├── .github └── pull_request_template.md ├── .gitignore ├── .gitlab-ci.yml ├── .gitlab └── merge_request_templates │ └── default.md ├── .rubocop.yml ├── .ruby-version ├── Brewfile ├── CONTRIBUTING.md ├── Dockerfile ├── Gemfile ├── Gemfile.lock ├── Makefile ├── Procfile ├── README.md ├── Rakefile ├── app ├── controllers │ ├── application_controller.rb │ ├── concerns │ │ └── .keep │ ├── health │ │ ├── certs_controller.rb │ │ └── overall_controller.rb │ ├── identify_controller.rb │ └── verify_controller.rb ├── helpers │ └── application_helper.rb ├── models │ ├── application_record.rb │ ├── certificate.rb │ ├── certificate_authority.rb │ ├── certificate_revocation.rb │ ├── concerns │ │ └── .keep │ ├── finite_policy_mapping_depth.rb │ ├── infinite_policy_mapping_depth.rb │ ├── ocsp_response.rb │ ├── piv_cac.rb │ └── unrecognized_certificate_authority.rb ├── policies │ └── certificate_policies.rb ├── services │ ├── certificate_chain_service.rb │ ├── certificate_logger_service.rb │ ├── certificate_revocation_list_service.rb │ ├── certificate_store.rb │ ├── duration_parser.rb │ ├── health_checker.rb │ ├── issuing_ca_service.rb │ ├── ocsp_service.rb │ ├── policy_mapping_service.rb │ └── token_service.rb └── views │ └── layouts │ └── application.html.erb ├── bin ├── activate ├── bundle ├── cer2pem ├── docker_setup ├── fast_setup ├── puma ├── pumactl ├── rails ├── rake ├── release ├── setup ├── spring ├── tag-release ├── update └── yarn ├── config.ru ├── config ├── application.rb ├── application.yml.default ├── boot.rb ├── cable.yml ├── cert_bundles │ ├── ficam_bundle.pem │ └── login_bundle.pem ├── certs │ ├── .keep │ ├── C=US, O=Boeing, OU=certservers, CN=Boeing PCA G3.pem │ ├── C=US, O=CertiPath, OU=Certification Authorities, CN=CertiPath Bridge CA - G3.pem │ ├── C=US, O=DigiCert, Inc., CN=DigiCert Class 3 SSP Intermediate CA - G4.pem │ ├── C=US, O=DigiCert, Inc., CN=DigiCert Federal SSP Intermediate CA - G5.pem │ ├── C=US, O=DigiCert, Inc., CN=DigiCert Federal SSP Intermediate CA - G6.pem │ ├── C=US, O=Entrust, OU=Certification Authorities, CN=Entrust Derived Credential SSP CA.pem │ ├── C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services NFI Root CA.pem │ ├── C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services Root CA 1753288596.pem │ ├── C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services Root CA 1924711200.pem │ ├── C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services Root CA.pem │ ├── C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA 1753288596.pem │ ├── C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA 1920665011.pem │ ├── C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA.pem │ ├── C=US, O=Entrust, OU=Certification Authorities, OU=Entrust NFI Medium Assurance SSP CA.pem │ ├── C=US, O=Exostar LLC, OU=Certification Authorities, CN=Exostar Federated Identity Service Root CA 2.pem │ ├── C=US, O=ORC PKI, CN=WidePoint ORC SSP 5.pem │ ├── C=US, O=ORC PKI, CN=WidePoint SSP Intermediate CA.pem │ ├── C=US, O=U.S. Government, OU=Department of Energy, OU=Certification Authorities, CN=DOE SSP CA.pem │ ├── C=US, O=U.S. Government, OU=Department of Homeland Security, OU=Certification Authorities, OU=DHS CA4 1749827104.pem │ ├── C=US, O=U.S. Government, OU=Department of Homeland Security, OU=Certification Authorities, OU=DHS CA4 1998399859.pem │ ├── C=US, O=U.S. Government, OU=Department of Homeland Security, OU=Certification Authorities, OU=DHS CA4.pem │ ├── C=US, O=U.S. Government, OU=Department of State, OU=PIV, OU=Certification Authorities, OU=U.S. Department of State PIV CA2.pem │ ├── C=US, O=U.S. Government, OU=Department of Veterans Affairs, OU=Certification Authorities, OU=Department of Veterans Affairs CA 1760711487.pem │ ├── C=US, O=U.S. Government, OU=Department of Veterans Affairs, OU=Certification Authorities, OU=Department of Veterans Affairs CA.pem │ ├── C=US, O=U.S. Government, OU=Department of the Treasury, OU=Certification Authorities, OU=OCIO CA.pem │ ├── C=US, O=U.S. Government, OU=Department of the Treasury, OU=Certification Authorities, OU=US Treasury Root CA 1785941190.pem │ ├── C=US, O=U.S. Government, OU=Department of the Treasury, OU=Certification Authorities, OU=US Treasury Root CA.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD DERILITY CA-1.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD DERILITY CA-3.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-62.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-63.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-64.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-65.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-62.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-63.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-64.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-65.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-70.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-71.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-72.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-73.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-66.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-67.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Interoperability Root CA 2 1770487200.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 3.pem │ ├── C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 6.pem │ ├── C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA G4.pem │ ├── C=US, O=U.S. Government, OU=HHS, OU=Certification Authorities, CN=HHS-FPKI-Intermediate-CA-E1 1879534213.pem │ ├── C=US, O=U.S. Government, OU=HHS, OU=Certification Authorities, CN=HHS-FPKI-Intermediate-CA-E1.pem │ ├── C=US, O=U.S. Government, OU=NASA, OU=Certification Authorities, OU=NASA Operational CA 1749826492.pem │ ├── C=US, O=U.S. Government, OU=NASA, OU=Certification Authorities, OU=NASA Operational CA.pem │ ├── C=US, O=U.S. Government, OU=SSA, OU=Social Security Administration Certification Authority.pem │ ├── C=US, O=U.S. Government, OU=U.S. Department of Education, CN=U.S. Department of Education Agency CA - G5.pem │ ├── C=US, O=U.S. Government, OU=U.S. Department of Transportation, CN=U.S. Department of Transportation Agency CA G5 01.pem │ ├── C=US, O=U.S. Government, OU=U.S. Department of Transportation, CN=U.S. Department of Transportation Agency CA G5 02.pem │ ├── C=US, O=U.S. Government, OU=U.S. Department of Transportation, CN=U.S. Department of Transportation Agency CA G6.pem │ ├── C=US, O=U.S. Government, OU=U.S. Nuclear Regulatory Commission, CN=NRC SSP Agency CA G4.pem │ ├── C=US, O=U.S. Government, OU=U.S. Senate, OU=Office of the Sergeant at Arms, CN=Senate PIV-I CA G5 PROD.pem │ ├── C=US, O=U.S. Government, OU=U.S. Senate, OU=Office of the Sergeant at Arms, CN=Senate PIV-I CA G6.pem │ ├── C=US, O=WidePoint, OU=Certification Authorities, CN=WidePoint NFI Root 2.pem │ ├── C=US, O=WidePoint, OU=Certification Authorities, CN=WidePoint ORC NFI 4-2.pem │ ├── C=US, O=WidePoint, OU=Certification Authorities, CN=WidePoint ORC NFI 4.pem │ ├── DC=com, DC=evincible, CN=Exostar Federated Identity Service Signing CA 4.pem │ ├── DC=gov, DC=uspto, CN=Configuration, CN=Services, CN=Public Key Services, CN=AIA, CN=USPTO_INTR_CA1 1891342000.pem │ ├── DC=gov, DC=uspto, CN=Configuration, CN=Services, CN=Public Key Services, CN=AIA, CN=USPTO_INTR_CA1.pem │ ├── DC=sbu, DC=state, CN=Configuration, CN=Services, CN=Public Key Services, CN=AIA, CN=U.S. Department of State AD High Assurance CA 1835992494.pem │ ├── DC=sbu, DC=state, CN=Configuration, CN=Services, CN=Public Key Services, CN=AIA, CN=U.S. Department of State AD Root CA.pem │ └── c=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA G2.pem ├── database.yml ├── environment.rb ├── environments │ ├── development.rb │ ├── production.rb │ └── test.rb ├── initializers │ ├── application_controller_renderer.rb │ ├── aws.rb │ ├── backtrace_silencers.rb │ ├── certificate_store.rb │ ├── cookies_serializer.rb │ ├── filter_parameter_logging.rb │ ├── inflections.rb │ ├── mime_types.rb │ ├── secret_token.rb │ └── wrap_parameters.rb ├── local-certs │ ├── Makefile │ ├── rootCA.csr.cnf │ ├── server.csr.cnf │ └── v3.ext ├── locales │ └── en.yml ├── newrelic.yml ├── nginx_server.conf.example ├── puma.rb ├── routes.rb ├── spring.rb └── test-certs │ └── .keep ├── db ├── migrate │ ├── 20180410124250_add_certificates_table.rb │ ├── 20180410124445_add_certificate_revocations_table.rb │ ├── 20180412195153_create_piv_cacs_table.rb │ ├── 20180419202740_rename_certificate_to_certificate_authority.rb │ ├── 20180517192853_create_unrecognized_certificate_authorities_table.rb │ └── 20180523205303_add_ocsp_url_to_certificate_authorities.rb ├── schema.rb └── seeds.rb ├── docker-compose.yml ├── dockerfiles └── pivcac_ci.Dockerfile ├── k8.Dockerfile ├── k8files ├── application.yaml ├── application.yml.default.docker ├── configure_environment ├── fipsmode.patch ├── newrelic.yml ├── nginx-prod.conf ├── nginx.conf ├── pivcac.conf ├── puma_production ├── push_letsencrypt_certs.sh ├── status-map.conf ├── status.conf ├── update-ips.sh ├── update_cert_revocations └── update_letsencrypt_certs ├── lib ├── feature_management.rb ├── identity_config.rb └── tasks │ ├── .keep │ ├── ca.rake │ ├── certs.rake │ ├── crls.rake │ └── monitor_concurrent.rake ├── log └── .keep ├── nginx.Dockerfile ├── package.json ├── prod.Dockerfile ├── public ├── 404.html ├── 422.html ├── 500.html ├── apple-touch-icon-precomposed.png ├── apple-touch-icon.png ├── favicon.ico └── robots.txt ├── spec ├── certs │ ├── fingerprint_spec.rb │ └── store_spec.rb ├── controllers │ ├── health │ │ ├── certs_controller_spec.rb │ │ └── overall_controller_spec.rb │ ├── identify_controller_spec.rb │ └── verify_controller_spec.rb ├── factories │ ├── certificate_authorities.rb │ ├── certificate_revocations.rb │ ├── piv_cacs.rb │ └── unrecognized_certificate_authorities.rb ├── fixtures │ ├── BoeingPCAG3.p7c │ ├── CertiPathBridgeCA-G3.p7c │ ├── CertiPathBridgeCA-G3.p7c.1 │ ├── CertsIssuedToDoSADRootCA.p7c │ ├── CertsIssuedToDoSPIVCA2.p7c │ ├── caCertsIssuedByfcpca.p7c │ ├── caCertsIssuedTofbcag4.p7c │ └── caCertsIssuedTofcpca.p7c ├── lib │ ├── feature_management_spec.rb │ └── identity_config_spec.rb ├── models │ ├── certificate_authority_spec.rb │ ├── certificate_revocation_spec.rb │ ├── certificate_spec.rb │ ├── finite_policy_mapping_depth_spec.rb │ ├── ocsp_response_spec.rb │ ├── piv_cac_spec.rb │ └── unrecognized_certificate_authority_spec.rb ├── rails_helper.rb ├── requests │ └── health_check_spec.rb ├── services │ ├── certificate_chain_service_spec.rb │ ├── certificate_logger_service_spec.rb │ ├── certificate_store_spec.rb │ ├── duration_parser_spec.rb │ ├── health_checker_spec.rb │ ├── issuing_ca_service_spec.rb │ ├── ocsp_service_spec.rb │ ├── policy_mapping_service_spec.rb │ └── token_service_spec.rb ├── spec_helper.rb └── support │ ├── data_file.rb │ ├── factory_bot.rb │ ├── shoulda_matchers.rb │ └── x509.rb ├── tmp └── .keep └── vendor └── .keep /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | The source code for this repository is now managed in GitLab! 2 | 3 | Please [open a merge request on GitLab](https://gitlab.login.gov/lg/identity-pki/-/merge_requests/new). 4 | 5 | If you're an external contributor, please feel free to open a pull request. A project maintainer will facilitate your contribution. 6 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # See https://help.github.com/articles/ignoring-files for more about ignoring files. 2 | # 3 | # If you find yourself ignoring temporary files generated by your text editor 4 | # or operating system, you probably want to add a global ignore instead: 5 | # git config --global core.excludesfile '~/.gitignore_global' 6 | 7 | # Ignore bundler config. 8 | /.bundle 9 | 10 | # Ignore application configuration 11 | /config/application.yml 12 | /config/certs/*.p7c 13 | /config/certs/*.cer 14 | 15 | # Ignore the default SQLite database. 16 | /db/*.sqlite3 17 | /db/*.sqlite3-journal 18 | 19 | # Ignore all logfiles and tempfiles. 20 | /log/* 21 | /tmp/* 22 | !/log/.keep 23 | !/tmp/.keep 24 | 25 | /coverage 26 | /node_modules 27 | /yarn-error.log 28 | 29 | .byebug_history 30 | 31 | *.DS_Store 32 | 33 | /postgres-data 34 | 35 | # Avoid hard-pinning Homebrew dependencies 36 | Brewfile.lock.json 37 | 38 | # Ignore the files generated during setup 39 | /config/local-certs/rootCA.key 40 | /config/local-certs/rootCA.pem 41 | /config/local-certs/rootCA.srl 42 | /config/local-certs/server.crt 43 | /config/local-certs/server.csr 44 | /config/local-certs/server.key 45 | -------------------------------------------------------------------------------- /.gitlab/merge_request_templates/default.md: -------------------------------------------------------------------------------- 1 | ## 🎫 Ticket 2 | 3 | [Link to the relevant ticket] 4 | 5 | ## 🛠 Summary of changes 6 | 7 | [Write a brief description of what you changed] 8 | 9 | ## 📜 Testing Plan 10 | 11 | [Provide a list of steps to confirm the changes] 12 | 13 | ## 👀 Screenshots 14 | 15 | [If relevant, include a screenshot or screen capture of the changes] 16 | -------------------------------------------------------------------------------- /.ruby-version: -------------------------------------------------------------------------------- 1 | 3.4.1 2 | -------------------------------------------------------------------------------- /Brewfile: -------------------------------------------------------------------------------- 1 | brew 'nginx' 2 | brew 'postgresql@14' 3 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" } 3 | 4 | ruby '~> 3.4' 5 | 6 | gem 'rails', '~> 7.1.0' 7 | 8 | gem 'activerecord-import', '>= 1.0.2' 9 | # pod identity requires 3.188.0 10 | # https://docs.aws.amazon.com/eks/latest/userguide/pod-id-minimum-sdk.html 11 | gem 'aws-sdk-core', '>= 3.188.0' 12 | gem 'aws-sdk-s3' 13 | gem 'bloomfilter-rb' 14 | gem 'csv' 15 | gem 'redis' 16 | gem 'identity-hostdata', github: '18F/identity-hostdata', tag: 'v4.0.0' 17 | gem 'identity-logging', github: '18F/identity-logging', tag: 'v0.1.0' 18 | gem 'mini_cache' 19 | gem 'newrelic_rpm', '~> 8.0' 20 | gem 'pg' 21 | gem 'pry-rails' 22 | gem 'puma' 23 | gem 'bootsnap', '~> 1.0', require: false 24 | gem 'redacted_struct', '~> 2.0' 25 | gem 'rgl' 26 | 27 | group :development, :test do 28 | gem 'bullet', '~> 7.1.2' 29 | gem 'brakeman', require: false 30 | gem 'listen' 31 | gem 'pry-byebug' 32 | gem 'rspec-rails', '~> 6.0' 33 | gem 'rubocop', require: false 34 | gem 'rubocop-rails', '>= 2.19.0', require: false 35 | gem 'rubocop-performance', '~> 1.17', require: false 36 | end 37 | 38 | group :development do 39 | gem 'better_errors', '>= 2.5.1' 40 | end 41 | 42 | group :test do 43 | gem 'bundler-audit', require: false 44 | gem 'factory_bot_rails', '>= 5.2.0' 45 | gem 'rails-controller-testing', '>= 1.0.4' 46 | gem 'rspec_junit_formatter' 47 | gem 'shoulda-matchers', '~> 3.1', '>= 3.1.3', require: false 48 | gem 'simplecov', '>= 0.13.0' 49 | gem 'webmock' 50 | end 51 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Makefile for building and running the project. 2 | # The purpose of this Makefile is to avoid developers having to remember 3 | # project-specific commands for building, running, etc. Recipes longer 4 | # than one or two lines should live in script files of their own in the 5 | # bin/ directory. 6 | 7 | CONFIG = config/application.yml 8 | PORT ?= 8442 9 | 10 | all: check 11 | 12 | setup $(CONFIG): config/application.yml.default 13 | bin/setup 14 | 15 | fast_setup: 16 | bin/fast_setup 17 | 18 | docker_setup: 19 | bin/docker_setup 20 | 21 | check: lint test 22 | 23 | lint: 24 | @echo "--- rubocop ---" 25 | bundle exec rubocop 26 | @echo "--- brakeman ---" 27 | bundle exec brakeman 28 | @echo "--- bundler-audit ---" 29 | bundle exec bundler-audit check --update 30 | @echo "--- lint Gemfile.lock ---" 31 | make lint_gemfile_lock 32 | 33 | lint_gemfile_lock: Gemfile Gemfile.lock ## Lints the Gemfile and its lockfile 34 | @bundle check 35 | @git diff-index --quiet HEAD Gemfile.lock || (echo "Error: There are uncommitted changes after running 'bundle install'"; exit 1) 36 | 37 | lintfix: 38 | @echo "--- rubocop fix ---" 39 | bundle exec rubocop -R -a 40 | 41 | test: $(CONFIG) 42 | bundle exec rspec 43 | 44 | run: 45 | foreman start -p $(PORT) 46 | -------------------------------------------------------------------------------- /Procfile: -------------------------------------------------------------------------------- 1 | web: bundle exec rails s -p 8442 2 | nginx: nginx -c config/nginx_server.conf.example -p "`pwd`" 3 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require_relative 'config/application' 5 | 6 | Rails.application.load_tasks 7 | -------------------------------------------------------------------------------- /app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | protect_from_forgery with: :exception 3 | end 4 | -------------------------------------------------------------------------------- /app/controllers/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/app/controllers/concerns/.keep -------------------------------------------------------------------------------- /app/controllers/health/certs_controller.rb: -------------------------------------------------------------------------------- 1 | module Health 2 | class CertsController < ApplicationController 3 | newrelic_ignore_apdex 4 | 5 | def index 6 | result = health_checker.check_certs(deadline: deadline) 7 | 8 | render json: result.as_json, 9 | status: result.healthy? ? :ok : :service_unavailable 10 | end 11 | 12 | private 13 | 14 | def health_checker 15 | @health_checker ||= HealthChecker.new 16 | end 17 | 18 | def deadline 19 | DurationParser.new(params[:deadline]).parse&.from_now || 20 | Time.zone.parse(params[:deadline].to_s) || 21 | 30.days.from_now 22 | end 23 | end 24 | end 25 | -------------------------------------------------------------------------------- /app/controllers/health/overall_controller.rb: -------------------------------------------------------------------------------- 1 | module Health 2 | # Hosts endpoints used by the load balancer to detect if an instance is healthy 3 | class OverallController < ApplicationController 4 | newrelic_ignore_apdex 5 | 6 | def index 7 | render plain: 'success' 8 | end 9 | end 10 | end 11 | -------------------------------------------------------------------------------- /app/controllers/verify_controller.rb: -------------------------------------------------------------------------------- 1 | require 'base64' 2 | require 'cgi' 3 | require 'openssl' 4 | 5 | class VerifyController < ApplicationController 6 | skip_before_action :verify_authenticity_token 7 | 8 | def open 9 | token = params.require(:token) 10 | hmac = request.headers['HTTP_AUTHENTICATION'] 11 | render json: TokenService.open(token, hmac) 12 | rescue ActionController::ParameterMissing 13 | render json: { error: 'token.missing' } 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /app/models/application_record.rb: -------------------------------------------------------------------------------- 1 | class ApplicationRecord < ActiveRecord::Base 2 | self.abstract_class = true 3 | end 4 | -------------------------------------------------------------------------------- /app/models/certificate_authority.rb: -------------------------------------------------------------------------------- 1 | class CertificateAuthority < ApplicationRecord 2 | validates :key, presence: true, uniqueness: { case_sensitive: false }, 3 | format: { with: /\A(\h{2})(:\h{2})+\Z/ } 4 | validates :dn, :valid_not_before, :valid_not_after, presence: true 5 | 6 | has_many :certificate_revocations, dependent: :destroy 7 | 8 | scope :with_crl_http_url, -> { where.not(crl_http_url: nil) } 9 | 10 | def self.find_or_create_for_certificate(certificate) 11 | key_id = certificate.key_id 12 | return unless key_id 13 | 14 | create_with( 15 | dn: certificate.subject, 16 | valid_not_before: certificate.not_before, 17 | valid_not_after: certificate.not_after 18 | ).find_or_create_by(key: key_id) 19 | end 20 | 21 | def certificate 22 | CertificateStore.instance[key] 23 | end 24 | 25 | ## 26 | # Fetches the CRL from the stored URL and adds any new serial numbers. 27 | # Will raise on errors. 28 | # 29 | def update_revocations 30 | serials = CertificateRevocationListService.retrieve_serials_from_url(crl_http_url, key) 31 | 32 | revocations = new_revocations(serials) 33 | Rails.logger.info " Adding #{revocations.size} revocations" 34 | CertificateRevocation.import(revocations, 35 | batch_size: 5000, 36 | validate: false, 37 | on_duplicate_key: :ignore) 38 | end 39 | 40 | def revoked?(subject_cert) 41 | serial = subject_cert.serial.to_s 42 | certificate_revocations.where(serial: serial).any? 43 | end 44 | 45 | def self.revoked?(subject_cert) 46 | cert = find_by(key: subject_cert.signing_key_id) 47 | # Cert should exist and not be revoked. 48 | cert&.revoked?(subject_cert) 49 | end 50 | 51 | private 52 | 53 | def new_revocations(serials) 54 | already_revoked = certificate_revocations.pluck(:serial) 55 | self_id = id 56 | (serials - already_revoked).map do |serial| 57 | { serial: serial, certificate_authority_id: self_id } 58 | end 59 | end 60 | end 61 | -------------------------------------------------------------------------------- /app/models/certificate_revocation.rb: -------------------------------------------------------------------------------- 1 | class CertificateRevocation < ApplicationRecord 2 | validates :serial, presence: true, 3 | uniqueness: { case_sensitive: false, scope: :certificate_authority_id }, 4 | format: { with: /\A\d+\Z/, message: 'must be a positive integer' } 5 | validates :certificate_authority, presence: true 6 | 7 | belongs_to :certificate_authority 8 | end 9 | -------------------------------------------------------------------------------- /app/models/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/app/models/concerns/.keep -------------------------------------------------------------------------------- /app/models/finite_policy_mapping_depth.rb: -------------------------------------------------------------------------------- 1 | class FinitePolicyMappingDepth 2 | attr_reader :value 3 | 4 | def initialize(value) 5 | @value = value.to_i 6 | end 7 | 8 | def negative? 9 | @value.negative? 10 | end 11 | 12 | def any? 13 | false 14 | end 15 | 16 | def <=>(other) 17 | if other.any? 18 | -1 19 | else 20 | value <=> other.value 21 | end 22 | end 23 | 24 | def -(other) 25 | FinitePolicyMappingDepth.new(value - other) 26 | end 27 | end 28 | -------------------------------------------------------------------------------- /app/models/infinite_policy_mapping_depth.rb: -------------------------------------------------------------------------------- 1 | class InfinitePolicyMappingDepth 2 | def negative? 3 | false 4 | end 5 | 6 | def any? 7 | true 8 | end 9 | 10 | def <=>(other) 11 | if other.any? 12 | 0 13 | else 14 | 1 15 | end 16 | end 17 | 18 | def -(_other) 19 | self 20 | end 21 | end 22 | -------------------------------------------------------------------------------- /app/models/piv_cac.rb: -------------------------------------------------------------------------------- 1 | require 'base64' 2 | require 'openssl' 3 | require 'securerandom' 4 | 5 | class PivCac < ApplicationRecord 6 | DN_SIGNATURE_HASH = 'SHA512'.freeze 7 | 8 | before_validation :create_uuid, on: :create 9 | 10 | validates :dn_signature, presence: true, uniqueness: true 11 | validates :uuid, presence: true, uniqueness: true 12 | 13 | def dn=(raw) 14 | self.dn_signature = PivCac.make_dn_signature(raw) 15 | end 16 | 17 | class << self 18 | def find_or_create_by(opts = {}) 19 | dn = opts[:dn] 20 | if dn 21 | super(opts.except(:dn).merge(dn_signature: make_dn_signature(dn))) 22 | else 23 | super 24 | end 25 | end 26 | 27 | def make_dn_signature(raw) 28 | Base64.encode64(OpenSSL::Digest.digest(DN_SIGNATURE_HASH, raw)).chomp if raw 29 | end 30 | end 31 | 32 | private 33 | 34 | def create_uuid 35 | self.uuid = SecureRandom.uuid unless uuid 36 | end 37 | end 38 | -------------------------------------------------------------------------------- /app/models/unrecognized_certificate_authority.rb: -------------------------------------------------------------------------------- 1 | class UnrecognizedCertificateAuthority < ApplicationRecord 2 | validates :key, presence: true, uniqueness: { case_sensitive: false }, 3 | format: { with: /\A(\h{2})(:\h{2})+\Z/ } 4 | validates :dn, presence: true 5 | 6 | def self.find_or_create_for_certificate(certificate) 7 | return if certificate.issuer.blank? 8 | 9 | create_with( 10 | certificate.issuer_metadata 11 | ).find_or_create_by(key: certificate.signing_key_id) 12 | end 13 | end 14 | -------------------------------------------------------------------------------- /app/services/certificate_chain_service.rb: -------------------------------------------------------------------------------- 1 | class CertificateChainService 2 | # Gets the chain of Cerificates between this cert and the root 3 | # @param [Certificate] 4 | # @return [Array] 5 | def chain(cert) 6 | process_unknown_certs(cert.signing_key_id, cert.ca_issuer_http_url) 7 | end 8 | 9 | # Gets the chain of Certificates and also prints them out 10 | # @param [Certificate] 11 | # @return [Array] 12 | def debug(cert) 13 | chain(cert).each_with_index { |cert, step| print_cert(cert, step) } 14 | end 15 | 16 | # Finds the missing certs in the chain and writes them to the config/certs repo 17 | # @param [Certificate] 18 | def missing(cert) 19 | chain(cert).reject { |cert| CertificateStore.instance[cert.key_id] } 20 | end 21 | 22 | # @return [Array] 23 | def process_unknown_certs(ca_id, ca_issuer_url, new_certs = []) 24 | ca_id.upcase! 25 | ca_cert = get_cert_from_issuer(ca_id, ca_issuer_url) 26 | process_certificate_chain(ca_cert) 27 | end 28 | 29 | # @return [Array] 30 | def process_certificate_chain(ca_cert, chain_array = [], step = 0) 31 | chain_array << ca_cert 32 | issuer_ca_cert = get_cert_from_issuer(ca_cert.signing_key_id, ca_cert.issuer_metadata[:ca_issuer_url]) 33 | step += 1 34 | if step <= 6 && !issuer_ca_cert.trusted_root? 35 | process_certificate_chain(issuer_ca_cert, chain_array, step) 36 | end 37 | chain_array 38 | end 39 | 40 | # @api private 41 | # @param [Certificate] cert 42 | def print_cert(cert, step) 43 | puts "///////////////////////////////////////" 44 | puts "///////////// [ CA Step: #{step} ] /////////////" 45 | puts "///////////////////////////////////////" 46 | puts "#{cert.to_pem}" 47 | puts "key_id: #{cert.key_id}" 48 | puts "signing_key_id: #{cert.signing_key_id}" 49 | puts "ca_issuer_dn: #{cert.issuer_metadata[:dn]}" 50 | puts "ca_issuer_url: #{cert.issuer_metadata[:ca_issuer_url]}" 51 | end 52 | 53 | def get_cert_from_issuer(ca_id, ca_issuer_url) 54 | STDERR.puts "fetching: #{ca_issuer_url}" 55 | response = get_response(ca_issuer_url) 56 | p7c = OpenSSL::PKCS7.new(response.body) 57 | p7c.certificates.each do |issuing_x509_certificate| 58 | issuing_cert = Certificate.new(issuing_x509_certificate) 59 | return issuing_cert if issuing_cert.key_id == ca_id 60 | end 61 | nil 62 | end 63 | 64 | def get_response(url) 65 | url = URI.parse(url) 66 | http = Net::HTTP.new(url.host, url.port) 67 | http.read_timeout = 10 # seconds 68 | 69 | http.request_get(url.path) 70 | end 71 | end 72 | -------------------------------------------------------------------------------- /app/services/certificate_logger_service.rb: -------------------------------------------------------------------------------- 1 | class CertificateLoggerService 2 | class << self 3 | def log_certificate(certificate) 4 | return if bucket.blank? 5 | obj = bucket.object(certificate.logging_filename) 6 | obj.put(body: certificate.logging_content) 7 | end 8 | 9 | def log_ocsp_response(response) 10 | return if bucket.blank? || !response.response 11 | obj = bucket.object(response.logging_filename) 12 | obj.put(body: response.logging_content) 13 | end 14 | 15 | private 16 | 17 | def bucket 18 | @bucket ||= begin 19 | bucket_name = IdentityConfig.store.client_cert_logger_s3_bucket_name 20 | Aws::S3::Resource.new.bucket(bucket_name) if bucket_name.present? 21 | end 22 | end 23 | end 24 | end 25 | -------------------------------------------------------------------------------- /app/services/certificate_revocation_list_service.rb: -------------------------------------------------------------------------------- 1 | require 'net/http' 2 | require 'openssl' 3 | 4 | class CertificateRevocationListService 5 | NO_CRL_URL_ERROR = 'No CRL URL'.freeze 6 | 7 | class << self 8 | def retrieve_serials_from_url(crl_http_url, key_id) 9 | raw = fetch_crl(crl_http_url) 10 | 11 | return [] if raw.blank? 12 | 13 | Rails.logger.info " Received #{raw.size} bytes" 14 | retrieve_serials_from_crl(OpenSSL::X509::CRL.new(raw), key_id) 15 | end 16 | 17 | def retrieve_serials_from_crl(crl_store, key_id) 18 | return [] unless crl_store && valid_crl?(crl_store, CertificateStore.instance[key_id]) 19 | 20 | crl_store.revoked.map(&:serial).map(&:to_s) 21 | end 22 | 23 | def valid_crl?(crl_store, certificate) 24 | certificate && 25 | crl_store.issuer == certificate.subject && 26 | crl_store.verify(certificate.public_key) 27 | end 28 | 29 | private 30 | 31 | def fetch_crl(url) 32 | raise NO_CRL_URL_ERROR if url.blank? 33 | 34 | response = get_response(url) 35 | 36 | case response 37 | when Net::HTTPSuccess then 38 | response.body 39 | else 40 | Rails.logger.warn " unable to fetch <#{url}>: #{response.message}" 41 | nil 42 | end 43 | end 44 | 45 | def get_response(url) 46 | parsed_url = URI(url) 47 | http = Net::HTTP.new(parsed_url.hostname) 48 | http.get(parsed_url.path) 49 | end 50 | end 51 | end 52 | -------------------------------------------------------------------------------- /app/services/duration_parser.rb: -------------------------------------------------------------------------------- 1 | # Parses duration strings ("1d", 2w", "3m", "4y" into ActiveSupport::Durations) 2 | class DurationParser 3 | attr_reader :value 4 | 5 | # @param value [String, nil] 6 | def initialize(value) 7 | @value = value 8 | end 9 | 10 | # @return [ActiveSupport::Duration, nil] 11 | def parse 12 | return if value.blank? 13 | 14 | match = value.match(/^(?\d+)(?\D)$/) 15 | return nil unless match 16 | 17 | parse_duration(Integer(match[:number], 10), match[:duration]) 18 | rescue ArgumentError 19 | nil 20 | end 21 | 22 | def valid? 23 | value.blank? || !parse.nil? 24 | end 25 | 26 | # @api private 27 | def parse_duration(number, duration) 28 | case duration 29 | when 'd' # days 30 | number.days 31 | when 'w' # weeks 32 | (7 * number).days 33 | when 'm' # months 34 | (30 * number).days 35 | when 'y' # years 36 | (365 * number).days 37 | end 38 | end 39 | end 40 | -------------------------------------------------------------------------------- /app/services/health_checker.rb: -------------------------------------------------------------------------------- 1 | class HealthChecker 2 | Result = Struct.new(:healthy, :info, keyword_init: true) do 3 | alias_method :healthy?, :healthy 4 | end 5 | 6 | def initialize(certificates_store: CertificateStore.instance) 7 | @certificates_store = certificates_store 8 | end 9 | 10 | # @param [Time] deadline 11 | # @return [Result] 12 | def check_certs(deadline:) 13 | expiring_certs = certificates_store.select do |cert| 14 | cert.expired?(deadline) 15 | end 16 | 17 | Result.new( 18 | healthy: expiring_certs.empty?, 19 | info: { 20 | deadline: deadline, 21 | expiring: expiring_certs.sort_by(&:not_after).map { |cert| cert_info(cert) }, 22 | } 23 | ) 24 | end 25 | 26 | private 27 | 28 | attr_reader :certificates_store 29 | 30 | # @param [Certificate] cert 31 | def cert_info(cert) 32 | { 33 | expiration: cert.not_after, 34 | subject: cert.subject.to_s, 35 | issuer: cert.issuer.to_s, 36 | key_id: cert.key_id, 37 | } 38 | end 39 | end 40 | -------------------------------------------------------------------------------- /app/services/policy_mapping_service.rb: -------------------------------------------------------------------------------- 1 | class PolicyMappingService 2 | def initialize(certificate) 3 | @certificate = certificate 4 | end 5 | 6 | def call 7 | policy_mapping 8 | end 9 | 10 | private 11 | 12 | attr_reader :certificate 13 | 14 | def chain(set = []) 15 | # walk from the cert to a root - we can do this safely because we've already 16 | # constructed a path from the leaf cert to a trusted root elsewhere 17 | store = CertificateStore.instance 18 | @chain ||= begin 19 | signer = store[certificate.signing_key_id] 20 | while signer 21 | break if set.include? signer 22 | set << signer 23 | signer = !signer.self_signed? && store[signer.signing_key_id] 24 | end 25 | set.reverse 26 | end 27 | end 28 | 29 | def new_mapping 30 | Hash.new { |_, key| key } 31 | end 32 | 33 | # ultimately maps OIDs seen in child certs to OIDs we expect at the top level 34 | def policy_mapping 35 | return new_mapping if chain.empty? 36 | allowed_depth = CertificatePolicies.new(chain.first).policy_mappings_allowed 37 | 38 | chain.each_with_object(new_mapping) do |cert, mapping| 39 | next if allowed_depth != :any && allowed_depth.negative? 40 | 41 | allowed_depth = import_mapping(mapping, cert, allowed_depth) 42 | end 43 | end 44 | 45 | def import_mapping(mapping, cert, allowed_depth) 46 | policy = CertificatePolicies.new(cert) 47 | 48 | policy.policy_mappings.each do |(key, value)| 49 | # RFC 5280, section 4.2.1.5 requires that no mapping can be to or from 50 | # the value anyPolicy. 51 | next if ([key, value] & ['X509v3 Any Policy', Certificate::ANY_POLICY]).any? 52 | mapping[key] = mapping[value] 53 | end 54 | policy.policy_mappings_allowed(allowed_depth) 55 | end 56 | end 57 | -------------------------------------------------------------------------------- /app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | IdentityPki 5 | <%= csrf_meta_tags %> 6 | 7 | <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': 'reload' %> 8 | <%= javascript_include_tag 'application', 'data-turbolinks-track': 'reload' %> 9 | 10 | 11 | 12 | <%= yield %> 13 | 14 | 15 | -------------------------------------------------------------------------------- /bin/activate: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | puts ' 4 | bin/activate is a noop and can be removed! 5 | ' 6 | -------------------------------------------------------------------------------- /bin/cer2pem: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cd config/certs 4 | for i in *.cer; do 5 | outfile=`echo $i | sed -e 's/.cer$/.pem/'` 6 | if [ -e $outfile ]; then 7 | echo $outfile already exists 8 | else 9 | echo $i ':>' $outfile 10 | openssl x509 -inform der -in $i -out $outfile 11 | fi 12 | done 13 | -------------------------------------------------------------------------------- /bin/docker_setup: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'pathname' 3 | 4 | # path to your application root. 5 | APP_ROOT = Pathname.new File.expand_path("../../", __FILE__) 6 | 7 | def run(command) 8 | abort "command failed (#{$?}): #{command}" unless system command 9 | end 10 | 11 | def system!(*args) 12 | system(*args) || abort("\n== Command #{args} failed ==") 13 | end 14 | 15 | Dir.chdir APP_ROOT do 16 | # This script is a starting point to setup your application. 17 | # Add necessary setup steps to this file: 18 | 19 | puts %q[ 20 | _ _ 21 | | | (_) 22 | | | ___ __ _ _ _ __ __ _ _____ __ 23 | | |/ _ \ / _` | | '_ \ / _` |/ _ \ \ / / 24 | | | (_) | (_| | | | | || (_| | (_) \ V / 25 | |_|\___/ \__, |_|_| |_(_)__, |\___/ \_/ 26 | __/ | __/ | 27 | |___/ |___/ 28 | ] 29 | 30 | # This file is intended to run after `docker-compose up` 31 | # it runs commands that won't work at build time and therefore must be runuted at runtime. 32 | 33 | puts '== Setting up certificates ==' 34 | Dir.chdir('config/local-certs') do 35 | system! 'make' 36 | end 37 | 38 | puts "== Creating and migrating dev database ==" 39 | run "docker-compose run --rm web rake db:create" 40 | # The following pattern prevents a database reset from happening in prod. 41 | run "docker-compose run --rm web rake db:environment:set" 42 | run "docker-compose run --rm web rake db:reset" 43 | run "docker-compose run --rm web rake db:environment:set" 44 | 45 | puts "== Create tests database ==" 46 | run "docker-compose run --rm web rake db:create RAILS_ENV=test" 47 | end -------------------------------------------------------------------------------- /bin/fast_setup: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'pathname' 3 | require 'fileutils' 4 | include FileUtils 5 | 6 | # path to your application root. 7 | APP_ROOT = Pathname.new File.expand_path('../../', __FILE__) 8 | 9 | def run(command) 10 | abort "command failed (#{$?}): #{command}" unless system command 11 | end 12 | 13 | def system!(*args) 14 | system(*args) || abort("\n== Command #{args} failed ==") 15 | end 16 | 17 | chdir APP_ROOT do 18 | # This script is a starting point to setup your application. 19 | # Add necessary setup steps to this file. 20 | 21 | puts %q[ 22 | _ _ 23 | | | (_) 24 | | | ___ __ _ _ _ __ __ _ _____ __ 25 | | |/ _ \ / _` | | '_ \ / _` |/ _ \ \ / / 26 | | | (_) | (_| | | | | || (_| | (_) \ V / 27 | |_|\___/ \__, |_|_| |_(_)__, |\___/ \_/ 28 | __/ | __/ | 29 | |___/ |___/ 30 | ] 31 | 32 | puts '== Setting up config overrides ==' 33 | default_application_yml = { 'development' => { 'config_key' => nil } } 34 | File.write('config/application.yml', default_application_yml.to_yaml) unless File.exist?('config/application.yml') 35 | 36 | puts '== Installing dependencies ==' 37 | system! 'gem install bundler --conservative' 38 | run 'gem install foreman --conservative && gem update foreman' 39 | system('bundle check') || system!('bundle install --without deploy production') 40 | 41 | # Install JavaScript dependencies if using Yarn 42 | # system('bin/yarn') 43 | 44 | 45 | # puts "\n== Copying sample files ==" 46 | # unless File.exist?('config/database.yml') 47 | # cp 'config/database.yml.sample', 'config/database.yml' 48 | # end 49 | 50 | puts "\n== Removing old logs and tempfiles ==" 51 | system! 'bin/rails log:clear tmp:clear' 52 | 53 | puts "\n== Restarting application server ==" 54 | system! 'bin/rails restart' 55 | end 56 | -------------------------------------------------------------------------------- /bin/puma: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # frozen_string_literal: true 3 | 4 | # 5 | # This file was generated by Bundler. 6 | # 7 | # The application 'puma' is installed as part of a gem, and 8 | # this file is here to facilitate running it. 9 | # 10 | 11 | ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) 12 | 13 | bundle_binstub = File.expand_path("bundle", __dir__) 14 | 15 | if File.file?(bundle_binstub) 16 | if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") 17 | load(bundle_binstub) 18 | else 19 | abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. 20 | Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") 21 | end 22 | end 23 | 24 | require "rubygems" 25 | require "bundler/setup" 26 | 27 | load Gem.bin_path("puma", "puma") 28 | -------------------------------------------------------------------------------- /bin/pumactl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # frozen_string_literal: true 3 | 4 | # 5 | # This file was generated by Bundler. 6 | # 7 | # The application 'pumactl' is installed as part of a gem, and 8 | # this file is here to facilitate running it. 9 | # 10 | 11 | ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) 12 | 13 | bundle_binstub = File.expand_path("bundle", __dir__) 14 | 15 | if File.file?(bundle_binstub) 16 | if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") 17 | load(bundle_binstub) 18 | else 19 | abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. 20 | Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") 21 | end 22 | end 23 | 24 | require "rubygems" 25 | require "bundler/setup" 26 | 27 | load Gem.bin_path("puma", "pumactl") 28 | -------------------------------------------------------------------------------- /bin/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | APP_PATH = File.expand_path('../config/application', __dir__) 3 | require_relative '../config/boot' 4 | require 'rails/commands' 5 | -------------------------------------------------------------------------------- /bin/rake: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require_relative '../config/boot' 3 | require 'rake' 4 | Rake.application.run 5 | -------------------------------------------------------------------------------- /bin/setup: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'pathname' 3 | require 'fileutils' 4 | require 'yaml' 5 | include FileUtils 6 | 7 | # path to your application root. 8 | APP_ROOT = File.expand_path('..', __dir__) 9 | 10 | def run(command) 11 | abort "command failed (#{$?}): #{command}" unless system command 12 | end 13 | 14 | def system!(*args) 15 | system(*args) || abort("\n== Command #{args} failed ==") 16 | end 17 | 18 | chdir APP_ROOT do 19 | # This script is a starting point to setup your application. 20 | # Add necessary setup steps to this file. 21 | 22 | puts %q[ 23 | _ _ 24 | | | (_) 25 | | | ___ __ _ _ _ __ __ _ _____ __ 26 | | |/ _ \ / _` | | '_ \ / _` |/ _ \ \ / / 27 | | | (_) | (_| | | | | || (_| | (_) \ V / 28 | |_|\___/ \__, |_|_| |_(_)__, |\___/ \_/ 29 | __/ | __/ | 30 | |___/ |___/ 31 | ] 32 | 33 | puts '== Setting up config overrides ==' 34 | default_application_yml = { 'development' => { 'config_key' => nil } } 35 | File.write('config/application.yml', default_application_yml.to_yaml) unless File.exist?('config/application.yml') 36 | 37 | puts '== Installing dependencies ==' 38 | brew_installed = system "brew -v 2>&1" 39 | run "brew bundle" if brew_installed 40 | system! 'gem install bundler --conservative' 41 | run 'gem install foreman --conservative && gem update foreman' 42 | system('bundle check') || system!('bundle install --without deploy production') 43 | 44 | puts '== Setting up certificates ==' 45 | Dir.chdir('config/local-certs') do 46 | system! 'make' 47 | end 48 | 49 | # Install JavaScript dependencies if using Yarn 50 | # system('bin/yarn') 51 | 52 | 53 | # puts "\n== Copying sample files ==" 54 | # unless File.exist?('config/database.yml') 55 | # cp 'config/database.yml.sample', 'config/database.yml' 56 | # end 57 | 58 | puts "\n== Preparing database ==" 59 | run 'bin/rake db:create' 60 | run 'bin/rake db:environment:set' 61 | run 'bin/rake db:reset' 62 | run 'bin/rake db:environment:set' 63 | run 'bin/rake db:create RAILS_ENV=test' 64 | run 'bin/rake db:reset RAILS_ENV=test' 65 | 66 | puts "\n== Removing old logs and tempfiles ==" 67 | system! 'bin/rails log:clear tmp:clear' 68 | 69 | puts "\n== Restarting application server ==" 70 | system! 'bin/rails restart' 71 | end 72 | -------------------------------------------------------------------------------- /bin/spring: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | # This file loads spring without using Bundler, in order to be fast. 4 | # It gets overwritten when you run the `spring binstub` command. 5 | 6 | unless defined?(Spring) 7 | require 'rubygems' 8 | require 'bundler' 9 | 10 | lockfile = Bundler::LockfileParser.new(Bundler.default_lockfile.read) 11 | spring = lockfile.specs.detect { |spec| spec.name == "spring" } 12 | if spring 13 | Gem.use_paths Gem.dir, Bundler.bundle_path.to_s, *Gem.path 14 | gem 'spring', spring.version 15 | require 'spring/binstub' 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /bin/tag-release: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | set -x 5 | TAG=$(date -u +"%Y-%m-%dT%H%M%S") 6 | 7 | GPG_TTY=$(tty) git tag -s $TAG -m "$TAG release" 8 | git push origin $TAG 9 | -------------------------------------------------------------------------------- /bin/update: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'pathname' 3 | require 'fileutils' 4 | include FileUtils 5 | 6 | # path to your application root. 7 | APP_ROOT = Pathname.new File.expand_path('../../', __FILE__) 8 | 9 | def system!(*args) 10 | system(*args) || abort("\n== Command #{args} failed ==") 11 | end 12 | 13 | chdir APP_ROOT do 14 | # This script is a way to update your development environment automatically. 15 | # Add necessary update steps to this file. 16 | 17 | puts '== Installing dependencies ==' 18 | system! 'gem install bundler --conservative' 19 | system('bundle check') || system!('bundle install') 20 | 21 | puts "\n== Updating database ==" 22 | system! 'bin/rails db:migrate' 23 | 24 | puts "\n== Removing old logs and tempfiles ==" 25 | system! 'bin/rails log:clear tmp:clear' 26 | 27 | puts "\n== Restarting application server ==" 28 | system! 'bin/rails restart' 29 | end 30 | -------------------------------------------------------------------------------- /bin/yarn: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | VENDOR_PATH = File.expand_path('..', __dir__) 3 | Dir.chdir(VENDOR_PATH) do 4 | begin 5 | exec "yarnpkg #{ARGV.join(" ")}" 6 | rescue Errno::ENOENT 7 | $stderr.puts "Yarn executable was not detected in the system." 8 | $stderr.puts "Download Yarn at https://yarnpkg.com/en/docs/install" 9 | exit 1 10 | end 11 | end 12 | -------------------------------------------------------------------------------- /config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require_relative 'config/environment' 4 | 5 | run Rails.application 6 | -------------------------------------------------------------------------------- /config/application.rb: -------------------------------------------------------------------------------- 1 | require_relative 'boot' 2 | 3 | require 'active_model/railtie' 4 | require 'active_record/railtie' 5 | require 'action_controller/railtie' 6 | require 'action_view/railtie' 7 | require 'identity/logging/railtie' 8 | require_relative '../lib/identity_config' 9 | 10 | # Require the gems listed in Gemfile, including any gems 11 | # you've limited to :test, :development, or :production. 12 | Bundler.require(*Rails.groups) 13 | 14 | module IdentityPki 15 | class Application < Rails::Application 16 | # Initialize configuration defaults for originally generated Rails version. 17 | config.load_defaults 7.0 18 | 19 | Identity::Hostdata.load_config!( 20 | app_root: Rails.root, 21 | rails_env: Rails.env, 22 | write_copy_to: nil, 23 | &IdentityConfig::CONFIG_BUILDER 24 | ) 25 | 26 | # Don't generate system test files. 27 | config.generators.system_tests = nil 28 | 29 | # Settings in config/environments/* take precedence over those specified here. 30 | # Application configuration should go into files in config/initializers 31 | # -- all .rb files in that directory are automatically loaded. 32 | end 33 | end 34 | -------------------------------------------------------------------------------- /config/boot.rb: -------------------------------------------------------------------------------- 1 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) 2 | 3 | require 'bundler/setup' # Set up gems listed in the Gemfile. 4 | require 'bootsnap/setup' if ENV['ENABLE_BOOTSNAP'] != 'false' 5 | -------------------------------------------------------------------------------- /config/cable.yml: -------------------------------------------------------------------------------- 1 | development: 2 | adapter: async 3 | 4 | test: 5 | adapter: async 6 | 7 | production: 8 | adapter: redis 9 | url: redis://localhost:6379/1 10 | channel_prefix: identity-pki_production 11 | -------------------------------------------------------------------------------- /config/certs/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/config/certs/.keep -------------------------------------------------------------------------------- /config/certs/C=US, O=Boeing, OU=certservers, CN=Boeing PCA G3.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=Boeing/OU=certservers/CN=Boeing PCA G3 2 | Issuer: /C=US/O=CertiPath/OU=Certification Authorities/CN=CertiPath Bridge CA - G3 3 | -----BEGIN CERTIFICATE----- 4 | MIIGkzCCBHugAwIBAgIQes02NN98WvWZyNQeMRVIGTANBgkqhkiG9w0BAQwFADBo 5 | MQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGlQYXRoMSIwIAYDVQQLExlDZXJ0 6 | aWZpY2F0aW9uIEF1dGhvcml0aWVzMSEwHwYDVQQDExhDZXJ0aVBhdGggQnJpZGdl 7 | IENBIC0gRzMwHhcNMjQwNDI0MDAwMDAwWhcNMjUwNzMxMjM1OTU5WjBMMQswCQYD 8 | VQQGEwJVUzEPMA0GA1UEChMGQm9laW5nMRQwEgYDVQQLEwtjZXJ0c2VydmVyczEW 9 | MBQGA1UEAxMNQm9laW5nIFBDQSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC 10 | AQoCggEBAKybULK8fd49+qefjXFicP9orUszkyI+PK0VMnmge8J67V1wXO7KZ6BS 11 | /55h0xPYKOzuN10ilag/NzxU9yVXpvm7y0r18GCUZQFB7I0cPfqybx282siQCnLx 12 | a1eq+/UiryG2veEtmw9gKN0K5yFal10jsmAOIv0aKjxDQ/qTL5os8tj2fWCcb8rB 13 | CKBaIzxWr9JbuPX5IgBk7aE0FNedcs5wafIGtNVdnxTCpRxLjJeVoaWvPsoEqH2k 14 | BxIre72zssaMmisYU+9oz77ZV5L/O/TkCIG7LvdhYwitv3Ivyi/ijq1ckrwwRclF 15 | 6UqkSCXlOfaVYa7oDlMHplsI0MpMHWsCAwEAAaOCAlMwggJPMB0GA1UdDgQWBBQ0 16 | aw4E+LKvZSWz78tcRDkqTISIPzASBgNVHRMBAf8ECDAGAQH/AgEBMCkGA1UdIAQi 17 | MCAwDgYMKwYBBAGBu1MBAQEBMA4GDCsGAQQBgbtTAQEBAjBCBgNVHR8EOzA5MDeg 18 | NaAzhjFodHRwOi8vY3JsLmNlcnRpcGF0aC5jb20vQ2VydGlQYXRoQnJpZGdlQ0Et 19 | RzMuY3JsMA4GA1UdDwEB/wQEAwIBBjBdBgNVHR4BAf8EUzBRoE8wDIEKYm9laW5n 20 | LmNvbTANgQsuYm9laW5nLmNvbTAMggpib2VpbmcuY29tMCKkIDAeMQswCQYDVQQG 21 | EwJVUzEPMA0GA1UEChMGQm9laW5nME0GCCsGAQUFBwELBEEwPzA9BggrBgEFBQcw 22 | BYYxaHR0cDovL2NybC5ib2VpbmcuY29tL2NybC9Jc3N1ZWRCeUJvZWluZ1BDQUcz 23 | LnA3YzAKBgNVHTYEAwIBADASBgNVHSQBAf8ECDAGgAEAgQEAMF0GA1UdIQRWMFQw 24 | GgYMKwYBBAGBu1MBAQEBBgorBgEEAUkPAwELMBoGDCsGAQQBgbtTAQEBAgYKKwYB 25 | BAFJDwMBDDAaBgwrBgEEAYG7UwEBAQEGCisGAQQBSQ8DAQwwTQYIKwYBBQUHAQEE 26 | QTA/MD0GCCsGAQUFBzAChjFodHRwOi8vYWlhLmNlcnRpcGF0aC5jb20vQ2VydGlQ 27 | YXRoQnJpZGdlQ0EtRzMucDdjMB8GA1UdIwQYMBaAFHqLPAaS3B6o0oKsG3RvdD1O 28 | 0aibMA0GCSqGSIb3DQEBDAUAA4ICAQBerC6tRCmO+2GEmcQYLkR1xOPhi6T4xTH6 29 | VUqQayYuwfE1d/4nIAsDFfsOkUeZBTlNSDfSGsKCpzKRCALyLIAK7cwMFDmEHuD3 30 | 8hgxpqHXCseLbvdnYW142k96yyZ3GfWt/Vr5cx6aeyd+ekeoCvYWS+Kfur+8UXnk 31 | HuY0tI0H+xkBR+0h1+fnHUPmzOWZtaSLkj7eDLaYgStW4Iu/vI+AYx22E+biPF5/ 32 | cLS9wkcD84vhiT4LURmwuEmpoC6YYuAoAGUu6LpylaI4I0zJGAVX7STwfs0NDr4e 33 | DLTCxDIsy+TV3O1Liz9L8NZdDV6Jgx4VZcpdPcfl6M4mBegTBweolIjqP28cNFW3 34 | t3aIfdJlXigX3zduLAO2SDyz9jrSF20SvZ8wzfjilNVGP6KJGEmnSID2I5f41enJ 35 | gvjblSVFMaenodl+e60J/j3/kF1VTphFjKFY15kJWw5JY4BI4Q/EM5JM5W6Ahpzm 36 | b+LUoDNR1NHeLfsVzwK202wBoZrmS+Ew0TZPI04OxLoTBoU69ahEnlYaTZ/rkmin 37 | uO/IlWnrFZ732MBruBAVIS75UpzVH4Qm5kv6UaUsQmazrHJhuhLAmxNiRYVdGoj+ 38 | V0gI3kdBiY0Srq5TMACPHPH1DFdBJID3shPTToPtKxqR1H4gX94ZfvW6AC0iZcZD 39 | 1jTIS7I42w== 40 | -----END CERTIFICATE----- 41 | -------------------------------------------------------------------------------- /config/certs/C=US, O=DigiCert, Inc., CN=DigiCert Class 3 SSP Intermediate CA - G4.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=DigiCert, Inc./CN=DigiCert Class 3 SSP Intermediate CA - G4 2 | Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Bridge CA G4 3 | -----BEGIN CERTIFICATE----- 4 | MIIGVjCCBT6gAwIBAgIUFOxF73Ik8pjkHN+y4zkr4jKdVbswDQYJKoZIhvcNAQEL 5 | BQAwVTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG 6 | A1UECxMERlBLSTEdMBsGA1UEAxMURmVkZXJhbCBCcmlkZ2UgQ0EgRzQwHhcNMjMw 7 | NTAyMTQzMTIwWhcNMjYwNTAyMTQzMTIwWjBaMQswCQYDVQQGEwJVUzEXMBUGA1UE 8 | ChMORGlnaUNlcnQsIEluYy4xMjAwBgNVBAMTKURpZ2lDZXJ0IENsYXNzIDMgU1NQ 9 | IEludGVybWVkaWF0ZSBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB 10 | CgKCAQEAps2ir/ih6hD9xbIwqCeoE/tI4rTuuH3ntGgrKGTKEZ2XKRx+jP0cNEkJ 11 | OvSbPsHTsiJDPWW2RvuPs4Z81qvzna4hBZZzrGmdBYq3qov62sB5VSByN+f0kSNx 12 | JXcxq5p/r81+cxhfQAvyMtv6SZ3GPAqM5hGYuO5G9rSU/9+PhaXGPS7Gzz5MDu70 13 | DgL5ukw8CbWSKt5yMUoIGV9QHyBGMDI/lDotjberjJJCBWtSs2cubfG96BOcOmIE 14 | 6t7f8UmumRIC6qCnFfrtSsMr6Z8oncajfi/8nSgb8xIJvIDmCeyBlgJSI79JkJxH 15 | 6bmsumnfe1wmB0vbh1voZo3wUJWMrQIDAQABo4IDFzCCAxMwHQYDVR0OBBYEFLXt 16 | LpYES6kY9PS9EvFjhYSXXz5aMB8GA1UdIwQYMBaAFHnwAEnrf3fCXUECZTSKkCOb 17 | HgdvMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MIGIBgNVHSAEgYAw 18 | fjAMBgpghkgBZQMCAQMDMAwGCmCGSAFlAwIBAwwwDAYKYIZIAWUDAgEDDjAMBgpg 19 | hkgBZQMCAQMPMAwGCmCGSAFlAwIBAxIwDAYKYIZIAWUDAgEDEzAMBgpghkgBZQMC 20 | AQMUMAwGCmCGSAFlAwIBAyUwDAYKYIZIAWUDAgEDJjCCARIGA1UdIQSCAQkwggEF 21 | MBsGCmCGSAFlAwIBAwMGDWCGSAGG+EUBBxcDAQYwGwYKYIZIAWUDAgEDDAYNYIZI 22 | AYb4RQEHFwMBBzAbBgpghkgBZQMCAQMOBg1ghkgBhvhFAQcXAwEOMBsGCmCGSAFl 23 | AwIBAw8GDWCGSAGG+EUBBxcDAQ8wGwYKYIZIAWUDAgEDEgYNYIZIAYb4RQEHFwMB 24 | EjAbBgpghkgBZQMCAQMTBg1ghkgBhvhFAQcXAwERMBsGCmCGSAFlAwIBAxQGDWCG 25 | SAGG+EUBBxcDARQwGwYKYIZIAWUDAgEDJQYNYIZIAYb4RQEHFwMBCDAbBgpghkgB 26 | ZQMCAQMmBg1ghkgBhvhFAQcXAwEkMGAGCCsGAQUFBwELBFQwUjBQBggrBgEFBQcw 27 | BYZEaHR0cDovL3NzcHNpYS5kaWdpY2VydC5jb20vU1ROU1NQL0NlcnRzX0lzc3Vl 28 | ZF9ieV9DbGFzczNTU1BDQS1HNC5wN2MwEgYDVR0kAQH/BAgwBoABAIEBADANBgNV 29 | HTYBAf8EAwIBADBRBggrBgEFBQcBAQRFMEMwQQYIKwYBBQUHMAKGNWh0dHA6Ly9y 30 | ZXBvLmZwa2kuZ292L2JyaWRnZS9jYUNlcnRzSXNzdWVkVG9mYmNhZzQucDdjMDcG 31 | A1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9yZXBvLmZwa2kuZ292L2JyaWRnZS9mYmNh 32 | ZzQuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCm4bP8+krJFoCJoEdkyFewHBIv7JEz 33 | Ap1+VzUaxrVHawRjpbRF/HleunzxAoxH9b0B4nJZTnunDQ9d/YHt2wgYjNIlJCTA 34 | tmC+FTjT0srboTvAdHVCLxD6GpI0N9QYb4Vj4Nd54DDiEIR8g77kzp//CnAFoARo 35 | EL1Z4X/l1y1DqSM/H+O6ns4jwKyYwYn9GNr5ZBVkVcKqoymbKMJrhRZ7gX6Q99Cp 36 | Vrtzo1Mh+y0Te7bib0Lt+QLNAJDqgfQAsa0pR1okBwrz+ZQThDJvbfgYucat96OQ 37 | uUj3jQXfbjBVE8mAChyo5GgmsDXjYT5AFh5xatcSu74JK95AZC0XP6bV 38 | -----END CERTIFICATE----- 39 | -------------------------------------------------------------------------------- /config/certs/C=US, O=DigiCert, Inc., CN=DigiCert Federal SSP Intermediate CA - G5.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=DigiCert, Inc./CN=DigiCert Federal SSP Intermediate CA - G5 2 | Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA G2 3 | -----BEGIN CERTIFICATE----- 4 | MIIGLjCCBBagAwIBAgIUJLwWj5zLMM/O+PCljybxAYGGkmYwDQYJKoZIhvcNAQEM 5 | BQAwXDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG 6 | A1UECxMERlBLSTEkMCIGA1UEAxMbRmVkZXJhbCBDb21tb24gUG9saWN5IENBIEcy 7 | MB4XDTIwMTExODE2MzQzOFoXDTI4MTIxMzE2MzQzOFowWjELMAkGA1UEBhMCVVMx 8 | FzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTIwMAYDVQQDEylEaWdpQ2VydCBGZWRl 9 | cmFsIFNTUCBJbnRlcm1lZGlhdGUgQ0EgLSBHNTCCASIwDQYJKoZIhvcNAQEBBQAD 10 | ggEPADCCAQoCggEBAMuSOxdlMn/PhgemkiviGavyIwP2LVXZ+rlRnfvLHtT9zIBy 11 | 9swXu5JPXjavPPJmMa50nfZl9uFgv8wMmyAOigbKi6SRCvc5pEc4dEf4BztCzeOe 12 | XFfoQzpQVM+8fDk+xhI+/JQZ1VgqoVI8ugO+N2olEkGKVWsu5qDLk/bE8Q/G03I7 13 | fMt+9Z4gKKFeKQNc1/KgzqlE/vCW0k2meFDIwG8T3dnnCmSieghOmKn0uFaZvC/g 14 | R57IRelosvkymopTTxlFc+6JOVPwiYW5VmVbNw7l94wmC9c2HVEl3LzNzg7NCdGX 15 | 8H7v+RJa7etlPdnG0wi5d3uND/Fhs1LOg5JwlLcCAwEAAaOCAegwggHkMB0GA1Ud 16 | DgQWBBRXGeXY1qzeeOJC9eRFtNk5kwu92jAfBgNVHSMEGDAWgBT0J1ypw3xH9Pqm 17 | p7BZl6rdNSYX4zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zB5BgNV 18 | HSAEcjBwMAwGCmCGSAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAMBgpghkgBZQMCAQMI 19 | MAwGCmCGSAFlAwIBAyQwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMQMAwGCmCG 20 | SAFlAwIBAxEwDAYKYIZIAWUDAgEDJzBXBggrBgEFBQcBCwRLMEkwRwYIKwYBBQUH 21 | MAWGO2h0dHA6Ly9zc3Atc2lhLmRpZ2ljZXJ0LmNvbS9TU1AvQ2VydHNfaXNzdWVk 22 | X2J5X1NTUENBRzUucDdjMBIGA1UdJAEB/wQIMAaAAQCBAQAwDQYDVR02AQH/BAMC 23 | AQAwUQYIKwYBBQUHAQEERTBDMEEGCCsGAQUFBzAChjVodHRwOi8vcmVwby5mcGtp 24 | Lmdvdi9mY3BjYS9jYUNlcnRzSXNzdWVkVG9mY3BjYWcyLnA3YzA3BgNVHR8EMDAu 25 | MCygKqAohiZodHRwOi8vcmVwby5mcGtpLmdvdi9mY3BjYS9mY3BjYWcyLmNybDAN 26 | BgkqhkiG9w0BAQwFAAOCAgEADnzUPcRQhrO9s5jQK9iI2pmo4YxR7IzHndTiZJfc 27 | fHFynR24gYT49uolHdtVsZS4mepL6Qcu5feBvi2AUHOKcXgNPczLFH+fpjGfzslX 28 | c/dcIT47JY/Q8X3rCsLNrEdpSmcztcZIxRE9qphHfW2PAsYK4mDIthhLhhwgvXeJ 29 | NKMNEWjLpI79Y2Ly0qozuoZCRTSSRdz4nuxgk/nhOsVWHzznLpNmUPqExqTjy4Rq 30 | giLbIVsPVVxM9uQozBEzVGPFZFbqI+WwEp1rXQl2h0r8Y+JCz+Syp2H4knE1+O7c 31 | J+5oRMRmFZtmUIE3BThzC9pgpi7XNzQ9UNqLCQjebhsJzZKT68beAsIFLAlCGMDU 32 | 9nxOb6VYegcRg4SPVMG+Sd2VrSaV11OsVN9dCMvicNnVjewvIZakLeZpMQzCKdHz 33 | KYfuVIjtJhAL2dmYJk1gURm/iSZdg/DRzpcX6MvGrBcO9rwi9c6pBC4plRwvjmLS 34 | ilXRjgY2XafEQv/KyxAdPKDV0WqC466AfXJKzxzvtqmmWk6i3XaAhBun2maGJZ/G 35 | kkm5J9FxUFoVpURtuOdch90YNNiPCKKk0h65ssm1im7ggGPZbpCpd0/EnGzPv5HB 36 | DcUHp2CdPTvDcH6wJjwLzDKYIPjZE0ma2SBC+6GixP9rm7I73b+VF/zNSFk7gfCw 37 | 8Y4= 38 | -----END CERTIFICATE----- 39 | -------------------------------------------------------------------------------- /config/certs/C=US, O=Entrust, OU=Certification Authorities, CN=Entrust Derived Credential SSP CA.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=Entrust/OU=Certification Authorities/CN=Entrust Derived Credential SSP CA 2 | Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA 3 | -----BEGIN CERTIFICATE----- 4 | MIIFzzCCBLegAwIBAgIERICxgTANBgkqhkiG9w0BAQsFADBuMQswCQYDVQQGEwJV 5 | UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo 6 | b3JpdGllczEpMCcGA1UECxMgRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFJvb3Qg 7 | Q0EwHhcNMTcwNzEzMjE0OTI5WhcNMjUwNzEzMjIxOTI5WjBvMQswCQYDVQQGEwJV 8 | UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo 9 | b3JpdGllczEqMCgGA1UEAxMhRW50cnVzdCBEZXJpdmVkIENyZWRlbnRpYWwgU1NQ 10 | IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5qpjjFoxGIyYC8R 11 | zf7qvzrHdfef4v/2kH+xgdQKj2TpqIYJGUDwHjLx0MAx49VGVds4hW8Brphrz3PI 12 | 7/5OJ2K0yQ8bD8X/BMCDXehyMu0WO3OxaIxKB+zZ2+V2MPV9q7h+GGgtByuznUNP 13 | wtBKJCK9Vlwrc5HX8ILvOZn4bStrjBUJ7q59/LcLf66y2vxjnNut3Aao+n2EXM3S 14 | UMW+3D4TiVJvqn6U8vuH+qqgkfgVtez37wZf6DTRKuTJZ3xSIl++aC2UZ8E7Sp4t 15 | KefEDbCzjI4ooO8EjsgrQYfnFQkuAd0NHVcZ1S6thRDLphVzgxB5enDqGYRmfyJT 16 | HNtotwIDAQABo4ICcjCCAm4wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB 17 | Af8CAQAwgYgGA1UdIASBgDB+MAwGCmCGSAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAM 18 | BgpghkgBZQMCAQMIMAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgEDETAMBgpghkgB 19 | ZQMCAQMkMAwGCmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDKDAMBgpghkgBZQMCAQMp 20 | MIGkBggrBgEFBQcBAQSBlzCBlDBNBggrBgEFBQcwAoZBaHR0cDovL3Jvb3R3ZWIu 21 | bWFuYWdlZC5lbnRydXN0LmNvbS9BSUEvQ2VydHNJc3N1ZWRUb0VNU1Jvb3RDQS5w 22 | N2MwQwYIKwYBBQUHMAGGN2h0dHA6Ly9vY3NwLm1hbmFnZWQuZW50cnVzdC5jb20v 23 | T0NTUC9FTVNSb290Q0FSZXNwb25kZXIwgdUGA1UdHwSBzTCByjA+oDygOoY4aHR0 24 | cDovL2ZlZGRjc3dlYi5tYW5hZ2VkLmVudHJ1c3QuY29tL0NSTHMvRU1TUm9vdENB 25 | Mi5jcmwwgYeggYSggYGkfzB9MQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRW50cnVz 26 | dDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEpMCcGA1UECxMg 27 | RW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFJvb3QgQ0ExDTALBgNVBAMTBENSTDEw 28 | HwYDVR0jBBgwFoAUqVO+ZISDS10mxic+LtGEaFU80HUwHQYDVR0OBBYEFJa9eijy 29 | DoOKkEDu0qRQ1391oZZcMA0GCSqGSIb3DQEBCwUAA4IBAQBECcwUNwShBHRm/oXF 30 | +ffyhi35hMWP2yuWgoE6Ma3NCh2DTNRzMrdA3SB5IqrUs3/9J2Py2KqPw2vPF7vJ 31 | MeCvxqaG9PnVKlkN5fcD/TG/IgJcje8Xya7oD6vjqinnvmiXQg/VnEj3DUdszY6e 32 | 2cHpysncOZGAOCJzKtFzJbgR00Ghaf4Z6e0zHumkBlQjkMdYR46TrrGJtWRJ9tAG 33 | KSa1MUGrnEUQubeeVcVUXpazB0xcMAPob2oKNd9nF6k9onk56LutRe6WSclUfWk7 34 | bmNAPjLMoJoM1rhtxWqC9C1BEh9iKp058h85Ib58TTmgGtQVruLJ6Eolo/5zC9wq 35 | /zDd 36 | -----END CERTIFICATE----- 37 | -------------------------------------------------------------------------------- /config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services NFI Root CA.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services NFI Root CA 2 | Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Bridge CA G4 3 | -----BEGIN CERTIFICATE----- 4 | MIIG5DCCBcygAwIBAgIUF0feSbimcB3+AwLZdZfj1N3agLswDQYJKoZIhvcNAQEL 5 | BQAwVTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG 6 | A1UECxMERlBLSTEdMBsGA1UEAxMURmVkZXJhbCBCcmlkZ2UgQ0EgRzQwHhcNMjQw 7 | OTExMTQwMzIxWhcNMjcwOTExMTQwMzIxWjByMQswCQYDVQQGEwJVUzEQMA4GA1UE 8 | ChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEt 9 | MCsGA1UECxMkRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIE5GSSBSb290IENBMIIB 10 | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fyw54a+2cBXtH06x4HB6ECX 11 | sgVx/MJUQODXit/paoMSmlPjgnp8Ob0Hp+9t5REQ29l29mj9FZUoc8epuIqTyprx 12 | q4J27DYXPbSCf7tnLQJUp0WvjPewWqXZ8BIsiJL/HcgSYFNuRVoNaa+7nCkI3F3E 13 | liQW/WPA1q8Z3TOR/l6I9nSbrcQaJuF2YLzMSMhNvLbK2Ma2KwnxMsiKWrkGh0IP 14 | XQVrNYJtuYiOjfzVt0G4rHdAnpv6YZ8TsKSXfeiH9+qfuGuXKUKZvsGIDn0zMesc 15 | JZFV2b42pADg72lTQyZLQBGuIOh+1tYGzinI09iG+hNdIZjvlNS2BuK/bXxldQID 16 | AQABo4IDjTCCA4kwHQYDVR0OBBYEFPPtObnaG00DPCYVOdgztQjvOD45MB8GA1Ud 17 | IwQYMBaAFHnwAEnrf3fCXUECZTSKkCObHgdvMA4GA1UdDwEB/wQEAwIBBjAPBgNV 18 | HRMBAf8EBTADAQH/MIGlBgNVHSAEgZ0wgZowDAYKYIZIAWUDAgEDATAMBgpghkgB 19 | ZQMCAQMCMAwGCmCGSAFlAwIBAwMwDAYKYIZIAWUDAgEDDDAMBgpghkgBZQMCAQMO 20 | MAwGCmCGSAFlAwIBAw8wDAYKYIZIAWUDAgEDEjAMBgpghkgBZQMCAQMTMAwGCmCG 21 | SAFlAwIBAxQwDAYKYIZIAWUDAgEDJTAMBgpghkgBZQMCAQMmMIIBaQYDVR0hBIIB 22 | YDCCAVwwGwYKYIZIAWUDAgEDAQYNYIZIAYb6a4FIAwoHCDAbBgpghkgBZQMCAQMC 23 | Bg1ghkgBhvprgUgDCgcHMBsGCmCGSAFlAwIBAwMGDWCGSAGG+muBSAMKBwEwGwYK 24 | YIZIAWUDAgEDDgYNYIZIAYb6a4FIAwoHDjAbBgpghkgBZQMCAQMMBg1ghkgBhvpr 25 | gUgDCgcCMBsGCmCGSAFlAwIBAwwGDWCGSAGG+muBSAMKBwQwGwYKYIZIAWUDAgED 26 | DwYNYIZIAYb6a4FIAwoHDzAbBgpghkgBZQMCAQMSBg1ghkgBhvprgUgDCgcGMBsG 27 | CmCGSAFlAwIBAxMGDWCGSAGG+muBSAMKBw0wGwYKYIZIAWUDAgEDFAYNYIZIAYb6 28 | a4FIAwoHCTAbBgpghkgBZQMCAQMlBg1ghkgBhvprgUgDCgcDMBsGCmCGSAFlAwIB 29 | AyYGDWCGSAGG+muBSAMKBxAwYgYIKwYBBQUHAQsEVjBUMFIGCCsGAQUFBzAFhkZo 30 | dHRwOi8vbmZpcm9vdHdlYi5tYW5hZ2VkLmVudHJ1c3QuY29tL1NJQS9DQWNlcnRz 31 | SXNzdWVkQnlORklSb290Q0EucDdjMBIGA1UdJAEB/wQIMAaAAQCBAQAwDQYDVR02 32 | AQH/BAMCAQAwUQYIKwYBBQUHAQEERTBDMEEGCCsGAQUFBzAChjVodHRwOi8vcmVw 33 | by5mcGtpLmdvdi9icmlkZ2UvY2FDZXJ0c0lzc3VlZFRvZmJjYWc0LnA3YzA3BgNV 34 | HR8EMDAuMCygKqAohiZodHRwOi8vcmVwby5mcGtpLmdvdi9icmlkZ2UvZmJjYWc0 35 | LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAxudod5vh4t6anL7bWHGdqCeA8SHCXxDM 36 | KEy9htRbzc6Ob8izGKOXLFivpWAodpWaxAItIxEX7UTqwgetCoCW1fmqb5bGuPjF 37 | 9vgBhz1jCesNgpvpco/vL0V8m1Fdsd/oP/h15rU8+2XeZAVugYSg+RoM64+hFVkE 38 | mnB3ChRYQM69fTw/NbhppYluuC1CDLwdLTekz9H34yGrjdQWMHLeVK/9+52G1mIp 39 | VofC86WWrHBZ3+Z3Mv50zXECi9nb3+Ffb5Dnyth23MARmCanoomh1fGgPrfL8eYo 40 | UG8Rpo1BLe0cPVmBIh7wqcD1Cmy2MWZsZ0ZGYgfxWMaet1awiIIeaQ== 41 | -----END CERTIFICATE----- 42 | -------------------------------------------------------------------------------- /config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services Root CA 1753288596.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA 2 | Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA 3 | -----BEGIN CERTIFICATE----- 4 | MIIGGjCCBQKgAwIBAgIERIEHezANBgkqhkiG9w0BAQsFADBuMQswCQYDVQQGEwJV 5 | UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo 6 | b3JpdGllczEpMCcGA1UECxMgRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFJvb3Qg 7 | Q0EwHhcNMTUwNzIzMTYwNjM2WhcNMjUwNzIzMTYzNjM2WjBuMQswCQYDVQQGEwJV 8 | UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo 9 | b3JpdGllczEpMCcGA1UECxMgRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFJvb3Qg 10 | Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYqKN6KNw4zYLKgi6Y 11 | Ooiuw6K/9e/bn7D2gNlAQxPZtGvmvhzIOx2UeHDwhmFkivNy2fgIr85/brQfKguk 12 | WgpcES9Dl2GpcsnOXDSm+cAtGJrEV6/Ecv6o+z2qm0YRODNEaMF4ANLl/H95yfR4 13 | l54aI+MX6rxzTnTv+j/QptL3ZyJe8LnQoeIHr69Jo21e6ekGRtlYJ9L8r5qn7s/b 14 | F9KZ/aksWeB21d1wci3dIIpN5bM8r5YnQLEjjzg35SsbqBEft1/QvgxDbEWTW9/I 15 | Ij5hWrpyBVe23pJwNtEWluvFxhzQz3xJ0U1ZBRQXySVHbx0k0SyRlhhFv6ricooE 16 | ThtJAgMBAAGjggK+MIICujAPBgNVHRMBAf8EBTADAQH/MHkGA1UdIARyMHAwDAYK 17 | YIZIAWUDAgEDBjAMBgpghkgBZQMCAQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUD 18 | AgEDDTAMBgpghkgBZQMCAQMRMAwGCmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDKDAM 19 | BgpghkgBZQMCAQMpMA4GA1UdDwEB/wQEAwIBhjBfBggrBgEFBQcBCwRTMFEwTwYI 20 | KwYBBQUHMAWGQ2h0dHA6Ly9yb290d2ViLm1hbmFnZWQuZW50cnVzdC5jb20vU0lB 21 | L0NBY2VydHNJc3N1ZWRCeUVNU1Jvb3RDQS5wN2MwgaQGCCsGAQUFBwEBBIGXMIGU 22 | ME0GCCsGAQUFBzAChkFodHRwOi8vcm9vdHdlYi5tYW5hZ2VkLmVudHJ1c3QuY29t 23 | L0FJQS9DZXJ0c0lzc3VlZFRvRU1TUm9vdENBLnA3YzBDBggrBgEFBQcwAYY3aHR0 24 | cDovL29jc3AubWFuYWdlZC5lbnRydXN0LmNvbS9PQ1NQL0VNU1Jvb3RDQVJlc3Bv 25 | bmRlcjAfBgNVHSMEGDAWgBRJVJFMaUQ7xPgCLPT4LTNWiXWYEDAdBgNVHQ4EFgQU 26 | qVO+ZISDS10mxic+LtGEaFU80HUwgdMGA1UdHwSByzCByDA8oDqgOIY2aHR0cDov 27 | L3Jvb3R3ZWIubWFuYWdlZC5lbnRydXN0LmNvbS9DUkxzL0VNU1Jvb3RDQTMuY3Js 28 | MIGHoIGEoIGBpH8wfTELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VudHJ1c3QxIjAg 29 | BgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxKTAnBgNVBAsTIEVudHJ1 30 | c3QgTWFuYWdlZCBTZXJ2aWNlcyBSb290IENBMQ0wCwYDVQQDEwRDUkwxMA0GCSqG 31 | SIb3DQEBCwUAA4IBAQA/ajdhyDBMELNyPOHPu2t2fiDKGPaYeKr0mZhgZbrznGtD 32 | 3KdqUrA6urHyIprCL8d05PgLPmFKp1UDO+BMJHef2mVaYH513xlIRJa75L/81O1z 33 | /hBjaPai9+uMiVpxA94guFiaFwpE55gMyaPknYYCHindd8r+qLb3+4AevkcaLnCB 34 | nCHodLgc6KyLwk44zfXJW+U/UyjBkJnk1DZpIbpvTZkfAvxHyGADcfPQ4iKdMFCf 35 | zEk1EQcM3K95UfXzH6LocRcGsOCU57mGRWPeBLDwoHW1wY2PKwxgJW3bEpaECLPK 36 | 958Ntoj5UCVS4R811DCRfEzpeJGeQb9GiJqYSXj/ 37 | -----END CERTIFICATE----- 38 | -------------------------------------------------------------------------------- /config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services Root CA.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA 2 | Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA G2 3 | -----BEGIN CERTIFICATE----- 4 | MIIG3DCCBMSgAwIBAgIUIV542ZZIsCHGOUplZtjgD0ah5ZUwDQYJKoZIhvcNAQEM 5 | BQAwXDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG 6 | A1UECxMERlBLSTEkMCIGA1UEAxMbRmVkZXJhbCBDb21tb24gUG9saWN5IENBIEcy 7 | MB4XDTIwMTExODE0MzAzNFoXDTI5MDgxNDEzMzAzNFowbjELMAkGA1UEBhMCVVMx 8 | EDAOBgNVBAoTB0VudHJ1c3QxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y 9 | aXRpZXMxKTAnBgNVBAsTIEVudHJ1c3QgTWFuYWdlZCBTZXJ2aWNlcyBSb290IENB 10 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA572gaoFb74+gsCeMrlon 11 | 3dv5pjLJyU4nCO0QqiShzXK8ZqgwNa47z+KdF3w1ofeRxYsu0qg/6gzlQU5s1Dbl 12 | G8CeNsXXowjaYwDAMosDSR4HrsLttr1C/4xxLkKejX4GQ01kpTHWMejtpioGMH3F 13 | qgK+E9Ga7hGU9rgy0CeVM2/LoJ3ekt36xdpndCEbUfe9yQIliEICbJbKhxcMebJK 14 | AOb6g8jyr0CzeKXnDqwVMUEn4REDsVxQgEzmQMryWdr/LBZckS40AEEhc4D1ojts 15 | sABvKrb9NzpGnSCPSDFXFY8N5C++CmA2OhZaZOHg//p85PExb4AVBmyZceIay1we 16 | zQIDAQABo4ICgjCCAn4wHQYDVR0OBBYEFElUkUxpRDvE+AIs9PgtM1aJdZgQMB8G 17 | A1UdIwQYMBaAFPQnXKnDfEf0+qansFmXqt01JhfjMA4GA1UdDwEB/wQEAwIBBjAP 18 | BgNVHRMBAf8EBTADAQH/MIGzBgNVHSAEgaswgagwDAYKYIZIAWUDAgEDEjAMBgpg 19 | hkgBZQMCAQMTMAwGCmCGSAFlAwIBAxQwDAYKYIZIAWUDAgEDBjAMBgpghkgBZQMC 20 | AQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgEDJDAMBgpghkgBZQMCAQMNMAwG 21 | CmCGSAFlAwIBAxEwDAYKYIZIAWUDAgEDJzAMBgpghkgBZQMCAQMoMAwGCmCGSAFl 22 | AwIBAykwXQYIKwYBBQUHAQsEUTBPME0GCCsGAQUFBzAFhkFodHRwOi8vcm9vdHdl 23 | Yi5tYW5hZ2VkLmVudHJ1c3QuY29tL1NJQS9DZXJ0c0lzc3VlZEJ5RU1TUm9vdENB 24 | LnA3YzASBgNVHSQBAf8ECDAGgAEAgQEAMA0GA1UdNgEB/wQDAgEAMFEGCCsGAQUF 25 | BwEBBEUwQzBBBggrBgEFBQcwAoY1aHR0cDovL3JlcG8uZnBraS5nb3YvZmNwY2Ev 26 | Y2FDZXJ0c0lzc3VlZFRvZmNwY2FnMi5wN2MwNwYDVR0fBDAwLjAsoCqgKIYmaHR0 27 | cDovL3JlcG8uZnBraS5nb3YvZmNwY2EvZmNwY2FnMi5jcmwwVwYDVR0hBFAwTjAY 28 | BgpghkgBZQMCAQMSBgpghkgBZQMCAQMtMBgGCmCGSAFlAwIBAxMGCmCGSAFlAwIB 29 | Ay4wGAYKYIZIAWUDAgEDFAYKYIZIAWUDAgEDLzANBgkqhkiG9w0BAQwFAAOCAgEA 30 | v65FJeNH7H2AjfuaAa2kNJGBI+QaltbncrWbISA31sateJabjnocyW1TfbtQUzls 31 | iATk5p8RaT+LPRVRNs/4TtYs6XkhItOYMIcNkBk8jc+4xKMR8GXA/sPfZa7Wo7Vk 32 | 1TcNMdO2DZtEumaH94zq/CtLbyzBNHj4N5hZyE9S/lX2JAVzRFuNjsgbEgza7+q2 33 | WNb5oo8JKRFJNUTh9KvFpmHOeqyngGivIzLvc0w61mV9ZPAqKYdS59ZD2b91LKIF 34 | Ar2CBGhwrY5Mj/VTIRdklPa7cPcXumCWgBCtln7LlhPrxg7OTDvvRDjt6aHJuRn4 35 | lesOHpbgiaQWxUBrfD/id7tLacEpvWNZR3wENnU805LHAk2GvNvjzXelhgAfr81G 36 | SxCX8gw0paZHotoh5zWuHksBwCAoDIQePW738hp0NQc3KsaWxMZyuXFt4EuchW7T 37 | jpAIiiDjvqg5t2z7+xfpEm5TegTg8d9dsqw0Jch4xOGqrqmM0SvR7+dRUthESnUM 38 | aKacVOlrorHt31s+lNjLrnPHc3F8YPzC1Q+0ftxVoqugK+O0wxSlmlxew1J2tKdi 39 | W58yw5u2mtzO0WNj1gUuvyUfw33AQ88nZCgtNUWrponvTf7onW+RcEJv+N/6JyYm 40 | DIp+1qtsrtLmwAoNfe/KAKBWumEv5d0EqR8jWoFfJ0I= 41 | -----END CERTIFICATE----- 42 | -------------------------------------------------------------------------------- /config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA 1920665011.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services SSP CA 2 | Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA 3 | -----BEGIN CERTIFICATE----- 4 | MIIFLjCCBBagAwIBAgIERIGyLzANBgkqhkiG9w0BAQsFADBuMQswCQYDVQQGEwJV 5 | UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo 6 | b3JpdGllczEpMCcGA1UECxMgRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFJvb3Qg 7 | Q0EwHhcNMjMwNzExMjEzMzMxWhcNMzAxMTExMjIwMzMxWjBtMQswCQYDVQQGEwJV 8 | UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo 9 | b3JpdGllczEoMCYGA1UECxMfRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFNTUCBD 10 | QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAGndnOscVr13p4WiQI 11 | Pt893DK1LeACg6qgW636I8VLlJGJQwao4lrT1kajgKR2Wx4KLMv6yKmqUfUuAoyq 12 | PEHaDNVpWTqKI6g5m3Hckq73Sr8fIGxVMzi5qxxyll2SKvNh+qQnloFSKmSerF6d 13 | nkaIfMOb3FH21akkYdwnQkAdsETmjfhiowapyd2LJzsuhWFybaNHJBYb1cUeNlGS 14 | StD0gMmkHZqKll+LW+LAJJW18KXf8IT6QTTlb6syemcXUHkxFPtgsupWnhzuoo2k 15 | yUFXiCmACvD1aBT06OCK/qhAO5Aif98ejzzf/Y9yFiJyigY2D2YVONp+j52DLZvI 16 | 7DMCAwEAAaOCAdMwggHPMA4GA1UdDwEB/wQEAwIBBjB5BgNVHSAEcjBwMAwGCmCG 17 | SAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAMBgpghkgBZQMCAQMIMAwGCmCGSAFlAwIB 18 | Aw0wDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMnMAwGCmCGSAFlAwIBAygwDAYK 19 | YIZIAWUDAgEDKTASBgNVHRMBAf8ECDAGAQH/AgEAMIGkBggrBgEFBQcBAQSBlzCB 20 | lDBNBggrBgEFBQcwAoZBaHR0cDovL3Jvb3R3ZWIubWFuYWdlZC5lbnRydXN0LmNv 21 | bS9BSUEvQ2VydHNJc3N1ZWRUb0VNU1Jvb3RDQS5wN2MwQwYIKwYBBQUHMAGGN2h0 22 | dHA6Ly9vY3NwLm1hbmFnZWQuZW50cnVzdC5jb20vT0NTUC9FTVNSb290Q0FSZXNw 23 | b25kZXIwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL3Jvb3R3ZWIubWFuYWdlZC5l 24 | bnRydXN0LmNvbS9DUkxzL0VNU1Jvb3RDQTQuY3JsMB8GA1UdIwQYMBaAFBwh9eOV 25 | sXV+BodOt7DoM7HYigtlMB0GA1UdDgQWBBSbf7YpDdHvrjJAb/jC2Xy0wJdQljAN 26 | BgkqhkiG9w0BAQsFAAOCAQEA1vUT2MZh/9O2onlBBakuMo0vGE6898nSJWnftaUt 27 | coCmHvMcT1URGxv7pb9oap4aXq37IItLpw5Fp/0hncaX0ebivk3FiY28mHEm1Bpr 28 | cx+Ooo0Yfg0y2ShRDMUpYdy4QvCggwewvKgv8A9tGTHlsWAgd/WctcIjwGxH9YYK 29 | yOYEYQVZACFNAist3WCrnp65JpEJIyerpxGNQJMqDTFSABt8pTy/5u3OP8N/KiEW 30 | sB/OBQidSSnUdpHGinY6G+5tXxOAKbUM5qWkAGpg5NEyZLbIVMrGbU11F8INIz3o 31 | VBd4nYfYZ3vNgNMHnhHgxFWs0uxiXK+TBD0Qc1ycCX+B3A== 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust Managed Services SSP CA.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services SSP CA 2 | Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA 3 | -----BEGIN CERTIFICATE----- 4 | MIIFuzCCBKOgAwIBAgIERIEHtjANBgkqhkiG9w0BAQsFADBuMQswCQYDVQQGEwJV 5 | UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo 6 | b3JpdGllczEpMCcGA1UECxMgRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFJvb3Qg 7 | Q0EwHhcNMTkwODEzMTU0NjI5WhcNMjkwNzEzMTYxNjI5WjBtMQswCQYDVQQGEwJV 8 | UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo 9 | b3JpdGllczEoMCYGA1UECxMfRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFNTUCBD 10 | QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANjtFQkAPFlMQRrHGBGI 11 | zgXekI4wz+uu+neolkME7eAh+bBOopDwZkrp+TO/r9H1YLpvSmphwd7RBE6sWQEn 12 | Fbez48ZY6V0PND8j13DEqO7ODIA4KHGmomuF3CFxjC5wYgpT0dPrSkMwmc4dr2xs 13 | 7801L1ekJj8+eybcZVd+45ok4283sgyn0cVDzV1w5WOg0lhWz7CwuWhNOh1ZeZi3 14 | 1T49i9ETppBF86GR05UlBlaPBgUO85t9asxIrj8ejIWW89EVTtsnZ3r5SOkKtojP 15 | QMEM88RHqwkiBMyEtftSc3LvkJgcQWXQ+0c4zMOjMDZD/4yn69dg8OWTsuXjw0qi 16 | n/cCAwEAAaOCAmAwggJcMA4GA1UdDwEB/wQEAwIBhjB5BgNVHSAEcjBwMAwGCmCG 17 | SAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAMBgpghkgBZQMCAQMIMAwGCmCGSAFlAwIB 18 | Aw0wDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMnMAwGCmCGSAFlAwIBAygwDAYK 19 | YIZIAWUDAgEDKTASBgNVHRMBAf8ECDAGAQH/AgEAMIGkBggrBgEFBQcBAQSBlzCB 20 | lDBNBggrBgEFBQcwAoZBaHR0cDovL3Jvb3R3ZWIubWFuYWdlZC5lbnRydXN0LmNv 21 | bS9BSUEvQ2VydHNJc3N1ZWRUb0VNU1Jvb3RDQS5wN2MwQwYIKwYBBQUHMAGGN2h0 22 | dHA6Ly9vY3NwLm1hbmFnZWQuZW50cnVzdC5jb20vT0NTUC9FTVNSb290Q0FSZXNw 23 | b25kZXIwgdMGA1UdHwSByzCByDA8oDqgOIY2aHR0cDovL3Jvb3R3ZWIubWFuYWdl 24 | ZC5lbnRydXN0LmNvbS9DUkxzL0VNU1Jvb3RDQTMuY3JsMIGHoIGEoIGBpH8wfTEL 25 | MAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VudHJ1c3QxIjAgBgNVBAsTGUNlcnRpZmlj 26 | YXRpb24gQXV0aG9yaXRpZXMxKTAnBgNVBAsTIEVudHJ1c3QgTWFuYWdlZCBTZXJ2 27 | aWNlcyBSb290IENBMQ0wCwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaAFElUkUxpRDvE 28 | +AIs9PgtM1aJdZgQMB0GA1UdDgQWBBTm3RoHGstruiC5ljmT+BTcmAM3JzANBgkq 29 | hkiG9w0BAQsFAAOCAQEA1zN6YX5CcwAqUOYGU7QQ4QIZaZvpnTN/KDEYHGDIhTYS 30 | KlkAXz0ncwe5P3V9YfnF+UwDJFwBZVtzxIy+2lIbEvkkIezYKwJm6K2PHweePL6E 31 | WpCaVhe39WrOo3LRjKIWO+Lp502Rkb/cBJVG2M2OE1ve4Ydt5GlPWXXi1uGoHJHW 32 | U8jc2aPDIK5KTCtzh2tfEG6dkjykPosx5ZwNjcZ8IkTFoIh7hsLxniu8kHhOd2k0 33 | 6nM+ctNiBdl2nCQ7GpDSJaL+1MJsXkVjav8ZCBRL9CXwAZSodu2RpkSuNSwrmLmw 34 | V0lxFBzM+0lGoM8FlV31siMrQBoi0pjDgSjkkJFMFA== 35 | -----END CERTIFICATE----- 36 | -------------------------------------------------------------------------------- /config/certs/C=US, O=Entrust, OU=Certification Authorities, OU=Entrust NFI Medium Assurance SSP CA.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust NFI Medium Assurance SSP CA 2 | Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services NFI Root CA 3 | -----BEGIN CERTIFICATE----- 4 | MIIGYDCCBUigAwIBAgIESqlplDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJV 5 | UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo 6 | b3JpdGllczEtMCsGA1UECxMkRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIE5GSSBS 7 | b290IENBMB4XDTIxMTAxMjE5MjUzN1oXDTMwMDkxMjE5NTUzN1owcTELMAkGA1UE 8 | BhMCVVMxEDAOBgNVBAoTB0VudHJ1c3QxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24g 9 | QXV0aG9yaXRpZXMxLDAqBgNVBAsTI0VudHJ1c3QgTkZJIE1lZGl1bSBBc3N1cmFu 10 | Y2UgU1NQIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumqaZwwW 11 | QA5InbtKCub7M3y23F//kUew1RmXgPbJFaIwF+jW68tp2ebXrfVaThfyOTSUfzTu 12 | A7WfqTDXAzCiPNmEzh+QlRUdcOst883Mr4BwQVJVCaWoiD6Iaij+LIjJCRWghO3D 13 | Tt1vEJUp0YdY1+3AARcvsodSGZnPRD5JQmIErOGkqRNU6ATR/JwT0Aqxqshy3CVy 14 | X13PBAPzjoEBi0X1Oe3kjZ4gMsIVhPoiljFep2mHquKtBmHW5wS89gTGyG0/rppk 15 | dJaaJDoanMw81bRiyp5TA4sR5e2gpam2IseXZTQkkMAm6f74356FQMARsvaHZ9VJ 16 | CaTVDlBIt4FzywIDAQABo4IC/TCCAvkwDgYDVR0PAQH/BAQDAgEGMIIBHQYDVR0g 17 | BIIBFDCCARAwDwYNYIZIAYb6a4FIAwoHATAPBg1ghkgBhvprgUgDCgcCMA8GDWCG 18 | SAGG+muBSAMKBwMwDwYNYIZIAYb6a4FIAwoHBDAPBg1ghkgBhvprgUgDCgcFMA8G 19 | DWCGSAGG+muBSAMKBwYwDwYNYIZIAYb6a4FIAwoHBzAPBg1ghkgBhvprgUgDCgcI 20 | MA8GDWCGSAGG+muBSAMKBwkwDwYNYIZIAYb6a4FIAwoHCjAPBg1ghkgBhvprgUgD 21 | CgcLMA8GDWCGSAGG+muBSAMKBwwwDwYNYIZIAYb6a4FIAwoHDTAPBg1ghkgBhvpr 22 | gUgDCgcOMA8GDWCGSAGG+muBSAMKBw8wDwYNYIZIAYb6a4FIAwoHEDASBgNVHRMB 23 | Af8ECDAGAQH/AgEAMIGSBggrBgEFBQcBAQSBhTCBgjBQBggrBgEFBQcwAoZEaHR0 24 | cDovL25maXJvb3R3ZWIubWFuYWdlZC5lbnRydXN0LmNvbS9BSUEvQ2VydHNJc3N1 25 | ZWRUb05GSVJvb3RDQS5wN2MwLgYIKwYBBQUHMAGGImh0dHA6Ly9uZmlvY3NwLm1h 26 | bmFnZWQuZW50cnVzdC5jb20wgdwGA1UdHwSB1DCB0TA/oD2gO4Y5aHR0cDovL25m 27 | aXJvb3R3ZWIubWFuYWdlZC5lbnRydXN0LmNvbS9DUkxzL05GSVJvb3RDQTMuY3Js 28 | MIGNoIGKoIGHpIGEMIGBMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRW50cnVzdDEi 29 | MCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEtMCsGA1UECxMkRW50 30 | cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIE5GSSBSb290IENBMQ0wCwYDVQQDEwRDUkwx 31 | MB8GA1UdIwQYMBaAFPPtObnaG00DPCYVOdgztQjvOD45MB0GA1UdDgQWBBR71tD+ 32 | 4blJt1/Rz3NKLtN9SCoMhTANBgkqhkiG9w0BAQsFAAOCAQEAfA2HPCSO/M0FW7C2 33 | wBaGIlj3y6FUi2NWPwTMXxZPjWuunADat8Vk9QDgeaCRypUtR2XWqDK0CCJPSgjZ 34 | FSRQJxWmdJZuVLXobWlQkaeNyQklFxgOUAI6sEsrIKTqtjjb4IlB0B2A+qI6WikJ 35 | akIwO+mYIEfczDHjLLhWkbZr0mGvp1DhZfcb5A2Dw+KFX+0067nOKH0ntqXKE1/O 36 | rUzKiYcDfxIZ1x+P2Xvilw6s8ssUqgkX+/iM0wA9/VtPWcjn5APmFGbYnV1kBWuE 37 | ipUqkP7+DrD2VlUZJdB4tAc7oYY0rdimU+qfeyHOp1GdNk+XFlYGzWe3UdGaWmei 38 | /Vbg2Q== 39 | -----END CERTIFICATE----- 40 | -------------------------------------------------------------------------------- /config/certs/C=US, O=Exostar LLC, OU=Certification Authorities, CN=Exostar Federated Identity Service Root CA 2.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=Exostar LLC/OU=Certification Authorities/CN=Exostar Federated Identity Service Root CA 2 2 | Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Bridge CA G4 3 | -----BEGIN CERTIFICATE----- 4 | MIIFzTCCBLWgAwIBAgIUFyODxMVED+0WBcguvDXYFRihRzAwDQYJKoZIhvcNAQEL 5 | BQAwVTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG 6 | A1UECxMERlBLSTEdMBsGA1UEAxMURmVkZXJhbCBCcmlkZ2UgQ0EgRzQwHhcNMjMw 7 | MjA3MTMzNzE5WhcNMjYwMjA3MTMzNzE5WjB+MQswCQYDVQQGEwJVUzEUMBIGA1UE 8 | ChMLRXhvc3RhciBMTEMxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRp 9 | ZXMxNTAzBgNVBAMTLEV4b3N0YXIgRmVkZXJhdGVkIElkZW50aXR5IFNlcnZpY2Ug 10 | Um9vdCBDQSAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14WJIqYl 11 | fX6Vz80/ZoICQ1t0l0/tDqPwAETPNoQkmY67nvaGsQo3ybupFV9vjgxO012dY8Pt 12 | BF7lefP7O/oPELhLfFuBsapBPuSnLr/VmW+hUp5HBp8h/YJnvFDi6IeqVqP3syqC 13 | 7GuxslKxEkgXoinqcHJqrjI2CikIi0CVbSsQ4OeCR6FUiHfKKXHorXevw+ZiWWWM 14 | jNesXSq8vgEgfNhhebJhcbfniRLOtWmgSpnkZWIjj10EHm9JGk3eF601w65AlR84 15 | ZikhZvcfMxnnfaMQiQBWL0h/8NsIkVjOycXb1I5HMmPRGqrNGCwlox7oTC4lmmCL 16 | Xz8mqoi0nZPenwIDAQABo4ICajCCAmYwHQYDVR0OBBYEFFQLEbAd+VfPsHotUlLz 17 | s6eMUvSsMB8GA1UdIwQYMBaAFHnwAEnrf3fCXUECZTSKkCObHgdvMA4GA1UdDwEB 18 | /wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ME8GA1UdIARIMEYwDAYKYIZIAWUDAgED 19 | ATAMBgpghkgBZQMCAQMDMAwGCmCGSAFlAwIBAwwwDAYKYIZIAWUDAgEDJTAMBgpg 20 | hkgBZQMCAQMmMIGSBgNVHSEEgYowgYcwGQYKYIZIAWUDAgEDAQYLKwYBBAHsfAEB 21 | AQgwGQYKYIZIAWUDAgEDAwYLKwYBBAHsfAEBAQUwGQYKYIZIAWUDAgEDDAYLKwYB 22 | BAHsfAEBAQYwGQYKYIZIAWUDAgEDJQYLKwYBBAHsfAEBARkwGQYKYIZIAWUDAgED 23 | JgYLKwYBBAHsfAEBARowbgYIKwYBBQUHAQsEYjBgMF4GCCsGAQUFBzAFhlJodHRw 24 | Oi8vd3d3LmZpcy5ldmluY2libGUuY29tL2Zpcy9wdWJsaWMvRXhvc3RhckZlZGVy 25 | YXRlZElkZW50aXR5U2VydmljZVJvb3RDQTIucDdjMBIGA1UdJAEB/wQIMAaAAQCB 26 | AQAwDQYDVR02AQH/BAMCAQAwUQYIKwYBBQUHAQEERTBDMEEGCCsGAQUFBzAChjVo 27 | dHRwOi8vcmVwby5mcGtpLmdvdi9icmlkZ2UvY2FDZXJ0c0lzc3VlZFRvZmJjYWc0 28 | LnA3YzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vcmVwby5mcGtpLmdvdi9icmlk 29 | Z2UvZmJjYWc0LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAmKDG9yaBE/IhdFd76ffz 30 | YEx9trT0o6vPAT6lg8LxbuExp8M5MUdzne5WT2EzoyEuTVBtPnOuA/ArFMotPqmz 31 | z0JthvokT+/WVRXABTxPwTckm6Bdh04A7/SkwRoGztFI7jmfuChx6Ten30f7BoQh 32 | 6vEPKjuH695JLog50Ip6wmmNQCXWpyQ1VLeCQswPwqTgcRdZ8ge0QyAMHiw7CFmZ 33 | oan5OR/rTuIcGJDzRusLwYBuC6kabNU36r35qBis/GE0bi+nti3pO120GvqymIAf 34 | GesxSQNuoy4jpcp2pJnRYDeeOwru5eXuKlN83I9dZTbb7R51uS/eVshDNrlaqdAF 35 | 1g== 36 | -----END CERTIFICATE----- 37 | -------------------------------------------------------------------------------- /config/certs/C=US, O=ORC PKI, CN=WidePoint ORC SSP 5.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=ORC PKI/CN=WidePoint ORC SSP 5 2 | Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA G2 3 | -----BEGIN CERTIFICATE----- 4 | MIIGHDCCBASgAwIBAgIUIRnLUBTIBJvNs9kBwQUYKv2vnggwDQYJKoZIhvcNAQEM 5 | BQAwXDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG 6 | A1UECxMERlBLSTEkMCIGA1UEAxMbRmVkZXJhbCBDb21tb24gUG9saWN5IENBIEcy 7 | MB4XDTI0MDIwMTE1NDE1MFoXDTMwMTEwNTE0MTYwMFowPTELMAkGA1UEBhMCVVMx 8 | EDAOBgNVBAoMB09SQyBQS0kxHDAaBgNVBAMME1dpZGVQb2ludCBPUkMgU1NQIDUw 9 | ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVxl6v6mG30QXESgG+8sKl 10 | qoWrn8WGnmGGd9JJBXxmf00h5/NTaPbh4kwxikD3DSoJV3r0U5dzRYlH2/SDA2mC 11 | BRjRz8I8VE6LWJilvIl2gzm9CASUmeK5M/gp4zMPbOB19jzHj3CuRI3YKPgczCFu 12 | DPznovY3xLUIsUlVYyciLiVR1GbtpgihvrLUl47+teSWn9rF7OJe8DI9TTqA1HEK 13 | JbYY3ng1Y3aA/+7aGloNYHyJZhsAijTxuABPktwhVOp+J0pc8PSnTUA3dJe5cPex 14 | DUsw5pWp9mT9fluQ9hfoSYeKLTQhlJpn2ZumbCkCNE38ny6ZxwWjy5U+4MwPzyJd 15 | AgMBAAGjggHzMIIB7zAdBgNVHQ4EFgQUI7hOsU5tJESLRGenZc+hOzmUZtwwHwYD 16 | VR0jBBgwFoAU9CdcqcN8R/T6pqewWZeq3TUmF+MwDgYDVR0PAQH/BAQDAgEGMA8G 17 | A1UdEwEB/wQFMAMBAf8wgYgGA1UdIASBgDB+MAwGCmCGSAFlAwIBAwYwDAYKYIZI 18 | AWUDAgEDBzAMBgpghkgBZQMCAQMIMAwGCmCGSAFlAwIBAyQwDAYKYIZIAWUDAgED 19 | DTAMBgpghkgBZQMCAQMRMAwGCmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDKDAMBgpg 20 | hkgBZQMCAQMpMFIGCCsGAQUFBwELBEYwRDBCBggrBgEFBQcwBYY2aHR0cDovL2Ny 21 | bC1zZXJ2ZXIub3JjLmNvbS9jYUNlcnRzL1dpZGVQb2ludE9SQ1NTUDUucDdjMBIG 22 | A1UdJAEB/wQIMAaAAQCBAQAwDQYDVR02AQH/BAMCAQAwUQYIKwYBBQUHAQEERTBD 23 | MEEGCCsGAQUFBzAChjVodHRwOi8vcmVwby5mcGtpLmdvdi9mY3BjYS9jYUNlcnRz 24 | SXNzdWVkVG9mY3BjYWcyLnA3YzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vcmVw 25 | by5mcGtpLmdvdi9mY3BjYS9mY3BjYWcyLmNybDANBgkqhkiG9w0BAQwFAAOCAgEA 26 | FaQ5Ytr61l7+J1/D3fYxS6wQrIHxSCRGizud+gJysAB52KSthmnapH64Ly60cSOx 27 | wDdXrQkwINeh8mldWrit1/yj65lpWl0y/qBFFmleq5jazIg6n5cx/N/KTuECx0qE 28 | qqxm3URQkrQENFzItkUxzrBw3cBjXdp3CRg82aX0Dy7uUvDKrjmsSAendfc5YZQp 29 | oYKufaZH5UUOmwYqDq1RlWy1f624sUNkIGK4vJcyCCcvJtyM6rbQ+N45GIEyErQv 30 | e/MQ3/3kTAkVgqIxc/3GVlcRNRPnEr1iU1FVxf357dWeRNlgORda4CPBO9oBX3Xo 31 | gpRgUDgv/6jDiPRIp0BsApgDZ1mNGUMc+BjRkB6flrHAPFWUj6ZAN1Hr2Nrz1jIg 32 | 8e4/G0i6War+VHZGhDY36S7wBZ8AKYT0WgfTlSE7tQGYnBUiIHJQ0nrCDaRp1fvM 33 | EtRQ70hPnhPua84qtydLku4td464iLZaJar4xXLC8z5rUI/hopou30vWaquGQwFp 34 | WbvehEL3fEXE87f2UHoJm94UE5Vorh8kXa6rTq1zj9Rafmjo5qkahgwvSYrmglA8 35 | qjQoOQIDjEP8+GHU7yh6pD2EMUpJa/GrPye8+iLn6JpqV1x53cJYAKaSoBRUS/2l 36 | GxCqnznYVkXi9XNQNuVSVIPQNspSBvA436FI5KkTcZ8= 37 | -----END CERTIFICATE----- 38 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=Department of Energy, OU=Certification Authorities, CN=DOE SSP CA.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=Department of Energy/OU=Certification Authorities/CN=DOE SSP CA 2 | Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA 3 | -----BEGIN CERTIFICATE----- 4 | MIIFozCCBIugAwIBAgIERIDLlzANBgkqhkiG9w0BAQsFADBuMQswCQYDVQQGEwJV 5 | UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo 6 | b3JpdGllczEpMCcGA1UECxMgRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFJvb3Qg 7 | Q0EwHhcNMTgwMzAxMTQxMzQ3WhcNMjUwNjAxMTQ0MzQ3WjB/MQswCQYDVQQGEwJV 8 | UzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MR0wGwYDVQQLExREZXBhcnRtZW50 9 | IG9mIEVuZXJneTEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczET 10 | MBEGA1UEAxMKRE9FIFNTUCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC 11 | ggEBAKOD6UQ/gwPOmh4X7LMKM8Q0DX3hfa2I6yq+f5fNXpDR1FLHQ9yboor6Ya4n 12 | 3E/7EWid6T+LfGYmtTON16B5Y7dCdPsQEMWfbYVsuajMDEM6NjI1jg5d9ON704Ev 13 | JC9UI1d/vuDYhV0HBRl9MRkLlWtEiRGLFlQk/TS+lp4OoTI2YbVlOyccNFT1MkXC 14 | FE6rhLjv9Ofv85eXj4iUNPFnVDC/FsBzN/0WkTLu9/lSpPTJQKzB18gKhST5V/GQ 15 | SAsG0Azy+d/KfIFw66joDH7e/9k4zO6bkZYBuP3kiMYYpGvK3ZNY3gzKbefVPLqI 16 | e3BoWJcMn4woSwJBHUTO4cZ7LJECAwEAAaOCAjYwggIyMA4GA1UdDwEB/wQEAwIB 17 | BjBPBgNVHSAESDBGMAwGCmCGSAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAMBgpghkgB 18 | ZQMCAQMIMAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgEDETASBgNVHRMBAf8ECDAG 19 | AQH/AgEAMIGkBggrBgEFBQcBAQSBlzCBlDBNBggrBgEFBQcwAoZBaHR0cDovL3Jv 20 | b3R3ZWIubWFuYWdlZC5lbnRydXN0LmNvbS9BSUEvQ2VydHNJc3N1ZWRUb0VNU1Jv 21 | b3RDQS5wN2MwQwYIKwYBBQUHMAGGN2h0dHA6Ly9vY3NwLm1hbmFnZWQuZW50cnVz 22 | dC5jb20vT0NTUC9FTVNSb290Q0FSZXNwb25kZXIwgdMGA1UdHwSByzCByDA8oDqg 23 | OIY2aHR0cDovL3Jvb3R3ZWIubWFuYWdlZC5lbnRydXN0LmNvbS9DUkxzL0VNU1Jv 24 | b3RDQTIuY3JsMIGHoIGEoIGBpH8wfTELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0Vu 25 | dHJ1c3QxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxKTAnBgNV 26 | BAsTIEVudHJ1c3QgTWFuYWdlZCBTZXJ2aWNlcyBSb290IENBMQ0wCwYDVQQDEwRD 27 | UkwxMB8GA1UdIwQYMBaAFKlTvmSEg0tdJsYnPi7RhGhVPNB1MB0GA1UdDgQWBBRC 28 | KuZKwSw7DnFokpfgEw92CsuUfTANBgkqhkiG9w0BAQsFAAOCAQEANdupF4w/r/Cu 29 | YUZvR8OEbGq0TYuFojTVBjDzVE2AahYwbDjoqyi1/0wS0HyX0Lbz8If+x7JvCkQ2 30 | Htwux33GvsUNs6WWP+sue7p/J4i7BxgiH5dDgkw+RDFQbmOGComZ5SHpWQNagtLI 31 | 8g9stpatTydRl4GqeT0RmH0QTbuSxlIIZ3Z7EOJi9e1aPRuFOsZMbBWF/sCy5mm7 32 | qmHQ7qW6Tlr2db77Nfb0DIAuws4uI805UwoTUBEnc91CKRBegC7YQ/VioeHkJZNF 33 | 6ZbrE8kbLJ2foC6jzddVGhrm0CjYCAbIwjCW5fBanGPT+/sNn6r+Khrv1kAKWdJg 34 | 1NbDwWT8hQ== 35 | -----END CERTIFICATE----- 36 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=Department of Homeland Security, OU=Certification Authorities, OU=DHS CA4 1749827104.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=Department of Homeland Security/OU=Certification Authorities/OU=DHS CA4 2 | Issuer: /C=US/O=U.S. Government/OU=Department of the Treasury/OU=Certification Authorities/OU=US Treasury Root CA 3 | -----BEGIN CERTIFICATE----- 4 | MIIGDTCCBPWgAwIBAgIETjmBKDANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC 5 | VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu 6 | dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y 7 | aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTUwNjEzMTQz 8 | NTA0WhcNMjUwNjEzMTUwNTA0WjCBhzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu 9 | Uy4gR292ZXJubWVudDEoMCYGA1UECxMfRGVwYXJ0bWVudCBvZiBIb21lbGFuZCBT 10 | ZWN1cml0eTEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEQMA4G 11 | A1UECxMHREhTIENBNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ6z 12 | 5QKA2hjOSvwVu0SWd/TJsJv2Xd2WN7yTo9OCSPiQ+U89oAE8xlIpo+97mMK3DjwU 13 | 4GdeMP0cdpKarcL7BBSPCK2j1f3o5PNiYU6RDJBR6pgfuvE6LJDAmpKZGcJITnLj 14 | ui25aMAy6dlNX0aNFu2JApB9yDE9VrIODNhZsD6LG4iCa1mATxtGQfIqfZhT/aSN 15 | nfcbzIddZYvhQlYMF53S9+oAJv21XyHLHO91PW75UteWVxWZvxLfQZmkwzeAxJI3 16 | 7YnpRrHGvtjjeRVgtUKi3wj3CpvRSVLMy05CAKlgsG56vvG3lgkeIoJrwiBV+sY4 17 | G3aoT7+efJgRnJpxCYcCAwEAAaOCAnYwggJyMA4GA1UdDwEB/wQEAwIBBjAPBgNV 18 | HRMBAf8EBTADAQH/MIGXBgNVHSAEgY8wgYwwDAYKYIZIAWUDAgEDBjAMBgpghkgB 19 | ZQMCAQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMQ 20 | MAwGCmCGSAFlAwIBAxEwDAYKYIZIAWUDAgEDJDAMBgpghkgBZQMCAQMnMAwGCmCG 21 | SAFlAwIBAygwDAYKYIZIAWUDAgEDKTBBBggrBgEFBQcBAQQ1MDMwMQYIKwYBBQUH 22 | MAKGJWh0dHA6Ly9wa2kudHJlYXN1cnkuZ292L2Roc2NhX2FpYS5wN2MwQQYIKwYB 23 | BQUHAQsENTAzMDEGCCsGAQUFBzAFhiVodHRwOi8vcGtpLnRyZWFzdXJ5Lmdvdi9k 24 | aHNjYV9zaWEucDdjMIHuBgNVHR8EgeYwgeMwNaAzoDGGL2h0dHA6Ly9wa2kudHJl 25 | YXN1cnkuZ292L1VTX1RyZWFzdXJ5X1Jvb3RfQ0EuY3JsMIGpoIGmoIGjpIGgMIGd 26 | MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MSMwIQYDVQQL 27 | ExpEZXBhcnRtZW50IG9mIHRoZSBUcmVhc3VyeTEiMCAGA1UECxMZQ2VydGlmaWNh 28 | dGlvbiBBdXRob3JpdGllczEcMBoGA1UECxMTVVMgVHJlYXN1cnkgUm9vdCBDQTEN 29 | MAsGA1UEAxMEQ1JMMTAfBgNVHSMEGDAWgBRohBVIjFRwfy0SWA7sHHjvPC5ZZDAd 30 | BgNVHQ4EFgQUfMNKXLofNquDUX304OUOkH8cE0EwDQYJKoZIhvcNAQELBQADggEB 31 | AFOQwIQWhIzLNbzkya8Z+U7BoFSrsg+aVXT4StNJjdWPCZO5fP6KU9OW2gcHAz/G 32 | ylC65JrbFM6Wo7Zn+rrTrZZvDnd7uyjafeUDnnI4VwPwYrPUQllyru7YC9aZjp6f 33 | Mm8S+MUN69Dpb7NMFHt2876CYRco+q0t/ESN1T+YLrqGAhPjwz1+opTyrhY3NSBR 34 | tJ8xUzNIcDP34r9td0SXtiidmxX/dDLiGi0YvzD90sSWNAKOANl3MyhIPerCuADF 35 | qpALUkkY5zTa+ZlPHDf/4pfedZN4cJDpv9X49/RterYIj0cGw8UyWFaObSAOVEBr 36 | Ye+Tz+l0RQ3GVQ8mhpBK2YI= 37 | -----END CERTIFICATE----- 38 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=Department of Veterans Affairs, OU=Certification Authorities, OU=Department of Veterans Affairs CA 1760711487.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=Department of Veterans Affairs/OU=Certification Authorities/OU=Department of Veterans Affairs CA 2 | Issuer: /C=US/O=U.S. Government/OU=Department of the Treasury/OU=Certification Authorities/OU=US Treasury Root CA 3 | -----BEGIN CERTIFICATE----- 4 | MIIGJDCCBQygAwIBAgIETjmBeTANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC 5 | VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu 6 | dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y 7 | aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTUxMDE3MTQw 8 | MTI3WhcNMjUxMDE3MTQzMTI3WjCBoDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu 9 | Uy4gR292ZXJubWVudDEnMCUGA1UECxMeRGVwYXJ0bWVudCBvZiBWZXRlcmFucyBB 10 | ZmZhaXJzMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMSowKAYD 11 | VQQLEyFEZXBhcnRtZW50IG9mIFZldGVyYW5zIEFmZmFpcnMgQ0EwggEiMA0GCSqG 12 | SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPGwMIzE+IfsSfh6Tdu6IoLH7psCadFCVM 13 | xPeTYzh7WMZdFrtozM9qCecChkShA4T5lCJPgEG6vN/cnlnBWr6quqkzQDKOIlXN 14 | vhUnyf8dCJiHkCgM5gZmAdCWX098yE1VMdl6cmpNn4mbM0PFjeJhKJoxAlZjvf0n 15 | C2CHraSvjhGS0z4vaoU+JVWsvpNglRNkT367BpBX2Vt2I2wf/uXimu7+NHTdNUFc 16 | jqz9qy7x2Dm9T2HCLkAEsjB5Xnc4zEjdk6RbOmbuENV7IhNMrKZz7PW68KR0HIJ7 17 | 66wMJsyHjBz1Ksuz/P7ZiLf8yDPbVfxV21KvfhBGICGWFUyoynILAgMBAAGjggJ0 18 | MIICcDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCBlwYDVR0gBIGP 19 | MIGMMAwGCmCGSAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAMBgpghkgBZQMCAQMIMAwG 20 | CmCGSAFlAwIBAw0wDAYKYIZIAWUDAgEDEDAMBgpghkgBZQMCAQMRMAwGCmCGSAFl 21 | AwIBAyQwDAYKYIZIAWUDAgEDJzAMBgpghkgBZQMCAQMoMAwGCmCGSAFlAwIBAykw 22 | QAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzAChiRodHRwOi8vcGtpLnRyZWFzdXJ5 23 | Lmdvdi92YWNhX2FpYS5wN2MwQAYIKwYBBQUHAQsENDAyMDAGCCsGAQUFBzAFhiRo 24 | dHRwOi8vcGtpLnRyZWFzdXJ5Lmdvdi92YWNhX3NpYS5wN2Mwge4GA1UdHwSB5jCB 25 | 4zA1oDOgMYYvaHR0cDovL3BraS50cmVhc3VyeS5nb3YvVVNfVHJlYXN1cnlfUm9v 26 | dF9DQS5jcmwwgamggaaggaOkgaAwgZ0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9V 27 | LlMuIEdvdmVybm1lbnQxIzAhBgNVBAsTGkRlcGFydG1lbnQgb2YgdGhlIFRyZWFz 28 | dXJ5MSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRwwGgYDVQQL 29 | ExNVUyBUcmVhc3VyeSBSb290IENBMQ0wCwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaA 30 | FGiEFUiMVHB/LRJYDuwceO88LllkMB0GA1UdDgQWBBR1YdofMZJuLipkXqNlGYVl 31 | gOjHKzANBgkqhkiG9w0BAQsFAAOCAQEAa8jTfoCQTVnOdvqUBDUpgNe35XmgVbsZ 32 | MaaN41BWDe81SmE1q1ZVY/6KOcj6rMaII7mzBHFfD89fp5JLlYRVdOtxmh1mEYyw 33 | uX0Uo+bbwJeAq1mzrWXGrb6De00X6Nn73v0m5NjNjlF6CMbyYZKNpehuvRWZ1EIx 34 | aNTZANvU3e/U+O7jo8+PrRpIzCqY72QLKxAHw9VknWmEzWjkkWBYltdzka9CPuM0 35 | 6rHkpFYOQic91Z59ExUlHmHb9+GYlyYBvJX5LnrDi+Ai6CvLqCLnmldOnm7rPyyf 36 | mzywCD7A3TRBcaiksPGLPQtIoRL4qpGNoI6/iwbmCf+ZJRsGCXVAwg== 37 | -----END CERTIFICATE----- 38 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD DERILITY CA-1.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD DERILITY CA-1 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 3 | -----BEGIN CERTIFICATE----- 4 | MIIEsDCCA5igAwIBAgICBMIwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx 5 | GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL 6 | EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwMTE5MTQ1NTM3WhcN 7 | MjcwMTIwMTQ1NTM3WjBfMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl 8 | cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEaMBgGA1UEAxMRRE9E 9 | IERFUklMSVRZIENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU 10 | +oux8F1k37D9HStMm9I+r6EUj8qssrcvCwAzwAMX6dC29KzikC5gbzYCB3Y5Bf+b 11 | ui+mBdNbzo7kgDq+VBIZn4WqM6thlb7JQgvlejt2eJByfVcVoKfYf26Sa62qbKcd 12 | Q3O2S8pC+Hdbwo2dbubNOui5BLxW/gzW6pS/VkJgwn1IdT3WrHTK4wsH5h7j372O 13 | kE5D5XbkM/aSjiWobyGnP4aHhIMurV7heZ3c0SK2AGrtWfaM6JjK4UW8at0p3kWr 14 | 2c5kNoXKe7AMAWFIXmYHzT9WMYiQwn2eBw2kvgwXJsaQ3KHea9+7xbtv6EZLf/uf 15 | nd4Ayxhy+3IBiE3bzcPnAgMBAAGjggF4MIIBdDAfBgNVHSMEGDAWgBRsipSid7GA 16 | ch2Behaq8tzOZu5FwDAdBgNVHQ4EFgQUCIk6zhO8HPI6LZgxC6n+OHn9giIwDgYD 17 | VR0PAQH/BAQDAgGGMFkGA1UdIARSMFAwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgEL 18 | JzALBglghkgBZQIBCyowCwYJYIZIAWUCAQs7MAwGCmCGSAFlAwIBAygwDAYKYIZI 19 | AWUDAgEDKTASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOAAQAwNwYDVR0f 20 | BDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9EUk9PVENBMy5j 21 | cmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8vY3JsLmRpc2Eu 22 | bWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUFBzABhhRodHRw 23 | Oi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAkAjLcFmNd6APpZXi 24 | vYvo//JoFo680eLc2dCYOx48VHzI1M00mMov69uitCBRZSqVeI9NmlIGQBhLAfea 25 | QxSd3XxIdbUsYul5/vylbUZpKTBQ03A8t76pOtPPzksG8aBfYx+SzXwqzpAbz396 26 | BVtRErX5yDOPK3+LBy+Eq+0Nh6h0CkPmSKBMAHLVZL2Nqe5MIRFn/FlKJEbtpTEq 27 | FELs8KtqM6X5uLKGPUhjGOeLBijzYxF+nd1GM9kRiyw5v7j06jrVTuIVwcSQPcsX 28 | pHNtbzW/Tx2dRfHn0w8WkSQdDvwSTuo1pWOYBo6yJhRwSm3/4rmawxlp3p8lXuiB 29 | SlUDxA== 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD DERILITY CA-3.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD DERILITY CA-3 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 6 3 | -----BEGIN CERTIFICATE----- 4 | MIIFsDCCA5igAwIBAgICAJMwDQYJKoZIhvcNAQEMBQAwWzELMAkGA1UEBhMCVVMx 5 | GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL 6 | EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDYwHhcNMjMwOTI2MTUzNzQ5WhcN 7 | MjkwOTI1MTUzNzQ5WjBfMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl 8 | cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEaMBgGA1UEAxMRRE9E 9 | IERFUklMSVRZIENBLTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw 10 | eLiWxbVZw35eNeZCrYzUnPSXHEQUOHLX1hkkiu+ihr+DVNjoweqql/M9hwdFg0Q1 11 | YQ8SU8thxpoiOZYpdlLtVny3Jpcsvd/EKTcya9LLVPZVSlqhE7IYx1wqLeAUfCgx 12 | Ebx0VCt7jaAgyJvl6xHMDeG6hTNSTTXu+Lcsjbqjqc5qi0KNp2h8bk/Yy3P69Fep 13 | qpyxJN9yd7EG5YFU93aOUkcYKN5cA+Sn8IdsNXsIK+bSDq7+pprFd0PP4gscLB1m 14 | mk4RvFtg/9LaYP5PZI2EyLuVRbX7AJIg+hLSWWzV9tYV+5mOUxOQGG93lWOIoYkN 15 | Gyncn2wpBkyoaBkZxZ/lAgMBAAGjggF4MIIBdDAfBgNVHSMEGDAWgBQTTzy7211F 16 | KaWUcLbarJ5M4i/BCzAdBgNVHQ4EFgQUC3reF5qt5nrVXGw6exb3YuShkB0wDgYD 17 | VR0PAQH/BAQDAgGGMFkGA1UdIARSMFAwCwYJYIZIAWUCAQskMAsGCWCGSAFlAgEL 18 | JzALBglghkgBZQIBCyowCwYJYIZIAWUCAQs7MAwGCmCGSAFlAwIBAygwDAYKYIZI 19 | AWUDAgEDKTASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOAAQAwNwYDVR0f 20 | BDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9EUk9PVENBNi5j 21 | cmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8vY3JsLmRpc2Eu 22 | bWlsL2lzc3VlZHRvL0RPRFJPT1RDQTZfSVQucDdjMCAGCCsGAQUFBzABhhRodHRw 23 | Oi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQwFAAOCAgEAQC4wcCf7f+EuG3+7 24 | hRmEsJ03Xz+DE/ZCR56Lo/zk+RRM2+QUh0ylSW5klLvhfo23RoBmgRI2XsX9KiyF 25 | Ku4vBVvIc0IxNHKQWql63kagZ378kR8SKLj6pVnckgHWS8N1gGdEABboMo4qtIvv 26 | vas6efF4Fb6WS9NUwpZc8FDzASTaK3UuMDR8Rs9zE3FPDAaXQUvmYVv+oUySyp0Z 27 | Ge5bg4Rb7l3Nta28p2bZ/n5nU6f3afkvDxSYybhxiuP9tLB8euVdGnqFL/S7xdNJ 28 | 4s9l8ieUc9o0QSiYyIE6DSIufkDWC37jPP/cX6dMNF6/b250+uaeELQ3Qka5Pvnc 29 | ULsAFnUiL96LdZJMBRP2euOXMtoOu2UFVV58TebIkw9xkpwGf8ksSOMdVrTbbj2c 30 | 89ekMwhQE49FKR3+gUM60Ge2GA0dQknDp2TSKh81CbTMtMIQMoYAopgtVpXD6hWF 31 | HhkLG+w/0Dyxjt0m9tQPiflXg/Ss7qY6cmUmfXGAMjXRQixYw39UbFGziEYcW3R5 32 | vw7JAVnS9QwqkSPLQrMQpocVuaf5dyNEPXfTLy2Xzb/Ig0I9bBKzeLhmEoS6Y0og 33 | v5CHgTGZL+hPYYrkAuf+q6qbjtsG0zqrG0zI3LAgeltVr/Ca15ogIs1iCKqOwkvM 34 | uFLCrMh9RhowahEio8AG3fG3p/M= 35 | -----END CERTIFICATE----- 36 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-62.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-62 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 3 | -----BEGIN CERTIFICATE----- 4 | MIIEvDCCA6SgAwIBAgICBV0wDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx 5 | GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL 6 | EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjA4MTM1MTM4WhcN 7 | MjcwNjA5MTM1MTM4WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl 8 | cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E 9 | IEVNQUlMIENBLTYyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtelD 10 | jabqJkL0EnJlJ1CTLkrQoDs1TiB164u5Wi5fj300mgkDxFF9hXxwRcoCHfAS/Br3 11 | oHAm7sTowUidd5PugwFo9moZYhsl8k25s2oYmyKOkDVq+8hfNjUvatTs1HqF7W8A 12 | Aar1qOVeTM5lJKJg+/3svf9fb3ZUl2LjJF+McRT0c7wd2WlsCVoTUu7kbCNS9B9+ 13 | VlDXRrR7WAK3fLCXNcI2RVoDfFFjtdekqV+otL+IMPxCQwORnOklx2GBnM3wldq5 14 | U8hNw+ebpp20aRv71gK4fZ4AqKPZJ/HLZmB/tzxXubUvrmpswyjy/T3wJXVK0I1N 15 | /ytrQE2DNYrBeNV2zQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId 16 | gXoWqvLczmbuRcAwHQYDVR0OBBYEFM3F5uPkJReXcLqqk+K5vkGjkivnMA4GA1Ud 17 | DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw 18 | CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl 19 | AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF 20 | MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv 21 | RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw 22 | Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG 23 | AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA 24 | SF8g2dpY+b+ozXWCtP7fjnL+Tcukwj4Wbc+SrNL2I7DUUayNqwuOLj4a4I7sDL9F 25 | lrFul69WuV8PiFBbKTV913PpkFFP1NhXDdBkcBFrXnt0UMAU9yvaUCyTcr7ikUEH 26 | wVEeE70FQy7Dx23aZf9XSOzcMuSmIo2N8P2OdU3VdKLhOabdR2JlvEMqXEihTn81 27 | ABzGae0tDXVsmnykPUIClsLjHNjUBSqF76TuZv5foLJAKOo1xeDrjRajawjBsN0M 28 | nZPRC6X+eodQgzNuTpcscspsVuBnOsInkBZd4RXm9PuPjSH77hB8an7bPrWaufE+ 29 | e45aFpkQzFArjrFNz/R/4Q== 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-63.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-63 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 3 | -----BEGIN CERTIFICATE----- 4 | MIIEvDCCA6SgAwIBAgICBUgwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx 5 | GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL 6 | EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjAxMTQwMjIxWhcN 7 | MjcwNjAyMTQwMjIxWjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl 8 | cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E 9 | IEVNQUlMIENBLTYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7GFm 10 | nf9Dhw3p6lGHhZTUTr9rNWyihovYscqV6qFF6floDLD70Wizru84tvMGosp1PkWt 11 | KU/ObjvqQjhjdvppaDHYxmUxCHIt0lGhnmkfzTbtjLANTG+Lm7PArrW6osRGsMV7 12 | jRhgLStj+52QgCkQNAqbqTB4o3OQSQd6Akn9YrWpbuVFl/ZY0B/4By/Xg0qvd90d 13 | EgwKw9FPe1O/KRyjea0zow6mDqeS7ZdwSgbAHfbQNahk6QzYRAY/J0pUQ4TDAgFe 14 | 8tCHL3h4JdwAdBP5zL2sfE9FoZV4xbjk6eP/S7riQw5aXJmsZHLqFX/wSUVCaPTk 15 | iGan8Dpo5b28VE0GjwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId 16 | gXoWqvLczmbuRcAwHQYDVR0OBBYEFE0xrVHWTld+Z2kzJQN+ximl3brzMA4GA1Ud 17 | DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw 18 | CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl 19 | AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF 20 | MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv 21 | RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw 22 | Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG 23 | AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA 24 | QS+92B7pNsK55GuIAZV+h42MR0dTfiidbgldvXxPtLUBh2Ab0EqRbboXw4s/mxDG 25 | 85vN9Qke4/v30MtHa9i9IwyzFDq5GfCC7ygi2RKOGShmVxE5gBrzF8Ok0O4BS8i5 26 | 8+Q7wJywx5pC7TgrtziP0zMKw7QVYHYqeRsu0lTLIEu76HAWRdZwVPcz3Kph0bRH 27 | zFrJ2ZIDfVzn1EG8qosPWN2vzBE633eBfm9VWobMR4Uxs7ZiFzJFRDy/ai5DGJ1j 28 | fxVglI8q1YD4UU0/yaeMVgaGwoCx9sb+q5XCXEn9MV2dbmVf4D+jVm12xYYd146M 29 | G6vK43wgw7eLa6LNYNCF1g== 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-64.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-64 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 3 | -----BEGIN CERTIFICATE----- 4 | MIIEvDCCA6SgAwIBAgICBUkwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx 5 | GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL 6 | EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjAxMTQwNTE5WhcN 7 | MjcwNjAyMTQwNTE5WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl 8 | cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E 9 | IEVNQUlMIENBLTY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz084 10 | CMrLDnhLu2b3yBkRp4B03zV4O7pAVqDz8Q4zOWehm6kJs60Q2dXXzuXk0Jx70aFd 11 | k4I8k84SSfCzvMhSz3SvrTK14yjCFVhlVgyQcST5WvnXwMMH4npGg/ZG8eNYxdYD 12 | +JLLNeZPlZEdGwMHq9Ue6LuNVQP3d2FMRJahUZ0eP786zBeI8bebSG/7WBZSz/RI 13 | 2fwLg9Rv9aKjmy/j5ZZ3pi7GcezdVgcClNqhrFg96t46GXM6R7i8rgFEECXj9NiW 14 | JllqveM0nV8Ty5q8yP5M52Y0Eyo9Xy7EPa5fA4v7TbM6dYCny4SYUTG+8qDx39vR 15 | 7RF5IoRrXniIyWWsuQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId 16 | gXoWqvLczmbuRcAwHQYDVR0OBBYEFIuQfSHrvBoVe8KwTn5zUcgOtty2MA4GA1Ud 17 | DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw 18 | CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl 19 | AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF 20 | MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv 21 | RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw 22 | Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG 23 | AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA 24 | ixpW3FOdC8mBhMVhIVrMeIDgMzDHtI/0TVsfFUwASajibCl51loMCvy9MN0zlWKF 25 | /ae4yzmnzk+TT+KCksF2iClCmuk5Ikz1OUOJvtP4osZEo8gHsvM9IOYc+pGqCCwj 26 | AN1AKunjJzC48fe1I03Y6B2ts497pia3Tn/Dkkg0MKICdJuT9+oFSrqHu1tnuoti 27 | VBMY6Lk4tLqfRhWIUDmhkEa0GLjvmx3m6kytA+SNmI0kUHFW1FeZvNBgnjrEY2SM 28 | HlW1pTJsObYjfiicDIPuqJu633MKEaQgQRukOLEfV0CSEt7PLaVcD/JLjuHGttwd 29 | 0019mApk8G9z4Le8G22i4w== 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD EMAIL CA-65.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-65 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 3 | -----BEGIN CERTIFICATE----- 4 | MIIEvDCCA6SgAwIBAgICBV4wDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx 5 | GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL 6 | EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjA4MTM1NTI2WhcN 7 | MjcwNjA5MTM1NTI2WjBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl 8 | cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9E 9 | IEVNQUlMIENBLTY1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfoi 10 | 70QEnrxvxQL4sWn9qcloOqVve/7q7mebsN6uUJpdUPabQrN+N144LME2pQzelq5n 11 | 6QuX5Sl10DfFoyXEPTaz8/2bQqzlVzMfWDRDgi6IJl7R327HZi1xXLxieDy5jJLw 12 | SL9UBtljD4MBUNFmk7Ug3VV7U30sFFBDLMaix5KTwdl/5BsUXhtlZjlhw5HKFXE0 13 | SDtVkCLkYMzdGpQd9sGNxTf7c3j0xd7GhBPdlBGG5JHsR9DWr3dfm3+KPzD9+GK0 14 | KViESzWLiGGhT/1EXePNzjs2S0cpNJwGAWjU4pQpDKnj4ehNs4GSXz4MUaefn7cC 15 | UJvxQc0erx3dI7tNtwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHId 16 | gXoWqvLczmbuRcAwHQYDVR0OBBYEFJi2NAob7QSaUwqKBXP6QmfNEGa2MA4GA1Ud 17 | DwEB/wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycw 18 | CwYJYIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFl 19 | AwIBAxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQF 20 | MAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwv 21 | RE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRw 22 | Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsG 23 | AQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEA 24 | Fg38R0SkiBIPthRzFDUWLbkUI0fpQ4S60LiM5fNAkApMw8rXzDHkErQGbz4EjnZY 25 | DIpqINdGlkjheLK9gIEsXXKfQ4LjpagBJd8xNPF1LZq0SW49YY5mD/Zol8DOmRVe 26 | wJh+ns9FThJZ+QAGqaFL26vf+xCNz+rdMZ9zXVvSGnh63bM82Sl5GnQ1Z4TNBRCM 27 | VhlDnPZ7+nygeq98BXVTDI4F7PaUdaZSk0ZCbztBcj+4Sq86jx0EOFA1BPyTRGru 28 | 1Qu0IIeCr4AP7Of2SOaqRQPBV2k//HWVZ/R1BKjgfLzWwueVLTZRkNhmYere4Mt7 29 | 7Jlk9Ls1gI1VGp3JiQdfFg== 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-62.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-62 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 3 | -----BEGIN CERTIFICATE----- 4 | MIIEuTCCA6GgAwIBAgICBUowDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx 5 | GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL 6 | EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjAxMTQwNzMxWhcN 7 | MjcwNjAyMTQwNzMxWjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl 8 | cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E 9 | IElEIENBLTYyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwNbqJeQ 10 | +d89t/E7vLSYF7ivkWMG6g8d0y7EbV7yd8r8suoNsfF/aKeApZbwumJ+ja4pbggt 11 | OqLolW/GyyJdAzhtEBOIBXMK4CEAcTTrAX40xKiKCFoY5X/ss0jiOwVDptHmvQeC 12 | UlG0oAR5/tgkGOpRdjBdYxEWkXIkQxE1mPpQZ56Vmbtr9onsnKjTr1ufmJaaquPr 13 | M3eXnwU8KOJmdpgO1sSLsIxy8JFedyrqO1TuZw6riMMOuK6P1XW6IpMGiu8+k0tf 14 | Gk/tL4yI3p17Ney+oZIvmuJu43V+NnRLRcwtsQRsRfj20fjH0o2uouWkUV1FuJoD 15 | OhceArDpkr1xlQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW 16 | qvLczmbuRcAwHQYDVR0OBBYEFG57IARNEcmB6RY1kNTLwltC1gdYMA4GA1UdDwEB 17 | /wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ 18 | YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB 19 | AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA 20 | AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E 21 | Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v 22 | Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF 23 | BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAA3It 24 | 1175xvpIzhP2duSRdNq3TfxaEGoc5vnzGnCtURC5rIfnY5V9F+W50u0yePUPbiNa 25 | S3ZljgnSoCCM6f6DGNSlG1mLjnnYdg3ojFKWR9m2S55V53/v0Z7JIPRmDTZ2dVw/ 26 | EiGg1VDRj9/ucI5fJF1jQZxdYGUDIi8AYkQ1LejD20avqkH/gUag6j/3mUXZF4rd 27 | ikORTbPtqDRVo+bNf4dGYjuihmru4GE0lMPK9keGf/ZfeZ0g00/iqyWVZwbdep4G 28 | s4VWiWbcJCB744R93TsBRQ6Cmes/dh1RFtEkcOMC6t+NJV9aSIF20CZv2NlNcD4T 29 | L7MvBU75kWmaG+2/kA== 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-63.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-63 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 3 | -----BEGIN CERTIFICATE----- 4 | MIIEuTCCA6GgAwIBAgICBQ8wDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx 5 | GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL 6 | EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNDA2MTM1NTU0WhcN 7 | MjcwNDA3MTM1NTU0WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl 8 | cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E 9 | IElEIENBLTYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRJd1oB+ 10 | otf7tUrvO5XB15Qe3TrMte630pcpz4IBEgCv64xJX2r465Jk+qKGqtW5lefR20jl 11 | azfMDO1dgOQ+ba4TEQn/VAutj8lO/7ag3GhZ7Z2NdTAB7OckX0LnfFktlndct5mi 12 | zji8CIB/gGFwoeykFF7NXbniXudxhNzPXvPBhBY38yXTzzNHxDZOBDXhyogYx69v 13 | dIaDLvXCwWTHsw5wBJaiTMGdKcFsCUUL4kOY0hv60VYkcduOF9+e7WmrsJLWMM5I 14 | ZS5MvLQUpzvl/XDnJek7aIaIU3ltZoty/8Lr6SBNr7havx6zLxxEwZ/EUfU38gKu 15 | QxOoo50o2sRcnQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW 16 | qvLczmbuRcAwHQYDVR0OBBYEFBfmS8gaS8mnpnC0TE1eyPY21DCYMA4GA1UdDwEB 17 | /wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ 18 | YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB 19 | AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA 20 | AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E 21 | Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v 22 | Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF 23 | BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEABhvV 24 | L1UcOJApwxlu50RO3dD7Tp/8VMfrAwYSt7ucLBSpddHxuwUsJkEakJ7W8HoiRQPX 25 | SGW0jrZAxdXH331DLhyRPtn/2zhVkLiPU6+wUvmen0t3otT61Ea5oJuU8REupc51 26 | 6rS+DNyCJL5WDGmjMQSyxhMctretmi2cb9xCGvtoD6lUgqHdDQNkPKG6EYJKPwNN 27 | YG3zCHENRRKgZd82xoVCB9h3NhZ3M1uS+YXOtcOtkwfBKKHMQ8W14NJUvDL3xjyL 28 | +5K1Yi6Jtf5G3pAvxZQgf/vfR3D6zxtO4Qy/q8qYW2eyyJnRa9vm1kfjUd2R0NmT 29 | 6NaUjDpi3EZ0riF7FQ== 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-64.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-64 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 3 | -----BEGIN CERTIFICATE----- 4 | MIIEuTCCA6GgAwIBAgICBUswDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx 5 | GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL 6 | EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjAxMTQwOTM3WhcN 7 | MjcwNjAyMTQwOTM3WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl 8 | cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E 9 | IElEIENBLTY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsvhd1Q/ 10 | aKpj5/vTYmydA08Od1W2AOjjDsK0iot8jWIt693OEq9x8bSQ1K6eStv4Y3f1jj9c 11 | SMvnP050SWqlF2Xmw8jifyk626E54rs67jhbuY5gc2+1BoComnq8IvN/tVbbPQkF 12 | mR/tlvcyV6SJp+PUFTy/vKwBVkyV42BTa9Dgq0z7XHq+Z7bjf2ZYDi1v+BxFW3Ni 13 | lv3CVmaQExf7S8JX9+5twtUtg4e9fl3wU98yW1SWu7A6KdqxDnMGqYxfX6FNWDbK 14 | 8y/4evrhAoV1lRCuTMvP7OdGbAjhUDHXNen3FoCxxu3pB4v32HjlMAi3Q2Rd3pCj 15 | ENEIzp17/k3yIwIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW 16 | qvLczmbuRcAwHQYDVR0OBBYEFFe8wF7bias73Uepch6uy0IZax56MA4GA1UdDwEB 17 | /wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ 18 | YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB 19 | AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA 20 | AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E 21 | Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v 22 | Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF 23 | BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAXr0y 24 | V7GzeW4yhuPP193deLxBfBDdG7yNWjI5tSGnvx/mvaJqj7oqiAftY/EbyTepYzbo 25 | 6/Q09s+Ael+wftRZXbbZwzRuYigpQZy50eDi+6s/tc/ItUJ37oQszUPTcsFt3qjt 26 | lH8FFTtLyPwxtalkwL5w7ACTv+1vD5avoXmJwHhFDGL8fKIQxCgfgU0AoL6XtLGT 27 | XdAQ5Xd9viVDaWsva1HX/RS7uZ5+n34OFM5SZBuMAtIcWYRouML4FpCsXMYcAYB9 28 | nh5gG9qMkIX0b/oTkF5loV2Pq7p09Pj48Ebbv8B32vqnaUOQLjRANb/sIQLHXoXH 29 | qwTizQlR8MkIO8+F+Q== 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-65.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-65 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 3 | -----BEGIN CERTIFICATE----- 4 | MIIEuTCCA6GgAwIBAgICBUwwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx 5 | GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL 6 | EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjAxMTQxMTIzWhcN 7 | MjcwNjAyMTQxMTIzWjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl 8 | cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E 9 | IElEIENBLTY1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkK9OCQ+ 10 | D0b/7SLsEs0LCElhKIzGtiZDBw9VLqCaxTHlxaYEPV/B/X9NGoP5PE4ToBOSramL 11 | CMPbwjadhNk8O0gEInZCuEzV17vvx6O4xg+FJ9OO76LU1KeXJnnvX1YnCKz3uxrn 12 | 3sw1jQugEEd1yPwKoHMjJ2Sr7Vgrm1e983EgiRint9lble7x/MDLvEZDELeeqhPZ 13 | vRiz1qwVG+/p2ks980qFLFLl1INOUSPnSLIbafg7cWE9yTC5i99s4pJnP2ThyBv6 14 | JsgFzbbj9FEYGyh75GjIMEv8ulcQ3ATOSBREUPzrd6sQmideeqvxXrDYxo8Qel6b 15 | rZiti+5vEr3OzQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW 16 | qvLczmbuRcAwHQYDVR0OBBYEFGLgSDhWbW9rJb67w4hYsaycQ8lbMA4GA1UdDwEB 17 | /wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ 18 | YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB 19 | AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA 20 | AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E 21 | Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v 22 | Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF 23 | BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAF8Uj 24 | 33K0ZM9adtfd8IM2ebqwgbgRxi22Pb6bKkKOkGV2NU4wMckpuRpUrQGJmy6CIXZ8 25 | 4QWz9DZSNAU0nyHXB6PLbSV0jnzKygWO7IOv83M6dcnCG8QUP1o20V0NGhzNBEtK 26 | jxWENZCYHEruxm+2rB+MBngPhkBgdni2npetHX2e1cmsgMS6G1PUh2idhZ8Mpdof 27 | nr+V0GuKLpwiNz3hLnKehl2Bs6aHG2IIOm/PdzvsKCP2eiGzS3SiiCf6fukYoYBN 28 | edL8fHfFNyM4UPNgc4eG+bu0GJK4wKPVjiX7xYDdGaYZ2m4Y++zrKuMq+Oar6DQG 29 | q3SERMAZCDYsEt3z2g== 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-70.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-70 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 6 3 | -----BEGIN CERTIFICATE----- 4 | MIIFuDCCA6CgAwIBAgIBRzANBgkqhkiG9w0BAQwFADBbMQswCQYDVQQGEwJVUzEY 5 | MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT 6 | A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgNjAeFw0yMzA1MTYxNjAwMDhaFw0y 7 | OTA1MTUxNjAwMDhaMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy 8 | bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0Qg 9 | SUQgQ0EtNzAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDd+Ln6k5rB 10 | /kTUcOX6vAcVvFIaM8DFKk1sCFGY2cq7Wq6IvnKV13/6yATU2KCLn1H18MwRDG2H 11 | wllfP3OTBVVb7FQmHxNEZHluKaYP/6us9FgJJtR4Kl3a7HFVSk2nD3k0nPN1vwGe 12 | CYb/WqzLM2zLrtEnkgqpog6DSI+PSdMaqo50uMH/neBa7fHqxdo5ZUn4xVoaXM7D 13 | nlib14QNGn3AXARRsnwz7aMhJiSakPckrR8zJb06EsQLU79v8VWkYmv3CNCMWJk1 14 | Jt6AzEa/yQl1A9ItOROq0tjk1Sirq2B1v05HZ0cIGH/NO+3wgW4j0eLV2QEgq6a3 15 | ROrLmEfdwc6tAgMBAAGjggGGMIIBgjAfBgNVHSMEGDAWgBQTTzy7211FKaWUcLba 16 | rJ5M4i/BCzAdBgNVHQ4EFgQUwICWP4qAgN5CD0PmpA/Lp2gIyM0wDgYDVR0PAQH/ 17 | BAQDAgGGMGcGA1UdIARgMF4wCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzALBglg 18 | hkgBZQIBCyowCwYJYIZIAWUCAQs7MAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgED 19 | ETAMBgpghkgBZQMCAQMnMBIGA1UdEwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4AB 20 | ADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RS 21 | T09UQ0E2LmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9j 22 | cmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBNl9JVC5wN2MwIAYIKwYBBQUH 23 | MAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBDAUAA4ICAQC20cKM 24 | LTIvPatlAx0X204IJBhpMAtXdYT07Aupz0dFfKP13Z057+gWrWK6T4yzEHgvzvo6 25 | /PtudEXexfrTGgfXCpkOK1A/qC+Nw0IANYjDA/oYUNSCOL1nhG9pi3kN6kwBLILL 26 | Xau3HOrmEfaB698v1WDMijSTTWqOSYvj9Vsb2/VJCyNFDjdncEwIVeMXmvk2/uT+ 27 | Sf4XW8ziAYVioqOzU59/tkEPPHDxFUqvvzLqNdbF+qXTTwSPYXfQdWzwzy5PkA4E 28 | gPKbxW4VLm3Ni+6D2YWlvy90rQxxgTI1TNWGbPLegDiNvaqYURY8uisocOQWgMDs 29 | R1j4S3moOFppAv1AzgH6k2LI/MnjHBg8A5YwGDLnQffbF1q0APMT7+k12jTuGc8P 30 | YbHleIO91OnyArf3BC/UMHrfkGZmI9XZ+xa/YhQ92oBMX2aq/mxOloERPiL1akcU 31 | jDlHG0fDP8Z9c15hr0z89TRJrEquzfs2RoFL+KLT57D1konhyuJRPJaOa1MlQIi4 32 | t3XcyOYlnK+wsSpgmImNZX6k6GFAw9+9JKyGXMaZAzVBbEyGHbOtW67DrU/CxHU2 33 | 8NdJsISLHXkTjHyERuEZoGEylDNMyGJdbxgHmiVKCqn+sl33jTlLU14/rZCsa92i 34 | +pBkTFevzjX9tDTABwY2gf3bKyBF+wIZ3Y5M5A== 35 | -----END CERTIFICATE----- 36 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-71.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-71 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 3 | -----BEGIN CERTIFICATE----- 4 | MIIEuTCCA6GgAwIBAgICBwwwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx 5 | GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL 6 | EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjIxMjA2MTcxMjE1WhcN 7 | MjgxMjA2MTcxMjE1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl 8 | cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E 9 | IElEIENBLTcxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXxfClV6 10 | 0ewwZNjGbEMJ9yXSIT0/zQPutggMqIq32iGOxTMmLNbK4nKaV3W1dxR9rSSICNXP 11 | G0Gp0swevg7LYNvOhNgVc3/mg+fu7igYXZgSJMfP6/FEZLWMZmix4hSmPKximad2 12 | tRFKS7lOzgNyyJJnfKaKXNC9xLlItWheMk/GoDEFH+vUiYGgdmGCDYPDU4IhHaEE 13 | Z/ZKUoqLv3KmIss3ibOzqisLd7IGpDza9RqXihI3xYzyK/17l2HbdtjR49pssOZ0 14 | rgN+CURnITOKBbaAL51aL12ricFpnFqXRUXX5YuLcXutzBK5gpcEPSB2SwLicMyc 15 | IVuWC1eVsNuldQIDAQABo4IBhjCCAYIwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW 16 | qvLczmbuRcAwHQYDVR0OBBYEFJAlOZpZ/Ax1V7nNbkwSYXXZOulhMA4GA1UdDwEB 17 | /wQEAwIBhjBnBgNVHSAEYDBeMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ 18 | YIZIAWUCAQsqMAsGCWCGSAFlAgELOzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB 19 | AxEwDAYKYIZIAWUDAgEDJzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1UdJAQFMAOA 20 | AQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9jcmwvRE9E 21 | Uk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5odHRwOi8v 22 | Y3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAGCCsGAQUF 23 | BzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOCAQEAO/s5 24 | 90Einul9/cNIOu0lEFwANrwsJrnKAvTvq4oDtOhSzY20H8eexy9UhKKuerfezTZK 25 | /WmKRhEhWPGeWn3bgbldyGGSmC1kI7Ayyo6YcI6ttfVsyQinzOhF7Dg0uwVESpph 26 | VnpngAwYaugVXA/ltJLKfdj/+7Dxab60lYS98Ue07luuBQFTep0oEmYs3kiFgNfI 27 | 3RCCIpCiFMvqXL6WexVFL9FSimZuefL5B7mNPYiNuoeBzPJofDaAlhxa5qnZIcWt 28 | KNZU5lKFbmTqjVu+OKfJbrWkIqtkFIkQyoEUvELH1+XLqywl+FyS/+xwH6rGTtl2 29 | 0RecJ4v4oj2Hg13GXA== 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-72.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-72 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 6 3 | -----BEGIN CERTIFICATE----- 4 | MIIFuDCCA6CgAwIBAgIBSDANBgkqhkiG9w0BAQwFADBbMQswCQYDVQQGEwJVUzEY 5 | MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT 6 | A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgNjAeFw0yMzA1MTYxNjAyMjZaFw0y 7 | OTA1MTUxNjAyMjZaMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy 8 | bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0Qg 9 | SUQgQ0EtNzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4vg75G7Ca 10 | 2fFug235YQb+jjbQkr+UEPhwBP05Td//aiE38ZpUlnPUu9NvzY84E8Sb9+iY+cQ9 11 | PrIQvZPuVyEDRGR3glNAukk3SScKCbdrpayuW2PdfSRmtwfv3LboyemQBTETgcKN 12 | G9fLs3spB/m0YbrzRq6WDCZY6DEbKnHVm5bPiO/Ks92GUELquX9y84hNN8A+XhUb 13 | Jl7fT6wmkRYn7ao3s5ZqIjDnRm6/wxWiwx5K3/377UJq3iDykLkBcJsNfdC74XVG 14 | uMo7IZ01fZ79VqNtmHPFEtjd7xDsK+aEDy7f20MoTx7z7eljSTKo6+4K8Eq0nCTW 15 | 9mK+xc9yP9XxAgMBAAGjggGGMIIBgjAfBgNVHSMEGDAWgBQTTzy7211FKaWUcLba 16 | rJ5M4i/BCzAdBgNVHQ4EFgQUg/RfNevM2l17mU/CU0QYQFq971kwDgYDVR0PAQH/ 17 | BAQDAgGGMGcGA1UdIARgMF4wCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzALBglg 18 | hkgBZQIBCyowCwYJYIZIAWUCAQs7MAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgED 19 | ETAMBgpghkgBZQMCAQMnMBIGA1UdEwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4AB 20 | ADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RS 21 | T09UQ0E2LmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9j 22 | cmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBNl9JVC5wN2MwIAYIKwYBBQUH 23 | MAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBDAUAA4ICAQCwLNgi 24 | 0r5ovflv63BdK4dPcqKkKYT0rupSr+bsnP96c95hS/pRVHiHQFYoQ2z+FygfsK/m 25 | M9+C3ni/Nu/btzAQBJOMayTh9vbokQSRU7THbfBrznnHdqWUhhWwzE7ddAYfTfiL 26 | xmHJcDJL7dukPlZWcrEK930EPEHTus+HvY0xUfdkJqFuHi8sfApoGU9ghEkZetBM 27 | tAOhn/Ox4Z7XrUafZNFZBTpO4VnwklBQYU65riQYDQfRz+3uQ7j8ClGSyAs4lcVa 28 | 2cnaMlJslwJIvaula1ALJv9f4v2HlCJ6rVyWdr7N36DLDWv7VUkNQRtVp/9WX1c1 29 | i3frAAP55Ap27DHOtVBvGHnNIwuFjArJrECixHz67ff1PrRLl/Zqng93baUfr6tf 30 | Gr/BTXdZmM0YBXTXNvj9PXWo+9D7JQgm+uFwCYdUWOMxz7DgPaPjl3RwF9JKU2nJ 31 | L7nl8ri2+gTNBQmk6avN2NqB+eZDP6Tzd26zR1HCJAc6k4+PF91oEG668Lxk1oeD 32 | 0hqIrZ77AZ8bAXwBW6roDlBJ5yJNGp9lXZd8xlwaKAIjg53f5/Ox7e6bC6e5KGqX 33 | 10xiQQpWVJkhaXcLSNeYb3cPSk4SuNWwtHC7vJWeExBQMUicrho8ZIQSl3quy60U 34 | ozvE/mx7Xrurnd+ifZPcYOW6yKk1tq4qQgRBLQ== 35 | -----END CERTIFICATE----- 36 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD ID CA-73.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-73 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 6 3 | -----BEGIN CERTIFICATE----- 4 | MIIFuDCCA6CgAwIBAgIBSTANBgkqhkiG9w0BAQwFADBbMQswCQYDVQQGEwJVUzEY 5 | MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT 6 | A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgNjAeFw0yMzA1MTYxNjAzNDlaFw0y 7 | OTA1MTUxNjAzNDlaMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy 8 | bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0Qg 9 | SUQgQ0EtNzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCih8Wo2Au3 10 | vFa6F9FdhAb2iFDYvh2devcOQWVneKg1moWMGm250eiwuzRZvNR7iDdXA+ntPn3d 11 | VrCjSDcGAXibtlJuyzYUW3aPbzjXFzzZO+xs1bIXHfN2bz27OZ09aHxzYZAvFNw8 12 | sbo08uVeWMV9jQhPRYHvKgruI2FleN9KpOjTU+phJJV2Z3+uQQ6HCSryazpFVjmq 13 | /mqybkf6SG6/O+vfH6na2lBCijdtQZqqchWEB763+tb2V2rqj0bks/bLMfpvhFqa 14 | JxmD30WZwus40VRMmHOddTA88uQHzTtv8cJRxFZoq8HZxOscImRe9U2tH1/uO7GR 15 | /G21TvFj+/6jAgMBAAGjggGGMIIBgjAfBgNVHSMEGDAWgBQTTzy7211FKaWUcLba 16 | rJ5M4i/BCzAdBgNVHQ4EFgQU6SF78hRvOFWIeqBQCZ6RchxL2TswDgYDVR0PAQH/ 17 | BAQDAgGGMGcGA1UdIARgMF4wCwYJYIZIAWUCAQskMAsGCWCGSAFlAgELJzALBglg 18 | hkgBZQIBCyowCwYJYIZIAWUCAQs7MAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgED 19 | ETAMBgpghkgBZQMCAQMnMBIGA1UdEwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4AB 20 | ADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RS 21 | T09UQ0E2LmNybDBsBggrBgEFBQcBAQRgMF4wOgYIKwYBBQUHMAKGLmh0dHA6Ly9j 22 | cmwuZGlzYS5taWwvaXNzdWVkdG8vRE9EUk9PVENBNl9JVC5wN2MwIAYIKwYBBQUH 23 | MAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA0GCSqGSIb3DQEBDAUAA4ICAQCGGfGR 24 | v/t2cVzv8apJn8A00DLLEtMkVcmQx+Dxbtg11pyCyWXtOFplunWECPRojmAFiVIT 25 | /Ky7SabSYuzuqxXbaiu6HVh2+5jSw5O3TaCbi4Z1fp2ghxdbcFKMnRbs8dQs+GM/ 26 | DV4mA8kZJtETUNSsCcohWVw0/ZpoiffrZBoNNPNvv6+xgQKVRyFvGP6ZqgHTCCIg 27 | K1kxI88PzaaeLol4D9Q8ga/cgnlBlKxLtwj6t7Mr7TaXJJUaQD1nHsjFDahwklvq 28 | c1rehkJ3ON4emf7q/bXK1J0AOkuVFcHHhwfQQiihw/bhy/+/CRa9xhbtMfjj+WRX 29 | Iy1eaBg7+/amEEOwzbswJI6ceKS+g+XC/Yag1V/1fCOWH9FbU63hJ5ZthdwYV6bh 30 | U9Sr3kUSSTMG1FmIE0eqxhSfHiVsmLkbYxZtcceJ1Y9ckKWJe0PVa3R9dkT0FWwI 31 | L4WcEMsFy70Esy3WLzIcfs0wx5tIkOGq0urRrhrK295OSlADg04Slx2gQQgZY7bX 32 | 7KQK6FWiwdasjB9o28J0SV6i5Q3Ej4rVG5HwY9EeFd5i5vT5O0LKGWlqtrj57PwY 33 | ErTF/egiM+eIcHlMGCW3fBdio0fSwk08os8Gdr4jWtz3SAg2WKMOCTgUYCvUu6n1 34 | 4vWdsWixt+mLh0u7xJTyQUcnwNExbuOOj+qjSw== 35 | -----END CERTIFICATE----- 36 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-66.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-66 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 3 | -----BEGIN CERTIFICATE----- 4 | MIIEjzCCA3egAwIBAgICBV8wDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx 5 | GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL 6 | EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjA4MTM1NzE4WhcN 7 | MjcwNjA5MTM1NzE4WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl 8 | cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E 9 | IFNXIENBLTY2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4houoVX/ 10 | Li3VkkGqzLIUOLda1i73PJvtWBdSDIed8ovWFa+tQJ0/vCluSctLGgV171iHWItg 11 | laOFkozk4pdBu5dW4N51jfkTYbzPt0tBZqJ0B20c/uxQUkIq8leMAiBnj5n1XRvE 12 | IPmpch8rvGAVwDNOjK+7GiBlmm9Afi2dRvDOanB1C5NkvySwshIx8191HQaVxwEe 13 | 5CFoHr1/N1CFDZ65jLsHlF+OFRA0UQnsT4aRMsdUtUm8IQ81WgCSBkYE1iVfm+cY 14 | Gp9IAJ4pjHeJt3VjYhCUZA1tISiEbjwt8Hos/oQny5jW3A0cKuKCN9D+CVzobb2Z 15 | j1n9KtXGwo7RpQIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW 16 | qvLczmbuRcAwHQYDVR0OBBYEFOsGU5gwhp7fXosLoSYm+qZhD7mUMA4GA1UdDwEB 17 | /wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ 18 | YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud 19 | JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j 20 | cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o 21 | dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG 22 | CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC 23 | AQEAEI/fMsnGS7EdXp9T+SU22yw7TOMPnZns0nQbcx09aKV9LS5DC6j5siNUUs37 24 | bEeJLPSDN5JqC2jHA7C5USJ6+Qe65kvlUCvCuAKwtfOnv0KewpZnxBcRaEebbpRX 25 | nzFb+2x/RbQYz3b0oN+srKyKEFie0USItyuVAB4eYolSbUQ5kXIMDbD7jxSkMsfi 26 | 2t8cpHXpNvPEGAMz8KFUR5ESYtE4uePZB4gOXBP2x7XbC4+mbSqXgapf+0L0dWXo 27 | PGHQZWrPXMJq8nJ9Crps8KucamtlRge++MgsWRi5B/oTaJNBfabD7bZcI+tG8MSm 28 | jYDkgfOi5nuRC+HuYQJfnN/JLw== 29 | -----END CERTIFICATE----- 30 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DOD SW CA-67.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD SW CA-67 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 3 | -----BEGIN CERTIFICATE----- 4 | MIIEjzCCA3egAwIBAgICBWAwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCVVMx 5 | GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL 6 | EwNQS0kxFjAUBgNVBAMTDURvRCBSb290IENBIDMwHhcNMjEwNjA4MTM1ODI1WhcN 7 | MjcwNjA5MTM1ODI1WjBaMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zl 8 | cm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEVMBMGA1UEAxMMRE9E 9 | IFNXIENBLTY3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGxEAz4E 10 | AAC1INxpZpWcvBvGADE1EcLCF6yl2Q+px7dol+M3iFran2xRnG+PatJ7MyHflYFT 11 | iMrjfNBjgd0WhcjdYIQqwA47vFwMDK9GAr4DpF9Th8Xa3Sz1W2PQj1isHKNodKvk 12 | ICOBudf38e+6xhQyPxC/ryPKa8OzHRvzzVGhxjQjg8mWNxf1tDHaj1F1vOu3rDxj 13 | k2BGbGKTSQ354E2jCkDLqKzCCzpsKVNPtkuC1LwUflrPBJreFq6pYOlFFBu9YgTZ 14 | q5D6O4mr9388Yl3UJEeZq70POfwd+Lg8oPDS8geVtXuxohCdE0lw3UrW5oGO10e/ 15 | DwhxvmyBkYjlGwIDAQABo4IBXDCCAVgwHwYDVR0jBBgwFoAUbIqUonexgHIdgXoW 16 | qvLczmbuRcAwHQYDVR0OBBYEFNu0q6OMKUW9rSpWN8xUXbzX/SonMA4GA1UdDwEB 17 | /wQEAwIBhjA9BgNVHSAENjA0MAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJ 18 | YIZIAWUCAQsqMAsGCWCGSAFlAgELOzASBgNVHRMBAf8ECDAGAQH/AgEAMAwGA1Ud 19 | JAQFMAOAAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5kaXNhLm1pbC9j 20 | cmwvRE9EUk9PVENBMy5jcmwwbAYIKwYBBQUHAQEEYDBeMDoGCCsGAQUFBzAChi5o 21 | dHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTNfSVQucDdjMCAG 22 | CCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDANBgkqhkiG9w0BAQsFAAOC 23 | AQEAIW6zNzaq6wiJST/lHGj8X4TEhezpoVDdVf9a4yD8mzDlTgGpwYNYD0eXm3/B 24 | 3/DXJR1DUKoNjb7fPomrn0mqMbsjn9PorjBvrjHGk8hnzTaWxny/UjKOZPunOrqr 25 | xNAdG77sc1TbYABaVr7R/qBV5vYGEYG0zG4lwgwOGfzHs5DCWlcZ9RXeMC8FmpU2 26 | V5prrgy4oUb9W+Pe240i5bTFFgk0KZpGzGwxmmip47hvnn2WoOjXuMCO8oFPID97 27 | b7HtqVw44FdhcX91iSsF94227L97FWj2qIh+hg9Hr7+lnUV2jnw78VDAAGYoC2j+ 28 | wFDemBg6D/gOGokJXlfr5G3RtQ== 29 | -----END CERTIFICATE----- 30 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 3.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Interoperability Root CA 2 3 | -----BEGIN CERTIFICATE----- 4 | MIIFRjCCBC6gAwIBAgICCwAwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMx 5 | GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL 6 | EwNQS0kxJzAlBgNVBAMTHkRvRCBJbnRlcm9wZXJhYmlsaXR5IFJvb3QgQ0EgMjAe 7 | Fw0yNDEwMDgxNDMxNDNaFw0yNzEwMDkxNDMxNDNaMFsxCzAJBgNVBAYTAlVTMRgw 8 | FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMD 9 | UEtJMRYwFAYDVQQDEw1Eb0QgUm9vdCBDQSAzMIIBIjANBgkqhkiG9w0BAQEFAAOC 10 | AQ8AMIIBCgKCAQEAqewUcoroS3Cj2hADhKb7pzYNKjpSFr8wFVKGBUcgz6qmzXXE 11 | ZG7v8WAjywpmQK60yGgqAFFoSTfpWTJNlbxDJ+lAjToQzhS8Qxih+d7M54V2c14Y 12 | GiNbvT8f8u2NGcwD0UCkj6cgAkwnWnk29qM3IY4AWgYWytNVlm8xKbtyDsviSFHy 13 | 1DekNdZv7hezsQarCxmG6CNtMRsoeGXF3mJSvMF96+6gXVQE+7LLK7IjVJGCTPC/ 14 | unRAOwwERYBnXMXrolfDGn8KLb1/udzBmbDIB+QMhjaUOiUv8n3mlzwblLSXWQbJ 15 | OuQL2erp/DtzNG/955jk86HCkF8c9T8u1xnTfwIDAQABo4ICATCCAf0wHwYDVR0j 16 | BBgwFoAU//iuE4uSK3mSQaN2XCyBnprFnHgwDwYDVR0TAQH/BAUwAwEB/zAOBgNV 17 | HQ8BAf8EBAMCAQYwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2NybC5kaXNhLm1p 18 | bC9jcmwvRE9ESU5URVJPUEVSQUJJTElUWVJPT1RDQTIuY3JsMB0GA1UdDgQWBBRs 19 | ipSid7GAch2Behaq8tzOZu5FwDB8BggrBgEFBQcBAQRwMG4wSgYIKwYBBQUHMAKG 20 | Pmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9ESU5URVJPUEVSQUJJTElU 21 | WVJPT1RDQTJfSVQucDdjMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1p 22 | bDB2BgNVHSAEbzBtMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJYIZIAWUC 23 | AQsqMAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMnMAwG 24 | CmCGSAFlAwIBAygwDAYKYIZIAWUDAgEDKTAPBgNVHSQBAf8EBTADgAEAMEoGCCsG 25 | AQUFBwELBD4wPDA6BggrBgEFBQcwBYYuaHR0cDovL2NybC5kaXNhLm1pbC9pc3N1 26 | ZWRieS9ET0RST09UQ0EzX0lCLnA3YzANBgkqhkiG9w0BAQsFAAOCAQEAG4XwYu2n 27 | R/WbM/oNwBbAf/JQCWDrbdR+0BTVgdYDy5BY8ENr4rFUjvy5DASMyxfEGNzl5NTf 28 | SumYpZn+HyfDsyzz68iXketTZQWJV+OQPvJuJGeq0pAx9OKqhV5xYD0tJteyTDqp 29 | cb/x2AdwwUx9WoKKcQvsgsPmYHscTWoWVosGiCTf/d/fdsv0JDbU/tVmdRtJRZd9 30 | RLY0AX2uMAWPWmXE2kh78gTSTB6HDkipWtiTQWrGAlsG/nBqhWEPKgGMKasAPFXx 31 | sstC5uJlgvusbPf+59eCthCBhdQ2AoOKrUJq1igenJUkrTnCRbWPgTZPF7sVUgye 32 | nC8YfDpmpw6cRg== 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 6.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 6 2 | Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Interoperability Root CA 2 3 | -----BEGIN CERTIFICATE----- 4 | MIIGRjCCBS6gAwIBAgICCjEwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMx 5 | GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL 6 | EwNQS0kxJzAlBgNVBAMTHkRvRCBJbnRlcm9wZXJhYmlsaXR5IFJvb3QgQ0EgMjAe 7 | Fw0yMzA3MTkxNjIxMzVaFw0yNjA3MTkxNjIxMzVaMFsxCzAJBgNVBAYTAlVTMRgw 8 | FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMD 9 | UEtJMRYwFAYDVQQDEw1Eb0QgUm9vdCBDQSA2MIICIjANBgkqhkiG9w0BAQEFAAOC 10 | Ag8AMIICCgKCAgEAvKgbvtMOdTpBvH8N0Xh0v4rXKfQBBQuBE8LprX8JUvrZsQVN 11 | 7pSTwEyBwv0wjoOk5LL4o78LfESXZoDlEI9bv/jxKOgu7YAYDObdEUd5GAhSNo9b 12 | UTmyeF1RRGi5SiRfZMrQnoO/HGf75RuebVAk5YQFWtPRQfqfWJV+UzY77xOe+4Af 13 | r3jiDkHRdroo3g6nDfbovGsc7gScCyOaI7tQsrAa0Gf8njmzDffyCLLxU9gDXRFW 14 | ekHQoU7cJoXbQMRXs5WoqCQePfOExOWjeCu+kHmvb85o0NT5p9t7RnM1TcKckWO4 15 | Ts+b+0mp8GUEye8ZukVJEy7h4xXVcH9MdPObeA44aF2eFmJGak9GBjRwZ4Jd69Jz 16 | FEgcaW0PJZjn4fg+Yq1KwcVGD2AXrK7Qvy9LMUAczjKlGGzLqTc95Q4pWT3LnqPX 17 | zXcgeBWrvd9q1td/4/QvCrc2wIGAD85rrsETMXUtyVwfK92bXPzCJbF8W126iTHV 18 | IC2dMxlaEtFafFr8be3iiK/eBn0B2r29j1/t7RtgZzqCeBYDaxG0tvNe54etS8PN 19 | BRyO4WzJn2CGlV35Harhxjjo+q7glVyIxCJ1r+0oumH781fr4T7m/H5uE58qSiqq 20 | fu1Eihxsf4ciIf0A0L4a5jHGAwBjeCaSMsUloPgI6m+2/h0PHfh+/zZp6bECAwEA 21 | AaOCAgEwggH9MB8GA1UdIwQYMBaAFP/4rhOLkit5kkGjdlwsgZ6axZx4MA8GA1Ud 22 | EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMEcGA1UdHwRAMD4wPKA6oDiGNmh0 23 | dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRElOVEVST1BFUkFCSUxJVFlST09UQ0Ey 24 | LmNybDAdBgNVHQ4EFgQUE088u9tdRSmllHC22qyeTOIvwQswfAYIKwYBBQUHAQEE 25 | cDBuMEoGCCsGAQUFBzAChj5odHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RP 26 | RElOVEVST1BFUkFCSUxJVFlST09UQ0EyX0lULnA3YzAgBggrBgEFBQcwAYYUaHR0 27 | cDovL29jc3AuZGlzYS5taWwwdgYDVR0gBG8wbTALBglghkgBZQIBCyQwCwYJYIZI 28 | AWUCAQsnMAsGCWCGSAFlAgELKjAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIBAxEw 29 | DAYKYIZIAWUDAgEDJzAMBgpghkgBZQMCAQMoMAwGCmCGSAFlAwIBAykwDwYDVR0k 30 | AQH/BAUwA4ABADBKBggrBgEFBQcBCwQ+MDwwOgYIKwYBBQUHMAWGLmh0dHA6Ly9j 31 | cmwuZGlzYS5taWwvaXNzdWVkYnkvRE9EUk9PVENBNl9JQi5wN2MwDQYJKoZIhvcN 32 | AQELBQADggEBAL+mLcDMuvdRPegsNHpe4f0aaxR7kMfLuu7d4PMc3io9ZAjkTChv 33 | hUTBGmsqSqa88zDBGzlR2i/0EObxIgh+6iYZ+eP87ehm/mTYWet+ggFtd2ppB6A7 34 | KDNrjNVI1vEE1LtOuuAEP9+DY/NHAFLSrSV4e5mCNuktmsyzn1W0KjDw+VCCZMXJ 35 | XzwJKvliF2oEgIj7s8sUxraEh3CHFQeb79mhGyr1KXOpnzMPNr8fk5rDxIi/UFXU 36 | Az39hOrmAlkyYEJfxjG2O4a3Gylw7+LJ924cgTDtRuTemzNiZFwCKs/QZgj2GzRv 37 | m0fG3P4xgNWBGCbjyzYWEsG7eBEn5mHQqaA= 38 | -----END CERTIFICATE----- 39 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=HHS, OU=Certification Authorities, CN=HHS-FPKI-Intermediate-CA-E1 1879534213.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=HHS/OU=Certification Authorities/CN=HHS-FPKI-Intermediate-CA-E1 2 | Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA 3 | -----BEGIN CERTIFICATE----- 4 | MIIGCDCCBPCgAwIBAgIERIFygjANBgkqhkiG9w0BAQsFADBuMQswCQYDVQQGEwJV 5 | UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo 6 | b3JpdGllczEpMCcGA1UECxMgRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFJvb3Qg 7 | Q0EwHhcNMjIwMjIzMjAyMDEzWhcNMjkwNzIzMjA1MDEzWjB/MQswCQYDVQQGEwJV 8 | UzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNISFMxIjAgBgNV 9 | BAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxJDAiBgNVBAMTG0hIUy1GUEtJ 10 | LUludGVybWVkaWF0ZS1DQS1FMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC 11 | ggEBAJ+QlDh+rGJNPK21Jqt92LYHxyCvJjsWOXH3nxLVXsQ8p6uZSr+X5euF3mlq 12 | VtQS5R1VfCVHojr/Un+coR3ldtqz0VDTEt/m7ZkJLGIvd2xr7jquNhtWqIYfbYrX 13 | j9uVd68q80H8Bf+pbD0FYoG64d87EB1721pl5/TPDNEWRylZYpzV3YBXT8ioWCol 14 | Jh7HAxeA1y5mGgx4g8+iKBSNI0oZYx5w7EGthz7cIphpHFPcqSfmVUbzRuinRbV5 15 | 1bY0+hrU5sZCBhwS5QzlQi5E5ahZzdXgo+ffV0FKCK4agm9fkLHRqrrQuMzhupa4 16 | 6hhPIpOSR+A9SnbqYUd0aHjGi58CAwEAAaOCApswggKXMA4GA1UdDwEB/wQEAwIB 17 | BjCBswYDVR0gBIGrMIGoMAwGCmCGSAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAMBgpg 18 | hkgBZQMCAQMIMAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgEDETAMBgpghkgBZQMC 19 | AQMkMAwGCmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDKDAMBgpghkgBZQMCAQMpMAwG 20 | CmCGSAFlAwIBAy0wDAYKYIZIAWUDAgEDLjAMBgpghkgBZQMCAQMvMBIGA1UdEwEB 21 | /wQIMAYBAf8CAQAwgaQGCCsGAQUFBwEBBIGXMIGUME0GCCsGAQUFBzAChkFodHRw 22 | Oi8vcm9vdHdlYi5tYW5hZ2VkLmVudHJ1c3QuY29tL0FJQS9DZXJ0c0lzc3VlZFRv 23 | RU1TUm9vdENBLnA3YzBDBggrBgEFBQcwAYY3aHR0cDovL29jc3AubWFuYWdlZC5l 24 | bnRydXN0LmNvbS9PQ1NQL0VNU1Jvb3RDQVJlc3BvbmRlcjCB0wYDVR0fBIHLMIHI 25 | MDygOqA4hjZodHRwOi8vcm9vdHdlYi5tYW5hZ2VkLmVudHJ1c3QuY29tL0NSTHMv 26 | RU1TUm9vdENBMy5jcmwwgYeggYSggYGkfzB9MQswCQYDVQQGEwJVUzEQMA4GA1UE 27 | ChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEp 28 | MCcGA1UECxMgRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFJvb3QgQ0ExDTALBgNV 29 | BAMTBENSTDEwHwYDVR0jBBgwFoAUSVSRTGlEO8T4Aiz0+C0zVol1mBAwHQYDVR0O 30 | BBYEFC/snmYKZ2XzI3NEsSn8O66QF6zDMA0GCSqGSIb3DQEBCwUAA4IBAQAWOIzV 31 | wkvcJT1MXp8yyfCd1QH88EaPY1IgIt294cycHmeptFuTQKNoERl3RFdWEA3v53HO 32 | PNIlA+NiDvwReWuKBqWxfaa/wB8CtEVFro4ErA3GHPbCw8BkHZudaI9JxhfhuoZj 33 | KiuOE0C0cxn+vggZt+hwFQKNIXuOn3KJ8fnQBehmYc/ACfOHinZRDdDbAvBnKBEQ 34 | kuWsVs++VoD7Z+PXWza+2UbSDOiKmMpkfgR7Ik/74JCHLtT6YBqtv+MKXg55beYx 35 | 8t50d1jl4sRKGrYpN2lpYvSWdOMy1jT5JtfFf39wTDnRm3uVxdQ9NQigMbnPdYrg 36 | ZKe4WuzZfXmt3Ojq 37 | -----END CERTIFICATE----- 38 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=HHS, OU=Certification Authorities, CN=HHS-FPKI-Intermediate-CA-E1.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=HHS/OU=Certification Authorities/CN=HHS-FPKI-Intermediate-CA-E1 2 | Issuer: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA 3 | -----BEGIN CERTIFICATE----- 4 | MIIF3TCCBMWgAwIBAgIERICakDANBgkqhkiG9w0BAQsFADBuMQswCQYDVQQGEwJV 5 | UzEQMA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo 6 | b3JpdGllczEpMCcGA1UECxMgRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIFJvb3Qg 7 | Q0EwHhcNMTYxMjIwMTU0MDM5WhcNMjUwNzIwMTYxMDM5WjB/MQswCQYDVQQGEwJV 8 | UzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNISFMxIjAgBgNV 9 | BAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxJDAiBgNVBAMTG0hIUy1GUEtJ 10 | LUludGVybWVkaWF0ZS1DQS1FMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC 11 | ggEBANUTiaPt9i5DkqkpL0sdJTIK454vm+GrLVjF3fGRfmh2a/bvkWcO3PFhj3xM 12 | +uZO9vmIMD7ej6bj+u1p16YsMVFjA6OFHUcEwZA3q11ALAdvgnCdXR/MbW7qfqLd 13 | qpHKYcEi3bU+ZP7c1SW2Wr7F8Y6XBHSnAcugp/D5ohxHf8zoVkQOzRUnhoho8kVs 14 | BuKb5UH2g1jVoANfJK5zsyVPhwZ4YMREaFGRLmSkAuZX1p4LO/K5FpwrVDMuWFuY 15 | /mZgrd2cfGzMRPpRSlcNrKxDxMRzryeAkh/VfrAcJXx0QpttNQcvsu8kbvbUhQ3j 16 | 1HWXmk7Xi7E6KXSpu6AQfIMt6KMCAwEAAaOCAnAwggJsMA4GA1UdDwEB/wQEAwIB 17 | BjCBiAYDVR0gBIGAMH4wDAYKYIZIAWUDAgEDBjAMBgpghkgBZQMCAQMHMAwGCmCG 18 | SAFlAwIBAwgwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMAwGCmCGSAFlAwIB 19 | AyQwDAYKYIZIAWUDAgEDJzAMBgpghkgBZQMCAQMoMAwGCmCGSAFlAwIBAykwEgYD 20 | VR0TAQH/BAgwBgEB/wIBADCBpAYIKwYBBQUHAQEEgZcwgZQwTQYIKwYBBQUHMAKG 21 | QWh0dHA6Ly9yb290d2ViLm1hbmFnZWQuZW50cnVzdC5jb20vQUlBL0NlcnRzSXNz 22 | dWVkVG9FTVNSb290Q0EucDdjMEMGCCsGAQUFBzABhjdodHRwOi8vb2NzcC5tYW5h 23 | Z2VkLmVudHJ1c3QuY29tL09DU1AvRU1TUm9vdENBUmVzcG9uZGVyMIHTBgNVHR8E 24 | gcswgcgwPKA6oDiGNmh0dHA6Ly9yb290d2ViLm1hbmFnZWQuZW50cnVzdC5jb20v 25 | Q1JMcy9FTVNSb290Q0EyLmNybDCBh6CBhKCBgaR/MH0xCzAJBgNVBAYTAlVTMRAw 26 | DgYDVQQKEwdFbnRydXN0MSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 27 | aWVzMSkwJwYDVQQLEyBFbnRydXN0IE1hbmFnZWQgU2VydmljZXMgUm9vdCBDQTEN 28 | MAsGA1UEAxMEQ1JMMTAfBgNVHSMEGDAWgBSpU75khINLXSbGJz4u0YRoVTzQdTAd 29 | BgNVHQ4EFgQU5YkZ5PmivOhNoSlUFlGBx9XCjpwwDQYJKoZIhvcNAQELBQADggEB 30 | AHOvI+mso3jpVtWy7du4PrOKafFrN+Sso0+OV95oY020re6lkYRaeJNh9VI4WkhP 31 | l6rxzRBaHRvUYMc52panW0hbIJVAJOITFManONQCn+dTrC0Uqlfg918Sppn+eGVS 32 | xf347ki/qVU+O8NQT60Ca+yhGdoTdZJjojcqveotM5elr2XfKFcBvWCy5xDNCq9h 33 | HgIrSvczbbSd61Wyqk5ONkjh7/0zXHODEPKR9RFOwow2wAdFiYOwM1Izev5+6KIl 34 | hzgjo2I20ur6JAxtSKj7pCAfezkmI5wa87POpTdJ70NyaUsOWyLYQvcMFvZH1T32 35 | l3KT7bz99s3axmTkRZsnDKA= 36 | -----END CERTIFICATE----- 37 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=NASA, OU=Certification Authorities, OU=NASA Operational CA 1749826492.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=NASA/OU=Certification Authorities/OU=NASA Operational CA 2 | Issuer: /C=US/O=U.S. Government/OU=Department of the Treasury/OU=Certification Authorities/OU=US Treasury Root CA 3 | -----BEGIN CERTIFICATE----- 4 | MIIF+zCCBOOgAwIBAgIETjmBFjANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC 5 | VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu 6 | dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y 7 | aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTUwNjEzMTQy 8 | NDUyWhcNMjUwNjEzMTQ1NDUyWjB4MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5T 9 | LiBHb3Zlcm5tZW50MQ0wCwYDVQQLEwROQVNBMSIwIAYDVQQLExlDZXJ0aWZpY2F0 10 | aW9uIEF1dGhvcml0aWVzMRwwGgYDVQQLExNOQVNBIE9wZXJhdGlvbmFsIENBMIIB 11 | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZTcDafMMC1SBZaI4/9mXX9B 12 | JOh+o+M34EIuWkB7UW4jN/6qo/1qp2dYOjg3ZJbrxv25X5K2fLbEpq/JWIOQkTL4 13 | GfJZxs11y8nGXCq+5inMAgFgT8FdFLq7yIBNHjBz+DmW0fH+viUd0skZNlWHo4oF 14 | cjm5l+5LkhRMJS5vFAIwIyosu50+k2yWrQszzuq90c8AL3HwYS9bpThGXKUOcP/i 15 | 6y2aAVTpT6L9xDOi1FYp+QdufmTLkB6mPAZu3/wYQ6k/92udp5jplVmZqAZ3fVsc 16 | iv/gyG7cagq/DaP+Lov/edblrDtu+Fa2MyviJEGzIN4vXigTiQ1tq5JSislY2QID 17 | AQABo4ICdDCCAnAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZcG 18 | A1UdIASBjzCBjDAMBgpghkgBZQMCAQMGMAwGCmCGSAFlAwIBAwcwDAYKYIZIAWUD 19 | AgEDCDAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIBAxAwDAYKYIZIAWUDAgEDETAM 20 | BgpghkgBZQMCAQMkMAwGCmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDKDAMBgpghkgB 21 | ZQMCAQMpMEAGCCsGAQUFBwEBBDQwMjAwBggrBgEFBQcwAoYkaHR0cDovL3BraS50 22 | cmVhc3VyeS5nb3Yvbm9jYV9haWEucDdjMEAGCCsGAQUFBwELBDQwMjAwBggrBgEF 23 | BQcwBYYkaHR0cDovL3BraS50cmVhc3VyeS5nb3Yvbm9jYV9zaWEucDdjMIHuBgNV 24 | HR8EgeYwgeMwNaAzoDGGL2h0dHA6Ly9wa2kudHJlYXN1cnkuZ292L1VTX1RyZWFz 25 | dXJ5X1Jvb3RfQ0EuY3JsMIGpoIGmoIGjpIGgMIGdMQswCQYDVQQGEwJVUzEYMBYG 26 | A1UEChMPVS5TLiBHb3Zlcm5tZW50MSMwIQYDVQQLExpEZXBhcnRtZW50IG9mIHRo 27 | ZSBUcmVhc3VyeTEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEc 28 | MBoGA1UECxMTVVMgVHJlYXN1cnkgUm9vdCBDQTENMAsGA1UEAxMEQ1JMMTAfBgNV 29 | HSMEGDAWgBRohBVIjFRwfy0SWA7sHHjvPC5ZZDAdBgNVHQ4EFgQUhT935NJ6UelW 30 | To1NxJ3IXtXYRHUwDQYJKoZIhvcNAQELBQADggEBAHNuwl7BwfIjgu5Oyd6Ed8eL 31 | xPHej2qWT4SVr8M5N0mxa9tW7N+bEccctkSa0s0svL5WgXBL8pDakoOXWxbI7aBJ 32 | fSG3+Af7nRE10U1hMBlhxqd+GlQHiIgjJeIXN20WwuRfUwFR7ze45rGmqOzF2GEi 33 | CIA/eeaTtQSiCs7OCqpf/Cx7ShP335XIk5Ft9Em+RXLBd7VVZpj7WOlfJARa3htw 34 | tpqtj/ZSwYEFZpecbWZjxvTVhmrAQv+9k1FO4zcpStYY+tD62eiRdEnHanN5MR3q 35 | E+zLhSow/xs6K5uTJCuVEiaalM+HBDJ10UDjwKGMlUX1H6bI1iEnk/dYbc6Pvv8= 36 | -----END CERTIFICATE----- 37 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=U.S. Department of Education, CN=U.S. Department of Education Agency CA - G5.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=U.S. Department of Education/CN=U.S. Department of Education Agency CA - G5 2 | Issuer: /C=US/O=DigiCert, Inc./CN=DigiCert Federal SSP Intermediate CA - G5 3 | -----BEGIN CERTIFICATE----- 4 | MIIFDzCCA/egAwIBAgIQXCO5im/19UOydo9tGVVsTDANBgkqhkiG9w0BAQsFADBa 5 | MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xMjAwBgNVBAMT 6 | KURpZ2lDZXJ0IEZlZGVyYWwgU1NQIEludGVybWVkaWF0ZSBDQSAtIEc1MB4XDTIw 7 | MDYxMDAwMDAwMFoXDTI4MTIxMjIzNTk1OVowgYQxCzAJBgNVBAYTAlVTMRgwFgYD 8 | VQQKEw9VLlMuIEdvdmVybm1lbnQxJTAjBgNVBAsTHFUuUy4gRGVwYXJ0bWVudCBv 9 | ZiBFZHVjYXRpb24xNDAyBgNVBAMTK1UuUy4gRGVwYXJ0bWVudCBvZiBFZHVjYXRp 10 | b24gQWdlbmN5IENBIC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB 11 | AQCljfI5fPPVEm/G9KffjAI8SuBF/qIdcVpWCc73Cn3Cbva4zOmdWqq04vbaKjGu 12 | Z13iLdavFQWUMQI5dobup4NJPhs7sxl8IFIbskezIFDVCrnoOEHtb9hFyhrcPnHf 13 | fri7sEJS7lzHeMNSe+caXQmN5dBe0WmZh9T7EZnTnDih7uS89cu9OgXbJXxivLC/ 14 | vjIgmUgMSttE+ucI1nWK2AQ1AVzF16a642/BzBQRxmX8YSkqEu8ut2FIILm6Z6Fn 15 | pxRg2bsbaMSUnO117AOjasaFtFSbAYJI3WVuWvP8A2SHJnwi/neSrtMzwbUwoVLv 16 | ZdiTKFehyKHKK6T0d+lkObQBAgMBAAGjggGkMIIBoDASBgNVHRMBAf8ECDAGAQH/ 17 | AgEAMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9zc3AtY3JsLmRpZ2ljZXJ0LmNv 18 | bS9TU1AvU1NQRzUuY3JsMA4GA1UdDwEB/wQEAwIBBjCBgQYIKwYBBQUHAQEEdTBz 19 | MCgGCCsGAQUFBzABhhxodHRwOi8vc3NwLW9jc3AuZGlnaWNlcnQuY29tMEcGCCsG 20 | AQUFBzAChjtodHRwOi8vc3NwLWFpYS5kaWdpY2VydC5jb20vU1NQL0NlcnRzX2lz 21 | c3VlZF90b19TU1BDQUc1LnA3YzBPBgNVHSAESDBGMAwGCmCGSAFlAwIBAwYwDAYK 22 | YIZIAWUDAgEDBzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIBAxAwDAYKYIZIAWUD 23 | AgEDETApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRRGlnaUNlcnRQS0ktMy0xOTcw 24 | HQYDVR0OBBYEFLROv2elEvcQhHP+N4cyxre5HEg8MB8GA1UdIwQYMBaAFFcZ5djW 25 | rN544kL15EW02TmTC73aMA0GCSqGSIb3DQEBCwUAA4IBAQAh7CKxauhGR/N9UVR/ 26 | m7dGbSox85EunMgw7XtGeIbxJrT6KTiaY35/Tyj7zyh3qvFVkN8qoLL5hlmewWAp 27 | US3bJgyiTVQDO3m+DLYmWkL2vxOx9xhxzybnpm9xOLQcV9HoHMnUD6JoWm4CTsaN 28 | DjHr2Ku0PkvjBaDKkEAgCJMJW768KAzIZec8xmFWtLhzxu7mEyVvIViuXwcDQh3U 29 | vNh8qYtBz7Rm2ithiW9aDsR2Yc9YK874/0tGwlxyumHzVac/4t4lKXho0ndmHQi4 30 | 5zxQS0reIK0x4fGvpbWT/i+MNQu2SyJGqeG/UuPtAi8Yv62ee/FrQWyh0NK4GNrt 31 | Lgue 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=U.S. Department of Transportation, CN=U.S. Department of Transportation Agency CA G5 01.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=U.S. Department of Transportation/CN=U.S. Department of Transportation Agency CA G5 2 | Issuer: /C=US/O=DigiCert, Inc./CN=DigiCert Federal SSP Intermediate CA - G5 3 | -----BEGIN CERTIFICATE----- 4 | MIIFFzCCA/+gAwIBAgIQDtgcMD6jVmeH+so2iZqTGjANBgkqhkiG9w0BAQsFADBa 5 | MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xMjAwBgNVBAMT 6 | KURpZ2lDZXJ0IEZlZGVyYWwgU1NQIEludGVybWVkaWF0ZSBDQSAtIEc1MB4XDTE5 7 | MDMwNTAwMDAwMFoXDTI4MTIxMjIzNTk1OVowgYwxCzAJBgNVBAYTAlVTMRgwFgYD 8 | VQQKEw9VLlMuIEdvdmVybm1lbnQxKjAoBgNVBAsTIVUuUy4gRGVwYXJ0bWVudCBv 9 | ZiBUcmFuc3BvcnRhdGlvbjE3MDUGA1UEAxMuVS5TLiBEZXBhcnRtZW50IG9mIFRy 10 | YW5zcG9ydGF0aW9uIEFnZW5jeSBDQSBHNTCCASIwDQYJKoZIhvcNAQEBBQADggEP 11 | ADCCAQoCggEBAO+1/qhh/4IGfmt2IK0laAbS09YJ3WN1G7iXsCnSfSve/a+opa9i 12 | 9uqS6ujkogcbYuZbri5sTq2/oxSJSVm287uup+5QcChaf7Ry1qk26eHfaqgq040b 13 | 1Nawe3EaA5+h1HFupJtojs+eR23Ey8QjDi9LUVHuiXhZgNxOvBm3vJy12xxHpF2S 14 | IatWEqYkbycUJbt0pBlqHf6wb4z23JyuQkXrJszeTSZJw9kAYin3emrUYn07taBx 15 | SuGyvfpEmWxmHDLwp2HAnVW1OL3RCobHx0pzjmiKdBoO8icHQO1hchEe94JEKE9q 16 | JdXqqmhA2rnDxsUZ7i/GxvqJrWPYKGUJ4VkCAwEAAaOCAaQwggGgMIGBBggrBgEF 17 | BQcBAQR1MHMwKAYIKwYBBQUHMAGGHGh0dHA6Ly9zc3Atb2NzcC5kaWdpY2VydC5j 18 | b20wRwYIKwYBBQUHMAKGO2h0dHA6Ly9zc3AtYWlhLmRpZ2ljZXJ0LmNvbS9TU1Av 19 | Q2VydHNfaXNzdWVkX3RvX1NTUENBRzUucDdjMBIGA1UdEwEB/wQIMAYBAf8CAQAw 20 | TwYDVR0gBEgwRjAMBgpghkgBZQMCAQMGMAwGCmCGSAFlAwIBAwcwDAYKYIZIAWUD 21 | AgEDDTAMBgpghkgBZQMCAQMQMAwGCmCGSAFlAwIBAxEwOgYDVR0fBDMwMTAvoC2g 22 | K4YpaHR0cDovL3NzcC1jcmwuZGlnaWNlcnQuY29tL1NTUC9TU1BHNS5jcmwwDgYD 23 | VR0PAQH/BAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BL 24 | SS0yLTk3MzAdBgNVHQ4EFgQUomk/NRjtniHAEwmA9BAMBIYMVugwHwYDVR0jBBgw 25 | FoAUVxnl2Nas3njiQvXkRbTZOZMLvdowDQYJKoZIhvcNAQELBQADggEBAJdqmzsb 26 | Xqc14Ny+ExFKx8O120Sbu0g5VeNg2VtxY+mTAtpBGQpb9/TfaWbLfM/mY1f0/eEz 27 | pdP4sYNtoVQI6P15brWAU5SzzSm9Q5IRKjq0LKWdOXdQwPgxHSS+w6zFXpklL+kt 28 | e0G9pEuooWFDbaIaZswN5ZTfTky/dsReZIFqo1K0P6s0vEtsMbs3T7Ue02xju1dp 29 | KfvGwFIOkhyMIhO8wWsIC77yrqRDzE385kFkq/iQbo0Ve/yMROOXZ+JNGz6V9vQs 30 | YtjOG7MO/PiEmRI+cuAaWf5WRnIYO8NGp+8YnojQ4J9eNSVPKvJB+Ti3ct5xC7IN 31 | 61s8NLnZfWgZmRA= 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=U.S. Department of Transportation, CN=U.S. Department of Transportation Agency CA G5 02.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=U.S. Department of Transportation/CN=U.S. Department of Transportation Device CA G5 2 | Issuer: /C=US/O=DigiCert, Inc./CN=DigiCert Federal SSP Intermediate CA - G5 3 | -----BEGIN CERTIFICATE----- 4 | MIIE+zCCA+OgAwIBAgIQEz+pzGg3DF2iptIExQNFXDANBgkqhkiG9w0BAQsFADBa 5 | MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xMjAwBgNVBAMT 6 | KURpZ2lDZXJ0IEZlZGVyYWwgU1NQIEludGVybWVkaWF0ZSBDQSAtIEc1MB4XDTE5 7 | MDMwNTAwMDAwMFoXDTI4MTIxMjIzNTk1OVowgYwxCzAJBgNVBAYTAlVTMRgwFgYD 8 | VQQKEw9VLlMuIEdvdmVybm1lbnQxKjAoBgNVBAsTIVUuUy4gRGVwYXJ0bWVudCBv 9 | ZiBUcmFuc3BvcnRhdGlvbjE3MDUGA1UEAxMuVS5TLiBEZXBhcnRtZW50IG9mIFRy 10 | YW5zcG9ydGF0aW9uIERldmljZSBDQSBHNTCCASIwDQYJKoZIhvcNAQEBBQADggEP 11 | ADCCAQoCggEBANhMV5u2pdtGZlel03uvuy/OapCd8NIBynsgl5lL2djyKNQmDmee 12 | XC/lIBHGuvYPV2Kkz6CStJsxxe45/WKwdKlwW1ob1HocQhiEWvYopEjrKx31lJXj 13 | DUFeAer/E7OZG/cgukjtr1lpziLUbozKRObVcIH0e4vTwvJ9fgf/3litfYmpW34k 14 | CHRqMTMaOQm/rdhdRoEDNf+2O60e0qWYv3PrvHuHVzGwVeaZWq9iREyA/3XJqsqd 15 | Y+T6mFrEAi3YLSX8pkJQ5jE5Be9hUEQopUmvb6FM/HixSEtVjDQwruSayTus1vbh 16 | eK2d5tBSxioLmYy1g01H1h5ej15FYKeG9aECAwEAAaOCAYgwggGEMBIGA1UdEwEB 17 | /wQIMAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL3NzcC1jcmwuZGln 18 | aWNlcnQuY29tL1NTUC9TU1BHNS5jcmwwDgYDVR0PAQH/BAQDAgEGMIGBBggrBgEF 19 | BQcBAQR1MHMwKAYIKwYBBQUHMAGGHGh0dHA6Ly9zc3Atb2NzcC5kaWdpY2VydC5j 20 | b20wRwYIKwYBBQUHMAKGO2h0dHA6Ly9zc3AtYWlhLmRpZ2ljZXJ0LmNvbS9TU1Av 21 | Q2VydHNfaXNzdWVkX3RvX1NTUENBRzUucDdjMDMGA1UdIAQsMCowDAYKYIZIAWUD 22 | AgEDCDAMBgpghkgBZQMCAQMkMAwGCmCGSAFlAwIBAycwKQYDVR0RBCIwIKQeMBwx 23 | GjAYBgNVBAMTEVN5bWFudGVjUEtJLTItOTc0MB0GA1UdDgQWBBRfOuuU5fBCv2lV 24 | SbJWjqPVkVeFTDAfBgNVHSMEGDAWgBRXGeXY1qzeeOJC9eRFtNk5kwu92jANBgkq 25 | hkiG9w0BAQsFAAOCAQEAfrnXGcgYxl7VemVU8ya/EkURopSWjKkjcW1qMOYJxr15 26 | TMuU542bJpeJh+WBbpxVmwduTnAbY8kf4uD5+BmJ4hVVbb5Jx0g2/OhEf0LtDnh3 27 | vjIhvqz2pet9zmqY/Y0kUIYnVLmiu1CGcWbkiB36lG2L+mSyoEbwWPEK6mRmDe5w 28 | yqJVE2ARGkQ0+tttWw26qZBoxrYMGBg1hZT91kxtZROv2ydRFHCYAnmM1UYBk2e7 29 | d21FsyaCLNl6MNf/++xRxWYNLwFmXlwoN4gkHQjpRp0PbD7QqpHFU+2mhw94PF0l 30 | h68AVBadbahnltM3TvbEbra5RQv5tZ4+n5g5ZXrfIw== 31 | -----END CERTIFICATE----- 32 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=U.S. Nuclear Regulatory Commission, CN=NRC SSP Agency CA G4.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=U.S. Nuclear Regulatory Commission/CN=NRC SSP Agency CA G4 2 | Issuer: /C=US/O=DigiCert, Inc./CN=DigiCert Federal SSP Intermediate CA - G5 3 | -----BEGIN CERTIFICATE----- 4 | MIIE/TCCA+WgAwIBAgIQOpBcZUeRsmVR47cHfyeqMzANBgkqhkiG9w0BAQsFADBa 5 | MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xMjAwBgNVBAMT 6 | KURpZ2lDZXJ0IEZlZGVyYWwgU1NQIEludGVybWVkaWF0ZSBDQSAtIEc1MB4XDTE4 7 | MTIxODAwMDAwMFoXDTI4MTIxMjIzNTk1OVowczELMAkGA1UEBhMCVVMxGDAWBgNV 8 | BAoTD1UuUy4gR292ZXJubWVudDErMCkGA1UECxMiVS5TLiBOdWNsZWFyIFJlZ3Vs 9 | YXRvcnkgQ29tbWlzc2lvbjEdMBsGA1UEAxMUTlJDIFNTUCBBZ2VuY3kgQ0EgRzQw 10 | ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVb1R+oKzYzhHKmyC8mBea 11 | QK2KS45Lx21eYbY95WRreinstTc9uTtxg3fMRkHcUvr7D91gCwnjiQwbFcfqgYIV 12 | +LrkUIpm7MNOKiBl0+uBiMayevVravP7QQgJ1EZrWebru+QtF1B1AO/10BvGufbm 13 | a2YfpvUkfoCPgV6Zg7xH/7y1cXzXUjQ//AFnlyhx0NSDAQM3B5YBguP3DddmtgK+ 14 | UAGljzRDXjagbzHJoxnsHXM3j7JPq3Mdqx3fQjzioWarM2xzls/sUpN4V387UEwF 15 | tIE9EmuzeaDqfhLLjX1EVdveGqFVychl0MA+J0VDPMgylu/1Vr10ybykWFTJAnjl 16 | AgMBAAGjggGkMIIBoDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIB 17 | BjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMi04NTMwHQYD 18 | VR0OBBYEFEnawzMLxw99SKO3HwiWN4mEzP6qME8GA1UdIARIMEYwDAYKYIZIAWUD 19 | AgEDBjAMBgpghkgBZQMCAQMHMAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgEDEDAM 20 | BgpghkgBZQMCAQMRMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9zc3AtY3JsLmRp 21 | Z2ljZXJ0LmNvbS9TU1AvU1NQRzUuY3JsMIGBBggrBgEFBQcBAQR1MHMwKAYIKwYB 22 | BQUHMAGGHGh0dHA6Ly9zc3Atb2NzcC5kaWdpY2VydC5jb20wRwYIKwYBBQUHMAKG 23 | O2h0dHA6Ly9zc3AtYWlhLmRpZ2ljZXJ0LmNvbS9TU1AvQ2VydHNfaXNzdWVkX3Rv 24 | X1NTUENBRzUucDdjMB8GA1UdIwQYMBaAFFcZ5djWrN544kL15EW02TmTC73aMA0G 25 | CSqGSIb3DQEBCwUAA4IBAQCYrU0M5JWn8TtB+N5riM31yYBBMhPS4mjh6VTd0rWC 26 | VPtnGUVsLVdMm8YNNOXb0Mv22BI/AUt+sjHpRaMLVdZA6SE/nSYGhrpmEyBjwI7M 27 | v0EQX1D6V6K7A3bZOnKV30wBDyTc3RsFOXSR/UlwAf2IPl76AS2GPnKtKy1DEHWe 28 | wuN0n78UQd4Ex/1myTqFKcUdgDRZM2T+lqJpAcH7V79KrTDxPRNK+nWiRIH645N/ 29 | d1gkSnLOrahxR5pJwHiFZzgqWGCO/1LDBpkinyqe9jO/C3mFr8Q+8wPBS6v2SJ1E 30 | OhsiTT1Ew4xk3vwuOWWji0R7c+0v9q8Qm49URyMdqMXs 31 | -----END CERTIFICATE----- 32 | -------------------------------------------------------------------------------- /config/certs/C=US, O=U.S. Government, OU=U.S. Senate, OU=Office of the Sergeant at Arms, CN=Senate PIV-I CA G5 PROD.pem: -------------------------------------------------------------------------------- 1 | Subject: /C=US/O=U.S. Government/OU=U.S. Senate/OU=Office of the Sergeant at Arms/CN=Senate PIV-I CA G5 PROD 2 | Issuer: /C=US/O=DigiCert, Inc./CN=DigiCert Class 3 SSP Intermediate CA - G4 3 | -----BEGIN CERTIFICATE----- 4 | MIIFWDCCBECgAwIBAgIQLuxhHyKUT51GKlqLvuBkhTANBgkqhkiG9w0BAQsFADBa 5 | MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xMjAwBgNVBAMT 6 | KURpZ2lDZXJ0IENsYXNzIDMgU1NQIEludGVybWVkaWF0ZSBDQSAtIEc0MB4XDTIx 7 | MDMyNTAwMDAwMFoXDTMwMDgxODIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRgwFgYD 8 | VQQKEw9VLlMuIEdvdmVybm1lbnQxFDASBgNVBAsTC1UuUy4gU2VuYXRlMScwJQYD 9 | VQQLEx5PZmZpY2Ugb2YgdGhlIFNlcmdlYW50IGF0IEFybXMxIDAeBgNVBAMTF1Nl 10 | bmF0ZSBQSVYtSSBDQSBHNSBQUk9EMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB 11 | CgKCAQEAwe9tGKEuahN9uvv6Rhg8Xn2+dxSHydgt26pyG04VTjc/bAmjWTjdVKM2 12 | 1wNCV9Zts/dsw11lK0PGZcR22noFXdu6QOVuOfIFJf901w6uqd8jfH3izDT+bZb5 13 | eH2uxKqRNJoC00lo/mVI+xVvphU/lJ5OI/SyHe0cHN5/rrOhU78Hgu1YaX/ryzJ7 14 | cvlKhDDiT9FHY5QkTdu4ChUmhuTXP8EVjiFvjktimIu2mEhkscx44jh48QCV8aez 15 | GByZLz2zTSb4jnfTACtVYh4lE2LFJGZGHWzAT/02VOeA6LtNzJJk+roj75X0ZTs0 16 | PL6TZnzmi50RZXFB0q5aRRcniZOkCQIDAQABo4IB6TCCAeUwDgYDVR0PAQH/BAQD 17 | AgEGMIGKBggrBgEFBQcBAQR+MHwwKAYIKwYBBQUHMAGGHGh0dHA6Ly9zc3Atb2Nz 18 | cC5kaWdpY2VydC5jb20wUAYIKwYBBQUHMAKGRGh0dHA6Ly9zc3AtYWlhLmRpZ2lj 19 | ZXJ0LmNvbS9ORlNTUC9DZXJ0c19pc3N1ZWRfdG9fQ2xhc3MzU1NQQ0EtRzQucDdj 20 | MBIGA1UdEwEB/wQIMAYBAf8CAQAwgYAGA1UdIAR5MHcwDwYNYIZIAYb4RQEHFwMB 21 | BjAPBg1ghkgBhvhFAQcXAwEHMA8GDWCGSAGG+EUBBxcDAQ0wDwYNYIZIAYb4RQEH 22 | FwMBDjAPBg1ghkgBhvhFAQcXAwEPMA8GDWCGSAGG+EUBBxcDAREwDwYNYIZIAYb4 23 | RQEHFwMBEjBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vc3NwLWNybC5kaWdpY2Vy 24 | dC5jb20vTkZTU1AvQ2xhc3MzU1NQQ0FHNC5jcmwwKQYDVR0RBCIwIKQeMBwxGjAY 25 | BgNVBAMTEURpZ2lDZXJ0UEtJLTMtMzA2MB0GA1UdDgQWBBQu+8CMq19X4Inw6v6n 26 | ZD0UkCfwxjAfBgNVHSMEGDAWgBS17S6WBEupGPT0vRLxY4WEl18+WjANBgkqhkiG 27 | 9w0BAQsFAAOCAQEApHY/RzsEy70Rpfuy255NIfTtOMzOCY59gi9dXOfKZPboeFAd 28 | PupD8cCN9ZxEa9XGm2wxay6kyJhxFztsPXxqkmj/qk3VcRMbkWAnmmWxbNRalhFs 29 | LKMnqN0Yk/oSaQhX1CWODKpK3iZ1Oyoda9CwFroeKR87xcCHZ8hxvPLw1TMle1zO 30 | Tlyy7D2vD4jtU5pzzLIcZfjdL9xydeb00ElrEcEUG3dsS9YBod8hfIz84s7UffaL 31 | 6Igr+uBfalHjzhjOdBtVitlpSW2gkj535BjwMO5yGtfz2j8za4+pHPhSsp6EErWz 32 | UH9cx4yPX6UoeQn16s8X2RNER/JZ5t+otYRevg== 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /config/certs/DC=com, DC=evincible, CN=Exostar Federated Identity Service Signing CA 4.pem: -------------------------------------------------------------------------------- 1 | Subject: /DC=com/DC=evincible/CN=Exostar Federated Identity Service Signing CA 4 2 | Issuer: /C=US/O=Exostar LLC/OU=Certification Authorities/CN=Exostar Federated Identity Service Root CA 2 3 | -----BEGIN CERTIFICATE----- 4 | MIIEsjCCA5qgAwIBAgITLgAAAAcMR+03drNfwAAAAAAABzANBgkqhkiG9w0BAQsF 5 | ADB+MQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRXhvc3RhciBMTEMxIjAgBgNVBAsT 6 | GUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxNTAzBgNVBAMTLEV4b3N0YXIgRmVk 7 | ZXJhdGVkIElkZW50aXR5IFNlcnZpY2UgUm9vdCBDQSAyMB4XDTIwMDkzMDIyNDgw 8 | MFoXDTMwMDEyNTE1MzAxOVowajETMBEGCgmSJomT8ixkARkWA2NvbTEZMBcGCgmS 9 | JomT8ixkARkWCWV2aW5jaWJsZTE4MDYGA1UEAxMvRXhvc3RhciBGZWRlcmF0ZWQg 10 | SWRlbnRpdHkgU2VydmljZSBTaWduaW5nIENBIDQwggEiMA0GCSqGSIb3DQEBAQUA 11 | A4IBDwAwggEKAoIBAQDbV1wmr9NQ9P4trqDaeGdKJ9YpQo3xbapZVBLpEm5vpvNx 12 | 5vPQ5aWvSiGjNjuH1DaE2qc26gWNzKeB655LZzkvMMYkC34WzaU9nxjGrXcZ8yJL 13 | tLe+OLwfUUPNLJ1DmDd8JK3xmxQ6mpN+mn8Jocx5r2WroGKyRmiF0sVpt29Oasal 14 | jbR1j88Z3790SdN1aC5Z0vcjuN9JqsR2eP1PMMTKh46oovB963lxUARQsDtOdl2r 15 | YEkEZGzH/Ek2tInNrBGFzCuqlTWXOC9QOOzeyr1NZcQS1G6xZ9tlG1VO4kjXHIdO 16 | K/mYJzgqME4ysYL4Yv38as4YUD3wYMKeASIolLEfAgMBAAGjggE7MIIBNzAdBgNV 17 | HQ4EFgQUWdsPgjHthIwQjkfYjdWO7cr7MQowDgYDVR0PAQH/BAQDAgHGMBIGA1Ud 18 | EwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAUVAsRsB35V8+wei1SUvOzp4xS9Kww 19 | QgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL3d3dy5maXMuZXZpbmNpYmxlLmNvbS9m 20 | aXMvcHVibGljL0VSQ0EyLmNybDBVBggrBgEFBQcBAQRJMEcwRQYIKwYBBQUHMAKG 21 | OWh0dHA6Ly93d3cuZmlzLmV2aW5jaWJsZS5jb20vZmlzL3B1YmxpYy9pc3N1ZWR0 22 | b0VSQ0EyLnA3YzA2BgNVHSAELzAtMA0GCysGAQQB7HwBAQEIMA0GCysGAQQB7HwB 23 | AQEFMA0GCysGAQQB7HwBAQEGMA0GCSqGSIb3DQEBCwUAA4IBAQDHOPT3cP6+5x8d 24 | CFoXasJZmPG5gEIErPAeREevfYdB4D5962SkJxMw8HwHc5cSEVpMh2xuD50CIri5 25 | IPRo/KO0nzrvwEYSPfD/1Dltktk8t4j94400At9UQaswUpKQDB36gErt9J6rc2MQ 26 | xTa/1LjkZb63F1pTrfb9NLc+JF4mcWGbmEykZEE9Df1AlJ39xyuozDiPlRX82BpC 27 | QJsLedwJWQakIOrFd9gGPleRQwZ6CamwTuBF0fLaQA8I+2IoXtSKDaCqUJtIfTFd 28 | HHrwPDBTvffUkdsOl2YtENro6xocJJOgoUdO/S/AhlCh7iqiQeR+o6CsML+Ln+tw 29 | 5vrKcxnR 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /config/certs/DC=gov, DC=uspto, CN=Configuration, CN=Services, CN=Public Key Services, CN=AIA, CN=USPTO_INTR_CA1.pem: -------------------------------------------------------------------------------- 1 | Subject: /DC=gov/DC=uspto/CN=Configuration/CN=Services/CN=Public Key Services/CN=AIA/CN=USPTO_INTR_CA1 2 | Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Bridge CA G4 3 | -----BEGIN CERTIFICATE----- 4 | MIIGfzCCBWegAwIBAgIUFiqKjd+3n6NGCnqSdlkm+xCP1qowDQYJKoZIhvcNAQEM 5 | BQAwVTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG 6 | A1UECxMERlBLSTEdMBsGA1UEAxMURmVkZXJhbCBCcmlkZ2UgQ0EgRzQwHhcNMjMx 7 | MDE5MTUwMTQxWhcNMjYxMDE5MTUwMTQxWjCBnDETMBEGCgmSJomT8ixkARkWA2dv 8 | djEVMBMGCgmSJomT8ixkARkWBXVzcHRvMRYwFAYDVQQDEw1Db25maWd1cmF0aW9u 9 | MREwDwYDVQQDEwhTZXJ2aWNlczEcMBoGA1UEAxMTUHVibGljIEtleSBTZXJ2aWNl 10 | czEMMAoGA1UEAxMDQUlBMRcwFQYDVQQDFA5VU1BUT19JTlRSX0NBMTCCAaIwDQYJ 11 | KoZIhvcNAQEBBQADggGPADCCAYoCggGBALIV5ysNyFuGKZ1nibEB3GTMR9VJxT0m 12 | llbta/4C2W2YuVFA7VLEndMIpbqR7U2i/zBxnhZsOk+efVLMxa1LMJHpllCOcRiz 13 | AxUyaGi8jAfpYeODH6jQQOVFRhw+Q5CEAIH9E5vcWRgxvvaUCf+GiIvshyGLwGZP 14 | 87BxA48b0WSlncZfKnGNUmEBsULKJO2Fi52FrfExNj7aZ4X/UThmu63LOLKlaBM1 15 | zbCyXKx3bbd5fpPLXfpXrzCLpnNGCAJD/hQBOKFw1hCc8zVPKUXJkAvF5qd2XOPZ 16 | GYxXf/flUQSztN0DWnf4D1H5nxbbQNwP601BsGIT+McBlTd+RuSegmOI1BCggs6N 17 | fNiG6RSw3Oe+8gnnRO+RrnU3bpTvrfC782itoO08RBAlSfttilQog2Z2xmMMBeDe 18 | +LLOpbELidWp6cxRoxC9wXdjJA0X37zEjA44MSgXmOwTBcPM1t3hnfvBHZlJt7Ob 19 | Mih0I5/Ibol6NxuaIPxzyLgQYhVB5w9OTwIDAQABo4ICfTCCAnkwHQYDVR0OBBYE 20 | FKAUsbpkTvP5Nxbb5UuRwYRVcoQuMB8GA1UdIwQYMBaAFHnwAEnrf3fCXUECZTSK 21 | kCObHgdvMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MIGIBgNVHSAE 22 | gYAwfjAMBgpghkgBZQMCAQMCMAwGCmCGSAFlAwIBAwMwDAYKYIZIAWUDAgEDDDAM 23 | BgpghkgBZQMCAQMlMAwGCmCGSAFlAwIBAyYwDAYKYIZIAWUDAgEDDTAMBgpghkgB 24 | ZQMCAQMRMAwGCmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDCDCBjQYDVR0hBIGFMIGC 25 | MBgGCmCGSAFlAwIBAwIGCmCGSAFlAwIBAgcwGAYKYIZIAWUDAgEDAwYKYIZIAWUD 26 | AgECCDAYBgpghkgBZQMCAQMMBgpghkgBZQMCAQIJMBgGCmCGSAFlAwIBAyUGCmCG 27 | SAFlAwIBAgswGAYKYIZIAWUDAgEDJgYKYIZIAWUDAgECDDBMBggrBgEFBQcBCwRA 28 | MD4wPAYIKwYBBQUHMAWGMGh0dHA6Ly9pcGtpLnVzcHRvLmdvdi9JUEtJL0NlcnRz 29 | L0lQS0lDQUNlcnRzLnA3YzASBgNVHSQBAf8ECDAGgAEAgQEAMA0GA1UdNgEB/wQD 30 | AgEAMFEGCCsGAQUFBwEBBEUwQzBBBggrBgEFBQcwAoY1aHR0cDovL3JlcG8uZnBr 31 | aS5nb3YvYnJpZGdlL2NhQ2VydHNJc3N1ZWRUb2ZiY2FnNC5wN2MwNwYDVR0fBDAw 32 | LjAsoCqgKIYmaHR0cDovL3JlcG8uZnBraS5nb3YvYnJpZGdlL2ZiY2FnNC5jcmww 33 | DQYJKoZIhvcNAQEMBQADggEBAC8L44DOJq2UPwN5Cmy0ucRGQ22JUQ2v//w+zBjA 34 | kj8LCepMfU5pJEfH4zkj0Ov+mdq42cvchzmezBW+edd7Hb3N2JFb2MzdlcL1kWFj 35 | Cz51p8iDZZ13dSOfJH5J8WEpxyGPIcMYYorXXxCCYD8+QmOV+88WcGSGZC+X0ZAU 36 | vPpPr3UyWrz6lhrzys4r5DoXEK6RyxDL2H5Em+VKY/ETZ49fy2uT7PPKC0svuwSf 37 | Pf9oq8vUjjCrnbPd3Z34sUQlKITEEx4vOUn4lTtXL3lNESMlI68KNezvsEiVDq3d 38 | xaOXXKwpvjU1auRkhLjO12DjMEJBqbjbaKRNO6Y5f0x9yqk= 39 | -----END CERTIFICATE----- 40 | -------------------------------------------------------------------------------- /config/certs/c=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA G2.pem: -------------------------------------------------------------------------------- 1 | subject=/C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA G2 2 | issuer=/C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA G2 3 | -----BEGIN CERTIFICATE----- 4 | MIIF3TCCA8WgAwIBAgIUIeW5oMyVbeJ4ygErqP3Fipiz++owDQYJKoZIhvcNAQEM 5 | BQAwXDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG 6 | A1UECxMERlBLSTEkMCIGA1UEAxMbRmVkZXJhbCBDb21tb24gUG9saWN5IENBIEcy 7 | MB4XDTIwMTAxNDEzMzUxMloXDTQwMTAxNDEzMzUxMlowXDELMAkGA1UEBhMCVVMx 8 | GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEkMCIGA1UE 9 | AxMbRmVkZXJhbCBDb21tb24gUG9saWN5IENBIEcyMIICIjANBgkqhkiG9w0BAQEF 10 | AAOCAg8AMIICCgKCAgEA19fTFzEmIRgQKkFty6+99sRRjCTYBYh7LloRpCZs4rgp 11 | Bk+/5P4aZYd5v01GYBfOKywGJyFh4xk33/Q4yACoOT1uZOloNq/qhhT0r92UogKf 12 | 77n5JgMhvg/bThVB3lxxahZQMM0YqUhg1rtaKRKsXm0AplhalNT6c3mA3YDSt4+7 13 | 5i105oE3JbsFjDY5DtGMYB9JIhxobtWTSnhL5E5HzO0GVI9UvhWAPVAhxm8oT4wx 14 | SOIjZ/MywXflfBrDktZu1PNsJkkYJpvFgDmSFuEPzivcOrytoPiPfgXMqY/P7zO4 15 | opLrh2EV5yA4XYEdoyA2dVD8jmm+Lk7zgRFah/84P2guxNtWpZAtQ9Nsag4w4Emt 16 | Rq82JLqZQlyrMbvLvhWFecEkyfDzwGkFRIOBn1IbUfKTtN5GWpndl8HCUPbR2i7h 17 | pV9CFfkXTgsLGTwMNV2xPz2xThrLDu0jrDG+3/k42jB7KH3SQse72yo6MyNF46uu 18 | mO7vORHlhOTVkWyxotBU327XZfq3BNupUDL6+R4dUG+pQADSstRJ60gePp0IAtQS 19 | HZYd1iRiXKpTLl0kofB2Y3LgAFNdYmaHrbrid0dlKIs9QioDwjm+wrDLAmuT4bjL 20 | ZePhc3qt8ubjhZN2Naz+4YP5+nfSPPClLiyM/UT2el7eY4l6OaqXMIRfJxNIHwcC 21 | AwEAAaOBljCBkzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV 22 | HQ4EFgQU9CdcqcN8R/T6pqewWZeq3TUmF+MwUQYIKwYBBQUHAQsERTBDMEEGCCsG 23 | AQUFBzAFhjVodHRwOi8vcmVwby5mcGtpLmdvdi9mY3BjYS9jYUNlcnRzSXNzdWVk 24 | QnlmY3BjYWcyLnA3YzANBgkqhkiG9w0BAQwFAAOCAgEAAWQ3MAzwzr3O1RSBkg06 25 | NCj7eIL7/I5fwTBLhpoMhE0XoaoPUie0gqRo3KO2MhuBtacjy55ihIY87hShGoKQ 26 | cbA1fh7e4Cly5QkOY+KbQsltkKzgod2zmPyC0bEOYD2LO141HyeDWdQ6dDXDz6dr 27 | 8ObntOfMzgdo7vodCMuKU8+ysTdxRxTCi6AVz3uqe5k+ObJYpC0aXHNMy1OnFgL6 28 | oxMeGMlSecU/QUAIf0ncDurYFSctFwXitTC0CrcLO9/AGHqTFSHzUrIlbrgd/aGO 29 | +E3o3QoU+ThCPPnu1K2KZLG4pyMqdBm4y7rVGPRikLmFhIv/b6b2CL8yiYL0+mJD 30 | crTVs0PYfALtQxMpSA8n053gajlPwhG3O5jcL8SzqlaGPmGqpnEi9aWAYHJXTzbj 31 | zGUAc2u8+Kw8Xv4JffhVWIxVKH4NS5PCtgXwxifgrmPi0/uU1w0crclEsSsya7FI 32 | BVRTURoSwwda25wIIWPIkQsQK1snJxgEyUzXi10MUDR0WSDqQAdhbOLcmcyhED5h 33 | phYQnf8sD8FpoUDjoLCPkU/ytfZoplmcBM4SQ4Ejgjyk63vMqBDcCMXTHciFTsV2 34 | e+aReLvIvU4YmaBQQl3vCFj1qMPIkRsTby1Ff8hRDQG3kH0vefcVtcicsdU8kV2M 35 | ee/xJ/c0cIHZWMw0HoRZPbo= 36 | -----END CERTIFICATE----- 37 | -------------------------------------------------------------------------------- /config/database.yml: -------------------------------------------------------------------------------- 1 | postgresql: &postgresql 2 | adapter: postgresql 3 | encoding: utf8 4 | database: identity_pki_<%= Rails.env %> 5 | port: 5432 6 | username: <%= ENV['DOCKER_DB_USER'] %> 7 | 8 | defaults: &defaults 9 | host: <%= ENV['DOCKER_DB_HOST'] || 'localhost' %> 10 | pool: 5 11 | <<: *postgresql 12 | reconnect: true 13 | timeout: <%= IdentityConfig.store.database_timeout %> # ms 14 | connect_timeout: 2 15 | keepalives_idle: 10 16 | keepalives_interval: 10 17 | keepalives_count: 2 18 | checkout_timeout: 5 19 | reaping_frequency: 10 20 | variables: 21 | statement_timeout: <%= IdentityConfig.store.database_statement_timeout %> # ms 22 | 23 | development: 24 | <<: *defaults 25 | 26 | test: 27 | <<: *defaults 28 | database: <%= ENV['POSTGRES_DB'] || "identity_pki_#{Rails.env}" %> 29 | user: <%= ENV['POSTGRES_USER'] %> 30 | password: <%= ENV['POSTGRES_PASSWORD'] %> 31 | 32 | production: 33 | <<: *defaults 34 | username: <%= IdentityConfig.store.database_username %> 35 | host: <%= IdentityConfig.store.database_host %> 36 | password: <%= IdentityConfig.store.database_password %> 37 | sslmode: <%= IdentityConfig.store.database_sslmode %> 38 | sslrootcert: '/usr/local/share/aws/rds-combined-ca-bundle.pem' 39 | -------------------------------------------------------------------------------- /config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the Rails application. 2 | require_relative 'application' 3 | 4 | # Initialize the Rails application. 5 | Rails.application.initialize! 6 | 7 | require 'feature_management' 8 | -------------------------------------------------------------------------------- /config/environments/development.rb: -------------------------------------------------------------------------------- 1 | require 'active_support/core_ext/integer/time' 2 | 3 | Rails.application.configure do 4 | # Settings specified here will take precedence over those in config/application.rb. 5 | 6 | # In the development environment your application's code is reloaded on 7 | # every request. This slows down response time but is perfect for development 8 | # since you don't have to restart the web server when you make code changes. 9 | config.cache_classes = false 10 | config.enable_reloading = true 11 | # This allows nginx to make a request 12 | config.hosts << 'rails_upstream' 13 | 14 | # Do not eager load code on boot. 15 | config.eager_load = false 16 | 17 | # Show full error reports. 18 | config.consider_all_requests_local = true 19 | 20 | # Enable server timing 21 | config.server_timing = true 22 | 23 | # Enable/disable caching. By default caching is disabled. 24 | if Rails.root.join('tmp', 'caching-dev.txt').exist? 25 | config.action_controller.perform_caching = true 26 | config.action_controller.enable_fragment_cache_logging = true 27 | 28 | config.cache_store = :memory_store 29 | config.public_file_server.headers = { 30 | 'Cache-Control' => "public, max-age=#{2.days.to_i}", 31 | } 32 | else 33 | config.action_controller.perform_caching = false 34 | 35 | config.cache_store = :null_store 36 | end 37 | 38 | # Print deprecation notices to the Rails logger. 39 | config.active_support.deprecation = :log 40 | 41 | # Raise exceptions for disallowed deprecations. 42 | config.active_support.disallowed_deprecation = :raise 43 | 44 | # Tell Active Support which deprecation messages to disallow. 45 | config.active_support.disallowed_deprecation_warnings = [] 46 | 47 | # Raise an error on page load if there are pending migrations. 48 | config.active_record.migration_error = :page_load 49 | 50 | # Highlight code that triggered database queries in logs. 51 | config.active_record.verbose_query_logs = true 52 | 53 | # Raises error for missing translations 54 | # config.action_view.raise_on_missing_translations = true 55 | 56 | # Use an evented file watcher to asynchronously detect changes in source code, 57 | # routes, locales, etc. This feature depends on the listen gem. 58 | config.file_watcher = ActiveSupport::EventedFileUpdateChecker 59 | 60 | # Annotate rendered view with file names. 61 | # config.action_view.annotate_rendered_view_with_filenames = true 62 | 63 | # Raise error when a before_action's only/except options reference missing action 64 | config.action_controller.raise_on_missing_callback_actions = true 65 | end 66 | -------------------------------------------------------------------------------- /config/environments/test.rb: -------------------------------------------------------------------------------- 1 | require 'active_support/core_ext/integer/time' 2 | 3 | # The test environment is used exclusively to run your application's 4 | # test suite. You never need to work with it otherwise. Remember that 5 | # your test database is "scratch space" for the test suite and is wiped 6 | # and recreated between test runs. Don't rely on the data there! 7 | 8 | Rails.application.configure do 9 | # Settings specified here will take precedence over those in config/application.rb. 10 | config.cache_classes = true 11 | 12 | # Eager loading loads your whole application. When running a single test locally, 13 | # this probably isn't necessary. It's a good idea to do in a continuous integration 14 | # system, or in some way before deploying your code. 15 | config.eager_load = ENV['CI'].present? 16 | 17 | # Configure public file server for tests with Cache-Control for performance. 18 | config.public_file_server.enabled = true 19 | config.public_file_server.headers = { 20 | 'Cache-Control' => "public, max-age=#{1.hour.to_i}", 21 | } 22 | 23 | # Show full error reports and disable caching. 24 | config.consider_all_requests_local = true 25 | config.action_controller.perform_caching = false 26 | config.cache_store = :null_store 27 | 28 | # Raise exceptions instead of rendering exception templates. 29 | config.action_dispatch.show_exceptions = false 30 | 31 | # Disable request forgery protection in test environment. 32 | config.action_controller.allow_forgery_protection = false 33 | 34 | # Print deprecation notices to the stderr. 35 | config.active_support.deprecation = :stderr 36 | 37 | # Raise exceptions for disallowed deprecations. 38 | config.active_support.disallowed_deprecation = :raise 39 | 40 | # Tell Active Support which deprecation messages to disallow. 41 | config.active_support.disallowed_deprecation_warnings = [] 42 | 43 | config.time_zone = ActiveSupport::TimeZone::MAPPING.keys.sample 44 | config.active_record.default_timezone = :local 45 | 46 | # Raises error for missing translations 47 | # cconfig.i18n.raise_on_missing_translations = true 48 | 49 | # Annotate rendered view with file names. 50 | # config.action_view.annotate_rendered_view_with_filenames = true 51 | 52 | # Raise error when a before_action's only/except options reference missing actions 53 | # config.action_controller.raise_on_missing_callback_actions = true 54 | end 55 | -------------------------------------------------------------------------------- /config/initializers/application_controller_renderer.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # ActiveSupport::Reloader.to_prepare do 4 | # ApplicationController.renderer.defaults.merge!( 5 | # http_host: 'example.org', 6 | # https: false 7 | # ) 8 | # end 9 | -------------------------------------------------------------------------------- /config/initializers/aws.rb: -------------------------------------------------------------------------------- 1 | Aws.config.update( 2 | region: IdentityConfig.store.aws_region, 3 | http_open_timeout: IdentityConfig.store.aws_http_timeout, 4 | http_read_timeout: IdentityConfig.store.aws_http_timeout 5 | ) 6 | -------------------------------------------------------------------------------- /config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your 4 | # backtraces. 5 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 6 | 7 | # You can also remove all the silencers if you're trying to debug a problem that might stem from 8 | # framework code. 9 | # Rails.backtrace_cleaner.remove_silencers! 10 | -------------------------------------------------------------------------------- /config/initializers/certificate_store.rb: -------------------------------------------------------------------------------- 1 | Rails.application.config.after_initialize do 2 | unless File.basename($PROGRAM_NAME) == 'rake' && ARGV.any? { |arg| arg.start_with?('db:') } 3 | CertificateStore.instance.load_certs! 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /config/initializers/cookies_serializer.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Specify a serializer for the signed and encrypted cookie jars. 4 | # Valid options are :json, :marshal, and :hybrid. 5 | Rails.application.config.action_dispatch.cookies_serializer = :json 6 | -------------------------------------------------------------------------------- /config/initializers/filter_parameter_logging.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file. 4 | # Use this to limit dissemination of sensitive information. 5 | # See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. 6 | Rails.application.config.filter_parameters += [ 7 | :passw #, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn 8 | ] 9 | -------------------------------------------------------------------------------- /config/initializers/inflections.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new inflection rules using the following format. Inflections 4 | # are locale specific, and you may define rules for as many different 5 | # locales as you wish. All of these examples are active by default: 6 | # ActiveSupport::Inflector.inflections(:en) do |inflect| 7 | # inflect.plural /^(ox)$/i, '\1en' 8 | # inflect.singular /^(ox)en/i, '\1' 9 | # inflect.irregular 'person', 'people' 10 | # inflect.uncountable %w( fish sheep ) 11 | # end 12 | 13 | # These inflection rules are supported but not enabled by default: 14 | # ActiveSupport::Inflector.inflections(:en) do |inflect| 15 | # inflect.acronym 'RESTful' 16 | # end 17 | -------------------------------------------------------------------------------- /config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | -------------------------------------------------------------------------------- /config/initializers/secret_token.rb: -------------------------------------------------------------------------------- 1 | Rails.application.config.secret_key_base = IdentityConfig.store.secret_key_base 2 | -------------------------------------------------------------------------------- /config/initializers/wrap_parameters.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # This file contains settings for ActionController::ParamsWrapper which 4 | # is enabled by default. 5 | 6 | # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array. 7 | ActiveSupport.on_load(:action_controller) do 8 | wrap_parameters format: [:json] 9 | end 10 | 11 | # To enable root element in JSON for ActiveRecord objects. 12 | # ActiveSupport.on_load(:active_record) do 13 | # self.include_root_in_json = true 14 | # end 15 | -------------------------------------------------------------------------------- /config/local-certs/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: keychain-import clean 2 | 3 | all: keychain-import server.crt 4 | 5 | rootCA.key: 6 | @echo "===" 7 | @echo "Enter a passphrase you can remember, like 'salty pickles'" 8 | @echo "===" 9 | openssl genrsa \ 10 | -des3 \ 11 | -out $@ \ 12 | 2048 13 | 14 | rootCA.pem: rootCA.key 15 | @echo "===" 16 | @echo "Enter that same passphrase when prompted (example: 'salty pickles')" 17 | @echo "===" 18 | openssl req \ 19 | -x509 \ 20 | -new \ 21 | -nodes \ 22 | -key $< \ 23 | -config rootCA.csr.cnf \ 24 | -sha256 \ 25 | -days 1024 \ 26 | -out $@ 27 | 28 | keychain-import: rootCA.pem 29 | security find-certificate -c "identity-pki Development Certificate" >/dev/null 2>/dev/null || \ 30 | (security import $< -t pub -A) 31 | @echo "NOTE: please open Keychain Access and set Trust settings to 'Always Trust' for 'identity-pki Development Certificate'" 32 | 33 | server.key: server.csr.cnf 34 | openssl req \ 35 | -new \ 36 | -sha256 \ 37 | -nodes \ 38 | -out server.csr \ 39 | -newkey rsa:2048 \ 40 | -keyout $@ \ 41 | -config $< 42 | 43 | server.crt: server.key 44 | @echo "===" 45 | @echo "Enter that same passphrase when prompted (example: 'salty pickles')" 46 | @echo "===" 47 | openssl x509 \ 48 | -req \ 49 | -in server.csr \ 50 | -CA rootCA.pem \ 51 | -CAkey rootCA.key \ 52 | -CAcreateserial \ 53 | -out $@ \ 54 | -days 500 \ 55 | -sha256 \ 56 | -extfile v3.ext 57 | 58 | clean: 59 | rm -f rootCA.key rootCA.key server.key server.crt 60 | @echo "NOTE: Please open Keychain Access and manually delete 'identity-pki Development Certificate'" 61 | # TODO: doesn't seem to remove from the UI when we run this: 62 | # security delete-certificate -t -c "identity-pki Development Certificate" 63 | -------------------------------------------------------------------------------- /config/local-certs/rootCA.csr.cnf: -------------------------------------------------------------------------------- 1 | [req] 2 | default_bits = 4096 3 | default_md = sha256 4 | distinguished_name = req_distinguished_name 5 | prompt = no 6 | x509_extensions = v3_ca 7 | 8 | [ req_distinguished_name ] 9 | countryName = US 10 | stateOrProvinceName = District of Columbia 11 | localityName = Washington 12 | organizationName = login.gov development 13 | organizationalUnitName = identity-pki 14 | emailAddress = noreply@login.gov 15 | commonName = identity-pki Development Certificate 16 | 17 | [v3_ca] 18 | subjectKeyIdentifier = hash 19 | authorityKeyIdentifier = keyid:always,issuer 20 | basicConstraints = critical, CA:TRUE 21 | keyUsage = critical, digitalSignature, cRLSign, keyCertSign 22 | -------------------------------------------------------------------------------- /config/local-certs/server.csr.cnf: -------------------------------------------------------------------------------- 1 | [req] 2 | default_bits = 2048 3 | default_md = sha256 4 | distinguished_name = dn 5 | prompt = no 6 | x509_extensions = v3_ca 7 | 8 | [dn] 9 | C = US 10 | ST = District of Columbia 11 | L = Washington 12 | O = login.gov development 13 | OU = identity-pki 14 | emailAddress = noreply@login.gov 15 | CN = localhost 16 | 17 | [v3_ca] 18 | subjectKeyIdentifier = hash 19 | authorityKeyIdentifier = keyid:always,issuer 20 | basicConstraints = critical, CA:TRUE 21 | keyUsage = critical, digitalSignature, cRLSign, keyCertSign 22 | -------------------------------------------------------------------------------- /config/local-certs/v3.ext: -------------------------------------------------------------------------------- 1 | authorityKeyIdentifier = keyid,issuer 2 | basicConstraints = CA:FALSE 3 | keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment 4 | subjectAltName = @alt_names 5 | 6 | [alt_names] 7 | DNS.1 = localhost 8 | -------------------------------------------------------------------------------- /config/locales/en.yml: -------------------------------------------------------------------------------- 1 | # Files in the config/locales directory are used for internationalization 2 | # and are automatically loaded by Rails. If you want to use locales other 3 | # than English, add the necessary files in this directory. 4 | # 5 | # To use the locales, use `I18n.t`: 6 | # 7 | # I18n.t 'hello' 8 | # 9 | # In views, this is aliased to just `t`: 10 | # 11 | # <%= t('hello') %> 12 | # 13 | # To use a different locale, set it with `I18n.locale`: 14 | # 15 | # I18n.locale = :es 16 | # 17 | # This would use the information in config/locales/es.yml. 18 | # 19 | # The following keys must be escaped otherwise they will not be retrieved by 20 | # the default I18n backend: 21 | # 22 | # true, false, on, off, yes, no 23 | # 24 | # Instead, surround them with single quotes. 25 | # 26 | # en: 27 | # 'true': 'foo' 28 | # 29 | # To learn more, please read the Rails Internationalization guide 30 | # available at http://guides.rubyonrails.org/i18n.html. 31 | 32 | en: 33 | hello: "Hello world" 34 | -------------------------------------------------------------------------------- /config/newrelic.yml: -------------------------------------------------------------------------------- 1 | common: &default_settings 2 | code_level_metrics: 3 | enabled: false 4 | distributed_tracing: 5 | enabled: false 6 | # Application log forwarding should always be disabled 7 | application_logging: 8 | forwarding: 9 | enabled: false 10 | development: 11 | <<: *default_settings 12 | monitor_mode: false 13 | production: 14 | <<: *default_settings 15 | agent_enabled: true 16 | app_name: pivcac.<%= Identity::Hostdata.env %>.<%= Identity::Hostdata.domain %> 17 | host: gov-collector.newrelic.com 18 | audit_log: 19 | enabled: false 20 | browser_monitoring: 21 | auto_instrument: false 22 | error_collector: 23 | capture_source: true 24 | enabled: true 25 | ignore_errors: "<%= %w[ 26 | ActionController::BadRequest 27 | ActionController::ParameterMissing 28 | ActionController::RoutingError 29 | ActionController::UnknownHttpMethod 30 | ActionDispatch::Http::MimeNegotiation::InvalidType 31 | ActionDispatch::Http::Parameters::ParseError 32 | ].join(',') %>" 33 | license_key: <%= IdentityConfig.store.newrelic_license_key %> 34 | log_level: info 35 | monitor_mode: true 36 | transaction_tracer: 37 | enabled: true 38 | record_sql: obfuscated 39 | proxy_host: 40 | proxy_port: 41 | test: 42 | <<: *default_settings 43 | monitor_mode: false 44 | -------------------------------------------------------------------------------- /config/nginx_server.conf.example: -------------------------------------------------------------------------------- 1 | # run in foreground instead of via daemon 2 | worker_processes 1; 3 | daemon off; 4 | 5 | events {} 6 | http { 7 | upstream rails_upstream { 8 | server 127.0.0.1:8442; 9 | } 10 | 11 | server { 12 | listen 8443 ssl; 13 | server_name identity_pki; 14 | 15 | ssl_certificate local-certs/server.crt; 16 | ssl_certificate_key local-certs/server.key; 17 | ssl_client_certificate cert_bundles/login_bundle.pem; 18 | ssl_verify_client optional_no_ca; # on; 19 | ssl_verify_depth 10; 20 | 21 | location / { 22 | proxy_redirect off; 23 | proxy_pass http://rails_upstream; 24 | proxy_set_header X-Client-Verify $ssl_client_verify; 25 | proxy_set_header X-Client-S-Dn $ssl_client_s_dn; 26 | proxy_set_header X-Client-I-Dn $ssl_client_i_dn; 27 | proxy_set_header X-Client-Serial $ssl_client_serial; 28 | proxy_set_header X-Client-Fingerprint $ssl_client_fingerprint; 29 | proxy_set_header X-Client-Cert $ssl_client_escaped_cert; 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /config/puma.rb: -------------------------------------------------------------------------------- 1 | # This configuration file will be evaluated by Puma. The top-level methods that 2 | # are invoked here are part of Puma's configuration DSL. For more information 3 | # about methods provided by the DSL, see https://puma.io/puma/Puma/DSL.html. 4 | 5 | # Puma can serve each request in a thread from an internal thread pool. 6 | # The `threads` method setting takes two numbers: a minimum and maximum. 7 | # Any libraries that use thread pools should be configured to match 8 | # the maximum value specified for Puma. Default is set to 1 threads for minimum 9 | # and maximum; 10 | max_threads_count = ENV.fetch('RAILS_MAX_THREADS', 1) 11 | min_threads_count = ENV.fetch('RAILS_MIN_THREADS') { max_threads_count } 12 | threads min_threads_count, max_threads_count 13 | 14 | # Specifies that the worker count should equal the number of processors in production. 15 | if ENV['RAILS_ENV'] == 'production' 16 | require 'concurrent-ruby' 17 | worker_count = Integer( 18 | ENV.fetch('PUMA_WORKER_CONCURRENCY') { Concurrent.physical_processor_count }, 19 | ) 20 | workers worker_count if worker_count > 1 21 | 22 | if ENV['REMOTE_ADDRESS_HEADER'] 23 | set_remote_address header: ENV['REMOTE_ADDRESS_HEADER'] 24 | end 25 | end 26 | 27 | # Write Puma logs to file in append mode 28 | if ENV['PUMA_LOG'] && ENV['PUMA_LOG_ERR'] 29 | stdout_redirect ENV['PUMA_LOG'], ENV['PUMA_LOG_ERR'], true 30 | end 31 | 32 | # Specifies the `worker_timeout` threshold that Puma will use to wait before 33 | # terminating a worker in development environments. 34 | worker_timeout 3600 if ENV.fetch('RAILS_ENV', 'development') == 'development' 35 | 36 | # Specifies the `port` that Puma will listen on to receive requests; default is 3000. 37 | port ENV.fetch('PORT', 3000) 38 | 39 | # Specifies the `environment` that Puma will run in. 40 | environment ENV.fetch('RAILS_ENV') { 'development' } 41 | 42 | # Specifies the `pidfile` that Puma will use. 43 | pidfile ENV.fetch('PIDFILE') { 'tmp/pids/server.pid' } 44 | 45 | # Allow puma to be restarted by `bin/rails restart` command. 46 | plugin :tmp_restart 47 | -------------------------------------------------------------------------------- /config/routes.rb: -------------------------------------------------------------------------------- 1 | Rails.application.routes.draw do 2 | # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html 3 | get '/', to: 'identify#create' 4 | post '/', to: 'verify#open' 5 | 6 | get '/health_check' => 'health/overall#index' 7 | get '/api/health/certs' => 'health/certs#index' 8 | end 9 | -------------------------------------------------------------------------------- /config/spring.rb: -------------------------------------------------------------------------------- 1 | %w[ 2 | .ruby-version 3 | .rbenv-vars 4 | tmp/restart.txt 5 | tmp/caching-dev.txt 6 | ].each { |path| Spring.watch(path) } 7 | -------------------------------------------------------------------------------- /config/test-certs/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/config/test-certs/.keep -------------------------------------------------------------------------------- /db/migrate/20180410124250_add_certificates_table.rb: -------------------------------------------------------------------------------- 1 | class AddCertificatesTable < ActiveRecord::Migration[5.1] 2 | def change 3 | create_table :certificates do |t| 4 | t.string :key, null: false 5 | t.string :dn, null: false 6 | t.string :crl_http_url 7 | t.datetime :valid_not_before, null: false 8 | t.datetime :valid_not_after, null: false 9 | t.timestamps 10 | 11 | t.index :key, unique: true 12 | end 13 | end 14 | end 15 | -------------------------------------------------------------------------------- /db/migrate/20180410124445_add_certificate_revocations_table.rb: -------------------------------------------------------------------------------- 1 | class AddCertificateRevocationsTable < ActiveRecord::Migration[5.1] 2 | def change 3 | create_table :certificate_revocations do |t| 4 | t.bigint :certificate_id, null: false 5 | t.string :serial, null: false 6 | t.timestamps 7 | 8 | t.foreign_key :certificates 9 | 10 | t.index [:certificate_id, :serial], unique: true 11 | end 12 | end 13 | end 14 | -------------------------------------------------------------------------------- /db/migrate/20180412195153_create_piv_cacs_table.rb: -------------------------------------------------------------------------------- 1 | class CreatePivCacsTable < ActiveRecord::Migration[5.1] 2 | def change 3 | create_table :piv_cacs do |t| 4 | t.string :uuid, null: false 5 | t.string :dn_signature, null: false 6 | 7 | t.index :uuid, unique: true 8 | t.index :dn_signature, unique: true 9 | end 10 | end 11 | end 12 | -------------------------------------------------------------------------------- /db/migrate/20180419202740_rename_certificate_to_certificate_authority.rb: -------------------------------------------------------------------------------- 1 | class RenameCertificateToCertificateAuthority < ActiveRecord::Migration[5.1] 2 | def self.up 3 | rename_table :certificates, :certificate_authorities 4 | rename_index :certificate_revocations, 'index_certificate_revocations_on_certificate_id_and_serial', 'index_certificate_revocations_on_cert_auth_id_and_serial' 5 | rename_column :certificate_revocations, :certificate_id, :certificate_authority_id 6 | end 7 | 8 | def self.down 9 | rename_table :certificate_authorities, :certificates 10 | rename_index :certificate_revocations, 'index_certificate_revocations_on_cert_auth_id_and_serial', 'index_certificate_revocations_on_certificate_id_and_serial' 11 | rename_column :certificate_revocations, :certificate_authority_id, :certificate_id 12 | end 13 | end 14 | -------------------------------------------------------------------------------- /db/migrate/20180517192853_create_unrecognized_certificate_authorities_table.rb: -------------------------------------------------------------------------------- 1 | class CreateUnrecognizedCertificateAuthoritiesTable < ActiveRecord::Migration[5.2] 2 | def change 3 | create_table :unrecognized_certificate_authorities do |t| 4 | t.string :key, null: false 5 | t.string :dn, null: false 6 | t.string :crl_http_url 7 | t.string :ocsp_url 8 | t.string :ca_issuer_url 9 | t.timestamps 10 | 11 | t.index :key, unique: true 12 | end 13 | end 14 | end 15 | -------------------------------------------------------------------------------- /db/migrate/20180523205303_add_ocsp_url_to_certificate_authorities.rb: -------------------------------------------------------------------------------- 1 | class AddOcspUrlToCertificateAuthorities < ActiveRecord::Migration[5.2] 2 | def change 3 | add_column :certificate_authorities, :ocsp_http_url, :string 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /db/schema.rb: -------------------------------------------------------------------------------- 1 | # This file is auto-generated from the current state of the database. Instead 2 | # of editing this file, please use the migrations feature of Active Record to 3 | # incrementally modify your database, and then regenerate this schema definition. 4 | # 5 | # This file is the source Rails uses to define your schema when running `bin/rails 6 | # db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to 7 | # be faster and is potentially less error prone than running all of your 8 | # migrations from scratch. Old migrations may fail to apply correctly if those 9 | # migrations use external dependencies or application code. 10 | # 11 | # It's strongly recommended that you check this file into your version control system. 12 | 13 | ActiveRecord::Schema[7.1].define(version: 2018_05_23_205303) do 14 | # These are extensions that must be enabled in order to support this database 15 | enable_extension "plpgsql" 16 | 17 | create_table "certificate_authorities", force: :cascade do |t| 18 | t.string "key", null: false 19 | t.string "dn", null: false 20 | t.string "crl_http_url" 21 | t.datetime "valid_not_before", precision: nil, null: false 22 | t.datetime "valid_not_after", precision: nil, null: false 23 | t.datetime "created_at", precision: nil, null: false 24 | t.datetime "updated_at", precision: nil, null: false 25 | t.string "ocsp_http_url" 26 | t.index ["key"], name: "index_certificate_authorities_on_key", unique: true 27 | end 28 | 29 | create_table "certificate_revocations", force: :cascade do |t| 30 | t.bigint "certificate_authority_id", null: false 31 | t.string "serial", null: false 32 | t.datetime "created_at", precision: nil, null: false 33 | t.datetime "updated_at", precision: nil, null: false 34 | t.index ["certificate_authority_id", "serial"], name: "index_certificate_revocations_on_cert_auth_id_and_serial", unique: true 35 | end 36 | 37 | create_table "piv_cacs", force: :cascade do |t| 38 | t.string "uuid", null: false 39 | t.string "dn_signature", null: false 40 | t.index ["dn_signature"], name: "index_piv_cacs_on_dn_signature", unique: true 41 | t.index ["uuid"], name: "index_piv_cacs_on_uuid", unique: true 42 | end 43 | 44 | create_table "unrecognized_certificate_authorities", force: :cascade do |t| 45 | t.string "key", null: false 46 | t.string "dn", null: false 47 | t.string "crl_http_url" 48 | t.string "ocsp_url" 49 | t.string "ca_issuer_url" 50 | t.datetime "created_at", precision: nil, null: false 51 | t.datetime "updated_at", precision: nil, null: false 52 | t.index ["key"], name: "index_unrecognized_certificate_authorities_on_key", unique: true 53 | end 54 | 55 | add_foreign_key "certificate_revocations", "certificate_authorities" 56 | end 57 | -------------------------------------------------------------------------------- /db/seeds.rb: -------------------------------------------------------------------------------- 1 | # This file should contain all the record creation needed to seed the database with its default 2 | # values. The data can then be loaded with the rails db:seed command (or created alongside the 3 | # database with db:setup). 4 | # 5 | # Examples: 6 | # 7 | # movies = Movie.create([{ name: 'Star Wars' }, { name: 'Lord of the Rings' }]) 8 | # Character.create(name: 'Luke', movie: movies.first) 9 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | web: 4 | build: 5 | context: . 6 | dockerfile: Dockerfile 7 | volumes: 8 | - .:/pivcac 9 | ports: 10 | - "8443:8443" 11 | environment: 12 | DATABASE_URL: "postgres://postgres@db" 13 | DATABASE_CLEANER_ALLOW_REMOTE_DATABASE_URL: 'true' 14 | nonce_bloom_filter_server: "redis://redis:6379" 15 | # Set database timeouts to 30 seconds 16 | database_timeout: '30000' 17 | database_statement_timeout: '30000' 18 | DOCKER_DB_HOST: 'db' 19 | DOCKER_DB_USER: 'postgres' 20 | depends_on: 21 | - db 22 | - redis 23 | db: 24 | image: postgres 25 | volumes: 26 | - ./postgres-data:/var/lib/postgresql/data 27 | redis: 28 | image: redis 29 | -------------------------------------------------------------------------------- /dockerfiles/pivcac_ci.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM public.ecr.aws/docker/library/ruby:3.4.1-bullseye 2 | 3 | RUN apt-get update -qq 4 | 5 | RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true 6 | -------------------------------------------------------------------------------- /k8files/application.yml.default.docker: -------------------------------------------------------------------------------- 1 | dod_root_identifiers: "\ 2 | AD:0C:7A:75:5C:E5:F3:98:C4:79:98:0E:AC:28:FD:97:F4:E7:02:FC,\ 3 | 17:4B:B8:26:BA:69:7A:AD:12:50:57:45:31:9E:57:BB:74:A5:DA:2F,\ 4 | 49:74:BB:0C:5E:BA:7A:FE:02:54:EF:7B:A0:C6:95:C6:09:80:70:96,\ 5 | 68:84:15:48:8C:54:70:7F:2D:12:58:0E:EC:1C:78:EF:3C:2E:59:64,\ 6 | 6C:8A:94:A2:77:B1:80:72:1D:81:7A:16:AA:F2:DC:CE:66:EE:45:C0,\ 7 | BD:C1:B9:6B:4D:F4:1D:EC:30:90:BF:62:73:C0:84:33:F2:71:24:85,\ 8 | 9C:16:31:A2:B4:29:8C:2E:04:62:57:87:11:E4:0F:4A:86:F4:75:48" 9 | 10 | production: 11 | aws_region: us-west-2 12 | client_cert_escaped: 'true' 13 | client_cert_logger_s3_bucket_name: ['env', 'CLIENT_CERT_S3_BUCKET'] 14 | database_name: ['env', 'POSTGRES_NAME'] 15 | database_host: ['env', 'POSTGRES_HOST'] 16 | database_username: ['env', 'POSTGRES_USERNAME'] 17 | database_password: ['env', 'POSTGRES_PASSWORD'] 18 | database_sslmode: 'prefer' 19 | token_encryption_key_salt: b51dacb05339fb559ffa7772c90b2d1f3541a0fedb152badcbc79430dc89e3c9c3c49b22da5b8d0e074c5ef16728133fb1ae0ec7914d40e608d44ef4b8b5349e 20 | token_encryption_key_pepper: e5d0bd66e9528cbaac0bda517af540650e6e85d19842dcbfa0fd0fe4e4d8352c863ee5cf00fca3c2899721d8ee487445d56c9984eba91e838937fbb133225fb2 21 | secret_key_base: 96bdf212d7448cf73431dc89b9450e4fb84c7cf19242f017b1b361ab288f6568bfc4349060da1566ee7b949a5ca358f45b145e8518b5395caa1ae379f5acb74c 22 | piv_cac_verify_token_secret: 'a6ed2fb16320ae85a7a8e48f4b0eeb6afca5f1ac64af2a05a0c486df1c20b693987832a11f0910729f199b3ce5c7609fe6d580bed428d035ea8460990e38a382' 23 | identity_idp_host: ['env', 'IDP_HOST'] 24 | domain_name: ['env', 'DOMAIN_NAME'] 25 | log_to_stdout: true 26 | -------------------------------------------------------------------------------- /k8files/fipsmode.patch: -------------------------------------------------------------------------------- 1 | --- nginx-1.18.0.orig/src/event/ngx_event_openssl.c 2020-04-21 14:09:01.000000000 +0000 2 | +++ nginx-1.18.0/src/event/ngx_event_openssl.c 2020-10-14 23:31:36.050855091 +0000 3 | @@ -164,6 +164,8 @@ 4 | 5 | #endif 6 | 7 | + FIPS_mode_set(1); 8 | + 9 | #ifndef SSL_OP_NO_COMPRESSION 10 | { 11 | /* 12 | -------------------------------------------------------------------------------- /k8files/newrelic.yml: -------------------------------------------------------------------------------- 1 | common: &default_settings 2 | code_level_metrics: 3 | enabled: false 4 | # Application log forwarding should always be disabled 5 | application_logging: 6 | forwarding: 7 | enabled: false 8 | production: 9 | <<: *default_settings 10 | agent_enabled: false 11 | audit_log: 12 | enabled: false 13 | browser_monitoring: 14 | auto_instrument: false 15 | log_level: info 16 | monitor_mode: false 17 | log_file_path: 'STDOUT' 18 | -------------------------------------------------------------------------------- /k8files/pivcac.conf: -------------------------------------------------------------------------------- 1 | # Set HSTS header only if not already set by app. Some clients get unhappy if 2 | # you set multiple Strict-Transport-Security headers. 3 | # https://serverfault.com/a/598106 4 | map $upstream_http_strict_transport_security $sts_value { 5 | '' "max-age=31536000; preload"; 6 | } 7 | 8 | # Always add a HSTS header - This is still inside the http block, so will not 9 | # conflict with headers set in nginx.conf 10 | add_header Strict-Transport-Security $sts_value always; 11 | 12 | server { 13 | listen 443 ssl; 14 | server_name ${ENV_CONFIG_NGINX_SERVER_NAME}; 15 | 16 | ssl_certificate /etc/letsencrypt/live/${ENV_CONFIG_PIVCAC_SSL_DOMAIN}/fullchain.pem; 17 | ssl_certificate_key /etc/letsencrypt/live/${ENV_CONFIG_PIVCAC_SSL_DOMAIN}/privkey.pem; 18 | ssl_verify_client optional_no_ca; # on; 19 | ssl_verify_depth 10; 20 | 21 | ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; 22 | ssl_dhparam /etc/ssl/certs/dhparam.pem; 23 | ssl_prefer_server_ciphers on; 24 | ssl_protocols TLSv1.2; 25 | ssl_session_cache shared:SSL:10m; 26 | ssl_session_timeout 5m; 27 | ssl_stapling on; 28 | ssl_stapling_verify on; 29 | 30 | location / { 31 | root /usr/local/var/www; 32 | 33 | proxy_pass https://0.0.0.0:3001; 34 | 35 | proxy_set_header X-Real-Host $host; 36 | proxy_set_header X-Real-Ip $remote_addr; 37 | proxy_set_header X-Real-Proto https; 38 | proxy_set_header X-Client-Verify $ssl_client_verify; 39 | proxy_set_header X-Client-S-Dn $ssl_client_s_dn; 40 | proxy_set_header X-Client-I-Dn $ssl_client_i_dn; 41 | proxy_set_header X-Client-Serial $ssl_client_serial; 42 | proxy_set_header X-Client-Fingerprint $ssl_client_fingerprint; 43 | proxy_set_header X-Client-Cert $ssl_client_escaped_cert; 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /k8files/puma_production: -------------------------------------------------------------------------------- 1 | threads_count = ENV.fetch('RAILS_MAX_THREADS') { 5 } 2 | threads threads_count, threads_count 3 | environment ENV.fetch('RAILS_ENV') { 'production' } 4 | app_dir = "/app" 5 | shared_dir = "#{app_dir}/shared" 6 | 7 | bind "unix://#{app_dir}/tmp/sockets/puma.sock" 8 | 9 | pidfile "#{app_dir}/tmp/pids/puma.pid" 10 | state_path "#{app_dir}/tmp/pids/puma.state" 11 | 12 | 13 | set_remote_address proxy_protocol: :v1 14 | bind "ssl://0.0.0.0:3001?key=/etc/letsencrypt/live/${ENV_CONFIG_PIVCAC_SSL_DOMAIN}/privkey.pem&cert=/etc/letsencrypt/live/${ENV_CONFIG_PIVCAC_SSL_DOMAIN}/fullchain.pem" 15 | -------------------------------------------------------------------------------- /k8files/push_letsencrypt_certs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Push letsencrypt certs to S3 and reload certs in nginx 4 | # Usually called by certbot when a new cert is received 5 | # 6 | set -eu 7 | 8 | while getopts e:c: opt 9 | do 10 | case $opt in 11 | e) ENV="${OPTARG}" ;; 12 | \?) exit 1 ;; 13 | esac 14 | done 15 | shift $((OPTIND-1)) 16 | 17 | if [ -z "${ENV:-}" ]; then 18 | echo "Must specify ENVIRONMENT (-e)" >&2 19 | exit 1 20 | fi 21 | 22 | # Set AWS Account/Region 23 | PROD_ENVIRONMENTS=("prod" "staging" "dm") 24 | AWS_ACCOUNT_NUM="" 25 | 26 | if [[ " ${PROD_ENVIRONMENTS[*]} " =~ " ${ENV} " ]]; then 27 | AWS_ACCOUNT_NUM="555546682965" 28 | else 29 | AWS_ACCOUNT_NUM="894947205914" 30 | fi 31 | 32 | if [ -e /root/letsencrypt.${ENV}.tar.gz ]; then 33 | rm /root/letsencrypt.${ENV}.tar.gz 34 | fi 35 | 36 | cd /etc 37 | tar czvf /root/letsencrypt.${ENV}.tar.gz letsencrypt 38 | if [ -e /root/letsencrypt.${ENV}.tar.gz ]; then 39 | echo "run push" 40 | aws s3 cp /root/letsencrypt.${ENV}.tar.gz s3://login-gov-pivcac-${ENV}.${AWS_ACCOUNT_NUM}-us-west-2/ 41 | else 42 | echo ERROR: Failed to create cert bundle /root/letsencrypt.${ENV}.tar.gz 1>&2 43 | exit 1 44 | fi 45 | 46 | if [ -e /app/tmp/pids/puma.state ]; then 47 | echo "restart puma 48 | bundle exec pumactl --state /app/tmp/pids/puma.state restart 49 | fi 50 | -------------------------------------------------------------------------------- /k8files/status-map.conf: -------------------------------------------------------------------------------- 1 | # Create $status_reason, a human-friendly version of $status. 2 | # This file must be included from inside an http { } block. 3 | map $status $status_reason { 4 | default "-"; 5 | 100 "Continue"; 6 | 101 "Switching Protocols"; 7 | 102 "Processing"; 8 | 9 | 200 "OK"; 10 | 201 "Created"; 11 | 202 "Accepted"; 12 | 203 "Non-Authoritative Information"; 13 | 204 "No Content"; 14 | 205 "Reset Content"; 15 | 206 "Partial Content"; 16 | 207 "Multi-Status"; 17 | 208 "Already Reported"; 18 | 226 "IM Used"; 19 | 20 | 300 "Multiple Choices"; 21 | 301 "Moved Permanently"; 22 | 302 "Found"; 23 | 303 "See Other"; 24 | 304 "Not Modified"; 25 | 305 "Use Proxy"; 26 | 306 "Switch Proxy"; 27 | 307 "Temporary Redirect"; 28 | 308 "Permanent Redirect"; 29 | 30 | 400 "Bad Request"; 31 | 401 "Unauthorized"; 32 | 402 "Payment Required"; 33 | 403 "Forbidden"; 34 | 404 "Not Found"; 35 | 405 "Method Not Allowed"; 36 | 406 "Not Acceptable"; 37 | 407 "Proxy Authentication Required"; 38 | 408 "Request Timeout"; 39 | 409 "Conflict"; 40 | 410 "Gone"; 41 | 411 "Length Required"; 42 | 412 "Precondition Failed"; 43 | 413 "Payload Too Large"; 44 | 414 "URI Too Long"; 45 | 415 "Unsupported Media Type"; 46 | 416 "Range Not Satisfiable"; 47 | 417 "Expectation Failed"; 48 | 418 "I'm A Teapot"; 49 | 421 "Too Many Connections From This IP"; 50 | 422 "Unprocessable Entity"; 51 | 423 "Locked"; 52 | 424 "Failed Dependency"; 53 | 425 "Unordered Collection"; 54 | 426 "Upgrade Required"; 55 | 428 "Precondition Required"; 56 | 429 "Too Many Requests"; 57 | 431 "Request Header Fields Too Large"; 58 | 449 "Retry With"; 59 | 450 "Blocked By Windows Parental Controls"; 60 | 61 | # nginx 62 | 444 "No Response"; 63 | 495 "SSL Certificate Error"; 64 | 496 "SSL Certificate Required"; 65 | 497 "HTTP Request Sent to HTTPS Port"; 66 | 499 "Client Closed Request"; 67 | 68 | 500 "Internal Server Error"; 69 | 501 "Not Implemented"; 70 | 502 "Bad Gateway"; 71 | 503 "Service Unavailable"; 72 | 504 "Gateway Timeout"; 73 | 505 "HTTP Version Not Supported"; 74 | 506 "Variant Also Negotiates"; 75 | 507 "Insufficient Storage"; 76 | 508 "Loop Detected"; 77 | 509 "Bandwidth Limit Exceeded"; 78 | 510 "Not Extended"; 79 | 511 "Network Authentication Required"; 80 | } 81 | -------------------------------------------------------------------------------- /k8files/status.conf: -------------------------------------------------------------------------------- 1 | # nginx_status only accessible for 2 | # localhost. 3 | server { 4 | listen 127.0.0.1:80; 5 | server_name localhost; 6 | location /nginx_status { 7 | stub_status on; 8 | access_log off; 9 | allow 127.0.0.1; 10 | deny all; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /k8files/update-ips.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # This script updates the ips.conf file so that we have 4 | # up-to-date cloudfront IP information. 5 | # 6 | set -e 7 | 8 | IPS_CONF="/etc/nginx/cloudfront-ips.conf" 9 | echo "Updating $IPS_CONF" 10 | 11 | rm -f "$IPS_CONF" 12 | echo '# cloudfront IP ranges' > $IPS_CONF 13 | echo '# ' >> $IPS_CONF 14 | 15 | curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.service=="CLOUDFRONT_ORIGIN_FACING") | .ip_prefix' | while read i ; do 16 | echo "set_real_ip_from $i;" >> $IPS_CONF 17 | done 18 | 19 | curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.ipv6_prefixes[] | select(.service=="CLOUDFRONT") | .ipv6_prefix' | while read i ; do 20 | echo "set_real_ip_from $i;" >> $IPS_CONF 21 | done 22 | -------------------------------------------------------------------------------- /k8files/update_cert_revocations: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Rerun this recipe from cron. 4 | # 5 | set -eu 6 | 7 | sleep $[ ( $RANDOM % 3600 ) + 1 ]s \ 8 | && cd /srv/pki-rails/current \ 9 | && bundle exec rake crls:update 2>&1 >> /srv/pki-rails/shared/log/cron.log 10 | -------------------------------------------------------------------------------- /k8files/update_letsencrypt_certs: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Rerun this recipe from cron. 4 | # 5 | set -eu 6 | 7 | while getopts e:c: opt 8 | do 9 | case $opt in 10 | c) CERT_ENV="${OPTARG}" ;; 11 | e) ENV="${OPTARG}" ;; 12 | \?) exit 1 ;; 13 | esac 14 | done 15 | shift $((OPTIND-1)) 16 | 17 | if [[ -z "${ENV:-}" ]]; then 18 | echo "Must specify ENVIRONMENT (-e)" >&2 19 | exit 1 20 | fi 21 | 22 | if [[ -z "${CERT_ENV:-}" ]]; then 23 | CERT_ENV=$ENV 24 | fi 25 | 26 | # Set AWS Account/Region 27 | PROD_ENVIRONMENTS=("prod" "staging" "dm") 28 | AWS_ACCOUNT_NUM="" 29 | 30 | if [[ " ${PROD_ENVIRONMENTS[@]} " =~ " ${ENV} " ]]; then 31 | AWS_ACCOUNT_NUM="555546682965" 32 | else 33 | AWS_ACCOUNT_NUM="894947205914" 34 | fi 35 | 36 | # Set domains that PIVCAC cert will be requested for. Review-app environment uses a different domain structure 37 | # than other environments, so we test to see if ENV is reviewapp to set it's value, otherwise the domain follows 38 | # standard PIVCAC domain structure. 39 | CERT_DOMAIN="" 40 | if [[ "${ENV}" = "reviewapp" ]]; then 41 | CERT_DOMAIN="-d *.${CERT_ENV}.pivcac.identitysandbox.gov" 42 | else 43 | CERT_DOMAIN="-d pivcac.${CERT_ENV}.identitysandbox.gov -d *.pivcac.${CERT_ENV}.identitysandbox.gov" 44 | fi 45 | 46 | if [[ -z "${CERT_DOMAIN:-}" ]]; then 47 | echo "Certificate Domain did not get set properly. This error should not happen. Troubleshoot script" 48 | exit 1 49 | fi 50 | 51 | [ -e /root/letsencrypt.${CERT_ENV}.tar.gz ] && rm -f /root/letsencrypt.${CERT_ENV}.tar.gz 52 | 53 | aws s3 cp s3://login-gov-pivcac-${ENV}.${AWS_ACCOUNT_NUM}-us-west-2/letsencrypt.${CERT_ENV}.tar.gz /root/letsencrypt.${CERT_ENV}.tar.gz 54 | 55 | cd /etc/letsencrypt 56 | 57 | [ -s /root/letsencrypt.${CERT_ENV}.tar.gz ] && tar zxf /root/letsencrypt.${CERT_ENV}.tar.gz || certbot certonly --agree-tos -n --dns-route53 ${CERT_DOMAIN} --email identity-devops@login.gov --server https://acme-v02.api.letsencrypt.org/directory --deploy-hook "/usr/local/bin/push_letsencrypt_certs.sh -e ${ENV} -c ${CERT_ENV}" --preferred-chain 'ISRG Root X1' --key-type rsa --rsa-key-size 2048 58 | 59 | certbot renew -n --deploy-hook "/usr/local/bin/push_letsencrypt_certs.sh -e ${ENV} -c ${CERT_ENV}" --preferred-chain 'ISRG Root X1' --key-type rsa --rsa-key-size 2048 60 | -------------------------------------------------------------------------------- /lib/feature_management.rb: -------------------------------------------------------------------------------- 1 | class FeatureManagement 2 | def self.nonce_bloom_filter_enabled? 3 | IdentityConfig.store.nonce_bloom_filter_enabled 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /lib/identity_config.rb: -------------------------------------------------------------------------------- 1 | module IdentityConfig 2 | def self.store 3 | Identity::Hostdata.config 4 | end 5 | 6 | # rubocop:disable Metrics/BlockLength 7 | CONFIG_BUILDER = proc do |config| 8 | config.add(:aws_http_timeout, type: :integer) 9 | config.add(:aws_region) 10 | config.add(:ca_issuer_host_allow_list, type: :comma_separated_string_list) 11 | config.add(:certificate_store_directory) 12 | config.add(:client_cert_escaped, type: :boolean) 13 | config.add(:client_cert_logger_s3_bucket_name, type: :string) 14 | config.add(:database_host, type: :string) 15 | config.add(:database_name, type: :string) 16 | config.add(:database_password, type: :string) 17 | config.add(:database_sslmode, type: :string) 18 | config.add(:database_statement_timeout, type: :integer) 19 | config.add(:database_timeout, type: :integer) 20 | config.add(:database_username, type: :string) 21 | config.add(:domain_name, type: :string) 22 | config.add(:openssl_verify_enabled, type: :boolean) 23 | config.add(:ficam_certificate_bundle_file, type: :string) 24 | config.add(:http_open_timeout, type: :integer) 25 | config.add(:http_read_timeout, type: :integer) 26 | config.add(:identity_idp_host, type: :string) 27 | config.add(:log_to_stdout, type: :boolean) 28 | config.add(:login_certificate_bundle_file, type: :string) 29 | config.add(:newrelic_license_key) 30 | config.add(:nonce_bloom_filter_enabled, type: :boolean) 31 | config.add(:nonce_bloom_filter_hash_count, type: :integer) 32 | config.add(:nonce_bloom_filter_prefix) 33 | config.add(:nonce_bloom_filter_server) 34 | config.add(:nonce_bloom_filter_size, type: :integer) 35 | config.add(:nonce_bloom_filter_ttl, type: :integer) 36 | config.add(:required_policies, type: :json) 37 | config.add(:piv_cac_verify_token_secret) 38 | config.add(:secret_key_base) 39 | config.add(:token_encryption_key_pepper) 40 | config.add(:token_encryption_key_salt) 41 | config.add(:token_encryption_key_pepper_old) 42 | config.add(:token_encryption_key_salt_old) 43 | config.add(:trusted_ca_root_identifiers, type: :comma_separated_string_list) 44 | end.freeze 45 | # rubocop:enable Metrics/BlockLength 46 | end 47 | -------------------------------------------------------------------------------- /lib/tasks/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/lib/tasks/.keep -------------------------------------------------------------------------------- /lib/tasks/ca.rake: -------------------------------------------------------------------------------- 1 | namespace :ca do 2 | desc 'dump CA certificates' 3 | task dump: :environment do 4 | puts CertificateStore.instance.map { |_, cert| cert.to_pem }.join("\n") 5 | end 6 | 7 | desc 'graph CA certificate relationships' 8 | task graph: :environment do 9 | uml = +'' 10 | uml << "@startuml\n" 11 | CertificateStore.instance.each do |cert| 12 | uml << "file \"#{cert.subject}\" as Cert#{cert.key_id.delete(':')}\n" 13 | end 14 | CertificateStore.instance.each do |cert| 15 | next if cert.trusted_root? 16 | uml << "Cert#{cert.signing_key_id.delete(':')} -down-> Cert#{cert.key_id.delete(':')}\n" 17 | end 18 | uml << "@enduml\n" 19 | 20 | puts uml 21 | end 22 | end 23 | -------------------------------------------------------------------------------- /lib/tasks/crls.rake: -------------------------------------------------------------------------------- 1 | require 'csv' 2 | 3 | namespace :crls do 4 | desc 'update CRL entries in the database' 5 | task update: :environment do 6 | # The timeout value isn't significant as long as it is large since we're doing 7 | # bulk inserts that can take a while to execute. 8 | ActiveRecord::Base.connection.execute('set statement_timeout to 1000000') 9 | CertificateAuthority. 10 | with_crl_http_url. 11 | find_each do |authority| 12 | begin 13 | Rails.logger.info "Updating #{authority.key} #{authority.dn} <#{authority.crl_http_url}>" 14 | authority.update_revocations 15 | rescue StandardError => e 16 | Rails.logger.warn " Unable to update CRL from <#{authority.crl_http_url}>: #{e}" 17 | end 18 | end 19 | end 20 | 21 | desc 'dump CRL information from database into a CSV file' 22 | task :dump, [:file] => :environment do |_task, args| 23 | file = args[:file] 24 | csv = if file.blank? || file == '-' 25 | CSV($stdout) 26 | else 27 | CSV.open(file, 'wb') 28 | end 29 | 30 | CertificateAuthority.find_each do |authority| 31 | csv << [ 32 | authority.key, 33 | authority.valid_not_before, 34 | authority.valid_not_after, 35 | authority.dn, 36 | authority.crl_http_url, 37 | ] 38 | end 39 | end 40 | 41 | desc 'load CRL information into database from a CSV file' 42 | task :load, [:file] => :environment do |_task, args| 43 | file = args[:file] 44 | csv = if file.blank? || file == '-' 45 | CSV($stdin) 46 | else 47 | CSV.open(file, 'rb') 48 | end 49 | csv.each do |(key, valid_not_before, valid_not_after, dn, crl_http_url, *_rest)| 50 | record = CertificateAuthority.create_with( 51 | valid_not_before: valid_not_before, 52 | valid_not_after: valid_not_after, 53 | crl_http_url: crl_http_url 54 | ).find_or_create_by(key: key, dn: dn) 55 | 56 | if crl_http_url.present? && crl_http_url != record.crl_http_url 57 | record.crl_http_url = crl_http_url 58 | record.save 59 | end 60 | end 61 | end 62 | end 63 | -------------------------------------------------------------------------------- /lib/tasks/monitor_concurrent.rake: -------------------------------------------------------------------------------- 1 | namespace :db do 2 | namespace :migrate do 3 | desc 'Run db:migrate but monitor ActiveRecord::ConcurrentMigrationError' 4 | task monitor_concurrent: :environment do 5 | total_sleep_duration = 0 6 | while total_sleep_duration <= 180 7 | begin 8 | Rake::Task['db:migrate'].reenable 9 | Rake::Task['db:migrate'].invoke 10 | break 11 | rescue ActiveRecord::ConcurrentMigrationError 12 | sleep_duration = rand(1..10) 13 | total_sleep_duration += sleep_duration 14 | puts "Migrations Sleeping #{sleep_duration} Seconds" 15 | sleep(sleep_duration) 16 | end 17 | end 18 | 19 | raise('Migrations failed to perform after 3 minutes') if total_sleep_duration > 180 20 | end 21 | end 22 | end 23 | -------------------------------------------------------------------------------- /log/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/log/.keep -------------------------------------------------------------------------------- /nginx.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM public.ecr.aws/docker/library/alpine:3.20 2 | 3 | RUN apk add --no-cache jq curl nginx nginx-mod-http-headers-more 4 | 5 | COPY ./k8files/update-ips.sh /update-ips.sh 6 | COPY ./k8files/nginx-prod.conf /etc/nginx/nginx.conf 7 | COPY ./k8files/status-map.conf /etc/nginx/ 8 | COPY ./config/cert_bundles/ficam_bundle.pem /etc/nginx/ 9 | RUN /update-ips.sh 10 | 11 | ENTRYPOINT ["/usr/sbin/nginx"] 12 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "identity-pki", 3 | "private": true, 4 | "dependencies": {} 5 | } 6 | -------------------------------------------------------------------------------- /public/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The page you were looking for doesn't exist (404) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The page you were looking for doesn't exist.

62 |

You may have mistyped the address or the page may have moved.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /public/422.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The change you wanted was rejected (422) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The change you wanted was rejected.

62 |

Maybe you tried to change something you didn't have access to.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /public/500.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | We're sorry, but something went wrong (500) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

We're sorry, but something went wrong.

62 |
63 |

If you are the application owner check the logs for more information.

64 |
65 | 66 | 67 | -------------------------------------------------------------------------------- /public/apple-touch-icon-precomposed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/public/apple-touch-icon-precomposed.png -------------------------------------------------------------------------------- /public/apple-touch-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/public/apple-touch-icon.png -------------------------------------------------------------------------------- /public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/public/favicon.ico -------------------------------------------------------------------------------- /public/robots.txt: -------------------------------------------------------------------------------- 1 | # See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file 2 | -------------------------------------------------------------------------------- /spec/certs/fingerprint_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe 'Root Certificates' do 4 | let(:config_dir) { Rails.root.join('config') } 5 | 6 | fpki_g2 = 'c=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA G2.pem' 7 | 8 | describe fpki_g2 do 9 | it 'FPKI fingerprint matches https://fpki.idmanagement.gov/common/obtain-and-verify/' do 10 | path = File.join(config_dir, 'certs', fpki_g2) 11 | expect(File.exist?(path)).to eq(true) 12 | 13 | cert = OpenSSL::X509::Certificate.new File.read path 14 | expect(OpenSSL::Digest::SHA256.new(cert.to_der).to_s).to eq( 15 | '5f9aecc24616b2191372600dd80f6dd320c8ca5a0ceb7f09c985ebf0696934fc' 16 | ) 17 | end 18 | end 19 | end 20 | -------------------------------------------------------------------------------- /spec/certs/store_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | describe 'Certificate store in config/certs' do 4 | before do 5 | # We need to allow net connect to download CRLs and check for revocations 6 | WebMock.disallow_net_connect!( 7 | allow: ['ocsp.disa.mil', 8 | 'ssp-ocsp.symauth.com', 9 | 'ocsp.managed.entrust.com', 10 | 'ocsp1.ssp-strong-id.net', 11 | 'ocsp.pki.state.gov', 12 | 'nfiocsp.managed.entrust.com', 13 | 'ssp-ocsp.digicert.com', 14 | 'ocsp.uspto.gov', 15 | ] 16 | ) 17 | 18 | Dir.glob(File.join('config', 'certs', '**', '*.pem')).each do |file| 19 | CertificateStore.instance.add_pem_file(file) 20 | end 21 | end 22 | 23 | after do 24 | WebMock.disallow_net_connect! 25 | end 26 | 27 | it 'only contains valid certs' do 28 | expect(CertificateStore.instance.certificates).to_not be_empty 29 | 30 | invalid_certs = CertificateStore.instance.certificates.filter do |cert| 31 | cert.token({}) 32 | !cert.valid? 33 | end 34 | 35 | invalid_cert_list = invalid_certs.map do |invalid_cert| 36 | "#{invalid_cert.subject} : #{invalid_cert.validate_cert}" 37 | end.join("\n") 38 | failure_message = <<~MESSAGE 39 | Invalid certs found: 40 | #{invalid_cert_list} 41 | 42 | Use `rake certs:remove_invalid` to remove them 43 | MESSAGE 44 | 45 | expect(invalid_certs).to be_empty, failure_message 46 | end 47 | 48 | it 'does not contain duplicate certs' do 49 | certs_by_key_id = {} 50 | Dir.glob(File.join('config', 'certs', '**', '*.pem')).each do |file| 51 | raw_cert = File.read(file) 52 | cert = Certificate.new(OpenSSL::X509::Certificate.new(raw_cert)) 53 | certs_by_key_id[cert.key_id] ||= [] 54 | certs_by_key_id[cert.key_id].push(cert) 55 | end 56 | 57 | duplicate_certs = certs_by_key_id.values.filter(&:many?) 58 | 59 | duplicate_cert_list = duplicate_certs.map do |cert_list| 60 | cert_list.map(&:subject).join("\n") 61 | end.join("\n----------------------------\n") 62 | failure_message = "Duplicate certs found:\n#{duplicate_cert_list}" 63 | 64 | expect(duplicate_certs).to be_empty, failure_message 65 | end 66 | end 67 | -------------------------------------------------------------------------------- /spec/controllers/health/overall_controller_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe Health::OverallController do 4 | describe '#index' do 5 | it 'is a plaintex success response' do 6 | get :index 7 | expect(response.body).to eq('success') 8 | expect(response).to be_successful 9 | expect(response.content_type).to eq('text/plain; charset=utf-8') 10 | end 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /spec/factories/certificate_authorities.rb: -------------------------------------------------------------------------------- 1 | require 'securerandom' 2 | 3 | FactoryBot.define do 4 | factory :certificate_authority do 5 | key { SecureRandom.hex(20).gsub(/(..)/, '\\1:').chomp(':').upcase } 6 | sequence(:dn) { |n| "OU=testing CN=Certificate #{n}" } 7 | valid_not_before { Time.zone.now - 1.year } 8 | valid_not_after { Time.zone.now + 1.year } 9 | end 10 | end 11 | -------------------------------------------------------------------------------- /spec/factories/certificate_revocations.rb: -------------------------------------------------------------------------------- 1 | FactoryBot.define do 2 | factory :certificate_revocation do 3 | certificate_authority 4 | sequence(:serial, &:to_s) 5 | end 6 | end 7 | -------------------------------------------------------------------------------- /spec/factories/piv_cacs.rb: -------------------------------------------------------------------------------- 1 | require 'securerandom' 2 | 3 | FactoryBot.define do 4 | factory :piv_cac do 5 | sequence(:dn) { |n| "DC=com, DC=example, CN=User #{n}" } 6 | end 7 | end 8 | -------------------------------------------------------------------------------- /spec/factories/unrecognized_certificate_authorities.rb: -------------------------------------------------------------------------------- 1 | require 'securerandom' 2 | 3 | FactoryBot.define do 4 | factory :unrecognized_certificate_authority do 5 | key { SecureRandom.hex(20).gsub(/(..)/, '\\1:').chomp(':').upcase } 6 | sequence(:dn) { |n| "O=Unseen University, OU=testing CN=Certificate #{n}" } 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /spec/fixtures/BoeingPCAG3.p7c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/spec/fixtures/BoeingPCAG3.p7c -------------------------------------------------------------------------------- /spec/fixtures/CertiPathBridgeCA-G3.p7c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/spec/fixtures/CertiPathBridgeCA-G3.p7c -------------------------------------------------------------------------------- /spec/fixtures/CertiPathBridgeCA-G3.p7c.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/spec/fixtures/CertiPathBridgeCA-G3.p7c.1 -------------------------------------------------------------------------------- /spec/fixtures/CertsIssuedToDoSADRootCA.p7c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/spec/fixtures/CertsIssuedToDoSADRootCA.p7c -------------------------------------------------------------------------------- /spec/fixtures/CertsIssuedToDoSPIVCA2.p7c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/spec/fixtures/CertsIssuedToDoSPIVCA2.p7c -------------------------------------------------------------------------------- /spec/fixtures/caCertsIssuedByfcpca.p7c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/spec/fixtures/caCertsIssuedByfcpca.p7c -------------------------------------------------------------------------------- /spec/fixtures/caCertsIssuedTofbcag4.p7c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/spec/fixtures/caCertsIssuedTofbcag4.p7c -------------------------------------------------------------------------------- /spec/fixtures/caCertsIssuedTofcpca.p7c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/spec/fixtures/caCertsIssuedTofcpca.p7c -------------------------------------------------------------------------------- /spec/lib/feature_management_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe FeatureManagement do 4 | let(:subject) { described_class } 5 | 6 | describe '#nonce_bloom_filter_enabled?' do 7 | it 'is true when enabled' do 8 | allow(IdentityConfig.store).to receive(:nonce_bloom_filter_enabled).and_return(true) 9 | expect(subject.nonce_bloom_filter_enabled?).to eq true 10 | end 11 | 12 | it 'is false when not enabled' do 13 | allow(IdentityConfig.store).to receive(:nonce_bloom_filter_enabled).and_return(false) 14 | expect(subject.nonce_bloom_filter_enabled?).to eq false 15 | end 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /spec/lib/identity_config_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe IdentityConfig do 4 | describe '.key_types' do 5 | subject(:key_types) { Identity::Hostdata.config_builder.key_types } 6 | 7 | it 'has all _enabled keys as booleans' do 8 | aggregate_failures do 9 | key_types.select { |key, _type| key.to_s.end_with?('_enabled') }. 10 | each do |key, type| 11 | expect(type).to eq(:boolean), "expected #{key} to be a boolean" 12 | end 13 | end 14 | end 15 | 16 | it 'has all _at keys as timestamps' do 17 | aggregate_failures do 18 | key_types.select { |key, _type| key.to_s.end_with?('_at') }. 19 | each do |key, type| 20 | expect(type).to eq(:timestamp), "expected #{key} to be a timestamp" 21 | end 22 | end 23 | end 24 | 25 | it 'has all _timeout keys as numbers' do 26 | aggregate_failures do 27 | key_types.select { |key, _type| key.to_s.end_with?('_timeout') }. 28 | each do |key, type| 29 | expect(type).to eq(:float).or(eq(:integer)), "expected #{key} to be a number" 30 | end 31 | end 32 | end 33 | end 34 | end 35 | -------------------------------------------------------------------------------- /spec/models/certificate_revocation_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe CertificateRevocation, type: :model do 4 | let(:revocation) { create(:certificate_revocation) } 5 | 6 | subject { revocation } 7 | 8 | it do 9 | is_expected.to( 10 | validate_uniqueness_of(:serial). 11 | scoped_to(:certificate_authority_id). 12 | case_insensitive 13 | ) 14 | end 15 | 16 | it { is_expected.to validate_presence_of(:certificate_authority) } 17 | end 18 | -------------------------------------------------------------------------------- /spec/models/finite_policy_mapping_depth_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe FinitePolicyMappingDepth do 4 | it 'is always less than an infinite policy mapping depth' do 5 | expect(FinitePolicyMappingDepth.new(1) <=> InfinitePolicyMappingDepth.new).to eq(-1) 6 | end 7 | end 8 | -------------------------------------------------------------------------------- /spec/models/piv_cac_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe PivCac, type: :model do 4 | let(:piv_cac) { create(:piv_cac) } 5 | 6 | subject { piv_cac } 7 | it { is_expected.to validate_presence_of :uuid } 8 | it { is_expected.to validate_uniqueness_of(:uuid) } 9 | it { is_expected.to validate_presence_of :dn_signature } 10 | it { is_expected.to validate_uniqueness_of(:dn_signature) } 11 | 12 | describe '#find_or_create_by' do 13 | it 'returns nil when dn is not provided' do 14 | expect(described_class.find_or_create_by(uuid: 'some-uuid').errors).to_not be_empty 15 | end 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /spec/models/unrecognized_certificate_authority_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe UnrecognizedCertificateAuthority, type: :model do 4 | let(:authority) { create(:unrecognized_certificate_authority) } 5 | 6 | subject { authority } 7 | it { is_expected.to validate_uniqueness_of(:key).case_insensitive } 8 | it { is_expected.to validate_presence_of(:dn) } 9 | end 10 | -------------------------------------------------------------------------------- /spec/rails_helper.rb: -------------------------------------------------------------------------------- 1 | # This file is copied to spec/ when you run 'rails generate rspec:install' 2 | require 'spec_helper' 3 | require File.expand_path('../config/environment', __dir__) 4 | require 'rspec/rails' 5 | 6 | # Checks for pending migrations before tests are run. 7 | # If you are not using ActiveRecord, you can remove this line. 8 | ActiveRecord::Migration.maintain_test_schema! 9 | 10 | # Requires supporting ruby files with custom matchers and macros, etc, in 11 | # spec/support/ and its subdirectories. Files matching `spec/**/*_spec.rb` are 12 | # run as spec files by default. This means that files in spec/support that end 13 | # in _spec.rb will both be required and run as specs, causing the specs to be 14 | # run twice. It is recommended that you do not name files matching this glob to 15 | # end with _spec.rb. You can configure this pattern with the --pattern 16 | # option on the command line or in ~/.rspec, .rspec or `.rspec-local`. 17 | Dir[Rails.root.join('spec', 'support', '**', '*.rb')].each { |f| require f } 18 | 19 | RSpec.configure do |config| 20 | config.use_transactional_fixtures = true 21 | config.infer_spec_type_from_file_location! 22 | 23 | config.before(:suite) do 24 | Rails.application.load_seed 25 | end 26 | 27 | config.before(:each) do 28 | allow(IdentityConfig.store).to receive(:domain_name).and_return('127.0.0.1') 29 | CertificateStore.reset 30 | CertificateStore.instance.clear_root_identifiers 31 | Certificate.clear_revocation_cache 32 | OcspService.clear_ocsp_response_cache 33 | IssuingCaService.clear_ca_certificates_response_cache! 34 | end 35 | 36 | config.before(:each, type: :controller) do 37 | @request.host = IdentityConfig.store.domain_name 38 | end 39 | end 40 | -------------------------------------------------------------------------------- /spec/requests/health_check_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe 'health check requests' do 4 | describe '/health_check' do 5 | it 'serves a health check response' do 6 | get '/health_check' 7 | 8 | expect(response).to be_successful 9 | expect(response.body).to eq('success') 10 | end 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /spec/services/certificate_chain_service_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe CertificateChainService do 4 | let(:first_signing_key_id) { '8C:D6:D4:69:A9:E4:85:41:3A:6A:A6:5E:DA:51:1A:17:8D:92:8B:6C' } 5 | 6 | let(:starting_cert) do 7 | instance_double(Certificate, 8 | signing_key_id: first_signing_key_id, 9 | ca_issuer_http_url: 'http://crls.pki.state.gov/AIA/CertsIssuedToDoSPIVCA2.p7c') 10 | end 11 | 12 | subject(:service) { CertificateChainService.new } 13 | 14 | # for a URL like http://aia.certipath.com/CertiPathBridgeCA-G3.p7c 15 | # the fixture is expected to be spec/fixures/CertiPathBridgeCA-G3.p7c 16 | def stub_p7c(url) 17 | fixture = File.basename(url) 18 | 19 | stub_request(:get, url) 20 | .to_return(body: File.read(File.join('spec/fixtures/', fixture))) 21 | end 22 | 23 | before do 24 | allow(service).to receive(:puts) 25 | stub_const('STDERR', instance_double('IO', puts: nil)) 26 | 27 | stub_p7c('http://crls.pki.state.gov/AIA/CertsIssuedToDoSPIVCA2.p7c') 28 | stub_p7c('http://crls.pki.state.gov/AIA/CertsIssuedToDoSADRootCA.p7c') 29 | stub_p7c('http://http.fpki.gov/fcpca/caCertsIssuedTofcpca.p7c') 30 | stub_p7c('http://repo.fpki.gov/bridge/caCertsIssuedTofbcag4.p7c') 31 | stub_p7c('http://aia.certipath.com/CertiPathBridgeCA-G3.p7c') 32 | stub_p7c('http://crl.boeing.com/crl/BoeingPCAG3.p7c') 33 | end 34 | 35 | describe '#debug' do 36 | it 'prints the key_id for the issuers' do 37 | expect(service).to receive(:puts). 38 | with('key_id: 8C:D6:D4:69:A9:E4:85:41:3A:6A:A6:5E:DA:51:1A:17:8D:92:8B:6C') 39 | expect(service).to receive(:puts). 40 | with('key_id: CC:00:68:61:A6:A5:03:93:10:0A:1B:61:B7:87:18:C1:45:56:DA:82') 41 | 42 | service.debug(starting_cert) 43 | end 44 | end 45 | 46 | describe '#missing' do 47 | it 'checks for certs missing from the CertificateStore' do 48 | missing = service.missing(starting_cert) 49 | 50 | expect(missing).to all(be_kind_of(Certificate)) 51 | end 52 | end 53 | end 54 | -------------------------------------------------------------------------------- /spec/services/duration_parser_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe DurationParser do 4 | subject(:parser) { DurationParser.new(value) } 5 | 6 | describe '#parse' do 7 | context 'with a format in days' do 8 | let(:value) { '3d' } 9 | it 'parses the value as a number of days' do 10 | expect(parser.parse).to eq(3.days) 11 | end 12 | end 13 | 14 | context 'with a format in weeks' do 15 | let(:value) { '8w' } 16 | it 'parses the value as a number of 7-day weeks' do 17 | expect(parser.parse).to eq((8 * 7).days) 18 | end 19 | end 20 | 21 | context 'with a format in months' do 22 | let(:value) { '5m' } 23 | it 'parses the value as a number of 30-day months' do 24 | expect(parser.parse).to eq((5 * 30).days) 25 | end 26 | end 27 | 28 | context 'with a format in years' do 29 | let(:value) { '2y' } 30 | it 'parses the value as a number of 365-day years' do 31 | expect(parser.parse).to eq((2 * 365).days) 32 | end 33 | end 34 | 35 | [ 36 | '123x', # bad suffix 37 | '1 d', # interior space 38 | 'aaa', # not numeric 39 | ].each do |bad_format| 40 | context "with a bad format (#{bad_format})" do 41 | let(:value) { bad_format } 42 | it 'is not valid' do 43 | expect(parser.parse).to eq(nil) 44 | end 45 | end 46 | end 47 | end 48 | 49 | describe '#valid?' do 50 | context 'with an empty value' do 51 | let(:value) { ' ' } 52 | it 'is valid' do 53 | expect(parser.valid?).to eq(true) 54 | end 55 | end 56 | 57 | context 'with a real value' do 58 | let(:value) { '1w' } 59 | it 'is valid' do 60 | expect(parser.valid?).to eq(true) 61 | end 62 | end 63 | 64 | context 'with a bad value' do 65 | let(:value) { '1 a 1 a 1' } 66 | it 'is not valid' do 67 | expect(parser.valid?).to eq(false) 68 | end 69 | end 70 | end 71 | end 72 | -------------------------------------------------------------------------------- /spec/services/health_checker_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe HealthChecker do 4 | describe '#check_certs' do 5 | subject(:health_checker) { HealthChecker.new(certificates_store: certificates_store) } 6 | let(:deadline) { 30.days.from_now } 7 | 8 | let(:expiring_cert) do 9 | instance_double( 10 | 'Certificate', 11 | expired?: true, 12 | not_after: 15.days.from_now, 13 | subject: OpenSSL::X509::Name.new([%w[CN cert1], %w[OU example]]), 14 | issuer: OpenSSL::X509::Name.new([%w[CN issuer1], %w[OU example]]), 15 | key_id: 'ab:cd:ef:gh:jk' 16 | ) 17 | end 18 | 19 | let(:not_expiring_cert) do 20 | instance_double( 21 | 'Certificate', 22 | expired?: false, 23 | not_after: 45.days.from_now, 24 | subject: OpenSSL::X509::Name.new([%w[CN cert2], %w[OU example]]), 25 | issuer: OpenSSL::X509::Name.new([%w[CN issuer2], %w[OU example]]), 26 | key_id: 'lm:no:pq:rs:tu' 27 | ) 28 | end 29 | 30 | context 'with certs that expire before the deadline' do 31 | let(:certificates_store) { [expiring_cert, not_expiring_cert] } 32 | 33 | it 'returns an unhealthy result with the expiring certs' do 34 | result = health_checker.check_certs(deadline: deadline) 35 | 36 | expect(result).to_not be_healthy 37 | expect(result.info).to eq( 38 | deadline: deadline, 39 | expiring: [ 40 | { 41 | expiration: expiring_cert.not_after, 42 | subject: '/CN=cert1/OU=example', 43 | issuer: '/CN=issuer1/OU=example', 44 | key_id: expiring_cert.key_id, 45 | }, 46 | ] 47 | ) 48 | end 49 | end 50 | 51 | context 'with no certs that expire before the deadline' do 52 | let(:certificates_store) { [not_expiring_cert] } 53 | 54 | it 'returns a healthy result with no certs' do 55 | result = health_checker.check_certs(deadline: deadline) 56 | 57 | expect(result).to be_healthy 58 | expect(result.info).to eq(deadline: deadline, expiring: []) 59 | end 60 | end 61 | end 62 | end 63 | -------------------------------------------------------------------------------- /spec/services/token_service_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe TokenService do 4 | let(:token_service) { described_class } 5 | 6 | let(:data) { { 'a' => 'b' } } 7 | 8 | it 'opens a boxed value' do 9 | expect(token_service.open(token_service.box(data))).to eq data 10 | end 11 | 12 | it 'can open with data encrypted by old key' do 13 | old_salt = IdentityConfig.store.token_encryption_key_salt_old 14 | old_pepper = IdentityConfig.store.token_encryption_key_pepper_old 15 | 16 | key = ActiveSupport::KeyGenerator.new(old_pepper).generate_key(old_salt, 32) 17 | old_encryptor = ActiveSupport::MessageEncryptor.new(key, cipher: 'aes-256-gcm') 18 | data_encypted_with_old_encryptor = TokenService.box(data, old_encryptor) 19 | 20 | expect(token_service.open(data_encypted_with_old_encryptor)).to eq data 21 | end 22 | end 23 | -------------------------------------------------------------------------------- /spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | if ENV['COVERAGE'] 2 | require 'simplecov' 3 | SimpleCov.start 'rails' do 4 | track_files '{app,lib}/**/*.rb' 5 | 6 | add_group 'Controllers', 'app/controllers' 7 | add_group 'Services', 'app/services' 8 | add_group 'Helpers', 'app/helpers' 9 | add_group 'Models', 'app/models' 10 | add_filter '/config/' 11 | add_filter '/k8files/' 12 | add_filter %r{^/spec/} 13 | add_filter '/vendor/bundle/' 14 | add_filter %r{^/db/} 15 | add_filter %r{^/\.gem/} 16 | add_filter %r{/vendor/ruby/} 17 | end 18 | end 19 | 20 | ENV['RAILS_ENV'] ||= 'test' 21 | 22 | RSpec.configure do |config| 23 | # see more settings at spec/rails_helper.rb 24 | config.raise_errors_for_deprecations! 25 | config.order = :random 26 | config.color = true 27 | config.formatter = :documentation 28 | 29 | # allows you to run only the failures from the previous run: 30 | # rspec --only-failures 31 | config.example_status_persistence_file_path = './tmp/rspec-examples.txt' 32 | 33 | # show the n slowest tests at the end of the test run 34 | # config.profile_examples = 10 35 | end 36 | 37 | require 'webmock/rspec' 38 | WebMock.disable_net_connect!(allow: [/localhost/, /127\.0\.0\.1/]) 39 | -------------------------------------------------------------------------------- /spec/support/data_file.rb: -------------------------------------------------------------------------------- 1 | module DataFileHelpers 2 | ROOT_DIR = File.dirname(__FILE__) 3 | 4 | def data_file(filename) 5 | full_path = data_file_path(filename) 6 | IO.binread(full_path) if File.exist?(full_path) 7 | end 8 | 9 | def data_file_path(filename) 10 | File.join(ROOT_DIR, '..', 'data', filename) 11 | end 12 | end 13 | 14 | RSpec.configure do |c| 15 | c.include DataFileHelpers 16 | end 17 | -------------------------------------------------------------------------------- /spec/support/factory_bot.rb: -------------------------------------------------------------------------------- 1 | RSpec.configure do |config| 2 | config.include FactoryBot::Syntax::Methods 3 | end 4 | -------------------------------------------------------------------------------- /spec/support/shoulda_matchers.rb: -------------------------------------------------------------------------------- 1 | require 'shoulda/matchers' 2 | 3 | Shoulda::Matchers.configure do |config| 4 | config.integrate do |with| 5 | with.test_framework :rspec 6 | 7 | with.library :active_record 8 | with.library :active_model 9 | end 10 | end 11 | 12 | RSpec.configure do |config| 13 | config.include(Shoulda::Matchers::ActiveModel, type: :model) 14 | config.include(Shoulda::Matchers::ActiveRecord, type: :model) 15 | end 16 | -------------------------------------------------------------------------------- /tmp/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/tmp/.keep -------------------------------------------------------------------------------- /vendor/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/18F/identity-pki/5990d186c94c45161235d288871fd2bb34013d12/vendor/.keep --------------------------------------------------------------------------------