提交 3941b6d7 编写于 作者: I igerasim

8143913: MSCAPI keystore should accept Certificate[] in setEntry()

6483657: MSCAPI provider does not create unique alias names
Reviewed-by: vinnie
上级 70e9c729
/*
* Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -189,8 +189,10 @@ abstract class KeyStore extends KeyStoreSpi {
/*
* The keystore entries.
* Keys in the map are unique aliases (thus can differ from
* KeyEntry.getAlias())
*/
private Collection<KeyEntry> entries = new ArrayList<KeyEntry>();
private Map<String,KeyEntry> entries = new HashMap<>();
/*
* The keystore name.
......@@ -250,13 +252,10 @@ abstract class KeyStore extends KeyStoreSpi {
if (engineIsKeyEntry(alias) == false)
return null;
for (KeyEntry entry : entries) {
if (alias.equals(entry.getAlias())) {
return entry.getPrivateKey();
}
}
return null;
KeyEntry entry = entries.get(alias);
return (entry == null)
? null
: entry.getPrivateKey();
}
/**
......@@ -276,15 +275,13 @@ abstract class KeyStore extends KeyStoreSpi {
return null;
}
for (KeyEntry entry : entries) {
if (alias.equals(entry.getAlias())) {
X509Certificate[] certChain = entry.getCertificateChain();
return certChain.clone();
}
}
return null;
KeyEntry entry = entries.get(alias);
X509Certificate[] certChain = (entry == null)
? null
: entry.getCertificateChain();
return (certChain == null)
? null
: certChain.clone();
}
/**
......@@ -308,15 +305,13 @@ abstract class KeyStore extends KeyStoreSpi {
return null;
}
for (KeyEntry entry : entries) {
if (alias.equals(entry.getAlias()))
{
X509Certificate[] certChain = entry.getCertificateChain();
return certChain.length == 0 ? null : certChain[0];
}
}
return null;
KeyEntry entry = entries.get(alias);
X509Certificate[] certChain = (entry == null)
? null
: entry.getCertificateChain();
return (certChain == null || certChain.length == 0)
? null
: certChain[0];
}
/**
......@@ -380,29 +375,32 @@ abstract class KeyStore extends KeyStoreSpi {
if (key instanceof RSAPrivateCrtKey) {
KeyEntry entry = null;
boolean found = false;
KeyEntry entry = entries.get(alias);
for (KeyEntry e : entries) {
if (alias.equals(e.getAlias())) {
found = true;
entry = e;
break;
X509Certificate[] xchain;
if (chain != null) {
if (chain instanceof X509Certificate[]) {
xchain = (X509Certificate[]) chain;
} else {
xchain = new X509Certificate[chain.length];
System.arraycopy(chain, 0, xchain, 0, chain.length);
}
} else {
xchain = null;
}
if (! found) {
if (entry == null) {
entry =
//TODO new KeyEntry(alias, key, (X509Certificate[]) chain);
new KeyEntry(alias, null, (X509Certificate[]) chain);
entries.add(entry);
new KeyEntry(alias, null, xchain);
storeWithUniqueAlias(alias, entry);
}
entry.setAlias(alias);
try {
entry.setPrivateKey((RSAPrivateCrtKey) key);
entry.setCertificateChain((X509Certificate[]) chain);
entry.setCertificateChain(xchain);
} catch (CertificateException ce) {
throw new KeyStoreException(ce);
......@@ -474,23 +472,14 @@ abstract class KeyStore extends KeyStoreSpi {
// TODO - build CryptoAPI chain?
X509Certificate[] chain =
new X509Certificate[]{ (X509Certificate) cert };
KeyEntry entry = null;
boolean found = false;
for (KeyEntry e : entries) {
if (alias.equals(e.getAlias())) {
found = true;
entry = e;
break;
}
}
KeyEntry entry = entries.get(alias);
if (! found) {
if (entry == null) {
entry =
new KeyEntry(alias, null, chain);
entries.add(entry);
storeWithUniqueAlias(alias, entry);
}
if (entry.getPrivateKey() == null) { // trusted-cert entry
entry.setAlias(alias);
......@@ -522,32 +511,26 @@ abstract class KeyStore extends KeyStoreSpi {
throw new KeyStoreException("alias must not be null");
}
for (KeyEntry entry : entries) {
if (alias.equals(entry.getAlias())) {
// Get end-entity certificate and remove from system cert store
X509Certificate[] certChain = entry.getCertificateChain();
if (certChain != null) {
KeyEntry entry = entries.remove(alias);
if (entry != null) {
// Get end-entity certificate and remove from system cert store
X509Certificate[] certChain = entry.getCertificateChain();
if (certChain != null) {
try {
try {
byte[] encoding = certChain[0].getEncoded();
removeCertificate(getName(), alias, encoding,
byte[] encoding = certChain[0].getEncoded();
removeCertificate(getName(), entry.getAlias(), encoding,
encoding.length);
} catch (CertificateException e) {
throw new KeyStoreException("Cannot remove entry: " +
e);
}
}
Key privateKey = entry.getPrivateKey();
if (privateKey != null) {
destroyKeyContainer(
Key.getContainerName(privateKey.getHCryptProvider()));
} catch (CertificateException e) {
throw new KeyStoreException("Cannot remove entry: ", e);
}
entries.remove(entry);
break;
}
Key privateKey = entry.getPrivateKey();
if (privateKey != null) {
destroyKeyContainer(
Key.getContainerName(privateKey.getHCryptProvider()));
}
}
}
......@@ -558,8 +541,7 @@ abstract class KeyStore extends KeyStoreSpi {
* @return enumeration of the alias names
*/
public Enumeration<String> engineAliases() {
final Iterator<KeyEntry> iter = entries.iterator();
final Iterator<String> iter = entries.keySet().iterator();
return new Enumeration<String>()
{
......@@ -570,8 +552,7 @@ abstract class KeyStore extends KeyStoreSpi {
public String nextElement()
{
KeyEntry entry = iter.next();
return entry.getAlias();
return iter.next();
}
};
}
......@@ -584,15 +565,7 @@ abstract class KeyStore extends KeyStoreSpi {
* @return true if the alias exists, false otherwise
*/
public boolean engineContainsAlias(String alias) {
for (Enumeration<String> enumerator = engineAliases();
enumerator.hasMoreElements();)
{
String a = enumerator.nextElement();
if (a.equals(alias))
return true;
}
return false;
return entries.containsKey(alias);
}
/**
......@@ -617,13 +590,8 @@ abstract class KeyStore extends KeyStoreSpi {
return false;
}
for (KeyEntry entry : entries) {
if (alias.equals(entry.getAlias())) {
return entry.getPrivateKey() != null;
}
}
return false;
KeyEntry entry = entries.get(alias);
return entry != null && entry.getPrivateKey() != null;
}
/**
......@@ -633,15 +601,14 @@ abstract class KeyStore extends KeyStoreSpi {
* @return true if the entry identified by the given alias is a
* <i>trusted certificate entry</i>, false otherwise.
*/
public boolean engineIsCertificateEntry(String alias)
{
for (KeyEntry entry : entries) {
if (alias.equals(entry.getAlias())) {
return entry.getPrivateKey() == null;
}
public boolean engineIsCertificateEntry(String alias) {
if (alias == null) {
return false;
}
return false;
KeyEntry entry = entries.get(alias);
return entry != null && entry.getPrivateKey() == null;
}
/**
......@@ -660,9 +627,10 @@ abstract class KeyStore extends KeyStoreSpi {
* @return the (alias) name of the first entry with matching certificate,
* or null if no such entry exists in this keystore.
*/
public String engineGetCertificateAlias(Certificate cert)
{
for (KeyEntry entry : entries) {
public String engineGetCertificateAlias(Certificate cert) {
for (Map.Entry<String,KeyEntry> mapEntry : entries.entrySet()) {
KeyEntry entry = mapEntry.getValue();
if (entry.certChain != null && entry.certChain[0].equals(cert)) {
return entry.getAlias();
}
......@@ -755,20 +723,39 @@ abstract class KeyStore extends KeyStoreSpi {
try {
// Load keys and/or certificate chains
loadKeysOrCertificateChains(getName(), entries);
loadKeysOrCertificateChains(getName());
} catch (KeyStoreException e) {
throw new IOException(e);
}
}
/**
* Stores the given entry into the map, making sure
* the alias, used as the key is unique.
* If the same alias already exists, it tries to append
* a suffix (1), (2), etc to it until it finds a unique
* value.
*/
private void storeWithUniqueAlias(String alias, KeyEntry entry) {
String uniqAlias = alias;
int uniqNum = 1;
while (true) {
if (entries.putIfAbsent(uniqAlias, entry) == null) {
break;
}
uniqAlias = alias + " (" + (uniqNum++) + ")";
}
}
/**
* Generates a certificate chain from the collection of
* certificates and stores the result into a key entry.
*/
private void generateCertificateChain(String alias,
Collection<? extends Certificate> certCollection,
Collection<KeyEntry> entries)
Collection<? extends Certificate> certCollection)
{
try
{
......@@ -782,10 +769,8 @@ abstract class KeyStore extends KeyStoreSpi {
certChain[i] = (X509Certificate) iter.next();
}
KeyEntry entry = new KeyEntry(alias, null, certChain);
// Add cert chain
entries.add(entry);
storeWithUniqueAlias(alias,
new KeyEntry(alias, null, certChain));
}
catch (Throwable e)
{
......@@ -800,8 +785,7 @@ abstract class KeyStore extends KeyStoreSpi {
*/
private void generateRSAKeyAndCertificateChain(String alias,
long hCryptProv, long hCryptKey, int keyLength,
Collection<? extends Certificate> certCollection,
Collection<KeyEntry> entries)
Collection<? extends Certificate> certCollection)
{
try
{
......@@ -815,11 +799,9 @@ abstract class KeyStore extends KeyStoreSpi {
certChain[i] = (X509Certificate) iter.next();
}
KeyEntry entry = new KeyEntry(alias, new RSAPrivateKey(hCryptProv,
hCryptKey, keyLength), certChain);
// Add cert chain
entries.add(entry);
storeWithUniqueAlias(alias, new KeyEntry(alias,
new RSAPrivateKey(hCryptProv, hCryptKey, keyLength),
certChain));
}
catch (Throwable e)
{
......@@ -876,8 +858,8 @@ abstract class KeyStore extends KeyStoreSpi {
* @param name Name of keystore.
* @param entries Collection of key/certificate.
*/
private native void loadKeysOrCertificateChains(String name,
Collection<KeyEntry> entries) throws KeyStoreException;
private native void loadKeysOrCertificateChains(String name)
throws KeyStoreException;
/**
* Stores a DER-encoded certificate into the certificate store
......
/*
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -266,7 +266,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_mscapi_PRNG_generateSeed
* Signature: (Ljava/lang/String;Ljava/util/Collection;)V
*/
JNIEXPORT void JNICALL Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateChains
(JNIEnv *env, jobject obj, jstring jCertStoreName, jobject jCollections)
(JNIEnv *env, jobject obj, jstring jCertStoreName)
{
/**
* Certificate in cert store has enhanced key usage extension
......@@ -325,7 +325,7 @@ JNIEXPORT void JNICALL Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateCh
// Determine method ID to generate certificate chain
jmethodID mGenCertChain = env->GetMethodID(clazzOfThis,
"generateCertificateChain",
"(Ljava/lang/String;Ljava/util/Collection;Ljava/util/Collection;)V");
"(Ljava/lang/String;Ljava/util/Collection;)V");
if (mGenCertChain == NULL) {
__leave;
}
......@@ -333,7 +333,7 @@ JNIEXPORT void JNICALL Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateCh
// Determine method ID to generate RSA certificate chain
jmethodID mGenRSAKeyAndCertChain = env->GetMethodID(clazzOfThis,
"generateRSAKeyAndCertificateChain",
"(Ljava/lang/String;JJILjava/util/Collection;Ljava/util/Collection;)V");
"(Ljava/lang/String;JJILjava/util/Collection;)V");
if (mGenRSAKeyAndCertChain == NULL) {
__leave;
}
......@@ -360,38 +360,37 @@ JNIEXPORT void JNICALL Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateCh
} else {
// Private key is available
BOOL bGetUserKey = ::CryptGetUserKey(hCryptProv, dwKeySpec, &hUserKey);
BOOL bGetUserKey = ::CryptGetUserKey(hCryptProv, dwKeySpec, &hUserKey);
// Skip certificate if cannot find private key
if (bGetUserKey == FALSE)
{
if (bCallerFreeProv)
::CryptReleaseContext(hCryptProv, NULL);
// Skip certificate if cannot find private key
if (bGetUserKey == FALSE)
{
if (bCallerFreeProv)
::CryptReleaseContext(hCryptProv, NULL);
continue;
}
continue;
}
// Set cipher mode to ECB
DWORD dwCipherMode = CRYPT_MODE_ECB;
::CryptSetKeyParam(hUserKey, KP_MODE, (BYTE*)&dwCipherMode, NULL);
// Set cipher mode to ECB
DWORD dwCipherMode = CRYPT_MODE_ECB;
::CryptSetKeyParam(hUserKey, KP_MODE, (BYTE*)&dwCipherMode, NULL);
// If the private key is present in smart card, we may not be able to
// determine the key length by using the private key handle. However,
// since public/private key pairs must have the same length, we could
// determine the key length of the private key by using the public key
// in the certificate.
dwPublicKeyLength = ::CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
&(pCertContext->pCertInfo->SubjectPublicKeyInfo));
// If the private key is present in smart card, we may not be able to
// determine the key length by using the private key handle. However,
// since public/private key pairs must have the same length, we could
// determine the key length of the private key by using the public key
// in the certificate.
dwPublicKeyLength = ::CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
&(pCertContext->pCertInfo->SubjectPublicKeyInfo));
}
}
PCCERT_CHAIN_CONTEXT pCertChainContext = NULL;
// Build certificate chain by using system certificate store.
// Add cert chain into collection for any key usage.
//
if (GetCertificateChain(OID_EKU_ANY, pCertContext,
&pCertChainContext))
if (GetCertificateChain(OID_EKU_ANY, pCertContext, &pCertChainContext))
{
for (unsigned int i=0; i < pCertChainContext->cChain; i++)
......@@ -450,26 +449,26 @@ JNIEXPORT void JNICALL Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateCh
// collection
env->CallVoidMethod(obj, mGenCertChain,
env->NewStringUTF(pszNameString),
jArrayList, jCollections);
jArrayList);
}
else
{
// Determine key type: RSA or DSA
DWORD dwData = CALG_RSA_KEYX;
DWORD dwSize = sizeof(DWORD);
::CryptGetKeyParam(hUserKey, KP_ALGID, (BYTE*)&dwData,
&dwSize, NULL);
if ((dwData & ALG_TYPE_RSA) == ALG_TYPE_RSA)
{
// Generate RSA certificate chain and store into cert
// chain collection
env->CallVoidMethod(obj, mGenRSAKeyAndCertChain,
env->NewStringUTF(pszNameString),
(jlong) hCryptProv, (jlong) hUserKey,
dwPublicKeyLength, jArrayList, jCollections);
// Determine key type: RSA or DSA
DWORD dwData = CALG_RSA_KEYX;
DWORD dwSize = sizeof(DWORD);
::CryptGetKeyParam(hUserKey, KP_ALGID, (BYTE*)&dwData,
&dwSize, NULL);
if ((dwData & ALG_TYPE_RSA) == ALG_TYPE_RSA)
{
// Generate RSA certificate chain and store into cert
// chain collection
env->CallVoidMethod(obj, mGenRSAKeyAndCertChain,
env->NewStringUTF(pszNameString),
(jlong) hCryptProv, (jlong) hUserKey,
dwPublicKeyLength, jArrayList);
}
}
}
}
// Free cert chain
......
/*
* Copyright (c) 2015 Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
/**
* @test
* @bug 8143913
* @requires os.family == "windows"
* @summary MSCAPI keystore should accept Certificate[] in setEntry()
*/
public class CastError {
public static void main(String[] args) throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
FileInputStream fis = new FileInputStream(
new File(System.getProperty("test.src"),
"../tools/jarsigner/JarSigning.keystore"));
ks.load(fis, "bbbbbb".toCharArray());
PrivateKey pk = (PrivateKey) ks.getKey("c", "bbbbbb".toCharArray());
Certificate cert = ks.getCertificate("c");
ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null);
ks.setKeyEntry("8143913", pk, null, new Certificate[]{cert});
ks.deleteEntry("8143913");
}
}
#!/bin/sh
#
# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
#
# @test
# @ignore Uses certutil.exe that isn't guaranteed to be installed
# @bug 6483657
# @requires os.family == "windows"
# @run shell NonUniqueAliases.sh
# @summary Test "keytool -list" displays correcly same named certificates
# set a few environment variables so that the shell-script can run stand-alone
# in the source directory
if [ "${TESTSRC}" = "" ] ; then
TESTSRC="."
fi
if [ "${TESTCLASSES}" = "" ] ; then
TESTCLASSES="."
fi
if [ "${TESTJAVA}" = "" ] ; then
echo "TESTJAVA not set. Test cannot execute."
echo "FAILED!!!"
exit 1
fi
OS=`uname -s`
case "$OS" in
Windows* | CYGWIN* )
# 'uname -m' does not give us enough information -
# should rely on $PROCESSOR_IDENTIFIER (as is done in Defs-windows.gmk),
# but JTREG does not pass this env variable when executing a shell script.
#
# execute test program - rely on it to exit if platform unsupported
echo "removing the alias NonUniqueName if it already exists"
certutil -user -delstore MY NonUniqueName
echo "Importing 1st certificate into MY keystore using certutil tool"
certutil -user -addstore MY ${TESTSRC}/nonUniq1.pem
echo "Importing 2nd certificate into MY keystore using certutil tool"
certutil -user -addstore MY ${TESTSRC}/nonUniq2.pem
echo "Listing certificates with keytool"
${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} -list -storetype Windows-My
echo "Counting expected entries"
count0=`${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} -list -storetype Windows-My | grep 'NonUniqueName,' | wc -l`
if [ ! $count0 = 1 ]; then
echo "error: unexpected number of entries ($count0) in the Windows-MY store"
certutil -user -delstore MY NonUniqueName
exit 115
fi
echo "Counting expected entries"
count1=`${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} -list -storetype Windows-My | grep 'NonUniqueName (1),' | wc -l`
if [ ! $count1 = 1 ]; then
echo "error: unexpected number of entries ($count1) in the Windows-MY store"
certutil -user -delstore MY NonUniqueName
exit 116
fi
echo "Cleaning up"
certutil -user -delstore MY NonUniqueName
exit 0
;;
* )
echo "This test is not intended for '$OS' - passing test"
exit 0
;;
esac
-----BEGIN CERTIFICATE-----
MIIB/jCCAWegAwIBAgIJANy5XBGM4BSuMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNV
BAMMDU5vblVuaXF1ZU5hbWUwHhcNMTYwNDAxMTcyMjQ0WhcNMTYwNzEwMTcyMjQ0
WjAYMRYwFAYDVQQDDA1Ob25VbmlxdWVOYW1lMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDI0hlED2YFVgTaVLKWvsqB9JN9EJpUWECkB97fJwb1x99dHf0TO2p6
HPPvkvjBiAMEZYbojCz+WpNhG1Ilu/UgKwPyHh1pL6kRcEhlS2G3i7p9SDLHWlk0
xfdhSZERgd6ROpDnY7eaj1CTdVCSyEATs4FFyNtN9Q39jyeCU++ksQIDAQABo1Aw
TjAdBgNVHQ4EFgQUpW/Wtw/OOTdnFTL7afIkNjuCVr8wHwYDVR0jBBgwFoAUpW/W
tw/OOTdnFTL7afIkNjuCVr8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB
gQAWC+xX1cGNNp3F6dAb5tKKJGgQwsjfrjDP0/AirWc7Im1kTCpVPT61Ayt0bHgH
n3hGivKmO7ChQAI3QsDMDKWE98tF6afPltBOoWh2a9tPd65JSD1HfkG+Wc1IZ5gL
8rKp1tdKTEG2A+qXRN/e6DdtMsgDrK1iPfX+rer53TC+Yg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB/jCCAWegAwIBAgIJAPyQune5t/SZMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNV
BAMMDU5vblVuaXF1ZU5hbWUwHhcNMTYwNDAxMTcyMzI0WhcNMTYwNzEwMTcyMzI0
WjAYMRYwFAYDVQQDDA1Ob25VbmlxdWVOYW1lMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDeSu/pPzL9hA1kjA2Rs13LpN2lNrisbYg/Vj/swGDMJnVCzS3IFQQy
71515mru+ngrHnfPSo4FKUhZPJzET2D7CruR65SzhQ96SHGoR8rhmL41KRBKELuR
3MoarLFziFzeIil4NZg55xp6TE/WCXRfi7HNdIgoKQGLoIhehVGN8QIDAQABo1Aw
TjAdBgNVHQ4EFgQUxFw79pLSf5Ul3zLqi/Mc6pSxEtswHwYDVR0jBBgwFoAUxFw7
9pLSf5Ul3zLqi/Mc6pSxEtswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB
gQDPilBcFpFrjwqb+lJxDxXK992KjNUS8yFLo1DQ/LBTaoHvy/U5zxzRq+nvSaaf
h+RIKqTwIbuBhSjrXVdJ/gzob/UlPC7IDo7FVbZwOHqTkqEum8jQEpX67hEevw9s
+reyqGhLsCtQK6uBTd2Nt9uOVCHrWNzWgQewkVYAUM5QpA==
-----END CERTIFICATE-----
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册