B81kTbd7/VxxNc6C/Rgara+qwoo9hyP +HEdQFQ== +=/gwj +-----END PGP PUBLIC KEY BLOCK----- + +pub 4096R/02277962 2011-09-22 +uid Scott Cantor +sig 3 02277962 2011-09-22 Scott Cantor +sig 3 30A2362E 2011-09-23 Brian Swaney +sig 47905D15 2011-09-26 Scott Cantor (Internet2) +sig EA2882BB 2011-09-28 Ian A. Young +sig A9D7AF55 2011-09-24 Michael Craft +sig D7079C77 2011-09-28 Ian A. Young +sig D2B37353 2011-10-11 Chad La Joie +sub 4096R/5B94AC0C 2011-09-22 +sig 02277962 2011-09-22 Scott Cantor + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.11 (Darwin) + +mQINBE56gwwBEADI6Y7tBIdYr8t0zfHU2hRbD7GfuanIkn4Fhf/CZ7ICN+SfA/XP +JAx3HDRkM/nc65U2mKG7vG3zlNOcKgeFoCwqhlLc4sSGP6DDoPYKtZOLEHwA/sIy +Lldw3re5KbCFIElnbBW/0av15IGHXgyylmG24jhlY/ufjLd53Qm4agxv51kdYdgH +cI0djzLqvMWTabWhw8QtmitPZSKdqOwTqkIt6bYAdOvc9r5bvAzemw6IO01L9aX7 +/yFIVJAYySL/UpbEtLcl3B/qXUXwhiq2bAUtvdmV+35FSMrAgfD25bYv+dVoJdtX +Gb4tQcPteSRDIQYswT+bilEtGOOu9vqLvko3hSHOK2Yqc8SufDakrOlCWO1R00Sw +QHGSkPKgA5O3RpOz3qbuPN6sDt/7FgqyzB6VqF9445bTqWDfIihXEAFr97gf28Xg +ngAn2Tp8ZZ6zTzYWv3/GGvCedCcrHrIG/nKf0Z0/1q9Uf8P7crv2udGuZjs3bMtY +RQNKzki/wKRuGnZ7HjgOEDIe8E+QMs+568i5vYqdaNrmCxUodRFjwkZ/0aRuHzxo +JNQaB/r2Ckj5X/yEX6f45D0hiwBmIFz2+VUnis7RAPelcUl1X/kT4p/3gvKSsFE0 +Ti7JWCY9e+ntnzcsb4ywisFen9tQQPP4G++qnhGyApz323LfDVPJkFWWJwARAQAB +tB9TY290dCBDYW50b3IgPGNhbnRvci4yQG9zdS5lZHU+iQI3BBMBCgAhBQJOeoMM +AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEDeLhFQCJ3li6fwP/10LcYMk +QhXODeO2+QkPTxM1VMxTBJCjM3ZX5ZpCCCUolJuhHlqNljpJUx6q2VP7UvNx1T1z +eWlCrScHUZnxaS6Bh0WTz/SeNdMj1PDWLZeGn+EokRTNSRzHU2XJgdnURCNb8pWe +rSuE8BuoMOXIRP+qj/fxKvNmo5q4zJ7y5P5qpQSUXxbdTuXi3gLuiWWfDJyFGs5o +4mNIDAu0rVYkid4OovHMO/5tWahkv7tXDuKvLjHBii9n7sKlpmyJxMkxi+j8Jcba +qHKu8nQNzEQh2GTQqI+SI/s13dvna8DhnfTKN/CqSgLVeWnN4Pi/uKX4vod1w6KC +Xg8OvzlSGij//lIHrni2ZMvZrfbDwacIr9vzJK7pfCVQhKJQAEoZ6vJwF5OHPrlz +xR3rseI/1AMrv6wSmoA3G5fUh/CEICe90Mpz3pjyQ7xoLil879tMWGGTIBExb3wJ +XI/hcLLA9dBDvnDl6RL/B5yArNiT/hLhofW8Su0N5jdYXkgM1MA5q7vju+Bt/yfP +SDEHBaAp2XCHXXOyUpXV8s8wvu2JXJPaJ3akYY47eBQnkG7gt5SQud1Bl4RFnBZx +3QiEOwQlYhrODSVsRYIu1bsJ/8HT9foxP3CrxqrrhQySyc5TqIj3VmQfeaPYjxPL +6eX5ldS3VxWCP4DJh3IchYsd9mRAu+QfmgnmiQIcBBMBAgAGBQJOe++jAAoJEPpB +tfcwojYumlUQAIDiXg0ErWbfzOIlnQgGVYEqBeLi/QsrSO/VauytDMtaKOgdJosy +33DNteMPICW6DGr7wZ89evduZXlnKjox4mLJsvNAJfNuw+Gk3eJPu1ECdTkRftB5 +/f3ShYcH0ZJOvaMTzLDd2bHdQYW4/gQuYcjLFi9ZJ1KMZM9E5U41Gu5Hr/JUKvPL +/nVU9ji/Dn0i/4nFuNjmITTRM21pc1wfYz0rvGfCuNIAYThxWIelXXaCpF0P3hfw +X/EoLE8P6QkJoAgoPa58Zx1qdptTqUz5TKuxw2+eleMNQUd2V0TbjnJ90GBubxEt +bMkkrP0RPP+ti2j4DoU1k9Ghxtp5K/QDUnq/kySao1UhI5HHILOeG77fSzYqfDYy +fTaq4z8LFp3Gus3/dlYZxq3b1Hcobs4X2oQxX7k0nzgwc2qZR0JhKN0quHhUZly8 +D/4qvEN2Uqa6TkuPlC1vdAC/SqXpxQQQn56S6fNCZbxQfPhc7Anmvc4jXC4Z09KE +roi0uWzZbcfG7e8NEVba2tuPn8YefrtokJGqQu3FGmA3ij1g+8LyR2PxY7+IzDXT +Ds5+msQDxLUKOc7CRnBDoyqv4llmT8woUcB7LAiIsTWLVU96Xazijs1dpoW2GgVH +fdEhbcswYVSzJ+rIv+1EbMMbd+yjlU7L/h+Ia6UnxitZb0qNca51AhvciEYEEBEK +AAYFAk6ApGIACgkQpXtW80eQXRUgxwCePIV9LehYh+Jio8mtQ74I/NWvfDQAoLmX +TfmKAganE+r/FcCcwykzj70ViEYEEBECAAYFAk6DTO8ACgkQ70D8KeoogrukNwCd +GX5zZOsC44CjV2AopI8KoMFJto4AoMH+qA35GIBUkEt8IoRVFs1rp3TGiQEcBBAB +AgAGBQJOfS4aAAoJEH8LUwap169VyrAH/1lrWiCJarm8eFLNlajcDt5TR5ZpanZV +UbuzAp9Jk8XtBkCMssnuzcqqSbGmq3P6CuaSTx0BybBOhRgC+UCb/DCS0TGomJYU +TcG7e7MyJZC4ocarORGURABk1UK/fkgEBn+9o2jdDlf7bm7JHlZJ8huLjiAq5fap +zp5WhTUAcreHjYieTS5umt01yxFatxhqiTbNXzs1c7Hc19rW4cTLREm6YQUNwTIx +qJ2hHyDfU13ephowv1DpoAwLXdHAsNy/C8RKRlr0Qc4snihVkGevLNWatYK4HP6M +0tEvGX9CpnTXpOsLZkfp96RMtE2TEvMEEA0HVoZPE7/kCyYR5DForeqJAhwEEAEC +AAYFAk6DkGAACgkQmoBOl9cHnHeZQw//QoUi0oP1lp7MjbFKGovCiCQU1qE0YEDH +pkkDxwj/yoGK3ylOGd32regz3TuoV4AP7ZF7eZvrIXsVB5p2b8FL4IkBJi9/cXUJ +dZ+cy/0Cd7vivd48nEBTNZvHNkyKyjFW8/FcE2IyylJIb9acV2WnZgGqfOMp8k/l +KczfzNaaV3FFVY15Q1Q7heSUiAof85/dxAOoW0i1j7dmRNEKRHIme0v71Qv+J714 +c95ujg1d83rIa5uVfD/EeBbJn9WvRWO7OPYylhuyJHurtvQ2CJL9/RUL3mIsaNxT +HweXfKuLsyYoIkQL7HpDIGDpZ5jPMrvSSeP/8wgY/NUNrXhYsVK00Djd+vV925xD +rdA46pNEF4FwlL4WFHZgGurPxGYJ4MXleWsQ21t70GvTJIt1FrF55aYuHJcf5x+8 +VinG2tu1pCJg5b94OJ9km1BY/xjgnNwxafqplsBVfMjLN9NM0j2wKq/glztBgIra +KqZocQi5omrmhiJp1qrdOdWFhRtIY2kCyoX48137FbshAw/O9ETF6p5EuKEHd+Tj +stThW6oIIcbSV6PKAi9n0cL5URL9JKO1+q6QsT4YssuixaB0bfuF9BuYdvy2xoyF +eKD4uN+qScqM2/N5Aoechj9aIfhqyhX4Ex8WpKdzEzV84pfGvvWk8kEZQESHr2hZ +RqykkdLpqmqJAhwEEAECAAYFAk6UUdsACgkQoLPLCdKzc1MFWw/+Ln0WSpZa6HHr +7v+zBIjT8gWKNcTh4QY11wSmamZmFJ6FpnKfJsQBnSw5h6yhZ4uL+pr/XhznDZJY +yhdR3novamyrBfVJHkpQjcxC80aECdsIz+3p1vNEKBFnADez90gUcFRNVxd8waOZ +sDf0VwRsu8cv+umMt+/LrpwsJz8mWmzU1qzITiAMN0IXdnzAqA7fOrFZvcfAn0My +SPGDyThUsG0rl2DJH8f1WvbDuQPSw2l+/Wm2nxwB4sCQYhnrvFu1cCWIeWnK/5U1 +EG1FvB5XKOSCs90Y3fLe6nwlqXAC0dqTj2CWoove5RKJ67U/R8foi/YJmvTzdQ/N +Lcu2zGGLTnTLJLnR/Fw9BQShItFYk/N5c5dls90/9iDXSbLhy4SzKPkdsKxPTOIy +7Kej+KkSdzVaYw5DXtwl8FUIEOkPhI7Vxm+eNTL2WNeONqRzxO3OnkwyIMOT+y6R +9CXIpv4l0HaT1mqXSwdc8Z7ZgkcmMg2IXdCjb1jQ0bK/jwBNlyvNig/Hxdq95vHl +C5uG7hgPLX9rKrkOStqJC5WU9TSyF5oE4Ug4EgY8v4hVM/eQJrWHctnqk+aEYFwL +CQyjApfpzuf9bCEQNbER2lwpz3M0JIl4SonYlTrkaZE4cd5jMWISFdsGAhv6RKaH +gh5LlDIgQ0kaRg2sbnEECUfa/N8SuSS5Ag0ETnqDDAEQALc2/PpXjPRCzIk4MG+B +BisGO8DbepljnK5b8KfppxjeFTyWtH7Q5/5Bcj8bRZIOKFZR5Zj1BpOUbpEa5fSt +6sxzLlmvjaoYzOvRcPYWZbwnC9G6qqvwigdBsiV/259lf1kYALlUAC/D+HwEP7fE +n/NJU00ONCJhOhf/5+dgBbCtEufoBu9YggDWOg7jM+BlD28E1dRSmammFXYs+BK8 +Xf6mrqzw3IHGqrYkkJzn+qq2CF/y2asEK6RJq7o/JecT9TfHky7cdIlv5gdAF2Mh +9nl5rXJR02B476D4GWo0jtqG5y3Q54Kiecx2V5Al+ESxYAqv9wODb8SzrVQ2MoiA +9x3ENeu2g26YzB3rZXlClzFiAOP+qPlmbPW4W4H+sQ2u90KroPET+FV+xQaxHtrN +MXHPXdeWGwPKxq6uI7xgd4VBMP7Sv97lbn7fpkax6jRRIyrOPTCk3PL7uAssUDdt +TunX66f/ODA/d1Y0FJGFKy9s8WyXAb0EwOUrhNJqgUf3vCB/FAWJrjOJ1nVLhzU7 +MCqs0bAKnT32dWzZ36PXpqTRRJdpntiF4TYIgaW6RhBVmNNmxF3bQiHf4aTDYRN8 +uqcScE7cao9SsPrt9qnC9JbMM+bQhdAq1uYWvVA8zucR95GNffzV1J29lhTalYst +NisKWxxuY0HENtOgJsKPxbp9ABEBAAGJAh8EGAEKAAkFAk56gwwCGwwACgkQN4uE +VAIneWI8hA//b89SV9KuExBVcc4JWvAW4VcJWl6DpmyXDscPJ3tqjtzWfnnJ6Fkt +HQ0XtQCS3GgIAtocKQ6Wdzq+WwqUElAZcHQP68TjCaJuximDvaBqeeFfnIzZcyaW +9dXCrmM4+h3ZlRim86OuRvLWFCtHw07I1llODIexwM7WR/VJodHvddNw35Bn9rkv +HgPFlXNrAcArZXyU4pciey8VTvr36HW/USkz8dDxm0ATWxWsZiuuEs+MY1VE2Yh5 +/Y99va0w7+8s0Lgojvglksu04u/PW0XFID1r9m24OFJUz5+NDiHwFG/7NT9/Sd5S +A4OBrLWXAYxjU2uaOubRd5tPrNpg2wwE6Bqs6r9HxxOogw73LbnRWaFG4Cf+Q0qr +AOV3uVQkUb8Ed0vbeziUuHkHcQ2FsYDxoaKLzXcz3j023SH5FgcPlsKJI9K7AFCn +8e412bY2F3xujSXRB6hkC2Hltt5DJsSHaGNY41jhCcHQ9KvKezNmrpvTXI59bFv0 +VDzy7vlN67Y3On4X+FVqb6ejVae2vP+nIEk2S+Hmr2CDrlwwmuOCrJxoVqTwTiTX +mVrwpIBjQlG8wK563t4g053+oidWjK106DfN/CFdrL4n5ALxJzJIWH41IAyBTjDq +7Hy4UVCwEes88l4iYs50+q45cZYsbCms8svXSwt6pcAuKQiKaJdECm0= +=ShRP +-----END PGP PUBLIC KEY BLOCK----- + +pub 4096R/07CEEB8B 2012-10-29 +uid Tom Zeller +sig 3 07CEEB8B 2012-10-29 Tom Zeller +sig 3C9895A6 2012-10-29 Tom Zeller +sub 4096R/86D072E7 2012-10-29 +sig 07CEEB8B 2012-10-29 Tom Zeller + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (Darwin) + +mQINBFCOtAgBEACav1oCw1JgXow5rP7jHTv7UJxxNrRcdcThVEq/3aB4VtOmrXub +61InCHAFgcad1dwFtFxpro3TjIW9KIwlcCZy9u/qs12LBW1Dejuyt0z2yJ0dPgVr +Y1J7aOR6+F6XaBsmeOuVdQQOF8hKGXjX8Fuh2XQJXyvKBkl8eSKOb6eiJ3XEM9il +W8xsI6ImtclllLxG5kIbzoIGKUA2guKPw1dcnH1ObK1aB3Q50/I6PVj6MfYy7Ewh +2PQh+y9jxqdLT870tVJkSCHcYPsECBleHuzW0qALg86Uuv29RmhnN2xIs5clzEaK +np67Y6clv5j12ft4l1nM1fth6EAUDR3Yf0G5MNamRI7Ik5srEtuhq6pbv9S1gd1v +89BesAevv9BdcRrK2STELIQ6LOX/q32Us9ToTTEChj8geIhW2AFPjomlMDZwax5r +vci+vZP8vd7WQkQ2mIwQ6wQqni4lGf1vuwdQU3p3kud68q1X1dUF1jXlf6CaGZpB +pf8fFY0s8VCCt906/W9kiUXAslAl/WklyCQ7aE5DYevXv+CTooRtEEu1j+nUyqWh +DJ1LoojjC34wC8SpBH9qbR9nGes1UXraMTcySXxtQsLkxcWz3sMpeHDrjPUyxzRR +wbK0mPlSAisI0Bc5EiC+fJvI8TLjMzliroZCUr5L4bDptuMjzz1rgpYZtwARAQAB +tCNUb20gWmVsbGVyIDx0emVsbGVyQGRyYWdvbmFjZWEuYml6PokCOAQTAQIAIgUC +UI60CAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQJ37IagfO64sk/g// +fBRyoOTDHOaZ9o6tJ39mY4tWTK/JWFWxLmFk1CRkRkaCZCHRXS2rjE1j7+qoSY5E +MIXMTRvGc6DFYjPnOESZolejBdtGKBED/t1cJlpoz0b1QLsgXnUyGVFZdHzRrJ4k +DoDvqJXb1fTIZMlHQTIkDOV1966eo8GCOaGFeT0QFXak8I4jJnCnO9hE4Qzn0L8Q +BT307onaj0O2Lw3Jg1wwJkC0rdrwDoQdyfLYSHk+EyWYmn+5gsXLnax62V8TsHfR +uZbldLn8JUjVaiaErISxnMB4j/CWRKhTsORn5MjtcV/DRWcg1pirlZS8YjA/ozf9 +hRZSGr0GetX4MaoC1heCvBdv0Tuiuly7051f0NtyOGmJEA9QvdVzDa/lJIBK05G9 +WFmHny8cdoBSIQBz59FxkoQkiJkg/guH4bQVrCRPYzYF1sW/BxD1yxhjU4bYfxy5 +Gjh7T1pXutzlSHJRKVDZc+2KYLcn/I3HeMxUEt33ad1M8PQB+H5GzyUkny1+r/Pc +lOoAvErDQYqYqU/VpKlSpGZXRuYWTVtYrCyQnO+04xUfa/Bf+RV+eSatVhnta2aI +jJL8l0xqGbiB2cFWIoYRmwtVheGj1MYMQvovQG9kDaeKsC7vCVBezp6GKbXRUPaX +RKZ7XEJ370/xw97WGiVkLcOt5ixbEYSzM2tVooUWOeiJARwEEAECAAYFAlCOtusA +CgkQFSDTUzyYlaY1sAf/emi2LMkDpwds7F4n5UoC3nkdNfYNkdzGfeQmrISfImo2 +rs0M8HF6unhAWKzJeijf8kXxN+qgzlj0xyqxfEtojScc2r2ni+YYlWtQZqZGhBJO +tLnZA8aQKF5vOR+r/YxfkiIjHxWTOQiR8CznrcFhGLybkCjloW39mWQ0V2BEEsVr +9ZX9Pno+YPBuzBrwGfdmpZk8qcmiXqNdm+zQk+lhwMDQrUGEkxffcfVOHwcH/DBh +vyvNsXq5Tli4/1fUof+GkkAUiniJ0uczR33cXQ1c4EPZz4R5L3lnKrQcU0wiajtI +lGS95WCzqxUQdqUv7zLSkXHUTXYH5tgK9ucIJtWzArkCDQRQjrQIARAA1bZRNQmU +vN3fQqqJBW1wLnsmVC7WOwyWvlOv7stu+TOFTIHlwgrZzqnL63tyM1GhhFH2qO9w +ZE2F0fc8OHNX/b8IZLVR9H6Fm/Wtr5kp9gtHKIw4rF3sV6p0DyLG4hc8JH3MNGse +OnqQ71dhQp8twXAIfiEBL8ZlIJKkeOa+UNiffapwEjhEGOzRGMbaf4+KEXit9izv +BlyTzhoQOTKxYRz1LHHMMzWDmlYoesnOUp1NgFx6Qg4Z6/ooS63XhYXtOL6XlsIh +xwMzg1QwcpZ1TEY4J3SQneg7fa9XTV0PYBNQDDEYSC2m/UZtApbbJYMtnKfb1ruw +wMaRnpY8wPYfxKet+4BaWjtq0s3HDpGacE91qP/ZLjuiS4stcIKFYou7QuMGAHQO +RwkY9IsbFbc2pmpIQukCBlTB0ZYGa5B4McL6/jzuEfbqqT+1ko2q9WVDDUm9rAWv +HYPdpWmQ9tNPdzV3L6qwUDuFPpUYyQs+BORp/82EzxgLZjea+aFqjA0icZHpY5Ug +aa3KedIc3IbHawDbb10DHwCSIZLkVVZXOjMHD67HmuL3Qnh6VI9n86htVsz5HPqj +yPqz/Sk9mAK2bt/tgo1mI4BIV1VoYHDKKgGEG6WUyU7jB/yWhIGENJwGO78v3orA +Ga+uOyCDBCNHmCQ1Cl4fNRYh1pZds+RIWq0AEQEAAYkCHwQYAQIACQUCUI60CAIb +DAAKCRAnfshqB87ri+eWD/47Fcrq3GO6QaSmMWT4Azzp72/NBMIhL7arSP3WR2kp +1OJd8lp+WpQ5yNKl20abMj8192ZkG8Ypxy3OA/udjxTMoFvbhahE2EibiEfctASF +P6nBrduMqtstjThEWvXXznxvcC8WHxaneYyBjyAOM7kvrU9ZHPSKpgNjeddf2GLK +L6LnGyqrWPAlGyrc831Pd2/crFoviTDa9hT0lj8NTxooWF9n5oAEynIsWFbOmQTA +EmMK9lY68drGoLLckrg03GpoGh+iCTv+pRxzoA2BCrd7kuWtpQLvSuuS2ndtLCNH +uprVETXxk0dawD7gzclhLtnXbsQBhuh9rpFTcIpnRlZAywGwl3WUMT76MolDEVrB +O/8VMmRmLqI3emOjVwrNlUx4KxhkW6VBcej557HxExB13O+Hb7Tdzjf1u7qYE6Z/ +hamQtbUI/7vn/PSUe2dVpgKT6Maa+n0GFsIA4pE4mYTDXlX9BR3DF8PciKS4xA+P +Ch2gX1DQV3xiDIiFkjKztEBoA5gWeiCp/vxoPWQN9iHYl5mM8Zi4fGXaH9ykQcFd +udXcmCSPG2KGnFSCbi3yHqs6+e6HrCzx1X6IsP9IjbqbnR1IXmkJj4CouqK+7dgG +fdmyK/RCG8sYFZjYW9XAaa5H6mGImB9lzJqgUjbEQG8UxwmVhIOsxUHZ++w8+0im +KA== +=aCf0 +-----END PGP PUBLIC KEY BLOCK----- + diff --git a/src/test/docker/shibboleth-idp/keys/TOMCAT_PGP_KEYS b/src/test/docker/shibboleth-idp/keys/TOMCAT_PGP_KEYS new file mode 100644 index 0000000..6b7231f --- /dev/null +++ b/src/test/docker/shibboleth-idp/keys/TOMCAT_PGP_KEYS @@ -0,0 +1,562 @@ +This file contains the PGP&GPG keys of various Apache developers. +Please don't use them for email unless you have to. Their main +purpose is code signing. + +Apache users: pgp < KEYS +Apache developers: + (pgpk -ll && pgpk -xa ) >> this file. + or + (gpg --fingerprint --list-sigs + && gpg --armor --export ) >> this file. + +Apache developers: please ensure that your key is also available via the +PGP keyservers (such as pgpkeys.mit.edu). + + +pub 4096R/2F6059E7 2009-09-18 + Key fingerprint = A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7 +uid Mark E D Thomas +sub 4096R/5E763BEC 2009-09-18 + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: GPGTools - http://gpgtools.org + +mQINBEq0DukBEAD4jovHOPJDxoD+JnO1Go2kiwpgRULasGlrVKuSUdP6wzcaqWmX +pqtOJKKwW2MQFQLmg7nQ9RjJwy3QCbKNDJQA/bwbQT1F7WzTCz2S6vxC4zxKck4t +6RZBq2dJsYKF0CEh6ZfY4dmKvhq+3istSoFRdHYoOPGWZpuRDqfZPdGm/m335/6K +GH59oysn1NE7a2a+kZzjBSEgv23+l4Z1Rg7+fpz1JcdHSdC2Z+ZRxML25eVatRVz +4yvDOZItqDURP24zWOodxgboldV6Y88C3v/7KRR+1vklzkuA2FqF8Q4r/2f0su7M +UVviQcy29y/RlLSDTTYoVlCZ1ni14qFU7Hpw43KJtgXmcUwq31T1+SlXdYjNJ1aF +kUi8BjCHDcSgE/IReKUanjHzm4XSymKDTeqqzidi4k6PDD4jyHb8k8vxi6qT6Udn +lcfo5NBkkUT1TauhEy8ktHhbl9k60BvvMBP9l6cURiJg1WS77egI4P/82oPbzzFi +GFqXyJKULVgxtdQ3JikCpodp3f1fh6PlYZwkW4xCJLJucJ5MiQp07HAkMVW5w+k8 +Xvuk4i5quh3N+2kzKHOOiQCDmN0sz0XjOE+7XBvM1lvz3+UarLfgSVmW8aheLd7e +aIl5ItBk8844ZJ60LrQ+JiIqvqJemxyIM6epoZvY5a3ZshZpcLilC5hW8QARAQAB +tCJNYXJrIEUgRCBUaG9tYXMgPG1hcmt0QGFwYWNoZS5vcmc+iQI3BBMBCgAhBQJK +tA7pAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEBDAHFovYFnn2YgQAKN6 +FLG/I1Ij3PUlC/XNlhasQxPeE3w2OvttweOQPYkblJ9nHtGH5pNqG2/qoGShlpI0 +4jJy9GxWKOo7NV4v7M0mbVlCXVgjdlvMFWdL7lnocggwJAFejQcYlVtxyhu4m50L +BvBunEhxCbQcKnnWmkB7Ocm0Ictaqjc9rCc1F/aNhVMUpJ0zG1kyTp9hxvN6TbCQ +lacMx5ocTWzL0zn6QZhbUfrYwfxYJmSnkVYZOYzXIXIsLN5sJ9Q4P8tjY4qWgd+b +QvOqPWrkzL9LVRnGOrSYIsoM5zWdoj1g1glMzK/ZqJdRqqqBhe6FYTbXipz8oX8i +mCebcaxZnfLhGiqqX+yDa3YUwDiqom+sZOc0iXGvKkqltPLpNeF0MVT7aZjalsQ/ +v2Ysb24RQl9FfjfWmvT8ZPWz8Kore1AI4UcIIgFVtM+zuLlL9CIsGjg+gHDE2dhZ +DY0qfizlHL9CoAWUDM3pIfxM2V4BRn1xO+j/mModhjmYLZvnFVz4KGkNO7wRkofA +ANIWYo3WI5x83BGDH371t3NRrrpSSFP0XpQX6/Leaj2j6U6puABL2qBxhscsO6ch +c3u4/+019ff+peZVsc9ttcTQXsKIujmMb8p2sk5usmv6PKVX3oW/RAxpbVHU5kZ5 +px1Hq7mMQdZfLs5ff4YymXBH02z4/RmSzPam0Xb5iEYEEBEKAAYFAkq0IlsACgkQ +b7IeiTPGAkN0nQCfUkbSwYiPeKQg6n2w/DuE91bVWLgAninl71+xlXNMZ+n6kBCX +On7R8UCpiQIcBBABCgAGBQJKtCKAAAoJEDGBeFpSfIEkwqkP/37xinx1zPlX9XZ4 +S9ShAl5+H/ZDvqJ45eJvHcxsym8/Go5nT3n0ny4wgjFQjG+X49wk/P0/rwG32xlk +/3tLLGmQA0MQwBCd9F9Mq3gLof09sgB6qyr9N4PfPHmsnkae4vmsS9cd5pXB0Gyy +b03rveedxUjD/joOrCfA28VIyF2yrCqiANr1dJruS0ieTuK9BskY++BoADtlwxhh +OGEEV/xAMggA20oWtCoib0cPZAj0exi3c+s3E2mUaBI7Ycy2yKpztXImb0cPsd6v +h0YpymXIl2OY1XPV8G5vUVwS4Ojs94lR4ozDXkl7UCPEW356SWVNPpDUTwxE37mt +TKqgsWjwEmfXU+N2rh9pqZY5RApFmKRgxOmF0BTG8ml9d3U49KAk4VUGIav+Fy32 +4M82Ka+mG7ZqgoBuc5nnEMmVYO4Zhh1yEt8d3lKRl3jRbmvoxvxQRRGUYrfEkCxd +XhspVh1OD+ZcY7V592OoUmsi4a6LZHrRirUuz9t4tVNctPtraDtClczEw1QdAseJ +Z/oTQrKVQ9mzXOeFdVjLOdXrAuLagcr/ENa8QlYxulal5YqN7pqRM5DQbZiVY2+o +wgsNDh2s8LyArJuOJdt0KTGiFz3i2tx77JOVKkXBRl155dnhN+NuxW22Itf2okMM +Y5vwnQ22rpa6PUXLwmf/lL9SC6//iEYEEBECAAYFAkr7Bl4ACgkQEy5J1OQe3H5o +QACdGWeT0hXpsWvi8LG4smhXgqzCKdEAn0ec6xU4cBJJ9e/DRPzj9S7nqZFHiEYE +EBEKAAYFAkrzvDUACgkQmx/anzwGIjEsXACg6MZYvM+2cATmO1/SeAChCmzuPDoA +oLVG30rJdaAm2GiA5oMNLOdxf1SviQIcBBABCAAGBQJK82GzAAoJEIWPxMT0OFaj +8QgP/i6E4jje3nEn6c+/2CTXuSP7Q9L5EsPNnMinKDi+3ksnLOAOTGZZoaekb7Q1 +v1rEQCIwxcGDUynsh7xr7pafky/taYouoVDWdvyy6BC7itQ3DkynHV5AwL1sazmp +itGcmmLWs9sDYyjgMYnFAVxgoQnFEmU5lgZXI3bnAp5qRhPHPlFEiraki0qFP4z+ +gb7ljRC58xH3Id/3Zv8fxO4cVH6hX4KHDINEa/KTwRJCMvd7tol/IojkWxH73IMH +cvQHrxV3tRGfQD67TJTP9jvqfm34edIsF9hjd473y4aKNgt0G+h3g3ND+K7+ECn2 +XfYi6xWlMlP4TQOGKMln9P0QHrs1qv63iBO/D/rd/MfFj1pKl888DXBIQ6ytO3iL +DPNuRF2M9T4Rjy10nDXHnigs6jktg5hWKzXSnLKPmRmT9c+UCmym9c16044bKnwK +Abi8aOdXI4IkOLTedX8qZsQ3L8rSXMPpIqlfmLfDzvY1rXyO7loFRW76cfZE2Rkv +ZzjSOpgC4kWtaxXPJZI/gfDpUQFKFFU98dmDCRgFJXpVcRIMWaZ1iGT8MRVBos98 +M4JBX3//ftLNoTFQS5V1Ks3TEOrK80FdQXGLLXpz3cpfh3MoXLz+yjTMSkehhF1Q +X7JFBP/aYk5Nv08qaQJwPYvXNqyFLgk6Dg6dLOkJ/U+AboK7iQIcBBABCgAGBQJK +82DsAAoJEJmgMCnd+hmeW2MP/34UZZwx2v/RNONuCCMVaPqDxlAWaNlKOjx4s4ej +DtyyNaSB4zKOqrcLNdZUr1YlcrNduRHjrt9ue17lhhg/zfBWiau4PG/LZp6Yhhv2 +OAsRpUd6djcWW8InjDKG57Ks65dReZgOmd37VNYUZFlDMTtRgk002e75l8Kr1diZ +qHWQ97eHCWQrCmQSe6mRGIUMiMzqlzCK01BhJvM5fyhCigseuIWwYaLO0MYyGANq +qvDfp3iCoH1f7e0MhBT7fYXAM1Vebx5OAeU8Sm2NyeVSVXNmEsh+fPdPX3HjDhsU +0ht0LsZLsf+oktes+iavQ/wWJ3TVADHiC2sOcckcnG7hbI9MhV8IC5XkCfubVpR6 +5RTbCbyJAQQQ/AEwAsTtYaJIYPx+W8xh9W1qC3CJbfwNAJgYP3f2f9wOM3ha9zb+ +AevBV1+tWUNOlGg9uM1c1MS7e5ifSF52TIsZpsxyJE7kwW1C+rLYwvyFMP+5pfm+ +/IMUEVLnlOAndo542RtGgVJtoTyA/JHh4rVimf6a9AdpDMG4eNWzzLX7C54FbEOS ++zecBiJLsbwW1GoYatlNrrhDAkZSNsmAJjCkmK3gf5EjRAUVYOsh9oVGoi9iDMQi +K1OsymMTsBF9MYNkdU3Hz04uanIbMpZuB0WFvi6d3cMXwnhCdyxSTMmgl5SizXPX +M6AniQIcBBABCgAGBQJK87unAAoJECBchnPcdCx8joYQAMm3NgBPLxKtVxzRFBYN +VuhrQpWYkkC+eVEmwIimvcf/cJmgImu6M9YdJvfsNcZ9510/qm9MF0QrPYeIgkK9 +INJwuNPM1dCR9N9z+Odxt+G6ZPW4wK0pHq+CIWMBJe83+szfMi1X/t4fa5/9kV7t +4tTSIrwMmmclm0trn2U84xwAsAjTdWH8OFBISSu1W0TEHnYU4x21i4Vcvu75KYJB +zbGawunsbyTcf8xw3GKg6kHpNpaQwkU78nBhRMKYxEqW3p9ar/eDg/BbdD1TaGk3 +N8Ej370Us9dhcBeRR0u5tYmMsbcI5r8W0smBFmuJzvHmi1q4p5SHYI2yRyHHxr2G +AE/LGGrEvwJmmsNAfYsoT4z+C+DLwijawkeQETB9A3fPsd4y0NTmCYKY9hdTwIhS +jdcP9lLIqSjQuNwG4b2hUdUf+XlW/4EuK41SllLTgz9osliU2Xzzx1wO0z2FWfUv +pdJro+PAqO9RrBw7F4M4gJ84JzECritS40WAeO4fDj5vw/oPP4sedZOwJ9O3VvAq +ibaWxdJZ8XclnxquD/OMCMaV9rK46bHv66x0HLXopfDhbI+oPuzYkpQaubxAVt0k +ttzBqEnBBqGazuvkxvfqjt6byix/Pee5jAGrUYHEjAiNUHYrzwFy1PK6TOoDLww4 +en6UgMqMO/xYsqKyYlERnyHsiQIcBBABCgAGBQJK+zaeAAoJEDWVOV6z2OG65aUP +/1gXindkH7yiYnvBIyk72M2s9KV/msWjoGeHcOy+XNfj+NSseLun88wf+2guh3z+ +v+MM5eUFtTSiJfftOkFIp+SQyEBAtAgf4iiwA8jKHiffiJ0fP3qLxhaO4t8uaSbg +cbgmsYbtD6iuBH20kHZbK9FO5Bl6FcQ8Xy4YOi300LiPa3vR2Rza6kgpCqlZ0d+A +qlgUZ7X+Zdm2RSew5jXsRB5K9jPxbYUaJUJgUAcIkUnnnhk1zN1/3yi4mLM6eEL8 +7efoZfgLRbd6UZvE+nKEwpjU1ocI9a8dHpr48PVOpSu/bNLVs+LhEHfFQcrZx6FO +yuR/J7CuMw/DyNICY2denzMhmqYNVaveGTEZQn7RHPIV/KEsw8AyPv3pFX7uz0km +ISMJCmMQRRpW/Hl80H7vuFyQQUcNpCvYBii46+Mf3qCKVIhUwNZ92ytRQ1lrC7P+ +Qe7iCYHgVX1F749i13qp+EZTU63Zz6AfFA+P4LdUmmGCFvAhJ8HTlOS75b3eryOg +vUBLnSAXHQDbFQ3Ku3sOkCVVbXkHO4aGFNlEaQeatBtonCFmx9CDkEgdxUd777D3 +i/jll4DLOJkwd6AFAOzivuQqq6Rn5XO7QrCTD6gw5+yeRPZIf7cq6PHTkHplt1pm +FCpfUkVSpOdX0F++al/vSvyAK/XHRSETpjxrZ80deGNOiQQcBBABCAAGBQJK/hs7 +AAoJEIqviNbYTkGuHYgf/jmm4EqMBNvUDUVxBkMCHFFURIdQO+xQnuB4So5p/XVf +c55WKDPG/4fCvcB+sritcJa+FdPFT4EzxMDzbgnbsfoVuF27WV5yQzgTNUiHszYe +X45oFF30fh9vPKGfjzy4zeQzzgGzAlyijjBXdAEgN0TXkxdMCiVxrK4TAve41ZEH +bS9lmtFCXrX7SBoZhOTSVfGUDaxb/5FVgP/GhtG35wtFtDlaca3W0x8Wl0kyRMb2 +NPjO/h/VYhoSDlJGBEGotCafY3tqdwEcnfTcz2mv0Y0ASI6aaCN/BVegkCO1Q5uI +EpTa6YPiRJqZqvjUlocy/LjNzmcDa/11Ai8DUd9wHFVEPBPRc6Xz+jbi9VqsN07E +S1FCnOr+YIh1E7dsKENdnWmRW/vJjsyzLGcU5G7xzxZAyqHRPB6v1MX3HdAQL91z +V62LpvGHynGHJbQQclKv/3PKCu/IM2XAOVbHhakPNmT/1+ceoeLgTRD9WL7/6lrM +bYFCxVfNNYAUqkxo52bV/TBVfLvgsrNyhfpPGJ3pqOP5IaWzMcoi+hyrFv4LZYdL +8r7SNvkuX7z+WeYzPbj3gPg5lS9YjFYOuvr63DMPzsWng4MZqVSxiB/BAvGAvJwd +bDPqmHjL4cctxQOV4yPoHEacR8S6Ajg1tAdc0Xn2LFcErLnsmNz0nuBACYNb8cOE +v6UD12ovs1jLXK2KY0QcrQ23lJi/9awpoLgPcbwRFplUnXsNrsOMl9n+0CquSXAq +uoynmWYGvDgFE5TT6V2IVTTasPToxb32+TegfiLFI+rwaQPFgP11whxVrs2a07yw +QWT5P7UgX6t6veedw6udqzDJ/kRYjZhoV7aUfj05stRGIsRxzahRhRoybRG0RCBO +rYILg40pKIvAlN/wwpxKwj3tdgsAxkdCfatYJGH9HP5DLYS14tgHwyt9/7xbl6d9 +aswj1gBK0cciy2i+tBp5UoMKrIa3dijYY2IGLca7thXz3WfWYd9qEYa+rkbjvj3H +vuF6tnNlg9n893Xx1nHA016TyUzwyOGhIXvctKTpoPP59AC9WCG6GbFoZHG6uyR+ +d5T0eTBApbUxO814wEOL+Ux9BvQHEimuUsv8ib9WYPGr4A4f+vI/4MOKNRro7tRv +eVfIIemXwYX691Yum+d6ndVcUPOTZw9i952fwX2NdyNimk8svWO4fXI9IlU9FEy3 +El//1bJgxxE670Y2/3uKhziNu2b3YEEyTh5i0geiFJQjFggIQVCgYhS2KhkBxJJ5 +p+4NI3s/i8H6TMn7gHxmh8gf2QhcdIXoBypj554vDuqKS8JZd4uyhyNmSCex/4m3 +Xho4utrGZDoo1ZOrQvPLQ+fZxdcpqPVjdI5p2vpKXeiJAhwEEAECAAYFAks9za0A +CgkQ7Thz9dMmJyJhbA//cEIpU0T4dqP8fkYpff4cuAbOmgDlQtH8BlJVUYDAXaL+ +TTwx3sdjPbj5lIsl+6vVEHQRgftgZy2TMTnrz5OZdDKmxqAc3ae4qr4yjPZNzqBg +7FalLsUYve0KGqOM5WhOWOq25MRyjD3IEARuMpc0SRmggNZj2Pke/bByvs/EJUx0 +KAktsWHDQYPkutsh809lbpTLPUsc1cpw394gj7EESKv+jWe0rOlB3TuWexrD7RgH +RenDYa7lJIFZdtWX1vYAhJJVzeq5D8nMffTvppXgAHQPmNwK7Ys6i7mYChvp/k2i +At2BDISVEtssnP+joZjrAE+8HXqlDFXnR+Y6YjW5i/+/sKbdySe6ZZEgvlmw/4vD +zZXGabwj4WFRrmR2bLKcsrut+VtnVIlTZ0QqV/UcVcqBp/4vuW6Dq68NVdbXKe8+ +cAXFQHTfbpXQ8G0PTcvMsrQBMkfFBeYvi96UvQIbVF/dxW43eyQR8El8E3Z+ECNO +2GAkI7wNAU5HcfL9HNyw1X3nMx/NZ2qgaMnQdUzVgEk56/d0ub4TyE2mdNvINa4C +DvsHWjjz5QOqdA/2qZDKv6qpea/ZHAE8gt0fqSVY8rTJYhjvuO6CMeU2BDPp4YNU ++iQzMnAE1se0DeX32t5Ry+dS2DrrAXQK5Q56vZfbIUdsmzB4Fxis/lDt+L0lKquJ +AhwEEAEKAAYFAkslSR0ACgkQMXxt+Dx3Bc9pwA/8C6q6iGBCgNEHz0R6x9GAhmgU +ib7Gqu5XajASaH9A1Zd0sT4gBcFxdY3boUeDU9nr8a+wTPRCN4K7RZJVL4RzWnyf +HNBVzFlck996FztO1gsR4yS2NcuMxGTc7fc8I0s216nr2pwJmP4HzF8QVeLGsCbm +MIfylKXCriqaoBAcf+jRBGzQrqn0U3SqQfzkD/rGXKpDkZgS2ynI230JWKWqemsL +EhODDEWaz+nSOko3pASPNs4RbL4g21sFqJjy7u+BIKnmdwQkxVLBMj7MHRftnP8/ +JyJOlO0TgmoX3pB4QVC+xVz34S2Sfgeo5M+YtPkRl4DEBe5F2K9rEQt3XBBW79qz +aogtawbhjFpbKy1Hkp9CaoWmGg6bJV2NyXj2CWjrWeLwIlWgWDemYLiX90zlwTby +ubUQI8/2O52f3QFtO5G6Dap593ReYC8ZKQOPvbhkEKaipJbSAYwakNQAhqGZXnYh +FVwpdOFOnO3uwv+1JrUJgobXLGx1WX4BZwgZBqvGZXHnFkAaH4lzinwdHBNCgvTc +j3d3WpPoVUgpxxbd2pmYL5iT9jTnBviH+VmxDObgikWMMWbLIl2cCcwhhUB3SFe/ +emyKG27nwY/BAneez9qeWBrm9YtcQpONXRb8ct3N6mV9fh3SAKUBJ/8YQeFtrhm7 +fLyM7J6FDUikqqm5X0uIRgQQEQIABgUCTc6p/QAKCRALA65uTiRRfGzaAJ9zSN2x +ZS8+lr72Dy3ui3w4YiFalACgrGvpN1BuW0jAjqqQwZAVg+IqM/CIygQQEQIAigUC +TNK0Qx8cSmltIEphZ2llbHNraSA8amltQGFwYWNoZS5vcmc+IBxKaW0gSmFnaWVs +c2tpIDxqaW1AamFndU5FVC5jb20+HxxKaW0gSmFnaWVsc2tpIDxqaW1AamltamFn +LmNvbT4iHEppbSBKYWdpZWxza2kgPGppbWpAY292YWxlbnQubmV0PgAKCRCLOmAf +CMl15XBxAKDZ5PuM6hG8AHDNZaG+xyUOO00QZwCgkuvUBDrrb78TZweYttGPXB5P +7B6JARwEEAECAAYFAkwjU4gACgkQzl51YrnSm9IDQAgA0A7zvnzcxbG8298qiUWG +wnl/vH+ZqA7RkBQlyjvZuB8MadKWK6kxq6sSgyttOelw2jBpZ57LXl+9C/8s09/R +kfWpgQJK9J7oPm8dXiJjwuTgkr8dxQIuFLgiLHvwVUR9tPHw7xr/w8LaZiTvHqop +MMVfhV+TMB8EoR7G40PnaVlmahy2hrOJK2VkYNIoaKAWmApGAcZInM+aT/BWth7X +Ya1QxGxr1QDerM6XiygfdjRKJgrTPrxCBrRZ5ooYOnH4xxwqiTlWnesvmzxA+ipM +FPFpzU3NWIVqeFrb0hDSVE+jGoE8Tr5bujy2rHrWkcGmFYt2Mis316+6/3MVXBzn +lokCGwQQAQoABgUCS87t3AAKCRD46bjF0BjmsT6TD/dk0AS53pTGh2onWjpKJUOJ +XIDlSq99wY1A4cE8sNDYRnAlOWjsYocN2ds0u0vcc84q4DpnwGE40iaRaeD0ik1p +gBFexl0OTmYBkhzc/6TxS2EXQ7eQBl2a47cOXU15jtRHkfTJW1wddzXCby5mjUa5 +FH6RYxkK7s/2ZlAFpPpDj5Lh0dYezvEYaNk7tFPhl9DJnRKYi00XGFcypyU8eeEu +GQ6YItx0iccFVc82On5M+1YW4dg1aViXrXwTHcmWkfz5r0WVzRvAS99hwWcNmu8U +XfolKeqtO/VOU2aUmRRd9XiJMeJ0vmJZBwFRbSH5gLKbiMEAxOHb5tIViP/EoQkI +ZPwke7bLD8QefkwFW29c+U9bX5cIoLh8SEGCXIkrB+FrO/++VWN7Yt+SBtcA98rp +ejVgbEu/laV7rXmpq6+7EUlaUgjk99ddNHqvKTSIbAcfHm7sWCQm5hcLSDEXUBp3 +wimuKJbO/gu6Kbf3RVBzcIr3zz9M+tFBzp9UHHbraA2J1+gP4PickU/lBbvd3S+0 +E9X/vhInCPHlbZCJDilfa5xcUW1AL36OutPRO23PRLBqhEVlyDuUxG7gaHsm2QjF +x8hlx4ZTtfN91wl1KWmhi6Um6uZOselNTsxouRoel868GsbN+2HS+/oHGZt87DEm +bZSCGvlLuLM4OyZQGfQMiQIcBBABAgAGBQJNzqqEAAoJEDxcCZ7pYzSqXHYQAKVu +x81368OzRdnOkce14esVtGj77lEdlDt3HYJgCBo3D6QiEzTHOnQB5AtKpOq73rqx +XqljAOBHt4x07ibL5HoTulmfxRsFdFOCXqYtnkBNVAF6nrotCBcKkSnNFhfSqqMr +eC8ifKjkzbWHi5Q1ERsXnKzZXht50EyMj9Urw/WAM+kFyDLTKqVIUueKQVSQrv6v +uFIUBNQLKmqVvf9OSn67jqM6jCidwH95BLFrJHDUtxTpJq4GkfK4qN3sVBjExCRY +kNfAKKLlewKILGl7Xc+TYZuRQR8/MM6VZ2lMnphL53YgVT8KuWPYhJnk/8Rt3cBS +vuxXDd5w02xHucoqPH7X3UjEJ0fhPlmIxAErJWKojRy/aja7S0jjvKPX9AIh3DO3 +dgTAVdWnL/ur5qq29ak0PI6xMX03mhx+oNW61n6N1opSKsdgdcwWO7iA9trOtHhL +7X0zm4I0zBCEB+fjpxipX7XwD8GXhG7r/ohHl8iaD6VVf81kPeol+ecmFrfm6s9F +TIlQ2gVI7ZC0IWq/VmX2pD3G7LlufOL2lz9fEH+Sn8im/XpV2kMreno79Cy0mQmX +UAkSoogiWxDt33T8uXANC78wlixmPy1xVhLy1/5G1ICYbzgE6Ce1D13TGnXar+OU +87hP96ppmbYEgwQZs3dAcbxpgeyisv/A/p1jcnkdiQIcBBABCgAGBQJMdpNqAAoJ +EOE2CIoYJL3BZZcP/3un/2Cs1CwPe47u0wOtHuKEqnYCzarpy5dw3ucIh+3PFeul +nVcaFmP516FFlQSsFVtWf2Gnvqz0fPMoqiXR1wyAGN9venc70hvo33MJ/K2ATG2S +ttNgVAGMmxRsNsYPhrx7jv8ud7Pbld5ZTKn8eQP0qIeMzDECP2yQ+WpT8R31SWAB +N4i4y0ivyMJpWMndkCXPehSLQcuydufVcOHlvvCBUBaR+6o6qzn5gvZBITHUCZhl +jNMWzFqiAhQyUzTHB7PBfEWd3Jy0eSA8VcY835IgOPnzbn87f8uxKs7sTlff9cHa +Ut8usMClKpZQCHiO8KZ0Ulmcg3Ex20nVBth7+ce3Ggduv3syi2sWnlNtFl9vF0bF +Fx0OdLbJZdiBSYji5WGx1oBYQsCT5SuDArOngaTGJyvPodj1rB+4XwzIqnQpuJZj +A3y/j+C+ur3rEgNUzCdMpNGkN6SIjpbPGOqXosVy8xpkwtoOVocR4dUD18uqjpMD +N8d/NAxd1nBkv3AjQ3wQd/32ROs5JIkH47AI1kJ5JymZKma0qSz4NTweTFp6jMCE +b4AjfsePnV+mUxAaOIu+QApkhKjjKwXqokWfay/maAJvyS7va2ANYEKCrNoNZUL4 +Oh6vNCr0WGrrzcbK1sXSzqYMvf0asYoCbYA6F6gxuqKdNjlLaRb7s/XPvadniQIc +BBABCgAGBQJN0A4UAAoJEAjjDy2TKbhQsXEP/RlUMOvS5sfRvqqYtJiStJEOwNM+ +0z13wVIlA5rNywvGJcUAwdOjRxlZSnyjBe2+nZnFIvFcZw0/36+q/zCorwDD7OiG +axNk/xDvIhUj5u26v0RvjhDsbOwC0f1uddV0SDX4VDy6UNy5BW7YtkP6t0kGxWPN +0Ze269Y9vlWaFxdmNPLEoC6czU+oAjETeJYuHImHc2LAyTvwrw8K92Rk2WTXPXdu +txLTT0uNOQDk38DaiG0V9Yaqwq9+7wI/19QRvVAk4d7d4TBHoS9fngDLw83GC8P7 +qymM94h+bidJSYyQbjfGsNg8VVlx6sQ3V7rECb2uRmH5u+6eOsZBMZNFB7C4xio8 +ON6brHlmtHeIhGHiqd9vwQbhsS0T+Ixvkfblmp9of/EidAWAq/JbPuEJeR6n0P4P +UetKZ3ordZYKdh/bAXjnbrcucglEa7dYPwkIC2k9oLwzEWYayq2UPPS+Dm5vzmNP +ba/1Z/Wv2K+SffyOe2N/QYuSPlSUUYcaBcbY16Lbz3kW656qDGpxoU470Xy+xiTW +fQCfsvwT4HM0AxwVWmaOPp/Lu8lHDOgqZ+DhSTY7LRgXfXe4IVu2lw9t1QUdLKBt +QN+V8r0G5q4pFUzBC0zKck73LNd86ueuNvZp3dCFyEk8P2RPB5TG1rM0IcZc4PKv +tGvMHLLxuyX4IU/8iQJSBBABAgA8BQJM0s2oNRxUaG9tYXMgRHVkemlhayAoQ09E +RSBTSUdOSU5HIEtFWSkgPHRvbWR6QGFwYWNoZS5vcmc+AAoJEOpNytxNyqiPuSIP +/jM/q2a8cHJaFx6aW6vCJHeANgp8N3NKmaQAXj0WleNIG7iskhAb30wDGAvD8O0I +YO+tPRRxdp3QfzafP8vGECOhsKNG2pX9VUwXaLB7w+miRXbxD+yAbbo+4jSqXI4N +AYoR+tschgEVwyQZeMw0sntLPsQzRDMs1HXli/a5YZeUvQHu5HZlKmxRkZyAH9la +/nAzNWZH7n/+vLfUvwe1/susA2NubsGiHK4H62gsfXeU2ns5wcj/RM642KpQl3uy +hv593dx3IB/ze42jCbkVKcDorYOGEPccbLm1IQRTQxwoje7xpdpFnkNLVh51SnAh +02PC+pzvcMd4TtY2A2SWyEA3Jp/yvJsTd6vdSMR1VcJBvfyCN41b6cCiciKgDOMD +xLx1+0c6A7ZUqqgivMEalZsEQPJaD6Kn9X0jjh+aJR3Bhx/LGOSJUHa72gizLrv5 +hLVCA0PuiaP0dHHYiuch6OuZgwww3DUhsYQOKmXvOqoIztGSjVTAB8D9pbbxlyuF +Hih1hbg7T5q2tLTxb5JrlW4G4+0AoOybe4gEkPubf9JdzA2RuQD5vN7krpmiVlgJ +PDaG9pYUE+FqwiJsuDH2xyjNksZtCFyNbSAexPFY4GbuN8TMveOh/1FUspUTERp7 +hF91WIg93+AIzyIpQc1ryL1cnAzBF4uQ62T4mUR9JNIWiQJaBBABAgBEBQJM0rjY +PRxBbnRvaW5lIExldnktTGFtYmVydCAoQ09ERSBTSUdOSU5HIEtFWSkgPGFudG9p +bmVAYXBhY2hlLm9yZz4ACgkQXvrZ/oKn+81T6hAAmePBc4tVmcPvBl3iAiPD0UKa +bMa3tVYWLh9LDkaBnQOXiPHYfZCpACfnXfZLCg469xEEVrgpRl2aJHjEypm6txg7 +kGKcLkozKLxRRw52LYVuYO99CYXoTdmTZpsoC/CrkXpJXPl153zY80eZ/P4XNrxY +p8Pys5VrpvRibjURphwhDGTEHJKel6/so5mI7axuRxgd3fBUs9wUmTTB3h2cN0hK +mysMFmYjn5vG+WdJWmB4wRPDwz6pMRGKX9lVfdgs9RwH2YoeY1zCc1CXw2I8ox+X +KsD5OLyowCnGRftnPylTCqWx0LXko1xF7nY3+CN4P/ghh+0BRUiiVzT0pbzdhEVc +S7cXOLm99wXrDRzVcgrp4TGkaJSRjP7WWQ1KHsAI1lZLQyhOEdYex32+U+66bCjp +FiiBPpX2zdu/lXpFUIwmjNjEbXb7rK0Uk3lToF/QrNTaPnttrDFQNTOmGp/4+PmI +Acz2PkGcb+Osr6k1mx3f9p87saZMaGZXx9Vl+60w1d4PSJRqvawqHpAyMYEvgzjx +c3EtcnwlXI07qk8nmCl1XudlS5KHeJ5axWLEDNJCvEuJGy4moaFllwmTUtxDzRK/ +zG6QSJEPfH8VZiEl6HBpgzlBB5aToxc+Wy7UpGzwaNrA6KvwSaB+jSxrZYtHbwBq +2U3ttmamynBF1izPuOeJAn4EEAECAGgFAksM3mcgHFNhbmRlciBUZW1tZSA8c2Fu +ZGVyQHRlbW1lLm5ldD4iHFNhbmRlciBUZW1tZSA8c2N0ZW1tZUBhcGFjaGUub3Jn +Ph0cU2FuZGVyIFRlbW1lIDxzYW5kZXJAbWUuY29tPgAKCRCbuGOw9Ru4igbUD/9+ ++F4uqkO+F6g1QNiyFM47K1NaFLga/lNp72mOOIlZMORXpBJGeL9DhbDvN5KIQqR4 +I5wCONGtzeU8P7M+uLapFZmofROABlACUeVhOPx8fOCeNz9xU4f33dKJJnAsIfis +SMMyJR9Xz/IbNWvM6Kb7hU+L86G2cZPD8uvZ7oHyY4wZWtjTHM0ne/usodJffxIj +oQFhn0vAC8hBNWStI8UUih+n+iqvvXA2cB9v3Ni3VjQOGLKSZ5Ke2jpKdYTl5zST +frHfjgjGvIdkWz0hbVMzL+urU9oIChBK6Nr3DxY/XvO8PmFGh7V+M9C/gahLCrNz +fD3vKGi7OYkp6dODPnREpOSZ7elGO5mGQnSosqzrLb7kw/vEobBbxsYDwxxl+ONZ +8yxUaBpvRIrwqNEwb1YxlMCLnpRs7TJxxitq+zF7F0MxB5sqdLHSNqxcfbxpTflz +Tn/H9h34aF7f4Qkn276XKIomhge4su7jxHNH/G9gTk6oicdalBFRMFwBRpaOivno +FmSGa1Yt7C1mBBQkRXjw52ZRx8MHKnccNNgpk5Xc7+VT9nqmoulq1JfzLsrtu4D1 +TaleWOVN4X4FYk3S2VWxLV5dhmuCy7hP0ZsXOTBjLXC5wMxJcp7I3IlIx39a6U7O +vhWbguPxyXR3AjBUsMRfO0pGZKXxDI3N+yHOWAtDcokCkwQQAQIAfQUCTNK0KDUc +SmltIEphZ2llbHNraSAoUmVsZWFzZSBTaWduaW5nIEtleSkgPGppbUBhcGFjaGUu +b3JnPiAcSmltIEphZ2llbHNraSA8amltQGphZ3VORVQuY29tPh8cSmltIEphZ2ll +bHNraSA8amltQGppbWphZy5jb20+AAoJEDTqduZ5FIWo/wEP/immECQXMIMQ9zj7 +4RU2R6YV7Slzc3YATfjwOgOwzQ3qF+UTSHui7eiYoHOwRK0OTKW6fe7bh9/XeWLB +sglUl+RNuvCNHAQNg9/p7x9mJL05e3OnGpVLVnq/yQezCWo1GWIPxodwmoyI2C3S +iUapfKN1q0Ml6nwZOyHsgNCFYDVhmtEnIcK7/PXLpeYTpTBuXETZZQY++XyZDiVI +le2W3uxrY0k8zVPvGSXGIh2iHtAuCrJoNKY+webEe5QVNoAYnNyu5de+50gpQOr+ +wYsvuf7S1MAPAX2L48U/JvpBfDikZR8qujvCDAAe0bnom/Ov/eWtnONi4hpsD4T3 +kcElxWOph3mEm1YUksGmoWE0FvE6o7r04XF+VrIA/YwcgC5wGgGmYFU4DR384hMZ +1EMAsd8cKdYBja/PA4BTcA6Vc0uJVFaB8o117m7r7sHKRsD7CHbbKcK8ZtRNDQa3 +SzTMqLhsRDRl5wp9Bwq6l++BKPpvEnpbs8SdW+TxrxpM/0aIhQ6ZS5RKJvhZK3Ap +3cgYBVW23CwPtVc+40/t8XqBRRlzbLdfWhEC+FU4f9RHS+DQRFSxl/xXeLtDBH75 +1WbhkRIRTktQxapEDuRFfd02Oeo356/r0TYUQHL4bwYEbTBm+HO1KJn64BCaUMOU +pW881K8SHQaHMr1iiQUpvMkTcofRiQKpBBABAgCTBQJM0uOxIBxTYW5kZXIgVGVt +bWUgPHNhbmRlckB0ZW1tZS5uZXQ+IhxTYW5kZXIgVGVtbWUgPHNjdGVtbWVAYXBh +Y2hlLm9yZz4dHFNhbmRlciBUZW1tZSA8c2FuZGVyQG1lLmNvbT4qHFNhbmRlciBU +ZW1tZSA8c2N0ZW1tZUBrZXlzaW50aGVjbG91ZC5jb20+AAoJEJu4Y7D1G7iKG0YP +/3AweZFnchITlhDdEkozl8M89VZGTBqfU6Rg7mNxL/HDnJRtBBGXmSQ5NLygX+kS +PKci3KRbjbeVEmEcWs/ZfzxN4gR+6y8ohUOaA0UDrZYctYkzG1d7HbkcM1lmvtde +Gelj1j/+eu4LRu5h9oczkqRnWV5xnqz7xsEH9Rrcgm39RpNzFf43Joo25iqdVGk4 +yBVjoHQsnD1qZwdZQ0EHxYozNkGfa6j7VXAzCYVstfRMPGKrYH/xRg2jNy750z/p +apgT3GXbpvcB9Z3gj2LRn+FKLxoH2WLf2DabdzyZz9KXfnG4ZeOd2BrFXexKT2MQ +TqJIzIAmXU2XgXK2fHeofqTcKD63qgbg2EBg2m4/RvRgO81kCuO6Sq5UVhtyYSk6 +X5O/Z3O4WEtyp2bePWC6tP3x/5ks8OlUDF7Rw2AOUCyU96aa/C3MwrV/cJrbESbo +ZJCnSsn0DMj+96J0qsm49N6nj9xo1VPWE1kfl2+K2uW89IBun5/pTDE5C3m9Qvff +HSTMDY37bVwfoCzfNiOUa+BDQLM7gkjATzbmvY6d4UMnXjQ9GKp/v2Nsz+FV8HJ8 +RQI8yvPLI8hbleX0EJpvrUsLllZR76/IWxoNy7J1KiYD7yuqSoa3clCTPw8EVaAF +q5g64uFMHAADsFSWaID8umypkhH0imS8J4XwKPJfnCroiEYEEBEKAAYFAkzSGcIA +CgkQkdPrePiuutNirgCZAZorRS7z/JqyPwb2a4NgRrSSWXkAoIQxA4OqQQNgmJ/9 +rHQqbuJxkfwBiEYEEhECAAYFAlD3wYIACgkQn5i5pTzaZheV6wCfTLPa0d7TcY6Y +9AdwJfDJXqHDUCkAoJzDpnJgn6VIpXnaSQVAFbxre+VFiQEcBBABAgAGBQJPHwj7 +AAoJEKv3lK+rsTuD3AgH/2YNKl+dNEj/vzvQmvsCQTWXf3OycOiMVKj6nwoEGNzC +/1QTXdTZy+8ZaOg+dLoGnHMuj0TdwgjGPiN5uIWeLss9FIr2BkCJusi0sCINDTA+ +l0qduOY+mhvkw0xJ0SueR8Qn+PK7rxQwLVsScyw5n0mrPyt0ws4BZTiVdXglJxvQ +gseXjSGhgpwPKB7OKlpqvu7wyXe8Nnbxj369yJqZbyDZ6I6Sy4FjhBQGN+woRTyV +LlOoHLaIdstQZ6onUc+LpQj9mZuKt9L7AYJS7FBXRnLLeBdN7sghzotI+/SOv3dz +yX1Q1C7OgItTzgMqtfJKpRlnD7FtOhO4XYg+Sonzs0SJAhwEEAECAAYFAk3T3jsA +CgkQLAdUss4GkvPLsA/+MO159xG0ro1RUswS6xJ3xQms60TNsCuXE/Ty3EXWUV/t +KRcP8sHOcqaGkxwx0BHbUWCHiau7u34IRS6sacHHDcNfZDBpkHbqz+/1uTfODsKT +c0wje0PWWO+XUZTgYUTvcg9cmWqCvkEBoaXhoeYnse0E5bUO94h2gvxzMzs50PV7 ++VBK5VAI7o8b+RQ+pO2Roh8AoE8NNAzMLzZ2kg8lPhd0ibtOxR1zq5RVedLKX+hN +/k+Met/PbJb1CqzccFn6VAmrx76zJPwWO4faicU7UC6v07knmEPfBPyHMo3VdRQj +fAOCt4gmD6/29HuzgLgMNQ/jsVgxTSBymormd2LRUPLMpN+QcB+dZqYaSFi0JSA4 +wmWeIqrXT1PDIWL8XzlEelgZIape6gZcXl9/MpI6BC5IpJFDMYcRHBtSw2UO3jXr +uSilM7ly27FJViWtClIn0ZwjC3MHRExkOkc5uiNbR0DitgDIoIhe673y3NV9VphU +oY4vBFyYM9Q3P8RRS/QWqNw6zdWi2NZHLh9g8CMgxxSirSCmk5oVYSeYczL8v2bq +ceOLEUtkcM7wLQ5Vp6ALT1dLoxdIk2EzZ2Dg8kdjxTvh7XbApxe4AQ4CDPRO6Wef +gOgZJ95xVbKOZtGwpVsz7CJiK38k/Nuv7U7SXhBN5gzSn8Zi+v8UMhhrUn1ffpmJ +AhwEEAECAAYFAk3g95sACgkQGFJGyIKJNBe0ww//T5mReFaaKxP6Rt2rp8NTLkRO +lUk7dIrtljMJ54wGAlFk1CEVM2z68iiJXvHebHYOtj7pkq0kj85WzgZ7vjjXL8cW +HDiMY30fYLmzPj5Wu+qJyWmoo33F0pe6bTee0d5SyAaJ5O8UQ2PoXwJfFghp8iCt +jDhwqXMaz1mXOeFP2gVZD3lp32SrCpmBHwsTn8KsVdtmsY1FmFeIoEZCFTj7ct7I +wpjvCZ1GIBLh5iWECiW7uB31IjK5txCxQvs7Vzb7No4wvzxzDLKbF2O5iht+Zf9e +d+JVWnjf4limSDoZI9zo0e1bFwf4ud85UIsDa6kw0rc+VyiUu35+qn4/hg742pEv +c5BRTFfpQGVJno7QlqxWxYUAGDi/axHh279UGu5L0r/0sCnte/YDPupnIvM5cdei +5dpliN6MjZMLF9efLsP40dSUSAFXwMDutISXktWqSpnaSyqVxFgfieLRKCdXeUO5 +6LOBPD6ahw5SJIpr8H5Q3PA0/s7ipH85VLtgmxq4QCkXDdxFG9+Aj7RNjdlmKoBV +F6kPHgQtnYL9wdlvyk+G65FirZKD17N45UqU5Jpe+4fjQVg8rABPYn6f9iBsxrNa +yLECEn1WPjILwUp+afIaB0/Dl6leF/IjtmKQw2geJf2i6J0YbPn8F10c+9r71k+e +23A58eKO0fm2tHrX/v6JAhwEEAEIAAYFAk3iiCsACgkQQPReIWFFn3qvPA/9EDue +G9lfEJgz6BItHbVHC+CwKrBDqORayojJdgJPk7ugUO62iEITA54aClc2q/YK8wL4 ++AhmnCdp/8cQaC/KdyEQt+SHHh0faqnXcdTDPdXCkb4iwhssue+sUyBTAVo1Jwal +HjYGXqcy9AeuSXjnOIWCHeSoy4EMrfUngyTSIRJPgMh6xvDF7QIQx2mD3UPTrIM6 +iQK/TqZgr5VBZwRX+qgv0NERnTRfJoYG45WLrywF3WXa0JSpTjskg4s08U0zkD7r +5l/Rk1Q6teyc9RWEEmxBJhYCpSX/dwdm3cb/pMOMwiQD/m80c3+2r0STGrjjmo0m +5A42CLKWHD/4yL/Iw8e34Fhsu0KJsxZwgM9R2ov0Pm8fnKva0hUS+UPdn4/lEXQr +86RCGHyQrXDg1W70FHxlr+WAaaWHp83MeZ1CnjB3901Sj/L5URn9kHXLqDgo0ZRs +m/3P+S/T7PU9PJM1OWsaTViHsbT8dm1R9/QJq5y+KdcDI9ZlH5teG94bhY0pR935 +JXn5rkm1A7vtDIou4snrE7rg4rEGHFeRUO7NmneKaEH8s/LZmUb5mEh3NoY6NCjk ++z+dUw1IWaavCPZa8EN1PSjYudg6wRXOC7GioczLPSzD3tzS7N0rudOme5YGx/lK +U9XRaYMG2VSGJCuS/imSOkoAyOkMwelPH4GGAq6JAhwEEgEIAAYFAk8IouwACgkQ +xodfNUHO/eBW6RAAio14ecYMboqD3oJgS6RYd0wxPm2pfvyvi9NEYGdqYwZi8feo +GnZE4NeXeYZyHVR+5GHt6XIzwzUOvvZ4J0VN5AA9xnvtIrypScM/Z6OZzDLfq+PE +LNuWePT8XAJYFRFP/ic0y3TPdPixww7ZQTOjgBXgIgDAHCbJ+fAhhi70MkCpTfd5 +AEPJU4PhoXxckhdIx4DorvMlI87RpwZbMaKGDZxWew0eedUpPoGoCjzZ1Gwso7Fd +nCu5deIttEVP+wStiGahMn4VAWI0zjuUU8EpWW0vZ9dpiGQtJReiBzvH7NTYNTCG +MpodlqV9TR3HG2WYjAw22u7wWhat1HB+WIED5hzNI+x8NbnH2IT+3nISvnApzHMz +nIZTrIYyYCatZ3mPr18R/eUUoHjaJSo+IyfokqD5lvSnvogLlOjkPXF0HECBz6pF +SuEZWxw/Y9b0DEofqSdopqYpssxhSMgsbfk9wiAVuO0oAZ187cxlsaeYnxZzVM9z +q0SfwJ3PpiafUvVLTHPC8PWNNRsbsOWZwlhWr4l6LJ8G2owSFODk6+GZ3oHfzRsX +ApqBV5Q78094HusVdcN9eehnnPJREgxVRGmESzHiv9cbV3xXnHVcBlhtYmboUEVz +k1Yg342KeaW5/AWR6xsTAZRE1aJdNcghtYrQj5Fd99XfsN8RUGJ7H8H6r0eJBBwE +EAEKAAYFAk51z2QACgkQ7bjAgqbuaQhjDR/7Bdipk4r53BrRQS3XTzRGVl35RdE5 +0vUc/11pMHkpg6/1HQrVY2msNBDY+R2tUzuvdH1Z1J0Xc0yBQ2WLWW+pORYnnx2c +hVrrVDFTrtwxkvzS98K9ZJ3q8glSYWEh9KgwvUjCcoKE4FO2fy57ZLYKNuzY9PC5 +euEHUR6jFluGPHGD3CweUc49GN+6nfSXnrIzaLHRKanNc2Vv4nIMTXzqoXd3BeHp +8869EpD6oFD0eB0CuS22AuOdYhtPB24ajTbZv+jSHYlUlKZtmFqG+Jba8tmxV73d +j1xlLrtisrQtrQMmaFsK4sWdrI2FasfvjB40x0u1McPf+eH8YiVYqL9pshbDAR6b +qbVazhTGDtEu80WwSTU8C+cuy9QvE4hClhxLBdGFG4/o3ANvsQZz0CetYBUojJEg +6q7K8BoVZ3My2S8UWO23warFkS1UWanpSPu5GD8qaGiMVAaG6gML3lMKb/PbAldl +cBhqSIpB/3gpfuGrE/z+N4r2nQbXAI2G8+4YgTahsuj0775GtzGpZRAZxSsbZDim +l4n6KfNeET2Zx4vY+kbAX4IxyP/fytk6cqBPrG8e/hdVcMl5MdHSVIfX9Z6KzV6V +drED83LNUCrCt7YQGyu7JcBLk4ytXUow+MxnOOpHKaBiq56wmlO5mwfA3UexysI5 +hxogAVm+w9SoB1hPuZKUyfOyd3xP3Ao2p5LVhF84NIgroNZ3HhxZGnb8xMSNjR4J +eeiYJ0Yl0j3O+xWYfrLOvY1GxEevMQbDgMw6WDWaevC4qsp7co/wxSZLi7f2gNwR +i2YPX2Kg3jKoCBuM0HRCZplnZATq7kCROcZKGvm9o0zGoUNKzh3yqU4A3hWOc4kj +TYrqHT5o1yAOFJtGvFixPmZ0L3c4+U4iVt1Pmo5i3AQKq8/qi9OU0F91Rzkf1Saz +zy+lGqFR+RFfoXIinsoTHbZFbCTP0yfW64f93tk7dSTp4M3Z08MSJfnyS7SRH8iR +isJbfJ62DZgA3gc95Sc79qb1p9WAq/JPzNLQaaq92Th823sVCZ0k5EpqV5vLBOtA +7zKns1ByNsTr1EGGnYyLXcJxgxTtP29kHs7Ia2ZKV3QYFgPdP4QseQdvntYkMN1f +cLs1Lv3JiMp96RMSywSF0tp9iMbVJPUu8uBvU4zXlrVAnUFNKcrORxRIkFDp7WAO +LqkI959Mc8Eerb9CWc/Axh94Rla194Zfpp1ExY5KOCnATGEMP1NU8CVCecVukn/f +yzRzNfCO3VbI6qvgKHCmCPwdXQAsHJiCtNgO70yp0zivQWNGtuiU5ar3lfX5neih +UFTZz1j3yM3EHySQIXHZR3OTbTmVgTZ+7Mp6c2AxuOGAdUQ9Cj5DhkOJuokBHAQQ +AQgABgUCV4TFlgAKCRD0ziNk+2lnsgQPB/0c27VXpwGNZTc7adptXsJAuPgNTIcz +upNwovUnJqC5OZnTyF3F0bQw051voZyoS+MuPk+hSG3pPuVFWhmszQaB+9S9yjrD +Yj4UPeucAkYQGNGwTRe1e7lRrmWguEGSUbHxAGLR3VuFgxeY3Tbera2jyI2k5Oxc +uV7xp9zmNCBvje3nzaIG69fHq+vkemMmdmYusrorZ4kXNmM+vNFIzJWxv0KRb4mm +fDaWGQdH2c7MnqMfAjkTYW70Nm4DcI+8XNsyaQvodkmUKONvjCHneoed+0OS/5MU +V+HLxzoX8bLRw2YIR4GxhQaxixkPgvyQWtIcWpsx8NH3o/PVsdPTQtwPiQIcBBAB +AgAGBQJVBs+xAAoJECS2Qt9ZftCVMtEP/15sUVyYjDBlB6+3WlSLuKp5LXr3L1Vb +YFqA4LfNGzDdY9C4XrxE6G1ZdCK/mYqfFeZjijw7ZoFr+O2GSW1/rr/KOrZu8rtx +J1YWjyds3ebBqS7thBMPomgJpqODUTBSxNxpeDMoOT7DYn1b9mQUrKVlqZnfl+R3 +zBCu+sj5U10b9duEOu3w15AHYSxZwFRATMwssGOzpeH46U1YgGiUZpyVF6WfWUuH +GaYkOdS143H4FehIYxiQIoozeSstFACQNKmJ9bOl9cN8qEcVbXCt+6p9sBQoZnYX +znOwLWnylwdzc5ch6RzBoCxYTthUNOAWVPFiK6OpJwtxUZAJG954o3cYIj9fRP3Q +Ie3gplu8oVF3GJBgUnWZSxsEYddxmWLc2/pTtZdIkoT49eflOslfH99ySXWQh/TQ +878FBwugCifQazivlYHY8WmJ6/xRsLXPD5H5vH0dzxZmnDI7UEshyPczYHNYXdsC +QIYstm/zjfm7CmoOR0oPUUIHwpadeaVPh6sbPXq9VU09OcEOibfdWNvsg07MWbuj +knmIV9+zoBUMj76vpBE776/aXoaAeNWUgK05CUMDLOekICevzu81iVxXYHl+46+H +RGZ7XkvOpkkgjbg+M9xId8q3PjzmGYQYr+Lg+6h3TodkGCQdAPYWCwJh0ZzZE3WZ +RPx3Ae/oX7HOiQIcBBMBCgAGBQJUaz58AAoJECsRil+hXzC5S0gP/Ri70XuaPUp/ +/CXmpwoTdIksSCtbXf/RCMYvpRcWlTctLaJVPTHtzMO5zoRvN1M5P6AEZfPcckCo +HlnbHNJFHxoRaGsKTjLUu2r9FzFZ/3QGOOXemMte1B+33nKiRaW+yVlNht2+ZuQa +JB/X1Ieg1n1qkMV3z6jDEkDuDL/w3bCLmc5/fRWYRK79N7rsJmYqIkZj0kBjQGGz +ElDctTq+6yhKHv9pKHbR84c5Yf144TxR+8rMayv6zaBXCYbso1HdYWIRba2Z0yRB +212YMt4kDk1uxVW6Fc8Jn0JWunHF1pbdkvbQBYUxs57kSp54cEUtdMZtowKN/SMU +UCwTcoEDHt2r6P6eOJC1TkOjtHKRNLsjzTmP2398APhXyisr206XCOGDeDO3wODj +pIFkr2gTjGRQKRNy8JHvI1+6KCrLg/eSrkVpsXxzzPaZxUjW4GM0o+XU/8QGNhiw +IFccOmjHBNfSE/suDKkULqLDuVW3RFDdiSd/pIUPTAk331SYWHo1Bh8C3ViJQBkE +kL9zflvdlyHp7dlpiLuQrfD3SAPJdw7liPdJ6AlCoCFv63I9MDAnoZgGhsZHEAwL +PUwrReHmBZCrq4gRux0EOuJsoYZVkW918O/4K0wgC8FqYc7/JYgQkLRNEe0nRrI6 +lcLJuqNwH+NwjyqoUe5uXU3SzUGVCmu/iQIiBBMBCgAMBQJXQVf2BYMHhh+AAAoJ +ECbR5vsOCGsNzU0P/1oBRmDNViNgy6S9FGYCmZnkYKyzmvRPBRbK6hDSCdGgLtSB +AdFv6hVPXprzOty9kZzpupMck8ETdNRL6ar007Vkl137iGc+OfKujh4z9F46iLvA +0INcg9Ei4suAO4NsVYAa7jz6AHorx3gFRRsmLR8AGtLdy+EMoXQzZAQGrMUGyNsY +SwMEsdJeO74XczkmfHpLQiFRAZjv+RHmJe6IUfkWF5iYoX7rDfvz+vKhjASED4Z0 +h3xChou9mX5Ujm7KxGdEiRAYp7TRAqxbpw7mHtgYrXa5wSlCVGCDNnhGQ1ke6LS6 +97kAAyuR5clBQF/owH89VDM+7ETFVkGUVAtjiqzpnA3/YGzWXhOABxDASmWKqXpp +uxkTAcH2+uBxPFrWRkItGTdM+vDZtN0VqCI2lfqZ93RkUKmrKvAEFTbyRaMpPCH3 +pTFS0DhbCeRoyqJxKC5Fo1teqeuTvFGIysnuWC0SNgQDjLB15RJkMX+Qfc3mvqvY +qiX9RM1ni3jf7IhnXljXRu2Yg/QpogjWa1R62EVqyX1EpLpz0AYBWrO6EvYyF1tM +99IFLglvKTwKYhcUb00ujhmobZ0kvakrMaLei0OTeTWScFPRtzeXJLN6Iu5MtOvI +k+FVXfqajUM/R1wwmS2jv8l9k6kgz3xCJKieitZEyeBACAcHN4x4LpDD9cJYiQIi +BBMBCgAMBQJYGMcvBYMHhh+AAAoJEKI41NSYIPRnv2sQAJ12YZnfA93fxOPDcHWn +eTVQBnhAfX62f5Mt2lUGs2ejzqHugznnt7LbYVYGl0e4w01bPVwSEd7Og6IBPR6o +wx9CPr/aW4lKlxDSKFKsBSgjnBEZSos3GjPxPsgyvsgfP/8g1zZ2b873lNvB4wK8 +3VAJ17JB3DhtC/ZpIEiQq7EveSoYKqWr7Av+Vl0vohziDEf+x76Gp/Z29BbQp2Ug +DsUkNTks6/WSYEJnmHoyXrSRkqFKUXN/IXqys+PdtEKfZP7hHUdtxEisvjqnYFgD +bUYNAHoMDceYRP0Y5s0YC6RZ+CuKel70pN30RykLDdoEz7xiWw84ayAZZJCqMUJ2 +9S61rSztouJ6HR1ueZtT4BK6v/PkgjHUYUx/QjKOjBdo/oE5toUw9FTk3Cd6LVxr +I11gRJcM8cMpeeeMrotveIXBvOSBbUDalTlBkXYSq/2+VxdzWdEqUptv8KRAZBfU +lHOsft8o4lNxL7koBJNggULk+INAJcg+NNlp8ufPddYPvxhZTModx99SW6LY/YlV +uhoK7kXPMKzX1yILdGm1g2sFirQnAHNntHVwqvFN4/X3mGY4/jn7ebNGQKr/o05m +vu8iIwOqbEpeERgsaazI01a5S2ICydX9eWU63hx5rG0CIXapjUsbV900MELcB34O +RHqn5dLpfevue863JGUxPGMjiQEzBBABCAAdFiEEr3zKM9T0WtSOOvGE/Sshck2M +1IAFAlsXD4sACgkQ/Sshck2M1ICdkwf/Y6gAIBctZSb5VwXgwZ/9WVa8m+otcNna +Bs/Uf2txmblNHMQb1vaTyRkRpfz/YirxwfpJFoNouZQaf+Bbl/5ll8xIE1/UGeGD +GzXgjXxs+EJy1Lac4voAf191dGJrPGQ+sJsq/FUqk9Hij2A0/nxajh96WIIRZjbZ +mtbRBicNmifojIti2Iw3vCtu5kPMYSKPd4NIkQj6vg68wUhVObHPdO9DdpUQz5Z9 +YDu7fdhg0xespNvAhYWvHBBmWatTTNISRg54ueo8kLCCtXU18ho/2fUWHoyjfno3 +PZBOr95NaDRXnEqT9iYT0ewlVflciBBbKrVWWWEt8ke/NLJHluvbtokCMwQQAQgA +HRYhBEW+vuyVCr0Fzw71w1CgTQw7ZRfyBQJbN4eOAAoJEFCgTQw7ZRfyEtAP/jNN +2+Sg9Rb3pCL92moMiUklNXBWgxXWfan2QnbOifcfJ7loZvC6uvFkM3O0Nnn5Hwa4 +lZ9Nkb6kUFKitEi1FVihOrVmdS86oxN27+71rLc82qSUqY1EkmhfIggdh0hqXYoy +GnUjsiL3LMHQxBmNoEsO88Wf73+Nh0G60eOPFABArA7EmAdciwW+1V3BTGNMTl62 +l9vtc2YBT9QQw+avanSNbH1AXcYcYJ2bIGZ+O/C0aeMskW5ixhFFMoTWmleZUnlH +vB78vtgv1RC4VXyxrJppbHr7/sS/x2R/8lOle3HefDhxPm16yYwlNBkjnCQyp+0B +1QfeTrmMEsQcUnEvc+bH/YaNTdqbuHoQx9QSDfDZ77d6xE7owdfa8jwLVFdcULjn +IVHfxNXJGBgnpRJU1xKCGNoxtf8xuuG1g1I7K/niFwOU6dcAzHseZ+rk04VqZnlZ +PcNW5+ec/yZSl4o1Upm1xI0+f5NuEWA4IC5l91kykCbVCxddlX4qsi/C6GuFlkbG +ss8JNnHG/pvqGS3JXIGDe8DRF1lb3QVSxytq2N+qoQmhDU/GLEhwrOpLu0inUknw +msUBa5pVMeFKd24OqSOQ1v80euEt+YOW9/gVAxE+y9iSD2qonNw88ivjQmdOwJaO +GwCpDc2kU9fomfC4xc/A3pA8Sc9bI+213tgoMSQxiQEzBBABCAAdFiEEAP4HRkFI +6sfyXBjniwh32RvyOqoFAly3Ic8ACgkQiwh32RvyOqoxbgf/dPt1DU5O06Y/acuf +PzJgY8Hvc2k6Hy8T9YegGFjSXLjEkFqaHJ5rhIRUPoLPcgzj7+aLy+bEqzIuSMkl +NJR0Wtp+rn5tqY8Vt+5BJYACTPrbnFTBaYO6KEygqOsa4kSLg7mNEe9eO2q5HyJX +dnCnMnqKRsjq6lGax+BVSGDfuCQZhrYgyhykkfrkHvaAet7KE/iqO9av2btFE0yH +jpe73QUiaacQePfuMyO5WBIXqfkk1SPEtHn44elF5KGscdMB+VvCo2aMdBXgMAUL +9/EXP1cimnJp5vbEYF+x2M+bp+NTPTqiwuDb6ENDqDdmCIDjFgqM7EgsnpBcC+Q5 +WNrZLbkCDQRKtA7pARAAwjRJMLOWK6AZm7vO/PV39NOoE5eS8w/x3bd7AKfYgnz4 +LnDvpe1PsW6NVx0zCUMBFX0vkcd0W2i2ERvoVOxbiS0Af+TWggzUbqsOSh8kLSVB +/s6POCKqnzMxvGjknR4Ncq9sSh+EE5oEDjQbv1tMRGZma6Ok42DcJJNqcFytsriJ +mT1DsvpitahfFpt4U7ZDxPhRUjRSGnhw6Expsf9EYrvyu3TSU6wtE5UaZ9iunetM +wed2GE3PtA2Eg8gdBbqV4gMf/lxBp90O3jYtgVesOdL+a+dUD/M6bYhX5THxSjQH +1fMUuTLXkHffGEuaqnfyz6N4EuRxT0Gki9JN0Uwpb+30DR3GRapr9DlqYses5tp6 +WMYarEwxnkmudv7l3oVVxeSbm2BYnzEi6WxlWana5huYa9nMnMbIxYmNMyTmkYrZ +jfyVmzhi4sK3DeLpCjchZ7RRuYz2hZyXcfax38iTXhfXIL/SZWXhcSelqiAIZSjr +h9yvP6ctEjxOmThX0aNGFMb4duSv7IjnDy5utd2jscmO2H0PDBNr4J+yNJgLYPWp +vmBQ2mxqo/N/aHcGXc2b9k9plB58mxUyRQbjFhlimLLWA0unmRJobqWz71CpA7oP +5jvoHaPqUihfWEugzOUbQnUzSauDWWOdMqQW+UUo/iDRz6HCKdlfww0288krLusA +EQEAAYkCHwQYAQoACQUCSrQO6QIbDAAKCRAQwBxaL2BZ5y3tD/4t+KCuXBNi5alB +CExHEzveMdRF9FJrSqJEX0NwGFivF3hQ/HJkrcu9oTJC/tXNFf/+EHOd0lMiyFl5 +PBSlhe4XS988rgapUW+ee9tQmAt+RgP40fdKdJNb6+9NYGmrdnDUzlQtP+h/XBOc +mF0/szK/U0oigg8DjYYUm5gCWXOl9H4LJgg+yOcVCOVa4oTf1sdAmQba1xlMhOIY +BWmEhqbWZpGOS59XvpyNfOQXWu26S8HACBqyPZ2LVV4H+9cmxinTz7RX1yKD17nL +Z/fTOzZ1gYTbhg5rNmFpDgu3nlgU8SpGQ1kd70ZkcudgehsUe1EpPyl7O8qhj5H0 +/3OAmRXzrq2VF17gtz7zpntA0JqsBMbSaK5qBuBcurLhBT634WDIoE8u5Em1Uwjg +TI0Cx/lPxRTbIb4PfjP2b2ik/tJaUbwUrhuZ4LAtGztMVrF4W+qnx9oed4OFXMBb +wgS+SH6oAHlGwpxhhzXBlqZsHXm+w+2oazWUhxFFGEe5U245GEtNf0AznBMDWTqg +0SCVEDjlKt+e9tVXkTpHYWZjGbRZbEHkCbFqKhq0KP5BGInFZTFToI5jjszmuX0W +/yKpRpQZ+GuJnt4VrYSy7TMvjjhIpuhDY57VUwUIkz/2Kq8Vg2wpGg+29nvcGOTd +yZUcTCEB33B2jQ9z0XUEp+6B2F5iZQ== +=4AB7 +-----END PGP PUBLIC KEY BLOCK----- +pub rsa4096 2012-05-08 [SCEA] + 5C3C 5F3E 314C 8662 92F3 59A8 F3AD 5C94 A67F 707E +uid [ultimate] Christopher Schultz +uid [ultimate] Christopher Schultz +uid [ultimate] Christopher Schultz +uid [ultimate] Christopher Schultz +sub rsa4096 2012-05-08 [SEA] + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBE+pgz4BEADd7qAWgqXcNltlB3aow0UneRmNSVjHKgekgs0ZXxG9l50Athks +r/3bL/ygbxFB00JcM9W+UxLhKHiMSyzfeBHn9l9wAlLFKs0S91KXTUnRwGFtvgst +vGROoqPgTVREklnmyW/KpzOwqSrQ5xHcogaT+XWlXmRbtFypi52Z5HGWlFWWgwx0 +vKBWHmQayPtCif0v1RDxfdV9zziodn0TnpfBQsEgf9TDAjkNT8f0ecwTnhSihTDm +1W5HCK7Pm5DfUtree1Oh6Ncz2ljlUO0b3Lai9pX48eZOj7WQXPefkcv2AoUvdELk +QKw3klM5YNXbXPf1KAjky+q4DQ1ydD6LkK+9cI3STeMesTlk/tytOsaN2NH2k87s +EpcumbH0AcmPFEnIYUfm4KzWdKlYA6mbV3Pk3tHSuayyJovjh/7Y7BG9p2l7D60r +49hzrTPG8VxNkSliNLcSjI3QjYpfhSlqmqXyVKzdzirK1HPr1xfJStigRpLP9nWa +rZjoXng9N0etGwtH/8roeDPYA8x9ba1KXy/1g/i+RLx2ms+rueCpnFZxU3GZNUSp +RfpdUbwCN3Zm1w5Z6SI8X2aSnWWeYzU6HMsV+P4PROnFsgxDeOpyWhyEaaVLXQtO +YwcHneHbn56vSG50TkAuHs5kk/3/YDPSsqjsUPOuhKgFMh3iqMTh5DMdSwARAQAB +tDJDaHJpc3RvcGhlciBTY2h1bHR6IDxjaHJpc0BjaHJpc3RvcGhlcnNjaHVsdHou +bmV0PokCOgQTAQgAJAIbLwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAUCT6mETgIZ +AQAKCRDzrVyUpn9wflkxD/9IsahRqHTV/hH5nuPqVO692cQqHvPtMPO6lDb4909V +N5T1i+1hFr80P0KVDL6EI78lDBJ2TThWI0o5vFdmsRlei59wsgTvkKTph5QwwOWl +7OyzUDX3WbKhkNQdGf4I+/g/1s2bHaRoG30ELdL7cwUPCPrW0KQwBy7Rtr0Wbduj +KOw9b/UcgyXEOE1wNcorq/E1o5/6BRYIcFQOO4sjHjGcChOpSg5ms4zbs+Xv3gOt +LrbmOPRTXdvBxwJA6kkfQFHvI42kXYghTdqhBVPnHYPqUeavRsb+Yz3ghkZhj35i +GfaGyXNwFBikCYjzIaj44NOkT1pU50MgIbjSJ+xoHnC20T942kekqp6wzqUM19Pa +9ohsEdA1Sf6/A7RmpZRrxSIY02ZVnGccnVjglnylVcnxrNAZC3ebxCeZPQ09FBR0 +Uqlsrdt7A3hlEP2FaoMTSa+hYqfWBGB7uZhcJZIsZspxm8J0txeOzYNSFDl7mF13 +4ShRsq6dpSugCdcdeSWKliBzq0U8sIabOFLMxM0hbwkn2RG4OaurJLWXQf+7IhA/ +J8TizjkbdxLmR2PiTiVtrx484mpWpbF8po/em0q/reFnL+JtOM6qlJE/Q4B6Pfkc +hhU5vKPfmGw98t9guyw5G8YSR1rR+SOowHg4T/i2Rezz1idKmoFpPdNFRPlOAC+d +67QpQ2hyaXN0b3BoZXIgU2NodWx0eiA8Y3NjaHVsdHpAY2hhZGlzLmNvbT6JAjcE +EwEIACECGy8CHgECF4AFAk+piA0FCwkIBwMFFQoJCAsFFgIDAQAACgkQ861clKZ/ +cH7G3w/9E5VNELFHPVnfyel41FINbXBR0XzP2A2OfFyDIM3HHPm3AT/AMfxMpUc1 +5NJZTYBX8y8/m56fBNp9+Me5HswU6SJ3bQQ16aHtwW4/cXkwShEkzLbFstABXPIv +eQXexyx+4F7EJa1zPqSt4ZMT4QYrybKvrIsnJ8dnyxy1BU5UoZe43vnkK8jxG0j8 +ZiJh9rYKcz+Xg3FeTwBK5laERQ60CldYELSjOD65unrJHmUmgDhrrnzT/8kkP7D0 +ETD40MMvAq4xfTk4QrXbELiMl6I9yfYgssnWBMRk7Gi7zwgG+Vdh7/ysdfqkVQHB +55SdC7akSelReq04becUe2L6TGVkqDKgrgfaoFwvie5hBSBdiB8QyX51wWeVDp8X +a25zRGdLiNvkkezNxEln/eRFZZc6QVuXqflNu+GqCF4EGGtRMsabzUbi+kGI/moG +3+ikyzIXUvmfrlzryv7ViTQ3/qLfMyBGwMrNdqyB66l3TOWJtK8r8C6GCinhaHU2 +OiYeCesG2Sc/Od8qWQbJu3o3vBohjF3cUpz2NUi7wrcT6jQmG8LGFwfpiT2xgpiW +OJkK9eMOym/GJhzFf5ruE5vBtoy46xZFaMknaBDOvqEmMCjbiVslg7cLQUROiW+4 +rRBgIdkOnwLytNqb88dyHPAnfM0fvdG9imhujADohG5RWxqa5MS0KENocmlzdG9w +aGVyIFNjaHVsdHogPHNjaHVsdHpAYXBhY2hlLm9yZz6JAjcEEwEIACEFAk+phHAC +Gy8FCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ861clKZ/cH4C+g//bLtwxjk7 +oEqfYnLWzPGMzrOayaQzL2mSwrLkTiWbaK/C/Hcv8BPNic9eXYNEZRIinmSjdF0y +qNZDinjAEGAcj1ktIk3bnCZbinYkDf62G5JqCEFlolOZ0QUl8mINfU0g82LwcIq1 +mafRaRDaemyfxxSIdU31Kc7lRUEAIM7Lm+5q2ItsouVmk1x2qkkUYcF1YqndkDpe +lAxVwOI3qYrQuPiSgMlOWIx7u1ds1Izyo28PJ+/9Xm2vy5O1z0QmZCEjFRo0kDyU +tyKOAB9NSIDOWcFOIo6Q3J5L92WrtKxgQQtrvB9b7rgUHr7o7LIzwZUf66wfalB+ +8ieLnJl6HWWEIEDIxDN7Zac21JnXjpUKQR1Pap6pLKXn2tGTaZMtXwudHOQ+1Es/ +dr4KjKZJyszYcp5w27sLy69Hoxe0JDunbiYFOPVkV3YCJ4p9MNoXd1gxhgpSAwmU +WSAH4AdDeV5SYPCNlfnBQS5TJw+lfDuMMPxjDt4caDAOR8yFMOI7s6jbWfSHFq4X +qVRPjoRw6iwSOzudLGu83WLfhLT7bHA3wnYKznHU/zIYwIGi9kFeg2r7HLhdRcXo +oWD2KINPzRJNV4iLLHE26aW9lJiH/N138LBjTEwst/3I+61BpVEm8efED+a3ZoLE +8xWQtwrC1WYev6URqo/W/dXzjkVa8V0jM+i0QENocmlzdG9waGVyIFNjaHVsdHog +PGNocmlzdG9waGVyLnNjaHVsdHpAYWx1bW5pLnJvc2UtaHVsbWFuLmVkdT6JAjcE +EwEIACECGy8CHgECF4AFAk+piBUFCwkIBwMFFQoJCAsFFgIDAQAACgkQ861clKZ/ +cH6ZOBAAuhvgseU3EZjXdCRnJDOJhgpsUbjnTnKHAKc/xxdFlRyJuKIg7zn/ZjND +rycwi5DXXZeeor6FpxaBFu2QbHuAnRkHSGwhU7DS/BpXHcOGtYVptyaPVZ1ARoDD +Wo1n20e5f5lDuBRmszYp4CX6ISgPN0EWVSrsGMP03FXH7DNEd0nqF4O7L82J9ay9 +rIlvDOWBI9hN7MSAT+JXPdbE20ouWaQWkAFxiXgnhLbfXEqLE/T85SKD+QrNKcU8 +msy+liEheAZPBtHJs3LoEn6MAYVbUYD7U4BELBus9VlmkCkR7bn1mSJXdQAWkVMF +AmG6HfbY8p6oZPbKYXkMWJOnOXSG7jWlslvJ4oX8v5omKE8IANRMOaKtxqRQkezn +0i/f892ug5hAGHGUSQ4e+C8fWnyf6ryUzij3sVlI42KcIHRO39kGrzOo3Hv2Y75c +c6xtkkaPiF7+RJd1uegVABUbs7xVdYRCInWwQqQyybwkhUhL6H9hlTTq2E3bf7YW +8Q7fd8j7Yqw7geG7aLgpsqieX5rmNmieFnKln5r7DeRAVu0PnlHAkEsqNmluh3th +KJv1RbOK28SW91425OrRI6G/5DVXRhbsXOFfi6tEAn3kVe2lg/gMu/QsBCfvVx3j +SiyipbhUGZ6GAsyGanTT4Bk0HQ7zjYaevMjFE8M7cTR79O7P25G5Ag0ET6mDPgEQ +AMxCLVac73IGQfn2lFoueJSaAPBp1cVxHjkGPu8JPz+YvRrS9FFVwud49hfOwQ1V +xmpSoFYxFXTWNwssfnSdqLOuYI8XemStfM3Oje2GQWdNFzVPZ08+VyJmcx5+FZnl +2DEKyjv/fNZwjT5VeglXYBoPcJdSI+UofEkk2/JFkqNZ4Mfl1+MiTVG30od9sjD1 +RiO2XKGS5vYHYEzjp7hJHnhrP5T72DftQr/2Lb5D8m0jklknR8SFVOCJKOleyJDN +Wpo3cCn6HoPgi4WbG2O1SwM1bRr2hec+K7SbQn034W2A9MEvGnxAXL7HsNR3bWA0 ++QCaqI3mQRg7mOyQoAC3Nxwst+Gc5PpotasL65uYvwgTLiL48QdjJM4R0DVA9tH8 +3UXKCIMOCSM26mS5TqVRXoQ18yk/4eb4flL+7Okc+YD+YtEZHIIcNNJkQb7jfJqU +Jy7eIWC9tnDYf7ZNCxcXWu2Wj3obu7oOBORRAdCH5tSldfD+yqX7vLYki8+65fvs +e96OLr+G5NWZ4zv4xbMdCixsKlcUdu+mSMLFeFqS2LyeX0dJKqnf0zilxkhANHhs +Vk3m/3zbZGHpkVaGrAdfq6o4f0c9KdtKPHpZKg4ac84azDcxDGJC8kru56Vgnllu +DXetPe/jhvQQizvp3RpgHLqXbuljBI9lJVrEMbgmAj4LABEBAAGJBD4EGAEIAAkF +Ak+pgz4CGy4CKQkQ861clKZ/cH7BXSAEGQEIAAYFAk+pgz4ACgkQHPApP6U8pFju +lg/9F5QBuA+BsM87jn4ewxunJvyNL5gEhCZGOYIUrVuBlG2KLIEv27co/2D1s1Ye +B1jL7gOmGCgrs/wjN4d+HUduV5h6lHTsiTgpzCd6bHb+WLMrYJxHbyDWQC5Q3QV9 +xrH8rYEtCp1YwHPdi3yTsRwLGX+MxN0lNvBTF+4woHqjt2K75B7GfHc84MN0GE9C +dzXGH5H5WwzwVwQxq73VLnmv8Ohde6XLXUXbe4xNyYixathfXoVzkrCMHnFJalWI +gkbsW5Q+HCeoCjJ9MvM5ZVuBsiG3//pjS5KSqDD2J6bQ73BKI5bh7cG5EnxeQMIC +W5uqX7PWtr6RgVZKPnQVxoeP096jWMXhhALCNKbBCbtxGTfXWL/2Tm+vQ1CeksBC +qfy+5VOwvB6C8fzKSrbiTvTkubrgIXQUohqn2jfcz9jcT10sJ3sVStnscv4ebFHr +w7JwRB5ssXuRkUqyIpcooy7ZWIatluxveaaMSBWbiw2/fEfu1UfWJfbjmepEQSZs +6fV9qAfDAx6CnuEBLokcf+fwzcQfItkKE1jfwX5bk0n1aTua340l5WlLhTp6Lga1 +nZm2gXYPuO5uCBhM9dvWXX/sviEnsUOj9emWNaGMWJW0EmhMJNPkyeAdArrzB8Dx +d0gx9i3kcfpitjr8J1bpb49vlnVv6yFYMIcGypgS4+NEflKuMw/+IkcSeTxdcp48 +UaaNyM6f2a2Fqz4LQYNI1GfA3ZQIkRwhRj6XHCvEbwVl5rcxeF0LFd/WjwanBN1u +iHE5yDKw4upp6nmpaX4lKvuERjX0RTfcLYFYmS8vxUVou+pPr6PyZqe/yvSW5Rl+ +PA9iS/RV9MOT15KROGm5mNTgEkFIsKCeJ9WrMcBKJ0mlnmGyO1+SKnb3rxsn2HUp ++FRMsHa2BrVo7FpWfwz6Hz8LCG0FxmOqPsIPZQwJNi9p1U2tOV7sjqKFD8Ciw9Fq +yziMS5nG1b/7YCRtN/7iOIg4rUqH0yp6cxPsXaXxSMsNTG/DzuFiYtIKR5pi1Gxv +ADC0vvMEgxcCAOE10BcvbLl18y7rszC/huYfTKOQ+quR7CHufZYXcJO6BD2SdTVi +3y2r0xDUIOTm0tmE9SmhbJBccYLXFNGgcrQMU45IBkQfFLp15TSXgrkyAFMV8ONT +/d1eCoYoHOXRDhtZBA6KtHQJQBOwGy+lc3PxqPlMIr7VIpd7FwAzsjPT0yYyzZ8n +vtldMsEJ3CdQBurMSAqTys7/KGD+scLqxLipxfAwFhBxME/hW9u+yHb9b/LjBr5b +aXKHu6JRNDvk0VLTBMLRKeIOJvMptaySP8n8F7R5EvEHFQQPS0anFhJ2tVT5U9aZ +NwUqv9cUGhf+Di0nAX1diWxfd7DdEi8= +=6zfV +-----END PGP PUBLIC KEY BLOCK----- diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/aacli.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/aacli.sh new file mode 100644 index 0000000..cad1f70 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/aacli.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +declare LOCATION + +LOCATION=$(dirname $0) + +$LOCATION/runclass.sh -Dnet.shibboleth.idp.cli.arguments=net.shibboleth.idp.cli.ResolverTestArguments \ + net.shibboleth.idp.cli.CLI "$@" diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/build.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/build.sh new file mode 100644 index 0000000..bd703f9 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/build.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +declare LOCATION + +LOCATION=$(dirname $0) + +$LOCATION/runclass.sh net.shibboleth.idp.installer.impl.IdPBuildWar --ansi --home "$LOCATION/.." "$@" + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/dumpconfig.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/dumpconfig.sh new file mode 100644 index 0000000..3591267 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/dumpconfig.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +declare LOCATION + +LOCATION=$(dirname $0) + +$LOCATION/runclass.sh -Dnet.shibboleth.idp.cli.arguments=net.shibboleth.idp.cli.DumpConfigArguments \ + net.shibboleth.idp.cli.CLI "$@" diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/issue-access-token.bat b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/issue-access-token.bat new file mode 100644 index 0000000..8c84d60 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/issue-access-token.bat @@ -0,0 +1,4 @@ +@echo off +setlocal + +"%~dp0\runclass.bat" -Dnet.shibboleth.idp.cli.arguments=net.shibboleth.idp.plugin.oidc.op.cli.IssueRegistrationAccessTokenArguments net.shibboleth.idp.cli.CLI %* diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/issue-access-token.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/issue-access-token.sh new file mode 100644 index 0000000..2419aab --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/issue-access-token.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +declare LOCATION + +LOCATION=$(dirname $0) + +$LOCATION/runclass.sh \ + -Dnet.shibboleth.idp.cli.arguments=net.shibboleth.idp.plugin.oidc.op.cli.IssueRegistrationAccessTokenArguments \ + net.shibboleth.idp.cli.CLI "$@" diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/jwtgen.bat b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/jwtgen.bat new file mode 100644 index 0000000..8dd753f --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/jwtgen.bat @@ -0,0 +1,4 @@ +@echo off +setlocal + +"%~dp0\runclass.bat" -jar %~dp0\lib\json-web-key-generator-0.8.2-jar-with-dependencies.jar %* diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/jwtgen.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/jwtgen.sh new file mode 100644 index 0000000..d7b97b7 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/jwtgen.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +declare LOCATION + +LOCATION=$(dirname $0) + +$LOCATION/runclass.sh '-jar' $LOCATION/lib/json-web-key-generator-0.8.2-jar-with-dependencies.jar "$@" \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/keygen.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/keygen.sh new file mode 100644 index 0000000..7e4ad7a --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/keygen.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +declare LOCATION + +LOCATION=$(dirname $0) + +$LOCATION/runclass.sh net.shibboleth.shared.security.impl.SelfSignedCertificateGenerator "$@" \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/lib/json-web-key-generator-0.8.2-jar-with-dependencies.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/lib/json-web-key-generator-0.8.2-jar-with-dependencies.jar new file mode 100644 index 0000000..c697d8a Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/lib/json-web-key-generator-0.8.2-jar-with-dependencies.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/mdquery.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/mdquery.sh new file mode 100644 index 0000000..06c64a0 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/mdquery.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +declare LOCATION + +LOCATION=$(dirname $0) + +$LOCATION/runclass.sh -Dnet.shibboleth.idp.cli.arguments=net.shibboleth.idp.cli.MetadataQueryArguments \ + net.shibboleth.idp.cli.CLI "$@" diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/module.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/module.sh new file mode 100644 index 0000000..a0b872a --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/module.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +declare LOCATION + +LOCATION=$(dirname $0) + +$LOCATION/runclass.sh net.shibboleth.idp.cli.impl.ModuleManagerCLI --ansi --home "$LOCATION/.." "$@" diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/oidc-clients.bat b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/oidc-clients.bat new file mode 100644 index 0000000..e427988 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/oidc-clients.bat @@ -0,0 +1,4 @@ +@echo off +setlocal + +"%~dp0\runclass.bat" -Dnet.shibboleth.idp.cli.arguments=net.shibboleth.idp.plugin.oidc.op.cli.ClientManagementArguments net.shibboleth.idp.cli.CLI %* diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/oidc-clients.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/oidc-clients.sh new file mode 100644 index 0000000..b6b6b35 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/oidc-clients.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +declare LOCATION + +LOCATION=$(dirname $0) + +$LOCATION/runclass.sh \ + -Dnet.shibboleth.idp.cli.arguments=net.shibboleth.idp.plugin.oidc.op.cli.ClientManagementArguments \ + net.shibboleth.idp.cli.CLI "$@" diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/plugin.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/plugin.sh new file mode 100644 index 0000000..bed28d8 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/plugin.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash + +declare LOCATION +declare NO_PLUGIN_WEBAPP + +LOCATION=$(dirname $0) +NO_PLUGIN_WEBAPP="TRUE" +export NO_PLUGIN_WEBAPP + +$LOCATION/runclass.sh net.shibboleth.idp.installer.plugin.impl.PluginInstallerCLI --home "$LOCATION/.." "$@" diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/reload-metadata.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/reload-metadata.sh new file mode 100644 index 0000000..381ee3d --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/reload-metadata.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +declare LOCATION + +LOCATION=$(dirname $0) + +$LOCATION/runclass.sh -Dnet.shibboleth.idp.cli.arguments=net.shibboleth.idp.cli.ReloadMetadataArguments \ + net.shibboleth.idp.cli.CLI "$@" diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/reload-service.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/reload-service.sh new file mode 100644 index 0000000..b572187 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/reload-service.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +declare LOCATION + +LOCATION=$(dirname $0) + +$LOCATION/runclass.sh -Dnet.shibboleth.idp.cli.arguments=net.shibboleth.idp.cli.ReloadServiceArguments \ + net.shibboleth.idp.cli.CLI "$@" diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/runclass.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/runclass.sh new file mode 100644 index 0000000..807fbc3 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/runclass.sh @@ -0,0 +1,57 @@ +#!/usr/bin/env bash + +declare LOCATION +declare COMMAND +declare JAVACMD +declare LOCALCLASSPATH +declare LIBDIR + +LOCATION=$(dirname $0) + +if [ -z "$JAVACMD" ] ; then + if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD=$JAVA_HOME/jre/sh/java + else + JAVACMD=$JAVA_HOME/bin/java + fi + else + JAVACMD=$(which java) + fi +fi + +if [ ! -x "$JAVACMD" ] ; then + echo "Error: JAVA_HOME is not defined correctly." + echo " We cannot execute $JAVACMD" + exit 1 +fi + +if [ -n "$CLASSPATH" ] ; then + LOCALCLASSPATH=$CLASSPATH +fi + +if [ -z "$IDP_BASE_URL" ] ; then + IDP_BASE_URL="http://localhost/idp" +fi + +# add in the dependency .jar files + +LOCALCLASSPATH="$LOCATION/../dist/webapp/WEB-INF/lib/*":$LOCALCLASSPATH +if [ -z "$NO_PLUGIN_WEBAPP" ] ; then + LOCALCLASSPATH="$LOCATION/../dist/plugin-webapp/WEB-INF/lib/*":$LOCALCLASSPATH +fi +LOCALCLASSPATH="$LOCATION/../edit-webapp/WEB-INF/lib/*":$LOCALCLASSPATH +LOCALCLASSPATH="$LOCATION/../dist/binlib/*":$LOCALCLASSPATH + +if [ -n "$JAVA_HOME" ] ; then + if [ -f "$JAVA_HOME/lib/tools.jar" ] ; then + LOCALCLASSPATH=$LOCALCLASSPATH:$JAVA_HOME/lib/tools.jar + fi + + if [ -f "$JAVA_HOME/lib/classes.zip" ] ; then + LOCALCLASSPATH=$LOCALCLASSPATH:$JAVA_HOME/lib/classes.zip + fi +fi + +"$JAVACMD" '-classpath' "$LOCALCLASSPATH" $JAVA_OPTS -Dnet.shibboleth.idp.cli.baseURL=$IDP_BASE_URL "$@" $SHIB_OPTS \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/sealer.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/sealer.sh new file mode 100644 index 0000000..1f09ed0 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/sealer.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +declare LOCATION + +LOCATION=$(dirname $0) + +$LOCATION/runclass.sh net.shibboleth.idp.cli.DataSealerCLI "$@" \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/seckeygen.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/seckeygen.sh new file mode 100644 index 0000000..67b22f9 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/seckeygen.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +declare LOCATION + +LOCATION=$(dirname $0) + +$LOCATION/runclass.sh net.shibboleth.shared.security.impl.BasicKeystoreKeyStrategyTool "$@" \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/status.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/status.sh new file mode 100644 index 0000000..ddbe171 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/status.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +declare LOCATION + +LOCATION=$(dirname $0) + +$LOCATION/runclass.sh -Dnet.shibboleth.idp.cli.arguments=net.shibboleth.idp.cli.StatusArguments \ + net.shibboleth.idp.cli.CLI "$@" diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/update.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/update.sh new file mode 100644 index 0000000..42e7699 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/update.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +declare LOCATION + +LOCATION=$(dirname $0) + +$LOCATION/runclass.sh net.shibboleth.idp.installer.impl.UpdateIdPCLI --ansi --home "$LOCATION/.." "$@" diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/version.sh b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/version.sh new file mode 100644 index 0000000..6a49ceb --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/bin/version.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +declare LOCATION + +LOCATION=$(dirname $0) + +$LOCATION/runclass.sh net.shibboleth.idp.Version \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/access-control.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/access-control.xml new file mode 100644 index 0000000..4b1a63e --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/access-control.xml @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/admin/admin.properties b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/admin/admin.properties new file mode 100644 index 0000000..efda4ce --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/admin/admin.properties @@ -0,0 +1,89 @@ +# Configure properties controlling administrative features + +#idp.status.logging = Status +#idp.status.accessPolicy = AccessByIPAddress +#idp.status.authenticated = false +#idp.status.nonBrowserSupported = false +#idp.status.defaultAuthenticationMethods = +#idp.status.resolveAttributes = false +#idp.status.postAuthenticationFlows = + +#idp.reload.logging = Reload +#idp.reload.accessPolicy = AccessByIPAddress +#idp.reload.authenticated = false +#idp.reload.nonBrowserSupported = false +#idp.reload.defaultAuthenticationMethods = +#idp.reload.resolveAttributes = false +#idp.reload.postAuthenticationFlows = + +#idp.resolvertest.logging = ResolverTest +#idp.resolvertest.accessPolicy = AccessByIPAddress +#idp.resolvertest.authenticated = false +#idp.resolvertest.nonBrowserSupported = false +#idp.resolvertest.defaultAuthenticationMethods = +#idp.resolvertest.resolveAttributes = false +#idp.resolvertest.postAuthenticationFlows = + +#idp.dumpconfig.logging = DumpConfig +#idp.dumpconfig.accessPolicy = AccessByIPAddress +#idp.dumpconfig.authenticated = false +#idp.dumpconfig.nonBrowserSupported = false +#idp.dumpconfig.defaultAuthenticationMethods = +#idp.dumpconfig.resolveAttributes = false +#idp.dumpconfig.postAuthenticationFlows = + +#idp.mdquery.logging = MetadataQuery +#idp.mdquery.accessPolicy = AccessByIPAddress +#idp.mdquery.authenticated = false +#idp.mdquery.nonBrowserSupported = false +#idp.mdquery.defaultAuthenticationMethods = +#idp.mdquery.resolveAttributes = false +#idp.mdquery.postAuthenticationFlows = + +#idp.metrics.logging = Metrics +#idp.metrics.authenticated = false +#idp.metrics.nonBrowserSupported = false +#idp.metrics.defaultAuthenticationMethods = +#idp.metrics.resolveAttributes = false +#idp.metrics.postAuthenticationFlows = +# See admin/metrics.xml for other configuration + +#idp.hello.logging = Hello +idp.hello.accessPolicy = AccessByIPAddress +#idp.hello.authenticated = true +#idp.hello.nonBrowserSupported = false +#idp.hello.defaultAuthenticationMethods = +#idp.hello.resolveAttributes = true +#idp.hello.postAuthenticationFlows = + +#idp.lockout.logging = Lockout +#idp.lockout.accessPolicy = AccessDenied +#idp.lockout.authenticated = false +#idp.lockout.nonBrowserSupported = false +#idp.lockout.defaultAuthenticationMethods = +#idp.lockout.resolveAttributes = false +#idp.lockout.postAuthenticationFlows = + +#idp.revocation.logging = Revocation +#idp.revocation.accessPolicy = AccessDenied +#idp.revocation.authenticated = false +#idp.revocation.nonBrowserSupported = false +#idp.revocation.defaultAuthenticationMethods = +#idp.revocation.resolveAttributes = false +#idp.revocation.postAuthenticationFlows = + +#idp.storage.logging = Storage +#idp.storage.accessPolicy = AccessDenied +#idp.storage.authenticated = false +#idp.storage.nonBrowserSupported = false +#idp.storage.defaultAuthenticationMethods = +#idp.storage.resolveAttributes = false +#idp.storage.postAuthenticationFlows = + +#idp.unlock-keys.logging = UnlockKeys +#idp.unlock-keys.accessPolicy = AccessDenied +#idp.unlock-keys.authenticated = true +#idp.unlock-keys.nonBrowserSupported = false +#idp.unlock-keys.defaultAuthenticationMethods = +#idp.unlock-keys.resolveAttributes = false +#idp.unlock-keys.postAuthenticationFlows = diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/admin/metrics.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/admin/metrics.xml new file mode 100644 index 0000000..7ac0735 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/admin/metrics.xml @@ -0,0 +1,147 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/config/shib-idp/conf/attribute-filter.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attribute-filter.xml similarity index 99% rename from src/test/docker/shibboleth-idp/config/shib-idp/conf/attribute-filter.xml rename to src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attribute-filter.xml index 7885c58..e87595f 100644 --- a/src/test/docker/shibboleth-idp/config/shib-idp/conf/attribute-filter.xml +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attribute-filter.xml @@ -13,11 +13,12 @@ xmlns="urn:mace:shibboleth:2.0:afp" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd"> + - + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attribute-registry.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attribute-registry.xml new file mode 100644 index 0000000..133930b --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attribute-registry.xml @@ -0,0 +1,29 @@ + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attribute-resolver.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attribute-resolver.xml new file mode 100644 index 0000000..dd5545f --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attribute-resolver.xml @@ -0,0 +1,78 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + %{idp.scope} + + + member + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/custom/README b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/custom/README new file mode 100644 index 0000000..98977b0 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/custom/README @@ -0,0 +1,9 @@ +# You can create custom attribute mapping rules using +# simple property files stored in this directory tree. +# Spring property replacement is NOT supported. + +# As an example, a default SAML 2 rule for eduPersonPrincipalName would be: + +#id=eduPersonPrincipalName +#transcoder=SAML2ScopedStringTranscoder +#saml2.name=urn:oid:1.3.6.1.4.1.5923.1.1.1.6 diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/default-rules.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/default-rules.xml new file mode 100644 index 0000000..298b976 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/default-rules.xml @@ -0,0 +1,30 @@ + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/eduCourse.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/eduCourse.xml new file mode 100644 index 0000000..96341c3 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/eduCourse.xml @@ -0,0 +1,57 @@ + + + + + + + + + + + + + eduCourseOffering + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.6.1.1 + urn:oid:1.3.6.1.4.1.5923.1.6.1.1 + Course offering + Unique identifier for a course offering + + + + + + + + eduCourseMember + SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.6.1.2 + urn:oid:1.3.6.1.4.1.5923.1.6.1.2 + false + Course role + Specifies the person's role within a particular course offering + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/eduPerson.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/eduPerson.xml new file mode 100644 index 0000000..115967c --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/eduPerson.xml @@ -0,0 +1,309 @@ + + + + + + + + + + + + + eduPersonAffiliation + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.1 + urn:mace:dir:attribute-def:eduPersonAffiliation + Affiliation + Zugehörigkeit + Affiliation + Affiliazione + 職位 + Affiliation: Type of affiliation with Home Organization + Art der Zugehörigkeit zur Heimatorganisation + Art der Zugehörigkeit zur Heimorganisation + Type d'affiliation dans l'organisation + Affiliazione: Tipo di affiliazione presso l'organizzazione + 所属機関における職位(faculty,staff,student,memberなど) + + + + + + + + eduPersonAssurance + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.11 + urn:mace:dir:attribute-def:eduPersonAssurance + Assurance level + Vertrauensgrad + Niveau de confiance + Livello di garanzia dell'identita' + 保証レベル + Set of URIs that assert compliance with specific standards for identity assurance + URIs die eine gewisse Zusicherung für spezifische Standards des Vertrauens beinhalten + Un ensemble d'URI qui attestent la conformité selon un standard pour les niveaux d'assurance d'identités + Un insieme di URI che asseriscono l'osservanza dei livelli di garanzia dell'identita' + IDの保証レベルに関して特定の基準に準拠していることを示すURI + + + + + + + + eduPersonEntitlement + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.7 + urn:mace:dir:attribute-def:eduPersonEntitlement + Entitlement + Berechtigung + Membre de + Diritti + 資格情報 + Member of: URI (either URL or URN) that indicates a set of rights to specific resources based on an agreement across the releavant community + Zeichenkette, die Rechte für spezifische Ressourcen beschreibt + Membre de: URI (soit une URL ou une URN) décrivant un droit spécific d'accès + Membro di: URI (sia URL, sia URN) che rappresentano diritti su specifiche risorse e basati su accordi tra le comunità interessate + 特定のアプリケーションもしくはコミュニティ内の複数リソースへのアクセス権限を持つことを示すURI(URLもしくはURN) + + + + + + + + eduPersonNickname + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.2 + urn:mace:dir:attribute-def:eduPersonNickname + Nickname + Kurzname + Übername + Surnom + Soprannome + ニックネーム + Person's nickname, or the informal name by which they are accustomed to be hailed + Kurzname einer Person, oder üblicher Rufname zur Begrüßung + Übername einer Person, oder üblicher Rufname zur Begrüssung + Nom personnalisable pour un usage informel + Soprannome della persona + 利用者のニックネームもしくは通称 + + + + + + + + eduPersonOrgDN + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.3 + urn:mace:dir:attribute-def:eduPersonOrgDN + Organization distinguished name + Distinguished name (DN) of the directory entry representing the institution with which the person is associated + + + + + + + + eduPersonOrgUnitDN + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.4 + urn:mace:dir:attribute-def:eduPersonOrgUnitDN + Organization unit distinguished name + Structures de rattachement + Distinguished name(s) (DN) of the directory entries representing the person's Organizational Unit(s) + Structures d'affectation (composante, service...) de la personne dans l'annuaire + + + + + + + + eduPersonOrcid + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.16 + urn:oid:1.3.6.1.4.1.5923.1.1.1.16 + ORCID + identifiants ORCID + ORCID researcher identifier(s) belonging to a person + Identifiant(s) ORCID d'une personne + + + + + + + + eduPersonPrimaryAffiliation + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.5 + urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation + Primary affiliation + Primäre Zugehörigkeit + Affiliation principale + Affiliazione principale + 主要職位 + Specifies the person's primary relationship to the institution in broad categories such as student, faculty, staff, alum, etc. + Spezifiziert der Hauptbeziehung einer Person innerhalb ihrer Organisation in groben Kategorien wie Student, Mitarbeiter, Alumni, etc. + Spécifie la relation principale d'une personne avec l'institution selon des majeures catégories comme étudiant, collaborateur, alumni etc. + Specifica la relazione principale della persona con l'istituzione secondo le categorie studente, collaboratore, alumni, etc. + 所属機関における主要な職位(faculty,staff,student,memberなど) + + + + + + + + eduPersonPrimaryOrgUnitDN + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.8 + urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN + Primary organization unit distinguished name + Structure de rattachement principal + Distinguished name (DN) of the directory entry representing the person's primary Organizational Unit + Structure (composante, service) dans l'annuaire considérée comme affectation principale de la personne + + + + + + + + eduPersonPrincipalName + SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.6 + urn:mace:dir:attribute-def:eduPersonPrincipalName + false + Principal name + Persönliche ID + Identifiant unique + ID personale + プリンシパルID + A unique identifier for a person, mainly for inter-institutional user identification + Eindeutige Benutzeridentifikation + Eindeutige Benützeridentifikation + L'identifiant unique de l'utilisateur + Un ID personale che identifica chiaramente l'utente in seno alla sua organizzazione + フェデレーション内で一意かつ永続的な利用者識別子 + + + + + + + + eduPersonPrincipalNamePrior + SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.12 + urn:oid:1.3.6.1.4.1.5923.1.1.1.12 + false + Prior principal name(s) + Anciens identifiants EPPN + eduPersonPrincipalName value(s) previously associated with the entry + Liste des valeurs de l'attribut eduPersonPrincipalName précédemment attribuées à la personne + + + + + + + + eduPersonScopedAffiliation + SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.9 + urn:mace:dir:attribute-def:eduPersonScopedAffiliation + false + Scoped affiliation + Zugehörigkeit + Affiliation + Affiliazione + スコープ付き職位 + Specifies the person's affiliation within a particular security domain + Art der Zugehörigkeit zur Heimatorganisation + Art der Zugehörigkeit zur Heimorganisation + Type d'affiliation dans l'organisation + Affiliazione: Tipo di affiliazione pressocon l'organizzazione + セキュリティドメインのスコープが付いた所属機関における職位 + + + + + + + + eduPersonUniqueId + SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.13 + urn:oid:1.3.6.1.4.1.5923.1.1.1.13 + false + Unique ID + Eindeutige ID + ID unique + ID univoco + ユニークID + A unique identifier for a person, mainly for inter-institutional user identification + Eindeutige Benutzeridentifikation + Eindeutige Benützeridentifikation + Identifiant unique de l'utilisateur + Un identificativo univoco che identifica chiaramente l'utente in seno alla sua organizzazione + フェデレーション内で一意で永続的かつ難読化された利用者識別子(後継はサブジェクトID) + + + + + + + + eduPersonAnalyticsTag + SAML2StringTranscoder SAML1StringTranscoder CASStringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.17 + urn:oid:1.3.6.1.4.1.5923.1.1.1.17 + false + Aggregated analytics tag + Opaque string that aggregates the use of a service by a set of subjects for the purpose of reporting or analytics + + + + + + + + eduPersonDisplayPronouns + SAML2StringTranscoder SAML1StringTranscoder CASStringTranscoder + urn:oid:1.3.6.1.4.1.5923.1.1.1.18 + urn:oid:1.3.6.1.4.1.5923.1.1.1.18 + false + Display Pronouns + Personal pronouns by which the person prefers to be identified + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/inetOrgPerson.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/inetOrgPerson.xml new file mode 100644 index 0000000..2ab78ef --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/inetOrgPerson.xml @@ -0,0 +1,525 @@ + + + + + + + + + + + + + + + cn + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.3 + urn:mace:dir:attribute-def:cn + Common name + Nom et Prénom + Common name of a person + Nom complet sans accent d'une personne + + + + + + + + departmentNumber + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.16.840.1.113730.3.1.2 + urn:mace:dir:attribute-def:departmentNumber + Department number + departmentNumber + Abteilungsnummer + Department number + Nummer der Abteilung + Identifiant du département dans l'organisation + + + + + + + + displayName + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.16.840.1.113730.3.1.241 + urn:mace:dir:attribute-def:displayName + Display name + Anzeigename + Nom + Nome + 表示名 + The name that should appear in white-pages-like applications for this person + Anzeigename + Nom complet d'affichage + Nome + アプリケーションでの表示に用いられる英字氏名 + + + + + + + + employeeNumber + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.16.840.1.113730.3.1.3 + urn:mace:dir:attribute-def:employeeNumber + Employee number + Mitarbeiternummer + Numéro d'employé + Numero dell'utente + 従業員番号 + Identifies an employee within an organization + Identifiziert einen Mitarbeiter innerhalb der Organisation + Identifie un employé au sein de l'organisation + Identifica l' utente presso l'organizzazione + 所属機関における利用者の従業員番号 + + + + + + + + employeeType + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.16.840.1.113730.3.1.4 + urn:mace:dir:attribute-def:employeeType + Employee type + Type d'employé + Employee type + Catégorie d'employé dans l'organisation + + + + + + + + givenName + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.42 + urn:mace:dir:attribute-def:givenName + Given name + Vorname + Prénom + Nome + + Given name of a person + Vorname + Prénom de l'utilisateur + Nome + 氏名(名)の英語表記 + + + + + + + + homePhone + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:0.9.2342.19200300.100.1.20 + urn:mace:dir:attribute-def:homePhone + Private phone number + Telefon Privat + Teléphone personnel + Numero di telefono privato + 自宅電話番号 + Private phone number + Private Telefonnummer + Numéro de téléphone de domicile de la personne + Numero di telefono privato + 自宅の電話番号 + + + + + + + + homePostalAddress + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:0.9.2342.19200300.100.1.39 + urn:mace:dir:attribute-def:homePostalAddress + Home postal address + Heimatadresse + Heimadresse + Adresse personnelle + Indirizzo personale + 自宅住所 + Home postal address: Home address of the user + Heimatadresse + Heimadresse + Adresse postale de domicile de la personne + Indirizzo personale: indirizzo dove abita l'utente + 自宅の住所 + + + + + + + + initials + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.43 + urn:mace:dir:attribute-def:initials + Initials + Initialen + Initiales + イニシャル + Initials + Anfangsbuchstaben des Namens + Die Anfangsbuchstaben + L' initiales + イニシャル + + + + + + + + l + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.7 + urn:mace:dir:attribute-def:l + Locality name + Ort + Localité + 場所(L) + Locality name + Ort + Nom de la localité où réside l'objet + 場所の名前 日本の場合は市区町村名 + + + + + + + + mail + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:0.9.2342.19200300.100.1.3 + urn:mace:dir:attribute-def:mail + E-mail + E-Mail + Email + E-mail + メールアドレス + E-Mail: Preferred address for e-mail to be sent to this person + E-Mail-Adresse + E-Mail Adresse + Adresse de courrier électronique + E-Mail: l'indirizzo e-mail preferito dall'utente + メールアドレス + + + + + + + + mobile + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:0.9.2342.19200300.100.1.41 + urn:mace:dir:attribute-def:mobile + Mobile phone number + Telefon Mobil + Numéro de mobile + Numero di cellulare + 携帯電話番号 + Mobile phone number + Mobile Telefonnummer + Numéro de teléphone mobile + Numero di cellulare + 携帯電話の電話番号 + + + + + + + + o + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.10 + urn:mace:dir:attribute-def:o + Organization name + Organisationsname + Nom de l'organisation + 所属機関名 + Organization name + Name der Organisation + Nom de l'organisation + 所属機関名称の英語表記 + + + + + + + + ou + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.11 + urn:mace:dir:attribute-def:ou + Organizational unit + Organisationseinheit + Unité organisationnelle + 機関内所属名 + Organizational unit + Name der Organisationseinheit + Nom de l'unité organisationnelle + 機関内所属名称の英語表記 + + + + + + + + pager + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:0.9.2342.19200300.100.1.42 + urn:mace:dir:attribute-def:pager + Pager number + Pager number + + + + + + + + postalAddress + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.16 + urn:mace:dir:attribute-def:postalAddress + Business postal address + Geschäftsadresse + Adresse professionnelle + Indirizzo professionale + 所属機関住所 + Business postal address: Campus or office address + Geschäftliche Adresse + Adresse am Arbeitsplatz + Adresse de l'institut, de l'université + Indirizzo professionale: indirizzo dell'istituto o dell'ufficio + 所属機関の住所 + + + + + + + + postalCode + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.17 + urn:mace:dir:attribute-def:postalCode + Postal code + ZIP code + Postleitzahl + Code postal + 郵便番号 + Postal code + ZIP code + Postleitzahl + Code postal + 郵便番号 + + + + + + + + postOfficeBox + SAML2StringTranscoder SAML1StringTranscoder + urn:mace:dir:attribute-def:postOfficeBox + urn:oid:2.5.4.18 + Postal box + Postfach + Boite postale + Case postale + 私書箱 + Postal box identifier + Postfach + Boite postale + Case postale + 私書箱 + + + + + + + + preferredLanguage + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.16.840.1.113730.3.1.39 + urn:mace:dir:attribute-def:preferredLanguage + Preferred Language + Bevorzugte Sprache + Langue préférée + Lingua preferita + 希望言語 + Preferred language: Users preferred language (see RFC1766) + Bevorzugte Sprache (siehe RFC1766) + Exemple: fr, de, it, en, ... (voir RFC1766) + Lingua preferita: la lingua preferita dall'utente (cfr. RFC1766) + 利用者が希望する言語(RFC1766 を参照) + + + + + + + + sn + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.4 + urn:mace:dir:attribute-def:sn + Surname + Nachname + Nom de famille + Cognome + + Surname or family name + Familienname + Nom de famille de l'utilisateur + Cognome dell'utilizzatore + 氏名(姓)の英語表記 + + + + + + + + st + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.8 + urn:mace:dir:attribute-def:st + State or province name + Etat ou nom de province + 都道府県もしくは州や省(ST) + State or province name + Etat ou nom de province + 州名や省名 国によって異なり日本の場合は都道府県名 + + + + + + + + street + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.9 + urn:mace:dir:attribute-def:street + Street + Straße + Strasse + Rue + 通り + Street address + Name der Straße + Strassenadresse + Nom de rue + 通りおよび番地 + + + + + + + + + telephoneNumber + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.20 + urn:mace:dir:attribute-def:telephoneNumber + Business phone number + Telefon Geschäft + Teléphone professionnel + Numero di telefono dell'ufficio + 所属機関内電話番号 + Business phone number: Office or campus phone number + Telefonnummer am Arbeitsplatz + Teléphone de l'institut, de l'université + Numero di telefono dell'ufficio + 所属機関での利用者の電話番号 + + + + + + + + title + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:2.5.4.12 + urn:mace:dir:attribute-def:title + Title + Titel + Title + 肩書き + Title of a person + Titel der Person + Titre de la personne + 利用者の肩書き + + + + + + + + uid + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:0.9.2342.19200300.100.1.1 + urn:mace:dir:attribute-def:uid + User ID + Benutzer-ID + ID utilisateur + ID dell'utente + ユーザID + A unique identifier for a person, mainly used for user identification within the user's home organization + Eine eindeutige Nummer für eine Person, welche hauptsächlich zur Identifikation innerhalb der Organisation benutzt wird + Identifiant de connexion d'une personnes sur les systèmes informatiques + Identificativo unico della persona, usato per l'identificazione dell'utente all'interno della organizzazione di appartenenza + 所属機関内で一意の利用者識別子 + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/oidc-claim-rules.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/oidc-claim-rules.xml new file mode 100644 index 0000000..9de853b --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/oidc-claim-rules.xml @@ -0,0 +1,428 @@ + + + + + + + + + + + + + + + displayName + OIDCStringTranscoder + name + Display name + Anzeigename + Nom + Nome + 表示名 + The name that should appear in white-pages-like applications for this person. + Anzeigename + Nom complet d'affichage + Nome + アプリケーションでの表示に用いられる英字氏名 + + + + + + + + givenName + OIDCStringTranscoder + given_name + Given name + Vorname + Prénom + Nome + + Given name of a person + Vorname + Prénom de l'utilisateur + Nome + 氏名(名)の英語表記 + + + + + + + + homePhone + OIDCStringTranscoder + phone_number + Private phone number + Telefon Privat + Teléphone personnel + Numero di telefono privato + 自宅電話番号 + Private phone number + Private Telefonnummer + Numéro de téléphone de domicile de la personne + Numero di telefono privato + 自宅の電話番号 + + + + + + + + mail + OIDCStringTranscoder + email + E-mail + E-Mail + Email + E-mail + メールアドレス + E-Mail: Preferred address for e-mail to be sent to this person + E-Mail-Adresse + E-Mail Adresse + Adresse de courrier électronique + E-Mail: l'indirizzo e-mail preferito dall'utente + メールアドレス + + + + + + + + preferredLanguage + OIDCStringTranscoder + locale + Preferred Language + Bevorzugte Sprache + Langue préférée + Lingua preferita + 希望言語 + Preferred language: Users preferred language (see RFC1766) + Bevorzugte Sprache (siehe RFC1766) + Exemple: fr, de, it, en, ... (voir RFC1766) + Lingua preferita: la lingua preferita dall'utente (cfr. RFC1766) + 利用者が希望する言語(RFC1766 を参照) + + + + + + + + sn + OIDCStringTranscoder + family_name + Surname + Nachname + Nom de famille + Cognome + + Surname or family name + Familienname + Nom de famille de l'utilisateur. + Cognome dell'utilizzatore + 氏名(姓)の英語表記 + + + + + + + + telephoneNumber + OIDCStringTranscoder + phone_number + Business phone number + Telefon Geschäft + Teléphone professionnel + Numero di telefono dell'ufficio + 所属機関内電話番号 + Business phone number: Office or campus phone number + Telefonnummer am Arbeitsplatz + Teléphone de l'institut, de l'université + Numero di telefono dell'ufficio + 所属機関での利用者の電話番号 + + + + + + + + uid + OIDCStringTranscoder + preferred_username + User ID + Benutzer-ID + ID utilisateur + ID dell'utente + ユーザID + A unique identifier for a person, mainly used for user identification within the user's home organization. + Eine eindeutige Nummer für eine Person, welche hauptsächlich zur Identifikation innerhalb der Organisation benutzt wird. + Identifiant de connexion d'une personnes sur les systèmes informatiques. + Identificativo unico della persona, usato per l'identificazione dell'utente all'interno della organizzazione di appartenenza. + 所属機関内で一意の利用者識別子 + + + + + + + + + + eduPersonNickname + OIDCStringTranscoder + nickname + Nickname + Kurzname + Übername + Surnom + Diminutivo + ニックネーム + Person's nickname, or the informal name by which they are accustomed to be hailed. + Kurzname einer Person, oder üblicher Rufname zur Begrüßung. + Übername einer Person, oder üblicher Rufname zur Begrüssung. + Nom personnalisable pour un usage informel. + Diminutivo della persona, o soprannome. + 利用者のニックネームもしくは通称 + + + + + + + + + + eduPersonAssurance + OIDCStringTranscoder + eduPersonAssurance + Assurance level + Vertrauensgrad + Niveau de confiance + Livello di sicurezza + 保証レベル + Set of URIs that assert compliance with specific standards for identity assurance. + URIs die eine gewisse Zusicherung für spezifische Standards des Vertrauens beinhalten + Un ensemble d'URI qui attestent la conformité selon un standard pour les niveaux d'assurance d'identités + Un insieme di URI che asseriscono l'osservanza dei livelli di sicurezza richiesti + IDの保証レベルに関して特定の基準に準拠していることを示すURI + + + + + + + + eduPersonEntitlement + OIDCStringTranscoder + eduPersonEntitlement + Entitlement + Berechtigung + Entitlement + Prerogativa + 資格情報 + Member of: URI (either URL or URN) that indicates a set of rights to specific resources based on an agreement across the releavant community + Zeichenkette, die Rechte für spezifische Ressourcen beschreibt + Membre de: URI (soit une URL ou une URN) décrivant un droit spécific d'accès. + Membro delle seguenti URI (sia URL o URN) che rappresentano diritti specifici d'accesso validi in tutta la communità + 特定のアプリケーションもしくはコミュニティ内の複数リソースへのアクセス権限を持つことを示すURI(URLもしくはURN) + + + + + + + + eduPersonPrincipalName + OIDCScopedStringTranscoder + eduPersonPrincipalName + Principal name + Persönliche ID + Principal Name + Principal Name + プリンシパルID + A unique identifier for a person, mainly for inter-institutional user identification. + Eindeutige Benutzeridentifikation + Eindeutige Benützeridentifikation + L'identifiant unique de l'utilisateur + Un ID personale che identifica chiaramente l'utente in seno alla sua organizzazione + フェデレーション内で一意かつ永続的な利用者識別子 + + + + + + + + eduPersonScopedAffiliation + OIDCScopedStringTranscoder + eduPersonScopedAffiliation + Scoped affiliation + Zugehörigkeit + Affiliation + Tipo di membro + スコープ付き職位 + Specifies the person's affiliation within a particular security domain + Art der Zugehörigkeit zur Heimatorganisation + Art der Zugehörigkeit zur Heimorganisation + Type d'affiliation dans l'organisation + Tipo di membro: Tipo di lavoro svolto per l'organizzazione + セキュリティドメインのスコープが付いた所属機関における職位 + + + + + + + + + + address + OIDCStringTranscoder + true + address + Postal address + + + + + + + + birthdate + OIDCStringTranscoder + birthdate + Date of birth + + + + + + + + email_verified + OIDCStringTranscoder + email_verified + true + E-mail verification status + Indicates whether e-mail address has been verified by the issuer + + + + + + + + gender + OIDCStringTranscoder + gender + Gender + + + + + + + + middle_name + OIDCStringTranscoder + middle_name + Middle name + + + + + + + + phone_number_verified + OIDCStringTranscoder + phone_number_verified + true + Phone number verification status + Indicates whether phone number has been verified by the issuer + + + + + + + + picture + OIDCStringTranscoder + picture + Picture + URL of personal photo + + + + + + + + profile + OIDCStringTranscoder + profile + Profile page + URL of personal profile page + + + + + + + + website + OIDCStringTranscoder + website + Web site + URL to personal web site + + + + + + + + updated_at + OIDCStringTranscoder + updated_at + true + Last update of information + + + + + + + + zoneinfo + OIDCStringTranscoder + zoneinfo + Time zone + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/samlSubject.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/samlSubject.xml new file mode 100644 index 0000000..3ffa3cc --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/samlSubject.xml @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + samlSubjectID + SAML2ScopedStringTranscoder + urn:oasis:names:tc:SAML:attribute:subject-id + Unique ID + Eindeutige ID + ID unique + ID unico + サブジェクトID + A unique identifier for a person, mainly for inter-institutional user identification + Eindeutige Benutzeridentifikation + Eindeutige Benützeridentifikation + Identifiant unique de l'utilisateur + Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione + フェデレーション内で一意で永続的かつ難読化された利用者識別子(eduPersonUniqueIdの後継) + + + + + + + + samlPairwiseID + SAML2ScopedStringTranscoder + urn:oasis:names:tc:SAML:attribute:pairwise-id + Pairwise ID + Pairwise ID + Pairwise ID + Pairwise ID + ペアワイズID + Pairwise ID: A unique identifier for a person, different for each service provider + Pairwise ID: Eindeutige Benutzeridentifikation, unterschiedlich pro Service Provider + Pairwise ID: Eindeutige Benützeridentifikation, unterschiedlich pro Service Provider + Pairwise ID: Un identifiant unique de l'utilisateur, différent pour chaque fournisseur de service + Pairwise ID: identificativo unico della persona, differente per ogni fornitore di servizio + フェデレーション内で一意かつSP毎に送出される値が異なる利用者識別子(eduPersonTargetedIDの後継) + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/schac.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/schac.xml new file mode 100644 index 0000000..2e0db26 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attributes/schac.xml @@ -0,0 +1,382 @@ + + + + + + + + + + + + schacMotherTongue + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.1 + urn:oid:1.3.6.1.4.1.25178.1.2.1 + Mother Tongue + Langue maternelle + Lingua Madre + Mother Tongue of the user + Langue maternelle (la langue apprise en premier par une personne : fr + Lingua Madre dell'utente + + + + + + + + schacGender + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.2 + urn:oid:1.3.6.1.4.1.25178.1.2.2 + Gender + Genre + Genere + Gender of the user + Genre de la personne : un chiffre (0 "Not known, 1 "Male", 2 "Female", 9 "Not specified") + Genere dell'utente + + + + + + + + schacDateOfBirth + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.3 + urn:oid:1.3.6.1.4.1.25178.1.2.3 + Date or Birth + Date de naissance + Giorno di nascita + The date of birth for the subject it is associated with + Date de naissance au format "YYYYMMJJ" + Giorno di nascita del soggetto + + + + + + + + schacYearOfBirth + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.0.2.3 + urn:oid:1.3.6.1.4.1.25178.1.0.2.3 + Year of birth + Année de naissance + Anno di nascita + The year of birth for the subject it is associated with + Année de naissance au format "YYYY" + Anno di nascita del soggetto + + + + + + + + schacPlaceOfBirth + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.4 + urn:oid:1.3.6.1.4.1.25178.1.2.4 + Place of Birth + Lieu de naissance + Luogo di nascita + The place of birth for the subject it is associated with + Lieu de naissance + Luogo di nascita del soggetto + + + + + + + + schacCountryOfCitizenship + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.5 + urn:oid:1.3.6.1.4.1.25178.1.2.5 + Country of Citizenship + Nationalité + The countries of citizenship for the subject it is associated with + Pays où une personne est un citoyen : 2 lettres au format ISO 3166 (fr, es...) + Cittadinanza + + + + + + + + schacSn1 + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.6 + urn:oid:1.3.6.1.4.1.25178.1.2.6 + First Surname + Premier nom + Primo Cognome + First surname of a person ("the surname" in international terms) + Premier nom d'une personne + Il cognome di una persona + + + + + + + + schacSn2 + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.7 + urn:oid:1.3.6.1.4.1.25178.1.2.7 + Second Surname + Second nom + Secondo Cognome + Second surname of a person + Second nom d'une personne + Secondo cognome di una persona + + + + + + + + schacPersonalTitle + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.8 + urn:oid:1.3.6.1.4.1.25178.1.2.8 + Personal Title + Titre + Soprannome + Nice name used for the user + Titre de la personne + Titolo usato per salutare l'utente + + + + + + + + schacHomeOrganization + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.9 + urn:oid:1.3.6.1.4.1.25178.1.2.9 + Home Organization + Kotiorganisaatio + Organisme + Dominio dell'istituzione + The domain name of the person's home organisation + Henkilön kotiorganisaation domain-nimi + Nom de domaine DNS de l'organisme d'origine d'une personne + Dominio dell'istituzione + + + + + + + + schacHomeOrganizationType + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.10 + urn:oid:1.3.6.1.4.1.25178.1.2.10 + Home organization type + Kotiorganisaation tyyppi + Type d'organisme + Tipo di organizzazione di appartenenza (internazionale) + Home organisation type: university, polytechnic, etc + Kotiorganisaation tyyppi: yliopisto, ammattikorkeakoulu jne + Type d'organisme d'origine d'une personne + Tipo di organizzazione di appartenenza + + + + + + + + schacCountryOfResidence + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.11 + urn:oid:1.3.6.1.4.1.25178.1.2.11 + Country of Residence + Pays de résidence + Residenza + The country of residence for the subject + Pays de résidence : fr, es... + Paese di residenza dell'utente + + + + + + + + schacUserPresenceID + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.12 + urn:oid:1.3.6.1.4.1.25178.1.2.12 + User Presence ID + Identifiant de présence + ID utente sulla rete + Identifiers that user collect on the net + Ensemble de valeurs liées aux protocoles de présence réseau (sip, xmpp, h323...) + Identificativi usati dall'utente sulla rete + + + + + + + + schacPersonalPosition + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.13 + urn:oid:1.3.6.1.4.1.25178.1.2.13 + Personal Position + Position/Rôle + Ruolo ricoperto + Personal Position of the user for the institution + Position/Rôle de la personne au sein d'une institution + Ruolo dell'utente nell'istituzione + + + + + + + + schacPersonalUniqueCode + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.14 + urn:oid:1.3.6.1.4.1.25178.1.2.14 + Personal Unique Code + Code personnel unique + Codice Univoco + Unique code for the subject it is associated with + "Code unique" pour le sujet auquel il est associé (peut être le numéro d'étudiant, le numéro d'employé, ...) + Codice Univoco legato al soggetto + + + + + + + + schacPersonalUniqueID + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.15 + urn:oid:1.3.6.1.4.1.25178.1.2.15 + Personal Unique ID + Identifiant personnel unique + ID Legale Univoco + Unique Legal Identifier of a person + identifiant unique légal (DNI en espagne) + Identificativo Univoco Legale associato alla persona + + + + + + + + schacExpiryDate + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.17 + urn:oid:1.3.6.1.4.1.25178.1.2.17 + Expiry Date + Date d'expiration + The date from which the set of data is to be considered invalid (specifically, in what refers to rights and entitlements) + Date à partir de laquelle l'ensemble de données de la personne doit être considéré comme invalide, au format "YYYYMMDDhhmmssZ" + Data di scadenza dei dati utente (diritti e titoli) + + + + + + + + schacUserPrivateAttribute + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.18 + urn:oid:1.3.6.1.4.1.25178.1.2.18 + User Private Attribute + Exigences de confidentialité + Datas that the user and/or organization policies want to keep private + Exigences de confidentialité, telles qu'exprimées par l'utilisateur et / ou les stratégies de l'entreprise + Dati che l'utente o le policy organizzative vogliono tenere private + + + + + + + + schacUserStatus + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.19 + urn:oid:1.3.6.1.4.1.25178.1.2.19 + User Status + Status utilisateur + Set of status of a person as user of services + Ensemble de status d'une personne en tant qu'utilisateur de services + Stato di attivita' per l'utente sui diversi servizi + + + + + + + + schacProjectMembership + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.20 + urn:oid:1.3.6.1.4.1.25178.1.2.20 + Project Membership + Appartenance au projet + Name of the project the user belongs to + Nom du projet auquel l'utilisateur appartient + Nome del progetto a cui l'utente appartiene + + + + + + + + schacProjectSpecificRole + SAML2StringTranscoder SAML1StringTranscoder + urn:oid:1.3.6.1.4.1.25178.1.2.21 + urn:oid:1.3.6.1.4.1.25178.1.2.21 + Project Specific Role + Roles spécifiques au projet + Set of roles inside specific projects for the user + Ensemble de rôles dans des projets spécifiques + Insieme dei ruoli svolti dall'utente su specifici progetti + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/audit.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/audit.xml new file mode 100644 index 0000000..3c9c408 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/audit.xml @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + http://shibboleth.net/ns/profiles/status + http://shibboleth.net/ns/profiles/mdquery + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/authn/authn-comparison.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/authn/authn-comparison.xml new file mode 100644 index 0000000..0730bcb --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/authn/authn-comparison.xml @@ -0,0 +1,117 @@ + + + + + + + + + + + 1 + + + + + + + + + + urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/authn/authn-events-flow.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/authn/authn-events-flow.xml new file mode 100644 index 0000000..8846677 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/authn/authn-events-flow.xml @@ -0,0 +1,22 @@ + + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/authn/authn.properties b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/authn/authn.properties new file mode 100644 index 0000000..405c522 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/authn/authn.properties @@ -0,0 +1,227 @@ +# Properties that control authentication generally and the behavior of +# specific methods. + +# Regular expression matching login flows to enable, e.g. IPAddress|Password +#idp.authn.flows = Password + +# Default settings for most authentication methods. +#idp.authn.defaultLifetime = PT1H +#idp.authn.defaultTimeout = PT30M +#idp.authn.proxyRestrictionsEnforced = true + +# Whether to populate relying party user interface information for display +# during authentication, consent, terms-of-use. +#idp.authn.rpui = true + +# Whether to prioritize "active" results when an SP requests more than +# one possible matching login method (V2 behavior was to favor them) +#idp.authn.favorSSO = false + +# Whether to fail requests when a user identity after authentication +# doesn't match the identity in a pre-existing session. +#idp.authn.identitySwitchIsError = false + +# If using IdP discovery feature, provides a discovery location to use. +#idp.authn.discoveryURL = https://ds.example.org/shibboleth-ds/index.html + +# Login flow audit logging (defaults false for log compatibility) +#idp.authn.audit.enabled = false + +# Revocation (administrative logout) +#idp.authn.revocation = false +#idp.authn.revocation.lifetime = %{idp.authn.defaultAuthnLifetime:PT12H} +# Name of BiCondition to apply for check +#idp.authn.revocation.Condition = shibboleth.RevocationCacheCondition +# Set to true to treat lookup failures as being revoked. +#idp.authn.revocation.strict = false +# Set to true to check for address-based revocation. +#idp.authn.revocation.addressBased = false +# Default implementation based on a StorageService bean. +#idp.authn.revocation.cache = shibboleth.AuthnRevocationCache +#idp.authn.revocation.StorageService = shibboleth.StorageService + + +# Properties below override specific method behavior, as an alternative +# to defining Spring beans in XML. Refer to the documentation for a complete +# list. Many of the properties below are mentioned only because they are +# atypical defaults assumed for a given method. + +# Flow selection among multiple equivalent options can be managed with +# the order properties, lower will be tried first. + +#### Password #### + +#idp.authn.Password.order = 1000 +#idp.authn.Password.passiveAuthenticationSupported = true +#idp.authn.Password.forcedAuthenticationSupported = true +# Override this and removeAfterValidation to require all validators to succeed +#idp.authn.Password.requireAll = false +# Override to keep the password around +#idp.authn.Password.removeAfterValidation = true +# Override to store password in Java Subject +#idp.authn.Password.retainAsPrivateCredential = false +# Simple username transforms before validation +#idp.authn.Password.trim = true +#idp.authn.Password.lowercase = false +#idp.authn.Password.uppercase = false +#idp.authn.Password.matchExpression = +# Override default form field names +#idp.authn.Password.usernameFieldName = j_username +#idp.authn.Password.passwordFieldName = j_password +#idp.authn.Password.ssoBypassFieldName = donotcache +# Unset if using customized Principals per validator +#idp.authn.Password.addDefaultPrincipals = true +# The Principal collection below is the typical default if not otherwise noted. +#idp.authn.Password.supportedPrincipals = \ +# saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport, \ +# saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password, \ +# saml1/urn:oasis:names:tc:SAML:1.0:am:password +# Validators are controlled in password-authn-config.xml + +#### Password Backends #### + +# See ldap.properties for LDAP authn properties +# Kerberos settings +#idp.authn.Krb5.refreshConfig = false +#idp.authn.Krb5.preserveTicket = false +# Set next two for KDC verification +#idp.authn.Krb5.servicePrincipal = +#idp.authn.Krb5.keytab = +# JAAS settings +#idp.authn.JAAS.loginConfigNames = ShibUserPassAuth +#idp.authn.JAAS.loginConfig = %{idp.home}/conf/authn/jaas.config + +#### External #### + +#idp.authn.External.order = 1000 +#idp.authn.External.nonBrowserSupported = false +#idp.authn.External.matchExpression = +# Unset if you plan to return full Java Subject from external source +#idp.authn.External.addDefaultPrincipals = true +# Servlet context-relative path to wherever your implementation lives +idp.authn.External.externalAuthnPath = contextRelative:external.jsp + +#### RemoteUser #### + +#idp.authn.RemoteUser.order = 1000 +#idp.authn.RemoteUser.nonBrowserSupported = false +#idp.authn.RemoteUser.matchExpression = +# Unset in most cases only if using the authnMethodHeader or +# subjectAttribute settings +#idp.authn.RemoteUser.addDefaultPrincipals = true +#idp.authn.RemoteUser.checkRemoteUser = true +# Comma-delimited lists of attributes or headers to pull from +#idp.authn.RemoteUser.checkAttributes = +#idp.authn.RemoteUser.checkHeaders = +# Advanced settings +#idp.authn.RemoteUser.subjectAttribute = +#idp.authn.RemoteUser.authnMethodHeader = +#idp.authn.RemoteUser.authnAuthorityHeader = + +#### RemoteUserInternal #### + +#idp.authn.RemoteUserInternal.order = 1000 +#idp.authn.RemoteUserInternal.nonBrowserSupported = true +# Unset in most cases only if using the authnMethodHeader feature +#idp.authn.RemoteUserInternal.addDefaultPrincipals = true +#idp.authn.RemoteUserInternal.checkRemoteUser = true +# Comma-delimited lists of attributes or headers to pull from +#idp.authn.RemoteUserInternal.checkAttributes = +#idp.authn.RemoteUserInternal.checkHeaders = +# Simple transforms to apply +#idp.authn.RemoteUserInternal.trim = true +#idp.authn.RemoteUserInternal.lowercase = false +#idp.authn.RemoteUserInternal.uppercase = false +#idp.authn.RemoteUserInternal.matchExpression = +#idp.authn.RemoteUserInternal.allowedUsernames = +#idp.authn.RemoteUserInternal.deniedUsernames = + +#### SPNEGO #### + +#idp.authn.SPNEGO.order = 1000 +#idp.authn.SPNEGO.nonBrowserSupported = false +#idp.authn.SPNEGO.enforceRun = false +#idp.authn.SPNEGO.refreshKrbConfig = false +#idp.authn.SPNEGO.matchExpression = +idp.authn.SPNEGO.supportedPrincipals = \ + saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos, \ + saml1/urn:ietf:rfc:1510 + +#### X509 #### + +#idp.authn.X509.order = 1000 +#idp.authn.X509.nonBrowserSupported = false +#idp.authn.X509.saveCertificateToCredentialSet = true +# Servlet context-relative path to wherever your implementation lives +#idp.authn.X509.externalAuthnPath = contextRelative:x509-prompt.jsp +idp.authn.X509.supportedPrincipals = \ + saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, \ + saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, \ + saml1/urn:ietf:rfc:2246 + +#### X509Internal #### + +#idp.authn.X509Internal.order = 1000 +#idp.authn.X509Internal.nonBrowserSupported = false +#idp.authn.X509Internal.saveCertificateToCredentialSet = true +idp.authn.X509Internal.supportedPrincipals = \ + saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, \ + saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, \ + saml1/urn:ietf:rfc:2246 + +#### IPAddress #### + +#idp.authn.IPAddress.order = 1000 +#idp.authn.IPAddress.passiveAuthenticationSupported = true +#idp.authn.IPAddress.lifetime = PT60S +#idp.authn.IPAddress.inactivityTimeout = PT60S +idp.authn.IPAddress.supportedPrincipals = \ + saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol + +#### Function #### + +#idp.authn.Function.order = 1000 +#idp.authn.Function.passiveAuthenticationSupported = true +# Unset if you plan to return full Java Subject from function +#idp.authn.Function.addDefaultPrincipals = true + +#### SAML #### + +#idp.authn.SAML.order = 1000 +#idp.authn.SAML.nonBrowserSupported = false +#idp.authn.SAML.passiveAuthenticationSupported = true +#idp.authn.SAML.forcedAuthenticationSupported = true +#idp.authn.SAML.proxyScopingEnforced = true +# Discovery options: +# Define shibboleth.authn.SAML.discoveryFunction bean +# Set proxyEntityID property +# Fall through to discovery via discoveryRequired property +#idp.authn.SAML.proxyEntityID = https://idp.example.org/idp/shibboleth +#idp.authn.SAML.discoveryRequired = true +# Generally left false with bidirectional mappings in +# conf/authn/authn-comparison.xml across the proxy boundary. +# Adjust as needed to reflect IdP's capabilities/support. +#idp.authn.SAML.addDefaultPrincipals = false +#idp.authn.SAML.supportedPrincipals = \ +# saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport, \ +# saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password, \ +# saml1/urn:oasis:names:tc:SAML:1.0:am:password + +#### MFA #### + +#idp.authn.MFA.order = 1000 +#idp.authn.MFA.passiveAuthenticationSupported = true +#idp.authn.MFA.forcedAuthenticationSupported = true +#idp.authn.MFA.validateLoginTransitions = true +# Defaults to set AuthnInstant based on oldest component result +#idp.authn.MFA.useLatestTimestamp = false +# The list below almost certainly requires changes, and should generally be the +# union of any of the separate factors you combine in your particular MFA flow +# rules. The example corresponds to the example in mfa-authn-config.xml that +# combines IPAddress with Password. +idp.authn.MFA.supportedPrincipals = \ + saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol, \ + saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport, \ + saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password, \ + saml1/urn:oasis:names:tc:SAML:1.0:am:password +# Most actual setup via mfa-authn-config.xml diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/authn/oauth2client-authn-config.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/authn/oauth2client-authn-config.xml new file mode 100644 index 0000000..e00b9c8 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/authn/oauth2client-authn-config.xml @@ -0,0 +1,30 @@ + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/authn/password-authn-config.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/authn/password-authn-config.xml new file mode 100644 index 0000000..dc10fa1 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/authn/password-authn-config.xml @@ -0,0 +1,105 @@ + + + + + + + + + + + + + + + + + + + + + + + + NoCredentials + CLIENT_NOT_FOUND + Client not found + Cannot get kdc for realm + Client not found in Kerberos database + DN_RESOLUTION_FAILURE + Cannot authenticate dn, invalid dn + Cannot authenticate dn, invalid credential + AcceptSecurityContext error, data 525 + + + + + InvalidCredentials + PREAUTH_FAILED + INVALID_CREDENTIALS + Checksum failed + Integrity check on decrypted field failed + Pre-authentication information was invalid + Key bytes cannot be null + AcceptSecurityContext error, data 52e + + + + + Clients credentials have been revoked + AcceptSecurityContext error, data 775 + + + + + AcceptSecurityContext error, data 533 + + + + + PASSWORD_EXPIRED + CLIENT KEY EXPIRED + AcceptSecurityContext error, data 532 + AcceptSecurityContext error, data 773 + AcceptSecurityContext error, data 701 + + + + + ACCOUNT_WARNING + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/c14n/subject-c14n-events-flow.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/c14n/subject-c14n-events-flow.xml new file mode 100644 index 0000000..c4936f3 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/c14n/subject-c14n-events-flow.xml @@ -0,0 +1,22 @@ + + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/c14n/subject-c14n.properties b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/c14n/subject-c14n.properties new file mode 100644 index 0000000..3811493 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/c14n/subject-c14n.properties @@ -0,0 +1,40 @@ +# Properties that control the behavior of post-login subject c14n flows. +# A few more advanced settings require XML configuration, see flow-specific docs. + + +# Simple username -> principal name c14n +#idp.c14n.simple.lowercase = false +#idp.c14n.simple.uppercase = false +#idp.c14n.simple.trim = true + + +# Attribute resolution -> principal name c14n +#idp.c14n.attribute.lowercase = false +#idp.c14n.attribute.uppercase = false +#idp.c14n.attribute.trim = true +# Lists of attributes to resolve... +#idp.c14n.attribute.attributesToResolve = +# and then select a principal name from +#idp.c14n.attribute.attributeSourceIds = +# Allows direct use of attributes via SAML proxy authn, bypasses resolver +#idp.c14n.attribute.resolveFromSubject = false +#idp.c14n.attribute.resolutionCondition = shibboleth.Conditions.TRUE + +# X.509 certificate -> principal name c14n +#idp.c14n.x500.lowercase = false +#idp.c14n.x500.uppercase = false +#idp.c14n.x500.trim = true +# Precedence is to check for a subjectAltName and then an OID RDN +# Comma-delimited list of subjectAltName type numbers +# (See https://tools.ietf.org/html/rfc5280#section-4.2.1.6) +#idp.c14n.x500.subjectAltNameTypes = +# Comma-delimited list of OIDS +#idp.c14n.x500.objectIDs = + +# Proxied SAML NameID -> principal name c14n +#idp.c14n.saml.proxy.lowercase = false +#idp.c14n.saml.proxy.uppercase = false + +# NameID consumption from SAML requests +#idp.c14n.saml.lowercase = false +#idp.c14n.saml.uppercase = false diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/c14n/subject-c14n.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/c14n/subject-c14n.xml new file mode 100644 index 0000000..b354535 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/c14n/subject-c14n.xml @@ -0,0 +1,151 @@ + + + + + + + + + + + + + + + + + + + + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName + urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName + urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos + + + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/config/shib-idp/conf/cas-protocol.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/cas-protocol.xml similarity index 73% rename from src/test/docker/shibboleth-idp/config/shib-idp/conf/cas-protocol.xml rename to src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/cas-protocol.xml index 3884ef5..bb0e9d0 100644 --- a/src/test/docker/shibboleth-idp/config/shib-idp/conf/cas-protocol.xml +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/cas-protocol.xml @@ -22,22 +22,11 @@ + c:regex="https?://([A-Za-z0-9_-]+\.)*unicon\.local(:\d+)?/.*" + p:authorizedToProxy="false" /> - @@ -53,15 +42,15 @@ --> @@ -109,4 +98,4 @@ --> - \ No newline at end of file + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/credentials.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/credentials.xml new file mode 100644 index 0000000..68dc9b8 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/credentials.xml @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/errors.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/errors.xml new file mode 100644 index 0000000..8d629ab --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/errors.xml @@ -0,0 +1,127 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/examples/attribute-resolver-ldap.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/examples/attribute-resolver-ldap.xml new file mode 100644 index 0000000..74b3033 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/examples/attribute-resolver-ldap.xml @@ -0,0 +1,108 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/examples/oidc-attribute-filter.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/examples/oidc-attribute-filter.xml new file mode 100644 index 0000000..cdd4293 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/examples/oidc-attribute-filter.xml @@ -0,0 +1,168 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/examples/oidc-attribute-resolver.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/examples/oidc-attribute-resolver.xml new file mode 100644 index 0000000..22a353d --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/examples/oidc-attribute-resolver.xml @@ -0,0 +1,191 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + member + staff + + + +1 (604) 555-1234;ext=5678 + + + true + + + false + + + Mr.Teppo Matias Testaaja + + + Testaaja + + + Teppo Matias + + + Matias + + + TT + + + https://fi.wikipedia.org/wiki/Tom_Cruise + + + https://pixabay.com/fi/pentu-kissa-kukka-potin-tabby-pentu-2766820/ + + + https://www.facebook.com/officialtomcruise/ + + + male + + + 1969-07-20 + + + America/Los_Angeles + + + en-US + + + 1509450347 + + + 234 Hollywood Blvd. + + + Los Angeles + + + CA + + + 90210 + + + US + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/global.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/global.xml new file mode 100644 index 0000000..0bfa7bc --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/global.xml @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/config/shib-idp/conf/idp.properties b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/idp.properties similarity index 73% rename from src/test/docker/shibboleth-idp/config/shib-idp/conf/idp.properties rename to src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/idp.properties index 50af600..3b47302 100644 --- a/src/test/docker/shibboleth-idp/config/shib-idp/conf/idp.properties +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/idp.properties @@ -1,5 +1,13 @@ -# Load any additional property resources from a comma-delimited list -idp.additionalProperties=/conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/authn/duo.properties, /credentials/secrets.properties +# Set false if you do not want the IdP to check (asynchronously) whether +# it can be updated or not when the container starts +#idp.updateCheck.enable=true + +# Auto-load all files matching conf/**/*.properties +# Disable if you want to manually maintain a list of sources. +idp.searchForProperties=true + +# Load any "outside-tree" property sources from a comma-delimited list +idp.additionalProperties=/credentials/secrets.properties # In most cases (and unless noted in the surrounding comments) the # commented settings in the distributed files document default behavior. @@ -14,37 +22,48 @@ idp.entityID=https://idp.unicon.local/idp/shibboleth # Set to empty value to disable and return a 404. #idp.entityID.metadataFile=%{idp.home}/metadata/idp-metadata.xml -# Set the scope used in the attribute resolver for scoped attributes +# Set the scope used in the attribute resolver for scoped attributes idp.scope=unicon.local # General cookie properties (maxAge only applies to persistent cookies) #idp.cookie.secure = true #idp.cookie.httpOnly = true #idp.cookie.domain = -#idp.cookie.path = +# Note the path is now / to allow defaulting to __Host- prefixed names. +#idp.cookie.path = / #idp.cookie.maxAge = 31536000 # These control operation of the SameSite filter, which is off by default. #idp.cookie.sameSite = None #idp.cookie.sameSiteCondition = shibboleth.Conditions.FALSE -# Enable cross-site request forgery mitigation for views. +# Enable cross-site request forgery mitigation for views. idp.csrf.enabled=true # Name of the HTTP parameter that stores the CSRF token. #idp.csrf.token.parameter = csrf_token # HSTS/CSP response headers -#idp.hsts = max-age=0 +#idp.hsts = max-age=31536000 # X-Frame-Options value, set to DENY or SAMEORIGIN to block framing #idp.frameoptions = DENY # Content-Security-Policy value, set to match X-Frame-Options default #idp.csp = frame-ancestors 'none'; +# Set to false to disable filter that forcibly applies UTF-8 encoding +#idp.encoding.forceUTF8 = true + +# Enable and control MDC filter +#idp.logging.MDC.enabled = true +#idp.logging.MDC.createSession = true + # Set the location of user-supplied web flow definitions #idp.webflows = %{idp.home}/flows # Set the location of Velocity view templates #idp.views = %{idp.home}/views +# Do we fail on velocity "syntax errors" +#idp.velocity.runtime.strictmode=false + # Settings for internal AES encryption key #idp.sealer.keyStrategy = shibboleth.DataSealerKeyStrategy #idp.sealer.storeType = JCEKS @@ -53,9 +72,9 @@ idp.csrf.enabled=true idp.sealer.storeResource=%{idp.home}/credentials/sealer.jks idp.sealer.versionResource=%{idp.home}/credentials/sealer.kver -# Settings for public/private signing and encryption key(s) -# During decryption key rollover, point the ".2" properties at a second -# keypair, uncomment in credentials.xml, then publish it in your metadata. +# Settings for public/private signing and encryption key(s): +# During decryption key rollover, point the ".2" properties at a second +# keypair, uncomment in credentials.xml, then publish it in your metadata. idp.signing.key=%{idp.home}/credentials/idp-signing.key idp.signing.cert=%{idp.home}/credentials/idp-signing.crt idp.encryption.key=%{idp.home}/credentials/idp-encryption.key @@ -72,6 +91,10 @@ idp.encryption.cert=%{idp.home}/credentials/idp-encryption.crt # The new install default for encryption is now AES-GCM. idp.encryption.config=shibboleth.EncryptionConfiguration.GCM +# Sets the default strategy for key agreement key wrap usage for credentials from metadata, +# if not otherwise configured on the security configuration +#idp.encryption.keyagreement.metadata.defaultUseKeyWrap = Default + # Configures trust evaluation of keys used by services at runtime # Internal default is Chaining, overriden for new installs idp.trust.signatures=shibboleth.ExplicitKeySignatureTrustEngine @@ -88,6 +111,8 @@ idp.encryption.optional = true # Configuration of client- and server-side storage plugins #idp.storage.cleanupInterval = PT10M idp.storage.htmlLocalStorage=true +#idp.storage.clientSessionStorageName = shib_idp_session_ss +#idp.storage.clientPersistentStorageName = shib_idp_persistent_ss # Set to true to expose more detailed errors in responses to SPs #idp.errors.detailed = false @@ -103,9 +128,14 @@ idp.storage.htmlLocalStorage=true # Set to false to disable the IdP session layer #idp.session.enabled = true +# Set to true to rely on persistent cookies for session management +#idp.session.persistent = false + # Set to "shibboleth.StorageService" for server-side storage of user sessions #idp.session.StorageService = shibboleth.ClientSessionStorageService +# Name of cookie used for session +#idp.session.cookieName = __Host-shib_idp_session # Size of session IDs #idp.session.idSize = 32 # Bind sessions to IP addresses @@ -123,28 +153,13 @@ idp.session.secondaryServiceIndex=true # Length of time to track SP sessions #idp.session.defaultSPlifetime = PT2H -# Regular expression matching login flows to enable, e.g. IPAddress|Password -idp.authn.flows=Password - -# Default lifetime and timeout of various authentication methods -#idp.authn.defaultLifetime = PT60M -#idp.authn.defaultTimeout = PT30M - -# Whether to populate relying party user interface information for display -# during authentication, consent, terms-of-use. -#idp.authn.rpui = true - -# Whether to prioritize "active" results when an SP requests more than -# one possible matching login method (V2 behavior was to favor them) -#idp.authn.favorSSO = false - -# Whether to fail requests when a user identity after authentication -# doesn't match the identity in a pre-existing session. -#idp.authn.identitySwitchIsError = false - # Set to "shibboleth.StorageService" or custom bean for alternate storage of consent #idp.consent.StorageService = shibboleth.ClientPersistentStorageService +# Default consent auditing formats +#idp.consent.terms-of-use.auditFormat = %T|%SP|%e|%u|%CCI|%CCV|%CCA +#idp.consent.attribute-release.auditFormat = %T|%SP|%e|%u|%CCI|%CCV|%CCA + # Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute # to key user consent storage records (and set the attribute name) #idp.consent.attribute-release.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey @@ -156,7 +171,7 @@ idp.authn.flows=Password # Defaults to text displayed to the user. #idp.consent.terms-of-use.consentValueMessageCodeSuffix = .text -# Flags controlling how built-in attribute consent feature operates +# Flags controlling how built-in attribute consent feature operates #idp.consent.allowDoNotRemember = true #idp.consent.allowGlobal = true #idp.consent.allowPerAttribute = false @@ -169,7 +184,18 @@ idp.authn.flows=Password #idp.consent.expandedMaxStoredRecords = 0 # Time in milliseconds to expire consent storage records. -#idp.consent.storageRecordLifetime = P1Y +# Leave commented out for the default of infinite +#idp.consent.storageRecordLifetime = + +# Path to use with External interceptor flow +#idp.intercept.External.externalPath = contextRelative:intercept.jsp + +# Policies to use with Impersonate interceptor flow +#idp.impersonate.generalPolicy = GeneralImpersonationPolicy +#idp.impersonate.specificPolicy = SpecificImpersonationPolicy + +# Picks outbound bindings more sensibly than based on metadata order +idp.bindings.inMetadataOrder=false # Whether to lookup metadata, etc. for every SP involved in a logout # for use by user interface logic; adds overhead so off by default. @@ -178,11 +204,18 @@ idp.authn.flows=Password # Whether to require logout requests/responses be signed/authenticated. #idp.logout.authenticated = true +# Whether to handle logout lacking response endpoonts as asynchronous. +#idp.logout.assumeAsync = false + +# Whether to hide logout propagation status reporting. +#idp.logout.propagationHidden = false + # Bean to determine whether user should be allowed to cancel logout #idp.logout.promptUser=shibboleth.Conditions.FALSE # Message freshness and replay cache tuning #idp.policy.messageLifetime = PT3M +#idp.policy.assertionLifetime = PT3M #idp.policy.clockSkew = PT3M # Set to custom bean for alternate storage of replay cache @@ -202,11 +235,10 @@ idp.authn.flows=Password # browser-supported languages, defaults to an empty list. idp.ui.fallbackLanguages=en,fr,de -# Storage service used by CAS protocol +# Storage service used by CAS protocol for chained proxy-granting tickets +# and when using server-managed "simple" TicketService. # Defaults to shibboleth.StorageService (in-memory) # MUST be server-side storage (e.g. in-memory, memcached, database) -# NOTE that idp.session.StorageService requires server-side storage -# when CAS protocol is enabled #idp.cas.StorageService=shibboleth.StorageService # CAS service registry implementation class @@ -216,11 +248,12 @@ idp.ui.fallbackLanguages=en,fr,de #idp.cas.relyingPartyIdFromMetadata=false # F-TICKS auditing - set a salt to include hashed username -#idp.fticks.federation=MyFederation -#idp.fticks.algorithm=SHA-256 -#idp.fticks.salt=somethingsecret -#idp.fticks.loghost=localhost -#idp.fticks.logport=514 +#idp.fticks.federation = MyFederation +#idp.fticks.condition = MyFTICKSCondition +#idp.fticks.algorithm = SHA-256 +#idp.fticks.salt = somethingsecret +#idp.fticks.loghost = localhost +#idp.fticks.logport = 514 # Set false if you want SAML bindings "spelled out" in audit log idp.audit.shortenBindings=true diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/intercept/intercept-events-flow.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/intercept/intercept-events-flow.xml new file mode 100644 index 0000000..6214e80 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/intercept/intercept-events-flow.xml @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/ldap.properties b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/ldap.properties new file mode 100644 index 0000000..f0bfc65 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/ldap.properties @@ -0,0 +1,70 @@ +# LDAP authentication (and possibly attribute resolver) configuration +# Note, this doesn't apply to the use of JAAS authentication via LDAP + +## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator +idp.authn.LDAP.authenticator = bindSearchAuthenticator + +## Connection properties ## +idp.authn.LDAP.ldapURL = ldaps://directory +idp.authn.LDAP.useStartTLS = false +# Time to wait for startTLS responses +#idp.authn.LDAP.startTLSTimeout = PT3S +# Time to wait for connections to open +#idp.authn.LDAP.connectTimeout = PT3S +# Time to wait for operation responses (e.g. search, bind) +#idp.authn.LDAP.responseTimeout = PT3S +# Connection strategy to use when multiple URLs are supplied, either ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM +#idp.authn.LDAP.connectionStrategy = ACTIVE_PASSIVE + +## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust +idp.authn.LDAP.sslConfig = certificateTrust +## If using certificateTrust above, set to the trusted certificate's path +idp.authn.LDAP.trustCertificates = %{idp.home}/credentials/ldap-server.crt +## If using keyStoreTrust above, set to the truststore path +idp.authn.LDAP.trustStore = %{idp.home}/credentials/ldap-server.truststore + +## Return attributes during authentication +idp.authn.LDAP.returnAttributes = passwordExpirationTime,loginGraceRemaining + +## DN resolution properties ## + +# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator +# for AD: CN=Users,DC=example,DC=org +idp.authn.LDAP.baseDN = dc=unicon,dc=local +idp.authn.LDAP.subtreeSearch = true +idp.authn.LDAP.userFilter = (uid={user}) +# bind search configuration +# for AD: idp.authn.LDAP.bindDN=adminuser@domain.com +idp.authn.LDAP.bindDN = cn=admin,dc=unicon,dc=local + +# Format DN resolution, used by directAuthenticator, adAuthenticator +# for AD use idp.authn.LDAP.dnFormat=%s@domain.com +idp.authn.LDAP.dnFormat = uid=%s,dc=unicon,dc=local + +# pool passivator, either none, bind or anonymousBind +#idp.authn.LDAP.bindPoolPassivator = none + +# LDAP attribute configuration, see attribute-resolver.xml +# Note, this likely won't apply to the use of legacy V2 resolver configurations +idp.attribute.resolver.LDAP.ldapURL = %{idp.authn.LDAP.ldapURL} +idp.attribute.resolver.LDAP.connectTimeout = %{idp.authn.LDAP.connectTimeout:PT3S} +idp.attribute.resolver.LDAP.responseTimeout = %{idp.authn.LDAP.responseTimeout:PT3S} +idp.attribute.resolver.LDAP.connectionStrategy = %{idp.authn.LDAP.connectionStrategy:ACTIVE_PASSIVE} +idp.attribute.resolver.LDAP.baseDN = %{idp.authn.LDAP.baseDN:undefined} +idp.attribute.resolver.LDAP.bindDN = %{idp.authn.LDAP.bindDN:undefined} +idp.attribute.resolver.LDAP.useStartTLS = %{idp.authn.LDAP.useStartTLS:true} +idp.attribute.resolver.LDAP.startTLSTimeout = %{idp.authn.LDAP.startTLSTimeout:PT3S} +idp.attribute.resolver.LDAP.trustCertificates = %{idp.authn.LDAP.trustCertificates:undefined} +idp.attribute.resolver.LDAP.searchFilter = (uid=$resolutionContext.principal) + +# LDAP pool configuration, used for both authn and DN resolution +#idp.pool.LDAP.minSize = 3 +#idp.pool.LDAP.maxSize = 10 +#idp.pool.LDAP.validateOnCheckout = false +#idp.pool.LDAP.validatePeriodically = true +#idp.pool.LDAP.validatePeriod = PT5M +#idp.pool.LDAP.validateDN = +#idp.pool.LDAP.validateFilter = (objectClass=*) +#idp.pool.LDAP.prunePeriod = PT5M +#idp.pool.LDAP.idleTime = PT10M +#idp.pool.LDAP.blockWaitTime = PT3S diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/logback.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/logback.xml new file mode 100644 index 0000000..ffff922 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/logback.xml @@ -0,0 +1,226 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + %-4relative [%thread] %-5level %logger{35} -%kvp- %msg %n + + + + + + ${idp.logfiles}/idp-process.log + + + ${idp.logfiles}/idp-process-%d{yyyy-MM-dd}.log.gz + ${idp.loghistory} + + + + UTF-8 + %date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short} + + + + + + + VelocityStatusMatcher + ResourceManager\s*: unable to find resource 'status\.vm' in any resource loader\. + + VelocityStatusMatcher.matches(formattedMessage) + + DENY + + + + + + 0 + + + + + + WARN + + + ${idp.logfiles}/idp-warn.log + + + ${idp.logfiles}/idp-warn-%d{yyyy-MM-dd}.log.gz + ${idp.loghistory} + + + + UTF-8 + %date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full} + + + + + + + VelocityStatusMatcher + ResourceManager\s*: unable to find resource 'status\.vm' in any resource loader\. + + VelocityStatusMatcher.matches(formattedMessage) + + DENY + + + + + + ${idp.logfiles}/idp-audit.log + + + ${idp.logfiles}/idp-audit-%d{yyyy-MM-dd}.log.gz + ${idp.loghistory} + + + + UTF-8 + %msg%n + + + + + + ${idp.logfiles}/idp-consent-audit.log + + + ${idp.logfiles}/idp-consent-audit-%d{yyyy-MM-dd}.log.gz + ${idp.loghistory} + + + + UTF-8 + %msg%n + + + + + + ${idp.fticks.loghost:-localhost} + ${idp.fticks.logport:-514} + AUTH + [%thread] %logger %msg + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/config/shib-idp/conf/metadata-providers.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/metadata-providers.xml similarity index 100% rename from src/test/docker/shibboleth-idp/config/shib-idp/conf/metadata-providers.xml rename to src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/metadata-providers.xml diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/oidc-clientinfo-resolvers.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/oidc-clientinfo-resolvers.xml new file mode 100644 index 0000000..cc8aa14 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/oidc-clientinfo-resolvers.xml @@ -0,0 +1,35 @@ + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/oidc-credentials.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/oidc-credentials.xml new file mode 100644 index 0000000..b08896c --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/oidc-credentials.xml @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/oidc-unregistered-client-policy.json b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/oidc-unregistered-client-policy.json new file mode 100644 index 0000000..9e04402 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/oidc-unregistered-client-policy.json @@ -0,0 +1,14 @@ +{ + "client_id": { + "one_of": ["policyAcceptedClientID1", "policyAcceptedClientID2"] + }, + "scope": { + "value": "openid" + }, + "redirect_uri": { + "regexp": "^https:\/\/(?:([^.]+).)?example.org\/(.*)" + }, + "response_type": { + "one_of": ["code"] + } +} diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/oidc.properties b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/oidc.properties new file mode 100644 index 0000000..2bbb40a --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/oidc.properties @@ -0,0 +1,181 @@ +# Set the Open ID Connect Issuer value +idp.oidc.issuer = https://idp.unicon.local + +#Dynamic registration properties +# The validity of registration before a new one is required. +#idp.oidc.dynreg.defaultRegistrationValidity = PT24H +# The validity of client secret registered +#idp.oidc.dynreg.defaultSecretExpiration = P12M +# The default scopes accepted in dynamic registration +#idp.oidc.dynreg.defaultScope = openid profile email address phone offline_access +# The default subject type if not set by client in request. Maybe set to pairwise or public. +#idp.oidc.dynreg.defaultSubjectType = public +# The acceptable client authentication methods when using dynamic registration +#idp.oidc.dynreg.tokenEndpointAuthMethods = client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt +# Regardless of what signing algorithms are configured, allow none for request object signing +#idp.oidc.dynreg.allowNoneForRequestSigning = true +# Bean to determine whether dynamic registration should validate the remote JWK set if it's defined in the request +#idp.oidc.dynreg.validateRemoteJwks = shibboleth.Conditions.TRUE +# Full path to the file containing default metadata policy used for dynamic client registration +#idp.oidc.dynreg.defaultMetadataPolicyFile = +# Bean to determine the default metadata policy used for dynamic client registration +#idp.oidc.dynreg.defaultMetadataPolicy = shibboleth.oidc.dynreg.DefaultMetadataPolicy + +# Storage for storing remote jwk sets. +#idp.oidc.jwk.StorageService = shibboleth.StorageService + +#Authorization/Token endpoint properties +# The acceptable client authentication methods +#idp.oidc.tokenEndpointAuthMethods = client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt + +# Set to true to enforce use of request objects +#idp.oidc.requestobject.used = false + +# Set to false to allow unsigned request objects +#idp.oidc.requestobject.signed = true + +# Set to true to enforce encryption of request objects +#idp.oidc.requestobject.encrypted = false + +# Default lifetime of OIDC tokens (issued to the client or against the OP itself) +#idp.oidc.authorizeCode.defaultLifetime = PT5M +#idp.oidc.accessToken.defaultLifetime = PT10M +#idp.oidc.refreshToken.defaultTimeout = PT2H +#idp.oidc.refreshToken.defaultChainLifetime = PT2H + +#idp.oidc.idToken.defaultLifetime = PT1H + +# Lifetime of entries in revocation cache for authorize code +#idp.oidc.revocationCache.authorizeCode.lifetime = PT6H +# Storage for revocation cache. Requires server-side storage +#idp.oidc.revocationCache.StorageService = shibboleth.StorageService + +# Signing keys for id tokens / userinfo response +idp.signing.oidc.rs.key = %{idp.home}/credentials/idp-signing-rs.jwk +idp.signing.oidc.es.key = %{idp.home}/credentials/idp-signing-es.jwk +# Request object decryption key +idp.signing.oidc.rsa.enc.key = %{idp.home}/credentials/idp-encryption-rsa.jwk + +# Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides +#idp.oidc.encryptionOptional = true + +#PKCE/AppAuth related properties +#idp.oidc.forcePKCE = false +#idp.oidc.allowPKCEPlain = false + +# Store user consent to authorization code & access/refresh tokens instead of exploiting consent storage +#idp.oidc.encodeConsentInTokens = false + +# The location for the policy JSON file for unregistered clients (when no client metadata is registered +# and shibboleth.UnverifiedRelyingParty is enabled +# Related to OIDC.SSO, OAUTH2.Token, OIDC.UserInfo, OAUTH2.Introspection, OAUTH2.Revocation configurations +#idp.oidc.DefaultUnregisteredClientPolicyFile = %{idp.home}/conf/oidc-unregistered-client-policy.json + +# shibboleth.ClientInformationResolverService properties +#idp.service.clientinfo.failFast = false +#idp.service.clientinfo.checkInterval = PT0S +#idp.service.clientinfo.resources = shibboleth.ClientInformationResolverResources + +# Special claim handling rules +# "Encoded" attributes are encrypted and embedded into the access token +#idp.oidc.encodedAttributes = +# "Always included" attributes are forced into ID tokens for all response_types +#idp.oidc.alwaysIncludedAttributes = +# "Denied" attributes are omitted from the UserInfo token +#idp.oidc.deniedUserInfoAttributes = + +# The source attribute used in generating the sub claim +idp.oidc.subject.sourceAttribute = uid + +# The digest algorithm used in generating the sub claim +#idp.oidc.subject.algorithm = SHA + +# The salt used in generating the subject +# Do *NOT* share the salt with other people, it's like divulging your private key. +# It is suggested you move this property into credentials/secrets.properties +idp.oidc.subject.salt = this_too_should_be_ch4ng3d + +# Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution +#idp.oidc.metadata.saml = shibboleth.Conditions.TRUE + +# Upgrade interval to the remote JWKs +#idp.oidc.jwksuri.fetchInterval = PT30M + +# Bounds on the next file refresh of the OP configuration resource +#idp.oidc.config.minRefreshDelay = PT5M +#idp.oidc.config.maxRefreshDelay = PT4H + +# Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is. +#idp.oidc.LoginHintLookupStrategy = DefaultRequestLoginHintLookupFunction + +# Bean used for generating session identifiers, stored as sid claim in the id_token and claims sets. +#idp.oidc.SessionIdentifierGenerationStrategy = shibboleth.DefaultIdentifierGenerationStrategy + +# Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession, as SLO is not yet supported. +#idp.oidc.SPSessionCreationStrategy = DefaultSPSessionCreationStrategy + +# Set to true to hide protocol-scheme, IP-address and port for endpointURI in PROTOCOL_MESSAGE.OAUTH2 logging. Defaults to false. +#idp.oidc.logging.removeIpAddressFromProtocolMessage = true + +# Settings for issue-registration-access-token flow +#idp.oidc.admin.registration.logging = IssueRegistrationAccessToken +#idp.oidc.admin.registration.nonBrowserSupported = true +#idp.oidc.admin.registration.authenticated = false +#idp.oidc.admin.registration.resolveAttributes = false +#idp.oidc.admin.registration.lookup.policy = shibboleth.oidc.admin.DefaultMetadataPolicyLookupStrategy +#idp.oidc.admin.registration.defaultTokenLifetime = P1D +#idp.oidc.admin.registration.accessPolicy = AccessByIPAddress +#idp.oidc.admin.registration.policyLocationPolicy = AccessByAdmin +#idp.oidc.admin.registration.policyIdPolicy = AccessByAdmin +#idp.oidc.admin.registration.clientIdPolicy = AccessByAdmin + +# Settings for the configuration flow +# Flow is available at /oidc/configuration, usually it should be wired from /.well-known/openid-configuration +#idp.oidc.discovery.template = %{idp.home}/static/openid-configuration.json +#idp.oidc.discovery.resolver = shibboleth.oidc.DefaultOpenIdConfigurationResolver +#idp.oidc.discovery.resolver.values = shibboleth.oidc.discovery.DefaultDynamicValueResolvers + +# +# OAuth2 Settings - these typically involve generic OAuth 2.0 use cases +# +# Defaults to always requiring OIDC authentication request as inbound message in the authorization endpoint. +# Set to 'shibboleth.Conditions.FALSE' to always allow plain OAuth2 authorization requests +#idp.oauth2.requireAuthenticationRequestPredicate = +# Default predicate exploits the configuration property above to control whether or not to require OIDC authentication request. +#idp.oauth2.authorizationRequestTypeValidationStrategy = + +# Supported grant_type values for token requests +#idp.oauth2.grantTypes = authorization_code,refresh_token + +# Default handling of generic OAuth tokens (for use against arbitrary resource servers) +#idp.oauth2.accessToken.defaultLifetime = PT10M +# Set to JWT if desired as a default. +#idp.oauth2.accessToken.type = + +# Set false to preclude issuing unencrypted JWT access tokens without specific overrides +#idp.oauth2.encryptionOptional = true + +# Default scope/audience values if you allow unverified clients without metadata. +#idp.oauth2.defaultAllowedScope = +#idp.oauth2.defaultAllowedAudience = + +# Regular expression matching OAuth login flows to enable. +# For most deployments, the default is sufficient to accomodate a variety of methods +#idp.oauth2.authn.flows = OAuth2Client + +# Set true to enforce refresh token rotation (defaults to false) +#idp.oauth2.enforceRefreshTokenRotation = true + +# Set to false to disable id_token issuance via refresh_tokens (defaults to true) +#idp.oidc.issueIdTokenViaRefreshToken = false + +# Revocation method: set to TOKEN to revoke single tokens (defaults to full chain (value = CHAIN)) +#idp.oauth2.revocationMethod = TOKEN + +# Bean used to validate audience claim in the JWT authentication. +#idp.oauth2.jwtAuth.audienceValidator = DefaultAuthenticationAudienceClaimsValidator +# The default pattern also accepts token endpoint URL as the audience in introspection and revocation endpoints. +#idp.oauth2.jwtAuth.audienceValidator.endpointTargets = /profile/oauth2/introspection,/profile/oauth2/revocation + +# Bean to determine whether refresh token is issuance is activated +#idp.oauth2.refreshToken.activation = DefaultRefreshTokenActivationCondition \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/config/shib-idp/conf/relying-party.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/relying-party.xml similarity index 78% rename from src/test/docker/shibboleth-idp/config/shib-idp/conf/relying-party.xml rename to src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/relying-party.xml index 5127515..d3de2bf 100644 --- a/src/test/docker/shibboleth-idp/config/shib-idp/conf/relying-party.xml +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/relying-party.xml @@ -8,46 +8,53 @@ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" - + default-init-method="initialize" default-destroy-method="destroy"> - + + - + - + + + + @@ -58,13 +65,13 @@ - + - + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/saml-nameid.properties b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/saml-nameid.properties new file mode 100644 index 0000000..08b66c5 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/saml-nameid.properties @@ -0,0 +1,31 @@ +# Properties involving SAML NameIdentifier/NameID generation/consumption + +# For the most part these settings only deal with "transient" and "persistent" +# identifiers. See saml-nameid.xml and c14n/subject-c14n.xml for advanced +# settings + +# Default NameID Formats to use when nothing else is called for. +# Don't change these just to change the Format used for a single SP! +#idp.nameid.saml2.default = urn:oasis:names:tc:SAML:2.0:nameid-format:transient +#idp.nameid.saml1.default = urn:mace:shibboleth:1.0:nameIdentifier + +# Set to shibboleth.StoredTransientIdGenerator for server-side transient ID storage +#idp.transientId.generator = shibboleth.CryptoTransientIdGenerator + +# Persistent IDs can be computed on the fly with a hash, or managed in a database + +# For computed IDs, set a source attribute, and a secret salt in secrets.properties +#idp.persistentId.sourceAttribute = changethistosomethingreal +#idp.persistentId.useUnfilteredAttributes = true +#idp.persistentId.algorithm = SHA +# BASE64 will match V2 values, we recommend BASE32 encoding for new installs. +idp.persistentId.encoding = BASE32 + +# To use a database, use shibboleth.StoredPersistentIdGenerator +#idp.persistentId.generator = shibboleth.ComputedPersistentIdGenerator +# For basic use, set this to a JDBC DataSource bean name: +#idp.persistentId.dataSource = PersistentIdDataSource +# Controls which JDBC error codes are treated as retryable +#idp.persistentId.retryableErrors = 23000,23505 +# Set to an empty property to skip hash-based generation of first stored ID +#idp.persistentId.computed = shibboleth.ComputedPersistentIdGenerator diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/saml-nameid.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/saml-nameid.xml new file mode 100644 index 0000000..7d82cf5 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/saml-nameid.xml @@ -0,0 +1,64 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/services.properties b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/services.properties new file mode 100644 index 0000000..6e507a2 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/services.properties @@ -0,0 +1,72 @@ +# Configure the resources to load for various services, +# and the settings for failure handling and auto-reload. + +# failFast=true prevents IdP startup if a configuration is bad +# checkInterval = PT0S means never reload (this is the default) + +# Global default for fail-fast behavior of most subsystems +# with individual override possible below. +#idp.service.failFast = false + +#idp.service.logging.resource = %{idp.home}/conf/logback.xml +#idp.service.logging.failFast = true +idp.service.logging.checkInterval = PT5M + +#idp.service.relyingparty.resources = shibboleth.RelyingPartyResolverResources +#idp.service.relyingparty.failFast = false +idp.service.relyingparty.checkInterval = PT15M +# See MetadataDrivenConfiguration wiki topic for details +idp.service.relyingparty.ignoreUnmappedEntityAttributes=true + +#idp.service.metadata.resources = shibboleth.MetadataResolverResources +#idp.service.metadata.failFast = false +#idp.service.metadata.checkInterval = PT0S +# Set to false if not using ByReference MetadataFilters for a small perf gain +#idp.service.metadata.enableByReferenceFilters = true + +#idp.service.attribute.registry.resources = shibboleth.AttributeRegistryResources +#idp.service.attribute.registry.failFast = false +idp.service.attribute.registry.checkInterval = PT15M +# Default control of whether to encode XML attribute data with xsi:type +idp.service.attribute.registry.encodeType = false + +#idp.service.attribute.resolver.resources = shibboleth.AttributeResolverResources +#idp.service.attribute.resolver.failFast = false +idp.service.attribute.resolver.checkInterval = PT15M +#idp.service.attribute.resolver.maskFailures = true +#idp.service.attribute.resolver.stripNulls = false + +#idp.service.attribute.filter.resources = shibboleth.AttributeFilterResources +# NOTE: Failing the filter fast leaves no filters enabled. +#idp.service.attribute.filter.failFast = false +idp.service.attribute.filter.checkInterval = PT15M +#idp.service.attribute.filter.maskFailures = true + +#idp.service.nameidGeneration.resources = shibboleth.NameIdentifierGenerationResources +#idp.service.nameidGeneration.failFast = false +idp.service.nameidGeneration.checkInterval = PT15M + +#idp.service.access.resources = shibboleth.AccessControlResources +#idp.service.access.failFast = true +idp.service.access.checkInterval = PT5M + +#idp.service.cas.registry.resources = shibboleth.CASServiceRegistryResources +#idp.service.cas.registry.failFast = false +idp.service.cas.registry.checkInterval = PT15M + +#idp.service.managedBean.resources = shibboleth.ManagedBeanResources +#idp.service.managedBean.failFast = false +idp.service.managedBean.checkInterval = PT15M + +#idp.message.resources = shibboleth.MessageSourceResources +#idp.message.cacheSeconds = 300 + +# These settings impact the behavior of the internal HTTP Client used by default +# with some internal components, but notably *not* for metadata acquisition. +#idp.httpclient.useSecurityEnhancedTLSSocketFactory = false +#idp.httpclient.connectionDisregardTLSCertificate = false +#idp.httpclient.connectionRequestTimeout = PT1M +#idp.httpclient.connectionTimeout = PT1M +#idp.httpclient.socketTimeout = PT1M +#idp.httpclient.maxConnectionsTotal = 100 +#idp.httpclient.maxConnectionsPerRoute = 100 diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/services.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/services.xml new file mode 100644 index 0000000..24e2b1e --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/services.xml @@ -0,0 +1,58 @@ + + + + + + %{idp.home}/conf/relying-party.xml + %{idp.home}/conf/credentials.xml + + + + %{idp.home}/conf/metadata-providers.xml + + + + %{idp.home}/conf/attribute-resolver.xml + + + + + %{idp.home}/conf/attribute-registry.xml + %{idp.home}/conf/attributes/default-rules.xml + %{idp.home}/conf/attribute-resolver.xml + + + + %{idp.home}/conf/attribute-filter.xml + + + + %{idp.home}/conf/saml-nameid.xml + + + + %{idp.home}/conf/access-control.xml + + + + + %{idp.home}/messages/messages + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-backchannel.crt b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-backchannel.crt new file mode 100644 index 0000000..19044c9 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-backchannel.crt @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIELDCCApSgAwIBAgIVAKMEwvKmJlWLzwBBxhMJZ/zi+0nbMA0GCSqGSIb3DQEB +CwUAMBsxGTAXBgNVBAMMEGlkcC51bmljb24ubG9jYWwwHhcNMjMxMTA2MTc0ODM0 +WhcNNDMxMTA2MTc0ODM0WjAbMRkwFwYDVQQDDBBpZHAudW5pY29uLmxvY2FsMIIB +ojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAps8AP8KgLOtdERP1lLztwBT7 +tnmeBrQnWoX/MHs1K79HyzOpUw6j4Bm5MmJcTJxeK9kJiuLzHJ4G5kkMbmpMwhJj +H21fBqibwraVMH+cBbD18QEqErE8mlJ+uN9AHYHaFV5O4ppaiesYSQnqvFjSILad +5yJ3xNJwYfoeIc/E0alFuDVBvVhNqk32za6JJMiWLK08AJgUcGOtRU9q/Y7h2q73 +eygCtjDvFnCpPE/mGx5SwKu9N2+kotp0xkIiDliZ9wZFL6kTNkiQ94GJz6P+5j1v +c3c3Sfth8+/f+S/idByzxTiX6gOf5b3nDT5mFgoLcOrilLfPEg/sDiv0jKjasNYR +MlHe5a9xBe+gI3Y3M+0vppWfvJwh2l2fhoZqJC8zyTQz7TlEsC0hsOv70wgRAWmz +OI4zDV4vL4/LrI2vPMt7uZFuC3DV0+XeUr5FZvFZKrsXCMB4cBkMEPCOYe31JT5y +UxGtJEQOvl1ObKru4FNhrjcxXxCQMnA0oYnwUcHJAgMBAAGjZzBlMB0GA1UdDgQW +BBS5vNUOpOMY7meBwaqoTN0wIq6myTBEBgNVHREEPTA7ghBpZHAudW5pY29uLmxv +Y2FshidodHRwczovL2lkcC51bmljb24ubG9jYWwvaWRwL3NoaWJib2xldGgwDQYJ +KoZIhvcNAQELBQADggGBADgeksdk7No8yusABD8DBxVOytOUg8ZHjjohbfUVJAet +Y4HzX5/zJoU9EPeOOWHE6Zp1XkCk+ArYEJI53pj2+4S7fC6aw3n89wV2D0VLW/tb +/MCAoc1Is/ALFw7PArHtozz2cWcd5B6DBJVBFvThQf/L39+vCTXt9+AgjpIt24BT +zn8G5Nc3BHijW8pXfYreNHJYf6WuNZaay0374X14MwupMMPtCzliWlVORkjghZZB +yNGf7S/GZ+AsCbv7PJEWvHekUfGccOGYBW3I9mU/ZAOiWZALQhqXO9nLCtuA/ues +qhhg99IGrb+ZEjtdFKEnAS2XIcs0c37lfMSdiEOHa+Z0DlLK29OaikeSnLuRFP67 +xCeWT75C4XFYoFlpryC1bR694xDwuc865Z0uvMjtJ83AAenbg1bf9FX82CWYXDns +jk7lubigoNxmFbllzDszYADlQt3v38rPucvbmWoayb88+Z614mNvIWTeWhAUEii4 +5hDBkVJuN/XCFdW+4Fq8nA== +-----END CERTIFICATE----- diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-backchannel.p12 b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-backchannel.p12 new file mode 100644 index 0000000..b639a42 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-backchannel.p12 differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-encryption-rsa.jwk b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-encryption-rsa.jwk new file mode 100644 index 0000000..1c9c7bc --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-encryption-rsa.jwk @@ -0,0 +1,13 @@ +{ + "p": "753E_KQTGxFLmi5sC_SBaBbCDSxv0NS0PfE-D_Bt0VlI0TsDGMKUG86zorZ9SUZvPSkhHAD-s1dVEess0vlvWpnnuoHhoOmgxnt-bXFDJnY73jbKzuhsse01dayxBTGyvIw0bmB3r9m8vOSIsnqw574QzUxib6IOVKJPTO5ZYIk", + "kty": "RSA", + "q": "09spyNixYMB5XEYVcQR_8hE46pirVX18Srg3EjSalClI0hO-OH8_wPhiCKvWEQYq_RIU-XrtgWGA4H5LdFHjO6W4OiqZTMc1n4VJPMf7eUG2q4Z3I7BOaUFOfYql7adnrSUSiSfPRnUNhuBKuYZR2bVXPIFZTmWQrxEydbOdIcU", + "d": "BA6HYzQ7OMBfgXsG6CPVOFiPAj7OG7kXa4W2ZaDDVAsHpZcm2BVhZLsUrkKqZ1PGnjhza1zfJ76m3-xNKEs09ZEtzYiVyjyWkAzBhxODGnFXcR-D_nG44y4tiYpwQNh3EInWmXOW3eO2QxUjhi20lKtQscEgZpIq6Un3va9xUMNoNtVjz_5nYhnD9quwGHzuaQX61pJ9k4BO-fXl426OcYvnog5z_yKV-H-qKPZc849Wr0o14ghfFIFDQNzDl5xt-qAZChgENdVsFf1TWyyu5NsceswvKBBeP5FLncVUKjOKzbgyWYfygJyy6jk7TYMg7khouYjoNhLRM8n-gEt7mQ", + "e": "AQAB", + "use": "enc", + "kid": "defaultRSAEnc", + "qi": "TEWxxitP_JUOWJzrSD-r90ZmzqJm5cWETK1ecHCLFhpUsCIm36Ns8DbOQMTFzpYY20wgBLscZI0ZYx4Bx0PqlbJRXasKb4mj5JxQgCKpx541BAw4oDDbzbNJgagaS8JIxrjn7atLTcYH7DFWallJ94Kfu7pisTRlaWVziAwq8TQ", + "dp": "OCUDjx7yyxjWWh4eev6jg7wxY9zRpmDwisMIA7wWP0NoaH4nT5noEkvwk2OnH5A9aFtGwsUI6QTBjh1It3ZyvQvq3CyqrYWQgnFVQleToGN7y6mTA8A6F8a5DAWWxNzMQJmpf2NjJ_Ug4DG8RfWxldtXHIOVXQrfyLzvT9tZXeE", + "dq": "KazHP3dBDWNPfFNdDGpyMNAqfhuiOKMCvEAYtUAb2GF2rbysgrildfRmdIY5CghIlJfmAF2qMvVXQNIXTb5-ENG8t9SBa5UUe1jg21ALrAK9SGifLyoTgqkSI6gOk_2Ga40LZGesYpPMIWglyvEdUNJXYtOfGcjo-UdMwdKfanE", + "n": "xkwscAH9nChWRqc9d1WPqsyoXqtvLdDFKkUzF9mc9i_2MI4kCWYZgu5GCzxqWd7coMhqgf0jrg0Br1zDcXBeFtftCtB4cqKLmhmZuIBYNGbkvKN3FwBlwFWtXZpJR2edSSiNilKkM9rLyXfhs5K80Esbpsw82ff6KwiM2I8DPNC8Z-lPUoQdNeWgF1tmMG4en2QZuBbt_iempJCNRqzRaNvaAQMbDDCVPWWDBmS2LGOqesYJT3uS-Ve9EZgPnKqUKKGobj6-4eLXf7Bjh2S6pfPX3PwOPAkFTpnxajbPoDIK2KiAbjkgIm96mdhX9EzgXagZcyiTfqDtw3zZ7z3ybQ" +} diff --git a/src/test/docker/shibboleth-idp/credentials/shib-idp/idp-encryption.crt b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-encryption.crt similarity index 100% rename from src/test/docker/shibboleth-idp/credentials/shib-idp/idp-encryption.crt rename to src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-encryption.crt diff --git a/src/test/docker/shibboleth-idp/credentials/shib-idp/idp-encryption.key b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-encryption.key similarity index 100% rename from src/test/docker/shibboleth-idp/credentials/shib-idp/idp-encryption.key rename to src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-encryption.key diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-signing-es.jwk b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-signing-es.jwk new file mode 100644 index 0000000..0b24ded --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-signing-es.jwk @@ -0,0 +1,9 @@ +{ + "kty": "EC", + "d": "DUmUBbXdZBOeN31oNyWv6m4GVVzlyCySUq3cdGGfV_4", + "use": "sig", + "crv": "P-256", + "kid": "defaultECSign", + "x": "oI7eupWZ_1HXInWYJKAmaVzVxwu0peweRwWW17FaVfQ", + "y": "CumVJjt53vqWjNs2iDIQOYL7-_cWIY8Yc9kQel_9GWw" +} diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-signing-rs.jwk b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-signing-rs.jwk new file mode 100644 index 0000000..fe432c8 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-signing-rs.jwk @@ -0,0 +1,13 @@ +{ + "p": "4-Acy7bcgdF_kMHgLSPkB2Ku5eHOm8ikFh3kjYUID7sWzAL7NWoDsL0Fnz72ij4I46Si4-wKSKEESubK-urfE6-tPiB12Vcy08oi-E_3g-0u-Mv9RQDDgRGkDnr5AEaq5c7_YbGjvPLIL17R6UiJxzQNrI6Bkp3PG24PNSNYmd0", + "kty": "RSA", + "q": "yvTcAisAtjhnrIZfjfEFZu4V7G2BccACGP3JUDFFWWbcksrA406XW3R12C99341Ph-ZLGmsMn-y_mVTNmY2sKIUNv4muCHWEMvHg_sZj9TgmPXAqp4wkZEu_I5-tioiOGUXbkTadvfCMxWUDyMkSi3IUzffe2_Hl4gant91oEIc", + "d": "FlqsqLxzc9eTvbMxBdJczf07BTrwd-d17wgnA3QejDcSDbaWZfU0toVhIKTs7Mx9YBivETKFEG8W9cMotb_RKeO7eZjgLbME-o6P1-4vxhnT4xD_IzIj-pH-i8NyCQGDslXRg6vgKY-aE6Sj20ZdI-etqGnDIEYVe2t3otGXUhvH8JKe49bAzvYFsa4xB7uNshjxwbxxKT2cj5xE2N0nXv4ZC2YlYrPW5fjSWTXfjzOSfj1mbr-1gv_ha7ewwGYzpTH3SKoh5UpbCTQ6rGVLIb6K-b3EUwtAvaDtHfFwKRrTEiEybW3-sq3YU_f7IIWH6tSgax2WW04f4TZw3PG1wQ", + "e": "AQAB", + "use": "sig", + "kid": "defaultRSASign", + "qi": "P7pq4fxk2McYCLwXxcJbRz2ZcwJiec3KlskvmVKEinBFSwhncaoNarGCuuLz5nM60J_kJyJFitzjhfDvX98WpyiVTojGskTiK1ouIB6XF0fHmdz7pQwNY3oHpCNIfDSikMC4S142q7Vz9ErO3qY0DIM97DSm0MN-XmWQ5RDQVCM", + "dp": "FXQSAfPTSr2Ifv5htp48Z52Yzbe2leAL4rEpxVES8zgv60EUmXDDrC3_i4CIAXfZqmTjmQWt6iyOlOapkXnvSpEthD3WGoIlHN9Y73vH17nKxE2gKJDr1wjsIxjcvHPqvvv_-xiYS7-nrR4GMSpNHl3-M5KvDDijOPfhoqUTQFk", + "dq": "rii8eqfILpXscSHF8Zm31wHLklzNzXzE0AlHrSb6qaMY-GZAa05Pl80yKtdmHmW2r5mxLPRbmwifycX5wCDQcNzsVUaiLuQZE1Z4imhX8l_CgMo18BzURbSySrGFS_GuboWByvShHBLF2cW7H5tb7IlyzOQ9O2Qyrmijl6XI3RU", + "n": "tKjMKrc62mG5HcRbtQQKHPBftZomeiWlSZl832-a_bxuQx0sQVsAdFKSf_sKaK8VshHSAumNb6xjJvWY55qGfm3GgMTKlUXfQrNNEFp8udeSIKYT_986EQZu4ddauKQNbCN6culOttZxv8_qck5jJ6JFCGZk1MSqGMecGuSfujuUyds9NSF4MrHuJBa8MdjZkw_drMhxDIZgsDQxuGLM750VhxRt21PhJhvYTk3MMiW2GgmAHNxIhgWxlYnSGHVOlLUnwUA_j6XyjwnlbbzxKQFuObzzZRLy3KPvT7lsamG0UKz15Pxpe8MT-EpYLWln9Wj1QV40lmoq-lgIeB7ziw" +} diff --git a/src/test/docker/shibboleth-idp/credentials/shib-idp/idp-signing.crt b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-signing.crt similarity index 100% rename from src/test/docker/shibboleth-idp/credentials/shib-idp/idp-signing.crt rename to src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-signing.crt diff --git a/src/test/docker/shibboleth-idp/credentials/shib-idp/idp-signing.key b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-signing.key similarity index 100% rename from src/test/docker/shibboleth-idp/credentials/shib-idp/idp-signing.key rename to src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/idp-signing.key diff --git a/src/test/docker/shibboleth-idp/credentials/shib-idp/inc-md-cert-mdq.pem b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/inc-md-cert-mdq.pem similarity index 100% rename from src/test/docker/shibboleth-idp/credentials/shib-idp/inc-md-cert-mdq.pem rename to src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/inc-md-cert-mdq.pem diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.idp.plugin.nashorn/truststore.asc b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.idp.plugin.nashorn/truststore.asc new file mode 100644 index 0000000..f5bc0f7 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.idp.plugin.nashorn/truststore.asc @@ -0,0 +1,32 @@ + + Rod Widdowson id 2A4B3FF0 + -----BEGIN PGP PUBLIC KEY BLOCK----- +Version: BCPG v1.76.0 + +mQINBF2CHx4BEADfUvo4sPc8a8uQjfvoHdBY0qmgwXlcAOyllBKZ5g/wYKZO1Lkp +LZh/dQFBK4AjqRnzs0dq0arK0W5WijOYjQ+s5cd1MMXmzqgXG02eAS4ooK6KsSwv +mo2FydddQKFbwLkGdS/UXcENWNnzGeJhmjmcPSLgRo2hsSh63cFltq2+8fwl1fQ9 +FzZwscOOkJGBb7/nqdHdnvL9yrRameYFo2iWF9P52cjfv5NiNklkDBUHeISuX48I +pI+kSOz2b7/aP4vKOKOpOaas0MAdcYT8AcwrCD9OhFFzfuIs/S9+rHGs/+M0vcWG +DPR+IY0L7Stgkc2Hz1gazuqHBiOBq5VnDOE9nkZ/mY/HwMJzYCtuwQSPyidY7sRk +lrD5NzXVXGtUri/vghOgRcT3PG8P6zL3UrJi+XgwNSmNHfWQR+wt2Rs9SqrHav+g +xqHHxCmcH/7HSZEAFi0ooxybOCLeKuAuu94TWi/KAF6/d9iNLekXpuodKl/ceO6d +9h8791Rjh9a2BR6+VkIxf2zSzb0IPrmGfCjq5Jhc7m3AzAYNWJs0e/FK6G3FYfIS +TYAGEUJgiWkm7zpV8eDiUo7Qjs9YTQPuuVjtdVCzt3BNm5NUKyrssDxYFs6ryFop +FDoFewGPhFTnh8wTo0PUYpVj6ZUC8YniFE+XAOq8hufgbiqMcFn+2A/qMQARAQAB +tChSb2QgV2lkZG93c29uIDxyZHdAc3RlYWRpbmdzb2Z0d2FyZS5jb20+iQJOBBMB +CAA4FiEESvTYPu3fQ9o8BssxAUg/JipLP/AFAl2CHx4CGwMFCwkIBwIGFQoJCAsC +BBYCAwECHgECF4AACgkQAUg/JipLP/Cr6hAA0RQyvAvWXnVNA+js6aNpqNO+rGyw +sm+ajSuPNCyrkELlR08qpTxaezQ3soDJ9iWYgpPV767szs0yZmbnEEq1QAJXYsq6 +0pGVtuEtTmqRYcxuZwwqfkGJhs8p2C7/U5IcbvrvlUpHD6G4CEaH/CHthOpyVtBV +7cHqt1l0+6+928UTdkZl3OPrbQloHHgHN14LPWY2MiGCDIbLx5wOrwrJ8hoiGeK3 +npfUZsrothsh/hClMWB4jf5sM/fltr/dT+Vi09JjE7/2wDTIq1R7UsAUte6sfhb/ +GLTVdQmG8jsWfMWP3rKDFBRiXHNzM/gNP2mHnXLO6UlSkV2JuJ9fgSKiBpXhtrI3 +7PTNnJdZz1Lm6rl1T9jgWdzRkl4x17bBzgU8GkTsRBS2vuRFDdsoywPJJgw7sdP3 +FTVBFfCGil9DAzKjGtbeIM2UBfx/7ltqVrHMR5pgto7aXpAt7N1X4ocTL/BSlZCk +nFXnMIpW+Vsg6NDg5bRyC3adaReL3APnMkmBSSiqu4hFwrD6MVXcLN9tQ70sW3QT +e1lOiUMeGQkVhiRWiZLeQd9jIeN1hoDGBnBYBgAeawGO5fGAJCTosXLP07C8lFLF +5SYN8pBx0acuZMVwG0NKGcYyP/3Z+3j4kWIlpN+x455nQs/n/ZBGLlkVygtlXCC5 +YXIbnFuzOi3Lofg= +=W9I3 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.idp.plugin.nashorn/truststore.asc.backup b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.idp.plugin.nashorn/truststore.asc.backup new file mode 100644 index 0000000..e69de29 diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.idp.plugin.oidc.config/truststore.asc b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.idp.plugin.oidc.config/truststore.asc new file mode 100644 index 0000000..9e09694 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.idp.plugin.oidc.config/truststore.asc @@ -0,0 +1,287 @@ + + Philip David Smart id B8A3DC52 + -----BEGIN PGP PUBLIC KEY BLOCK----- +Version: BCPG v1.76.0 + +mQINBGA3eNkBEADXiVQf1XEUSM9gB+eMAPj4zdjtd2tflJTNI5Q6sEB2ly2rbOyg +Yo49DF6wytQSRABAJvRY36hHkK77mbRN5Usf8Rq09aGUEv0nvKO+JVT/P4w3tFva +MmKWiYX775/yDE7B1vu4eb1RQCjrXaye91EpHES74VR8Kb0TVeNEQXGR5/h77Gcg +obRog+CqxT9L33Fcs4d2C+8BLo4dOaAr29rmEGWRE576NM6wGvtzHdazipM9LvtS +POGRid4HLYuWvW5WCyAfGbkOq8xreYBtB9gGSZ8iarmcYmN50/gz3Ux3sJA/xy7Y +vMAYWtA8Rp5hFb39uoaEwHWz8IlnAbA11OfrEkt65dMJwQAX4w89aag/LqI2lrgG +VEoDWCvkKOlsbJalZr/SgG+m1k/4gqfYYkM09PI7IRn0Cb8uLDdXpeBZd2SJXi9E +gdDxsrKoi0IMUYQNv8stNa/5lTK7LJkqovpdL+1aHCYRex53Ln+y8RycNbxSGl5O +CKtFGb9ydfMnbOVX4BJ1x83OOktIkbLpVeZIsaTmUEDQ9itWmXqQ/QoIgBVFRqh8 +bhaCs7y9UPF+WtnpRY7jm3/cSL6oUXax2tT5VoU3LLxTQf90ZdWrAyWEF8auBZAP +FRXAD2HkS4rIWCuKi/GSH0v6ILu9KREFfViy9fZXFpvwvbz199CPlCkgLQARAQAB +tCxQaGlsaXAgRGF2aWQgU21hcnQgPHBoaWxpcC5zbWFydEBqaXNjLmFjLnVrPokC +TQQTAQgAOBYhBLW13TMhQq1lfo2HrH0n5hC4o9xSBQJgN3jZAhsDBQsJCAcCBhUK +CQgLAgQWAgMBAh4BAheAAAoJEH0n5hC4o9xSz4EP9Arv6WSxxkBEVzGj2XRbXAOP +U0G5KFJ1sviO9ZGotBnivHH4HWcusDqoyDvjwIYp9jycgtwGw4TuF917QPTfFwhb +TYma22+wSZ6Sn+OcZr+dSjLg5Ki+6I2BZaS+m2MYcPehCl1ILbtcs83p7AZf2JU1 +IgejhJMsMg93G88ZkSOO0tOAuvBbrO+f/de5AtSIk9ense1OUz9dbjI7JK6idB0a +1yoo5FjOuyRw11qEa7nP787jcdnh6gkcfRGK9CcYOWXXcfQSRYFx0Wz6qi76bonk +fYioCGv7LOPvsRnrjyWnM0tukS2RrDSbOfEby6ma4ZsPAhxtOrwWYOYfmjpspNbh +yPHL/qw0Bb+t+X+mBayRO3MJ1R4l5lU3cjXF/oSCxinkL4TfX5bJ+SuPmPb6cOO4 +eHBHCwTad0jy9CEQAFIwtQP1+5QpcAUQPEhHlztPPHe5hP3X8M0x0ILTEDrh29E0 +C0CP0aG9xTONBK1JnmWT7NSXDzk+BLokdbDbZs909+fJddlzPq72u0ubRUOgKNki +eo5Vbg5aOsaCkC0QJOzabO7xbnlOlXlg8XkGnfO8mIZ6Q0M5oEyGSpBakYi0rfQo +zjzKwflCvRTKEl8spTkPH45Dm7LZ+o5xWSN4P2NVTh46unfCyKxuSi1Prl2tQ6OG ++ke+A9zfGa0iHsXtT8aJAjMEEwEIAB0WIQSHQCCMDpP+yA7r+RO3fFLuwhdx3QUC +YDeIGgAKCRC3fFLuwhdx3Q0JEACRK35MbZe3mD7uKWb8pXwTxHfngDDA4TgpVLXA +Oqvmh+ISYN1RVJUdAdws/PsTS9NgWCD3YbN57G0jtCT3Q0kCAtvXNPLPgmKxk0au +Y2K1xaJs9iDjXysbWLIOgKdw2hs8FrD2YvYCQfm/jTQeG4TEqVJTvxcyLKVGBwud +Hg6coVsqz0iazwXiPBE1mLlxXi9mk2wv5a3SySPYbGGF37cXEvX1ZRYG721bSaXW +EUlZDzd2s2iv0FyM7aXjGeI77x7Ri9vG+KcCFdfoBrYjo5tQ0nm/0mWQr+uakDKr +T4JUmFnzDCzIZcMqeSRcGRgJ8aCN55TctKcjWUMwXSI4PIUu9XjeHgTmIZVFZzSo +OZGSxiPUuZ8HSjwb1g5RtOejLX0Sd5FCuzDUtNQmS1BIe3ZpW0D3iWtVGr6FWETc ++Ks2Dwa8T2ZbaOFfsJauqm8l1zJYcV8d45V1ASLnyqaMJdYlctlu+6rwgCgIx9LV +pKhnvVWEdxEVmyt5UMSZwXfNF3LXW6PFrE9GSSUWcpGwF/X3XuGLpNc8a/lF6RHA +pbRuy5RN1v10feOqfpd8sFbvxQLuN3Xfo+HFjtjqF74BxASJm+2UePPeanIifRvQ +Hd8NCGycYaNkdlkBQH3BLaTAD6pf25Hd2Iah3iRvY4gCPE0MoUhUERgXlfwd1L0H +LpLd+YkCMwQSAQgAHRYhBF5tbq4Ww9p1RQshnJqATpfXB5x3BQJgQPZxAAoJEJqA +TpfXB5x3JzoP+wQO4IfR4x1Fpd4i7P1YEHp1FWX9CiVkgt8KkND2QFv9jSA1VAIn +zE0AJps33X3vtz4An0+oWEi1zVNSsg/ShhWVcEUsRuojFZmPjzFuDBzBVBRmqqw9 +p3xGFAcFlhtpIhU4xbRgw9mImNKBX5dzJxKzP+tQcAhY36LwI+aYOfMIWnBSWvpV +se1+vgCLmVnVB3HtzByppRK1g3nxESXtJblgbW2KvP4wvp8FGLcGdIqS5y1AXTfD +biaZcB+cHUDQMkICrHdiCtJBN5Ds1Rer7fF2GG89zPNyxi9ODVTOed/v3kf6Fd02 +Tz8N4FLvfvzB1CvoxHXOs2vWwx4CXd5KRcqlN0bXSbuNj6iN6mwyq6rFGJiB0i8G +9ngK1JNjcyAzTrZofPvOXKFFsiJ7WpKaRI1VnjY97X6lxMfrOMeAiO3/dGpavsHs +mSM1YVySu6T/GqzgKvzq8hH9NRTba2MBFcEeF9nFaa9v87AhY+HpYQkj4nM2Ie2X +4IByGVHXR0tm7YXaxbgGnANjipmIKxQjf/81UHZgKO0hLYLt51CmiqYBe1RRcnb1 +oh3REIuOPZKW5HBoVkrgBQBODW7zh5brYMf+f+fiu79xvJ/kTBn3IzhZ4Ay9m4jC +WVefvpLdE/SLz1YjchS8SWJBCxo/vMzg5NyFq4gBg5GqNKQMBMqAumUq0f8AACS4 +/wAAJLMBEAABAQAAAAAAAAAAAAAAAP/Y/+AAEEpGSUYAAQEAAEgASAAA/+EH5kV4 +aWYAAE1NACoAAAAIAAwBDwACAAAABgAAAJ4BEAACAAAACQAAAKQBEgADAAAAAQAB +AAABGgAFAAAAAQAAAK4BGwAFAAAAAQAAALYBKAADAAAAAQACAAABMQACAAAABQAA +AL4BMgACAAAAFAAAAMQBQgAEAAAAAQAAAgABQwAEAAAAAQAAAgCHaQAEAAAAAQAA +ANiIJQAEAAAAAQAABuQAAAAAQXBwbGUAaVBob25lIDcAAAAAAEgAAAABAAAASAAA +AAExMS40AAAyMDE4OjA3OjE2IDEwOjA3OjM4AAAfgpoABQAAAAEAAAJSgp0ABQAA +AAEAAAJaiCIAAwAAAAEAAgAAiCcAAwAAAAEAMgAAkAAABwAAAAQwMjIxkAMAAgAA +ABQAAAJikAQAAgAAABQAAAJ2kQEABwAAAAQBAgMAkgEACgAAAAEAAAKKkgIABQAA +AAEAAAKSkgMACgAAAAEAAAKakgQACgAAAAEAAAKikgcAAwAAAAEABQAAkgkAAwAA +AAEAEAAAkgoABQAAAAEAAAKqkhQAAwAAAAQAAAKyknwABwAAA+IAAAK6kpEAAgAA +AAQ3MTAAkpIAAgAAAAQ3MTAAoAAABwAAAAQwMTAwoAIABAAAAAEAAACWoAMABAAA +AAEAAADqohcAAwAAAAEAAgAAowEABwAAAAEBAAAApAIAAwAAAAEAAAAApAMAAwAA +AAEAAAAApAUAAwAAAAEAHAAApAYAAwAAAAEAAAAApDIABQAAAAQAAAacpDMAAgAA +AAYAAAa8pDQAAgAAACIAAAbCAAAAAAAAAAEAAAARAAAACQAAAAUyMDE4OjA3OjE2 +IDEwOjA3OjM4ADIwMTg6MDc6MTYgMTA6MDc6MzgAAAAKdAAAApMAAAhvAAAE+QAA +KOIAAA/BAAAAAAAAAAEAAAGPAAAAZAXXBg4DvwPBQXBwbGUgaU9TAAABTU0AEwAB +AAkAAAABAAAACQACAAcAAAIuAAAA+AADAAcAAABoAAADJgAEAAkAAAABAAAAAQAF +AAkAAAABAAAA6AAGAAkAAAABAAAA8QAHAAkAAAABAAAAAQAIAAoAAAADAAADjgAM +AAoAAAACAAADpgANAAkAAAABAAAAKAAOAAkAAAABAAAABAAPAAkAAAABAAAAAgAQ +AAkAAAABAAAAAQARAAIAAAAlAAADtgAUAAkAAAABAAAABQAXAAkAAAABAAAAAAAZ +AAkAAAABAAAAAAAaAAIAAAAGAAAD3AAfAAkAAAABAAAAAAAAAABicGxpc3QwME8R +AgBHAkwCUQJVAlICSwJDAjsCLAIaAnMBzgCQAIgAiAB/AEsCUgJWAlYCTgJGAj4C +MQIgAsoBjwB/AHkAgACBAIAATgJXAloCVgJOAkQCOAIlAg8CMwFwAHcAjACKAJYA +jwBMAlYCVwJQAkYCOgIrAhIC4wGiAGUAkgCJAI4AjQCSAEoCUgJQAkcCOgIqAhYC +9AFqAXgAdACRAIUAhQCMAIsASQJKAvYB+gC8AOIAjgGJAbEAcQBrAIMAeQB6AH4A +gQBFAoEBTQDQALEA4QDiAL0ArgCZAIkAYwBoAHkAdQBuAEECBAF5ABgBtADHANUA +uQCkAN0AyQCQAIMAfABqAGUAOwL2AHIAIgEEAb0ArACYAIYAuwDQAK8AXgBmAG8A +eAAxAgkBUADvAIsAqwC/AJ0AbQB5AF8AZABvAHwAdAB1ACYC5gG3AHUAdgCuANwA +DAHGAGIAYQBqAHEAdwBvAHAAHQIaAv8BtAGjAZ0BhwF4ATEBcwBtAHYAdQB0AGsA +ZwAYAhkCDQL5AegB2gHFAagBcgGtAF8AdgBzAHIAagBoABUCGQIUAgkC/AHoAc0B +sAGPARYBZgBmAHkAagBzAGYAEwITAg8CBAL4AeUBygGzAZsBfgHNAGEAcgBpAGsA +YQAQAg0CCQL/AfQB4gHJAbMBoAGMAXwBUwEDAeAAcAByAAAIAAAAAAAAAgEAAAAA +AAAAAQAAAAAAAAAAAAAAAAAAAgxicGxpc3QwMNQBAgMEBQYHCFVmbGFnc1V2YWx1 +ZVl0aW1lc2NhbGVVZXBvY2gQARMAAAU6zneKsRI7msoAEAAIERcdJy0vOD0AAAAA +AAABAQAAAAAAAAAJAAAAAAAAAAAAAAAAAAAAP///xsEAChy8//+2DAAAShH///v9 +AArWDwAAADsAAAEAAAAAZQAAAQA0MkRDQUE3RC0wMTU0LTRBNTktQjY2NS03QTZB +QjZBRkM4OEQAAHE4MjVzAAA/1d8AD/+1AD/V3wAP/7UAAAAJAAAABQAAAAkAAAAF +QXBwbGUAaVBob25lIDcgYmFjayBjYW1lcmEgMy45OW1tIGYvMS44AAANAAEAAgAA +AAJOAAAAAAIABQAAAAMAAAeGAAMAAgAAAAJXAAAAAAQABQAAAAMAAAeeAAUAAQAA +AAEAAAAAAAYABQAAAAEAAAe2AAwAAgAAAAJLAAAAAA0ABQAAAAEAAAe+ABAAAgAA +AAJUAAAAABEABQAAAAEAAAfGABcAAgAAAAJUAAAAABgABQAAAAEAAAfOAB8ABQAA +AAEAAAfWAAAAAAAAADMAAAABAAAAIAAAAAEAAA5QAAAAZAAAAAMAAAABAAAACwAA +AAEAABWDAAAAZAAAWb0AAADZAAAArQAABJ4AAN2FAAABWAAA3YUAAAFYAAAACAAA +AAH/4Q1XaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLwA8P3hwYWNrZXQgYmVn +aW49Iu+7vyIgaWQ9Ilc1TTBNcENlaGlIenJlU3pOVGN6a2M5ZCI/PiA8eDp4bXBt +ZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJYTVAgQ29yZSA2 +LjAuMCI+IDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5 +OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+IDxyZGY6RGVzY3JpcHRpb24gcmRmOmFi +b3V0PSIiIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIg +eG1sbnM6bXdnLXJzPSJodHRwOi8vd3d3Lm1ldGFkYXRhd29ya2luZ2dyb3VwLmNv +bS9zY2hlbWFzL3JlZ2lvbnMvIiB4bWxuczpzdEFyZWE9Imh0dHA6Ly9ucy5hZG9i +ZS5jb20veG1wL3NUeXBlL0FyZWEjIiB4bWxuczphcHBsZS1maT0iaHR0cDovL25z +LmFwcGxlLmNvbS9mYWNlaW5mby8xLjAvIiB4bWxuczpzdERpbT0iaHR0cDovL25z +LmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL0RpbWVuc2lvbnMjIiB4bWxuczpwaG90 +b3Nob3A9Imh0dHA6Ly9ucy5hZG9iZS5jb20vcGhvdG9zaG9wLzEuMC8iIHhtcDpD +cmVhdGVEYXRlPSIyMDE4LTA3LTE2VDEwOjA3OjM4LjcxMCIgeG1wOkNyZWF0b3JU +b29sPSIxMS40IiB4bXA6TW9kaWZ5RGF0ZT0iMjAxOC0wNy0xNlQxMDowNzozOCIg +cGhvdG9zaG9wOkRhdGVDcmVhdGVkPSIyMDE4LTA3LTE2VDEwOjA3OjM4LjcxMCI+ +IDxtd2ctcnM6UmVnaW9ucyByZGY6cGFyc2VUeXBlPSJSZXNvdXJjZSI+IDxtd2ct +cnM6UmVnaW9uTGlzdD4gPHJkZjpTZXE+IDxyZGY6bGk+IDxyZGY6RGVzY3JpcHRp +b24gbXdnLXJzOlR5cGU9IkZhY2UiPiA8bXdnLXJzOkFyZWEgc3RBcmVhOnk9IjAu +NTEyOTk5OTk5OTk5OTk5OSIgc3RBcmVhOnc9IjAuMjM3OTk5OTk5OTk5OTk5OTki +IHN0QXJlYTp4PSIwLjM3MSIgc3RBcmVhOmg9IjAuMzE3OTk5OTk5OTk5OTk5OTUi +IHN0QXJlYTp1bml0PSJub3JtYWxpemVkIi8+IDxtd2ctcnM6RXh0ZW5zaW9ucyBh +cHBsZS1maTpBbmdsZUluZm9ZYXc9IjAiIGFwcGxlLWZpOkFuZ2xlSW5mb1JvbGw9 +IjI3MCIgYXBwbGUtZmk6Q29uZmlkZW5jZUxldmVsPSIxMDAwIiBhcHBsZS1maTpU +aW1lc3RhbXA9IjEzNzk5OTkyMTQ1MCIgYXBwbGUtZmk6RmFjZUlEPSI5Ii8+IDwv +cmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpsaT4gPC9yZGY6U2VxPiA8L213Zy1yczpS +ZWdpb25MaXN0PiA8bXdnLXJzOkFwcGxpZWRUb0RpbWVuc2lvbnMgc3REaW06aD0i +MzAyNCIgc3REaW06dz0iNDAzMiIgc3REaW06dW5pdD0icGl4ZWwiLz4gPC9td2ct +cnM6UmVnaW9ucz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94Onht +cG1ldGE+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPD94cGFja2V0 +IGVuZD0idyI/PgD/7QB4UGhvdG9zaG9wIDMuMAA4QklNBAQAAAAAAD8cAVoAAxsl +RxwCAAACAAIcAj8ABjEwMDczOBwCPgAIMjAxODA3MTYcAjcACDIwMTgwNzE2HAI8 +AAYxMDA3MzgAOEJJTQQlAAAAAAAQOGix0QQ3mMOAExf+M5Hq4v/iAkBJQ0NfUFJP +RklMRQABAQAAAjBBREJFAhAAAG1udHJSR0IgWFlaIAfQAAgACwATADMAO2Fjc3BB +UFBMAAAAAG5vbmUAAAAAAAAAAAAAAAAAAAAAAAD21gABAAAAANMtQURCRQAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACmNwcnQA +AAD8AAAAMmRlc2MAAAEwAAAAa3d0cHQAAAGcAAAAFGJrcHQAAAGwAAAAFHJUUkMA +AAHEAAAADmdUUkMAAAHUAAAADmJUUkMAAAHkAAAADnJYWVoAAAH0AAAAFGdYWVoA +AAIIAAAAFGJYWVoAAAIcAAAAFHRleHQAAAAAQ29weXJpZ2h0IDIwMDAgQWRvYmUg +U3lzdGVtcyBJbmNvcnBvcmF0ZWQAAABkZXNjAAAAAAAAABFBZG9iZSBSR0IgKDE5 +OTgpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYWVogAAAAAAAA81EA +AQAAAAEWzFhZWiAAAAAAAAAAAAAAAAAAAAAAY3VydgAAAAAAAAABAjMAAGN1cnYA +AAAAAAAAAQIzAABjdXJ2AAAAAAAAAAECMwAAWFlaIAAAAAAAAJwYAABPpQAABPxY +WVogAAAAAAAANI0AAKAsAAAPlVhZWiAAAAAAAAAmMQAAEC8AAL6c/8AAEQgA6gCW +AwEiAAIRAQMRAf/EAB8AAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKC//EALUQ +AAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHw +JDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hp +anN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TF +xsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+v/EAB8BAAMBAQEBAQEB +AQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUh +MQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4 +OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWW +l5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp +6vLz9PX29/j5+v/bAEMAGBgYGBgYKRgYKTopKSk6Tjo6OjpOY05OTk5OY3djY2Nj +Y2N3d3d3d3d3d4+Pj4+Pj6enp6enu7u7u7u7u7u7u//bAEMBHR8fMCwwUiwsUsSF +bYXExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE +xMTExP/dAAQACv/aAAwDAQACEQMRAD8A6KiiisiwpaSkJ4oAZK2xd3uB+fFP3CqL +yJLbkSHG8HisFNVlKgHsNx9z7U7AdYWA6mkSRJOUIOK59NWaWHaqbpT949F/z7VU +sbgR3u18qrZBBOMHt+FFgudLdzGC3eQdR/U4plndfaolcD6//WqvqhB0+TB5wD+R +qvZ3QWAMdqgDCrnGcUAbmcVnS6gkc/2cAljtxj/aP9KgbVI8HjOOuCD+nWuc84rc +iYHgMDn2z/hQkI7v2pFO5Q3rVR7qMRiUHgdacJ44lSNjzgY96Qy3RTA2VBNOBBGR +3oAWiiigAooooA//0OiopKM1kaDZHCLk1z099I26ZT8oO1R+maXV7jcwiQ9B/Osm +dgifZ+pRv8/zppCbFRv3ZllJI6KM9exqkW5zQWPTtTT61ZID5eRTyc1FnsacB2oE +S+dKy7C7Y9MnH5U4TybPKzwOKreop49aBjt1OzmmH1pM8UATLM4XGSRxwfbpVn7U +7yq7HJFZ465pwPNKwHYpdA5T0J/KpLScSbVB6Er+VctDK6knOR3rf0kFsue24/mf +/rGpaKNyiiikAUUUUAf/0ehqmJ1G8ucYNW6x9RiIUzL34NYmhi6g+Z1kHBIz+dUC +xJyetSzyGRuar7TWiIF69KNnekwRzTstTAYRSZqTBNBQ0AMJzQDinbDThEx7UBYY +abVjyW9KTyW9KVwsQZpRTzGR1pmKYE0Z5ye9dZpGDbkjjnH5Vx4OK1dMuxDON5+U +qQf5j8uaTGdlRTEdXUOpBB6EdKfUDCiiimI//9LeNU7xglu7E8AZq2TgZrldQuHe +Z4g2VHGMYrJFsy2bJzihVJpwXJwOSa1YLcKMnrVN2ElcopbO9WksfWtFVAqUCocj +RRKK2SCpfsielXRS0rlcqKi2kY6iphboOcVKM07mlcLFfyUHamGBSelWqaaLhYov +aKRWbPZsvK1v1G6g1SkJxOTIIODQDg1q3duPvLWSwNaJ3MmrHW6PdRmEWxPzr0Hq +K3M159BKY5klH8JBr0BTkAmkwQ6iiikM/9PTvLgW0Blxkjp9a493MjtK3Vjmt7WJ +cRrF/eOfyrnh0rOJTLNsmW3GtpRxWdaKMVpgVMjSI4YpwpBTuaksdSjNIM04fWkM +MGlwaMn1pOfWgQvNNNLk0mRQMbSGlyKQ0wK8yBl5rAnj2ua6RhkVh3Yy2auJlNFF +CQcjgiu50+c3FqjnqBg59a4auo0OUmN4ic4OQParZmjfopKKgo//1K+sHM6DttNZ +ArW1b/Xr/u1kjk1C2KZrWowuavCq0K7EAqcVmzVD8mnAtTBUlIoUE08ZpoFSUhiZ +PtSZNLSgcUANyaTNPxSGgCPiilNJTAQ8isW8Ta2fWto1QvUDRFv7vNVEiS0MI8Gt +fRiVvBjGMHP44rJYd60dLP8Apkf41ozE7SiiioKP/9WPWIsFZfwrHiGZFrodYXNs +rf3WH68Vg2g3TAemTWa2L6mwtOLBetQySCMe9U/OYnJ61Ni7mh5oAyaVbhM4yKzy +0j9ttHk9807BzGykit0qUc1kRqyHg1pRvxSaKTJsU7GBTAc04nApDIJZ1j6mqhvF +PXipZVDnmqbxxCqSJbZbWZW6HNO8wd6zeF+4/wCdG6T6j2osHMaoORUTjcpHrVaO +Q9KtZyuaQXOdbgkelWdPYLdxk9N39Krz8SsPeruloHvVHpk/lWhkdoKKQcDFFQM/ +/9a9frvtJB7VzliMyk+1dDfcwe2awrFSJGz2H9ayWxZYkXcxzUJB3bE61dI71Sfc +WITigqxII4x985PuaUxREfKPxFUriLYFI5z3qOEFpEVMjOAfr3p2DmLoZozg8irU +cmelQFSjbJOR605UKHjpSGa0RyKbI2KjibApshzUlFaRz0FQAKT83NWGUDk9aqyR +M0bt3A4FUInDxDg4pTGpG5P0rHABUrjnOc+3pWgsLxojocNjkU7EqVyyq7utTKMD +FNiORzU2Kkqxg3sZSYn15p+nytFdK6jJwR+dT6kn3X/Co7GMjMntirvoZ21Ostrg +XAPGCvWrOKzNNHDmtSpG1qf/1714u+3YfSsm2Qo0hPritqbmJvpWXGeD9ayNUPIz +ULJg5qegipLsVmAYYYZFIixocooB9asbAaXZTuFiH8KDyamI2iowKAJlHFBGacvS +jvSKIskcUzOO1TY5p/lg8igViqI06hFz64qTGal2CnBR2p3FYaq4p9OApp4pDsU7 +5N0Deo5FNtVAiVfQCprk/uW9xinRrsRVPYVXQlLU0LBdqt9a0c1UtR+7OPWrVBMt +z//Q05P9W30NZKHlhWs43KR6isjOGH5GsTVE1LTAafmkWhRS02jNBQjc02lagDNA +iRTR3p6IO9DAUDEI70vOKapwcGpCOKAQ2lFNGaXNAx1MY0uaYxoJZBMN21PU5/Kp +B8zZ/hFAXcTnpjFTKuflUfSmJGjajEP1JqxTUXYgT0FOpmbP/9HUNZlxHh9/Y1pG +oyAeDWRpczgafUfQkU8Ui0OpV5NIKkXikURyEAiq3musmMZX1qw+D1qttweKaJZZ +E1RyySkfusZ9TQExyakCfLntTC4kbMRhutWx0quuF6VMrA1LGgIppqWojQMKYadT +DQIegOOAav28LKd78egotP8AUj6mrVUQ5dB1FJRQSf/S0mplPamVkWUJRiQimipb +gYYN68VEDSZaJBSs2OlNB4zULS7OTRYdxSSacAOpqobjJwoNIJjn5lNOwI0D83Q0 +uVVdpNZ3m85UGnrI/XaaLFWLwIo6dKo7pT2FPDzZwoosJo0FbtQ1VkZs89asMcgU +mhXGmm0tNwScDvQM1LcYhX86s1Eo2gKO3FPFMyHUtJRQB//T0mqOpDUZrIsilXeh +HfqKog9q0aoyrsfI6GgaYqHsaYyAtzSr60ueaRRGVU9aQIOxqQgmmmLPTNBSY4Lj +0p2D6ioPJb1PFOWF/wC8aY+ckCZ6mngBeBTVhYHrUoAX60hOQ0rzmnseKQ0hPGKC +RCeKmtk3Sbz0X+dVuScVJDfQxO0Eg27OrdqaQmzXpwpikMAw5Bp4oJHUUlLQB//U +0jURqQ1FWRYVFIocbTUlNNMCiPlO09RS5BNRswkd8fwnFR7iODSsO5aB4p2arBhU +qsOlKw7k1ANN3cUAgcGgZLnim5pu4Gk3CiwXH0xjxURkycClCnrTsTcmQdzWLc/6 +9z6nH6VuqOM1h3IzJNzjkH9BVRCWxY0y6dbgK7Eq/BB9exrqhXKWMaYfJBJPTuPQ +j6GunQkqC3Xv9aJEolpaZmlzUjP/1b5php1MNZFiVBOxWMlcZ7ZqY1UuwDGc+lNC +ZnWZwHU9c1Zcd6o2f33rRbpTe41sVyvpSh2FLTT3oAeJDS+YfSoqUUAP3t0FKAzd +aFqwoFACKoA4qULk4ph61OnSpGhTwMVh3OfMYrxmtlu9Y1x/rDQhsk09gsyhuQeC +PWukiJBaNjll4P19axlAFohHtWhbH959VH9a0lsZrcv0tJRWRR//2YkCTgQTAQgA +OBYhBLW13TMhQq1lfo2HrH0n5hC4o9xSBQJgN4HxAhsDBQsJCAcCBhUKCQgLAgQW +AgMBAh4BAheAAAoJEH0n5hC4o9xSm/AQAM1VQ6ulVGptsosNJYB+HigxIMZiXtIn +tddo1oJ2HzucgHGF2VJemu5m2NxKrckNQdlO5AvYiD3cGsx1GCcUCqrVJnpVSzn0 +x2vAUd5Iu5AO6VLuWfz6lLzLYFmR7le1eEVV9PWpiFo5JmhCxFlmzbJ/LXg2rm+b +gGwYg9PaW4zeJR721BE0YYzAdiiyih0oYQqm1rIpp5+rzHL34UeajNU8krcViWDv +Q6qSKnkk4RQzzWWo5ByjDxB9UBF5eX1Ls/CyFzCpsNaPooKAxC1MQy53GrQIN4Wq +Y73BMsfEutMvdWxgL5/zWKIS5Fd+hD9wTtOotu00PzamCq+5CnsggILpJenrHWSR +6xoSgBL6iYjAq1DaLvGUv8/+gnblLkdh3A9+lCqqb45yAbBlZS4w12Jmfov+WKLS +e464WTG0VTySkShhrwHKWkekXzCusx8nIow1FKo257N97fMLJFWRlBhCHcgtoYmq +3a49CUndqAmM9MT1/8RX21xUq/vI3aTSXqnjgo+y5EMKNM6Q8u0KgVvxzNRyoyh6 +cJWgW+lXM55X8M1SDBruQBfTF2lnJbxq02hXyuDhWbtuhLCs01z3AxO42PZVuwqI +/U7chZGzC2e02DPY0TVwbGJU6SEKg6wrZEeAzH7igRWR2AHGUEX0AzEkZD72mvZZ +TMtW3ci6/EGZiQIzBBMBCAAdFiEEh0AgjA6T/sgO6/kTt3xS7sIXcd0FAmA3iFkA +CgkQt3xS7sIXcd26xQ//dvjcgYkVg0KdAUQWE0KWFwHgW5mJWyITZs5PcwkArIGh +pJCns9CRq5EGwGQuLWvhWBAloH+qFI83ydptPoxztZoy7keK1tCdDTNhk2RLhp98 +4CP5oObh6xgpuMQ1hVtwwdhOErGpU/auHgIr4qtScvsfLlhoXHCttzvnBkgiGKi+ +bn7hH+mGS6XCDDTXggh4s3wRZ/snaqy8WcaprfK3dw5Tpgck0pexikVcyI6sbruu +euGwbUZ5JwuFNnRQzmjPqJk6ZC3tYqPslZFBKi83HXq4T2liTSI2m8eK/gWU512G +T4HeLlkiSMLYOJeX+gKI25StkzXBqQoVKQJVc6RG8wdv34hSdFT0h1T6xtGKmb6y +W0c855yFrp2yefSS9+R3DFxBEqo7YtGF1J53v87GBeYnFMRw6vZnon+Kurttn8ah +gZP0veyb1JtCgBWAS6HVb2q6k/Uw+nt++NAZbr69rtnyzyrMNVvMnuM/L1diYfD0 +bncHd1Oj8KTHmFj7J9He2ytelfB/MFUmnkPWtAugPtnQMTGPYyb4VsOF53QsR0+8 +bJGGI7M3tk/C03sXGfMpYMUyKK7uyGWbKg97iKXQLIoHaI3zbIYNUMh//JspxCqg +14GbQx8yaLDdyeORn8wmgsVy9qNEsc/PHJO8644KNZJM9x1fDihztBsRbRzwjVaJ +AjMEEgEIAB0WIQRebW6uFsPadUULIZyagE6X1wecdwUCYED2egAKCRCagE6X1wec +d5gKD/42YYeUFgaQDABPG45afoqwyP8H1xDi6W5F47wVFwI1GdSBmIqKGhNONwYS +toeFKcX1ed0gBbFVkwaWEFKCeo0VjWcLYE1YaxL8ybo+iVrFfd/oEHyf414uvnur +4jNVwqUmtYQMaLlXq2a9tVAGNtsgqsZKEYBanWDXm24z5l2rDGxLlVi7xTGU3pZE +LfTF3HvZlN3l/ggagXF+2ocT5O0vTX1OO8x0lknTqhbjTJfi+ObJxV4DyE0ifQyh +3smBUyxZwCcF9MhRKYnEcf8gbsCPDLoiwCGz0o7cKz2blm7NsTgxZXoS0HRx0/wy +QHS+6mIDuH1gMLeEvJUql7cdKqGAbG5QD9xGPoW6PiTpFTtVusjxD4dIvil5oth5 +r9btVNtoSysEuL13BjBkrO4JuqVZvEdHFGjNE00q6JrI/SpeBZrRR/YZvLCgUZ9J +w9S6g/usazLEAnOs2EH37yMFA3h3Jr+8l31CkGWBlbLHWc/6ufuyYo4F98TJ7WRV +vq2RbAMziHMkDH47iMt2PkycLhqPplzbTyVVS/2r1u1d8vfhWlznASuT0/d6cpi0 +H9L/nqe2Mkst32e/X7jr54lSfURmKC+plNn4QQY61DcaUDw5UsMvl/ieDg7OqBeI +JVgitbDLfIC15B5oRHalAmBOE9OulvvnqxZCHdQ63XunRIbviw== +=+Re0 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.idp.plugin.oidc.config/truststore.asc.backup b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.idp.plugin.oidc.config/truststore.asc.backup new file mode 100644 index 0000000..e69de29 diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.idp.plugin.oidc.op/truststore.asc b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.idp.plugin.oidc.op/truststore.asc new file mode 100644 index 0000000..504aea2 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.idp.plugin.oidc.op/truststore.asc @@ -0,0 +1,32 @@ + + Henri Mikkonen id 9355EBCA + -----BEGIN PGP PUBLIC KEY BLOCK----- +Version: BCPG v1.76.0 + +mQINBF46zL0BEACUeQllAAViSlyL8uFBCjlCXdH12GpDL9y8fubm+N50ofonIloA +YLbJtETVrqpxfeh+SDiERbEG5W02fbM1y3wdSjef0jzAEP3PoXydv/SdNKvomvBP +U7I9eALgHJI4Nkqzf8ggTrOBHcWbRIRGbVXFRhOE1Z86akmVz3fe3aQzddvzAS7I +YYX0RxbKiNt8iaxUXUo+P1LopD9Zo2I1NTY8u27RuhtxBr5tnHnsuf38mzjG/l6U +RzJ8qhHJr6D4E+MLqRo9ndTREOT/d1TeJUvQddXC59VEL75TrYCEc2v/NZ5m9fD6 +yg0+oqgyrQHmZhPVOqoJiz0lkd3rl7lUqCH9yjREr1H5PUchiuhBKBOogwtirqw3 +NMKH6bs0Bu6qUy5fIJRqjxKVv+6fOEty/xnp0xN7xoBEUPEt1M/V3ewwH1zhOwTo +g4cr4zhTT9RNno3eM0eenEQYapQZ8dFmrNVmhvx9VJlshYGyakrxPwrF3coyC3hh +HjWE9SzmoyGmmbRgvJVt//SqoGpDyaM+d1hPys9tX2N/E1TlwZiD2brWAtjr2K49 +NC9Skizw4qHAbphq4EMGCKzrp9ksnBvwZAY9JjL0JvdjAabqkyRFVh2Mpm5xSxbw +d+Twryh5hXaT/EQXsKMC1WlQnIDREjHpm1UOXTzcsFPa9tEW8XUftPWbQQARAQAB +tCZIZW5yaSBNaWtrb25lbiA8aGVucmkubWlra29uZW5AaWtpLmZpPokCVAQTAQgA +PhYhBG0Y/WNwj8ygebaMzgJmkYOTVevKBQJeOsy9AhsDBQkHhh+ABQsJCAcCBhUK +CQgLAgQWAgMBAh4BAheAAAoJEAJmkYOTVevKwWcP+gLrjnrNxqwEx7/Ly/KdjkGD +0W7aMiQc8acvC9oo74/XXpAD0W1jkK/BXyLH1q/o5Lyjymmm6w7VvEWLSY1Q0+gC +l+hUOqccH572767UrGEeZeJV8+tNhziTU2S7NagK2A0BelHoA3hIhfGmWLJ+ooJe +HZXFCov4ThZOpGzu5d04dEYoOv2jVaWwnrjOBzoKcgws9J6RLX+6gOFhZ3Dh5Rxs +UGhl0ZJuEBQCDT7X9jI4mHsA0Ngo27inb3gxfeCm/ziZhHDV2gZtl777dKVc/sQN +fqGaRGVi1p37La6KKpfIA3KHRjGf4jfg17AQ1Ix+ZgRIpbPXb7fXQHtBElhIbbn/ +VR2CG0Jdchdc4UozelKU6WNsNlcMn3kfTNFosW7+gTiYEGSxZQC9ylSSl1s9oIFM +dvk70u4AgTY6w+27TrTRuEpdARoNZG4NhBTJ8g0BkiX6cHVyc5ir5IOVpmewsxN5 +yLg0ed6OwpcK5V8SwGT60hgkkJp71OeBsnLzyzO3/YoI5GVAIgcwtdzptRUt0iL8 +GUccO3mO6Hm4EfJAZHFWRbxX3ITTfCzw4blbXURlIXkPefprptAYX2+rn/z4iC1F +mJUANl+4WilKuPoAimKGDNi6CvlbckQW2i2i5gsoM3iMxRMsExoZUnoMpfY70Trg +ToF/jwURMQSCsJnZvyQD +=g4uH +-----END PGP PUBLIC KEY BLOCK----- diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.idp.plugin.oidc.op/truststore.asc.backup b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.idp.plugin.oidc.op/truststore.asc.backup new file mode 100644 index 0000000..e69de29 diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.oidc.common/truststore.asc b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.oidc.common/truststore.asc new file mode 100644 index 0000000..9e09694 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.oidc.common/truststore.asc @@ -0,0 +1,287 @@ + + Philip David Smart id B8A3DC52 + -----BEGIN PGP PUBLIC KEY BLOCK----- +Version: BCPG v1.76.0 + +mQINBGA3eNkBEADXiVQf1XEUSM9gB+eMAPj4zdjtd2tflJTNI5Q6sEB2ly2rbOyg +Yo49DF6wytQSRABAJvRY36hHkK77mbRN5Usf8Rq09aGUEv0nvKO+JVT/P4w3tFva +MmKWiYX775/yDE7B1vu4eb1RQCjrXaye91EpHES74VR8Kb0TVeNEQXGR5/h77Gcg +obRog+CqxT9L33Fcs4d2C+8BLo4dOaAr29rmEGWRE576NM6wGvtzHdazipM9LvtS +POGRid4HLYuWvW5WCyAfGbkOq8xreYBtB9gGSZ8iarmcYmN50/gz3Ux3sJA/xy7Y +vMAYWtA8Rp5hFb39uoaEwHWz8IlnAbA11OfrEkt65dMJwQAX4w89aag/LqI2lrgG +VEoDWCvkKOlsbJalZr/SgG+m1k/4gqfYYkM09PI7IRn0Cb8uLDdXpeBZd2SJXi9E +gdDxsrKoi0IMUYQNv8stNa/5lTK7LJkqovpdL+1aHCYRex53Ln+y8RycNbxSGl5O +CKtFGb9ydfMnbOVX4BJ1x83OOktIkbLpVeZIsaTmUEDQ9itWmXqQ/QoIgBVFRqh8 +bhaCs7y9UPF+WtnpRY7jm3/cSL6oUXax2tT5VoU3LLxTQf90ZdWrAyWEF8auBZAP +FRXAD2HkS4rIWCuKi/GSH0v6ILu9KREFfViy9fZXFpvwvbz199CPlCkgLQARAQAB +tCxQaGlsaXAgRGF2aWQgU21hcnQgPHBoaWxpcC5zbWFydEBqaXNjLmFjLnVrPokC +TQQTAQgAOBYhBLW13TMhQq1lfo2HrH0n5hC4o9xSBQJgN3jZAhsDBQsJCAcCBhUK +CQgLAgQWAgMBAh4BAheAAAoJEH0n5hC4o9xSz4EP9Arv6WSxxkBEVzGj2XRbXAOP +U0G5KFJ1sviO9ZGotBnivHH4HWcusDqoyDvjwIYp9jycgtwGw4TuF917QPTfFwhb +TYma22+wSZ6Sn+OcZr+dSjLg5Ki+6I2BZaS+m2MYcPehCl1ILbtcs83p7AZf2JU1 +IgejhJMsMg93G88ZkSOO0tOAuvBbrO+f/de5AtSIk9ense1OUz9dbjI7JK6idB0a +1yoo5FjOuyRw11qEa7nP787jcdnh6gkcfRGK9CcYOWXXcfQSRYFx0Wz6qi76bonk +fYioCGv7LOPvsRnrjyWnM0tukS2RrDSbOfEby6ma4ZsPAhxtOrwWYOYfmjpspNbh +yPHL/qw0Bb+t+X+mBayRO3MJ1R4l5lU3cjXF/oSCxinkL4TfX5bJ+SuPmPb6cOO4 +eHBHCwTad0jy9CEQAFIwtQP1+5QpcAUQPEhHlztPPHe5hP3X8M0x0ILTEDrh29E0 +C0CP0aG9xTONBK1JnmWT7NSXDzk+BLokdbDbZs909+fJddlzPq72u0ubRUOgKNki +eo5Vbg5aOsaCkC0QJOzabO7xbnlOlXlg8XkGnfO8mIZ6Q0M5oEyGSpBakYi0rfQo +zjzKwflCvRTKEl8spTkPH45Dm7LZ+o5xWSN4P2NVTh46unfCyKxuSi1Prl2tQ6OG ++ke+A9zfGa0iHsXtT8aJAjMEEwEIAB0WIQSHQCCMDpP+yA7r+RO3fFLuwhdx3QUC +YDeIGgAKCRC3fFLuwhdx3Q0JEACRK35MbZe3mD7uKWb8pXwTxHfngDDA4TgpVLXA +Oqvmh+ISYN1RVJUdAdws/PsTS9NgWCD3YbN57G0jtCT3Q0kCAtvXNPLPgmKxk0au +Y2K1xaJs9iDjXysbWLIOgKdw2hs8FrD2YvYCQfm/jTQeG4TEqVJTvxcyLKVGBwud +Hg6coVsqz0iazwXiPBE1mLlxXi9mk2wv5a3SySPYbGGF37cXEvX1ZRYG721bSaXW +EUlZDzd2s2iv0FyM7aXjGeI77x7Ri9vG+KcCFdfoBrYjo5tQ0nm/0mWQr+uakDKr +T4JUmFnzDCzIZcMqeSRcGRgJ8aCN55TctKcjWUMwXSI4PIUu9XjeHgTmIZVFZzSo +OZGSxiPUuZ8HSjwb1g5RtOejLX0Sd5FCuzDUtNQmS1BIe3ZpW0D3iWtVGr6FWETc ++Ks2Dwa8T2ZbaOFfsJauqm8l1zJYcV8d45V1ASLnyqaMJdYlctlu+6rwgCgIx9LV +pKhnvVWEdxEVmyt5UMSZwXfNF3LXW6PFrE9GSSUWcpGwF/X3XuGLpNc8a/lF6RHA +pbRuy5RN1v10feOqfpd8sFbvxQLuN3Xfo+HFjtjqF74BxASJm+2UePPeanIifRvQ +Hd8NCGycYaNkdlkBQH3BLaTAD6pf25Hd2Iah3iRvY4gCPE0MoUhUERgXlfwd1L0H +LpLd+YkCMwQSAQgAHRYhBF5tbq4Ww9p1RQshnJqATpfXB5x3BQJgQPZxAAoJEJqA +TpfXB5x3JzoP+wQO4IfR4x1Fpd4i7P1YEHp1FWX9CiVkgt8KkND2QFv9jSA1VAIn +zE0AJps33X3vtz4An0+oWEi1zVNSsg/ShhWVcEUsRuojFZmPjzFuDBzBVBRmqqw9 +p3xGFAcFlhtpIhU4xbRgw9mImNKBX5dzJxKzP+tQcAhY36LwI+aYOfMIWnBSWvpV +se1+vgCLmVnVB3HtzByppRK1g3nxESXtJblgbW2KvP4wvp8FGLcGdIqS5y1AXTfD +biaZcB+cHUDQMkICrHdiCtJBN5Ds1Rer7fF2GG89zPNyxi9ODVTOed/v3kf6Fd02 +Tz8N4FLvfvzB1CvoxHXOs2vWwx4CXd5KRcqlN0bXSbuNj6iN6mwyq6rFGJiB0i8G +9ngK1JNjcyAzTrZofPvOXKFFsiJ7WpKaRI1VnjY97X6lxMfrOMeAiO3/dGpavsHs +mSM1YVySu6T/GqzgKvzq8hH9NRTba2MBFcEeF9nFaa9v87AhY+HpYQkj4nM2Ie2X +4IByGVHXR0tm7YXaxbgGnANjipmIKxQjf/81UHZgKO0hLYLt51CmiqYBe1RRcnb1 +oh3REIuOPZKW5HBoVkrgBQBODW7zh5brYMf+f+fiu79xvJ/kTBn3IzhZ4Ay9m4jC +WVefvpLdE/SLz1YjchS8SWJBCxo/vMzg5NyFq4gBg5GqNKQMBMqAumUq0f8AACS4 +/wAAJLMBEAABAQAAAAAAAAAAAAAAAP/Y/+AAEEpGSUYAAQEAAEgASAAA/+EH5kV4 +aWYAAE1NACoAAAAIAAwBDwACAAAABgAAAJ4BEAACAAAACQAAAKQBEgADAAAAAQAB +AAABGgAFAAAAAQAAAK4BGwAFAAAAAQAAALYBKAADAAAAAQACAAABMQACAAAABQAA +AL4BMgACAAAAFAAAAMQBQgAEAAAAAQAAAgABQwAEAAAAAQAAAgCHaQAEAAAAAQAA +ANiIJQAEAAAAAQAABuQAAAAAQXBwbGUAaVBob25lIDcAAAAAAEgAAAABAAAASAAA +AAExMS40AAAyMDE4OjA3OjE2IDEwOjA3OjM4AAAfgpoABQAAAAEAAAJSgp0ABQAA +AAEAAAJaiCIAAwAAAAEAAgAAiCcAAwAAAAEAMgAAkAAABwAAAAQwMjIxkAMAAgAA +ABQAAAJikAQAAgAAABQAAAJ2kQEABwAAAAQBAgMAkgEACgAAAAEAAAKKkgIABQAA +AAEAAAKSkgMACgAAAAEAAAKakgQACgAAAAEAAAKikgcAAwAAAAEABQAAkgkAAwAA +AAEAEAAAkgoABQAAAAEAAAKqkhQAAwAAAAQAAAKyknwABwAAA+IAAAK6kpEAAgAA +AAQ3MTAAkpIAAgAAAAQ3MTAAoAAABwAAAAQwMTAwoAIABAAAAAEAAACWoAMABAAA +AAEAAADqohcAAwAAAAEAAgAAowEABwAAAAEBAAAApAIAAwAAAAEAAAAApAMAAwAA +AAEAAAAApAUAAwAAAAEAHAAApAYAAwAAAAEAAAAApDIABQAAAAQAAAacpDMAAgAA +AAYAAAa8pDQAAgAAACIAAAbCAAAAAAAAAAEAAAARAAAACQAAAAUyMDE4OjA3OjE2 +IDEwOjA3OjM4ADIwMTg6MDc6MTYgMTA6MDc6MzgAAAAKdAAAApMAAAhvAAAE+QAA +KOIAAA/BAAAAAAAAAAEAAAGPAAAAZAXXBg4DvwPBQXBwbGUgaU9TAAABTU0AEwAB +AAkAAAABAAAACQACAAcAAAIuAAAA+AADAAcAAABoAAADJgAEAAkAAAABAAAAAQAF +AAkAAAABAAAA6AAGAAkAAAABAAAA8QAHAAkAAAABAAAAAQAIAAoAAAADAAADjgAM +AAoAAAACAAADpgANAAkAAAABAAAAKAAOAAkAAAABAAAABAAPAAkAAAABAAAAAgAQ +AAkAAAABAAAAAQARAAIAAAAlAAADtgAUAAkAAAABAAAABQAXAAkAAAABAAAAAAAZ +AAkAAAABAAAAAAAaAAIAAAAGAAAD3AAfAAkAAAABAAAAAAAAAABicGxpc3QwME8R +AgBHAkwCUQJVAlICSwJDAjsCLAIaAnMBzgCQAIgAiAB/AEsCUgJWAlYCTgJGAj4C +MQIgAsoBjwB/AHkAgACBAIAATgJXAloCVgJOAkQCOAIlAg8CMwFwAHcAjACKAJYA +jwBMAlYCVwJQAkYCOgIrAhIC4wGiAGUAkgCJAI4AjQCSAEoCUgJQAkcCOgIqAhYC +9AFqAXgAdACRAIUAhQCMAIsASQJKAvYB+gC8AOIAjgGJAbEAcQBrAIMAeQB6AH4A +gQBFAoEBTQDQALEA4QDiAL0ArgCZAIkAYwBoAHkAdQBuAEECBAF5ABgBtADHANUA +uQCkAN0AyQCQAIMAfABqAGUAOwL2AHIAIgEEAb0ArACYAIYAuwDQAK8AXgBmAG8A +eAAxAgkBUADvAIsAqwC/AJ0AbQB5AF8AZABvAHwAdAB1ACYC5gG3AHUAdgCuANwA +DAHGAGIAYQBqAHEAdwBvAHAAHQIaAv8BtAGjAZ0BhwF4ATEBcwBtAHYAdQB0AGsA +ZwAYAhkCDQL5AegB2gHFAagBcgGtAF8AdgBzAHIAagBoABUCGQIUAgkC/AHoAc0B +sAGPARYBZgBmAHkAagBzAGYAEwITAg8CBAL4AeUBygGzAZsBfgHNAGEAcgBpAGsA +YQAQAg0CCQL/AfQB4gHJAbMBoAGMAXwBUwEDAeAAcAByAAAIAAAAAAAAAgEAAAAA +AAAAAQAAAAAAAAAAAAAAAAAAAgxicGxpc3QwMNQBAgMEBQYHCFVmbGFnc1V2YWx1 +ZVl0aW1lc2NhbGVVZXBvY2gQARMAAAU6zneKsRI7msoAEAAIERcdJy0vOD0AAAAA +AAABAQAAAAAAAAAJAAAAAAAAAAAAAAAAAAAAP///xsEAChy8//+2DAAAShH///v9 +AArWDwAAADsAAAEAAAAAZQAAAQA0MkRDQUE3RC0wMTU0LTRBNTktQjY2NS03QTZB +QjZBRkM4OEQAAHE4MjVzAAA/1d8AD/+1AD/V3wAP/7UAAAAJAAAABQAAAAkAAAAF +QXBwbGUAaVBob25lIDcgYmFjayBjYW1lcmEgMy45OW1tIGYvMS44AAANAAEAAgAA +AAJOAAAAAAIABQAAAAMAAAeGAAMAAgAAAAJXAAAAAAQABQAAAAMAAAeeAAUAAQAA +AAEAAAAAAAYABQAAAAEAAAe2AAwAAgAAAAJLAAAAAA0ABQAAAAEAAAe+ABAAAgAA +AAJUAAAAABEABQAAAAEAAAfGABcAAgAAAAJUAAAAABgABQAAAAEAAAfOAB8ABQAA +AAEAAAfWAAAAAAAAADMAAAABAAAAIAAAAAEAAA5QAAAAZAAAAAMAAAABAAAACwAA +AAEAABWDAAAAZAAAWb0AAADZAAAArQAABJ4AAN2FAAABWAAA3YUAAAFYAAAACAAA +AAH/4Q1XaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLwA8P3hwYWNrZXQgYmVn +aW49Iu+7vyIgaWQ9Ilc1TTBNcENlaGlIenJlU3pOVGN6a2M5ZCI/PiA8eDp4bXBt +ZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJYTVAgQ29yZSA2 +LjAuMCI+IDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5 +OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+IDxyZGY6RGVzY3JpcHRpb24gcmRmOmFi +b3V0PSIiIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIg +eG1sbnM6bXdnLXJzPSJodHRwOi8vd3d3Lm1ldGFkYXRhd29ya2luZ2dyb3VwLmNv +bS9zY2hlbWFzL3JlZ2lvbnMvIiB4bWxuczpzdEFyZWE9Imh0dHA6Ly9ucy5hZG9i +ZS5jb20veG1wL3NUeXBlL0FyZWEjIiB4bWxuczphcHBsZS1maT0iaHR0cDovL25z +LmFwcGxlLmNvbS9mYWNlaW5mby8xLjAvIiB4bWxuczpzdERpbT0iaHR0cDovL25z +LmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL0RpbWVuc2lvbnMjIiB4bWxuczpwaG90 +b3Nob3A9Imh0dHA6Ly9ucy5hZG9iZS5jb20vcGhvdG9zaG9wLzEuMC8iIHhtcDpD +cmVhdGVEYXRlPSIyMDE4LTA3LTE2VDEwOjA3OjM4LjcxMCIgeG1wOkNyZWF0b3JU +b29sPSIxMS40IiB4bXA6TW9kaWZ5RGF0ZT0iMjAxOC0wNy0xNlQxMDowNzozOCIg +cGhvdG9zaG9wOkRhdGVDcmVhdGVkPSIyMDE4LTA3LTE2VDEwOjA3OjM4LjcxMCI+ +IDxtd2ctcnM6UmVnaW9ucyByZGY6cGFyc2VUeXBlPSJSZXNvdXJjZSI+IDxtd2ct +cnM6UmVnaW9uTGlzdD4gPHJkZjpTZXE+IDxyZGY6bGk+IDxyZGY6RGVzY3JpcHRp +b24gbXdnLXJzOlR5cGU9IkZhY2UiPiA8bXdnLXJzOkFyZWEgc3RBcmVhOnk9IjAu +NTEyOTk5OTk5OTk5OTk5OSIgc3RBcmVhOnc9IjAuMjM3OTk5OTk5OTk5OTk5OTki +IHN0QXJlYTp4PSIwLjM3MSIgc3RBcmVhOmg9IjAuMzE3OTk5OTk5OTk5OTk5OTUi +IHN0QXJlYTp1bml0PSJub3JtYWxpemVkIi8+IDxtd2ctcnM6RXh0ZW5zaW9ucyBh +cHBsZS1maTpBbmdsZUluZm9ZYXc9IjAiIGFwcGxlLWZpOkFuZ2xlSW5mb1JvbGw9 +IjI3MCIgYXBwbGUtZmk6Q29uZmlkZW5jZUxldmVsPSIxMDAwIiBhcHBsZS1maTpU +aW1lc3RhbXA9IjEzNzk5OTkyMTQ1MCIgYXBwbGUtZmk6RmFjZUlEPSI5Ii8+IDwv +cmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpsaT4gPC9yZGY6U2VxPiA8L213Zy1yczpS +ZWdpb25MaXN0PiA8bXdnLXJzOkFwcGxpZWRUb0RpbWVuc2lvbnMgc3REaW06aD0i +MzAyNCIgc3REaW06dz0iNDAzMiIgc3REaW06dW5pdD0icGl4ZWwiLz4gPC9td2ct +cnM6UmVnaW9ucz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94Onht +cG1ldGE+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg +ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPD94cGFja2V0 +IGVuZD0idyI/PgD/7QB4UGhvdG9zaG9wIDMuMAA4QklNBAQAAAAAAD8cAVoAAxsl +RxwCAAACAAIcAj8ABjEwMDczOBwCPgAIMjAxODA3MTYcAjcACDIwMTgwNzE2HAI8 +AAYxMDA3MzgAOEJJTQQlAAAAAAAQOGix0QQ3mMOAExf+M5Hq4v/iAkBJQ0NfUFJP +RklMRQABAQAAAjBBREJFAhAAAG1udHJSR0IgWFlaIAfQAAgACwATADMAO2Fjc3BB +UFBMAAAAAG5vbmUAAAAAAAAAAAAAAAAAAAAAAAD21gABAAAAANMtQURCRQAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACmNwcnQA +AAD8AAAAMmRlc2MAAAEwAAAAa3d0cHQAAAGcAAAAFGJrcHQAAAGwAAAAFHJUUkMA +AAHEAAAADmdUUkMAAAHUAAAADmJUUkMAAAHkAAAADnJYWVoAAAH0AAAAFGdYWVoA +AAIIAAAAFGJYWVoAAAIcAAAAFHRleHQAAAAAQ29weXJpZ2h0IDIwMDAgQWRvYmUg +U3lzdGVtcyBJbmNvcnBvcmF0ZWQAAABkZXNjAAAAAAAAABFBZG9iZSBSR0IgKDE5 +OTgpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYWVogAAAAAAAA81EA +AQAAAAEWzFhZWiAAAAAAAAAAAAAAAAAAAAAAY3VydgAAAAAAAAABAjMAAGN1cnYA +AAAAAAAAAQIzAABjdXJ2AAAAAAAAAAECMwAAWFlaIAAAAAAAAJwYAABPpQAABPxY +WVogAAAAAAAANI0AAKAsAAAPlVhZWiAAAAAAAAAmMQAAEC8AAL6c/8AAEQgA6gCW +AwEiAAIRAQMRAf/EAB8AAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKC//EALUQ +AAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHw +JDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hp +anN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TF +xsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+v/EAB8BAAMBAQEBAQEB +AQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUh +MQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4 +OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWW +l5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp +6vLz9PX29/j5+v/bAEMAGBgYGBgYKRgYKTopKSk6Tjo6OjpOY05OTk5OY3djY2Nj +Y2N3d3d3d3d3d4+Pj4+Pj6enp6enu7u7u7u7u7u7u//bAEMBHR8fMCwwUiwsUsSF +bYXExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE +xMTExP/dAAQACv/aAAwDAQACEQMRAD8A6KiiisiwpaSkJ4oAZK2xd3uB+fFP3CqL +yJLbkSHG8HisFNVlKgHsNx9z7U7AdYWA6mkSRJOUIOK59NWaWHaqbpT949F/z7VU +sbgR3u18qrZBBOMHt+FFgudLdzGC3eQdR/U4plndfaolcD6//WqvqhB0+TB5wD+R +qvZ3QWAMdqgDCrnGcUAbmcVnS6gkc/2cAljtxj/aP9KgbVI8HjOOuCD+nWuc84rc +iYHgMDn2z/hQkI7v2pFO5Q3rVR7qMRiUHgdacJ44lSNjzgY96Qy3RTA2VBNOBBGR +3oAWiiigAooooA//0OiopKM1kaDZHCLk1z099I26ZT8oO1R+maXV7jcwiQ9B/Osm +dgifZ+pRv8/zppCbFRv3ZllJI6KM9exqkW5zQWPTtTT61ZID5eRTyc1FnsacB2oE +S+dKy7C7Y9MnH5U4TybPKzwOKreop49aBjt1OzmmH1pM8UATLM4XGSRxwfbpVn7U +7yq7HJFZ465pwPNKwHYpdA5T0J/KpLScSbVB6Er+VctDK6knOR3rf0kFsue24/mf +/rGpaKNyiiikAUUUUAf/0ehqmJ1G8ucYNW6x9RiIUzL34NYmhi6g+Z1kHBIz+dUC +xJyetSzyGRuar7TWiIF69KNnekwRzTstTAYRSZqTBNBQ0AMJzQDinbDThEx7UBYY +abVjyW9KTyW9KVwsQZpRTzGR1pmKYE0Z5ye9dZpGDbkjjnH5Vx4OK1dMuxDON5+U +qQf5j8uaTGdlRTEdXUOpBB6EdKfUDCiiimI//9LeNU7xglu7E8AZq2TgZrldQuHe +Z4g2VHGMYrJFsy2bJzihVJpwXJwOSa1YLcKMnrVN2ElcopbO9WksfWtFVAqUCocj +RRKK2SCpfsielXRS0rlcqKi2kY6iphboOcVKM07mlcLFfyUHamGBSelWqaaLhYov +aKRWbPZsvK1v1G6g1SkJxOTIIODQDg1q3duPvLWSwNaJ3MmrHW6PdRmEWxPzr0Hq +K3M159BKY5klH8JBr0BTkAmkwQ6iiikM/9PTvLgW0Blxkjp9a493MjtK3Vjmt7WJ +cRrF/eOfyrnh0rOJTLNsmW3GtpRxWdaKMVpgVMjSI4YpwpBTuaksdSjNIM04fWkM +MGlwaMn1pOfWgQvNNNLk0mRQMbSGlyKQ0wK8yBl5rAnj2ua6RhkVh3Yy2auJlNFF +CQcjgiu50+c3FqjnqBg59a4auo0OUmN4ic4OQParZmjfopKKgo//1K+sHM6DttNZ +ArW1b/Xr/u1kjk1C2KZrWowuavCq0K7EAqcVmzVD8mnAtTBUlIoUE08ZpoFSUhiZ +PtSZNLSgcUANyaTNPxSGgCPiilNJTAQ8isW8Ta2fWto1QvUDRFv7vNVEiS0MI8Gt +fRiVvBjGMHP44rJYd60dLP8Apkf41ozE7SiiioKP/9WPWIsFZfwrHiGZFrodYXNs +rf3WH68Vg2g3TAemTWa2L6mwtOLBetQySCMe9U/OYnJ61Ni7mh5oAyaVbhM4yKzy +0j9ttHk9807BzGykit0qUc1kRqyHg1pRvxSaKTJsU7GBTAc04nApDIJZ1j6mqhvF +PXipZVDnmqbxxCqSJbZbWZW6HNO8wd6zeF+4/wCdG6T6j2osHMaoORUTjcpHrVaO +Q9KtZyuaQXOdbgkelWdPYLdxk9N39Krz8SsPeruloHvVHpk/lWhkdoKKQcDFFQM/ +/9a9frvtJB7VzliMyk+1dDfcwe2awrFSJGz2H9ayWxZYkXcxzUJB3bE61dI71Sfc +WITigqxII4x985PuaUxREfKPxFUriLYFI5z3qOEFpEVMjOAfr3p2DmLoZozg8irU +cmelQFSjbJOR605UKHjpSGa0RyKbI2KjibApshzUlFaRz0FQAKT83NWGUDk9aqyR +M0bt3A4FUInDxDg4pTGpG5P0rHABUrjnOc+3pWgsLxojocNjkU7EqVyyq7utTKMD +FNiORzU2Kkqxg3sZSYn15p+nytFdK6jJwR+dT6kn3X/Co7GMjMntirvoZ21Ostrg +XAPGCvWrOKzNNHDmtSpG1qf/1714u+3YfSsm2Qo0hPritqbmJvpWXGeD9ayNUPIz +ULJg5qegipLsVmAYYYZFIixocooB9asbAaXZTuFiH8KDyamI2iowKAJlHFBGacvS +jvSKIskcUzOO1TY5p/lg8igViqI06hFz64qTGal2CnBR2p3FYaq4p9OApp4pDsU7 +5N0Deo5FNtVAiVfQCprk/uW9xinRrsRVPYVXQlLU0LBdqt9a0c1UtR+7OPWrVBMt +z//Q05P9W30NZKHlhWs43KR6isjOGH5GsTVE1LTAafmkWhRS02jNBQjc02lagDNA +iRTR3p6IO9DAUDEI70vOKapwcGpCOKAQ2lFNGaXNAx1MY0uaYxoJZBMN21PU5/Kp +B8zZ/hFAXcTnpjFTKuflUfSmJGjajEP1JqxTUXYgT0FOpmbP/9HUNZlxHh9/Y1pG +oyAeDWRpczgafUfQkU8Ui0OpV5NIKkXikURyEAiq3musmMZX1qw+D1qttweKaJZZ +E1RyySkfusZ9TQExyakCfLntTC4kbMRhutWx0quuF6VMrA1LGgIppqWojQMKYadT +DQIegOOAav28LKd78egotP8AUj6mrVUQ5dB1FJRQSf/S0mplPamVkWUJRiQimipb +gYYN68VEDSZaJBSs2OlNB4zULS7OTRYdxSSacAOpqobjJwoNIJjn5lNOwI0D83Q0 +uVVdpNZ3m85UGnrI/XaaLFWLwIo6dKo7pT2FPDzZwoosJo0FbtQ1VkZs89asMcgU +mhXGmm0tNwScDvQM1LcYhX86s1Eo2gKO3FPFMyHUtJRQB//T0mqOpDUZrIsilXeh +HfqKog9q0aoyrsfI6GgaYqHsaYyAtzSr60ueaRRGVU9aQIOxqQgmmmLPTNBSY4Lj +0p2D6ioPJb1PFOWF/wC8aY+ckCZ6mngBeBTVhYHrUoAX60hOQ0rzmnseKQ0hPGKC +RCeKmtk3Sbz0X+dVuScVJDfQxO0Eg27OrdqaQmzXpwpikMAw5Bp4oJHUUlLQB//U +0jURqQ1FWRYVFIocbTUlNNMCiPlO09RS5BNRswkd8fwnFR7iODSsO5aB4p2arBhU +qsOlKw7k1ANN3cUAgcGgZLnim5pu4Gk3CiwXH0xjxURkycClCnrTsTcmQdzWLc/6 +9z6nH6VuqOM1h3IzJNzjkH9BVRCWxY0y6dbgK7Eq/BB9exrqhXKWMaYfJBJPTuPQ +j6GunQkqC3Xv9aJEolpaZmlzUjP/1b5php1MNZFiVBOxWMlcZ7ZqY1UuwDGc+lNC +ZnWZwHU9c1Zcd6o2f33rRbpTe41sVyvpSh2FLTT3oAeJDS+YfSoqUUAP3t0FKAzd +aFqwoFACKoA4qULk4ph61OnSpGhTwMVh3OfMYrxmtlu9Y1x/rDQhsk09gsyhuQeC +PWukiJBaNjll4P19axlAFohHtWhbH959VH9a0lsZrcv0tJRWRR//2YkCTgQTAQgA +OBYhBLW13TMhQq1lfo2HrH0n5hC4o9xSBQJgN4HxAhsDBQsJCAcCBhUKCQgLAgQW +AgMBAh4BAheAAAoJEH0n5hC4o9xSm/AQAM1VQ6ulVGptsosNJYB+HigxIMZiXtIn +tddo1oJ2HzucgHGF2VJemu5m2NxKrckNQdlO5AvYiD3cGsx1GCcUCqrVJnpVSzn0 +x2vAUd5Iu5AO6VLuWfz6lLzLYFmR7le1eEVV9PWpiFo5JmhCxFlmzbJ/LXg2rm+b +gGwYg9PaW4zeJR721BE0YYzAdiiyih0oYQqm1rIpp5+rzHL34UeajNU8krcViWDv +Q6qSKnkk4RQzzWWo5ByjDxB9UBF5eX1Ls/CyFzCpsNaPooKAxC1MQy53GrQIN4Wq +Y73BMsfEutMvdWxgL5/zWKIS5Fd+hD9wTtOotu00PzamCq+5CnsggILpJenrHWSR +6xoSgBL6iYjAq1DaLvGUv8/+gnblLkdh3A9+lCqqb45yAbBlZS4w12Jmfov+WKLS +e464WTG0VTySkShhrwHKWkekXzCusx8nIow1FKo257N97fMLJFWRlBhCHcgtoYmq +3a49CUndqAmM9MT1/8RX21xUq/vI3aTSXqnjgo+y5EMKNM6Q8u0KgVvxzNRyoyh6 +cJWgW+lXM55X8M1SDBruQBfTF2lnJbxq02hXyuDhWbtuhLCs01z3AxO42PZVuwqI +/U7chZGzC2e02DPY0TVwbGJU6SEKg6wrZEeAzH7igRWR2AHGUEX0AzEkZD72mvZZ +TMtW3ci6/EGZiQIzBBMBCAAdFiEEh0AgjA6T/sgO6/kTt3xS7sIXcd0FAmA3iFkA +CgkQt3xS7sIXcd26xQ//dvjcgYkVg0KdAUQWE0KWFwHgW5mJWyITZs5PcwkArIGh +pJCns9CRq5EGwGQuLWvhWBAloH+qFI83ydptPoxztZoy7keK1tCdDTNhk2RLhp98 +4CP5oObh6xgpuMQ1hVtwwdhOErGpU/auHgIr4qtScvsfLlhoXHCttzvnBkgiGKi+ +bn7hH+mGS6XCDDTXggh4s3wRZ/snaqy8WcaprfK3dw5Tpgck0pexikVcyI6sbruu +euGwbUZ5JwuFNnRQzmjPqJk6ZC3tYqPslZFBKi83HXq4T2liTSI2m8eK/gWU512G +T4HeLlkiSMLYOJeX+gKI25StkzXBqQoVKQJVc6RG8wdv34hSdFT0h1T6xtGKmb6y +W0c855yFrp2yefSS9+R3DFxBEqo7YtGF1J53v87GBeYnFMRw6vZnon+Kurttn8ah +gZP0veyb1JtCgBWAS6HVb2q6k/Uw+nt++NAZbr69rtnyzyrMNVvMnuM/L1diYfD0 +bncHd1Oj8KTHmFj7J9He2ytelfB/MFUmnkPWtAugPtnQMTGPYyb4VsOF53QsR0+8 +bJGGI7M3tk/C03sXGfMpYMUyKK7uyGWbKg97iKXQLIoHaI3zbIYNUMh//JspxCqg +14GbQx8yaLDdyeORn8wmgsVy9qNEsc/PHJO8644KNZJM9x1fDihztBsRbRzwjVaJ +AjMEEgEIAB0WIQRebW6uFsPadUULIZyagE6X1wecdwUCYED2egAKCRCagE6X1wec +d5gKD/42YYeUFgaQDABPG45afoqwyP8H1xDi6W5F47wVFwI1GdSBmIqKGhNONwYS +toeFKcX1ed0gBbFVkwaWEFKCeo0VjWcLYE1YaxL8ybo+iVrFfd/oEHyf414uvnur +4jNVwqUmtYQMaLlXq2a9tVAGNtsgqsZKEYBanWDXm24z5l2rDGxLlVi7xTGU3pZE +LfTF3HvZlN3l/ggagXF+2ocT5O0vTX1OO8x0lknTqhbjTJfi+ObJxV4DyE0ifQyh +3smBUyxZwCcF9MhRKYnEcf8gbsCPDLoiwCGz0o7cKz2blm7NsTgxZXoS0HRx0/wy +QHS+6mIDuH1gMLeEvJUql7cdKqGAbG5QD9xGPoW6PiTpFTtVusjxD4dIvil5oth5 +r9btVNtoSysEuL13BjBkrO4JuqVZvEdHFGjNE00q6JrI/SpeBZrRR/YZvLCgUZ9J +w9S6g/usazLEAnOs2EH37yMFA3h3Jr+8l31CkGWBlbLHWc/6ufuyYo4F98TJ7WRV +vq2RbAMziHMkDH47iMt2PkycLhqPplzbTyVVS/2r1u1d8vfhWlznASuT0/d6cpi0 +H9L/nqe2Mkst32e/X7jr54lSfURmKC+plNn4QQY61DcaUDw5UsMvl/ieDg7OqBeI +JVgitbDLfIC15B5oRHalAmBOE9OulvvnqxZCHdQ63XunRIbviw== +=+Re0 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.oidc.common/truststore.asc.backup b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/net.shibboleth.oidc.common/truststore.asc.backup new file mode 100644 index 0000000..e69de29 diff --git a/src/test/docker/shibboleth-idp/credentials/shib-idp/sealer.jks b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/sealer.jks similarity index 100% rename from src/test/docker/shibboleth-idp/credentials/shib-idp/sealer.jks rename to src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/sealer.jks diff --git a/src/test/docker/shibboleth-idp/credentials/shib-idp/sealer.kver b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/sealer.kver similarity index 100% rename from src/test/docker/shibboleth-idp/credentials/shib-idp/sealer.kver rename to src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/sealer.kver diff --git a/src/test/docker/shibboleth-idp/credentials/shib-idp/secrets.properties b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/secrets.properties similarity index 100% rename from src/test/docker/shibboleth-idp/credentials/shib-idp/secrets.properties rename to src/test/docker/shibboleth-idp/opt-shibboleth-idp/credentials/secrets.properties diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/ant-1.10.14.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/ant-1.10.14.jar new file mode 100644 index 0000000..d175341 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/ant-1.10.14.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/ant-launcher-1.10.14.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/ant-launcher-1.10.14.jar new file mode 100644 index 0000000..54c10ad Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/ant-launcher-1.10.14.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/bcpg-jdk18on-1.76.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/bcpg-jdk18on-1.76.jar new file mode 100644 index 0000000..f478624 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/bcpg-jdk18on-1.76.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/commons-compress-1.23.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/commons-compress-1.23.0.jar new file mode 100644 index 0000000..38e5505 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/commons-compress-1.23.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/idp-cli-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/idp-cli-5.0.0.jar new file mode 100644 index 0000000..5c25632 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/idp-cli-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/idp-installer-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/idp-installer-5.0.0.jar new file mode 100644 index 0000000..1a901cf Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/idp-installer-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/jcommander-1.81.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/jcommander-1.81.jar new file mode 100644 index 0000000..699c543 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/jcommander-1.81.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/shib-cli-9.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/shib-cli-9.0.0.jar new file mode 100644 index 0000000..e0c2f2a Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/binlib/shib-cli-9.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/idp.installed.version b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/idp.installed.version new file mode 100644 index 0000000..3ccd980 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/idp.installed.version @@ -0,0 +1,4 @@ +#Version file written at 2023-11-06T17:48:23.270808669Z +#Mon Nov 06 17:48:23 UTC 2023 +idp.installed.version=5.0.0 +idp.previous.installed.version= diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-contents/net.shibboleth.idp.plugin.nashorn b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-contents/net.shibboleth.idp.plugin.nashorn new file mode 100644 index 0000000..ce35636 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-contents/net.shibboleth.idp.plugin.nashorn @@ -0,0 +1,12 @@ +#Files Copied 2023-11-08T14:10:20.094540150Z +#Wed Nov 08 14:10:20 UTC 2023 +idp.plugin.file.1=dist/plugin-webapp/WEB-INF/lib/asm-util-7.3.1.jar +idp.plugin.version=2.0.0 +idp.plugin.file.2=dist/plugin-webapp/WEB-INF/lib/asm-analysis-7.3.1.jar +idp.plugin.file.3=dist/plugin-webapp/WEB-INF/lib/asm-commons-7.3.1.jar +idp.plugin.relativePaths=true +idp.plugin.file.4=dist/plugin-webapp/WEB-INF/lib/idp-plugin-nashorn-jdk-impl-2.0.0.jar +idp.plugin.file.5=dist/plugin-webapp/WEB-INF/lib/asm-7.3.1.jar +idp.plugin.file.6=dist/plugin-webapp/WEB-INF/lib/nashorn-core-15.4.jar +idp.plugin.file.7=dist/plugin-webapp/WEB-INF/lib/idp-plugin-scripting-api-2.0.0.jar +idp.plugin.file.8=dist/plugin-webapp/WEB-INF/lib/asm-tree-7.3.1.jar diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-contents/net.shibboleth.idp.plugin.oidc.config b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-contents/net.shibboleth.idp.plugin.oidc.config new file mode 100644 index 0000000..6c18d98 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-contents/net.shibboleth.idp.plugin.oidc.config @@ -0,0 +1,5 @@ +#Files Copied 2023-11-06T17:58:18.554634463Z +#Mon Nov 06 17:58:18 UTC 2023 +idp.plugin.file.1=dist/plugin-webapp/WEB-INF/lib/idp-plugin-oidc-config-impl-2.0.0.jar +idp.plugin.version=2.0.0 +idp.plugin.relativePaths=true diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-contents/net.shibboleth.idp.plugin.oidc.op b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-contents/net.shibboleth.idp.plugin.oidc.op new file mode 100644 index 0000000..ca5c5e8 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-contents/net.shibboleth.idp.plugin.oidc.op @@ -0,0 +1,6 @@ +#Files Copied 2023-11-06T18:03:52.222771240Z +#Mon Nov 06 18:03:52 UTC 2023 +idp.plugin.file.1=dist/plugin-webapp/WEB-INF/lib/idp-plugin-oidc-op-api-4.0.0.jar +idp.plugin.version=4.0.0 +idp.plugin.file.2=dist/plugin-webapp/WEB-INF/lib/idp-plugin-oidc-op-impl-4.0.0.jar +idp.plugin.relativePaths=true diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-contents/net.shibboleth.oidc.common b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-contents/net.shibboleth.oidc.common new file mode 100644 index 0000000..b4a2c12 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-contents/net.shibboleth.oidc.common @@ -0,0 +1,21 @@ +#Files Copied 2023-11-06T17:57:25.550970856Z +#Mon Nov 06 17:57:25 UTC 2023 +idp.plugin.file.11=dist/plugin-webapp/WEB-INF/lib/oidc-common-profile-impl-3.0.0.jar +idp.plugin.file.12=dist/plugin-webapp/WEB-INF/lib/oidc-common-profile-api-3.0.0.jar +idp.plugin.file.13=dist/plugin-webapp/WEB-INF/lib/oidc-common-attribute-impl-3.0.0.jar +idp.plugin.file.14=dist/plugin-webapp/WEB-INF/lib/oidc-common-crypto-api-3.0.0.jar +idp.plugin.file.15=dist/plugin-webapp/WEB-INF/lib/json-smart-2.4.8.jar +idp.plugin.file.16=dist/plugin-webapp/WEB-INF/lib/oidc-common-saml-api-3.0.0.jar +idp.plugin.file.17=dist/plugin-webapp/WEB-INF/lib/lang-tag-1.7.jar +idp.plugin.file.1=dist/plugin-webapp/WEB-INF/lib/oidc-common-crypto-impl-3.0.0.jar +idp.plugin.version=3.0.0 +idp.plugin.file.2=dist/plugin-webapp/WEB-INF/lib/accessors-smart-1.2.jar +idp.plugin.file.3=dist/plugin-webapp/WEB-INF/lib/oidc-common-metadata-api-3.0.0.jar +idp.plugin.relativePaths=true +idp.plugin.file.4=dist/plugin-webapp/WEB-INF/lib/oidc-common-metadata-impl-3.0.0.jar +idp.plugin.file.5=dist/plugin-webapp/WEB-INF/lib/nimbus-jose-jwt-9.29.jar +idp.plugin.file.6=dist/plugin-webapp/WEB-INF/lib/oauth2-oidc-sdk-10.5.1.jar +idp.plugin.file.7=dist/plugin-webapp/WEB-INF/lib/oidc-common-attribute-api-3.0.0.jar +idp.plugin.file.10=dist/plugin-webapp/WEB-INF/lib/oidc-common-plugin-3.0.0.jar +idp.plugin.file.8=dist/plugin-webapp/WEB-INF/lib/content-type-2.2.jar +idp.plugin.file.9=dist/plugin-webapp/WEB-INF/lib/oidc-common-saml-impl-3.0.0.jar diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/accessors-smart-1.2.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/accessors-smart-1.2.jar new file mode 100644 index 0000000..f4505e9 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/accessors-smart-1.2.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/asm-7.3.1.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/asm-7.3.1.jar new file mode 100644 index 0000000..8a50266 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/asm-7.3.1.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/asm-analysis-7.3.1.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/asm-analysis-7.3.1.jar new file mode 100644 index 0000000..1f83a5e Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/asm-analysis-7.3.1.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/asm-commons-7.3.1.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/asm-commons-7.3.1.jar new file mode 100644 index 0000000..65fb30e Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/asm-commons-7.3.1.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/asm-tree-7.3.1.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/asm-tree-7.3.1.jar new file mode 100644 index 0000000..28858f4 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/asm-tree-7.3.1.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/asm-util-7.3.1.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/asm-util-7.3.1.jar new file mode 100644 index 0000000..4fe6c52 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/asm-util-7.3.1.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/content-type-2.2.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/content-type-2.2.jar new file mode 100644 index 0000000..40463fc Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/content-type-2.2.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/idp-plugin-nashorn-jdk-impl-2.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/idp-plugin-nashorn-jdk-impl-2.0.0.jar new file mode 100644 index 0000000..fa7afa7 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/idp-plugin-nashorn-jdk-impl-2.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/idp-plugin-oidc-config-impl-2.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/idp-plugin-oidc-config-impl-2.0.0.jar new file mode 100644 index 0000000..3f0389a Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/idp-plugin-oidc-config-impl-2.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/idp-plugin-oidc-op-api-4.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/idp-plugin-oidc-op-api-4.0.0.jar new file mode 100644 index 0000000..b98ae9b Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/idp-plugin-oidc-op-api-4.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/idp-plugin-oidc-op-impl-4.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/idp-plugin-oidc-op-impl-4.0.0.jar new file mode 100644 index 0000000..33ccb2d Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/idp-plugin-oidc-op-impl-4.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/idp-plugin-scripting-api-2.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/idp-plugin-scripting-api-2.0.0.jar new file mode 100644 index 0000000..43527d0 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/idp-plugin-scripting-api-2.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/json-smart-2.4.8.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/json-smart-2.4.8.jar new file mode 100644 index 0000000..213ffe0 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/json-smart-2.4.8.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/lang-tag-1.7.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/lang-tag-1.7.jar new file mode 100644 index 0000000..c089707 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/lang-tag-1.7.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/nashorn-core-15.4.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/nashorn-core-15.4.jar new file mode 100644 index 0000000..b472660 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/nashorn-core-15.4.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/nimbus-jose-jwt-9.29.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/nimbus-jose-jwt-9.29.jar new file mode 100644 index 0000000..5f801ca Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/nimbus-jose-jwt-9.29.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oauth2-oidc-sdk-10.5.1.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oauth2-oidc-sdk-10.5.1.jar new file mode 100644 index 0000000..949d0a0 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oauth2-oidc-sdk-10.5.1.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-attribute-api-3.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-attribute-api-3.0.0.jar new file mode 100644 index 0000000..fca1d1e Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-attribute-api-3.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-attribute-impl-3.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-attribute-impl-3.0.0.jar new file mode 100644 index 0000000..e53395e Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-attribute-impl-3.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-crypto-api-3.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-crypto-api-3.0.0.jar new file mode 100644 index 0000000..95d122b Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-crypto-api-3.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-crypto-impl-3.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-crypto-impl-3.0.0.jar new file mode 100644 index 0000000..e610ff5 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-crypto-impl-3.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-metadata-api-3.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-metadata-api-3.0.0.jar new file mode 100644 index 0000000..10ec24d Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-metadata-api-3.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-metadata-impl-3.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-metadata-impl-3.0.0.jar new file mode 100644 index 0000000..38d1716 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-metadata-impl-3.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-plugin-3.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-plugin-3.0.0.jar new file mode 100644 index 0000000..0aa4465 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-plugin-3.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-profile-api-3.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-profile-api-3.0.0.jar new file mode 100644 index 0000000..4de6fa7 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-profile-api-3.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-profile-impl-3.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-profile-impl-3.0.0.jar new file mode 100644 index 0000000..cb03d54 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-profile-impl-3.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-saml-api-3.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-saml-api-3.0.0.jar new file mode 100644 index 0000000..f57dcdc Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-saml-api-3.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-saml-impl-3.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-saml-impl-3.0.0.jar new file mode 100644 index 0000000..087db21 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/plugin-webapp/WEB-INF/lib/oidc-common-saml-impl-3.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/META-INF/MANIFEST.MF b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/META-INF/MANIFEST.MF new file mode 100644 index 0000000..5205f28 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/META-INF/MANIFEST.MF @@ -0,0 +1,4 @@ +Manifest-Version: 1.0 +Created-By: Maven WAR Plugin 3.3.2 +Build-Jdk-Spec: 17 + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/idpui.tld b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/idpui.tld new file mode 100644 index 0000000..0193edb --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/idpui.tld @@ -0,0 +1,257 @@ + + + + 1.0 + idpui + urn:mace:shibboleth:2.0:idp:ui + + + Service Name - some user friendly description about the relying party + serviceName + net.shibboleth.idp.ui.taglib.ServiceNameTag + empty + + defaultValue + false + true + + + uiContext + false + true + net.shibboleth.idp.ui.context.RelyingPartyUIContext + + + + + Service Description - taken from the mdui statement + serviceDescription + net.shibboleth.idp.ui.taglib.ServiceDescriptionTag + scriptless + + uiContext + false + true + net.shibboleth.idp.ui.context.RelyingPartyUIContext + + + + + Service Contact - information about the contact at the SP + serviceContact + net.shibboleth.idp.ui.taglib.ServiceContactTag + scriptless + + contactType + false + true + + + name + false + true + + + cssId + false + true + + + cssClass + false + true + + + cssStyle + false + true + + + uiContext + false + true + net.shibboleth.idp.ui.context.RelyingPartyUIContext + + + + + Service Privacy URL - directly from the metadata if present + servicePrivacyURL + net.shibboleth.idp.ui.taglib.ServicePrivacyURLTag + scriptless + + linkText + true + true + + + cssId + false + true + + + cssClass + false + true + + + cssStyle + false + true + + + uiContext + false + true + net.shibboleth.idp.ui.context.RelyingPartyUIContext + + + + + Service Information URL - directly from the metadata if present + serviceInformationURL + net.shibboleth.idp.ui.taglib.ServiceInformationURLTag + scriptless + + linkText + true + true + + + cssId + false + true + + + cssClass + false + true + + + cssStyle + false + true + + + uiContext + false + true + net.shibboleth.idp.ui.context.RelyingPartyUIContext + + + + + Logo for the SP + serviceLogo + net.shibboleth.idp.ui.taglib.ServiceLogoTag + scriptless + + alt + false + true + + + minHeight + false + true + + + maxHeight + false + true + + + minWidth + false + true + + + maxWidth + false + true + + + cssId + false + true + + + cssClass + false + true + + + cssStyle + false + true + + + uiContext + false + true + net.shibboleth.idp.ui.context.RelyingPartyUIContext + + + + + Service Organization Name - directly from the metadata if present + organizationName + net.shibboleth.idp.ui.taglib.OrganizationNameTag + scriptless + + uiContext + false + true + net.shibboleth.idp.ui.context.RelyingPartyUIContext + + + + + Service Organization Display Name - directly from the metadata if present + organizationDisplayName + net.shibboleth.idp.ui.taglib.OrganizationDisplayNameTag + scriptless + + uiContext + false + true + net.shibboleth.idp.ui.context.RelyingPartyUIContext + + + + + Service Organization URL - directly from the metadata if present + organizationURL + net.shibboleth.idp.ui.taglib.OrganizationURLTag + scriptless + + linkText + true + true + + + cssId + false + true + + + cssClass + false + true + + + cssStyle + false + true + + + uiContext + false + true + net.shibboleth.idp.ui.context.RelyingPartyUIContext + + + + \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/jsp/metadata.jsp b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/jsp/metadata.jsp new file mode 100644 index 0000000..b7ab312 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/jsp/metadata.jsp @@ -0,0 +1,41 @@ +<% +final org.springframework.web.context.WebApplicationContext springContext = + org.springframework.web.context.support.WebApplicationContextUtils.getRequiredWebApplicationContext(request.getServletContext()); + +String path = springContext.getEnvironment().getProperty("idp.entityID.metadataFile"); +if (path != null) { + path = springContext.getEnvironment().resolvePlaceholders(path.replace("%{", "${")); +} else { + path = springContext.getEnvironment().getProperty("idp.home") + "/metadata/idp-metadata.xml"; +} + +if (path.isEmpty()) { + response.sendError(404); +} else { + final String acceptHeader = request.getHeader("Accept"); + if (acceptHeader != null && !acceptHeader.contains("application/samlmetadata+xml")) { + response.setContentType("application/xml"); + } else { + response.setContentType("application/samlmetadata+xml"); + } + + java.io.InputStreamReader in = null; + try { + in = new java.io.InputStreamReader(new java.io.FileInputStream(path),"UTF8"); + int i; + while ((i = in.read()) != -1) { + out.write(i); + } + } catch (final java.io.IOException e) { + out.println(e.getMessage()); + return; + } finally { + if (null != in) { + try { + in.close(); + } catch (java.io.IOException e) { + } + } + } +} +%> \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/jsp/status.jsp b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/jsp/status.jsp new file mode 100644 index 0000000..69f1992 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/jsp/status.jsp @@ -0,0 +1,161 @@ +<%@ page language="java" contentType="text/plain; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ page trimDirectiveWhitespaces="true" %> +<%@ page import="java.util.ArrayList" %> +<%@ page import="java.util.Map" %> +<%@ page import="java.util.Set" %> +<%@ page import="java.util.Map.Entry" %> +<%@ page import="java.util.Collection" %> +<%@ page import="java.util.Collections" %> +<%@ page import="java.util.Optional" %> +<%@ page import="java.util.ServiceLoader" %> +<%@ page import="java.util.ServiceLoader.Provider" %> +<%@ page import="java.time.Duration" %> +<%@ page import="java.time.Instant" %> +<%@ page import="java.time.format.DateTimeFormatter" %> +<%@ page import="org.springframework.core.env.Environment" %> +<%@ page import="org.springframework.webflow.execution.RequestContext" %> +<%@ page import="net.shibboleth.idp.Version" %> +<%@ page import="com.codahale.metrics.MetricSet" %> +<%@ page import="com.codahale.metrics.Gauge" %> +<%@ page import="net.shibboleth.idp.module.IdPModule" %> +<%@ page import="net.shibboleth.idp.plugin.IdPPlugin" %> +<%@ page import="net.shibboleth.profile.module.ModuleContext" %> +<%@ page import="net.shibboleth.shared.component.IdentifiedComponent" %> +<%@ page import="net.shibboleth.shared.service.ReloadableService" %> +<% +final RequestContext requestContext = (RequestContext) request.getAttribute("flowRequestContext"); +final DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ISO_INSTANT; +final Instant now = Instant.now(); +final Instant startupTime = Instant.ofEpochMilli(requestContext.getActiveFlow().getApplicationContext().getParent().getStartupDate()); +%>### Operating Environment Information +operating_system: <%= System.getProperty("os.name") %> +operating_system_version: <%= System.getProperty("os.version") %> +operating_system_architecture: <%= System.getProperty("os.arch") %> +jdk_version: <%= System.getProperty("java.version") %> +available_cores: <%= Runtime.getRuntime().availableProcessors() %> +used_memory: <%= (Runtime.getRuntime().totalMemory() - Runtime.getRuntime().freeMemory()) / 1048576 %> MB +maximum_memory: <%= Runtime.getRuntime().maxMemory() / 1048576 %> MB + +### Identity Provider Information +idp_version: <%= Version.getVersion() %> +start_time: <%= dateTimeFormatter.format(startupTime) %> +current_time: <%= dateTimeFormatter.format(now) %> +uptime: <%= Duration.ofMillis(now.toEpochMilli() - startupTime.toEpochMilli()).toString() %> + +<% +out.println(); +out.println(); +out.println("enabled modules: "); +final ModuleContext moduleContext = + new ModuleContext(((Environment) request.getAttribute("environment")).getProperty("idp.home")); +for (final IdPModule module : ServiceLoader.load(IdPModule.class)) { + if (module.isEnabled(moduleContext)) { + out.println("\t" + module.getId() + " (" + module.getName(moduleContext) + ")"); + } +} +out.println(); + +out.println("installed plugins: "); +for (final IdPPlugin plugin : ServiceLoader.load(IdPPlugin.class)) { + out.println("\t" + plugin.getPluginId() + " Version " + plugin.getMajorVersion() + "." + plugin.getMinorVersion() + "." + plugin.getPatchVersion()); +} +out.println(); + + +for (final ReloadableService service : (Collection) request.getAttribute("services")) { + final Instant successfulReload = service.getLastSuccessfulReloadInstant(); + final Instant lastReload = service.getLastReloadAttemptInstant(); + final Throwable cause = service.getReloadFailureCause(); + + out.println("service: " + ((IdentifiedComponent) service).getId()); + if (successfulReload != null) { + out.println("last successful reload attempt: " + dateTimeFormatter.format(successfulReload)); + } + if (lastReload != null) { + out.println("last reload attempt: " + dateTimeFormatter.format(lastReload)); + } + if (cause != null) { + out.println("last failure cause: " + cause.getClass().getName() + ": " + cause.getMessage()); + } + + out.println(); + + if (((IdentifiedComponent) service).getId().contains("Metadata")) { + + final MetricSet metrics = (MetricSet) request.getAttribute("metadataResolverGaugeSet"); + if (metrics == null || metrics.getMetrics().get("net.shibboleth.idp.metadata.refresh") == null) { + out.println("No Metadata Resolver Gauge Set Found"); + continue; + } + final Gauge> refreshes = (Gauge>) metrics.getMetrics().get("net.shibboleth.idp.metadata.refresh"); + final Gauge> updates = (Gauge>) metrics.getMetrics().get("net.shibboleth.idp.metadata.update"); + final Gauge> successes = (Gauge>) metrics.getMetrics().get("net.shibboleth.idp.metadata.successfulRefresh"); + final Gauge> rootValids = (Gauge>) metrics.getMetrics().get("net.shibboleth.idp.metadata.rootValidUntil"); + final Gauge> errors = (Gauge>) metrics.getMetrics().get("net.shibboleth.idp.metadata.error"); + + Set> entrySet = refreshes.getValue().entrySet(); + if (entrySet.isEmpty()) { + out.println("\tNo Metadata Resolver has ever attempted a reload"); + out.println(); + continue; + } + for (final Entry mr : entrySet) { + final String resolverId = mr.getKey(); + final Instant lastRefresh = mr.getValue(); + final Instant lastUpdate = updates == null ? null : updates.getValue().get(resolverId); + final Instant lastSuccessfulRefresh = successes == null ? null : successes.getValue().get(resolverId); + final Instant rootValidUntil = rootValids == null ? null : rootValids.getValue().get(resolverId); + final String lastError = errors == null ? null : errors.getValue().get(resolverId); + + out.println("\tmetadata source: " + resolverId); + if (lastRefresh != null) { + out.println("\tlast refresh attempt: " + dateTimeFormatter.format(lastRefresh)); + } + if (lastSuccessfulRefresh != null) { + out.println("\tlast successful refresh: " + dateTimeFormatter.format(lastSuccessfulRefresh)); + } + if (lastUpdate != null) { + out.println("\tlast update: " + dateTimeFormatter.format(lastUpdate)); + } + if (lastError != null) { + out.println("\tlast error: " + lastError); + } + if (rootValidUntil != null) { + out.println("\troot validUntil: " + dateTimeFormatter.format(rootValidUntil)); + } + out.println(); + } + } else if (((IdentifiedComponent) service).getId().contains("AttributeResolver")) { + + final MetricSet metrics = (MetricSet) request.getAttribute("attributeResolverGaugeSet"); + if (metrics == null || metrics.getMetrics().get("net.shibboleth.idp.attribute.resolver.failure") == null) { + out.println("No Attribute Resolver Gauge Set Found"); + continue; + } + final Gauge> failGauge = + (Gauge>) metrics.getMetrics().get("net.shibboleth.idp.attribute.resolver.failure"); + final Set> failSet = failGauge.getValue().entrySet(); + if (failSet.isEmpty()) { + out.println("\tNo Data Connector has ever failed"); + out.println(); + continue; + } + final Gauge> successGauge = + (Gauge>) metrics.getMetrics().get("net.shibboleth.idp.attribute.resolver.success"); + final Map successMap = successGauge.getValue(); + final ArrayList failingConnectors = new ArrayList<>(); + for (final Entry en : failSet) { + final String connectorId = en.getKey(); + final Instant lastFail = en.getValue(); + out.println("\tDataConnector " + connectorId + ": last failed at " + dateTimeFormatter.format(lastFail)); + out.println(); + final Instant lastSuccess = successMap.get(connectorId); + if (lastSuccess == null || lastSuccess.isBefore(lastFail)) { + failingConnectors.add(connectorId); + } + } + out.println("\tCurrently failing: " + failingConnectors); + out.println(); + } +} +%> diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/annotations-17.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/annotations-17.0.0.jar new file mode 100644 index 0000000..477f7d0 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/annotations-17.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/bcpkix-jdk18on-1.76.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/bcpkix-jdk18on-1.76.jar new file mode 100644 index 0000000..16c2f0b Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/bcpkix-jdk18on-1.76.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/bcprov-jdk18on-1.76.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/bcprov-jdk18on-1.76.jar new file mode 100644 index 0000000..c0c8994 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/bcprov-jdk18on-1.76.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/bcutil-jdk18on-1.76.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/bcutil-jdk18on-1.76.jar new file mode 100644 index 0000000..2c2ab91 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/bcutil-jdk18on-1.76.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/checker-qual-3.33.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/checker-qual-3.33.0.jar new file mode 100644 index 0000000..61761fd Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/checker-qual-3.33.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/commons-codec-1.16.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/commons-codec-1.16.0.jar new file mode 100644 index 0000000..854fc7e Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/commons-codec-1.16.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/commons-compiler-3.1.10.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/commons-compiler-3.1.10.jar new file mode 100644 index 0000000..0f6dfe2 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/commons-compiler-3.1.10.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/commons-dbcp2-2.9.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/commons-dbcp2-2.9.0.jar new file mode 100644 index 0000000..ddfd42c Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/commons-dbcp2-2.9.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/commons-lang3-3.13.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/commons-lang3-3.13.0.jar new file mode 100644 index 0000000..891540f Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/commons-lang3-3.13.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/commons-pool2-2.10.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/commons-pool2-2.10.0.jar new file mode 100644 index 0000000..4f8e0df Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/commons-pool2-2.10.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/cryptacular-1.2.6.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/cryptacular-1.2.6.jar new file mode 100644 index 0000000..2a30d70 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/cryptacular-1.2.6.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/error_prone_annotations-2.18.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/error_prone_annotations-2.18.0.jar new file mode 100644 index 0000000..e072fe0 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/error_prone_annotations-2.18.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/failureaccess-1.0.1.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/failureaccess-1.0.1.jar new file mode 100644 index 0000000..9b56dc7 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/failureaccess-1.0.1.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/guava-32.1.2-jre.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/guava-32.1.2-jre.jar new file mode 100644 index 0000000..e71fd46 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/guava-32.1.2-jre.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/httpclient5-5.2.1.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/httpclient5-5.2.1.jar new file mode 100644 index 0000000..b9cdadc Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/httpclient5-5.2.1.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/httpclient5-cache-5.2.1.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/httpclient5-cache-5.2.1.jar new file mode 100644 index 0000000..b5421d0 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/httpclient5-cache-5.2.1.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/httpcore5-5.2.2.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/httpcore5-5.2.2.jar new file mode 100644 index 0000000..d6582fa Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/httpcore5-5.2.2.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/httpcore5-h2-5.2.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/httpcore5-h2-5.2.jar new file mode 100644 index 0000000..eada8eb Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/httpcore5-h2-5.2.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-admin-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-admin-api-5.0.0.jar new file mode 100644 index 0000000..3405153 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-admin-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-admin-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-admin-impl-5.0.0.jar new file mode 100644 index 0000000..c47674f Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-admin-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-authn-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-authn-api-5.0.0.jar new file mode 100644 index 0000000..b30f214 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-authn-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-authn-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-authn-impl-5.0.0.jar new file mode 100644 index 0000000..aa89042 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-authn-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-cas-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-cas-api-5.0.0.jar new file mode 100644 index 0000000..dfd1bd1 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-cas-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-cas-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-cas-impl-5.0.0.jar new file mode 100644 index 0000000..4c2451a Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-cas-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-conf-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-conf-impl-5.0.0.jar new file mode 100644 index 0000000..be2fd09 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-conf-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-consent-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-consent-api-5.0.0.jar new file mode 100644 index 0000000..2270219 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-consent-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-consent-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-consent-impl-5.0.0.jar new file mode 100644 index 0000000..f4f52f6 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-consent-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-core-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-core-5.0.0.jar new file mode 100644 index 0000000..652270e Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-core-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-profile-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-profile-api-5.0.0.jar new file mode 100644 index 0000000..a32cc4e Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-profile-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-profile-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-profile-impl-5.0.0.jar new file mode 100644 index 0000000..97c2d60 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-profile-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-saml-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-saml-api-5.0.0.jar new file mode 100644 index 0000000..6483d10 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-saml-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-saml-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-saml-impl-5.0.0.jar new file mode 100644 index 0000000..fa2bbf9 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-saml-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-schema-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-schema-5.0.0.jar new file mode 100644 index 0000000..1980fae Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-schema-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-session-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-session-api-5.0.0.jar new file mode 100644 index 0000000..0d9bcc7 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-session-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-session-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-session-impl-5.0.0.jar new file mode 100644 index 0000000..a59113a Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-session-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-spring-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-spring-5.0.0.jar new file mode 100644 index 0000000..7fa620b Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-spring-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-ui-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-ui-5.0.0.jar new file mode 100644 index 0000000..18c9535 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/idp-ui-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/j2objc-annotations-2.8.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/j2objc-annotations-2.8.jar new file mode 100644 index 0000000..3595c4f Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/j2objc-annotations-2.8.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jackson-annotations-2.15.2.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jackson-annotations-2.15.2.jar new file mode 100644 index 0000000..f8799c3 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jackson-annotations-2.15.2.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jackson-core-2.15.2.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jackson-core-2.15.2.jar new file mode 100644 index 0000000..a0e7486 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jackson-core-2.15.2.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jackson-databind-2.15.2.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jackson-databind-2.15.2.jar new file mode 100644 index 0000000..86f9a86 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jackson-databind-2.15.2.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jackson-datatype-jsr310-2.15.2.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jackson-datatype-jsr310-2.15.2.jar new file mode 100644 index 0000000..8fa20e9 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jackson-datatype-jsr310-2.15.2.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jakarta.activation-2.0.1.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jakarta.activation-2.0.1.jar new file mode 100644 index 0000000..521c7c4 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jakarta.activation-2.0.1.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jakarta.json-2.0.1.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jakarta.json-2.0.1.jar new file mode 100644 index 0000000..e6d094a Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jakarta.json-2.0.1.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jakarta.mail-2.0.1.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jakarta.mail-2.0.1.jar new file mode 100644 index 0000000..17e07cc Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jakarta.mail-2.0.1.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/janino-3.1.10.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/janino-3.1.10.jar new file mode 100644 index 0000000..a876fbd Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/janino-3.1.10.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jsonapi-converter-0.13.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jsonapi-converter-0.13.jar new file mode 100644 index 0000000..36fbfb4 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jsonapi-converter-0.13.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jsr305-3.0.2.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jsr305-3.0.2.jar new file mode 100644 index 0000000..59222d9 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jsr305-3.0.2.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jul-to-slf4j-2.0.7.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jul-to-slf4j-2.0.7.jar new file mode 100644 index 0000000..11ed9ff Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/jul-to-slf4j-2.0.7.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/ldaptive-2.2.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/ldaptive-2.2.0.jar new file mode 100644 index 0000000..fafab70 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/ldaptive-2.2.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar new file mode 100644 index 0000000..45832c0 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/log4j-over-slf4j-2.0.7.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/log4j-over-slf4j-2.0.7.jar new file mode 100644 index 0000000..894ad61 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/log4j-over-slf4j-2.0.7.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/logback-classic-1.4.11.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/logback-classic-1.4.11.jar new file mode 100644 index 0000000..c6a0353 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/logback-classic-1.4.11.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/logback-core-1.4.11.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/logback-core-1.4.11.jar new file mode 100644 index 0000000..fa630c9 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/logback-core-1.4.11.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/metrics-core-4.2.19.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/metrics-core-4.2.19.jar new file mode 100644 index 0000000..e424746 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/metrics-core-4.2.19.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/metrics-json-4.2.19.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/metrics-json-4.2.19.jar new file mode 100644 index 0000000..6621aeb Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/metrics-json-4.2.19.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/metrics-jvm-4.2.19.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/metrics-jvm-4.2.19.jar new file mode 100644 index 0000000..2b1538e Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/metrics-jvm-4.2.19.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/micrometer-commons-1.10.9.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/micrometer-commons-1.10.9.jar new file mode 100644 index 0000000..5aab282 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/micrometer-commons-1.10.9.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/micrometer-observation-1.10.9.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/micrometer-observation-1.10.9.jar new file mode 100644 index 0000000..c1765b0 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/micrometer-observation-1.10.9.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-buffer-4.1.96.Final.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-buffer-4.1.96.Final.jar new file mode 100644 index 0000000..354486b Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-buffer-4.1.96.Final.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-codec-4.1.96.Final.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-codec-4.1.96.Final.jar new file mode 100644 index 0000000..7101971 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-codec-4.1.96.Final.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-common-4.1.96.Final.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-common-4.1.96.Final.jar new file mode 100644 index 0000000..c9eff76 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-common-4.1.96.Final.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-handler-4.1.96.Final.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-handler-4.1.96.Final.jar new file mode 100644 index 0000000..ec36faa Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-handler-4.1.96.Final.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-resolver-4.1.96.Final.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-resolver-4.1.96.Final.jar new file mode 100644 index 0000000..29e08ed Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-resolver-4.1.96.Final.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-4.1.96.Final.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-4.1.96.Final.jar new file mode 100644 index 0000000..ddf8deb Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-4.1.96.Final.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-classes-epoll-4.1.96.Final.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-classes-epoll-4.1.96.Final.jar new file mode 100644 index 0000000..dad7911 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-classes-epoll-4.1.96.Final.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-classes-kqueue-4.1.96.Final.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-classes-kqueue-4.1.96.Final.jar new file mode 100644 index 0000000..a5f6a8e Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-classes-kqueue-4.1.96.Final.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-native-epoll-4.1.96.Final-linux-aarch_64.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-native-epoll-4.1.96.Final-linux-aarch_64.jar new file mode 100644 index 0000000..b631cce Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-native-epoll-4.1.96.Final-linux-aarch_64.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-native-epoll-4.1.96.Final-linux-x86_64.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-native-epoll-4.1.96.Final-linux-x86_64.jar new file mode 100644 index 0000000..1252ab3 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-native-epoll-4.1.96.Final-linux-x86_64.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-native-kqueue-4.1.96.Final-osx-aarch_64.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-native-kqueue-4.1.96.Final-osx-aarch_64.jar new file mode 100644 index 0000000..c9d0213 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-native-kqueue-4.1.96.Final-osx-aarch_64.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-native-kqueue-4.1.96.Final-osx-x86_64.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-native-kqueue-4.1.96.Final-osx-x86_64.jar new file mode 100644 index 0000000..4ef4beb Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-native-kqueue-4.1.96.Final-osx-x86_64.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-native-unix-common-4.1.96.Final.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-native-unix-common-4.1.96.Final.jar new file mode 100644 index 0000000..f8dfc95 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/netty-transport-native-unix-common-4.1.96.Final.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-core-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-core-api-5.0.0.jar new file mode 100644 index 0000000..f2904fe Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-core-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-core-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-core-impl-5.0.0.jar new file mode 100644 index 0000000..c95d7f2 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-core-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-messaging-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-messaging-api-5.0.0.jar new file mode 100644 index 0000000..8416122 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-messaging-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-messaging-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-messaging-impl-5.0.0.jar new file mode 100644 index 0000000..5c3650d Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-messaging-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-profile-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-profile-api-5.0.0.jar new file mode 100644 index 0000000..c76ceff Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-profile-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-profile-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-profile-impl-5.0.0.jar new file mode 100644 index 0000000..a738b7f Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-profile-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-saml-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-saml-api-5.0.0.jar new file mode 100644 index 0000000..adc8114 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-saml-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-saml-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-saml-impl-5.0.0.jar new file mode 100644 index 0000000..394401c Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-saml-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-security-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-security-api-5.0.0.jar new file mode 100644 index 0000000..241f727 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-security-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-security-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-security-impl-5.0.0.jar new file mode 100644 index 0000000..054b998 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-security-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-soap-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-soap-api-5.0.0.jar new file mode 100644 index 0000000..7517aad Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-soap-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-soap-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-soap-impl-5.0.0.jar new file mode 100644 index 0000000..afa9a8a Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-soap-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-spring-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-spring-5.0.0.jar new file mode 100644 index 0000000..e927908 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-spring-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-storage-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-storage-api-5.0.0.jar new file mode 100644 index 0000000..33efa55 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-storage-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-storage-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-storage-impl-5.0.0.jar new file mode 100644 index 0000000..a36b309 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-storage-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-xmlsec-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-xmlsec-api-5.0.0.jar new file mode 100644 index 0000000..022b670 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-xmlsec-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-xmlsec-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-xmlsec-impl-5.0.0.jar new file mode 100644 index 0000000..eee6cb2 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/opensaml-xmlsec-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-api-5.0.0.jar new file mode 100644 index 0000000..22a36d6 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-filter-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-filter-api-5.0.0.jar new file mode 100644 index 0000000..2165593 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-filter-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-filter-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-filter-impl-5.0.0.jar new file mode 100644 index 0000000..58b0076 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-filter-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-filter-spring-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-filter-spring-5.0.0.jar new file mode 100644 index 0000000..8eb3118 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-filter-spring-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-impl-5.0.0.jar new file mode 100644 index 0000000..58b184f Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-resolver-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-resolver-api-5.0.0.jar new file mode 100644 index 0000000..52a7d74 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-resolver-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-resolver-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-resolver-impl-5.0.0.jar new file mode 100644 index 0000000..c73807e Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-resolver-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-resolver-spring-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-resolver-spring-5.0.0.jar new file mode 100644 index 0000000..1d8a4e1 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-attribute-resolver-spring-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-metadata-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-metadata-api-5.0.0.jar new file mode 100644 index 0000000..6737038 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-metadata-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-metadata-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-metadata-impl-5.0.0.jar new file mode 100644 index 0000000..af21162 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-metadata-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-metadata-spring-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-metadata-spring-5.0.0.jar new file mode 100644 index 0000000..b8cff51 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-metadata-spring-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-networking-9.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-networking-9.0.0.jar new file mode 100644 index 0000000..1546f93 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-networking-9.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-networking-spring-9.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-networking-spring-9.0.0.jar new file mode 100644 index 0000000..042fd83 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-networking-spring-9.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-profile-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-profile-api-5.0.0.jar new file mode 100644 index 0000000..f6a4d89 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-profile-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-profile-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-profile-impl-5.0.0.jar new file mode 100644 index 0000000..8a2abbb Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-profile-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-saml-attribute-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-saml-attribute-api-5.0.0.jar new file mode 100644 index 0000000..43cf985 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-saml-attribute-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-saml-attribute-impl-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-saml-attribute-impl-5.0.0.jar new file mode 100644 index 0000000..0b65d0f Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-saml-attribute-impl-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-saml-profile-api-5.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-saml-profile-api-5.0.0.jar new file mode 100644 index 0000000..6cf87cd Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-saml-profile-api-5.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-security-9.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-security-9.0.0.jar new file mode 100644 index 0000000..039d3b2 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-security-9.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-security-spring-9.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-security-spring-9.0.0.jar new file mode 100644 index 0000000..3a98139 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-security-spring-9.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-service-9.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-service-9.0.0.jar new file mode 100644 index 0000000..607ecdc Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-service-9.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-spring-9.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-spring-9.0.0.jar new file mode 100644 index 0000000..75f8899 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-spring-9.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-support-9.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-support-9.0.0.jar new file mode 100644 index 0000000..083378e Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-support-9.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-velocity-9.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-velocity-9.0.0.jar new file mode 100644 index 0000000..12fc8ee Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-velocity-9.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-velocity-spring-9.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-velocity-spring-9.0.0.jar new file mode 100644 index 0000000..83f7e61 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/shib-velocity-spring-9.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/slf4j-api-2.0.7.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/slf4j-api-2.0.7.jar new file mode 100644 index 0000000..be5447c Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/slf4j-api-2.0.7.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-aop-6.0.11.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-aop-6.0.11.jar new file mode 100644 index 0000000..b85ac74 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-aop-6.0.11.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-beans-6.0.11.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-beans-6.0.11.jar new file mode 100644 index 0000000..1d04717 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-beans-6.0.11.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-binding-3.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-binding-3.0.0.jar new file mode 100644 index 0000000..30411bd Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-binding-3.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-context-6.0.11.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-context-6.0.11.jar new file mode 100644 index 0000000..3cf20fd Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-context-6.0.11.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-core-6.0.11.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-core-6.0.11.jar new file mode 100644 index 0000000..aa98cb5 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-core-6.0.11.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-expression-6.0.11.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-expression-6.0.11.jar new file mode 100644 index 0000000..b7ec1ec Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-expression-6.0.11.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-jcl-6.0.11.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-jcl-6.0.11.jar new file mode 100644 index 0000000..634f654 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-jcl-6.0.11.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-web-6.0.11.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-web-6.0.11.jar new file mode 100644 index 0000000..45d0248 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-web-6.0.11.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-webflow-3.0.0.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-webflow-3.0.0.jar new file mode 100644 index 0000000..749e092 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-webflow-3.0.0.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-webmvc-6.0.11.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-webmvc-6.0.11.jar new file mode 100644 index 0000000..8dc88a0 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spring-webmvc-6.0.11.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spymemcached-2.12.3.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spymemcached-2.12.3.jar new file mode 100644 index 0000000..5635944 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/spymemcached-2.12.3.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/velocity-engine-core-2.3.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/velocity-engine-core-2.3.jar new file mode 100644 index 0000000..879a7b4 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/velocity-engine-core-2.3.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/xmlsec-3.0.2.jar b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/xmlsec-3.0.2.jar new file mode 100644 index 0000000..aca0482 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/lib/xmlsec-3.0.2.jar differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/spring.tld b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/spring.tld new file mode 100644 index 0000000..33eeaf1 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/spring.tld @@ -0,0 +1,467 @@ + + + + Spring Framework JSP Tag Library + 4.0 + spring + http://www.springframework.org/tags + + + Sets default HTML escape value for the current page. + Overrides a "defaultHtmlEscape" context-param in web.xml, if any. + htmlEscape + org.springframework.web.servlet.tags.HtmlEscapeTag + JSP + + Set the default value for HTML escaping, to be put + into the current PageContext. + defaultHtmlEscape + true + true + + + + + Escapes its enclosed body content, applying HTML escaping and/or JavaScript + escaping. The HTML escaping flag participates in a page-wide or application-wide setting + (i.e. by HtmlEscapeTag or a "defaultHtmlEscape" context-param in web.xml). + escapeBody + org.springframework.web.servlet.tags.EscapeBodyTag + JSP + + Set HTML escaping for this tag, as boolean value. Overrides the + default HTML escaping setting for the current page. + htmlEscape + false + true + + + Set JavaScript escaping for this tag, as boolean value. + Default is 'false'. + javaScriptEscape + false + true + + + + + Retrieves the message with the given code, or text if code isn't resolvable. + The HTML escaping flag participates in a page-wide or application-wide setting + (i.e. by HtmlEscapeTag or a "defaultHtmlEscape" context-param in web.xml). + message + org.springframework.web.servlet.tags.MessageTag + JSP + + A MessageSourceResolvable argument (direct or through JSP EL). + Fits nicely when used in conjunction with Spring's own validation error classes + which all implement the MessageSourceResolvable interface. For example, this + allows you to iterate over all of the errors in a form, passing each error + (using a runtime expression) as the value of this 'message' attribute, thus + effecting the easy display of such error messages. + message + false + true + + + The code (key) to use when looking up the message. + If code is not provided, the text attribute will be used. + code + false + true + + + Set optional message arguments for this tag, as a (comma-) + delimited String (each String argument can contain JSP EL), an Object array + (used as argument array), or a single Object (used as single argument). + You can additionally use nested spring:argument tags. + arguments + false + true + + + The separator character to be used for splitting the + arguments string value; defaults to a 'comma' (','). + argumentSeparator + false + true + + + Default text to output when a message for the given code + could not be found. If both text and code are not set, the tag will + output null. + text + false + true + + + The string to use when binding the result to the page, + request, session or application scope. If not specified, the result + gets outputted to the writer (i.e. typically directly to the JSP). + var + false + true + + + The scope to use when exporting the result to a variable. + This attribute is only used when var is also set. Possible values are + page, request, session and application. + scope + false + true + + + Set HTML escaping for this tag, as boolean value. + Overrides the default HTML escaping setting for the current page. + htmlEscape + false + true + + + Set JavaScript escaping for this tag, as boolean value. + Default is 'false'. + javaScriptEscape + false + true + + + + + Retrieves the theme message with the given code, or text if code isn't + resolvable. The HTML escaping flag participates in a page-wide or application-wide setting + (i.e. by HtmlEscapeTag or a "defaultHtmlEscape" context-param in web.xml). + theme + org.springframework.web.servlet.tags.ThemeTag + JSP + + A MessageSourceResolvable argument (direct or through JSP EL). + message + false + true + + + The code (key) to use when looking up the message. + If code is not provided, the text attribute will be used. + code + false + true + + + Set optional message arguments for this tag, as a (comma-) + delimited String (each String argument can contain JSP EL), an Object array + (used as argument array), or a single Object (used as single argument). + You can additionally use nested spring:argument tags. + arguments + false + true + + + The separator character to be used for splitting the + arguments string value; defaults to a 'comma' (','). + argumentSeparator + false + true + + + Default text to output when a message for the given code + could not be found. If both text and code are not set, the tag will + output null. + text + false + true + + + The string to use when binding the result to the page, + request, session or application scope. If not specified, the result + gets outputted to the writer (i.e. typically directly to the JSP). + var + false + true + + + The scope to use when exporting the result to a variable. + This attribute is only used when var is also set. Possible values are + page, request, session and application. + scope + false + true + + + Set HTML escaping for this tag, as boolean value. + Overrides the default HTML escaping setting for the current page. + htmlEscape + false + true + + + Set JavaScript escaping for this tag, as boolean value. + Default is 'false'. + javaScriptEscape + false + true + + + + + Argument tag based on the JSTL fmt:param tag. The purpose is to + support arguments inside the spring:message and spring:theme tags. + argument + org.springframework.web.servlet.tags.ArgumentTag + JSP + + The value of the argument. + value + false + true + java.lang.Object + + + + + Provides Errors instance in case of bind errors. The HTML escaping + flag participates in a page-wide or application-wide setting (i.e. by HtmlEscapeTag + or a "defaultHtmlEscape" context-param in web.xml). + hasBindErrors + org.springframework.web.servlet.tags.BindErrorsTag + JSP + + errors + org.springframework.validation.Errors + + + The name of the bean in the request, that needs to be + inspected for errors. If errors are available for this bean, they + will be bound under the 'errors' key. + name + true + true + + + Set HTML escaping for this tag, as boolean value. + Overrides the default HTML escaping setting for the current page. + htmlEscape + false + true + + + + + Sets a nested path to be used by the bind tag's path. + nestedPath + org.springframework.web.servlet.tags.NestedPathTag + JSP + + nestedPath + java.lang.String + + + Set the path that this tag should apply. E.g. 'customer' + to allow bind paths like 'address.street' rather than + 'customer.address.street'. + path + true + true + + + + + Provides BindStatus object for the given bind path. The HTML escaping + flag participates in a page-wide or application-wide setting (i.e. by HtmlEscapeTag + or a "defaultHtmlEscape" context-param in web.xml). + bind + org.springframework.web.servlet.tags.BindTag + JSP + + status + org.springframework.web.servlet.support.BindStatus + + + The path to the bean or bean property to bind status + information for. For instance account.name, company.address.zipCode + or just employee. The status object will exported to the page scope, + specifically for this bean or bean property. + path + true + true + + + Set whether to ignore a nested path, if any. + Default is to not ignore. + ignoreNestedPath + false + true + + + Set HTML escaping for this tag, as boolean value. Overrides + the default HTML escaping setting for the current page. + htmlEscape + false + true + + + + + Provides transformation of variables to Strings, using an appropriate + custom PropertyEditor from BindTag (can only be used inside BindTag). The HTML + escaping flag participates in a page-wide or application-wide setting (i.e. by + HtmlEscapeTag or a 'defaultHtmlEscape' context-param in web.xml). + transform + org.springframework.web.servlet.tags.TransformTag + JSP + + The value to transform. This is the actual object you want + to have transformed (for instance a Date). Using the PropertyEditor that + is currently in use by the 'spring:bind' tag. + value + true + true + + + The string to use when binding the result to the page, + request, session or application scope. If not specified, the result gets + outputted to the writer (i.e. typically directly to the JSP). + var + false + true + + + The scope to use when exported the result to a variable. + This attribute is only used when var is also set. Possible values are + page, request, session and application. + scope + false + true + + + Set HTML escaping for this tag, as boolean value. Overrides + the default HTML escaping setting for the current page. + htmlEscape + false + true + + + + + URL tag based on the JSTL c:url tag. This variant is fully + backwards compatible with the standard tag. Enhancements include support + for URL template parameters. + url + org.springframework.web.servlet.tags.UrlTag + JSP + + The URL to build. This value can include template place holders + that are replaced with the URL encoded value of the named parameter. Parameters + must be defined using the param tag inside the body of this tag. + value + true + true + + + Specifies a remote application context path. The default is the + current application context path. + context + false + true + + + The name of the variable to export the URL value to. + var + false + true + + + The scope for the var. 'application', 'session', 'request' and + 'page' scopes are supported. Defaults to page scope. This attribute has no + effect unless the var attribute is also defined. + scope + false + true + + + Set HTML escaping for this tag, as a boolean value. Overrides the + default HTML escaping setting for the current page. + htmlEscape + false + true + + + Set JavaScript escaping for this tag, as a boolean value. + Default is 'false'. + javaScriptEscape + false + true + + + + + Parameter tag based on the JSTL c:param tag. The sole purpose is to + support params inside the spring:url tag. + param + org.springframework.web.servlet.tags.ParamTag + JSP + + The name of the parameter. + name + true + true + + + The value of the parameter. + value + false + true + + + + + Evaluates a Spring expression (SpEL) and either prints the result + or assigns it to a variable. + eval + org.springframework.web.servlet.tags.EvalTag + JSP + + The expression to evaluate. + expression + true + true + + + The name of the variable to export the evaluation result to. + var + false + true + + + The scope for the var. 'application', 'session', 'request' and + 'page' scopes are supported. Defaults to page scope. This attribute has no + effect unless the var attribute is also defined. + scope + false + true + + + Set HTML escaping for this tag, as a boolean value. Overrides the + default HTML escaping setting for the current page. + htmlEscape + false + true + + + Set JavaScript escaping for this tag, as a boolean value. + Default is 'false'. + javaScriptEscape + false + true + + + + + Helps to prepare a URL to a Spring MVC controller method. + mvcUrl + org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBuilder + org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBuilder.MethodArgumentBuilder fromMappingName(java.lang.String) + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/web.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/web.xml new file mode 100644 index 0000000..13335b2 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/WEB-INF/web.xml @@ -0,0 +1,150 @@ + + + + Shibboleth Identity Provider + + + + + + net.shibboleth.idp.registerSpringConfig + true + + + + + net.shibboleth.idp.registerFilterChain + true + + + + + net.shibboleth.idp.registerIdPServlet + true + + + + + net.shibboleth.idp.registerRemoteUserServlet + true + + + net.shibboleth.idp.registerX509Servlet + true + + + + + net.shibboleth.idp.registerMetadataServlet + true + + + + + net.shibboleth.idp.authn.ExternalAuthenticationException + /profile/RaiseError + + + + 15 + + + __Host-JSESSIONID + / + true + true + + COOKIE + + + + + + Non-API Content + /* + GET + HEAD + OPTIONS + POST + + + + + + + + Non-API Content + /* + GET + HEAD + OPTIONS + POST + + + + + + + + Administrative APIs + /profile/admin/* + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/css/logout.css b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/css/logout.css new file mode 100644 index 0000000..5cd06c1 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/css/logout.css @@ -0,0 +1,20 @@ +/* Success/Failure indicators for logout propagation. */ +ol li:before { + content: '' +} +li.logout { + line-height: 36px; + padding-left: 36px; +} +li.logout.success { + background: url(../images/success-32x32.png) no-repeat left center; +} +li.logout.failure { + background: url(../images/failure-32x32.png) no-repeat left center; +} +li.logout.pending{ + +} +li.logout.na { + background: url(../images/failure-32x32.png) no-repeat left center; +} diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/css/placeholder.css b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/css/placeholder.css new file mode 100644 index 0000000..c1dbe1c --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/css/placeholder.css @@ -0,0 +1,802 @@ +/* Colours pallet + +To change the colours, use find and replace with the values below: + + #ECEFF1 - Body background, header / section border, read only / disabled input fields. + + #1534E3 - Links, buttons, list items, selected radio, selected checkbox. + + #1A237E - Hover buttons. + + #32424A - Body text, input fields border. + + #7A2D00 - Output message. + + #B50024 - Error messages / fields. + + #1C7D40 - Success messages / fields. + + #999999 - read only / disabled input fields. + +*/ + +html, html * { + margin: 0; + padding: 0; + border: 0; + font-size: 100%; + font: inherit; + vertical-align: baseline; + box-sizing: border-box; + background: none; + background-repeat: no-repeat; + background-position: left top; + border: 0; + outline: 0; +} + +html { + height: 100%; +} + +/* HTML5 display-role reset for older browsers */ +article, aside, details, figcaption, figure, footer, header, hgroup, menu, nav, section, main { + display: block; +} + +/* Default document styles - fonts, font sizes, text colours, font weight */ +body { + font-family: Segoe UI, Helvetica, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol; + font-size: 16px; + font-size: 1rem; + line-height: 24px; + line-height: 1.5rem; + color: #32424a; + font-weight: 400; + max-width: 3000px; + margin: 0 auto; + background-color: #eceff1; + padding: 24px; +} + +/* Links */ +a[href] { + text-decoration: none; + color: #1534e3; +} + +/* Link hover states */ +a[href]:hover, a[href]:active, a[href]:focus { + text-decoration: underline; + color: #1534e3; +} + +/* Heading styles */ +h1 { + font-size: 24px; + font-size: 1.5rem; + line-height: 28px; + line-height: 1.75rem; + font-weight: 700; +} + +h2 { + font-size: 20px; + font-size: 1.25rem; + line-height: 25px; + line-height: 1.5rem; + font-weight: 400; +} + +h3 { + font-size: 16px; + font-size: 1rem; + line-height: 22px; + line-height: 1.375rem; + font-weight: 700; +} + +h4 { + font-size: 14px; + font-size: 0.875rem; + line-height: 18px; + line-height: 1.125rem; + font-weight: 700; + margin-bottom: 0.5em; +} + +h5 { + font-size: 14px; + font-size: 0.875rem; + line-height: 18px; + line-height: 1.125rem; + font-weight: 400; +} + +h1, h2, h3, h4, h5, h6, p { + margin-bottom: 1em; +} + +h1:last-child, h2:last-child, h3:last-child, h4:last-child, h5:last-child, h6:last-child, p:last-child { + margin-bottom: 0px; +} + +/* List styles */ +ol, ul { + list-style: none; + margin: 20px 0; +} + +ol:before, ol:after, +ul:before, ul:after { + content: " "; + display: table; +} + +ol:after, +ul:after { + clear: both; +} + +ol:last-child, +ul:last-child { + margin-bottom: 0px; +} + +ol:first-child, +ul:first-child { + margin-top: 0px; +} + +ul li { + padding-left: 22px; + margin-bottom: 4px; + position: relative; + list-style: none; +} + +ul li:last-child { + margin-bottom: 0px; +} + +ul li:before { + content: ''; + -webkit-border-radius: 2px; + -ms-border-radius: 2px; + -moz-border-radius: 2px; + -o-border-radius: 2px; + border-radius: 2px; + background-color: #1534e3; + height: 7px; + width: 7px; + display: block; + position: absolute; + left: 0; + top: 7px; +} + +ol { + counter-reset: item; +} + +ol li { + padding-left: 22px; + margin-bottom: 10px; + position: relative; + list-style: none; +} + +ol li:last-child { + margin-bottom: 0px; +} + +ol li:before { + color: #1534e3; + position: absolute; + left: 0; + content: counter(item) ". "; + counter-increment: item; + font-weight: 700; + top: 1px; +} + +ol li:nth-child(n+10) { + padding-left: 30px; +} + +ol li:nth-child(n+100) { + padding-left: 38px; +} + +hr { + width: 100%; + clear: both; + border: 0; + outline: 0; + background-color: #eceff1; + height: 1px; + display: block; + margin: 30px 0; +} + +b, strong { + font-weight: 700; +} + +i, em { + font-style: italic; +} + +small { + font-size: 0.8em; +} + +big { + font-size: 1.2em; +} + +.cc { + clear: both; + margin: 0 auto; + width: 100%; + max-width: 649px; + padding: 0 0; +} + +.cc:before, .cc:after { + content: " "; + display: table; +} + +.cc:after { + clear: both; +} + +img { + max-width: 100%; + height: auto; +} + +/* Main content area */ +main { + clear: both; + margin: 0 auto; + width: 100%; + max-width: 800px; + background-color: #fff; + -webkit-border-radius: 8px; + -ms-border-radius: 8px; + -moz-border-radius: 8px; + -o-border-radius: 8px; + border-radius: 8px; + -webkit-box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11); + -ms-box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11); + -moz-box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11); + -o-box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11); + box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11); +} + +/* Add a border top when 2 sections are together */ +main section + section { + border-top: 1px solid #eceff1; +} + +/* Header */ +header { + display: block; /* Change to display: none to hide */ + border-bottom: 1px solid #eceff1; + text-align: center; + padding: 6% 8%; +} + +header .main-logo { + display: block; + margin: 0 auto; +} + +.service-logo { + display: block; + margin: 24px 0; +} + +section { + padding: 4% 8% 4% 8%; +} + +/* Output Messages */ +.output-message { + font-size: 14px; + font-size: 0.875rem; + line-height: 18px; + line-height: 1.125rem; + font-style: italic; + -webkit-border-radius: 4px; + -ms-border-radius: 4px; + -moz-border-radius: 4px; + -o-border-radius: 4px; + border-radius: 4px; + background-color: #FFD8C2; + display: block; + padding: 4%; + margin-bottom: 20px; + color: #7A2D00; +} + +.output-message:last-child { + margin-bottom: 0px; +} + +/* Output Message Success */ +.output-message.output--success { + background-color: #DCF9E7; + color: #1C7D40; +} + +/* Output Message Error */ +.output-message.output--error { + background-color: #FFF0F3; + color: #B50024; +} + +.boxed { + -webkit-border-radius: 4px; + -ms-border-radius: 4px; + -moz-border-radius: 4px; + -o-border-radius: 4px; + border-radius: 4px; + -webkit-box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11); + -ms-box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11); + -moz-box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11); + -o-box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11); + box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11); + background-color: #fff; + padding: 6%; + margin: 30px 0; +} + +.boxed:last-child { + margin-bottom: 0px; +} + +.boxed:first-child { + margin-top: 0px; +} + +/* Footer style */ +footer { + z-index: 1; + position: relative; + text-align: center; + margin-top: 20px; + font-size: 12px; + font-size: 0.75rem; + line-height: 16px; + line-height: 1rem; +} + +/* Forms styles */ +fieldset { + display: block; + margin-bottom: 20px; +} + +fieldset:last-child { + margin-bottom: 0px; +} + +fieldset .field-validation { + display: block; + margin-top: 10px; +} + +fieldset .error { + color: #B50024; +} + +fieldset legend span { + display: block; + text-indent: 100%; + white-space: nowrap; + overflow: hidden; + height: 0; +} + +/* Form labels */ +label { + vertical-align: top; + font-size: 14px; + font-size: 0.875rem; + line-height: 18px; + line-height: 1.125rem; + font-weight: 700; + display: block; + color: #32424a; + margin-bottom: 6px; +} + +label:focus { + color: #1534E3; +} + +/* Form input fields */ +input[type="text"], +input[type="email"], +input[type="password"], +input[type="telephone"], +input[type="tel"], +input[type="url"], +textarea, +select { + background-color: #fff; + border: 2px solid #32424a; + -webkit-transition: all 0.3s ease-in-out; + -moz-transition: all 0.3s ease-in-out; + -ms-transition: all 0.3s ease-in-out; + -o-transition: all 0.3s ease-in-out; + transition: all 0.3s ease-in-out; + color: #32424a; + padding: 13px 20px; + display: block; + width: 100%; + -webkit-appearance: none; + -ms-appearance: none; + -moz-appearance: none; + -o-appearance: none; + appearance: none; + -webkit-border-radius: 4px; + -ms-border-radius: 4px; + -moz-border-radius: 4px; + -o-border-radius: 4px; + border-radius: 4px; +} + +/* Form input focus */ +input[type="text"]:focus, +input[type="email"]:focus, +input[type="password"]:focus, +input[type="telephone"]:focus, +input[type="tel"]:focus, +input[type="url"]:focus, +textarea:focus, +select:focus, +input[type="text"]:active, +input[type="email"]:active, +input[type="password"]:active, +input[type="telephone"]:active, +input[type="tel"]:active, +input[type="url"]:active, +textarea:active, +select:active { + border-color: #1534e3; + background-color: #fff; +} + +/* Form input errors */ +input[type="text"].error, +input[type="email"].error, +input[type="password"].error, +input[type="telephone"].error, +input[type="tel"].error, +input[type="url"].error, +textarea.error, +select.error { + border-color: #B50024; +} + +/* Form input read only / disabled */ +input[type="text"]:read-only, +input[type="email"]:read-only, +input[type="password"]:read-only, +input[type="telephone"]:read-only, +input[type="tel"]:read-only, +input[type="url"]:read-only, +textarea:read-only, +select:read-only, +input[type="text"]:disabled, +input[type="email"]:disabled, +input[type="password"]:disabled, +input[type="telephone"]:disabled, +input[type="tel"]:disabled, +input[type="url"]:disabled, +textarea:disabled, +select:disabled { + background-color: #ECEFF1; + pointer-events: none; +} + +/* Text areas */ +textarea { + height: 124px; + resize: none; +} + + +/* Dropdowns */ +select { + -webkit-appearance: auto; + -ms-appearance: auto; + -moz-appearance: auto; + -o-appearance: auto; + appearance: auto; +} + +select:read-only { + background-color: #fff; + pointer-events: unset; +} + +select::-ms-expand { + display: none; +} + +/* Checkboxes / Radio buttons */ +input[type="checkbox"], input[type="radio"] { + position : absolute; + opacity: 0; + height: 0; + width: 0; +} + +input[type="checkbox"] + label, input[type="radio"] + label { + display: block; + font-weight: 400; + font-size: 16px; + font-size: 1rem; + line-height: 24px; + line-height: 1.5rem; + cursor: pointer; + position: relative; + padding-left: 30px; + padding-top: 3px; + margin-bottom: 4px; + margin-right: 12px; + display: inline-block; +} + +input[type="checkbox"] + label:before, input[type="radio"] + label:before { + content: ""; + position: absolute; + top: 2px; + left: 0; + height: 20px; + width: 20px; + background-color: #fff; + border: 2px solid #32424a; + -webkit-transition: all 0.2s ease-out; + -ms-transition: all 0.2s ease-out; + -moz-transition: all 0.2s ease-out; + -o-transition: all 0.2s ease-out; + transition: all 0.2s ease-out; +} + +input[type="checkbox"] + label:after, input[type="radio"] + label:after { + content: ""; + position: absolute; + -webkit-transform: rotate(45deg); + -ms-transform: rotate(45deg); + -moz-transform: rotate(45deg); + -o-transform: rotate(45deg); + transform: rotate(45deg); + display: none; +} + +input[type="checkbox"]:checked + label, input[type="radio"]:checked + label, +input[type="checkbox"]:focus + label, input[type="radio"]:focus + label { + color: #1534e3; +} + +input[type="checkbox"]:checked + label:before, input[type="radio"]:checked + label:before, +input[type="checkbox"]:focus + label:before, input[type="radio"]:focus + label:before { + border-color: #1534e3; +} + +input[type="checkbox"]:checked + label:after, input[type="radio"]:checked + label:after { + display: block; +} + +input[type="checkbox"] + label:before { + -webkit-border-radius: 4px; + -ms-border-radius: 4px; + -moz-border-radius: 4px; + -o-border-radius: 4px; + border-radius: 4px; +} + +input[type="checkbox"] + label:after { + left: 8px; + top: 5px; + width: 4px; + height: 10px; + border: solid #1534e3; + border-width: 0 4px 4px 0; +} + +input[type="radio"] + label:before { + -webkit-border-radius: 100%; + -ms-border-radius: 100%; + -moz-border-radius: 100%; + -o-border-radius: 100%; + border-radius: 100%; +} + +input[type="radio"] + label:after { + background-color: #1534e3; + height: 12px; + width: 12px; + -webkit-border-radius: 100%; + -ms-border-radius: 100%; + -moz-border-radius: 100%; + -o-border-radius: 100%; + border-radius: 100%; + left: 6px; + top: 8px; +} + +/* Buttons / Submit buttons */ +button, input[type=button], +input[type=submit], +a.button, +.button { + display: inline-block; + text-align: center; + background-color: #1534e3; + border: 4px solid #1534e3; + font-weight: 700; + padding: 11px 74px; + cursor: pointer; + color: #fff; + -webkit-appearance: none; + -ms-appearance: none; + -moz-appearance: none; + -o-appearance: none; + appearance: none; + -webkit-border-radius: 4px; + -ms-border-radius: 4px; + -moz-border-radius: 4px; + -o-border-radius: 4px; + border-radius: 4px; + -webkit-transition: all 0.2s ease-out; + -ms-transition: all 0.2s ease-out; + -moz-transition: all 0.2s ease-out; + -o-transition: all 0.2s ease-out; + transition: all 0.2s ease-out; +} + +/* Button hover & focus states */ +button:hover, +input[type=button]:hover, +input[type=submit]:hover, +a.button:hover, +.button:hover, +button:focus, +input[type=button]:focus, +input[type=submit]:focus, +a.button:focus, +.button:focus { + background: #1a237e; + color: #fff !important; + text-decoration: none !important; + border-color: #1a237e; +} + +/* Secondary button styles */ +button.button--secondary, +input[type=button].button--secondary, +input[type=submit].button--secondary, +a.button.button--secondary, +.button.button--secondary { + background-color: transparent; + border-color: #1534e3; + color: #1534e3; +} + +/* Secondary button hover & focus states */ +button.button--secondary:hover, +input[type=button].button--secondary:hover, +input[type=submit].button--secondary:hover, +a.button.button--secondary:hover, +.button.button--secondary:hover, +button.button--secondary:focus, +input[type=button].button--secondary:focus, +input[type=submit].button--secondary:focus, +a.button.button--secondary:focus, +.button.button--secondary:focus { + background: #1a237e; + border-color: #1a237e; +} + +/* Secondary button disabled states */ +button.button--secondary:disabled, +input[type=button].button--secondary:disabled, +input[type=submit].button--secondary:disabled, +a.button.button--secondary:disabled, +.button.button--secondary:disabled { + background-color: transparent; + color: #999999; +} + +/* Full width buttons */ +button.button--full, +input[type=button].button--full, +input[type=submit].button--full, +a.button.button--full, +.button.button--full { + width: 100%; + padding-left: 30px; + padding-right: 30px; +} + +/* Button disabled states */ +button:disabled, +input[type=button]:disabled, +input[type=submit]:disabled, +a.button:disabled, +.button:disabled { + pointer-events: none; + background-color: #999999; + border-color: #999999; +} + +/* Placeholder styles */ +::-webkit-input-placeholder { + color: #a9b0b4; +} + +:-moz-placeholder { + color: #a9b0b4; +} + +::-moz-placeholder { + color: #a9b0b4; +} + +:-ms-input-placeholder { + color: #a9b0b4; +} + +.grid { + margin-top: 12px; +} + +/* Grid (used for 2 columns) */ +.grid:before, .grid:after { + content: " "; + display: table; +} + +.grid:after { + clear: both; +} + +.grid > .grid-item { + margin-bottom: 18px; + min-height: 1px; + width: 100%; +} + +.grid:last-child > .item:last-child { + margin-bottom: 0px; +} + +@media screen and (min-width: 760px) { + + .grid.md-2 > .grid-item { + float: left; + width: 48.34436%; + margin-right: 3.31126%; + } + + .grid.md-2 > .grid-item:nth-child(n), .grid.md-2 > .grid-item:nth-of-type(n) { + margin-right: 3.31126%; + clear: none; + } + + .grid.md-2 > .grid-item:nth-child(2n) { + margin-right: 0; + } + + .grid.md-2 > .grid-item:nth-child(2n+1) { + clear: both; + } + +} diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/images/failure-32x32.png b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/images/failure-32x32.png new file mode 100644 index 0000000..3c48e46 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/images/failure-32x32.png differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/images/placeholder-logo.png b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/images/placeholder-logo.png new file mode 100644 index 0000000..f5807ed Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/images/placeholder-logo.png differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/images/success-32x32.png b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/images/success-32x32.png new file mode 100644 index 0000000..aa51204 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/images/success-32x32.png differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/index.jsp b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/index.jsp new file mode 100644 index 0000000..087cee2 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/index.jsp @@ -0,0 +1,31 @@ +<%@ page pageEncoding="UTF-8" %> +<%@ taglib uri="http://www.springframework.org/tags" prefix="spring" %> + + + + + <spring:message code="root.title" text="Shibboleth IdP" /> + "> + + + +
+
+
+ " alt=""> +
+ +
+

+
+
+ +
+
+

+
+
+
+ + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/js/jquery-3.6.0.min.js b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/js/jquery-3.6.0.min.js new file mode 100644 index 0000000..c4c6022 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/dist/webapp/js/jquery-3.6.0.min.js @@ -0,0 +1,2 @@ +/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */ +!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.6.0",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0+~]|"+M+")"+M+"*"),U=new RegExp(M+"|>"),X=new RegExp(F),V=new RegExp("^"+I+"$"),G={ID:new RegExp("^#("+I+")"),CLASS:new RegExp("^\\.("+I+")"),TAG:new RegExp("^("+I+"|[*])"),ATTR:new RegExp("^"+W),PSEUDO:new RegExp("^"+F),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+R+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Y=/HTML$/i,Q=/^(?:input|select|textarea|button)$/i,J=/^h\d$/i,K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10|55296,1023&n|56320))},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ie=function(e,t){return t?"\0"===e?"\ufffd":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e},oe=function(){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(p.childNodes),p.childNodes),t[p.childNodes.length].nodeType}catch(e){H={apply:t.length?function(e,t){L.apply(e,O.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function se(t,e,n,r){var i,o,a,s,u,l,c,f=e&&e.ownerDocument,p=e?e.nodeType:9;if(n=n||[],"string"!=typeof t||!t||1!==p&&9!==p&&11!==p)return n;if(!r&&(T(e),e=e||C,E)){if(11!==p&&(u=Z.exec(t)))if(i=u[1]){if(9===p){if(!(a=e.getElementById(i)))return n;if(a.id===i)return n.push(a),n}else if(f&&(a=f.getElementById(i))&&y(e,a)&&a.id===i)return n.push(a),n}else{if(u[2])return H.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&&d.getElementsByClassName&&e.getElementsByClassName)return H.apply(n,e.getElementsByClassName(i)),n}if(d.qsa&&!N[t+" "]&&(!v||!v.test(t))&&(1!==p||"object"!==e.nodeName.toLowerCase())){if(c=t,f=e,1===p&&(U.test(t)||z.test(t))){(f=ee.test(t)&&ye(e.parentNode)||e)===e&&d.scope||((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=S)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{return H.apply(n,f.querySelectorAll(c)),n}catch(e){N(t,!0)}finally{s===S&&e.removeAttribute("id")}}}return g(t.replace($,"$1"),e,n,r)}function ue(){var r=[];return function e(t,n){return r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[S]=!0,e}function ce(e){var t=C.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function fe(e,t){var n=e.split("|"),r=n.length;while(r--)b.attrHandle[n[r]]=t}function pe(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&e.sourceIndex-t.sourceIndex;if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function de(t){return function(e){return"input"===e.nodeName.toLowerCase()&&e.type===t}}function he(n){return function(e){var t=e.nodeName.toLowerCase();return("input"===t||"button"===t)&&e.type===n}}function ge(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.isDisabled!==!t&&ae(e)===t:e.disabled===t:"label"in e&&e.disabled===t}}function ve(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument||e).documentElement;return!Y.test(t||n&&n.nodeName||"HTML")},T=se.setDocument=function(e){var t,n,r=e?e.ownerDocument||e:p;return r!=C&&9===r.nodeType&&r.documentElement&&(a=(C=r).documentElement,E=!i(C),p!=C&&(n=C.defaultView)&&n.top!==n&&(n.addEventListener?n.addEventListener("unload",oe,!1):n.attachEvent&&n.attachEvent("onunload",oe)),d.scope=ce(function(e){return a.appendChild(e).appendChild(C.createElement("div")),"undefined"!=typeof e.querySelectorAll&&!e.querySelectorAll(":scope fieldset div").length}),d.attributes=ce(function(e){return e.className="i",!e.getAttribute("className")}),d.getElementsByTagName=ce(function(e){return e.appendChild(C.createComment("")),!e.getElementsByTagName("*").length}),d.getElementsByClassName=K.test(C.getElementsByClassName),d.getById=ce(function(e){return a.appendChild(e).id=S,!C.getElementsByName||!C.getElementsByName(S).length}),d.getById?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((n=o.getAttributeNode("id"))&&n.value===e)return[o];i=t.getElementsByName(e),r=0;while(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=d.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):d.qsa?t.querySelectorAll(e):void 0}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},b.find.CLASS=d.getElementsByClassName&&function(e,t){if("undefined"!=typeof t.getElementsByClassName&&E)return t.getElementsByClassName(e)},s=[],v=[],(d.qsa=K.test(C.querySelectorAll))&&(ce(function(e){var t;a.appendChild(e).innerHTML="",e.querySelectorAll("[msallowcapture^='']").length&&v.push("[*^$]="+M+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||v.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+S+"-]").length||v.push("~="),(t=C.createElement("input")).setAttribute("name",""),e.appendChild(t),e.querySelectorAll("[name='']").length||v.push("\\["+M+"*name"+M+"*="+M+"*(?:''|\"\")"),e.querySelectorAll(":checked").length||v.push(":checked"),e.querySelectorAll("a#"+S+"+*").length||v.push(".#.+[+~]"),e.querySelectorAll("\\\f"),v.push("[\\r\\n\\f]")}),ce(function(e){e.innerHTML="";var t=C.createElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&v.push("name"+M+"*[*^$|!~]?="),2!==e.querySelectorAll(":enabled").length&&v.push(":enabled",":disabled"),a.appendChild(e).disabled=!0,2!==e.querySelectorAll(":disabled").length&&v.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),v.push(",.*:")})),(d.matchesSelector=K.test(c=a.matches||a.webkitMatchesSelector||a.mozMatchesSelector||a.oMatchesSelector||a.msMatchesSelector))&&ce(function(e){d.disconnectedMatch=c.call(e,"*"),c.call(e,"[s!='']:x"),s.push("!=",F)}),v=v.length&&new RegExp(v.join("|")),s=s.length&&new RegExp(s.join("|")),t=K.test(a.compareDocumentPosition),y=t||K.test(a.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},j=t?function(e,t){if(e===t)return l=!0,0;var n=!e.compareDocumentPosition-!t.compareDocumentPosition;return n||(1&(n=(e.ownerDocument||e)==(t.ownerDocument||t)?e.compareDocumentPosition(t):1)||!d.sortDetached&&t.compareDocumentPosition(e)===n?e==C||e.ownerDocument==p&&y(p,e)?-1:t==C||t.ownerDocument==p&&y(p,t)?1:u?P(u,e)-P(u,t):0:4&n?-1:1)}:function(e,t){if(e===t)return l=!0,0;var n,r=0,i=e.parentNode,o=t.parentNode,a=[e],s=[t];if(!i||!o)return e==C?-1:t==C?1:i?-1:o?1:u?P(u,e)-P(u,t):0;if(i===o)return pe(e,t);n=e;while(n=n.parentNode)a.unshift(n);n=t;while(n=n.parentNode)s.unshift(n);while(a[r]===s[r])r++;return r?pe(a[r],s[r]):a[r]==p?-1:s[r]==p?1:0}),C},se.matches=function(e,t){return se(e,null,null,t)},se.matchesSelector=function(e,t){if(T(e),d.matchesSelector&&E&&!N[t+" "]&&(!s||!s.test(t))&&(!v||!v.test(t)))try{var n=c.call(e,t);if(n||d.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(e){N(t,!0)}return 0":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(te,ne),e[3]=(e[3]||e[4]||e[5]||"").replace(te,ne),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||se.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&se.error(e[0]),e},PSEUDO:function(e){var t,n=!e[6]&&e[2];return G.CHILD.test(e[0])?null:(e[3]?e[2]=e[4]||e[5]||"":n&&X.test(n)&&(t=h(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(te,ne).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=m[e+" "];return t||(t=new RegExp("(^|"+M+")"+e+"("+M+"|$)"))&&m(e,function(e){return t.test("string"==typeof e.className&&e.className||"undefined"!=typeof e.getAttribute&&e.getAttribute("class")||"")})},ATTR:function(n,r,i){return function(e){var t=se.attr(e,n);return null==t?"!="===r:!r||(t+="","="===r?t===i:"!="===r?t!==i:"^="===r?i&&0===t.indexOf(i):"*="===r?i&&-1:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i;function j(e,n,r){return m(n)?S.grep(e,function(e,t){return!!n.call(e,t,e)!==r}):n.nodeType?S.grep(e,function(e){return e===n!==r}):"string"!=typeof n?S.grep(e,function(e){return-1)[^>]*|#([\w-]+))$/;(S.fn.init=function(e,t,n){var r,i;if(!e)return this;if(n=n||D,"string"==typeof e){if(!(r="<"===e[0]&&">"===e[e.length-1]&&3<=e.length?[null,e,null]:q.exec(e))||!r[1]&&t)return!t||t.jquery?(t||n).find(e):this.constructor(t).find(e);if(r[1]){if(t=t instanceof S?t[0]:t,S.merge(this,S.parseHTML(r[1],t&&t.nodeType?t.ownerDocument||t:E,!0)),N.test(r[1])&&S.isPlainObject(t))for(r in t)m(this[r])?this[r](t[r]):this.attr(r,t[r]);return this}return(i=E.getElementById(r[2]))&&(this[0]=i,this.length=1),this}return e.nodeType?(this[0]=e,this.length=1,this):m(e)?void 0!==n.ready?n.ready(e):e(S):S.makeArray(e,this)}).prototype=S.fn,D=S(E);var L=/^(?:parents|prev(?:Until|All))/,H={children:!0,contents:!0,next:!0,prev:!0};function O(e,t){while((e=e[t])&&1!==e.nodeType);return e}S.fn.extend({has:function(e){var t=S(e,this),n=t.length;return this.filter(function(){for(var e=0;e\x20\t\r\n\f]*)/i,he=/^$|^module$|\/(?:java|ecma)script/i;ce=E.createDocumentFragment().appendChild(E.createElement("div")),(fe=E.createElement("input")).setAttribute("type","radio"),fe.setAttribute("checked","checked"),fe.setAttribute("name","t"),ce.appendChild(fe),y.checkClone=ce.cloneNode(!0).cloneNode(!0).lastChild.checked,ce.innerHTML="",y.noCloneChecked=!!ce.cloneNode(!0).lastChild.defaultValue,ce.innerHTML="",y.option=!!ce.lastChild;var ge={thead:[1,"","
"],col:[2,"","
"],tr:[2,"","
"],td:[3,"","
"],_default:[0,"",""]};function ve(e,t){var n;return n="undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName(t||"*"):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll(t||"*"):[],void 0===t||t&&A(e,t)?S.merge([e],n):n}function ye(e,t){for(var n=0,r=e.length;n",""]);var me=/<|&#?\w+;/;function xe(e,t,n,r,i){for(var o,a,s,u,l,c,f=t.createDocumentFragment(),p=[],d=0,h=e.length;d\s*$/g;function je(e,t){return A(e,"table")&&A(11!==t.nodeType?t:t.firstChild,"tr")&&S(e).children("tbody")[0]||e}function De(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function qe(e){return"true/"===(e.type||"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function Le(e,t){var n,r,i,o,a,s;if(1===t.nodeType){if(Y.hasData(e)&&(s=Y.get(e).events))for(i in Y.remove(t,"handle events"),s)for(n=0,r=s[i].length;n").attr(n.scriptAttrs||{}).prop({charset:n.scriptCharset,src:n.url}).on("load error",i=function(e){r.remove(),i=null,e&&t("error"===e.type?404:200,e.type)}),E.head.appendChild(r[0])},abort:function(){i&&i()}}});var _t,zt=[],Ut=/(=)\?(?=&|$)|\?\?/;S.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=zt.pop()||S.expando+"_"+wt.guid++;return this[e]=!0,e}}),S.ajaxPrefilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Ut.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Ut.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCallback=m(e.jsonpCallback)?e.jsonpCallback():e.jsonpCallback,a?e[a]=e[a].replace(Ut,"$1"+r):!1!==e.jsonp&&(e.url+=(Tt.test(e.url)?"&":"?")+e.jsonp+"="+r),e.converters["script json"]=function(){return o||S.error(r+" was not called"),o[0]},e.dataTypes[0]="json",i=C[r],C[r]=function(){o=arguments},n.always(function(){void 0===i?S(C).removeProp(r):C[r]=i,e[r]&&(e.jsonpCallback=t.jsonpCallback,zt.push(r)),o&&m(i)&&i(o[0]),o=i=void 0}),"script"}),y.createHTMLDocument=((_t=E.implementation.createHTMLDocument("").body).innerHTML="
",2===_t.childNodes.length),S.parseHTML=function(e,t,n){return"string"!=typeof e?[]:("boolean"==typeof t&&(n=t,t=!1),t||(y.createHTMLDocument?((r=(t=E.implementation.createHTMLDocument("")).createElement("base")).href=E.location.href,t.head.appendChild(r)):t=E),o=!n&&[],(i=N.exec(e))?[t.createElement(i[1])]:(i=xe([e],t,o),o&&o.length&&S(o).remove(),S.merge([],i.childNodes)));var r,i,o},S.fn.load=function(e,t,n){var r,i,o,a=this,s=e.indexOf(" ");return-1").append(S.parseHTML(e)).find(r):e)}).always(n&&function(e,t){a.each(function(){n.apply(this,o||[e.responseText,t,e])})}),this},S.expr.pseudos.animated=function(t){return S.grep(S.timers,function(e){return t===e.elem}).length},S.offset={setOffset:function(e,t,n){var r,i,o,a,s,u,l=S.css(e,"position"),c=S(e),f={};"static"===l&&(e.style.position="relative"),s=c.offset(),o=S.css(e,"top"),u=S.css(e,"left"),("absolute"===l||"fixed"===l)&&-1<(o+u).indexOf("auto")?(a=(r=c.position()).top,i=r.left):(a=parseFloat(o)||0,i=parseFloat(u)||0),m(t)&&(t=t.call(e,n,S.extend({},s))),null!=t.top&&(f.top=t.top-s.top+a),null!=t.left&&(f.left=t.left-s.left+i),"using"in t?t.using.call(e,f):c.css(f)}},S.fn.extend({offset:function(t){if(arguments.length)return void 0===t?this:this.each(function(e){S.offset.setOffset(this,t,e)});var e,n,r=this[0];return r?r.getClientRects().length?(e=r.getBoundingClientRect(),n=r.ownerDocument.defaultView,{top:e.top+n.pageYOffset,left:e.left+n.pageXOffset}):{top:0,left:0}:void 0},position:function(){if(this[0]){var e,t,n,r=this[0],i={top:0,left:0};if("fixed"===S.css(r,"position"))t=r.getBoundingClientRect();else{t=this.offset(),n=r.ownerDocument,e=r.offsetParent||n.documentElement;while(e&&(e===n.body||e===n.documentElement)&&"static"===S.css(e,"position"))e=e.parentNode;e&&e!==r&&1===e.nodeType&&((i=S(e).offset()).top+=S.css(e,"borderTopWidth",!0),i.left+=S.css(e,"borderLeftWidth",!0))}return{top:t.top-i.top-S.css(r,"marginTop",!0),left:t.left-i.left-S.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var e=this.offsetParent;while(e&&"static"===S.css(e,"position"))e=e.offsetParent;return e||re})}}),S.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(t,i){var o="pageYOffset"===i;S.fn[t]=function(e){return $(this,function(e,t,n){var r;if(x(e)?r=e:9===e.nodeType&&(r=e.defaultView),void 0===n)return r?r[i]:e[t];r?r.scrollTo(o?r.pageXOffset:n,o?n:r.pageYOffset):e[t]=n},t,e,arguments.length)}}),S.each(["top","left"],function(e,n){S.cssHooks[n]=Fe(y.pixelPosition,function(e,t){if(t)return t=We(e,n),Pe.test(t)?S(e).position()[n]+"px":t})}),S.each({Height:"height",Width:"width"},function(a,s){S.each({padding:"inner"+a,content:s,"":"outer"+a},function(r,o){S.fn[o]=function(e,t){var n=arguments.length&&(r||"boolean"!=typeof e),i=r||(!0===e||!0===t?"margin":"border");return $(this,function(e,t,n){var r;return x(e)?0===o.indexOf("outer")?e["inner"+a]:e.document.documentElement["client"+a]:9===e.nodeType?(r=e.documentElement,Math.max(e.body["scroll"+a],r["scroll"+a],e.body["offset"+a],r["offset"+a],r["client"+a])):void 0===n?S.css(e,t,i):S.style(e,t,n,i)},s,n?e:void 0,n)}})}),S.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){S.fn[t]=function(e){return this.on(t,e)}}),S.fn.extend({bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return 1===arguments.length?this.off(e,"**"):this.off(t,e||"**",n)},hover:function(e,t){return this.mouseenter(e).mouseleave(t||e)}}),S.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(e,n){S.fn[n]=function(e,t){return 0 .grid-item { + margin-bottom: 18px; + min-height: 1px; + width: 100%; +} + +.grid:last-child > .item:last-child { + margin-bottom: 0px; +} + +@media screen and (min-width: 760px) { + + .grid.md-2 > .grid-item { + float: left; + width: 48.34436%; + margin-right: 3.31126%; + } + + .grid.md-2 > .grid-item:nth-child(n), .grid.md-2 > .grid-item:nth-of-type(n) { + margin-right: 3.31126%; + clear: none; + } + + .grid.md-2 > .grid-item:nth-child(2n) { + margin-right: 0; + } + + .grid.md-2 > .grid-item:nth-child(2n+1) { + clear: both; + } + +} diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/edit-webapp/images/failure-32x32.png b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/edit-webapp/images/failure-32x32.png new file mode 100644 index 0000000..3c48e46 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/edit-webapp/images/failure-32x32.png differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/edit-webapp/images/placeholder-logo.png b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/edit-webapp/images/placeholder-logo.png new file mode 100644 index 0000000..f5807ed Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/edit-webapp/images/placeholder-logo.png differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/edit-webapp/images/success-32x32.png b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/edit-webapp/images/success-32x32.png new file mode 100644 index 0000000..aa51204 Binary files /dev/null and b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/edit-webapp/images/success-32x32.png differ diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/edit-webapp/index.jsp b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/edit-webapp/index.jsp new file mode 100644 index 0000000..087cee2 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/edit-webapp/index.jsp @@ -0,0 +1,31 @@ +<%@ page pageEncoding="UTF-8" %> +<%@ taglib uri="http://www.springframework.org/tags" prefix="spring" %> + + + + + <spring:message code="root.title" text="Shibboleth IdP" /> + "> + + + +
+
+
+ " alt=""> +
+ +
+

+
+
+ +
+
+

+
+
+
+ + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/flows/authn/conditions/account-locked/account-locked-flow.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/flows/authn/conditions/account-locked/account-locked-flow.xml new file mode 100644 index 0000000..5fe7523 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/flows/authn/conditions/account-locked/account-locked-flow.xml @@ -0,0 +1,16 @@ + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/flows/authn/conditions/conditions-flow.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/flows/authn/conditions/conditions-flow.xml new file mode 100644 index 0000000..53c4994 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/flows/authn/conditions/conditions-flow.xml @@ -0,0 +1,35 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/flows/authn/conditions/expired-password/expired-password-flow.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/flows/authn/conditions/expired-password/expired-password-flow.xml new file mode 100644 index 0000000..5fe7523 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/flows/authn/conditions/expired-password/expired-password-flow.xml @@ -0,0 +1,16 @@ + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/flows/authn/conditions/expiring-password/expiring-password-flow.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/flows/authn/conditions/expiring-password/expiring-password-flow.xml new file mode 100644 index 0000000..75bb86a --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/flows/authn/conditions/expiring-password/expiring-password-flow.xml @@ -0,0 +1,33 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/messages/messages.properties b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/messages/messages.properties new file mode 100644 index 0000000..b59fc89 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/messages/messages.properties @@ -0,0 +1,6 @@ +# You can define message properties here to override messages defined in +# the system-supplied message file or to add your own messages. + +# You should alter these to point to different files of your own choosing. +#idp.css = /css/placeholder.css +#idp.logo = /images/placeholder-logo.png diff --git a/src/test/docker/shibboleth-idp/config/shib-idp/metadata/idp-metadata.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/metadata/idp-metadata.xml similarity index 100% rename from src/test/docker/shibboleth-idp/config/shib-idp/metadata/idp-metadata.xml rename to src/test/docker/shibboleth-idp/opt-shibboleth-idp/metadata/idp-metadata.xml diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/static/openid-configuration.json b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/static/openid-configuration.json new file mode 100644 index 0000000..d33b4e7 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/static/openid-configuration.json @@ -0,0 +1,139 @@ +{ + "issuer":"https://idp.unicon.local", + "authorization_endpoint":"https://idp.unicon.local/idp/profile/oidc/authorize", + "registration_endpoint":"https://idp.unicon.local/idp/profile/oidc/register", + "token_endpoint":"https://idp.unicon.local/idp/profile/oidc/token", + "userinfo_endpoint":"https://idp.unicon.local/idp/profile/oidc/userinfo", + "introspection_endpoint":"https://idp.unicon.local/idp/profile/oauth2/introspection", + "revocation_endpoint":"https://idp.unicon.local/idp/profile/oauth2/revocation", + "jwks_uri":"https://idp.unicon.local/idp/profile/oidc/keyset", + "response_types_supported":[ + "code", + "id_token", + "token id_token", + "code id_token", + "code token", + "code token id_token" + ], + "subject_types_supported":[ + "public", + "pairwise" + ], + "grant_types_supported":[ + "authorization_code", + "implicit", + "refresh_token" + ], + "id_token_encryption_alg_values_supported":[ + "RSA1_5", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A192KW", + "A256KW", + "A128GCMKW", + "A192GCMKW", + "A256GCMKW" + ], + "id_token_encryption_enc_values_supported":[ + "A128CBC-HS256" + ], + "id_token_signing_alg_values_supported":[ + "RS256", + "RS384", + "RS512", + "HS256", + "HS384", + "HS512", + "ES256" + ], + "userinfo_encryption_alg_values_supported":[ + "RSA1_5", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A192KW", + "A256KW", + "A128GCMKW", + "A192GCMKW", + "A256GCMKW" + ], + "userinfo_encryption_enc_values_supported":[ + "A128CBC-HS256" + ], + "userinfo_signing_alg_values_supported":[ + "RS256", + "RS384", + "RS512", + "HS256", + "HS384", + "HS512", + "ES256" + ], + "request_object_signing_alg_values_supported":[ + "none", + "RS256", + "RS384", + "RS512", + "HS256", + "HS384", + "HS512", + "ES256", + "ES384", + "ES512" + ], + "token_endpoint_auth_methods_supported":[ + "client_secret_basic", + "client_secret_post", + "client_secret_jwt", + "private_key_jwt" + ], + "claims_parameter_supported":true, + "request_parameter_supported":true, + "request_uri_parameter_supported":true, + "require_request_uri_registration":true, + "display_values_supported":[ + "page" + ], + "scopes_supported":[ + "openid", + "profile", + "email", + "address", + "phone", + "offline_access" + ], + "response_modes_supported":[ + "query", + "fragment", + "form_post" + ], + "claims_supported":[ + "aud", + "iss", + "sub", + "iat", + "exp", + "acr", + "auth_time", + "email", + "email_verified", + "address", + "phone", + "phone_number_verified", + "name", + "family_name", + "given_name", + "middle_name", + "nickname", + "preferred_username", + "profile", + "picture", + "website", + "gender", + "birthdate", + "zoneinfo", + "locale", + "updated_at" + ] +} \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/admin/hello.vm b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/admin/hello.vm new file mode 100644 index 0000000..6268c6c --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/admin/hello.vm @@ -0,0 +1,68 @@ +## +## Velocity Template for Hello World page. +## +## Velocity context will contain the following properties +## flowRequestContext - the Spring Web Flow RequestContext +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## profileRequestContext - root of context tree +## subjectContext - ProfileRequestContext -> SubjectContext +## attributeContext - ProfileRequestContext -> AttributeContext +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## + + + + #springMessageText("idp.title", "Web Login Service") - #springMessageText("hello-world.title", "Hello World") + + + + + + + +
+
+ +
+ +
+

#springMessageText("hello-world.greeting", "Greetings"), $encoder.encodeForHTML($subjectContext.getPrincipalName())

+

Authenticated by
+ #foreach ($result in $subjectContext.getAuthenticationResults().entrySet()) + $encoder.encodeForHTML($result.getKey())
+ #end

+ +

Java Principals in Subjects
+ #foreach ($s in $subjectContext.getSubjects()) + #foreach ($p in $s.getPrincipals()) + $encoder.encodeForHTML($p)
+ #end + #end

+ + #if ($attributeContext && !$attributeContext.getUnfilteredIdPAttributes().isEmpty()) + +

Attributes
+ #foreach ($a in $attributeContext.getUnfilteredIdPAttributes()) + #if (!$a.getValues().isEmpty()) + $encoder.encodeForHTML($a.getId())
+ #foreach ($v in $a.getValues()) + $encoder.encodeForHTML($v.getDisplayValue())
+ #end + #end + #end + #end +

+ + #springMessageText("hello-world.reload", "Reload the Page") +
+
+
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+ + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/client-storage/client-storage-read.vm b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/client-storage/client-storage-read.vm new file mode 100644 index 0000000..1afe818 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/client-storage/client-storage-read.vm @@ -0,0 +1,48 @@ +## +## Velocity template to read from local storage. +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## loadContext - context with details about the storage keys to load +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service")) +#set ($titleSuffix = $springMacroRequestContext.getMessage("idp.client-storage-read.suffix", "Loading Session Information")) +## + + + + $title - $titleSuffix + + + + + + + +
+
+

$title - $titleSuffix

+

$springMacroRequestContext.getMessage("idp.client-storage-read.text", "Loading login session information from the browser...")

+ + #parse("client-storage/read.vm") +
+
+
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+ + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/client-storage/client-storage-write.vm b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/client-storage/client-storage-write.vm new file mode 100644 index 0000000..066cbdb --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/client-storage/client-storage-write.vm @@ -0,0 +1,50 @@ +## +## Velocity template to write to local storage. +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## saveContext - context with details about the storage data to save +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service")) +#set ($titleSuffix = $springMacroRequestContext.getMessage("idp.client-storage-write.suffix", "Saving Session Information...")) +## + + + + $title - $titleSuffix + + + + + + + +
+
+

$title - $titleSuffix

+

$springMacroRequestContext.getMessage("idp.client-storage-write.text", "Saving login session information to the browser...")

+ + #parse("client-storage/write.vm") +
+
+
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+ + \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/error.vm b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/error.vm new file mode 100644 index 0000000..0f01e89 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/error.vm @@ -0,0 +1,74 @@ +## +## Velocity Template for error end-state +## +## Velocity context will contain the following variables during controlled errors. +## Some error paths involve runtime exceptions handled outside Spring Web Flow by the +## MVC layer and will not generally populate most of these variables. +## +## flowRequestContext - the Spring Web Flow RequestContext +## profileRequestContext - root of context tree +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## +#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service")) +#set ($defaultTitleSuffix = $springMacroRequestContext.getMessage("idp.title.suffix", "Error")) +## +#if ($flowRequestContext) + ## This handles flow events, the most common case. + #set ($eventId = $flowRequestContext.getCurrentEvent().getId()) + #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "error")) + #set ($titleSuffix = $springMacroRequestContext.getMessage("${eventKey}.title", "$defaultTitleSuffix")) + #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "$defaultTitleSuffix: $eventId")) + #if ($eventId == "AccessDenied" or $eventId == "ContextCheckDenied") + $response.setStatus(403) + #elseif ($eventId == "AttributeReleaseRejected" || $eventId == "TermsRejected") + $response.setStatus(200) + #elseif ($eventKey == "unexpected" || $eventKey == "runtime-error" || $eventKey == "error") + $response.setStatus(500) + #else + $response.setStatus(400) + #end +#elseif ($exception) + ## This handles exceptions that reach the Spring-MVC exception handler. + #set ($eventId = $exception.getClass().getSimpleName()) + #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "error")) + #set ($titleSuffix = $springMacroRequestContext.getMessage("${eventKey}.title", "$defaultTitleSuffix")) + #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "$defaultTitleSuffix: $eventId")) + $response.setStatus(500) +#else + ## This is a catch-all that theoretically shouldn't happen? + #set ($titleSuffix = $defaultTitleSuffix) + #set ($message = $springMacroRequestContext.getMessage("idp.message", "An unidentified error occurred.")) + $response.setStatus(500) +#end +## + + + + + + + + + + +
+
+ +
+ +
+

$title - $titleSuffix

+

#evaluate($message)

+
+
+
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+ + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/login-error.vm b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/login-error.vm new file mode 100644 index 0000000..4a9e641 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/login-error.vm @@ -0,0 +1,24 @@ +## Velocity Template for login error message production, included by login.vm +## +## authenticationErrorContext - context containing error data, if available +## +#if ($authenticationErrorContext && $authenticationErrorContext.getClassifiedErrors().size() > 0 && !$authenticationErrorContext.getClassifiedErrors().contains('AuthenticationException')) + ## This handles errors that are classified by the message maps in the authentication config. + #set ($eventId = $authenticationErrorContext.getClassifiedErrors().iterator().next()) + #if ($eventId != "ReselectFlow") + #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "authn")) + #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "Login Failure: $eventId")) + #end +#elseif ($authenticationErrorContext && $authenticationErrorContext.getExceptions().size() > 0) + ## This handles login exceptions that are left unclassified. + #set ($loginException = $authenticationErrorContext.getExceptions().get(0)) + #if ($loginException.getMessage()) + #set ($message = "Login Failure: $loginException.getMessage()") + #else + #set ($message = $loginException.toString()) + #end +#end + +#if ($message) +

$encoder.encodeForHTML($message)

+#end diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/login.vm b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/login.vm new file mode 100644 index 0000000..20ed38e --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/login.vm @@ -0,0 +1,106 @@ +## +## Velocity Template for DisplayUsernamePasswordPage view-state +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## authenticationContext - context with authentication request information +## authenticationErrorContext - context with login error state +## authenticationWarningContext - context with login warning state +## ldapResponseContext - context with LDAP state (if using native LDAP) +## rpUIContext - the context with SP UI information from the metadata +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## +#set ($rpContext = $profileRequestContext.getSubcontext('net.shibboleth.profile.context.RelyingPartyContext')) +#set ($username = $authenticationContext.getSubcontext('net.shibboleth.idp.authn.context.UsernamePasswordContext', true).getUsername()) +## + + + + #springMessageText("idp.title", "Web Login Service") + + + + + + +
+
+ + + #set ($serviceName = $rpUIContext.serviceName) + #if ($serviceName && !$rpContext.getRelyingPartyId().contains($serviceName)) +

#springMessageText("idp.login.loginTo", "Login to") $encoder.encodeForHTML($serviceName)

+ #end +
+ +
+
+ #parse("csrf/csrf.vm") + + #* + // + // SP Description & Logo (optional) + // These idpui lines will display added information (if available + // in the metadata) about the Service Provider (SP) that requested + // authentication. These idpui lines are "active" in this example + // (not commented out) - this extra SP info will be displayed. + // Remove or comment out these lines to stop the display of the + // added SP information. + // + *# + #set ($logo = $rpUIContext.getLogo()) + #if ($logo) + + #end + #set ($desc = $rpUIContext.getServiceDescription()) + #if ($desc) +

$encoder.encodeForHTML($desc)

+ #end + + #parse("login-error.vm") + + + + + + + + ## You may need to modify this to taste, such as changing the flow name checked to authn/MFA. + #if (!$authenticationContext.getActiveResults().containsKey('authn/Password')) + + + #end + + + + +
+
+ +
+
+
+ + +
+
+
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+ + \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/logout-complete.vm b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/logout-complete.vm new file mode 100644 index 0000000..2d332ea --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/logout-complete.vm @@ -0,0 +1,61 @@ +## +## Velocity Template for logout flow's concluding view-state (no propagation) +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## logoutContext - context with SPSession details for logout operation +## multiRPContext - context with RelyingPartyContexts and possibly SP UI information from the metadata +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## +#set ($activeIdPSessions = $logoutContext and !$logoutContext.getIdPSessions().isEmpty()) +#set ($activeSPSessions = $logoutContext and !$logoutContext.getSessionMap().isEmpty()) + + + + #springMessageText("idp.title", "Web Login Service") + + + + + + + +
+
+ +
+ +
+ #if ($activeIdPSessions) +

#springMessageText("idp.logout.cancelled", "Logout has been cancelled.")

+ #elseif ($activeSPSessions) +

#springMessageText("idp.logout.local", "You elected not to log out of all the applications accessed during your session.")

+ #else +

#springMessageText("idp.logout.complete", "The logout operation is complete, and no other services appear to have been accessed during this session.")

+ #end + + + + + #if ( $profileRequestContext.getProfileId().contains("saml2/logout") ) + + #end +
+
+
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+ + \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/logout-propagate.vm b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/logout-propagate.vm new file mode 100644 index 0000000..ab73382 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/logout-propagate.vm @@ -0,0 +1,57 @@ +## +## Velocity Template for logout flow's concluding view-state (with propagation) +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## logoutContext - context with SPSession details for logout operation +## multiRPContext - context with RelyingPartyContexts and possibly SP UI information from the metadata +## htmlEncoder - HTMLEncoder class +## urlEncoder - urlEncoder class +## codecUtil - CodecUtil class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## +#set ($hidden = $environment.getProperty("idp.logout.propagationHidden", "false")) + + + + #springMessageText("idp.title", "Web Login Service") + + + + + + + + +
+
+ +
+ +
+ #if($hidden == "true") +

#springMessageText("idp.logout.hidden", "Your single sign-on session has been terminated, but you are still logged into many of the services you have accessed during your session.")

+ #else +

#springMessageText("idp.logout.attempt", "Attempting to log out of the following services:")

+ #end + #parse("logout/propagate.vm") + + +
+
+
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+ + \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/logout.vm b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/logout.vm new file mode 100644 index 0000000..ab01600 --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/views/logout.vm @@ -0,0 +1,118 @@ +## +## Velocity Template for logout flow's starting view-state +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## logoutContext - context with SPSession details for logout operation +## multiRPContext - context with RelyingPartyContexts and possibly SP UI information from the metadata +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## +#set ($rpContext = $profileRequestContext.getSubcontext("net.shibboleth.profile.context.RelyingPartyContext")) +#if ($rpContext) +#set ($rpUIContext = $rpContext.getSubcontext("net.shibboleth.idp.ui.context.RelyingPartyUIContext")) +#end +#set ($promptForIdP = $logoutContext and !$logoutContext.getIdPSessions().isEmpty()) +#set ($promptForSP = $logoutContext and !$logoutContext.getSessionMap().isEmpty()) + + + + #springMessageText("idp.title", "Web Login Service") + + + + #if ($promptForSP) + + #elseif ($promptForIdP) + + #end + + + + +
+
+ +
+ +
+
+

Note for deployers: This page is displayed when a logout operation at the Identity Provider completes. + This page is an example and should be customized. It is not fully internationalized because the presentation will be a highly localized decision, + and we don't have a good suggestion for a default.

+
+ + #if ($rpContext) +

#springMessageText("idp.logout.sp-initiated", "You have been logged out of the following service:")

+
+ #if ($rpUIContext) + $encoder.encodeForHTML($rpUIContext.getServiceName()) + #else + $encoder.encodeForHTML($rpContext.getRelyingPartyId()) + #end +
+
+ #end + + #if ($promptForIdP or $promptForSP) +

#springMessageText("idp.logout.prompt", "Choose one of the following, or wait a few seconds for the default.")

+
+ +
+ +

+

#springMessageText("idp.logout.idponly.caption", "End your SSO session.")

+ #end + + #if ($promptForSP) +

+

#springMessageText("idp.logout.global.caption", "End your SSO session and attempt logout of services accessed during session.")

+

#springMessageText("idp.logout.contactServices", "If instructed, the system will attempt to contact the following services:")

+
    + #foreach ($sp in $logoutContext.getSessionMap().keySet()) + #set ($rpCtx = $multiRPContext.getRelyingPartyContextById($sp)) + #if ($rpCtx) + #set ($rpUIContext = $rpCtx.getSubcontext("net.shibboleth.idp.ui.context.RelyingPartyUIContext")) + #end + #if ($rpUIContext and $rpUIContext.getServiceName()) +
  1. $encoder.encodeForHTML($rpUIContext.getServiceName())
    2. + #else +
  2. $encoder.encodeForHTML($sp)
    3. + #end + #end +
+ #end + + #if ($promptForIdP) +

+

#springMessageText("idp.logout.cancel.caption", "Cancel logout and retain your SSO session.")

+ #end + + #if ($promptForIdP or $promptForSP) +
+ #else +

#springMessageText("idp.logout.complete", "The logout operation is complete, and no other services appear to have been accessed during this session.")

+ + + #end + + +
+ +
+
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+ + \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/war/.gitkeep b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/war/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/src/test/docker/shibboleth-idp/tomcat/idp.xml b/src/test/docker/shibboleth-idp/tomcat/idp.xml new file mode 100644 index 0000000..6262af6 --- /dev/null +++ b/src/test/docker/shibboleth-idp/tomcat/idp.xml @@ -0,0 +1,3 @@ + \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/tomcat/server.xml b/src/test/docker/shibboleth-idp/tomcat/server.xml new file mode 100644 index 0000000..77476e1 --- /dev/null +++ b/src/test/docker/shibboleth-idp/tomcat/server.xml @@ -0,0 +1,162 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/tomcat/setenv.sh b/src/test/docker/shibboleth-idp/tomcat/setenv.sh new file mode 100644 index 0000000..a88f2b6 --- /dev/null +++ b/src/test/docker/shibboleth-idp/tomcat/setenv.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +export "CATALINA_OPTS=$CATALINA_OPTS -Didp.home=/opt/shibboleth-idp" \ No newline at end of file diff --git a/src/test/docker/shibboleth-idp/wwwroot/robots.txt b/src/test/docker/shibboleth-idp/wwwroot/robots.txt deleted file mode 100644 index 77470cb..0000000 --- a/src/test/docker/shibboleth-idp/wwwroot/robots.txt +++ /dev/null @@ -1,2 +0,0 @@ -User-agent: * -Disallow: / \ No newline at end of file