aws-sdk-core-3.191.2/0000755000004100000410000000000014563437550014232 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/0000755000004100000410000000000014563437550015000 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-sso.rb0000644000004100000410000000301514563437550017477 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE unless Module.const_defined?(:Aws) require 'aws-sdk-core' require 'aws-sigv4' end require_relative 'aws-sdk-sso/types' require_relative 'aws-sdk-sso/client_api' require_relative 'aws-sdk-sso/plugins/endpoints.rb' require_relative 'aws-sdk-sso/client' require_relative 'aws-sdk-sso/errors' require_relative 'aws-sdk-sso/resource' require_relative 'aws-sdk-sso/endpoint_parameters' require_relative 'aws-sdk-sso/endpoint_provider' require_relative 'aws-sdk-sso/endpoints' require_relative 'aws-sdk-sso/customizations' # This module provides support for AWS Single Sign-On. This module is available in the # `aws-sdk-core` gem. # # # Client # # The {Client} class provides one method for each API operation. Operation # methods each accept a hash of request parameters and return a response # structure. # # sso = Aws::SSO::Client.new # resp = sso.get_role_credentials(params) # # See {Client} for more information. # # # Errors # # Errors returned from AWS Single Sign-On are defined in the # {Errors} module and all extend {Errors::ServiceError}. # # begin # # do stuff # rescue Aws::SSO::Errors::ServiceError # # rescues all AWS Single Sign-On API errors # end # # See {Errors} for more information. # # @!group service module Aws::SSO GEM_VERSION = '3.191.2' end aws-sdk-core-3.191.2/lib/aws-sdk-core.rb0000644000004100000410000001371714563437550017635 0ustar www-datawww-data# frozen_string_literal: true require 'aws-partitions' require 'seahorse' require 'jmespath' require_relative 'aws-sdk-core/deprecations' # credential providers require_relative 'aws-sdk-core/credential_provider' require_relative 'aws-sdk-core/refreshing_credentials' require_relative 'aws-sdk-core/assume_role_credentials' require_relative 'aws-sdk-core/assume_role_web_identity_credentials' require_relative 'aws-sdk-core/credentials' require_relative 'aws-sdk-core/credential_provider_chain' require_relative 'aws-sdk-core/ecs_credentials' require_relative 'aws-sdk-core/instance_profile_credentials' require_relative 'aws-sdk-core/shared_credentials' require_relative 'aws-sdk-core/process_credentials' require_relative 'aws-sdk-core/sso_credentials' # tokens and token providers require_relative 'aws-sdk-core/token' require_relative 'aws-sdk-core/token_provider' require_relative 'aws-sdk-core/static_token_provider' require_relative 'aws-sdk-core/refreshing_token' require_relative 'aws-sdk-core/sso_token_provider' require_relative 'aws-sdk-core/token_provider_chain' require_relative 'aws-sdk-core/plugins/bearer_authorization' # client modules require_relative 'aws-sdk-core/client_stubs' require_relative 'aws-sdk-core/async_client_stubs' require_relative 'aws-sdk-core/eager_loader' require_relative 'aws-sdk-core/errors' require_relative 'aws-sdk-core/pageable_response' require_relative 'aws-sdk-core/pager' require_relative 'aws-sdk-core/param_converter' require_relative 'aws-sdk-core/param_validator' require_relative 'aws-sdk-core/shared_config' require_relative 'aws-sdk-core/structure' require_relative 'aws-sdk-core/type_builder' require_relative 'aws-sdk-core/util' # resource classes require_relative 'aws-sdk-core/resources/collection' # logging require_relative 'aws-sdk-core/log/formatter' require_relative 'aws-sdk-core/log/param_filter' require_relative 'aws-sdk-core/log/param_formatter' # stubbing require_relative 'aws-sdk-core/stubbing/empty_stub' require_relative 'aws-sdk-core/stubbing/data_applicator' require_relative 'aws-sdk-core/stubbing/stub_data' require_relative 'aws-sdk-core/stubbing/xml_error' # stubbing protocols require_relative 'aws-sdk-core/stubbing/protocols/ec2' require_relative 'aws-sdk-core/stubbing/protocols/json' require_relative 'aws-sdk-core/stubbing/protocols/query' require_relative 'aws-sdk-core/stubbing/protocols/rest' require_relative 'aws-sdk-core/stubbing/protocols/rest_json' require_relative 'aws-sdk-core/stubbing/protocols/rest_xml' require_relative 'aws-sdk-core/stubbing/protocols/api_gateway' # protocols require_relative 'aws-sdk-core/rest' require_relative 'aws-sdk-core/xml' require_relative 'aws-sdk-core/json' # event stream require_relative 'aws-sdk-core/binary' require_relative 'aws-sdk-core/event_emitter' # endpoint discovery require_relative 'aws-sdk-core/endpoint_cache' # client metrics require_relative 'aws-sdk-core/client_side_monitoring/request_metrics' require_relative 'aws-sdk-core/client_side_monitoring/publisher' # utilities require_relative 'aws-sdk-core/arn' require_relative 'aws-sdk-core/arn_parser' require_relative 'aws-sdk-core/ec2_metadata' # dynamic endpoints require_relative 'aws-sdk-core/endpoints' require_relative 'aws-sdk-core/plugins/signature_v4' # defaults require_relative 'aws-defaults' # plugins # loaded through building STS or SSO .. # aws-sdk-sts is included to support Aws::AssumeRoleCredentials require_relative 'aws-sdk-sts' # aws-sdk-sso is included to support Aws::SSOCredentials require_relative 'aws-sdk-sso' require_relative 'aws-sdk-ssooidc' module Aws CORE_GEM_VERSION = File.read(File.expand_path('../../VERSION', __FILE__)).strip @config = {} class << self # @api private def shared_config enabled = ENV["AWS_SDK_CONFIG_OPT_OUT"] ? false : true @shared_config ||= SharedConfig.new(config_enabled: enabled) end # @return [Hash] Returns a hash of default configuration options shared # by all constructed clients. attr_reader :config # @param [Hash] config def config=(config) if Hash === config @config = config else raise ArgumentError, 'configuration object must be a hash' end end # @see (Aws::Partitions.partition) def partition(partition_name) Aws::Partitions.partition(partition_name) end # @see (Aws::Partitions.partitions) def partitions Aws::Partitions.partitions end # The SDK ships with a ca certificate bundle to use when verifying SSL # peer certificates. By default, this cert bundle is *NOT* used. The # SDK will rely on the default cert available to OpenSSL. This ensures # the cert provided by your OS is used. # # For cases where the default cert is unavailable, e.g. Windows, you # can call this method. # # Aws.use_bundled_cert! # # @return [String] Returns the path to the bundled cert. def use_bundled_cert! config.delete(:ssl_ca_directory) config.delete(:ssl_ca_store) config[:ssl_ca_bundle] = File.expand_path(File.join( File.dirname(__FILE__), '..', 'ca-bundle.crt' )) end # Close any long-lived connections maintained by the SDK's internal # connection pool. # # Applications that rely heavily on the `fork()` system call on POSIX systems # should call this method in the child process directly after fork to ensure # there are no race conditions between the parent # process and its children # for the pooled TCP connections. # # Child processes that make multi-threaded calls to the SDK should block on # this call before beginning work. # # @return [nil] def empty_connection_pools! Seahorse::Client::NetHttp::ConnectionPool.pools.each do |pool| pool.empty! end end # @api private def eager_autoload!(*args) msg = 'Aws.eager_autoload is no longer needed, usage of '\ 'autoload has been replaced with require statements' warn(msg) end end end aws-sdk-core-3.191.2/lib/aws-sdk-sts/0000755000004100000410000000000014563437550017160 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-sts/customizations.rb0000644000004100000410000000012114563437550022572 0ustar www-datawww-data# frozen_string_literal: true # utility classes require 'aws-sdk-sts/presigner' aws-sdk-core-3.191.2/lib/aws-sdk-sts/resource.rb0000644000004100000410000000077714563437550021347 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::STS class Resource # @param options ({}) # @option options [Client] :client def initialize(options = {}) @client = options[:client] || Client.new(options) end # @return [Client] def client @client end end end aws-sdk-core-3.191.2/lib/aws-sdk-sts/plugins/0000755000004100000410000000000014563437550020641 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb0000644000004100000410000000213614563437550025744 0ustar www-datawww-data# frozen_string_literal: true module Aws module STS module Plugins class STSRegionalEndpoints < Seahorse::Client::Plugin option(:sts_regional_endpoints, default: 'regional', doc_type: String, docstring: <<-DOCS) do |cfg| Passing in 'regional' to enable regional endpoint for STS for all supported regions (except 'aws-global'). Using 'legacy' mode will force all legacy regions to resolve to the STS global endpoint. DOCS resolve_sts_regional_endpoints(cfg) end private def self.resolve_sts_regional_endpoints(cfg) env_mode = ENV['AWS_STS_REGIONAL_ENDPOINTS'] env_mode = nil if env_mode == '' cfg_mode = Aws.shared_config.sts_regional_endpoints( profile: cfg.profile) default_mode_value = if cfg.respond_to?(:defaults_mode_config_resolver) cfg.defaults_mode_config_resolver.resolve(:sts_regional_endpoints) end env_mode || cfg_mode || default_mode_value || 'regional' end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-sts/plugins/endpoints.rb0000644000004100000410000000550214563437550023173 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::STS module Plugins class Endpoints < Seahorse::Client::Plugin option( :endpoint_provider, doc_type: 'Aws::STS::EndpointProvider', rbs_type: 'untyped', docstring: 'The endpoint provider used to resolve endpoints. Any '\ 'object that responds to `#resolve_endpoint(parameters)` '\ 'where `parameters` is a Struct similar to '\ '`Aws::STS::EndpointParameters`' ) do |cfg| Aws::STS::EndpointProvider.new end # @api private class Handler < Seahorse::Client::Handler def call(context) unless context[:discovered_endpoint] params = parameters_for_operation(context) endpoint = context.config.endpoint_provider.resolve_endpoint(params) context.http_request.endpoint = endpoint.url apply_endpoint_headers(context, endpoint.headers) context[:endpoint_params] = params context[:endpoint_properties] = endpoint.properties end context[:auth_scheme] = Aws::Endpoints.resolve_auth_scheme(context, endpoint) @handler.call(context) end private def apply_endpoint_headers(context, headers) headers.each do |key, values| value = values .compact .map { |s| Seahorse::Util.escape_header_list_string(s.to_s) } .join(',') context.http_request.headers[key] = value end end def parameters_for_operation(context) case context.operation_name when :assume_role Aws::STS::Endpoints::AssumeRole.build(context) when :assume_role_with_saml Aws::STS::Endpoints::AssumeRoleWithSAML.build(context) when :assume_role_with_web_identity Aws::STS::Endpoints::AssumeRoleWithWebIdentity.build(context) when :decode_authorization_message Aws::STS::Endpoints::DecodeAuthorizationMessage.build(context) when :get_access_key_info Aws::STS::Endpoints::GetAccessKeyInfo.build(context) when :get_caller_identity Aws::STS::Endpoints::GetCallerIdentity.build(context) when :get_federation_token Aws::STS::Endpoints::GetFederationToken.build(context) when :get_session_token Aws::STS::Endpoints::GetSessionToken.build(context) end end end def add_handlers(handlers, _config) handlers.add(Handler, step: :build, priority: 75) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-sts/client_api.rb0000644000004100000410000006215314563437550021623 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::STS # @api private module ClientApi include Seahorse::Model AssumeRoleRequest = Shapes::StructureShape.new(name: 'AssumeRoleRequest') AssumeRoleResponse = Shapes::StructureShape.new(name: 'AssumeRoleResponse') AssumeRoleWithSAMLRequest = Shapes::StructureShape.new(name: 'AssumeRoleWithSAMLRequest') AssumeRoleWithSAMLResponse = Shapes::StructureShape.new(name: 'AssumeRoleWithSAMLResponse') AssumeRoleWithWebIdentityRequest = Shapes::StructureShape.new(name: 'AssumeRoleWithWebIdentityRequest') AssumeRoleWithWebIdentityResponse = Shapes::StructureShape.new(name: 'AssumeRoleWithWebIdentityResponse') AssumedRoleUser = Shapes::StructureShape.new(name: 'AssumedRoleUser') Audience = Shapes::StringShape.new(name: 'Audience') Credentials = Shapes::StructureShape.new(name: 'Credentials') DecodeAuthorizationMessageRequest = Shapes::StructureShape.new(name: 'DecodeAuthorizationMessageRequest') DecodeAuthorizationMessageResponse = Shapes::StructureShape.new(name: 'DecodeAuthorizationMessageResponse') ExpiredTokenException = Shapes::StructureShape.new(name: 'ExpiredTokenException') FederatedUser = Shapes::StructureShape.new(name: 'FederatedUser') GetAccessKeyInfoRequest = Shapes::StructureShape.new(name: 'GetAccessKeyInfoRequest') GetAccessKeyInfoResponse = Shapes::StructureShape.new(name: 'GetAccessKeyInfoResponse') GetCallerIdentityRequest = Shapes::StructureShape.new(name: 'GetCallerIdentityRequest') GetCallerIdentityResponse = Shapes::StructureShape.new(name: 'GetCallerIdentityResponse') GetFederationTokenRequest = Shapes::StructureShape.new(name: 'GetFederationTokenRequest') GetFederationTokenResponse = Shapes::StructureShape.new(name: 'GetFederationTokenResponse') GetSessionTokenRequest = Shapes::StructureShape.new(name: 'GetSessionTokenRequest') GetSessionTokenResponse = Shapes::StructureShape.new(name: 'GetSessionTokenResponse') IDPCommunicationErrorException = Shapes::StructureShape.new(name: 'IDPCommunicationErrorException') IDPRejectedClaimException = Shapes::StructureShape.new(name: 'IDPRejectedClaimException') InvalidAuthorizationMessageException = Shapes::StructureShape.new(name: 'InvalidAuthorizationMessageException') InvalidIdentityTokenException = Shapes::StructureShape.new(name: 'InvalidIdentityTokenException') Issuer = Shapes::StringShape.new(name: 'Issuer') MalformedPolicyDocumentException = Shapes::StructureShape.new(name: 'MalformedPolicyDocumentException') NameQualifier = Shapes::StringShape.new(name: 'NameQualifier') PackedPolicyTooLargeException = Shapes::StructureShape.new(name: 'PackedPolicyTooLargeException') PolicyDescriptorType = Shapes::StructureShape.new(name: 'PolicyDescriptorType') ProvidedContext = Shapes::StructureShape.new(name: 'ProvidedContext') ProvidedContextsListType = Shapes::ListShape.new(name: 'ProvidedContextsListType') RegionDisabledException = Shapes::StructureShape.new(name: 'RegionDisabledException') SAMLAssertionType = Shapes::StringShape.new(name: 'SAMLAssertionType') Subject = Shapes::StringShape.new(name: 'Subject') SubjectType = Shapes::StringShape.new(name: 'SubjectType') Tag = Shapes::StructureShape.new(name: 'Tag') accessKeyIdType = Shapes::StringShape.new(name: 'accessKeyIdType') accessKeySecretType = Shapes::StringShape.new(name: 'accessKeySecretType') accountType = Shapes::StringShape.new(name: 'accountType') arnType = Shapes::StringShape.new(name: 'arnType') assumedRoleIdType = Shapes::StringShape.new(name: 'assumedRoleIdType') clientTokenType = Shapes::StringShape.new(name: 'clientTokenType') contextAssertionType = Shapes::StringShape.new(name: 'contextAssertionType') dateType = Shapes::TimestampShape.new(name: 'dateType') decodedMessageType = Shapes::StringShape.new(name: 'decodedMessageType') durationSecondsType = Shapes::IntegerShape.new(name: 'durationSecondsType') encodedMessageType = Shapes::StringShape.new(name: 'encodedMessageType') expiredIdentityTokenMessage = Shapes::StringShape.new(name: 'expiredIdentityTokenMessage') externalIdType = Shapes::StringShape.new(name: 'externalIdType') federatedIdType = Shapes::StringShape.new(name: 'federatedIdType') idpCommunicationErrorMessage = Shapes::StringShape.new(name: 'idpCommunicationErrorMessage') idpRejectedClaimMessage = Shapes::StringShape.new(name: 'idpRejectedClaimMessage') invalidAuthorizationMessage = Shapes::StringShape.new(name: 'invalidAuthorizationMessage') invalidIdentityTokenMessage = Shapes::StringShape.new(name: 'invalidIdentityTokenMessage') malformedPolicyDocumentMessage = Shapes::StringShape.new(name: 'malformedPolicyDocumentMessage') nonNegativeIntegerType = Shapes::IntegerShape.new(name: 'nonNegativeIntegerType') packedPolicyTooLargeMessage = Shapes::StringShape.new(name: 'packedPolicyTooLargeMessage') policyDescriptorListType = Shapes::ListShape.new(name: 'policyDescriptorListType') regionDisabledMessage = Shapes::StringShape.new(name: 'regionDisabledMessage') roleDurationSecondsType = Shapes::IntegerShape.new(name: 'roleDurationSecondsType') roleSessionNameType = Shapes::StringShape.new(name: 'roleSessionNameType') serialNumberType = Shapes::StringShape.new(name: 'serialNumberType') sessionPolicyDocumentType = Shapes::StringShape.new(name: 'sessionPolicyDocumentType') sourceIdentityType = Shapes::StringShape.new(name: 'sourceIdentityType') tagKeyListType = Shapes::ListShape.new(name: 'tagKeyListType') tagKeyType = Shapes::StringShape.new(name: 'tagKeyType') tagListType = Shapes::ListShape.new(name: 'tagListType') tagValueType = Shapes::StringShape.new(name: 'tagValueType') tokenCodeType = Shapes::StringShape.new(name: 'tokenCodeType') tokenType = Shapes::StringShape.new(name: 'tokenType') unrestrictedSessionPolicyDocumentType = Shapes::StringShape.new(name: 'unrestrictedSessionPolicyDocumentType') urlType = Shapes::StringShape.new(name: 'urlType') userIdType = Shapes::StringShape.new(name: 'userIdType') userNameType = Shapes::StringShape.new(name: 'userNameType') webIdentitySubjectType = Shapes::StringShape.new(name: 'webIdentitySubjectType') AssumeRoleRequest.add_member(:role_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "RoleArn")) AssumeRoleRequest.add_member(:role_session_name, Shapes::ShapeRef.new(shape: roleSessionNameType, required: true, location_name: "RoleSessionName")) AssumeRoleRequest.add_member(:policy_arns, Shapes::ShapeRef.new(shape: policyDescriptorListType, location_name: "PolicyArns")) AssumeRoleRequest.add_member(:policy, Shapes::ShapeRef.new(shape: unrestrictedSessionPolicyDocumentType, location_name: "Policy")) AssumeRoleRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: roleDurationSecondsType, location_name: "DurationSeconds")) AssumeRoleRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags")) AssumeRoleRequest.add_member(:transitive_tag_keys, Shapes::ShapeRef.new(shape: tagKeyListType, location_name: "TransitiveTagKeys")) AssumeRoleRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: externalIdType, location_name: "ExternalId")) AssumeRoleRequest.add_member(:serial_number, Shapes::ShapeRef.new(shape: serialNumberType, location_name: "SerialNumber")) AssumeRoleRequest.add_member(:token_code, Shapes::ShapeRef.new(shape: tokenCodeType, location_name: "TokenCode")) AssumeRoleRequest.add_member(:source_identity, Shapes::ShapeRef.new(shape: sourceIdentityType, location_name: "SourceIdentity")) AssumeRoleRequest.add_member(:provided_contexts, Shapes::ShapeRef.new(shape: ProvidedContextsListType, location_name: "ProvidedContexts")) AssumeRoleRequest.struct_class = Types::AssumeRoleRequest AssumeRoleResponse.add_member(:credentials, Shapes::ShapeRef.new(shape: Credentials, location_name: "Credentials")) AssumeRoleResponse.add_member(:assumed_role_user, Shapes::ShapeRef.new(shape: AssumedRoleUser, location_name: "AssumedRoleUser")) AssumeRoleResponse.add_member(:packed_policy_size, Shapes::ShapeRef.new(shape: nonNegativeIntegerType, location_name: "PackedPolicySize")) AssumeRoleResponse.add_member(:source_identity, Shapes::ShapeRef.new(shape: sourceIdentityType, location_name: "SourceIdentity")) AssumeRoleResponse.struct_class = Types::AssumeRoleResponse AssumeRoleWithSAMLRequest.add_member(:role_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "RoleArn")) AssumeRoleWithSAMLRequest.add_member(:principal_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "PrincipalArn")) AssumeRoleWithSAMLRequest.add_member(:saml_assertion, Shapes::ShapeRef.new(shape: SAMLAssertionType, required: true, location_name: "SAMLAssertion")) AssumeRoleWithSAMLRequest.add_member(:policy_arns, Shapes::ShapeRef.new(shape: policyDescriptorListType, location_name: "PolicyArns")) AssumeRoleWithSAMLRequest.add_member(:policy, Shapes::ShapeRef.new(shape: sessionPolicyDocumentType, location_name: "Policy")) AssumeRoleWithSAMLRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: roleDurationSecondsType, location_name: "DurationSeconds")) AssumeRoleWithSAMLRequest.struct_class = Types::AssumeRoleWithSAMLRequest AssumeRoleWithSAMLResponse.add_member(:credentials, Shapes::ShapeRef.new(shape: Credentials, location_name: "Credentials")) AssumeRoleWithSAMLResponse.add_member(:assumed_role_user, Shapes::ShapeRef.new(shape: AssumedRoleUser, location_name: "AssumedRoleUser")) AssumeRoleWithSAMLResponse.add_member(:packed_policy_size, Shapes::ShapeRef.new(shape: nonNegativeIntegerType, location_name: "PackedPolicySize")) AssumeRoleWithSAMLResponse.add_member(:subject, Shapes::ShapeRef.new(shape: Subject, location_name: "Subject")) AssumeRoleWithSAMLResponse.add_member(:subject_type, Shapes::ShapeRef.new(shape: SubjectType, location_name: "SubjectType")) AssumeRoleWithSAMLResponse.add_member(:issuer, Shapes::ShapeRef.new(shape: Issuer, location_name: "Issuer")) AssumeRoleWithSAMLResponse.add_member(:audience, Shapes::ShapeRef.new(shape: Audience, location_name: "Audience")) AssumeRoleWithSAMLResponse.add_member(:name_qualifier, Shapes::ShapeRef.new(shape: NameQualifier, location_name: "NameQualifier")) AssumeRoleWithSAMLResponse.add_member(:source_identity, Shapes::ShapeRef.new(shape: sourceIdentityType, location_name: "SourceIdentity")) AssumeRoleWithSAMLResponse.struct_class = Types::AssumeRoleWithSAMLResponse AssumeRoleWithWebIdentityRequest.add_member(:role_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "RoleArn")) AssumeRoleWithWebIdentityRequest.add_member(:role_session_name, Shapes::ShapeRef.new(shape: roleSessionNameType, required: true, location_name: "RoleSessionName")) AssumeRoleWithWebIdentityRequest.add_member(:web_identity_token, Shapes::ShapeRef.new(shape: clientTokenType, required: true, location_name: "WebIdentityToken")) AssumeRoleWithWebIdentityRequest.add_member(:provider_id, Shapes::ShapeRef.new(shape: urlType, location_name: "ProviderId")) AssumeRoleWithWebIdentityRequest.add_member(:policy_arns, Shapes::ShapeRef.new(shape: policyDescriptorListType, location_name: "PolicyArns")) AssumeRoleWithWebIdentityRequest.add_member(:policy, Shapes::ShapeRef.new(shape: sessionPolicyDocumentType, location_name: "Policy")) AssumeRoleWithWebIdentityRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: roleDurationSecondsType, location_name: "DurationSeconds")) AssumeRoleWithWebIdentityRequest.struct_class = Types::AssumeRoleWithWebIdentityRequest AssumeRoleWithWebIdentityResponse.add_member(:credentials, Shapes::ShapeRef.new(shape: Credentials, location_name: "Credentials")) AssumeRoleWithWebIdentityResponse.add_member(:subject_from_web_identity_token, Shapes::ShapeRef.new(shape: webIdentitySubjectType, location_name: "SubjectFromWebIdentityToken")) AssumeRoleWithWebIdentityResponse.add_member(:assumed_role_user, Shapes::ShapeRef.new(shape: AssumedRoleUser, location_name: "AssumedRoleUser")) AssumeRoleWithWebIdentityResponse.add_member(:packed_policy_size, Shapes::ShapeRef.new(shape: nonNegativeIntegerType, location_name: "PackedPolicySize")) AssumeRoleWithWebIdentityResponse.add_member(:provider, Shapes::ShapeRef.new(shape: Issuer, location_name: "Provider")) AssumeRoleWithWebIdentityResponse.add_member(:audience, Shapes::ShapeRef.new(shape: Audience, location_name: "Audience")) AssumeRoleWithWebIdentityResponse.add_member(:source_identity, Shapes::ShapeRef.new(shape: sourceIdentityType, location_name: "SourceIdentity")) AssumeRoleWithWebIdentityResponse.struct_class = Types::AssumeRoleWithWebIdentityResponse AssumedRoleUser.add_member(:assumed_role_id, Shapes::ShapeRef.new(shape: assumedRoleIdType, required: true, location_name: "AssumedRoleId")) AssumedRoleUser.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "Arn")) AssumedRoleUser.struct_class = Types::AssumedRoleUser Credentials.add_member(:access_key_id, Shapes::ShapeRef.new(shape: accessKeyIdType, required: true, location_name: "AccessKeyId")) Credentials.add_member(:secret_access_key, Shapes::ShapeRef.new(shape: accessKeySecretType, required: true, location_name: "SecretAccessKey")) Credentials.add_member(:session_token, Shapes::ShapeRef.new(shape: tokenType, required: true, location_name: "SessionToken")) Credentials.add_member(:expiration, Shapes::ShapeRef.new(shape: dateType, required: true, location_name: "Expiration")) Credentials.struct_class = Types::Credentials DecodeAuthorizationMessageRequest.add_member(:encoded_message, Shapes::ShapeRef.new(shape: encodedMessageType, required: true, location_name: "EncodedMessage")) DecodeAuthorizationMessageRequest.struct_class = Types::DecodeAuthorizationMessageRequest DecodeAuthorizationMessageResponse.add_member(:decoded_message, Shapes::ShapeRef.new(shape: decodedMessageType, location_name: "DecodedMessage")) DecodeAuthorizationMessageResponse.struct_class = Types::DecodeAuthorizationMessageResponse ExpiredTokenException.add_member(:message, Shapes::ShapeRef.new(shape: expiredIdentityTokenMessage, location_name: "message")) ExpiredTokenException.struct_class = Types::ExpiredTokenException FederatedUser.add_member(:federated_user_id, Shapes::ShapeRef.new(shape: federatedIdType, required: true, location_name: "FederatedUserId")) FederatedUser.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "Arn")) FederatedUser.struct_class = Types::FederatedUser GetAccessKeyInfoRequest.add_member(:access_key_id, Shapes::ShapeRef.new(shape: accessKeyIdType, required: true, location_name: "AccessKeyId")) GetAccessKeyInfoRequest.struct_class = Types::GetAccessKeyInfoRequest GetAccessKeyInfoResponse.add_member(:account, Shapes::ShapeRef.new(shape: accountType, location_name: "Account")) GetAccessKeyInfoResponse.struct_class = Types::GetAccessKeyInfoResponse GetCallerIdentityRequest.struct_class = Types::GetCallerIdentityRequest GetCallerIdentityResponse.add_member(:user_id, Shapes::ShapeRef.new(shape: userIdType, location_name: "UserId")) GetCallerIdentityResponse.add_member(:account, Shapes::ShapeRef.new(shape: accountType, location_name: "Account")) GetCallerIdentityResponse.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, location_name: "Arn")) GetCallerIdentityResponse.struct_class = Types::GetCallerIdentityResponse GetFederationTokenRequest.add_member(:name, Shapes::ShapeRef.new(shape: userNameType, required: true, location_name: "Name")) GetFederationTokenRequest.add_member(:policy, Shapes::ShapeRef.new(shape: sessionPolicyDocumentType, location_name: "Policy")) GetFederationTokenRequest.add_member(:policy_arns, Shapes::ShapeRef.new(shape: policyDescriptorListType, location_name: "PolicyArns")) GetFederationTokenRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: durationSecondsType, location_name: "DurationSeconds")) GetFederationTokenRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags")) GetFederationTokenRequest.struct_class = Types::GetFederationTokenRequest GetFederationTokenResponse.add_member(:credentials, Shapes::ShapeRef.new(shape: Credentials, location_name: "Credentials")) GetFederationTokenResponse.add_member(:federated_user, Shapes::ShapeRef.new(shape: FederatedUser, location_name: "FederatedUser")) GetFederationTokenResponse.add_member(:packed_policy_size, Shapes::ShapeRef.new(shape: nonNegativeIntegerType, location_name: "PackedPolicySize")) GetFederationTokenResponse.struct_class = Types::GetFederationTokenResponse GetSessionTokenRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: durationSecondsType, location_name: "DurationSeconds")) GetSessionTokenRequest.add_member(:serial_number, Shapes::ShapeRef.new(shape: serialNumberType, location_name: "SerialNumber")) GetSessionTokenRequest.add_member(:token_code, Shapes::ShapeRef.new(shape: tokenCodeType, location_name: "TokenCode")) GetSessionTokenRequest.struct_class = Types::GetSessionTokenRequest GetSessionTokenResponse.add_member(:credentials, Shapes::ShapeRef.new(shape: Credentials, location_name: "Credentials")) GetSessionTokenResponse.struct_class = Types::GetSessionTokenResponse IDPCommunicationErrorException.add_member(:message, Shapes::ShapeRef.new(shape: idpCommunicationErrorMessage, location_name: "message")) IDPCommunicationErrorException.struct_class = Types::IDPCommunicationErrorException IDPRejectedClaimException.add_member(:message, Shapes::ShapeRef.new(shape: idpRejectedClaimMessage, location_name: "message")) IDPRejectedClaimException.struct_class = Types::IDPRejectedClaimException InvalidAuthorizationMessageException.add_member(:message, Shapes::ShapeRef.new(shape: invalidAuthorizationMessage, location_name: "message")) InvalidAuthorizationMessageException.struct_class = Types::InvalidAuthorizationMessageException InvalidIdentityTokenException.add_member(:message, Shapes::ShapeRef.new(shape: invalidIdentityTokenMessage, location_name: "message")) InvalidIdentityTokenException.struct_class = Types::InvalidIdentityTokenException MalformedPolicyDocumentException.add_member(:message, Shapes::ShapeRef.new(shape: malformedPolicyDocumentMessage, location_name: "message")) MalformedPolicyDocumentException.struct_class = Types::MalformedPolicyDocumentException PackedPolicyTooLargeException.add_member(:message, Shapes::ShapeRef.new(shape: packedPolicyTooLargeMessage, location_name: "message")) PackedPolicyTooLargeException.struct_class = Types::PackedPolicyTooLargeException PolicyDescriptorType.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, location_name: "arn")) PolicyDescriptorType.struct_class = Types::PolicyDescriptorType ProvidedContext.add_member(:provider_arn, Shapes::ShapeRef.new(shape: arnType, location_name: "ProviderArn")) ProvidedContext.add_member(:context_assertion, Shapes::ShapeRef.new(shape: contextAssertionType, location_name: "ContextAssertion")) ProvidedContext.struct_class = Types::ProvidedContext ProvidedContextsListType.member = Shapes::ShapeRef.new(shape: ProvidedContext) RegionDisabledException.add_member(:message, Shapes::ShapeRef.new(shape: regionDisabledMessage, location_name: "message")) RegionDisabledException.struct_class = Types::RegionDisabledException Tag.add_member(:key, Shapes::ShapeRef.new(shape: tagKeyType, required: true, location_name: "Key")) Tag.add_member(:value, Shapes::ShapeRef.new(shape: tagValueType, required: true, location_name: "Value")) Tag.struct_class = Types::Tag policyDescriptorListType.member = Shapes::ShapeRef.new(shape: PolicyDescriptorType) tagKeyListType.member = Shapes::ShapeRef.new(shape: tagKeyType) tagListType.member = Shapes::ShapeRef.new(shape: Tag) # @api private API = Seahorse::Model::Api.new.tap do |api| api.version = "2011-06-15" api.metadata = { "apiVersion" => "2011-06-15", "endpointPrefix" => "sts", "globalEndpoint" => "sts.amazonaws.com", "protocol" => "query", "serviceAbbreviation" => "AWS STS", "serviceFullName" => "AWS Security Token Service", "serviceId" => "STS", "signatureVersion" => "v4", "uid" => "sts-2011-06-15", "xmlNamespace" => "https://sts.amazonaws.com/doc/2011-06-15/", } api.add_operation(:assume_role, Seahorse::Model::Operation.new.tap do |o| o.name = "AssumeRole" o.http_method = "POST" o.http_request_uri = "/" o.input = Shapes::ShapeRef.new(shape: AssumeRoleRequest) o.output = Shapes::ShapeRef.new(shape: AssumeRoleResponse) o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException) o.errors << Shapes::ShapeRef.new(shape: PackedPolicyTooLargeException) o.errors << Shapes::ShapeRef.new(shape: RegionDisabledException) o.errors << Shapes::ShapeRef.new(shape: ExpiredTokenException) end) api.add_operation(:assume_role_with_saml, Seahorse::Model::Operation.new.tap do |o| o.name = "AssumeRoleWithSAML" o.http_method = "POST" o.http_request_uri = "/" o['authtype'] = "none" o.input = Shapes::ShapeRef.new(shape: AssumeRoleWithSAMLRequest) o.output = Shapes::ShapeRef.new(shape: AssumeRoleWithSAMLResponse) o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException) o.errors << Shapes::ShapeRef.new(shape: PackedPolicyTooLargeException) o.errors << Shapes::ShapeRef.new(shape: IDPRejectedClaimException) o.errors << Shapes::ShapeRef.new(shape: InvalidIdentityTokenException) o.errors << Shapes::ShapeRef.new(shape: ExpiredTokenException) o.errors << Shapes::ShapeRef.new(shape: RegionDisabledException) end) api.add_operation(:assume_role_with_web_identity, Seahorse::Model::Operation.new.tap do |o| o.name = "AssumeRoleWithWebIdentity" o.http_method = "POST" o.http_request_uri = "/" o['authtype'] = "none" o.input = Shapes::ShapeRef.new(shape: AssumeRoleWithWebIdentityRequest) o.output = Shapes::ShapeRef.new(shape: AssumeRoleWithWebIdentityResponse) o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException) o.errors << Shapes::ShapeRef.new(shape: PackedPolicyTooLargeException) o.errors << Shapes::ShapeRef.new(shape: IDPRejectedClaimException) o.errors << Shapes::ShapeRef.new(shape: IDPCommunicationErrorException) o.errors << Shapes::ShapeRef.new(shape: InvalidIdentityTokenException) o.errors << Shapes::ShapeRef.new(shape: ExpiredTokenException) o.errors << Shapes::ShapeRef.new(shape: RegionDisabledException) end) api.add_operation(:decode_authorization_message, Seahorse::Model::Operation.new.tap do |o| o.name = "DecodeAuthorizationMessage" o.http_method = "POST" o.http_request_uri = "/" o.input = Shapes::ShapeRef.new(shape: DecodeAuthorizationMessageRequest) o.output = Shapes::ShapeRef.new(shape: DecodeAuthorizationMessageResponse) o.errors << Shapes::ShapeRef.new(shape: InvalidAuthorizationMessageException) end) api.add_operation(:get_access_key_info, Seahorse::Model::Operation.new.tap do |o| o.name = "GetAccessKeyInfo" o.http_method = "POST" o.http_request_uri = "/" o.input = Shapes::ShapeRef.new(shape: GetAccessKeyInfoRequest) o.output = Shapes::ShapeRef.new(shape: GetAccessKeyInfoResponse) end) api.add_operation(:get_caller_identity, Seahorse::Model::Operation.new.tap do |o| o.name = "GetCallerIdentity" o.http_method = "POST" o.http_request_uri = "/" o.input = Shapes::ShapeRef.new(shape: GetCallerIdentityRequest) o.output = Shapes::ShapeRef.new(shape: GetCallerIdentityResponse) end) api.add_operation(:get_federation_token, Seahorse::Model::Operation.new.tap do |o| o.name = "GetFederationToken" o.http_method = "POST" o.http_request_uri = "/" o.input = Shapes::ShapeRef.new(shape: GetFederationTokenRequest) o.output = Shapes::ShapeRef.new(shape: GetFederationTokenResponse) o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException) o.errors << Shapes::ShapeRef.new(shape: PackedPolicyTooLargeException) o.errors << Shapes::ShapeRef.new(shape: RegionDisabledException) end) api.add_operation(:get_session_token, Seahorse::Model::Operation.new.tap do |o| o.name = "GetSessionToken" o.http_method = "POST" o.http_request_uri = "/" o.input = Shapes::ShapeRef.new(shape: GetSessionTokenRequest) o.output = Shapes::ShapeRef.new(shape: GetSessionTokenResponse) o.errors << Shapes::ShapeRef.new(shape: RegionDisabledException) end) end end end aws-sdk-core-3.191.2/lib/aws-sdk-sts/endpoint_provider.rb0000644000004100000410000002112614563437550023241 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::STS class EndpointProvider def resolve_endpoint(parameters) region = parameters.region use_dual_stack = parameters.use_dual_stack use_fips = parameters.use_fips endpoint = parameters.endpoint use_global_endpoint = parameters.use_global_endpoint if Aws::Endpoints::Matchers.boolean_equals?(use_global_endpoint, true) && Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(endpoint)) && Aws::Endpoints::Matchers.set?(region) && (partition_result = Aws::Endpoints::Matchers.aws_partition(region)) && Aws::Endpoints::Matchers.boolean_equals?(use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false) if Aws::Endpoints::Matchers.string_equals?(region, "ap-northeast-1") return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]}) end if Aws::Endpoints::Matchers.string_equals?(region, "ap-south-1") return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]}) end if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-1") return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]}) end if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-2") return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]}) end if Aws::Endpoints::Matchers.string_equals?(region, "aws-global") return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]}) end if Aws::Endpoints::Matchers.string_equals?(region, "ca-central-1") return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]}) end if Aws::Endpoints::Matchers.string_equals?(region, "eu-central-1") return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]}) end if Aws::Endpoints::Matchers.string_equals?(region, "eu-north-1") return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]}) end if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-1") return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]}) end if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-2") return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]}) end if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-3") return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]}) end if Aws::Endpoints::Matchers.string_equals?(region, "sa-east-1") return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]}) end if Aws::Endpoints::Matchers.string_equals?(region, "us-east-1") return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]}) end if Aws::Endpoints::Matchers.string_equals?(region, "us-east-2") return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]}) end if Aws::Endpoints::Matchers.string_equals?(region, "us-west-1") return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]}) end if Aws::Endpoints::Matchers.string_equals?(region, "us-west-2") return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]}) end return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"#{region}"}]}) end if Aws::Endpoints::Matchers.set?(endpoint) if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported" end if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true) raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported" end return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {}) end if Aws::Endpoints::Matchers.set?(region) if (partition_result = Aws::Endpoints::Matchers.aws_partition(region)) if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true) if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack")) return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {}) end raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both" end if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true) if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov") return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.amazonaws.com", headers: {}, properties: {}) end return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {}) end raise ArgumentError, "FIPS is enabled but this partition does not support FIPS" end if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true) if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack")) return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {}) end raise ArgumentError, "DualStack is enabled but this partition does not support DualStack" end if Aws::Endpoints::Matchers.string_equals?(region, "aws-global") return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]}) end return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {}) end end raise ArgumentError, "Invalid Configuration: Missing Region" raise ArgumentError, 'No endpoint could be resolved' end end end aws-sdk-core-3.191.2/lib/aws-sdk-sts/presigner.rb0000644000004100000410000000467114563437550021513 0ustar www-datawww-data# frozen_string_literal: true require 'aws-sigv4' module Aws module STS # Allows you to create presigned URLs for STS operations. # # @example # # signer = Aws::STS::Presigner.new # url = signer.get_caller_identity_presigned_url( # headers: {"X-K8s-Aws-Id" => 'my-eks-cluster'} # ) class Presigner # @option options [Client] :client Optionally provide an existing # STS client def initialize(options = {}) @client = options[:client] || Aws::STS::Client.new end # Returns a presigned url for get_caller_identity. # # @option options [Hash] :headers # Headers that should be signed and sent along with the request. All # x-amz-* headers must be present during signing. Other headers are # optional. # # @return [String] A presigned url string. # # @example # # url = signer.get_caller_identity_presigned_url( # headers: {"X-K8s-Aws-Id" => 'my-eks-cluster'}, # ) # # This can be easily converted to a token used by the EKS service: # {https://docs.ruby-lang.org/en/3.2/Base64.html#method-i-encode64} # "k8s-aws-v1." + Base64.urlsafe_encode64(url).chomp("==") def get_caller_identity_presigned_url(options = {}) req = @client.build_request(:get_caller_identity, {}) context = req.context param_list = Aws::Query::ParamList.new param_list.set('Action', 'GetCallerIdentity') param_list.set('Version', req.context.config.api.version) Aws::Query::EC2ParamBuilder.new(param_list) .apply(req.context.operation.input, {}) endpoint_params = Aws::STS::EndpointParameters.new( region: context.config.region, use_dual_stack: context.config.use_dualstack_endpoint, use_fips: context.config.use_fips_endpoint, use_global_endpoint: context.config.sts_regional_endpoints == 'legacy' ) endpoint = context.config.endpoint_provider .resolve_endpoint(endpoint_params) auth_scheme = Aws::Endpoints.resolve_auth_scheme(context, endpoint) signer = Aws::Plugins::Sign.signer_for( auth_scheme, context.config ) signer.presign_url( http_method: 'GET', url: "#{endpoint.url}/?#{param_list}", body: '', headers: options[:headers] ).to_s end end end end aws-sdk-core-3.191.2/lib/aws-sdk-sts/client.rb0000644000004100000410000035546414563437550021004 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE require 'seahorse/client/plugins/content_length.rb' require 'aws-sdk-core/plugins/credentials_configuration.rb' require 'aws-sdk-core/plugins/logging.rb' require 'aws-sdk-core/plugins/param_converter.rb' require 'aws-sdk-core/plugins/param_validator.rb' require 'aws-sdk-core/plugins/user_agent.rb' require 'aws-sdk-core/plugins/helpful_socket_errors.rb' require 'aws-sdk-core/plugins/retry_errors.rb' require 'aws-sdk-core/plugins/global_configuration.rb' require 'aws-sdk-core/plugins/regional_endpoint.rb' require 'aws-sdk-core/plugins/endpoint_discovery.rb' require 'aws-sdk-core/plugins/endpoint_pattern.rb' require 'aws-sdk-core/plugins/response_paging.rb' require 'aws-sdk-core/plugins/stub_responses.rb' require 'aws-sdk-core/plugins/idempotency_token.rb' require 'aws-sdk-core/plugins/jsonvalue_converter.rb' require 'aws-sdk-core/plugins/client_metrics_plugin.rb' require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb' require 'aws-sdk-core/plugins/transfer_encoding.rb' require 'aws-sdk-core/plugins/http_checksum.rb' require 'aws-sdk-core/plugins/checksum_algorithm.rb' require 'aws-sdk-core/plugins/request_compression.rb' require 'aws-sdk-core/plugins/defaults_mode.rb' require 'aws-sdk-core/plugins/recursion_detection.rb' require 'aws-sdk-core/plugins/sign.rb' require 'aws-sdk-core/plugins/protocols/query.rb' require 'aws-sdk-sts/plugins/sts_regional_endpoints.rb' Aws::Plugins::GlobalConfiguration.add_identifier(:sts) module Aws::STS # An API client for STS. To construct a client, you need to configure a `:region` and `:credentials`. # # client = Aws::STS::Client.new( # region: region_name, # credentials: credentials, # # ... # ) # # For details on configuring region and credentials see # the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html). # # See {#initialize} for a full list of supported configuration options. class Client < Seahorse::Client::Base include Aws::ClientStubs @identifier = :sts set_api(ClientApi::API) add_plugin(Seahorse::Client::Plugins::ContentLength) add_plugin(Aws::Plugins::CredentialsConfiguration) add_plugin(Aws::Plugins::Logging) add_plugin(Aws::Plugins::ParamConverter) add_plugin(Aws::Plugins::ParamValidator) add_plugin(Aws::Plugins::UserAgent) add_plugin(Aws::Plugins::HelpfulSocketErrors) add_plugin(Aws::Plugins::RetryErrors) add_plugin(Aws::Plugins::GlobalConfiguration) add_plugin(Aws::Plugins::RegionalEndpoint) add_plugin(Aws::Plugins::EndpointDiscovery) add_plugin(Aws::Plugins::EndpointPattern) add_plugin(Aws::Plugins::ResponsePaging) add_plugin(Aws::Plugins::StubResponses) add_plugin(Aws::Plugins::IdempotencyToken) add_plugin(Aws::Plugins::JsonvalueConverter) add_plugin(Aws::Plugins::ClientMetricsPlugin) add_plugin(Aws::Plugins::ClientMetricsSendPlugin) add_plugin(Aws::Plugins::TransferEncoding) add_plugin(Aws::Plugins::HttpChecksum) add_plugin(Aws::Plugins::ChecksumAlgorithm) add_plugin(Aws::Plugins::RequestCompression) add_plugin(Aws::Plugins::DefaultsMode) add_plugin(Aws::Plugins::RecursionDetection) add_plugin(Aws::Plugins::Sign) add_plugin(Aws::Plugins::Protocols::Query) add_plugin(Aws::STS::Plugins::STSRegionalEndpoints) add_plugin(Aws::STS::Plugins::Endpoints) # @overload initialize(options) # @param [Hash] options # @option options [required, Aws::CredentialProvider] :credentials # Your AWS credentials. This can be an instance of any one of the # following classes: # # * `Aws::Credentials` - Used for configuring static, non-refreshing # credentials. # # * `Aws::SharedCredentials` - Used for loading static credentials from a # shared file, such as `~/.aws/config`. # # * `Aws::AssumeRoleCredentials` - Used when you need to assume a role. # # * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to # assume a role after providing credentials via the web. # # * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an # access token generated from `aws login`. # # * `Aws::ProcessCredentials` - Used for loading credentials from a # process that outputs to stdout. # # * `Aws::InstanceProfileCredentials` - Used for loading credentials # from an EC2 IMDS on an EC2 instance. # # * `Aws::ECSCredentials` - Used for loading credentials from # instances running in ECS. # # * `Aws::CognitoIdentityCredentials` - Used for loading credentials # from the Cognito Identity service. # # When `:credentials` are not configured directly, the following # locations will be searched for credentials: # # * `Aws.config[:credentials]` # * The `:access_key_id`, `:secret_access_key`, and `:session_token` options. # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'] # * `~/.aws/credentials` # * `~/.aws/config` # * EC2/ECS IMDS instance profile - When used by default, the timeouts # are very aggressive. Construct and pass an instance of # `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to # enable retries and extended timeouts. Instance profile credential # fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED'] # to true. # # @option options [required, String] :region # The AWS region to connect to. The configured `:region` is # used to determine the service `:endpoint`. When not passed, # a default `:region` is searched for in the following locations: # # * `Aws.config[:region]` # * `ENV['AWS_REGION']` # * `ENV['AMAZON_REGION']` # * `ENV['AWS_DEFAULT_REGION']` # * `~/.aws/credentials` # * `~/.aws/config` # # @option options [String] :access_key_id # # @option options [Boolean] :active_endpoint_cache (false) # When set to `true`, a thread polling for endpoints will be running in # the background every 60 secs (default). Defaults to `false`. # # @option options [Boolean] :adaptive_retry_wait_to_fill (true) # Used only in `adaptive` retry mode. When true, the request will sleep # until there is sufficent client side capacity to retry the request. # When false, the request will raise a `RetryCapacityNotAvailableError` and will # not retry instead of sleeping. # # @option options [Boolean] :client_side_monitoring (false) # When `true`, client-side metrics will be collected for all API requests from # this client. # # @option options [String] :client_side_monitoring_client_id ("") # Allows you to provide an identifier for this client which will be attached to # all generated client side metrics. Defaults to an empty string. # # @option options [String] :client_side_monitoring_host ("127.0.0.1") # Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client # side monitoring agent is running on, where client metrics will be published via UDP. # # @option options [Integer] :client_side_monitoring_port (31000) # Required for publishing client metrics. The port that the client side monitoring # agent is running on, where client metrics will be published via UDP. # # @option options [Aws::ClientSideMonitoring::Publisher] :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher) # Allows you to provide a custom client-side monitoring publisher class. By default, # will use the Client Side Monitoring Agent Publisher. # # @option options [Boolean] :convert_params (true) # When `true`, an attempt is made to coerce request parameters into # the required types. # # @option options [Boolean] :correct_clock_skew (true) # Used only in `standard` and adaptive retry modes. Specifies whether to apply # a clock skew correction and retry requests with skewed client clocks. # # @option options [String] :defaults_mode ("legacy") # See {Aws::DefaultsModeConfiguration} for a list of the # accepted modes and the configuration defaults that are included. # # @option options [Boolean] :disable_host_prefix_injection (false) # Set to true to disable SDK automatically adding host prefix # to default service endpoint when available. # # @option options [Boolean] :disable_request_compression (false) # When set to 'true' the request body will not be compressed # for supported operations. # # @option options [String] :endpoint # The client endpoint is normally constructed from the `:region` # option. You should only configure an `:endpoint` when connecting # to test or custom endpoints. This should be a valid HTTP(S) URI. # # @option options [Integer] :endpoint_cache_max_entries (1000) # Used for the maximum size limit of the LRU cache storing endpoints data # for endpoint discovery enabled operations. Defaults to 1000. # # @option options [Integer] :endpoint_cache_max_threads (10) # Used for the maximum threads in use for polling endpoints to be cached, defaults to 10. # # @option options [Integer] :endpoint_cache_poll_interval (60) # When :endpoint_discovery and :active_endpoint_cache is enabled, # Use this option to config the time interval in seconds for making # requests fetching endpoints information. Defaults to 60 sec. # # @option options [Boolean] :endpoint_discovery (false) # When set to `true`, endpoint discovery will be enabled for operations when available. # # @option options [Boolean] :ignore_configured_endpoint_urls # Setting to true disables use of endpoint URLs provided via environment # variables and the shared configuration file. # # @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default) # The log formatter. # # @option options [Symbol] :log_level (:info) # The log level to send messages to the `:logger` at. # # @option options [Logger] :logger # The Logger instance to send log messages to. If this option # is not set, logging will be disabled. # # @option options [Integer] :max_attempts (3) # An integer representing the maximum number attempts that will be made for # a single request, including the initial attempt. For example, # setting this value to 5 will result in a request being retried up to # 4 times. Used in `standard` and `adaptive` retry modes. # # @option options [String] :profile ("default") # Used when loading credentials from the shared credentials file # at HOME/.aws/credentials. When not specified, 'default' is used. # # @option options [Integer] :request_min_compression_size_bytes (10240) # The minimum size in bytes that triggers compression for request # bodies. The value must be non-negative integer value between 0 # and 10485780 bytes inclusive. # # @option options [Proc] :retry_backoff # A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay. # This option is only used in the `legacy` retry mode. # # @option options [Float] :retry_base_delay (0.3) # The base delay in seconds used by the default backoff function. This option # is only used in the `legacy` retry mode. # # @option options [Symbol] :retry_jitter (:none) # A delay randomiser function used by the default backoff function. # Some predefined functions can be referenced by name - :none, :equal, :full, # otherwise a Proc that takes and returns a number. This option is only used # in the `legacy` retry mode. # # @see https://www.awsarchitectureblog.com/2015/03/backoff.html # # @option options [Integer] :retry_limit (3) # The maximum number of times to retry failed requests. Only # ~ 500 level server errors and certain ~ 400 level client errors # are retried. Generally, these are throttling errors, data # checksum errors, networking errors, timeout errors, auth errors, # endpoint discovery, and errors from expired credentials. # This option is only used in the `legacy` retry mode. # # @option options [Integer] :retry_max_delay (0) # The maximum number of seconds to delay between retries (0 for no limit) # used by the default backoff function. This option is only used in the # `legacy` retry mode. # # @option options [String] :retry_mode ("legacy") # Specifies which retry algorithm to use. Values are: # # * `legacy` - The pre-existing retry behavior. This is default value if # no retry mode is provided. # # * `standard` - A standardized set of retry rules across the AWS SDKs. # This includes support for retry quotas, which limit the number of # unsuccessful retries a client can make. # # * `adaptive` - An experimental retry mode that includes all the # functionality of `standard` mode along with automatic client side # throttling. This is a provisional mode that may change behavior # in the future. # # # @option options [String] :sdk_ua_app_id # A unique and opaque application ID that is appended to the # User-Agent header as app/. It should have a # maximum length of 50. # # @option options [String] :secret_access_key # # @option options [String] :session_token # # @option options [String] :sts_regional_endpoints ("regional") # Passing in 'regional' to enable regional endpoint for STS for all supported # regions (except 'aws-global'). Using 'legacy' mode will force all legacy # regions to resolve to the STS global endpoint. # # @option options [Boolean] :stub_responses (false) # Causes the client to return stubbed responses. By default # fake responses are generated and returned. You can specify # the response data to return or errors to raise by calling # {ClientStubs#stub_responses}. See {ClientStubs} for more information. # # ** Please note ** When response stubbing is enabled, no HTTP # requests are made, and retries are disabled. # # @option options [Aws::TokenProvider] :token_provider # A Bearer Token Provider. This can be an instance of any one of the # following classes: # # * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing # tokens. # # * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an # access token generated from `aws login`. # # When `:token_provider` is not configured directly, the `Aws::TokenProviderChain` # will be used to search for tokens configured for your profile in shared configuration files. # # @option options [Boolean] :use_dualstack_endpoint # When set to `true`, dualstack enabled endpoints (with `.aws` TLD) # will be used if available. # # @option options [Boolean] :use_fips_endpoint # When set to `true`, fips compatible endpoints will be used if available. # When a `fips` region is used, the region is normalized and this config # is set to `true`. # # @option options [Boolean] :validate_params (true) # When `true`, request parameters are validated before # sending the request. # # @option options [Aws::STS::EndpointProvider] :endpoint_provider # The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::STS::EndpointParameters` # # @option options [URI::HTTP,String] :http_proxy A proxy to send # requests through. Formatted like 'http://proxy.com:123'. # # @option options [Float] :http_open_timeout (15) The number of # seconds to wait when opening a HTTP session before raising a # `Timeout::Error`. # # @option options [Float] :http_read_timeout (60) The default # number of seconds to wait for response data. This value can # safely be set per-request on the session. # # @option options [Float] :http_idle_timeout (5) The number of # seconds a connection is allowed to sit idle before it is # considered stale. Stale connections are closed and removed # from the pool before making a request. # # @option options [Float] :http_continue_timeout (1) The number of # seconds to wait for a 100-continue response before sending the # request body. This option has no effect unless the request has # "Expect" header set to "100-continue". Defaults to `nil` which # disables this behaviour. This value can safely be set per # request on the session. # # @option options [Float] :ssl_timeout (nil) Sets the SSL timeout # in seconds. # # @option options [Boolean] :http_wire_trace (false) When `true`, # HTTP debug output will be sent to the `:logger`. # # @option options [Boolean] :ssl_verify_peer (true) When `true`, # SSL peer certificates are verified when establishing a # connection. # # @option options [String] :ssl_ca_bundle Full path to the SSL # certificate authority bundle file that should be used when # verifying peer certificates. If you do not pass # `:ssl_ca_bundle` or `:ssl_ca_directory` the the system default # will be used if available. # # @option options [String] :ssl_ca_directory Full path of the # directory that contains the unbundled SSL certificate # authority files for verifying peer certificates. If you do # not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the # system default will be used if available. # def initialize(*args) super end # @!group API Operations # Returns a set of temporary security credentials that you can use to # access Amazon Web Services resources. These temporary credentials # consist of an access key ID, a secret access key, and a security # token. Typically, you use `AssumeRole` within your account or for # cross-account access. For a comparison of `AssumeRole` with other API # operations that produce temporary credentials, see [Requesting # Temporary Security Credentials][1] and [Comparing the Amazon Web # Services STS API operations][2] in the *IAM User Guide*. # # **Permissions** # # The temporary security credentials created by `AssumeRole` can be used # to make API calls to any Amazon Web Services service with the # following exception: You cannot call the Amazon Web Services STS # `GetFederationToken` or `GetSessionToken` API operations. # # (Optional) You can pass inline or managed [session policies][3] to # this operation. You can pass a single JSON policy document to use as # an inline session policy. You can also specify up to 10 managed policy # Amazon Resource Names (ARNs) to use as managed session policies. The # plaintext that you use for both inline and managed session policies # can't exceed 2,048 characters. Passing policies to this operation # returns new temporary credentials. The resulting session's # permissions are the intersection of the role's identity-based policy # and the session policies. You can use the role's temporary # credentials in subsequent Amazon Web Services API calls to access # resources in the account that owns the role. You cannot use session # policies to grant more permissions than those allowed by the # identity-based policy of the role that is being assumed. For more # information, see [Session Policies][3] in the *IAM User Guide*. # # When you create a role, you create two policies: a role trust policy # that specifies *who* can assume the role, and a permissions policy # that specifies *what* can be done with the role. You specify the # trusted principal that is allowed to assume the role in the role trust # policy. # # To assume a role from a different account, your Amazon Web Services # account must be trusted by the role. The trust relationship is defined # in the role's trust policy when the role is created. That trust # policy states which accounts are allowed to delegate that access to # users in the account. # # A user who wants to access a role in a different account must also # have permissions that are delegated from the account administrator. # The administrator must attach a policy that allows the user to call # `AssumeRole` for the ARN of the role in the other account. # # To allow a user to assume a role in the same account, you can do # either of the following: # # * Attach a policy to the user that allows the user to call # `AssumeRole` (as long as the role's trust policy trusts the # account). # # * Add the user as a principal directly in the role's trust policy. # # You can do either because the role’s trust policy acts as an IAM # resource-based policy. When a resource-based policy grants access to a # principal in the same account, no additional identity-based policy is # required. For more information about trust policies and resource-based # policies, see [IAM Policies][4] in the *IAM User Guide*. # # **Tags** # # (Optional) You can pass tag key-value pairs to your session. These # tags are called session tags. For more information about session tags, # see [Passing Session Tags in STS][5] in the *IAM User Guide*. # # An administrator must grant you the permissions necessary to pass # session tags. The administrator can also create granular permissions # to allow you to pass only specific session tags. For more information, # see [Tutorial: Using Tags for Attribute-Based Access Control][6] in # the *IAM User Guide*. # # You can set the session tags as transitive. Transitive tags persist # during role chaining. For more information, see [Chaining Roles with # Session Tags][7] in the *IAM User Guide*. # # **Using MFA with AssumeRole** # # (Optional) You can include multi-factor authentication (MFA) # information when you call `AssumeRole`. This is useful for # cross-account scenarios to ensure that the user that assumes the role # has been authenticated with an Amazon Web Services MFA device. In that # scenario, the trust policy of the role being assumed includes a # condition that tests for MFA authentication. If the caller does not # include valid MFA information, the request to assume the role is # denied. The condition in a trust policy that tests for MFA # authentication might look like the following example. # # `"Condition": \{"Bool": \{"aws:MultiFactorAuthPresent": true\}\}` # # For more information, see [Configuring MFA-Protected API Access][8] in # the *IAM User Guide* guide. # # To use MFA with `AssumeRole`, you pass values for the `SerialNumber` # and `TokenCode` parameters. The `SerialNumber` value identifies the # user's hardware or virtual MFA device. The `TokenCode` is the # time-based one-time password (TOTP) that the MFA device produces. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html # [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining # [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html # # @option params [required, String] :role_arn # The Amazon Resource Name (ARN) of the role to assume. # # @option params [required, String] :role_session_name # An identifier for the assumed role session. # # Use the role session name to uniquely identify a session when the same # role is assumed by different principals or for different reasons. In # cross-account scenarios, the role session name is visible to, and can # be logged by the account that owns the role. The role session name is # also used in the ARN of the assumed role principal. This means that # subsequent cross-account API requests that use the temporary security # credentials will expose the role session name to the external account # in their CloudTrail logs. # # The regex used to validate this parameter is a string of characters # consisting of upper- and lower-case alphanumeric characters with no # spaces. You can also include underscores or any of the following # characters: =,.@- # # @option params [Array] :policy_arns # The Amazon Resource Names (ARNs) of the IAM managed policies that you # want to use as managed session policies. The policies must exist in # the same account as the role. # # This parameter is optional. You can provide up to 10 managed policy # ARNs. However, the plaintext that you use for both inline and managed # session policies can't exceed 2,048 characters. For more information # about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services # Service Namespaces][1] in the Amazon Web Services General Reference. # # An Amazon Web Services conversion compresses the passed inline session # policy, managed policy ARNs, and session tags into a packed binary # format that has a separate limit. Your request can fail for this limit # even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how close # the policies and tags for your request are to the upper size limit. # # # # Passing policies to this operation returns new temporary credentials. # The resulting session's permissions are the intersection of the # role's identity-based policy and the session policies. You can use # the role's temporary credentials in subsequent Amazon Web Services # API calls to access resources in the account that owns the role. You # cannot use session policies to grant more permissions than those # allowed by the identity-based policy of the role that is being # assumed. For more information, see [Session Policies][2] in the *IAM # User Guide*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # # @option params [String] :policy # An IAM policy in JSON format that you want to use as an inline session # policy. # # This parameter is optional. Passing policies to this operation returns # new temporary credentials. The resulting session's permissions are # the intersection of the role's identity-based policy and the session # policies. You can use the role's temporary credentials in subsequent # Amazon Web Services API calls to access resources in the account that # owns the role. You cannot use session policies to grant more # permissions than those allowed by the identity-based policy of the # role that is being assumed. For more information, see [Session # Policies][1] in the *IAM User Guide*. # # The plaintext that you use for both inline and managed session # policies can't exceed 2,048 characters. The JSON policy characters # can be any ASCII character from the space character to the end of the # valid character list (\\u0020 through \\u00FF). It can also include # the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) # characters. # # An Amazon Web Services conversion compresses the passed inline session # policy, managed policy ARNs, and session tags into a packed binary # format that has a separate limit. Your request can fail for this limit # even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how close # the policies and tags for your request are to the upper size limit. # # # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # # @option params [Integer] :duration_seconds # The duration, in seconds, of the role session. The value specified can # range from 900 seconds (15 minutes) up to the maximum session duration # set for the role. The maximum session duration setting can have a # value from 1 hour to 12 hours. If you specify a value higher than this # setting or the administrator setting (whichever is lower), the # operation fails. For example, if you specify a session duration of 12 # hours, but your administrator set the maximum session duration to 6 # hours, your operation fails. # # Role chaining limits your Amazon Web Services CLI or Amazon Web # Services API role session to a maximum of one hour. When you use the # `AssumeRole` API operation to assume a role, you can specify the # duration of your role session with the `DurationSeconds` parameter. # You can specify a parameter value of up to 43200 seconds (12 hours), # depending on the maximum session duration setting for your role. # However, if you assume a role using role chaining and provide a # `DurationSeconds` parameter value greater than one hour, the operation # fails. To learn how to view the maximum value for your role, see [View # the Maximum Session Duration Setting for a Role][1] in the *IAM User # Guide*. # # By default, the value is set to `3600` seconds. # # The `DurationSeconds` parameter is separate from the duration of a # console session that you might request using the returned credentials. # The request to the federation endpoint for a console sign-in token # takes a `SessionDuration` parameter that specifies the maximum length # of the console session. For more information, see [Creating a URL that # Enables Federated Users to Access the Amazon Web Services Management # Console][2] in the *IAM User Guide*. # # # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html # # @option params [Array] :tags # A list of session tags that you want to pass. Each session tag # consists of a key name and an associated value. For more information # about session tags, see [Tagging Amazon Web Services STS Sessions][1] # in the *IAM User Guide*. # # This parameter is optional. You can pass up to 50 session tags. The # plaintext session tag keys can’t exceed 128 characters, and the values # can’t exceed 256 characters. For these and additional limits, see [IAM # and STS Character Limits][2] in the *IAM User Guide*. # # An Amazon Web Services conversion compresses the passed inline session # policy, managed policy ARNs, and session tags into a packed binary # format that has a separate limit. Your request can fail for this limit # even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how close # the policies and tags for your request are to the upper size limit. # # # # You can pass a session tag with the same key as a tag that is already # attached to the role. When you do, session tags override a role tag # with the same key. # # Tag key–value pairs are not case sensitive, but case is preserved. # This means that you cannot have separate `Department` and `department` # tag keys. Assume that the role has the `Department`=`Marketing` tag # and you pass the `department`=`engineering` session tag. `Department` # and `department` are not saved as separate tags, and the session tag # passed in the request takes precedence over the role tag. # # Additionally, if you used temporary credentials to perform this # operation, the new session inherits any transitive session tags from # the calling session. If you pass a session tag with the same key as an # inherited tag, the operation fails. To view the inherited tags for a # session, see the CloudTrail logs. For more information, see [Viewing # Session Tags in CloudTrail][3] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs # # @option params [Array] :transitive_tag_keys # A list of keys for session tags that you want to set as transitive. If # you set a tag key as transitive, the corresponding key and value # passes to subsequent sessions in a role chain. For more information, # see [Chaining Roles with Session Tags][1] in the *IAM User Guide*. # # This parameter is optional. When you set session tags as transitive, # the session policy and session tags packed binary limit is not # affected. # # If you choose not to specify a transitive tag key, then no tags are # passed from this session to any subsequent sessions. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining # # @option params [String] :external_id # A unique identifier that might be required when you assume a role in # another account. If the administrator of the account to which the role # belongs provided you with an external ID, then provide that value in # the `ExternalId` parameter. This value can be any string, such as a # passphrase or account number. A cross-account role is usually set up # to trust everyone in an account. Therefore, the administrator of the # trusting account might send an external ID to the administrator of the # trusted account. That way, only someone with the ID can assume the # role, rather than everyone in the account. For more information about # the external ID, see [How to Use an External ID When Granting Access # to Your Amazon Web Services Resources to a Third Party][1] in the *IAM # User Guide*. # # The regex used to validate this parameter is a string of characters # consisting of upper- and lower-case alphanumeric characters with no # spaces. You can also include underscores or any of the following # characters: =,.@:/- # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html # # @option params [String] :serial_number # The identification number of the MFA device that is associated with # the user who is making the `AssumeRole` call. Specify this value if # the trust policy of the role being assumed includes a condition that # requires MFA authentication. The value is either the serial number for # a hardware device (such as `GAHT12345678`) or an Amazon Resource Name # (ARN) for a virtual device (such as # `arn:aws:iam::123456789012:mfa/user`). # # The regex used to validate this parameter is a string of characters # consisting of upper- and lower-case alphanumeric characters with no # spaces. You can also include underscores or any of the following # characters: =,.@- # # @option params [String] :token_code # The value provided by the MFA device, if the trust policy of the role # being assumed requires MFA. (In other words, if the policy includes a # condition that tests for MFA). If the role being assumed requires MFA # and if the `TokenCode` value is missing or expired, the `AssumeRole` # call returns an "access denied" error. # # The format for this parameter, as described by its regex pattern, is a # sequence of six numeric digits. # # @option params [String] :source_identity # The source identity specified by the principal that is calling the # `AssumeRole` operation. # # You can require users to specify a source identity when they assume a # role. You do this by using the `sts:SourceIdentity` condition key in a # role trust policy. You can use source identity information in # CloudTrail logs to determine who took actions with a role. You can use # the `aws:SourceIdentity` condition key to further control access to # Amazon Web Services resources based on the value of source identity. # For more information about using source identity, see [Monitor and # control actions taken with assumed roles][1] in the *IAM User Guide*. # # The regex used to validate this parameter is a string of characters # consisting of upper- and lower-case alphanumeric characters with no # spaces. You can also include underscores or any of the following # characters: =,.@-. You cannot use a value that begins with the text # `aws:`. This prefix is reserved for Amazon Web Services internal use. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html # # @option params [Array] :provided_contexts # A list of previously acquired trusted context assertions in the format # of a JSON array. The trusted context assertion is signed and encrypted # by Amazon Web Services STS. # # The following is an example of a `ProvidedContext` value that includes # a single trusted context assertion and the ARN of the context provider # from which the trusted context assertion was generated. # # `[\{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"\}]` # # @return [Types::AssumeRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::AssumeRoleResponse#credentials #credentials} => Types::Credentials # * {Types::AssumeRoleResponse#assumed_role_user #assumed_role_user} => Types::AssumedRoleUser # * {Types::AssumeRoleResponse#packed_policy_size #packed_policy_size} => Integer # * {Types::AssumeRoleResponse#source_identity #source_identity} => String # # # @example Example: To assume a role # # resp = client.assume_role({ # external_id: "123ABC", # policy: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:ListAllMyBuckets\",\"Resource\":\"*\"}]}", # role_arn: "arn:aws:iam::123456789012:role/demo", # role_session_name: "testAssumeRoleSession", # tags: [ # { # key: "Project", # value: "Unicorn", # }, # { # key: "Team", # value: "Automation", # }, # { # key: "Cost-Center", # value: "12345", # }, # ], # transitive_tag_keys: [ # "Project", # "Cost-Center", # ], # }) # # resp.to_h outputs the following: # { # assumed_role_user: { # arn: "arn:aws:sts::123456789012:assumed-role/demo/Bob", # assumed_role_id: "ARO123EXAMPLE123:Bob", # }, # credentials: { # access_key_id: "AKIAIOSFODNN7EXAMPLE", # expiration: Time.parse("2011-07-15T23:28:33.359Z"), # secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY", # session_token: "AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==", # }, # packed_policy_size: 8, # } # # @example Request syntax with placeholder values # # resp = client.assume_role({ # role_arn: "arnType", # required # role_session_name: "roleSessionNameType", # required # policy_arns: [ # { # arn: "arnType", # }, # ], # policy: "unrestrictedSessionPolicyDocumentType", # duration_seconds: 1, # tags: [ # { # key: "tagKeyType", # required # value: "tagValueType", # required # }, # ], # transitive_tag_keys: ["tagKeyType"], # external_id: "externalIdType", # serial_number: "serialNumberType", # token_code: "tokenCodeType", # source_identity: "sourceIdentityType", # provided_contexts: [ # { # provider_arn: "arnType", # context_assertion: "contextAssertionType", # }, # ], # }) # # @example Response structure # # resp.credentials.access_key_id #=> String # resp.credentials.secret_access_key #=> String # resp.credentials.session_token #=> String # resp.credentials.expiration #=> Time # resp.assumed_role_user.assumed_role_id #=> String # resp.assumed_role_user.arn #=> String # resp.packed_policy_size #=> Integer # resp.source_identity #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole AWS API Documentation # # @overload assume_role(params = {}) # @param [Hash] params ({}) def assume_role(params = {}, options = {}) req = build_request(:assume_role, params) req.send_request(options) end # Returns a set of temporary security credentials for users who have # been authenticated via a SAML authentication response. This operation # provides a mechanism for tying an enterprise identity store or # directory to role-based Amazon Web Services access without # user-specific credentials or configuration. For a comparison of # `AssumeRoleWithSAML` with the other API operations that produce # temporary credentials, see [Requesting Temporary Security # Credentials][1] and [Comparing the Amazon Web Services STS API # operations][2] in the *IAM User Guide*. # # The temporary security credentials returned by this operation consist # of an access key ID, a secret access key, and a security token. # Applications can use these temporary security credentials to sign # calls to Amazon Web Services services. # # **Session Duration** # # By default, the temporary security credentials created by # `AssumeRoleWithSAML` last for one hour. However, you can use the # optional `DurationSeconds` parameter to specify the duration of your # session. Your role session lasts for the duration that you specify, or # until the time specified in the SAML authentication response's # `SessionNotOnOrAfter` value, whichever is shorter. You can provide a # `DurationSeconds` value from 900 seconds (15 minutes) up to the # maximum session duration setting for the role. This setting can have a # value from 1 hour to 12 hours. To learn how to view the maximum value # for your role, see [View the Maximum Session Duration Setting for a # Role][3] in the *IAM User Guide*. The maximum session duration limit # applies when you use the `AssumeRole*` API operations or the # `assume-role*` CLI commands. However the limit does not apply when you # use those operations to create a console URL. For more information, # see [Using IAM Roles][4] in the *IAM User Guide*. # # [Role chaining][5] limits your CLI or Amazon Web Services API role # session to a maximum of one hour. When you use the `AssumeRole` API # operation to assume a role, you can specify the duration of your role # session with the `DurationSeconds` parameter. You can specify a # parameter value of up to 43200 seconds (12 hours), depending on the # maximum session duration setting for your role. However, if you assume # a role using role chaining and provide a `DurationSeconds` parameter # value greater than one hour, the operation fails. # # # # **Permissions** # # The temporary security credentials created by `AssumeRoleWithSAML` can # be used to make API calls to any Amazon Web Services service with the # following exception: you cannot call the STS `GetFederationToken` or # `GetSessionToken` API operations. # # (Optional) You can pass inline or managed [session policies][6] to # this operation. You can pass a single JSON policy document to use as # an inline session policy. You can also specify up to 10 managed policy # Amazon Resource Names (ARNs) to use as managed session policies. The # plaintext that you use for both inline and managed session policies # can't exceed 2,048 characters. Passing policies to this operation # returns new temporary credentials. The resulting session's # permissions are the intersection of the role's identity-based policy # and the session policies. You can use the role's temporary # credentials in subsequent Amazon Web Services API calls to access # resources in the account that owns the role. You cannot use session # policies to grant more permissions than those allowed by the # identity-based policy of the role that is being assumed. For more # information, see [Session Policies][6] in the *IAM User Guide*. # # Calling `AssumeRoleWithSAML` does not require the use of Amazon Web # Services security credentials. The identity of the caller is validated # by using keys in the metadata document that is uploaded for the SAML # provider entity for your identity provider. # # Calling `AssumeRoleWithSAML` can result in an entry in your CloudTrail # logs. The entry includes the value in the `NameID` element of the SAML # assertion. We recommend that you use a `NameIDType` that is not # associated with any personally identifiable information (PII). For # example, you could instead use the persistent identifier # (`urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`). # # **Tags** # # (Optional) You can configure your IdP to pass attributes into your # SAML assertion as session tags. Each session tag consists of a key # name and an associated value. For more information about session tags, # see [Passing Session Tags in STS][7] in the *IAM User Guide*. # # You can pass up to 50 session tags. The plaintext session tag keys # can’t exceed 128 characters and the values can’t exceed 256 # characters. For these and additional limits, see [IAM and STS # Character Limits][8] in the *IAM User Guide*. # # An Amazon Web Services conversion compresses the passed inline session # policy, managed policy ARNs, and session tags into a packed binary # format that has a separate limit. Your request can fail for this limit # even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how close # the policies and tags for your request are to the upper size limit. # # # # You can pass a session tag with the same key as a tag that is attached # to the role. When you do, session tags override the role's tags with # the same key. # # An administrator must grant you the permissions necessary to pass # session tags. The administrator can also create granular permissions # to allow you to pass only specific session tags. For more information, # see [Tutorial: Using Tags for Attribute-Based Access Control][9] in # the *IAM User Guide*. # # You can set the session tags as transitive. Transitive tags persist # during role chaining. For more information, see [Chaining Roles with # Session Tags][10] in the *IAM User Guide*. # # **SAML Configuration** # # Before your application can call `AssumeRoleWithSAML`, you must # configure your SAML identity provider (IdP) to issue the claims # required by Amazon Web Services. Additionally, you must use Identity # and Access Management (IAM) to create a SAML provider entity in your # Amazon Web Services account that represents your identity provider. # You must also create an IAM role that specifies this SAML provider in # its trust policy. # # For more information, see the following resources: # # * [About SAML 2.0-based Federation][11] in the *IAM User Guide*. # # * [Creating SAML Identity Providers][12] in the *IAM User Guide*. # # * [Configuring a Relying Party and Claims][13] in the *IAM User # Guide*. # # * [Creating a Role for SAML 2.0 Federation][14] in the *IAM User # Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html # [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length # [9]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html # [10]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining # [11]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html # [12]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html # [13]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html # [14]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html # # @option params [required, String] :role_arn # The Amazon Resource Name (ARN) of the role that the caller is # assuming. # # @option params [required, String] :principal_arn # The Amazon Resource Name (ARN) of the SAML provider in IAM that # describes the IdP. # # @option params [required, String] :saml_assertion # The base64 encoded SAML authentication response provided by the IdP. # # For more information, see [Configuring a Relying Party and Adding # Claims][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html # # @option params [Array] :policy_arns # The Amazon Resource Names (ARNs) of the IAM managed policies that you # want to use as managed session policies. The policies must exist in # the same account as the role. # # This parameter is optional. You can provide up to 10 managed policy # ARNs. However, the plaintext that you use for both inline and managed # session policies can't exceed 2,048 characters. For more information # about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services # Service Namespaces][1] in the Amazon Web Services General Reference. # # An Amazon Web Services conversion compresses the passed inline session # policy, managed policy ARNs, and session tags into a packed binary # format that has a separate limit. Your request can fail for this limit # even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how close # the policies and tags for your request are to the upper size limit. # # # # Passing policies to this operation returns new temporary credentials. # The resulting session's permissions are the intersection of the # role's identity-based policy and the session policies. You can use # the role's temporary credentials in subsequent Amazon Web Services # API calls to access resources in the account that owns the role. You # cannot use session policies to grant more permissions than those # allowed by the identity-based policy of the role that is being # assumed. For more information, see [Session Policies][2] in the *IAM # User Guide*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # # @option params [String] :policy # An IAM policy in JSON format that you want to use as an inline session # policy. # # This parameter is optional. Passing policies to this operation returns # new temporary credentials. The resulting session's permissions are # the intersection of the role's identity-based policy and the session # policies. You can use the role's temporary credentials in subsequent # Amazon Web Services API calls to access resources in the account that # owns the role. You cannot use session policies to grant more # permissions than those allowed by the identity-based policy of the # role that is being assumed. For more information, see [Session # Policies][1] in the *IAM User Guide*. # # The plaintext that you use for both inline and managed session # policies can't exceed 2,048 characters. The JSON policy characters # can be any ASCII character from the space character to the end of the # valid character list (\\u0020 through \\u00FF). It can also include # the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) # characters. # # An Amazon Web Services conversion compresses the passed inline session # policy, managed policy ARNs, and session tags into a packed binary # format that has a separate limit. Your request can fail for this limit # even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how close # the policies and tags for your request are to the upper size limit. # # # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # # @option params [Integer] :duration_seconds # The duration, in seconds, of the role session. Your role session lasts # for the duration that you specify for the `DurationSeconds` parameter, # or until the time specified in the SAML authentication response's # `SessionNotOnOrAfter` value, whichever is shorter. You can provide a # `DurationSeconds` value from 900 seconds (15 minutes) up to the # maximum session duration setting for the role. This setting can have a # value from 1 hour to 12 hours. If you specify a value higher than this # setting, the operation fails. For example, if you specify a session # duration of 12 hours, but your administrator set the maximum session # duration to 6 hours, your operation fails. To learn how to view the # maximum value for your role, see [View the Maximum Session Duration # Setting for a Role][1] in the *IAM User Guide*. # # By default, the value is set to `3600` seconds. # # The `DurationSeconds` parameter is separate from the duration of a # console session that you might request using the returned credentials. # The request to the federation endpoint for a console sign-in token # takes a `SessionDuration` parameter that specifies the maximum length # of the console session. For more information, see [Creating a URL that # Enables Federated Users to Access the Amazon Web Services Management # Console][2] in the *IAM User Guide*. # # # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html # # @return [Types::AssumeRoleWithSAMLResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::AssumeRoleWithSAMLResponse#credentials #credentials} => Types::Credentials # * {Types::AssumeRoleWithSAMLResponse#assumed_role_user #assumed_role_user} => Types::AssumedRoleUser # * {Types::AssumeRoleWithSAMLResponse#packed_policy_size #packed_policy_size} => Integer # * {Types::AssumeRoleWithSAMLResponse#subject #subject} => String # * {Types::AssumeRoleWithSAMLResponse#subject_type #subject_type} => String # * {Types::AssumeRoleWithSAMLResponse#issuer #issuer} => String # * {Types::AssumeRoleWithSAMLResponse#audience #audience} => String # * {Types::AssumeRoleWithSAMLResponse#name_qualifier #name_qualifier} => String # * {Types::AssumeRoleWithSAMLResponse#source_identity #source_identity} => String # # # @example Example: To assume a role using a SAML assertion # # resp = client.assume_role_with_saml({ # duration_seconds: 3600, # principal_arn: "arn:aws:iam::123456789012:saml-provider/SAML-test", # role_arn: "arn:aws:iam::123456789012:role/TestSaml", # saml_assertion: "VERYLONGENCODEDASSERTIONEXAMPLExzYW1sOkF1ZGllbmNlPmJsYW5rPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6dHJhbnNpZW50Ij5TYW1sRXhhbXBsZTwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxOS0xMS0wMVQyMDoyNTowNS4xNDVaIiBSZWNpcGllbnQ9Imh0dHBzOi8vc2lnbmluLmF3cy5hbWF6b24uY29tL3NhbWwiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRoPD94bWwgdmpSZXNwb25zZT4=", # }) # # resp.to_h outputs the following: # { # assumed_role_user: { # arn: "arn:aws:sts::123456789012:assumed-role/TestSaml", # assumed_role_id: "ARO456EXAMPLE789:TestSaml", # }, # audience: "https://signin.aws.amazon.com/saml", # credentials: { # access_key_id: "ASIAV3ZUEFP6EXAMPLE", # expiration: Time.parse("2019-11-01T20:26:47Z"), # secret_access_key: "8P+SQvWIuLnKhh8d++jpw0nNmQRBZvNEXAMPLEKEY", # session_token: "IQoJb3JpZ2luX2VjEOz////////////////////wEXAMPLEtMSJHMEUCIDoKK3JH9uGQE1z0sINr5M4jk+Na8KHDcCYRVjJCZEvOAiEA3OvJGtw1EcViOleS2vhs8VdCKFJQWPQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==", # }, # issuer: "https://integ.example.com/idp/shibboleth", # name_qualifier: "SbdGOnUkh1i4+EXAMPLExL/jEvs=", # packed_policy_size: 6, # subject: "SamlExample", # subject_type: "transient", # } # # @example Request syntax with placeholder values # # resp = client.assume_role_with_saml({ # role_arn: "arnType", # required # principal_arn: "arnType", # required # saml_assertion: "SAMLAssertionType", # required # policy_arns: [ # { # arn: "arnType", # }, # ], # policy: "sessionPolicyDocumentType", # duration_seconds: 1, # }) # # @example Response structure # # resp.credentials.access_key_id #=> String # resp.credentials.secret_access_key #=> String # resp.credentials.session_token #=> String # resp.credentials.expiration #=> Time # resp.assumed_role_user.assumed_role_id #=> String # resp.assumed_role_user.arn #=> String # resp.packed_policy_size #=> Integer # resp.subject #=> String # resp.subject_type #=> String # resp.issuer #=> String # resp.audience #=> String # resp.name_qualifier #=> String # resp.source_identity #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML AWS API Documentation # # @overload assume_role_with_saml(params = {}) # @param [Hash] params ({}) def assume_role_with_saml(params = {}, options = {}) req = build_request(:assume_role_with_saml, params) req.send_request(options) end # Returns a set of temporary security credentials for users who have # been authenticated in a mobile or web application with a web identity # provider. Example providers include the OAuth 2.0 providers Login with # Amazon and Facebook, or any OpenID Connect-compatible identity # provider such as Google or [Amazon Cognito federated identities][1]. # # For mobile applications, we recommend that you use Amazon Cognito. You # can use Amazon Cognito with the [Amazon Web Services SDK for iOS # Developer Guide][2] and the [Amazon Web Services SDK for Android # Developer Guide][3] to uniquely identify a user. You can also supply # the user with a consistent identity throughout the lifetime of an # application. # # To learn more about Amazon Cognito, see [Amazon Cognito identity # pools][1] in *Amazon Cognito Developer Guide*. # # # # Calling `AssumeRoleWithWebIdentity` does not require the use of Amazon # Web Services security credentials. Therefore, you can distribute an # application (for example, on mobile devices) that requests temporary # security credentials without including long-term Amazon Web Services # credentials in the application. You also don't need to deploy # server-based proxy services that use long-term Amazon Web Services # credentials. Instead, the identity of the caller is validated by using # a token from the web identity provider. For a comparison of # `AssumeRoleWithWebIdentity` with the other API operations that produce # temporary credentials, see [Requesting Temporary Security # Credentials][4] and [Comparing the Amazon Web Services STS API # operations][5] in the *IAM User Guide*. # # The temporary security credentials returned by this API consist of an # access key ID, a secret access key, and a security token. Applications # can use these temporary security credentials to sign calls to Amazon # Web Services service API operations. # # **Session Duration** # # By default, the temporary security credentials created by # `AssumeRoleWithWebIdentity` last for one hour. However, you can use # the optional `DurationSeconds` parameter to specify the duration of # your session. You can provide a value from 900 seconds (15 minutes) up # to the maximum session duration setting for the role. This setting can # have a value from 1 hour to 12 hours. To learn how to view the maximum # value for your role, see [View the Maximum Session Duration Setting # for a Role][6] in the *IAM User Guide*. The maximum session duration # limit applies when you use the `AssumeRole*` API operations or the # `assume-role*` CLI commands. However the limit does not apply when you # use those operations to create a console URL. For more information, # see [Using IAM Roles][7] in the *IAM User Guide*. # # **Permissions** # # The temporary security credentials created by # `AssumeRoleWithWebIdentity` can be used to make API calls to any # Amazon Web Services service with the following exception: you cannot # call the STS `GetFederationToken` or `GetSessionToken` API operations. # # (Optional) You can pass inline or managed [session policies][8] to # this operation. You can pass a single JSON policy document to use as # an inline session policy. You can also specify up to 10 managed policy # Amazon Resource Names (ARNs) to use as managed session policies. The # plaintext that you use for both inline and managed session policies # can't exceed 2,048 characters. Passing policies to this operation # returns new temporary credentials. The resulting session's # permissions are the intersection of the role's identity-based policy # and the session policies. You can use the role's temporary # credentials in subsequent Amazon Web Services API calls to access # resources in the account that owns the role. You cannot use session # policies to grant more permissions than those allowed by the # identity-based policy of the role that is being assumed. For more # information, see [Session Policies][8] in the *IAM User Guide*. # # **Tags** # # (Optional) You can configure your IdP to pass attributes into your web # identity token as session tags. Each session tag consists of a key # name and an associated value. For more information about session tags, # see [Passing Session Tags in STS][9] in the *IAM User Guide*. # # You can pass up to 50 session tags. The plaintext session tag keys # can’t exceed 128 characters and the values can’t exceed 256 # characters. For these and additional limits, see [IAM and STS # Character Limits][10] in the *IAM User Guide*. # # An Amazon Web Services conversion compresses the passed inline session # policy, managed policy ARNs, and session tags into a packed binary # format that has a separate limit. Your request can fail for this limit # even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how close # the policies and tags for your request are to the upper size limit. # # # # You can pass a session tag with the same key as a tag that is attached # to the role. When you do, the session tag overrides the role tag with # the same key. # # An administrator must grant you the permissions necessary to pass # session tags. The administrator can also create granular permissions # to allow you to pass only specific session tags. For more information, # see [Tutorial: Using Tags for Attribute-Based Access Control][11] in # the *IAM User Guide*. # # You can set the session tags as transitive. Transitive tags persist # during role chaining. For more information, see [Chaining Roles with # Session Tags][12] in the *IAM User Guide*. # # **Identities** # # Before your application can call `AssumeRoleWithWebIdentity`, you must # have an identity token from a supported identity provider and create a # role that the application can assume. The role that your application # assumes must trust the identity provider that is associated with the # identity token. In other words, the identity provider must be # specified in the role's trust policy. # # Calling `AssumeRoleWithWebIdentity` can result in an entry in your # CloudTrail logs. The entry includes the [Subject][13] of the provided # web identity token. We recommend that you avoid using any personally # identifiable information (PII) in this field. For example, you could # instead use a GUID or a pairwise identifier, as [suggested in the OIDC # specification][14]. # # For more information about how to use web identity federation and the # `AssumeRoleWithWebIdentity` API, see the following resources: # # * [Using Web Identity Federation API Operations for Mobile Apps][15] # and [Federation Through a Web-based Identity Provider][16]. # # * [ Web Identity Federation Playground][17]. Walk through the process # of authenticating through Login with Amazon, Facebook, or Google, # getting temporary security credentials, and then using those # credentials to make a request to Amazon Web Services. # # * [Amazon Web Services SDK for iOS Developer Guide][2] and [Amazon Web # Services SDK for Android Developer Guide][3]. These toolkits contain # sample apps that show how to invoke the identity providers. The # toolkits then show how to use the information from these providers # to get and use temporary security credentials. # # * [Web Identity Federation with Mobile Applications][18]. This article # discusses web identity federation and shows an example of how to use # web identity federation to get access to content in Amazon S3. # # # # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html # [2]: http://aws.amazon.com/sdkforios/ # [3]: http://aws.amazon.com/sdkforandroid/ # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session # [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html # [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # [9]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html # [10]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length # [11]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html # [12]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining # [13]: http://openid.net/specs/openid-connect-core-1_0.html#Claims # [14]: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes # [15]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html # [16]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity # [17]: https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/ # [18]: http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications # # @option params [required, String] :role_arn # The Amazon Resource Name (ARN) of the role that the caller is # assuming. # # @option params [required, String] :role_session_name # An identifier for the assumed role session. Typically, you pass the # name or identifier that is associated with the user who is using your # application. That way, the temporary security credentials that your # application will use are associated with that user. This session name # is included as part of the ARN and assumed role ID in the # `AssumedRoleUser` response element. # # The regex used to validate this parameter is a string of characters # consisting of upper- and lower-case alphanumeric characters with no # spaces. You can also include underscores or any of the following # characters: =,.@- # # @option params [required, String] :web_identity_token # The OAuth 2.0 access token or OpenID Connect ID token that is provided # by the identity provider. Your application must get this token by # authenticating the user who is using your application with a web # identity provider before the application makes an # `AssumeRoleWithWebIdentity` call. Only tokens with RSA algorithms # (RS256) are supported. # # @option params [String] :provider_id # The fully qualified host component of the domain name of the OAuth 2.0 # identity provider. Do not specify this value for an OpenID Connect # identity provider. # # Currently `www.amazon.com` and `graph.facebook.com` are the only # supported identity providers for OAuth 2.0 access tokens. Do not # include URL schemes and port numbers. # # Do not specify this value for OpenID Connect ID tokens. # # @option params [Array] :policy_arns # The Amazon Resource Names (ARNs) of the IAM managed policies that you # want to use as managed session policies. The policies must exist in # the same account as the role. # # This parameter is optional. You can provide up to 10 managed policy # ARNs. However, the plaintext that you use for both inline and managed # session policies can't exceed 2,048 characters. For more information # about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services # Service Namespaces][1] in the Amazon Web Services General Reference. # # An Amazon Web Services conversion compresses the passed inline session # policy, managed policy ARNs, and session tags into a packed binary # format that has a separate limit. Your request can fail for this limit # even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how close # the policies and tags for your request are to the upper size limit. # # # # Passing policies to this operation returns new temporary credentials. # The resulting session's permissions are the intersection of the # role's identity-based policy and the session policies. You can use # the role's temporary credentials in subsequent Amazon Web Services # API calls to access resources in the account that owns the role. You # cannot use session policies to grant more permissions than those # allowed by the identity-based policy of the role that is being # assumed. For more information, see [Session Policies][2] in the *IAM # User Guide*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # # @option params [String] :policy # An IAM policy in JSON format that you want to use as an inline session # policy. # # This parameter is optional. Passing policies to this operation returns # new temporary credentials. The resulting session's permissions are # the intersection of the role's identity-based policy and the session # policies. You can use the role's temporary credentials in subsequent # Amazon Web Services API calls to access resources in the account that # owns the role. You cannot use session policies to grant more # permissions than those allowed by the identity-based policy of the # role that is being assumed. For more information, see [Session # Policies][1] in the *IAM User Guide*. # # The plaintext that you use for both inline and managed session # policies can't exceed 2,048 characters. The JSON policy characters # can be any ASCII character from the space character to the end of the # valid character list (\\u0020 through \\u00FF). It can also include # the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) # characters. # # An Amazon Web Services conversion compresses the passed inline session # policy, managed policy ARNs, and session tags into a packed binary # format that has a separate limit. Your request can fail for this limit # even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how close # the policies and tags for your request are to the upper size limit. # # # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # # @option params [Integer] :duration_seconds # The duration, in seconds, of the role session. The value can range # from 900 seconds (15 minutes) up to the maximum session duration # setting for the role. This setting can have a value from 1 hour to 12 # hours. If you specify a value higher than this setting, the operation # fails. For example, if you specify a session duration of 12 hours, but # your administrator set the maximum session duration to 6 hours, your # operation fails. To learn how to view the maximum value for your role, # see [View the Maximum Session Duration Setting for a Role][1] in the # *IAM User Guide*. # # By default, the value is set to `3600` seconds. # # The `DurationSeconds` parameter is separate from the duration of a # console session that you might request using the returned credentials. # The request to the federation endpoint for a console sign-in token # takes a `SessionDuration` parameter that specifies the maximum length # of the console session. For more information, see [Creating a URL that # Enables Federated Users to Access the Amazon Web Services Management # Console][2] in the *IAM User Guide*. # # # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html # # @return [Types::AssumeRoleWithWebIdentityResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::AssumeRoleWithWebIdentityResponse#credentials #credentials} => Types::Credentials # * {Types::AssumeRoleWithWebIdentityResponse#subject_from_web_identity_token #subject_from_web_identity_token} => String # * {Types::AssumeRoleWithWebIdentityResponse#assumed_role_user #assumed_role_user} => Types::AssumedRoleUser # * {Types::AssumeRoleWithWebIdentityResponse#packed_policy_size #packed_policy_size} => Integer # * {Types::AssumeRoleWithWebIdentityResponse#provider #provider} => String # * {Types::AssumeRoleWithWebIdentityResponse#audience #audience} => String # * {Types::AssumeRoleWithWebIdentityResponse#source_identity #source_identity} => String # # # @example Example: To assume a role as an OpenID Connect-federated user # # resp = client.assume_role_with_web_identity({ # duration_seconds: 3600, # policy: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:ListAllMyBuckets\",\"Resource\":\"*\"}]}", # provider_id: "www.amazon.com", # role_arn: "arn:aws:iam::123456789012:role/FederatedWebIdentityRole", # role_session_name: "app1", # web_identity_token: "Atza%7CIQEBLjAsAhRFiXuWpUXuRvQ9PZL3GMFcYevydwIUFAHZwXZXXXXXXXXJnrulxKDHwy87oGKPznh0D6bEQZTSCzyoCtL_8S07pLpr0zMbn6w1lfVZKNTBdDansFBmtGnIsIapjI6xKR02Yc_2bQ8LZbUXSGm6Ry6_BG7PrtLZtj_dfCTj92xNGed-CrKqjG7nPBjNIL016GGvuS5gSvPRUxWES3VYfm1wl7WTI7jn-Pcb6M-buCgHhFOzTQxod27L9CqnOLio7N3gZAGpsp6n1-AJBOCJckcyXe2c6uD0srOJeZlKUm2eTDVMf8IehDVI0r1QOnTV6KzzAI3OY87Vd_cVMQ", # }) # # resp.to_h outputs the following: # { # assumed_role_user: { # arn: "arn:aws:sts::123456789012:assumed-role/FederatedWebIdentityRole/app1", # assumed_role_id: "AROACLKWSDQRAOEXAMPLE:app1", # }, # audience: "client.5498841531868486423.1548@apps.example.com", # credentials: { # access_key_id: "AKIAIOSFODNN7EXAMPLE", # expiration: Time.parse("2014-10-24T23:00:23Z"), # secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY", # session_token: "AQoDYXdzEE0a8ANXXXXXXXXNO1ewxE5TijQyp+IEXAMPLE", # }, # packed_policy_size: 123, # provider: "www.amazon.com", # subject_from_web_identity_token: "amzn1.account.AF6RHO7KZU5XRVQJGXK6HEXAMPLE", # } # # @example Request syntax with placeholder values # # resp = client.assume_role_with_web_identity({ # role_arn: "arnType", # required # role_session_name: "roleSessionNameType", # required # web_identity_token: "clientTokenType", # required # provider_id: "urlType", # policy_arns: [ # { # arn: "arnType", # }, # ], # policy: "sessionPolicyDocumentType", # duration_seconds: 1, # }) # # @example Response structure # # resp.credentials.access_key_id #=> String # resp.credentials.secret_access_key #=> String # resp.credentials.session_token #=> String # resp.credentials.expiration #=> Time # resp.subject_from_web_identity_token #=> String # resp.assumed_role_user.assumed_role_id #=> String # resp.assumed_role_user.arn #=> String # resp.packed_policy_size #=> Integer # resp.provider #=> String # resp.audience #=> String # resp.source_identity #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity AWS API Documentation # # @overload assume_role_with_web_identity(params = {}) # @param [Hash] params ({}) def assume_role_with_web_identity(params = {}, options = {}) req = build_request(:assume_role_with_web_identity, params) req.send_request(options) end # Decodes additional information about the authorization status of a # request from an encoded message returned in response to an Amazon Web # Services request. # # For example, if a user is not authorized to perform an operation that # he or she has requested, the request returns a # `Client.UnauthorizedOperation` response (an HTTP 403 response). Some # Amazon Web Services operations additionally return an encoded message # that can provide details about this authorization failure. # # Only certain Amazon Web Services operations return an encoded # authorization message. The documentation for an individual operation # indicates whether that operation returns an encoded message in # addition to returning an HTTP code. # # # # The message is encoded because the details of the authorization status # can contain privileged information that the user who requested the # operation should not see. To decode an authorization status message, a # user must be granted permissions through an IAM [policy][1] to request # the `DecodeAuthorizationMessage` (`sts:DecodeAuthorizationMessage`) # action. # # The decoded message includes the following type of information: # # * Whether the request was denied due to an explicit deny or due to the # absence of an explicit allow. For more information, see [Determining # Whether a Request is Allowed or Denied][2] in the *IAM User Guide*. # # * The principal who made the request. # # * The requested action. # # * The requested resource. # # * The values of condition keys in the context of the user's request. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow # # @option params [required, String] :encoded_message # The encoded message that was returned with the response. # # @return [Types::DecodeAuthorizationMessageResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::DecodeAuthorizationMessageResponse#decoded_message #decoded_message} => String # # # @example Example: To decode information about an authorization status of a request # # resp = client.decode_authorization_message({ # encoded_message: "", # }) # # resp.to_h outputs the following: # { # decoded_message: "{\"allowed\": \"false\",\"explicitDeny\": \"false\",\"matchedStatements\": \"\",\"failures\": \"\",\"context\": {\"principal\": {\"id\": \"AIDACKCEVSQ6C2EXAMPLE\",\"name\": \"Bob\",\"arn\": \"arn:aws:iam::123456789012:user/Bob\"},\"action\": \"ec2:StopInstances\",\"resource\": \"arn:aws:ec2:us-east-1:123456789012:instance/i-dd01c9bd\",\"conditions\": [{\"item\": {\"key\": \"ec2:Tenancy\",\"values\": [\"default\"]},{\"item\": {\"key\": \"ec2:ResourceTag/elasticbeanstalk:environment-name\",\"values\": [\"Default-Environment\"]}},(Additional items ...)]}}", # } # # @example Request syntax with placeholder values # # resp = client.decode_authorization_message({ # encoded_message: "encodedMessageType", # required # }) # # @example Response structure # # resp.decoded_message #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage AWS API Documentation # # @overload decode_authorization_message(params = {}) # @param [Hash] params ({}) def decode_authorization_message(params = {}, options = {}) req = build_request(:decode_authorization_message, params) req.send_request(options) end # Returns the account identifier for the specified access key ID. # # Access keys consist of two parts: an access key ID (for example, # `AKIAIOSFODNN7EXAMPLE`) and a secret access key (for example, # `wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`). For more information # about access keys, see [Managing Access Keys for IAM Users][1] in the # *IAM User Guide*. # # When you pass an access key ID to this operation, it returns the ID of # the Amazon Web Services account to which the keys belong. Access key # IDs beginning with `AKIA` are long-term credentials for an IAM user or # the Amazon Web Services account root user. Access key IDs beginning # with `ASIA` are temporary credentials that are created using STS # operations. If the account in the response belongs to you, you can # sign in as the root user and review your root user access keys. Then, # you can pull a [credentials report][2] to learn which IAM user owns # the keys. To learn who requested the temporary credentials for an # `ASIA` access key, view the STS events in your [CloudTrail logs][3] in # the *IAM User Guide*. # # This operation does not indicate the state of the access key. The key # might be active, inactive, or deleted. Active keys might not have # permissions to perform an operation. Providing a deleted access key # might return an error that the key doesn't exist. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html # # @option params [required, String] :access_key_id # The identifier of an access key. # # This parameter allows (through its regex pattern) a string of # characters that can consist of any upper- or lowercase letter or # digit. # # @return [Types::GetAccessKeyInfoResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetAccessKeyInfoResponse#account #account} => String # # @example Request syntax with placeholder values # # resp = client.get_access_key_info({ # access_key_id: "accessKeyIdType", # required # }) # # @example Response structure # # resp.account #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo AWS API Documentation # # @overload get_access_key_info(params = {}) # @param [Hash] params ({}) def get_access_key_info(params = {}, options = {}) req = build_request(:get_access_key_info, params) req.send_request(options) end # Returns details about the IAM user or role whose credentials are used # to call the operation. # # No permissions are required to perform this operation. If an # administrator attaches a policy to your identity that explicitly # denies access to the `sts:GetCallerIdentity` action, you can still # perform this operation. Permissions are not required because the same # information is returned when access is denied. To view an example # response, see [I Am Not Authorized to Perform: # iam:DeleteVirtualMFADevice][1] in the *IAM User Guide*. # # # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa # # @return [Types::GetCallerIdentityResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetCallerIdentityResponse#user_id #user_id} => String # * {Types::GetCallerIdentityResponse#account #account} => String # * {Types::GetCallerIdentityResponse#arn #arn} => String # # # @example Example: To get details about a calling IAM user # # # This example shows a request and response made with the credentials for a user named Alice in the AWS account # # 123456789012. # # resp = client.get_caller_identity({ # }) # # resp.to_h outputs the following: # { # account: "123456789012", # arn: "arn:aws:iam::123456789012:user/Alice", # user_id: "AKIAI44QH8DHBEXAMPLE", # } # # @example Example: To get details about a calling user federated with AssumeRole # # # This example shows a request and response made with temporary credentials created by AssumeRole. The name of the assumed # # role is my-role-name, and the RoleSessionName is set to my-role-session-name. # # resp = client.get_caller_identity({ # }) # # resp.to_h outputs the following: # { # account: "123456789012", # arn: "arn:aws:sts::123456789012:assumed-role/my-role-name/my-role-session-name", # user_id: "AKIAI44QH8DHBEXAMPLE:my-role-session-name", # } # # @example Example: To get details about a calling user federated with GetFederationToken # # # This example shows a request and response made with temporary credentials created by using GetFederationToken. The Name # # parameter is set to my-federated-user-name. # # resp = client.get_caller_identity({ # }) # # resp.to_h outputs the following: # { # account: "123456789012", # arn: "arn:aws:sts::123456789012:federated-user/my-federated-user-name", # user_id: "123456789012:my-federated-user-name", # } # # @example Response structure # # resp.user_id #=> String # resp.account #=> String # resp.arn #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity AWS API Documentation # # @overload get_caller_identity(params = {}) # @param [Hash] params ({}) def get_caller_identity(params = {}, options = {}) req = build_request(:get_caller_identity, params) req.send_request(options) end # Returns a set of temporary security credentials (consisting of an # access key ID, a secret access key, and a security token) for a user. # A typical use is in a proxy application that gets temporary security # credentials on behalf of distributed applications inside a corporate # network. # # You must call the `GetFederationToken` operation using the long-term # security credentials of an IAM user. As a result, this call is # appropriate in contexts where those credentials can be safeguarded, # usually in a server-based application. For a comparison of # `GetFederationToken` with the other API operations that produce # temporary credentials, see [Requesting Temporary Security # Credentials][1] and [Comparing the Amazon Web Services STS API # operations][2] in the *IAM User Guide*. # # Although it is possible to call `GetFederationToken` using the # security credentials of an Amazon Web Services account root user # rather than an IAM user that you create for the purpose of a proxy # application, we do not recommend it. For more information, see # [Safeguard your root user credentials and don't use them for everyday # tasks][3] in the *IAM User Guide*. # # You can create a mobile-based or browser-based app that can # authenticate users using a web identity provider like Login with # Amazon, Facebook, Google, or an OpenID Connect-compatible identity # provider. In this case, we recommend that you use [Amazon Cognito][4] # or `AssumeRoleWithWebIdentity`. For more information, see [Federation # Through a Web-based Identity Provider][5] in the *IAM User Guide*. # # # # **Session duration** # # The temporary credentials are valid for the specified duration, from # 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 # hours). The default session duration is 43,200 seconds (12 hours). # Temporary credentials obtained by using the root user credentials have # a maximum duration of 3,600 seconds (1 hour). # # **Permissions** # # You can use the temporary credentials created by `GetFederationToken` # in any Amazon Web Services service with the following exceptions: # # * You cannot call any IAM operations using the CLI or the Amazon Web # Services API. This limitation does not apply to console sessions. # # * You cannot call any STS operations except `GetCallerIdentity`. # # You can use temporary credentials for single sign-on (SSO) to the # console. # # You must pass an inline or managed [session policy][6] to this # operation. You can pass a single JSON policy document to use as an # inline session policy. You can also specify up to 10 managed policy # Amazon Resource Names (ARNs) to use as managed session policies. The # plaintext that you use for both inline and managed session policies # can't exceed 2,048 characters. # # Though the session policy parameters are optional, if you do not pass # a policy, then the resulting federated user session has no # permissions. When you pass session policies, the session permissions # are the intersection of the IAM user policies and the session policies # that you pass. This gives you a way to further restrict the # permissions for a federated user. You cannot use session policies to # grant more permissions than those that are defined in the permissions # policy of the IAM user. For more information, see [Session # Policies][6] in the *IAM User Guide*. For information about using # `GetFederationToken` to create temporary security credentials, see # [GetFederationToken—Federation Through a Custom Identity Broker][7]. # # You can use the credentials to access a resource that has a # resource-based policy. If that policy specifically references the # federated user session in the `Principal` element of the policy, the # session has the permissions allowed by the policy. These permissions # are granted in addition to the permissions granted by the session # policies. # # **Tags** # # (Optional) You can pass tag key-value pairs to your session. These are # called session tags. For more information about session tags, see # [Passing Session Tags in STS][8] in the *IAM User Guide*. # # You can create a mobile-based or browser-based app that can # authenticate users using a web identity provider like Login with # Amazon, Facebook, Google, or an OpenID Connect-compatible identity # provider. In this case, we recommend that you use [Amazon Cognito][4] # or `AssumeRoleWithWebIdentity`. For more information, see [Federation # Through a Web-based Identity Provider][5] in the *IAM User Guide*. # # # # An administrator must grant you the permissions necessary to pass # session tags. The administrator can also create granular permissions # to allow you to pass only specific session tags. For more information, # see [Tutorial: Using Tags for Attribute-Based Access Control][9] in # the *IAM User Guide*. # # Tag key–value pairs are not case sensitive, but case is preserved. # This means that you cannot have separate `Department` and `department` # tag keys. Assume that the user that you are federating has the # `Department`=`Marketing` tag and you pass the # `department`=`engineering` session tag. `Department` and `department` # are not saved as separate tags, and the session tag passed in the # request takes precedence over the user tag. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials # [4]: http://aws.amazon.com/cognito/ # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken # [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html # [9]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html # # @option params [required, String] :name # The name of the federated user. The name is used as an identifier for # the temporary security credentials (such as `Bob`). For example, you # can reference the federated user name in a resource-based policy, such # as in an Amazon S3 bucket policy. # # The regex used to validate this parameter is a string of characters # consisting of upper- and lower-case alphanumeric characters with no # spaces. You can also include underscores or any of the following # characters: =,.@- # # @option params [String] :policy # An IAM policy in JSON format that you want to use as an inline session # policy. # # You must pass an inline or managed [session policy][1] to this # operation. You can pass a single JSON policy document to use as an # inline session policy. You can also specify up to 10 managed policy # Amazon Resource Names (ARNs) to use as managed session policies. # # This parameter is optional. However, if you do not pass any session # policies, then the resulting federated user session has no # permissions. # # When you pass session policies, the session permissions are the # intersection of the IAM user policies and the session policies that # you pass. This gives you a way to further restrict the permissions for # a federated user. You cannot use session policies to grant more # permissions than those that are defined in the permissions policy of # the IAM user. For more information, see [Session Policies][1] in the # *IAM User Guide*. # # The resulting credentials can be used to access a resource that has a # resource-based policy. If that policy specifically references the # federated user session in the `Principal` element of the policy, the # session has the permissions allowed by the policy. These permissions # are granted in addition to the permissions that are granted by the # session policies. # # The plaintext that you use for both inline and managed session # policies can't exceed 2,048 characters. The JSON policy characters # can be any ASCII character from the space character to the end of the # valid character list (\\u0020 through \\u00FF). It can also include # the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) # characters. # # An Amazon Web Services conversion compresses the passed inline session # policy, managed policy ARNs, and session tags into a packed binary # format that has a separate limit. Your request can fail for this limit # even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how close # the policies and tags for your request are to the upper size limit. # # # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # # @option params [Array] :policy_arns # The Amazon Resource Names (ARNs) of the IAM managed policies that you # want to use as a managed session policy. The policies must exist in # the same account as the IAM user that is requesting federated access. # # You must pass an inline or managed [session policy][1] to this # operation. You can pass a single JSON policy document to use as an # inline session policy. You can also specify up to 10 managed policy # Amazon Resource Names (ARNs) to use as managed session policies. The # plaintext that you use for both inline and managed session policies # can't exceed 2,048 characters. You can provide up to 10 managed # policy ARNs. For more information about ARNs, see [Amazon Resource # Names (ARNs) and Amazon Web Services Service Namespaces][2] in the # Amazon Web Services General Reference. # # This parameter is optional. However, if you do not pass any session # policies, then the resulting federated user session has no # permissions. # # When you pass session policies, the session permissions are the # intersection of the IAM user policies and the session policies that # you pass. This gives you a way to further restrict the permissions for # a federated user. You cannot use session policies to grant more # permissions than those that are defined in the permissions policy of # the IAM user. For more information, see [Session Policies][1] in the # *IAM User Guide*. # # The resulting credentials can be used to access a resource that has a # resource-based policy. If that policy specifically references the # federated user session in the `Principal` element of the policy, the # session has the permissions allowed by the policy. These permissions # are granted in addition to the permissions that are granted by the # session policies. # # An Amazon Web Services conversion compresses the passed inline session # policy, managed policy ARNs, and session tags into a packed binary # format that has a separate limit. Your request can fail for this limit # even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how close # the policies and tags for your request are to the upper size limit. # # # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [Integer] :duration_seconds # The duration, in seconds, that the session should last. Acceptable # durations for federation sessions range from 900 seconds (15 minutes) # to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the # default. Sessions obtained using root user credentials are restricted # to a maximum of 3,600 seconds (one hour). If the specified duration is # longer than one hour, the session obtained by using root user # credentials defaults to one hour. # # @option params [Array] :tags # A list of session tags. Each session tag consists of a key name and an # associated value. For more information about session tags, see # [Passing Session Tags in STS][1] in the *IAM User Guide*. # # This parameter is optional. You can pass up to 50 session tags. The # plaintext session tag keys can’t exceed 128 characters and the values # can’t exceed 256 characters. For these and additional limits, see [IAM # and STS Character Limits][2] in the *IAM User Guide*. # # An Amazon Web Services conversion compresses the passed inline session # policy, managed policy ARNs, and session tags into a packed binary # format that has a separate limit. Your request can fail for this limit # even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how close # the policies and tags for your request are to the upper size limit. # # # # You can pass a session tag with the same key as a tag that is already # attached to the user you are federating. When you do, session tags # override a user tag with the same key. # # Tag key–value pairs are not case sensitive, but case is preserved. # This means that you cannot have separate `Department` and `department` # tag keys. Assume that the role has the `Department`=`Marketing` tag # and you pass the `department`=`engineering` session tag. `Department` # and `department` are not saved as separate tags, and the session tag # passed in the request takes precedence over the role tag. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length # # @return [Types::GetFederationTokenResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetFederationTokenResponse#credentials #credentials} => Types::Credentials # * {Types::GetFederationTokenResponse#federated_user #federated_user} => Types::FederatedUser # * {Types::GetFederationTokenResponse#packed_policy_size #packed_policy_size} => Integer # # # @example Example: To get temporary credentials for a role by using GetFederationToken # # resp = client.get_federation_token({ # duration_seconds: 3600, # name: "testFedUserSession", # policy: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:ListAllMyBuckets\",\"Resource\":\"*\"}]}", # tags: [ # { # key: "Project", # value: "Pegasus", # }, # { # key: "Cost-Center", # value: "98765", # }, # ], # }) # # resp.to_h outputs the following: # { # credentials: { # access_key_id: "AKIAIOSFODNN7EXAMPLE", # expiration: Time.parse("2011-07-15T23:28:33.359Z"), # secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY", # session_token: "AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==", # }, # federated_user: { # arn: "arn:aws:sts::123456789012:federated-user/Bob", # federated_user_id: "123456789012:Bob", # }, # packed_policy_size: 8, # } # # @example Request syntax with placeholder values # # resp = client.get_federation_token({ # name: "userNameType", # required # policy: "sessionPolicyDocumentType", # policy_arns: [ # { # arn: "arnType", # }, # ], # duration_seconds: 1, # tags: [ # { # key: "tagKeyType", # required # value: "tagValueType", # required # }, # ], # }) # # @example Response structure # # resp.credentials.access_key_id #=> String # resp.credentials.secret_access_key #=> String # resp.credentials.session_token #=> String # resp.credentials.expiration #=> Time # resp.federated_user.federated_user_id #=> String # resp.federated_user.arn #=> String # resp.packed_policy_size #=> Integer # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken AWS API Documentation # # @overload get_federation_token(params = {}) # @param [Hash] params ({}) def get_federation_token(params = {}, options = {}) req = build_request(:get_federation_token, params) req.send_request(options) end # Returns a set of temporary credentials for an Amazon Web Services # account or IAM user. The credentials consist of an access key ID, a # secret access key, and a security token. Typically, you use # `GetSessionToken` if you want to use MFA to protect programmatic calls # to specific Amazon Web Services API operations like Amazon EC2 # `StopInstances`. # # MFA-enabled IAM users must call `GetSessionToken` and submit an MFA # code that is associated with their MFA device. Using the temporary # security credentials that the call returns, IAM users can then make # programmatic calls to API operations that require MFA authentication. # An incorrect MFA code causes the API to return an access denied error. # For a comparison of `GetSessionToken` with the other API operations # that produce temporary credentials, see [Requesting Temporary Security # Credentials][1] and [Comparing the Amazon Web Services STS API # operations][2] in the *IAM User Guide*. # # No permissions are required for users to perform this operation. The # purpose of the `sts:GetSessionToken` operation is to authenticate the # user using MFA. You cannot use policies to control authentication # operations. For more information, see [Permissions for # GetSessionToken][3] in the *IAM User Guide*. # # # # **Session Duration** # # The `GetSessionToken` operation must be called by using the long-term # Amazon Web Services security credentials of an IAM user. Credentials # that are created by IAM users are valid for the duration that you # specify. This duration can range from 900 seconds (15 minutes) up to a # maximum of 129,600 seconds (36 hours), with a default of 43,200 # seconds (12 hours). Credentials based on account credentials can range # from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a # default of 1 hour. # # **Permissions** # # The temporary security credentials created by `GetSessionToken` can be # used to make API calls to any Amazon Web Services service with the # following exceptions: # # * You cannot call any IAM API operations unless MFA authentication # information is included in the request. # # * You cannot call any STS API *except* `AssumeRole` or # `GetCallerIdentity`. # # The credentials that `GetSessionToken` returns are based on # permissions associated with the IAM user whose credentials were used # to call the operation. The temporary credentials have the same # permissions as the IAM user. # # Although it is possible to call `GetSessionToken` using the security # credentials of an Amazon Web Services account root user rather than an # IAM user, we do not recommend it. If `GetSessionToken` is called using # root user credentials, the temporary credentials have root user # permissions. For more information, see [Safeguard your root user # credentials and don't use them for everyday tasks][4] in the *IAM # User Guide* # # # # For more information about using `GetSessionToken` to create temporary # credentials, see [Temporary Credentials for Users in Untrusted # Environments][5] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken # # @option params [Integer] :duration_seconds # The duration, in seconds, that the credentials should remain valid. # Acceptable durations for IAM user sessions range from 900 seconds (15 # minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) # as the default. Sessions for Amazon Web Services account owners are # restricted to a maximum of 3,600 seconds (one hour). If the duration # is longer than one hour, the session for Amazon Web Services account # owners defaults to one hour. # # @option params [String] :serial_number # The identification number of the MFA device that is associated with # the IAM user who is making the `GetSessionToken` call. Specify this # value if the IAM user has a policy that requires MFA authentication. # The value is either the serial number for a hardware device (such as # `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual device # (such as `arn:aws:iam::123456789012:mfa/user`). You can find the # device for an IAM user by going to the Amazon Web Services Management # Console and viewing the user's security credentials. # # The regex used to validate this parameter is a string of characters # consisting of upper- and lower-case alphanumeric characters with no # spaces. You can also include underscores or any of the following # characters: =,.@:/- # # @option params [String] :token_code # The value provided by the MFA device, if MFA is required. If any # policy requires the IAM user to submit an MFA code, specify this # value. If MFA authentication is required, the user must provide a code # when requesting a set of temporary security credentials. A user who # fails to provide the code receives an "access denied" response when # requesting resources that require MFA authentication. # # The format for this parameter, as described by its regex pattern, is a # sequence of six numeric digits. # # @return [Types::GetSessionTokenResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetSessionTokenResponse#credentials #credentials} => Types::Credentials # # # @example Example: To get temporary credentials for an IAM user or an AWS account # # resp = client.get_session_token({ # duration_seconds: 3600, # serial_number: "YourMFASerialNumber", # token_code: "123456", # }) # # resp.to_h outputs the following: # { # credentials: { # access_key_id: "AKIAIOSFODNN7EXAMPLE", # expiration: Time.parse("2011-07-11T19:55:29.611Z"), # secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY", # session_token: "AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE", # }, # } # # @example Request syntax with placeholder values # # resp = client.get_session_token({ # duration_seconds: 1, # serial_number: "serialNumberType", # token_code: "tokenCodeType", # }) # # @example Response structure # # resp.credentials.access_key_id #=> String # resp.credentials.secret_access_key #=> String # resp.credentials.session_token #=> String # resp.credentials.expiration #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken AWS API Documentation # # @overload get_session_token(params = {}) # @param [Hash] params ({}) def get_session_token(params = {}, options = {}) req = build_request(:get_session_token, params) req.send_request(options) end # @!endgroup # @param params ({}) # @api private def build_request(operation_name, params = {}) handlers = @handlers.for(operation_name) context = Seahorse::Client::RequestContext.new( operation_name: operation_name, operation: config.api.operation(operation_name), client: self, params: params, config: config) context[:gem_name] = 'aws-sdk-core' context[:gem_version] = '3.191.2' Seahorse::Client::Request.new(handlers, context) end # @api private # @deprecated def waiter_names [] end class << self # @api private attr_reader :identifier # @api private def errors_module Errors end end end end aws-sdk-core-3.191.2/lib/aws-sdk-sts/errors.rb0000644000004100000410000001137214563437550021025 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::STS # When STS returns an error response, the Ruby SDK constructs and raises an error. # These errors all extend Aws::STS::Errors::ServiceError < {Aws::Errors::ServiceError} # # You can rescue all STS errors using ServiceError: # # begin # # do stuff # rescue Aws::STS::Errors::ServiceError # # rescues all STS API errors # end # # # ## Request Context # ServiceError objects have a {Aws::Errors::ServiceError#context #context} method that returns # information about the request that generated the error. # See {Seahorse::Client::RequestContext} for more information. # # ## Error Classes # * {ExpiredTokenException} # * {IDPCommunicationErrorException} # * {IDPRejectedClaimException} # * {InvalidAuthorizationMessageException} # * {InvalidIdentityTokenException} # * {MalformedPolicyDocumentException} # * {PackedPolicyTooLargeException} # * {RegionDisabledException} # # Additionally, error classes are dynamically generated for service errors based on the error code # if they are not defined above. module Errors extend Aws::Errors::DynamicErrors class ExpiredTokenException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::STS::Types::ExpiredTokenException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def message @message || @data[:message] end end class IDPCommunicationErrorException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::STS::Types::IDPCommunicationErrorException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def message @message || @data[:message] end end class IDPRejectedClaimException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::STS::Types::IDPRejectedClaimException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def message @message || @data[:message] end end class InvalidAuthorizationMessageException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::STS::Types::InvalidAuthorizationMessageException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def message @message || @data[:message] end end class InvalidIdentityTokenException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::STS::Types::InvalidIdentityTokenException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def message @message || @data[:message] end end class MalformedPolicyDocumentException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::STS::Types::MalformedPolicyDocumentException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def message @message || @data[:message] end end class PackedPolicyTooLargeException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::STS::Types::PackedPolicyTooLargeException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def message @message || @data[:message] end end class RegionDisabledException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::STS::Types::RegionDisabledException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def message @message || @data[:message] end end end end aws-sdk-core-3.191.2/lib/aws-sdk-sts/types.rb0000644000004100000410000021457014563437550020662 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::STS module Types # @!attribute [rw] role_arn # The Amazon Resource Name (ARN) of the role to assume. # @return [String] # # @!attribute [rw] role_session_name # An identifier for the assumed role session. # # Use the role session name to uniquely identify a session when the # same role is assumed by different principals or for different # reasons. In cross-account scenarios, the role session name is # visible to, and can be logged by the account that owns the role. The # role session name is also used in the ARN of the assumed role # principal. This means that subsequent cross-account API requests # that use the temporary security credentials will expose the role # session name to the external account in their CloudTrail logs. # # The regex used to validate this parameter is a string of characters # consisting of upper- and lower-case alphanumeric characters with no # spaces. You can also include underscores or any of the following # characters: =,.@- # @return [String] # # @!attribute [rw] policy_arns # The Amazon Resource Names (ARNs) of the IAM managed policies that # you want to use as managed session policies. The policies must exist # in the same account as the role. # # This parameter is optional. You can provide up to 10 managed policy # ARNs. However, the plaintext that you use for both inline and # managed session policies can't exceed 2,048 characters. For more # information about ARNs, see [Amazon Resource Names (ARNs) and Amazon # Web Services Service Namespaces][1] in the Amazon Web Services # General Reference. # # An Amazon Web Services conversion compresses the passed inline # session policy, managed policy ARNs, and session tags into a packed # binary format that has a separate limit. Your request can fail for # this limit even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how # close the policies and tags for your request are to the upper size # limit. # # # # Passing policies to this operation returns new temporary # credentials. The resulting session's permissions are the # intersection of the role's identity-based policy and the session # policies. You can use the role's temporary credentials in # subsequent Amazon Web Services API calls to access resources in the # account that owns the role. You cannot use session policies to grant # more permissions than those allowed by the identity-based policy of # the role that is being assumed. For more information, see [Session # Policies][2] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # @return [Array] # # @!attribute [rw] policy # An IAM policy in JSON format that you want to use as an inline # session policy. # # This parameter is optional. Passing policies to this operation # returns new temporary credentials. The resulting session's # permissions are the intersection of the role's identity-based # policy and the session policies. You can use the role's temporary # credentials in subsequent Amazon Web Services API calls to access # resources in the account that owns the role. You cannot use session # policies to grant more permissions than those allowed by the # identity-based policy of the role that is being assumed. For more # information, see [Session Policies][1] in the *IAM User Guide*. # # The plaintext that you use for both inline and managed session # policies can't exceed 2,048 characters. The JSON policy characters # can be any ASCII character from the space character to the end of # the valid character list (\\u0020 through \\u00FF). It can also # include the tab (\\u0009), linefeed (\\u000A), and carriage return # (\\u000D) characters. # # An Amazon Web Services conversion compresses the passed inline # session policy, managed policy ARNs, and session tags into a packed # binary format that has a separate limit. Your request can fail for # this limit even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how # close the policies and tags for your request are to the upper size # limit. # # # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # @return [String] # # @!attribute [rw] duration_seconds # The duration, in seconds, of the role session. The value specified # can range from 900 seconds (15 minutes) up to the maximum session # duration set for the role. The maximum session duration setting can # have a value from 1 hour to 12 hours. If you specify a value higher # than this setting or the administrator setting (whichever is lower), # the operation fails. For example, if you specify a session duration # of 12 hours, but your administrator set the maximum session duration # to 6 hours, your operation fails. # # Role chaining limits your Amazon Web Services CLI or Amazon Web # Services API role session to a maximum of one hour. When you use the # `AssumeRole` API operation to assume a role, you can specify the # duration of your role session with the `DurationSeconds` parameter. # You can specify a parameter value of up to 43200 seconds (12 hours), # depending on the maximum session duration setting for your role. # However, if you assume a role using role chaining and provide a # `DurationSeconds` parameter value greater than one hour, the # operation fails. To learn how to view the maximum value for your # role, see [View the Maximum Session Duration Setting for a Role][1] # in the *IAM User Guide*. # # By default, the value is set to `3600` seconds. # # The `DurationSeconds` parameter is separate from the duration of a # console session that you might request using the returned # credentials. The request to the federation endpoint for a console # sign-in token takes a `SessionDuration` parameter that specifies the # maximum length of the console session. For more information, see # [Creating a URL that Enables Federated Users to Access the Amazon # Web Services Management Console][2] in the *IAM User Guide*. # # # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html # @return [Integer] # # @!attribute [rw] tags # A list of session tags that you want to pass. Each session tag # consists of a key name and an associated value. For more information # about session tags, see [Tagging Amazon Web Services STS # Sessions][1] in the *IAM User Guide*. # # This parameter is optional. You can pass up to 50 session tags. The # plaintext session tag keys can’t exceed 128 characters, and the # values can’t exceed 256 characters. For these and additional limits, # see [IAM and STS Character Limits][2] in the *IAM User Guide*. # # An Amazon Web Services conversion compresses the passed inline # session policy, managed policy ARNs, and session tags into a packed # binary format that has a separate limit. Your request can fail for # this limit even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how # close the policies and tags for your request are to the upper size # limit. # # # # You can pass a session tag with the same key as a tag that is # already attached to the role. When you do, session tags override a # role tag with the same key. # # Tag key–value pairs are not case sensitive, but case is preserved. # This means that you cannot have separate `Department` and # `department` tag keys. Assume that the role has the # `Department`=`Marketing` tag and you pass the # `department`=`engineering` session tag. `Department` and # `department` are not saved as separate tags, and the session tag # passed in the request takes precedence over the role tag. # # Additionally, if you used temporary credentials to perform this # operation, the new session inherits any transitive session tags from # the calling session. If you pass a session tag with the same key as # an inherited tag, the operation fails. To view the inherited tags # for a session, see the CloudTrail logs. For more information, see # [Viewing Session Tags in CloudTrail][3] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs # @return [Array] # # @!attribute [rw] transitive_tag_keys # A list of keys for session tags that you want to set as transitive. # If you set a tag key as transitive, the corresponding key and value # passes to subsequent sessions in a role chain. For more information, # see [Chaining Roles with Session Tags][1] in the *IAM User Guide*. # # This parameter is optional. When you set session tags as transitive, # the session policy and session tags packed binary limit is not # affected. # # If you choose not to specify a transitive tag key, then no tags are # passed from this session to any subsequent sessions. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining # @return [Array] # # @!attribute [rw] external_id # A unique identifier that might be required when you assume a role in # another account. If the administrator of the account to which the # role belongs provided you with an external ID, then provide that # value in the `ExternalId` parameter. This value can be any string, # such as a passphrase or account number. A cross-account role is # usually set up to trust everyone in an account. Therefore, the # administrator of the trusting account might send an external ID to # the administrator of the trusted account. That way, only someone # with the ID can assume the role, rather than everyone in the # account. For more information about the external ID, see [How to Use # an External ID When Granting Access to Your Amazon Web Services # Resources to a Third Party][1] in the *IAM User Guide*. # # The regex used to validate this parameter is a string of characters # consisting of upper- and lower-case alphanumeric characters with no # spaces. You can also include underscores or any of the following # characters: =,.@:/- # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html # @return [String] # # @!attribute [rw] serial_number # The identification number of the MFA device that is associated with # the user who is making the `AssumeRole` call. Specify this value if # the trust policy of the role being assumed includes a condition that # requires MFA authentication. The value is either the serial number # for a hardware device (such as `GAHT12345678`) or an Amazon Resource # Name (ARN) for a virtual device (such as # `arn:aws:iam::123456789012:mfa/user`). # # The regex used to validate this parameter is a string of characters # consisting of upper- and lower-case alphanumeric characters with no # spaces. You can also include underscores or any of the following # characters: =,.@- # @return [String] # # @!attribute [rw] token_code # The value provided by the MFA device, if the trust policy of the # role being assumed requires MFA. (In other words, if the policy # includes a condition that tests for MFA). If the role being assumed # requires MFA and if the `TokenCode` value is missing or expired, the # `AssumeRole` call returns an "access denied" error. # # The format for this parameter, as described by its regex pattern, is # a sequence of six numeric digits. # @return [String] # # @!attribute [rw] source_identity # The source identity specified by the principal that is calling the # `AssumeRole` operation. # # You can require users to specify a source identity when they assume # a role. You do this by using the `sts:SourceIdentity` condition key # in a role trust policy. You can use source identity information in # CloudTrail logs to determine who took actions with a role. You can # use the `aws:SourceIdentity` condition key to further control access # to Amazon Web Services resources based on the value of source # identity. For more information about using source identity, see # [Monitor and control actions taken with assumed roles][1] in the # *IAM User Guide*. # # The regex used to validate this parameter is a string of characters # consisting of upper- and lower-case alphanumeric characters with no # spaces. You can also include underscores or any of the following # characters: =,.@-. You cannot use a value that begins with the text # `aws:`. This prefix is reserved for Amazon Web Services internal # use. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html # @return [String] # # @!attribute [rw] provided_contexts # A list of previously acquired trusted context assertions in the # format of a JSON array. The trusted context assertion is signed and # encrypted by Amazon Web Services STS. # # The following is an example of a `ProvidedContext` value that # includes a single trusted context assertion and the ARN of the # context provider from which the trusted context assertion was # generated. # # `[\{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"\}]` # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleRequest AWS API Documentation # class AssumeRoleRequest < Struct.new( :role_arn, :role_session_name, :policy_arns, :policy, :duration_seconds, :tags, :transitive_tag_keys, :external_id, :serial_number, :token_code, :source_identity, :provided_contexts) SENSITIVE = [] include Aws::Structure end # Contains the response to a successful AssumeRole request, including # temporary Amazon Web Services credentials that can be used to make # Amazon Web Services requests. # # @!attribute [rw] credentials # The temporary security credentials, which include an access key ID, # a secret access key, and a security (or session) token. # # The size of the security token that STS API operations return is not # fixed. We strongly recommend that you make no assumptions about the # maximum size. # # # @return [Types::Credentials] # # @!attribute [rw] assumed_role_user # The Amazon Resource Name (ARN) and the assumed role ID, which are # identifiers that you can use to refer to the resulting temporary # security credentials. For example, you can reference these # credentials as a principal in a resource-based policy by using the # ARN or assumed role ID. The ARN and ID include the `RoleSessionName` # that you specified when you called `AssumeRole`. # @return [Types::AssumedRoleUser] # # @!attribute [rw] packed_policy_size # A percentage value that indicates the packed size of the session # policies and session tags combined passed in the request. The # request fails if the packed size is greater than 100 percent, which # means the policies and tags exceeded the allowed space. # @return [Integer] # # @!attribute [rw] source_identity # The source identity specified by the principal that is calling the # `AssumeRole` operation. # # You can require users to specify a source identity when they assume # a role. You do this by using the `sts:SourceIdentity` condition key # in a role trust policy. You can use source identity information in # CloudTrail logs to determine who took actions with a role. You can # use the `aws:SourceIdentity` condition key to further control access # to Amazon Web Services resources based on the value of source # identity. For more information about using source identity, see # [Monitor and control actions taken with assumed roles][1] in the # *IAM User Guide*. # # The regex used to validate this parameter is a string of characters # consisting of upper- and lower-case alphanumeric characters with no # spaces. You can also include underscores or any of the following # characters: =,.@- # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleResponse AWS API Documentation # class AssumeRoleResponse < Struct.new( :credentials, :assumed_role_user, :packed_policy_size, :source_identity) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] role_arn # The Amazon Resource Name (ARN) of the role that the caller is # assuming. # @return [String] # # @!attribute [rw] principal_arn # The Amazon Resource Name (ARN) of the SAML provider in IAM that # describes the IdP. # @return [String] # # @!attribute [rw] saml_assertion # The base64 encoded SAML authentication response provided by the IdP. # # For more information, see [Configuring a Relying Party and Adding # Claims][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html # @return [String] # # @!attribute [rw] policy_arns # The Amazon Resource Names (ARNs) of the IAM managed policies that # you want to use as managed session policies. The policies must exist # in the same account as the role. # # This parameter is optional. You can provide up to 10 managed policy # ARNs. However, the plaintext that you use for both inline and # managed session policies can't exceed 2,048 characters. For more # information about ARNs, see [Amazon Resource Names (ARNs) and Amazon # Web Services Service Namespaces][1] in the Amazon Web Services # General Reference. # # An Amazon Web Services conversion compresses the passed inline # session policy, managed policy ARNs, and session tags into a packed # binary format that has a separate limit. Your request can fail for # this limit even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how # close the policies and tags for your request are to the upper size # limit. # # # # Passing policies to this operation returns new temporary # credentials. The resulting session's permissions are the # intersection of the role's identity-based policy and the session # policies. You can use the role's temporary credentials in # subsequent Amazon Web Services API calls to access resources in the # account that owns the role. You cannot use session policies to grant # more permissions than those allowed by the identity-based policy of # the role that is being assumed. For more information, see [Session # Policies][2] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # @return [Array] # # @!attribute [rw] policy # An IAM policy in JSON format that you want to use as an inline # session policy. # # This parameter is optional. Passing policies to this operation # returns new temporary credentials. The resulting session's # permissions are the intersection of the role's identity-based # policy and the session policies. You can use the role's temporary # credentials in subsequent Amazon Web Services API calls to access # resources in the account that owns the role. You cannot use session # policies to grant more permissions than those allowed by the # identity-based policy of the role that is being assumed. For more # information, see [Session Policies][1] in the *IAM User Guide*. # # The plaintext that you use for both inline and managed session # policies can't exceed 2,048 characters. The JSON policy characters # can be any ASCII character from the space character to the end of # the valid character list (\\u0020 through \\u00FF). It can also # include the tab (\\u0009), linefeed (\\u000A), and carriage return # (\\u000D) characters. # # An Amazon Web Services conversion compresses the passed inline # session policy, managed policy ARNs, and session tags into a packed # binary format that has a separate limit. Your request can fail for # this limit even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how # close the policies and tags for your request are to the upper size # limit. # # # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # @return [String] # # @!attribute [rw] duration_seconds # The duration, in seconds, of the role session. Your role session # lasts for the duration that you specify for the `DurationSeconds` # parameter, or until the time specified in the SAML authentication # response's `SessionNotOnOrAfter` value, whichever is shorter. You # can provide a `DurationSeconds` value from 900 seconds (15 minutes) # up to the maximum session duration setting for the role. This # setting can have a value from 1 hour to 12 hours. If you specify a # value higher than this setting, the operation fails. For example, if # you specify a session duration of 12 hours, but your administrator # set the maximum session duration to 6 hours, your operation fails. # To learn how to view the maximum value for your role, see [View the # Maximum Session Duration Setting for a Role][1] in the *IAM User # Guide*. # # By default, the value is set to `3600` seconds. # # The `DurationSeconds` parameter is separate from the duration of a # console session that you might request using the returned # credentials. The request to the federation endpoint for a console # sign-in token takes a `SessionDuration` parameter that specifies the # maximum length of the console session. For more information, see # [Creating a URL that Enables Federated Users to Access the Amazon # Web Services Management Console][2] in the *IAM User Guide*. # # # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAMLRequest AWS API Documentation # class AssumeRoleWithSAMLRequest < Struct.new( :role_arn, :principal_arn, :saml_assertion, :policy_arns, :policy, :duration_seconds) SENSITIVE = [:saml_assertion] include Aws::Structure end # Contains the response to a successful AssumeRoleWithSAML request, # including temporary Amazon Web Services credentials that can be used # to make Amazon Web Services requests. # # @!attribute [rw] credentials # The temporary security credentials, which include an access key ID, # a secret access key, and a security (or session) token. # # The size of the security token that STS API operations return is not # fixed. We strongly recommend that you make no assumptions about the # maximum size. # # # @return [Types::Credentials] # # @!attribute [rw] assumed_role_user # The identifiers for the temporary security credentials that the # operation returns. # @return [Types::AssumedRoleUser] # # @!attribute [rw] packed_policy_size # A percentage value that indicates the packed size of the session # policies and session tags combined passed in the request. The # request fails if the packed size is greater than 100 percent, which # means the policies and tags exceeded the allowed space. # @return [Integer] # # @!attribute [rw] subject # The value of the `NameID` element in the `Subject` element of the # SAML assertion. # @return [String] # # @!attribute [rw] subject_type # The format of the name ID, as defined by the `Format` attribute in # the `NameID` element of the SAML assertion. Typical examples of the # format are `transient` or `persistent`. # # If the format includes the prefix # `urn:oasis:names:tc:SAML:2.0:nameid-format`, that prefix is removed. # For example, `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` # is returned as `transient`. If the format includes any other prefix, # the format is returned with no modifications. # @return [String] # # @!attribute [rw] issuer # The value of the `Issuer` element of the SAML assertion. # @return [String] # # @!attribute [rw] audience # The value of the `Recipient` attribute of the # `SubjectConfirmationData` element of the SAML assertion. # @return [String] # # @!attribute [rw] name_qualifier # A hash value based on the concatenation of the following: # # * The `Issuer` response value. # # * The Amazon Web Services account ID. # # * The friendly name (the last part of the ARN) of the SAML provider # in IAM. # # The combination of `NameQualifier` and `Subject` can be used to # uniquely identify a user. # # The following pseudocode shows how the hash value is calculated: # # `BASE64 ( SHA1 ( "https://example.com/saml" + "123456789012" + # "/MySAMLIdP" ) )` # @return [String] # # @!attribute [rw] source_identity # The value in the `SourceIdentity` attribute in the SAML assertion. # # You can require users to set a source identity value when they # assume a role. You do this by using the `sts:SourceIdentity` # condition key in a role trust policy. That way, actions that are # taken with the role are associated with that user. After the source # identity is set, the value cannot be changed. It is present in the # request for all actions that are taken by the role and persists # across [chained role][1] sessions. You can configure your SAML # identity provider to use an attribute associated with your users, # like user name or email, as the source identity when calling # `AssumeRoleWithSAML`. You do this by adding an attribute to the SAML # assertion. For more information about using source identity, see # [Monitor and control actions taken with assumed roles][2] in the # *IAM User Guide*. # # The regex used to validate this parameter is a string of characters # consisting of upper- and lower-case alphanumeric characters with no # spaces. You can also include underscores or any of the following # characters: =,.@- # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAMLResponse AWS API Documentation # class AssumeRoleWithSAMLResponse < Struct.new( :credentials, :assumed_role_user, :packed_policy_size, :subject, :subject_type, :issuer, :audience, :name_qualifier, :source_identity) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] role_arn # The Amazon Resource Name (ARN) of the role that the caller is # assuming. # @return [String] # # @!attribute [rw] role_session_name # An identifier for the assumed role session. Typically, you pass the # name or identifier that is associated with the user who is using # your application. That way, the temporary security credentials that # your application will use are associated with that user. This # session name is included as part of the ARN and assumed role ID in # the `AssumedRoleUser` response element. # # The regex used to validate this parameter is a string of characters # consisting of upper- and lower-case alphanumeric characters with no # spaces. You can also include underscores or any of the following # characters: =,.@- # @return [String] # # @!attribute [rw] web_identity_token # The OAuth 2.0 access token or OpenID Connect ID token that is # provided by the identity provider. Your application must get this # token by authenticating the user who is using your application with # a web identity provider before the application makes an # `AssumeRoleWithWebIdentity` call. Only tokens with RSA algorithms # (RS256) are supported. # @return [String] # # @!attribute [rw] provider_id # The fully qualified host component of the domain name of the OAuth # 2.0 identity provider. Do not specify this value for an OpenID # Connect identity provider. # # Currently `www.amazon.com` and `graph.facebook.com` are the only # supported identity providers for OAuth 2.0 access tokens. Do not # include URL schemes and port numbers. # # Do not specify this value for OpenID Connect ID tokens. # @return [String] # # @!attribute [rw] policy_arns # The Amazon Resource Names (ARNs) of the IAM managed policies that # you want to use as managed session policies. The policies must exist # in the same account as the role. # # This parameter is optional. You can provide up to 10 managed policy # ARNs. However, the plaintext that you use for both inline and # managed session policies can't exceed 2,048 characters. For more # information about ARNs, see [Amazon Resource Names (ARNs) and Amazon # Web Services Service Namespaces][1] in the Amazon Web Services # General Reference. # # An Amazon Web Services conversion compresses the passed inline # session policy, managed policy ARNs, and session tags into a packed # binary format that has a separate limit. Your request can fail for # this limit even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how # close the policies and tags for your request are to the upper size # limit. # # # # Passing policies to this operation returns new temporary # credentials. The resulting session's permissions are the # intersection of the role's identity-based policy and the session # policies. You can use the role's temporary credentials in # subsequent Amazon Web Services API calls to access resources in the # account that owns the role. You cannot use session policies to grant # more permissions than those allowed by the identity-based policy of # the role that is being assumed. For more information, see [Session # Policies][2] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # @return [Array] # # @!attribute [rw] policy # An IAM policy in JSON format that you want to use as an inline # session policy. # # This parameter is optional. Passing policies to this operation # returns new temporary credentials. The resulting session's # permissions are the intersection of the role's identity-based # policy and the session policies. You can use the role's temporary # credentials in subsequent Amazon Web Services API calls to access # resources in the account that owns the role. You cannot use session # policies to grant more permissions than those allowed by the # identity-based policy of the role that is being assumed. For more # information, see [Session Policies][1] in the *IAM User Guide*. # # The plaintext that you use for both inline and managed session # policies can't exceed 2,048 characters. The JSON policy characters # can be any ASCII character from the space character to the end of # the valid character list (\\u0020 through \\u00FF). It can also # include the tab (\\u0009), linefeed (\\u000A), and carriage return # (\\u000D) characters. # # An Amazon Web Services conversion compresses the passed inline # session policy, managed policy ARNs, and session tags into a packed # binary format that has a separate limit. Your request can fail for # this limit even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how # close the policies and tags for your request are to the upper size # limit. # # # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # @return [String] # # @!attribute [rw] duration_seconds # The duration, in seconds, of the role session. The value can range # from 900 seconds (15 minutes) up to the maximum session duration # setting for the role. This setting can have a value from 1 hour to # 12 hours. If you specify a value higher than this setting, the # operation fails. For example, if you specify a session duration of # 12 hours, but your administrator set the maximum session duration to # 6 hours, your operation fails. To learn how to view the maximum # value for your role, see [View the Maximum Session Duration Setting # for a Role][1] in the *IAM User Guide*. # # By default, the value is set to `3600` seconds. # # The `DurationSeconds` parameter is separate from the duration of a # console session that you might request using the returned # credentials. The request to the federation endpoint for a console # sign-in token takes a `SessionDuration` parameter that specifies the # maximum length of the console session. For more information, see # [Creating a URL that Enables Federated Users to Access the Amazon # Web Services Management Console][2] in the *IAM User Guide*. # # # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentityRequest AWS API Documentation # class AssumeRoleWithWebIdentityRequest < Struct.new( :role_arn, :role_session_name, :web_identity_token, :provider_id, :policy_arns, :policy, :duration_seconds) SENSITIVE = [:web_identity_token] include Aws::Structure end # Contains the response to a successful AssumeRoleWithWebIdentity # request, including temporary Amazon Web Services credentials that can # be used to make Amazon Web Services requests. # # @!attribute [rw] credentials # The temporary security credentials, which include an access key ID, # a secret access key, and a security token. # # The size of the security token that STS API operations return is not # fixed. We strongly recommend that you make no assumptions about the # maximum size. # # # @return [Types::Credentials] # # @!attribute [rw] subject_from_web_identity_token # The unique user identifier that is returned by the identity # provider. This identifier is associated with the `WebIdentityToken` # that was submitted with the `AssumeRoleWithWebIdentity` call. The # identifier is typically unique to the user and the application that # acquired the `WebIdentityToken` (pairwise identifier). For OpenID # Connect ID tokens, this field contains the value returned by the # identity provider as the token's `sub` (Subject) claim. # @return [String] # # @!attribute [rw] assumed_role_user # The Amazon Resource Name (ARN) and the assumed role ID, which are # identifiers that you can use to refer to the resulting temporary # security credentials. For example, you can reference these # credentials as a principal in a resource-based policy by using the # ARN or assumed role ID. The ARN and ID include the `RoleSessionName` # that you specified when you called `AssumeRole`. # @return [Types::AssumedRoleUser] # # @!attribute [rw] packed_policy_size # A percentage value that indicates the packed size of the session # policies and session tags combined passed in the request. The # request fails if the packed size is greater than 100 percent, which # means the policies and tags exceeded the allowed space. # @return [Integer] # # @!attribute [rw] provider # The issuing authority of the web identity token presented. For # OpenID Connect ID tokens, this contains the value of the `iss` # field. For OAuth 2.0 access tokens, this contains the value of the # `ProviderId` parameter that was passed in the # `AssumeRoleWithWebIdentity` request. # @return [String] # # @!attribute [rw] audience # The intended audience (also known as client ID) of the web identity # token. This is traditionally the client identifier issued to the # application that requested the web identity token. # @return [String] # # @!attribute [rw] source_identity # The value of the source identity that is returned in the JSON web # token (JWT) from the identity provider. # # You can require users to set a source identity value when they # assume a role. You do this by using the `sts:SourceIdentity` # condition key in a role trust policy. That way, actions that are # taken with the role are associated with that user. After the source # identity is set, the value cannot be changed. It is present in the # request for all actions that are taken by the role and persists # across [chained role][1] sessions. You can configure your identity # provider to use an attribute associated with your users, like user # name or email, as the source identity when calling # `AssumeRoleWithWebIdentity`. You do this by adding a claim to the # JSON web token. To learn more about OIDC tokens and claims, see # [Using Tokens with User Pools][2] in the *Amazon Cognito Developer # Guide*. For more information about using source identity, see # [Monitor and control actions taken with assumed roles][3] in the # *IAM User Guide*. # # The regex used to validate this parameter is a string of characters # consisting of upper- and lower-case alphanumeric characters with no # spaces. You can also include underscores or any of the following # characters: =,.@- # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentityResponse AWS API Documentation # class AssumeRoleWithWebIdentityResponse < Struct.new( :credentials, :subject_from_web_identity_token, :assumed_role_user, :packed_policy_size, :provider, :audience, :source_identity) SENSITIVE = [] include Aws::Structure end # The identifiers for the temporary security credentials that the # operation returns. # # @!attribute [rw] assumed_role_id # A unique identifier that contains the role ID and the role session # name of the role that is being assumed. The role ID is generated by # Amazon Web Services when the role is created. # @return [String] # # @!attribute [rw] arn # The ARN of the temporary security credentials that are returned from # the AssumeRole action. For more information about ARNs and how to # use them in policies, see [IAM Identifiers][1] in the *IAM User # Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumedRoleUser AWS API Documentation # class AssumedRoleUser < Struct.new( :assumed_role_id, :arn) SENSITIVE = [] include Aws::Structure end # Amazon Web Services credentials for API authentication. # # @!attribute [rw] access_key_id # The access key ID that identifies the temporary security # credentials. # @return [String] # # @!attribute [rw] secret_access_key # The secret access key that can be used to sign requests. # @return [String] # # @!attribute [rw] session_token # The token that users must pass to the service API to use the # temporary credentials. # @return [String] # # @!attribute [rw] expiration # The date on which the current credentials expire. # @return [Time] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/Credentials AWS API Documentation # class Credentials < Struct.new( :access_key_id, :secret_access_key, :session_token, :expiration) SENSITIVE = [:secret_access_key] include Aws::Structure end # @!attribute [rw] encoded_message # The encoded message that was returned with the response. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageRequest AWS API Documentation # class DecodeAuthorizationMessageRequest < Struct.new( :encoded_message) SENSITIVE = [] include Aws::Structure end # A document that contains additional information about the # authorization status of a request from an encoded message that is # returned in response to an Amazon Web Services request. # # @!attribute [rw] decoded_message # The API returns a response with the decoded message. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageResponse AWS API Documentation # class DecodeAuthorizationMessageResponse < Struct.new( :decoded_message) SENSITIVE = [] include Aws::Structure end # The web identity token that was passed is expired or is not valid. Get # a new identity token from the identity provider and then retry the # request. # # @!attribute [rw] message # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/ExpiredTokenException AWS API Documentation # class ExpiredTokenException < Struct.new( :message) SENSITIVE = [] include Aws::Structure end # Identifiers for the federated user that is associated with the # credentials. # # @!attribute [rw] federated_user_id # The string that identifies the federated user associated with the # credentials, similar to the unique ID of an IAM user. # @return [String] # # @!attribute [rw] arn # The ARN that specifies the federated user that is associated with # the credentials. For more information about ARNs and how to use them # in policies, see [IAM Identifiers][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/FederatedUser AWS API Documentation # class FederatedUser < Struct.new( :federated_user_id, :arn) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] access_key_id # The identifier of an access key. # # This parameter allows (through its regex pattern) a string of # characters that can consist of any upper- or lowercase letter or # digit. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfoRequest AWS API Documentation # class GetAccessKeyInfoRequest < Struct.new( :access_key_id) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] account # The number used to identify the Amazon Web Services account. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfoResponse AWS API Documentation # class GetAccessKeyInfoResponse < Struct.new( :account) SENSITIVE = [] include Aws::Structure end # @api private # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentityRequest AWS API Documentation # class GetCallerIdentityRequest < Aws::EmptyStructure; end # Contains the response to a successful GetCallerIdentity request, # including information about the entity making the request. # # @!attribute [rw] user_id # The unique identifier of the calling entity. The exact value depends # on the type of entity that is making the call. The values returned # are those listed in the **aws:userid** column in the [Principal # table][1] found on the **Policy Variables** reference page in the # *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable # @return [String] # # @!attribute [rw] account # The Amazon Web Services account ID number of the account that owns # or contains the calling entity. # @return [String] # # @!attribute [rw] arn # The Amazon Web Services ARN associated with the calling entity. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentityResponse AWS API Documentation # class GetCallerIdentityResponse < Struct.new( :user_id, :account, :arn) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] name # The name of the federated user. The name is used as an identifier # for the temporary security credentials (such as `Bob`). For example, # you can reference the federated user name in a resource-based # policy, such as in an Amazon S3 bucket policy. # # The regex used to validate this parameter is a string of characters # consisting of upper- and lower-case alphanumeric characters with no # spaces. You can also include underscores or any of the following # characters: =,.@- # @return [String] # # @!attribute [rw] policy # An IAM policy in JSON format that you want to use as an inline # session policy. # # You must pass an inline or managed [session policy][1] to this # operation. You can pass a single JSON policy document to use as an # inline session policy. You can also specify up to 10 managed policy # Amazon Resource Names (ARNs) to use as managed session policies. # # This parameter is optional. However, if you do not pass any session # policies, then the resulting federated user session has no # permissions. # # When you pass session policies, the session permissions are the # intersection of the IAM user policies and the session policies that # you pass. This gives you a way to further restrict the permissions # for a federated user. You cannot use session policies to grant more # permissions than those that are defined in the permissions policy of # the IAM user. For more information, see [Session Policies][1] in the # *IAM User Guide*. # # The resulting credentials can be used to access a resource that has # a resource-based policy. If that policy specifically references the # federated user session in the `Principal` element of the policy, the # session has the permissions allowed by the policy. These permissions # are granted in addition to the permissions that are granted by the # session policies. # # The plaintext that you use for both inline and managed session # policies can't exceed 2,048 characters. The JSON policy characters # can be any ASCII character from the space character to the end of # the valid character list (\\u0020 through \\u00FF). It can also # include the tab (\\u0009), linefeed (\\u000A), and carriage return # (\\u000D) characters. # # An Amazon Web Services conversion compresses the passed inline # session policy, managed policy ARNs, and session tags into a packed # binary format that has a separate limit. Your request can fail for # this limit even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how # close the policies and tags for your request are to the upper size # limit. # # # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # @return [String] # # @!attribute [rw] policy_arns # The Amazon Resource Names (ARNs) of the IAM managed policies that # you want to use as a managed session policy. The policies must exist # in the same account as the IAM user that is requesting federated # access. # # You must pass an inline or managed [session policy][1] to this # operation. You can pass a single JSON policy document to use as an # inline session policy. You can also specify up to 10 managed policy # Amazon Resource Names (ARNs) to use as managed session policies. The # plaintext that you use for both inline and managed session policies # can't exceed 2,048 characters. You can provide up to 10 managed # policy ARNs. For more information about ARNs, see [Amazon Resource # Names (ARNs) and Amazon Web Services Service Namespaces][2] in the # Amazon Web Services General Reference. # # This parameter is optional. However, if you do not pass any session # policies, then the resulting federated user session has no # permissions. # # When you pass session policies, the session permissions are the # intersection of the IAM user policies and the session policies that # you pass. This gives you a way to further restrict the permissions # for a federated user. You cannot use session policies to grant more # permissions than those that are defined in the permissions policy of # the IAM user. For more information, see [Session Policies][1] in the # *IAM User Guide*. # # The resulting credentials can be used to access a resource that has # a resource-based policy. If that policy specifically references the # federated user session in the `Principal` element of the policy, the # session has the permissions allowed by the policy. These permissions # are granted in addition to the permissions that are granted by the # session policies. # # An Amazon Web Services conversion compresses the passed inline # session policy, managed policy ARNs, and session tags into a packed # binary format that has a separate limit. Your request can fail for # this limit even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how # close the policies and tags for your request are to the upper size # limit. # # # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @return [Array] # # @!attribute [rw] duration_seconds # The duration, in seconds, that the session should last. Acceptable # durations for federation sessions range from 900 seconds (15 # minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 # hours) as the default. Sessions obtained using root user credentials # are restricted to a maximum of 3,600 seconds (one hour). If the # specified duration is longer than one hour, the session obtained by # using root user credentials defaults to one hour. # @return [Integer] # # @!attribute [rw] tags # A list of session tags. Each session tag consists of a key name and # an associated value. For more information about session tags, see # [Passing Session Tags in STS][1] in the *IAM User Guide*. # # This parameter is optional. You can pass up to 50 session tags. The # plaintext session tag keys can’t exceed 128 characters and the # values can’t exceed 256 characters. For these and additional limits, # see [IAM and STS Character Limits][2] in the *IAM User Guide*. # # An Amazon Web Services conversion compresses the passed inline # session policy, managed policy ARNs, and session tags into a packed # binary format that has a separate limit. Your request can fail for # this limit even if your plaintext meets the other requirements. The # `PackedPolicySize` response element indicates by percentage how # close the policies and tags for your request are to the upper size # limit. # # # # You can pass a session tag with the same key as a tag that is # already attached to the user you are federating. When you do, # session tags override a user tag with the same key. # # Tag key–value pairs are not case sensitive, but case is preserved. # This means that you cannot have separate `Department` and # `department` tag keys. Assume that the role has the # `Department`=`Marketing` tag and you pass the # `department`=`engineering` session tag. `Department` and # `department` are not saved as separate tags, and the session tag # passed in the request takes precedence over the role tag. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenRequest AWS API Documentation # class GetFederationTokenRequest < Struct.new( :name, :policy, :policy_arns, :duration_seconds, :tags) SENSITIVE = [] include Aws::Structure end # Contains the response to a successful GetFederationToken request, # including temporary Amazon Web Services credentials that can be used # to make Amazon Web Services requests. # # @!attribute [rw] credentials # The temporary security credentials, which include an access key ID, # a secret access key, and a security (or session) token. # # The size of the security token that STS API operations return is not # fixed. We strongly recommend that you make no assumptions about the # maximum size. # # # @return [Types::Credentials] # # @!attribute [rw] federated_user # Identifiers for the federated user associated with the credentials # (such as `arn:aws:sts::123456789012:federated-user/Bob` or # `123456789012:Bob`). You can use the federated user's ARN in your # resource-based policies, such as an Amazon S3 bucket policy. # @return [Types::FederatedUser] # # @!attribute [rw] packed_policy_size # A percentage value that indicates the packed size of the session # policies and session tags combined passed in the request. The # request fails if the packed size is greater than 100 percent, which # means the policies and tags exceeded the allowed space. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenResponse AWS API Documentation # class GetFederationTokenResponse < Struct.new( :credentials, :federated_user, :packed_policy_size) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] duration_seconds # The duration, in seconds, that the credentials should remain valid. # Acceptable durations for IAM user sessions range from 900 seconds # (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 # hours) as the default. Sessions for Amazon Web Services account # owners are restricted to a maximum of 3,600 seconds (one hour). If # the duration is longer than one hour, the session for Amazon Web # Services account owners defaults to one hour. # @return [Integer] # # @!attribute [rw] serial_number # The identification number of the MFA device that is associated with # the IAM user who is making the `GetSessionToken` call. Specify this # value if the IAM user has a policy that requires MFA authentication. # The value is either the serial number for a hardware device (such as # `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual # device (such as `arn:aws:iam::123456789012:mfa/user`). You can find # the device for an IAM user by going to the Amazon Web Services # Management Console and viewing the user's security credentials. # # The regex used to validate this parameter is a string of characters # consisting of upper- and lower-case alphanumeric characters with no # spaces. You can also include underscores or any of the following # characters: =,.@:/- # @return [String] # # @!attribute [rw] token_code # The value provided by the MFA device, if MFA is required. If any # policy requires the IAM user to submit an MFA code, specify this # value. If MFA authentication is required, the user must provide a # code when requesting a set of temporary security credentials. A user # who fails to provide the code receives an "access denied" response # when requesting resources that require MFA authentication. # # The format for this parameter, as described by its regex pattern, is # a sequence of six numeric digits. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionTokenRequest AWS API Documentation # class GetSessionTokenRequest < Struct.new( :duration_seconds, :serial_number, :token_code) SENSITIVE = [] include Aws::Structure end # Contains the response to a successful GetSessionToken request, # including temporary Amazon Web Services credentials that can be used # to make Amazon Web Services requests. # # @!attribute [rw] credentials # The temporary security credentials, which include an access key ID, # a secret access key, and a security (or session) token. # # The size of the security token that STS API operations return is not # fixed. We strongly recommend that you make no assumptions about the # maximum size. # # # @return [Types::Credentials] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionTokenResponse AWS API Documentation # class GetSessionTokenResponse < Struct.new( :credentials) SENSITIVE = [] include Aws::Structure end # The request could not be fulfilled because the identity provider (IDP) # that was asked to verify the incoming identity token could not be # reached. This is often a transient error caused by network conditions. # Retry the request a limited number of times so that you don't exceed # the request rate. If the error persists, the identity provider might # be down or not responding. # # @!attribute [rw] message # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/IDPCommunicationErrorException AWS API Documentation # class IDPCommunicationErrorException < Struct.new( :message) SENSITIVE = [] include Aws::Structure end # The identity provider (IdP) reported that authentication failed. This # might be because the claim is invalid. # # If this error is returned for the `AssumeRoleWithWebIdentity` # operation, it can also mean that the claim has expired or has been # explicitly revoked. # # @!attribute [rw] message # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/IDPRejectedClaimException AWS API Documentation # class IDPRejectedClaimException < Struct.new( :message) SENSITIVE = [] include Aws::Structure end # The error returned if the message passed to # `DecodeAuthorizationMessage` was invalid. This can happen if the token # contains invalid characters, such as linebreaks. # # @!attribute [rw] message # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/InvalidAuthorizationMessageException AWS API Documentation # class InvalidAuthorizationMessageException < Struct.new( :message) SENSITIVE = [] include Aws::Structure end # The web identity token that was passed could not be validated by # Amazon Web Services. Get a new identity token from the identity # provider and then retry the request. # # @!attribute [rw] message # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/InvalidIdentityTokenException AWS API Documentation # class InvalidIdentityTokenException < Struct.new( :message) SENSITIVE = [] include Aws::Structure end # The request was rejected because the policy document was malformed. # The error message describes the specific error. # # @!attribute [rw] message # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/MalformedPolicyDocumentException AWS API Documentation # class MalformedPolicyDocumentException < Struct.new( :message) SENSITIVE = [] include Aws::Structure end # The request was rejected because the total packed size of the session # policies and session tags combined was too large. An Amazon Web # Services conversion compresses the session policy document, session # policy ARNs, and session tags into a packed binary format that has a # separate limit. The error message indicates by percentage how close # the policies and tags are to the upper size limit. For more # information, see [Passing Session Tags in STS][1] in the *IAM User # Guide*. # # You could receive this error even though you meet other defined # session policy and session tag limits. For more information, see [IAM # and STS Entity Character Limits][2] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length # # @!attribute [rw] message # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/PackedPolicyTooLargeException AWS API Documentation # class PackedPolicyTooLargeException < Struct.new( :message) SENSITIVE = [] include Aws::Structure end # A reference to the IAM managed policy that is passed as a session # policy for a role session or a federated user session. # # @!attribute [rw] arn # The Amazon Resource Name (ARN) of the IAM managed policy to use as a # session policy for the role. For more information about ARNs, see # [Amazon Resource Names (ARNs) and Amazon Web Services Service # Namespaces][1] in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/PolicyDescriptorType AWS API Documentation # class PolicyDescriptorType < Struct.new( :arn) SENSITIVE = [] include Aws::Structure end # Contains information about the provided context. This includes the # signed and encrypted trusted context assertion and the context # provider ARN from which the trusted context assertion was generated. # # @!attribute [rw] provider_arn # The context provider ARN from which the trusted context assertion # was generated. # @return [String] # # @!attribute [rw] context_assertion # The signed and encrypted trusted context assertion generated by the # context provider. The trusted context assertion is signed and # encrypted by Amazon Web Services STS. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/ProvidedContext AWS API Documentation # class ProvidedContext < Struct.new( :provider_arn, :context_assertion) SENSITIVE = [] include Aws::Structure end # STS is not activated in the requested region for the account that is # being asked to generate credentials. The account administrator must # use the IAM console to activate STS in that region. For more # information, see [Activating and Deactivating Amazon Web Services STS # in an Amazon Web Services Region][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html # # @!attribute [rw] message # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/RegionDisabledException AWS API Documentation # class RegionDisabledException < Struct.new( :message) SENSITIVE = [] include Aws::Structure end # You can pass custom key-value pair attributes when you assume a role # or federate a user. These are called session tags. You can then use # the session tags to control access to resources. For more information, # see [Tagging Amazon Web Services STS Sessions][1] in the *IAM User # Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html # # @!attribute [rw] key # The key for a session tag. # # You can pass up to 50 session tags. The plain text session tag keys # can’t exceed 128 characters. For these and additional limits, see # [IAM and STS Character Limits][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length # @return [String] # # @!attribute [rw] value # The value for a session tag. # # You can pass up to 50 session tags. The plain text session tag # values can’t exceed 256 characters. For these and additional limits, # see [IAM and STS Character Limits][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/Tag AWS API Documentation # class Tag < Struct.new( :key, :value) SENSITIVE = [] include Aws::Structure end end end aws-sdk-core-3.191.2/lib/aws-sdk-sts/endpoints.rb0000644000004100000410000001046314563437550021514 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::STS # @api private module Endpoints class AssumeRole def self.build(context) unless context.config.regional_endpoint endpoint = context.config.endpoint.to_s end Aws::STS::EndpointParameters.new( region: context.config.region, use_dual_stack: context.config.use_dualstack_endpoint, use_fips: context.config.use_fips_endpoint, endpoint: endpoint, use_global_endpoint: context.config.sts_regional_endpoints == 'legacy', ) end end class AssumeRoleWithSAML def self.build(context) unless context.config.regional_endpoint endpoint = context.config.endpoint.to_s end Aws::STS::EndpointParameters.new( region: context.config.region, use_dual_stack: context.config.use_dualstack_endpoint, use_fips: context.config.use_fips_endpoint, endpoint: endpoint, use_global_endpoint: context.config.sts_regional_endpoints == 'legacy', ) end end class AssumeRoleWithWebIdentity def self.build(context) unless context.config.regional_endpoint endpoint = context.config.endpoint.to_s end Aws::STS::EndpointParameters.new( region: context.config.region, use_dual_stack: context.config.use_dualstack_endpoint, use_fips: context.config.use_fips_endpoint, endpoint: endpoint, use_global_endpoint: context.config.sts_regional_endpoints == 'legacy', ) end end class DecodeAuthorizationMessage def self.build(context) unless context.config.regional_endpoint endpoint = context.config.endpoint.to_s end Aws::STS::EndpointParameters.new( region: context.config.region, use_dual_stack: context.config.use_dualstack_endpoint, use_fips: context.config.use_fips_endpoint, endpoint: endpoint, use_global_endpoint: context.config.sts_regional_endpoints == 'legacy', ) end end class GetAccessKeyInfo def self.build(context) unless context.config.regional_endpoint endpoint = context.config.endpoint.to_s end Aws::STS::EndpointParameters.new( region: context.config.region, use_dual_stack: context.config.use_dualstack_endpoint, use_fips: context.config.use_fips_endpoint, endpoint: endpoint, use_global_endpoint: context.config.sts_regional_endpoints == 'legacy', ) end end class GetCallerIdentity def self.build(context) unless context.config.regional_endpoint endpoint = context.config.endpoint.to_s end Aws::STS::EndpointParameters.new( region: context.config.region, use_dual_stack: context.config.use_dualstack_endpoint, use_fips: context.config.use_fips_endpoint, endpoint: endpoint, use_global_endpoint: context.config.sts_regional_endpoints == 'legacy', ) end end class GetFederationToken def self.build(context) unless context.config.regional_endpoint endpoint = context.config.endpoint.to_s end Aws::STS::EndpointParameters.new( region: context.config.region, use_dual_stack: context.config.use_dualstack_endpoint, use_fips: context.config.use_fips_endpoint, endpoint: endpoint, use_global_endpoint: context.config.sts_regional_endpoints == 'legacy', ) end end class GetSessionToken def self.build(context) unless context.config.regional_endpoint endpoint = context.config.endpoint.to_s end Aws::STS::EndpointParameters.new( region: context.config.region, use_dual_stack: context.config.use_dualstack_endpoint, use_fips: context.config.use_fips_endpoint, endpoint: endpoint, use_global_endpoint: context.config.sts_regional_endpoints == 'legacy', ) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-sts/endpoint_parameters.rb0000644000004100000410000000465214563437550023557 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::STS # Endpoint parameters used to influence endpoints per request. # # @!attribute region # The AWS region used to dispatch the request. # # @return [String] # # @!attribute use_dual_stack # When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error. # # @return [Boolean] # # @!attribute use_fips # When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error. # # @return [Boolean] # # @!attribute endpoint # Override the endpoint used to send this request # # @return [String] # # @!attribute use_global_endpoint # Whether the global endpoint should be used, rather then the regional endpoint for us-east-1. # # @return [Boolean] # EndpointParameters = Struct.new( :region, :use_dual_stack, :use_fips, :endpoint, :use_global_endpoint, ) do include Aws::Structure # @api private class << self PARAM_MAP = { 'Region' => :region, 'UseDualStack' => :use_dual_stack, 'UseFIPS' => :use_fips, 'Endpoint' => :endpoint, 'UseGlobalEndpoint' => :use_global_endpoint, }.freeze end def initialize(options = {}) self[:region] = options[:region] self[:use_dual_stack] = options[:use_dual_stack] self[:use_dual_stack] = false if self[:use_dual_stack].nil? if self[:use_dual_stack].nil? raise ArgumentError, "Missing required EndpointParameter: :use_dual_stack" end self[:use_fips] = options[:use_fips] self[:use_fips] = false if self[:use_fips].nil? if self[:use_fips].nil? raise ArgumentError, "Missing required EndpointParameter: :use_fips" end self[:endpoint] = options[:endpoint] self[:use_global_endpoint] = options[:use_global_endpoint] self[:use_global_endpoint] = false if self[:use_global_endpoint].nil? if self[:use_global_endpoint].nil? raise ArgumentError, "Missing required EndpointParameter: :use_global_endpoint" end end end end aws-sdk-core-3.191.2/lib/aws-sdk-sso/0000755000004100000410000000000014563437550017153 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-sso/customizations.rb0000644000004100000410000000003514563437550022571 0ustar www-datawww-data# frozen_string_literal: trueaws-sdk-core-3.191.2/lib/aws-sdk-sso/resource.rb0000644000004100000410000000077714563437550021342 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SSO class Resource # @param options ({}) # @option options [Client] :client def initialize(options = {}) @client = options[:client] || Client.new(options) end # @return [Client] def client @client end end end aws-sdk-core-3.191.2/lib/aws-sdk-sso/plugins/0000755000004100000410000000000014563437550020634 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-sso/plugins/endpoints.rb0000644000004100000410000000456214563437550023173 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SSO module Plugins class Endpoints < Seahorse::Client::Plugin option( :endpoint_provider, doc_type: 'Aws::SSO::EndpointProvider', rbs_type: 'untyped', docstring: 'The endpoint provider used to resolve endpoints. Any '\ 'object that responds to `#resolve_endpoint(parameters)` '\ 'where `parameters` is a Struct similar to '\ '`Aws::SSO::EndpointParameters`' ) do |cfg| Aws::SSO::EndpointProvider.new end # @api private class Handler < Seahorse::Client::Handler def call(context) unless context[:discovered_endpoint] params = parameters_for_operation(context) endpoint = context.config.endpoint_provider.resolve_endpoint(params) context.http_request.endpoint = endpoint.url apply_endpoint_headers(context, endpoint.headers) context[:endpoint_params] = params context[:endpoint_properties] = endpoint.properties end context[:auth_scheme] = Aws::Endpoints.resolve_auth_scheme(context, endpoint) @handler.call(context) end private def apply_endpoint_headers(context, headers) headers.each do |key, values| value = values .compact .map { |s| Seahorse::Util.escape_header_list_string(s.to_s) } .join(',') context.http_request.headers[key] = value end end def parameters_for_operation(context) case context.operation_name when :get_role_credentials Aws::SSO::Endpoints::GetRoleCredentials.build(context) when :list_account_roles Aws::SSO::Endpoints::ListAccountRoles.build(context) when :list_accounts Aws::SSO::Endpoints::ListAccounts.build(context) when :logout Aws::SSO::Endpoints::Logout.build(context) end end end def add_handlers(handlers, _config) handlers.add(Handler, step: :build, priority: 75) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-sso/client_api.rb0000644000004100000410000002547114563437550021620 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SSO # @api private module ClientApi include Seahorse::Model AccessKeyType = Shapes::StringShape.new(name: 'AccessKeyType') AccessTokenType = Shapes::StringShape.new(name: 'AccessTokenType') AccountIdType = Shapes::StringShape.new(name: 'AccountIdType') AccountInfo = Shapes::StructureShape.new(name: 'AccountInfo') AccountListType = Shapes::ListShape.new(name: 'AccountListType') AccountNameType = Shapes::StringShape.new(name: 'AccountNameType') EmailAddressType = Shapes::StringShape.new(name: 'EmailAddressType') ErrorDescription = Shapes::StringShape.new(name: 'ErrorDescription') ExpirationTimestampType = Shapes::IntegerShape.new(name: 'ExpirationTimestampType') GetRoleCredentialsRequest = Shapes::StructureShape.new(name: 'GetRoleCredentialsRequest') GetRoleCredentialsResponse = Shapes::StructureShape.new(name: 'GetRoleCredentialsResponse') InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException') ListAccountRolesRequest = Shapes::StructureShape.new(name: 'ListAccountRolesRequest') ListAccountRolesResponse = Shapes::StructureShape.new(name: 'ListAccountRolesResponse') ListAccountsRequest = Shapes::StructureShape.new(name: 'ListAccountsRequest') ListAccountsResponse = Shapes::StructureShape.new(name: 'ListAccountsResponse') LogoutRequest = Shapes::StructureShape.new(name: 'LogoutRequest') MaxResultType = Shapes::IntegerShape.new(name: 'MaxResultType') NextTokenType = Shapes::StringShape.new(name: 'NextTokenType') ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException') RoleCredentials = Shapes::StructureShape.new(name: 'RoleCredentials') RoleInfo = Shapes::StructureShape.new(name: 'RoleInfo') RoleListType = Shapes::ListShape.new(name: 'RoleListType') RoleNameType = Shapes::StringShape.new(name: 'RoleNameType') SecretAccessKeyType = Shapes::StringShape.new(name: 'SecretAccessKeyType') SessionTokenType = Shapes::StringShape.new(name: 'SessionTokenType') TooManyRequestsException = Shapes::StructureShape.new(name: 'TooManyRequestsException') UnauthorizedException = Shapes::StructureShape.new(name: 'UnauthorizedException') AccountInfo.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountIdType, location_name: "accountId")) AccountInfo.add_member(:account_name, Shapes::ShapeRef.new(shape: AccountNameType, location_name: "accountName")) AccountInfo.add_member(:email_address, Shapes::ShapeRef.new(shape: EmailAddressType, location_name: "emailAddress")) AccountInfo.struct_class = Types::AccountInfo AccountListType.member = Shapes::ShapeRef.new(shape: AccountInfo) GetRoleCredentialsRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: RoleNameType, required: true, location: "querystring", location_name: "role_name")) GetRoleCredentialsRequest.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountIdType, required: true, location: "querystring", location_name: "account_id")) GetRoleCredentialsRequest.add_member(:access_token, Shapes::ShapeRef.new(shape: AccessTokenType, required: true, location: "header", location_name: "x-amz-sso_bearer_token")) GetRoleCredentialsRequest.struct_class = Types::GetRoleCredentialsRequest GetRoleCredentialsResponse.add_member(:role_credentials, Shapes::ShapeRef.new(shape: RoleCredentials, location_name: "roleCredentials")) GetRoleCredentialsResponse.struct_class = Types::GetRoleCredentialsResponse InvalidRequestException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "message")) InvalidRequestException.struct_class = Types::InvalidRequestException ListAccountRolesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextTokenType, location: "querystring", location_name: "next_token")) ListAccountRolesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResultType, location: "querystring", location_name: "max_result")) ListAccountRolesRequest.add_member(:access_token, Shapes::ShapeRef.new(shape: AccessTokenType, required: true, location: "header", location_name: "x-amz-sso_bearer_token")) ListAccountRolesRequest.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountIdType, required: true, location: "querystring", location_name: "account_id")) ListAccountRolesRequest.struct_class = Types::ListAccountRolesRequest ListAccountRolesResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextTokenType, location_name: "nextToken")) ListAccountRolesResponse.add_member(:role_list, Shapes::ShapeRef.new(shape: RoleListType, location_name: "roleList")) ListAccountRolesResponse.struct_class = Types::ListAccountRolesResponse ListAccountsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextTokenType, location: "querystring", location_name: "next_token")) ListAccountsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResultType, location: "querystring", location_name: "max_result")) ListAccountsRequest.add_member(:access_token, Shapes::ShapeRef.new(shape: AccessTokenType, required: true, location: "header", location_name: "x-amz-sso_bearer_token")) ListAccountsRequest.struct_class = Types::ListAccountsRequest ListAccountsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextTokenType, location_name: "nextToken")) ListAccountsResponse.add_member(:account_list, Shapes::ShapeRef.new(shape: AccountListType, location_name: "accountList")) ListAccountsResponse.struct_class = Types::ListAccountsResponse LogoutRequest.add_member(:access_token, Shapes::ShapeRef.new(shape: AccessTokenType, required: true, location: "header", location_name: "x-amz-sso_bearer_token")) LogoutRequest.struct_class = Types::LogoutRequest ResourceNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "message")) ResourceNotFoundException.struct_class = Types::ResourceNotFoundException RoleCredentials.add_member(:access_key_id, Shapes::ShapeRef.new(shape: AccessKeyType, location_name: "accessKeyId")) RoleCredentials.add_member(:secret_access_key, Shapes::ShapeRef.new(shape: SecretAccessKeyType, location_name: "secretAccessKey")) RoleCredentials.add_member(:session_token, Shapes::ShapeRef.new(shape: SessionTokenType, location_name: "sessionToken")) RoleCredentials.add_member(:expiration, Shapes::ShapeRef.new(shape: ExpirationTimestampType, location_name: "expiration")) RoleCredentials.struct_class = Types::RoleCredentials RoleInfo.add_member(:role_name, Shapes::ShapeRef.new(shape: RoleNameType, location_name: "roleName")) RoleInfo.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountIdType, location_name: "accountId")) RoleInfo.struct_class = Types::RoleInfo RoleListType.member = Shapes::ShapeRef.new(shape: RoleInfo) TooManyRequestsException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "message")) TooManyRequestsException.struct_class = Types::TooManyRequestsException UnauthorizedException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "message")) UnauthorizedException.struct_class = Types::UnauthorizedException # @api private API = Seahorse::Model::Api.new.tap do |api| api.version = "2019-06-10" api.metadata = { "apiVersion" => "2019-06-10", "endpointPrefix" => "portal.sso", "jsonVersion" => "1.1", "protocol" => "rest-json", "serviceAbbreviation" => "SSO", "serviceFullName" => "AWS Single Sign-On", "serviceId" => "SSO", "signatureVersion" => "v4", "signingName" => "awsssoportal", "uid" => "sso-2019-06-10", } api.add_operation(:get_role_credentials, Seahorse::Model::Operation.new.tap do |o| o.name = "GetRoleCredentials" o.http_method = "GET" o.http_request_uri = "/federation/credentials" o['authtype'] = "none" o.input = Shapes::ShapeRef.new(shape: GetRoleCredentialsRequest) o.output = Shapes::ShapeRef.new(shape: GetRoleCredentialsResponse) o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException) o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException) o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException) o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException) end) api.add_operation(:list_account_roles, Seahorse::Model::Operation.new.tap do |o| o.name = "ListAccountRoles" o.http_method = "GET" o.http_request_uri = "/assignment/roles" o['authtype'] = "none" o.input = Shapes::ShapeRef.new(shape: ListAccountRolesRequest) o.output = Shapes::ShapeRef.new(shape: ListAccountRolesResponse) o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException) o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException) o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException) o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException) o[:pager] = Aws::Pager.new( limit_key: "max_results", tokens: { "next_token" => "next_token" } ) end) api.add_operation(:list_accounts, Seahorse::Model::Operation.new.tap do |o| o.name = "ListAccounts" o.http_method = "GET" o.http_request_uri = "/assignment/accounts" o['authtype'] = "none" o.input = Shapes::ShapeRef.new(shape: ListAccountsRequest) o.output = Shapes::ShapeRef.new(shape: ListAccountsResponse) o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException) o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException) o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException) o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException) o[:pager] = Aws::Pager.new( limit_key: "max_results", tokens: { "next_token" => "next_token" } ) end) api.add_operation(:logout, Seahorse::Model::Operation.new.tap do |o| o.name = "Logout" o.http_method = "POST" o.http_request_uri = "/logout" o['authtype'] = "none" o.input = Shapes::ShapeRef.new(shape: LogoutRequest) o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure)) o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException) o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException) o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException) end) end end end aws-sdk-core-3.191.2/lib/aws-sdk-sso/endpoint_provider.rb0000644000004100000410000000645214563437550023241 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SSO class EndpointProvider def resolve_endpoint(parameters) region = parameters.region use_dual_stack = parameters.use_dual_stack use_fips = parameters.use_fips endpoint = parameters.endpoint if Aws::Endpoints::Matchers.set?(endpoint) if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported" end if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true) raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported" end return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {}) end if Aws::Endpoints::Matchers.set?(region) if (partition_result = Aws::Endpoints::Matchers.aws_partition(region)) if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true) if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack")) return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {}) end raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both" end if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name")) return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.amazonaws.com", headers: {}, properties: {}) end return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {}) end raise ArgumentError, "FIPS is enabled but this partition does not support FIPS" end if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true) if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack")) return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {}) end raise ArgumentError, "DualStack is enabled but this partition does not support DualStack" end return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {}) end end raise ArgumentError, "Invalid Configuration: Missing Region" raise ArgumentError, 'No endpoint could be resolved' end end end aws-sdk-core-3.191.2/lib/aws-sdk-sso/client.rb0000644000004100000410000006576214563437550020776 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE require 'seahorse/client/plugins/content_length.rb' require 'aws-sdk-core/plugins/credentials_configuration.rb' require 'aws-sdk-core/plugins/logging.rb' require 'aws-sdk-core/plugins/param_converter.rb' require 'aws-sdk-core/plugins/param_validator.rb' require 'aws-sdk-core/plugins/user_agent.rb' require 'aws-sdk-core/plugins/helpful_socket_errors.rb' require 'aws-sdk-core/plugins/retry_errors.rb' require 'aws-sdk-core/plugins/global_configuration.rb' require 'aws-sdk-core/plugins/regional_endpoint.rb' require 'aws-sdk-core/plugins/endpoint_discovery.rb' require 'aws-sdk-core/plugins/endpoint_pattern.rb' require 'aws-sdk-core/plugins/response_paging.rb' require 'aws-sdk-core/plugins/stub_responses.rb' require 'aws-sdk-core/plugins/idempotency_token.rb' require 'aws-sdk-core/plugins/jsonvalue_converter.rb' require 'aws-sdk-core/plugins/client_metrics_plugin.rb' require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb' require 'aws-sdk-core/plugins/transfer_encoding.rb' require 'aws-sdk-core/plugins/http_checksum.rb' require 'aws-sdk-core/plugins/checksum_algorithm.rb' require 'aws-sdk-core/plugins/request_compression.rb' require 'aws-sdk-core/plugins/defaults_mode.rb' require 'aws-sdk-core/plugins/recursion_detection.rb' require 'aws-sdk-core/plugins/sign.rb' require 'aws-sdk-core/plugins/protocols/rest_json.rb' Aws::Plugins::GlobalConfiguration.add_identifier(:sso) module Aws::SSO # An API client for SSO. To construct a client, you need to configure a `:region` and `:credentials`. # # client = Aws::SSO::Client.new( # region: region_name, # credentials: credentials, # # ... # ) # # For details on configuring region and credentials see # the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html). # # See {#initialize} for a full list of supported configuration options. class Client < Seahorse::Client::Base include Aws::ClientStubs @identifier = :sso set_api(ClientApi::API) add_plugin(Seahorse::Client::Plugins::ContentLength) add_plugin(Aws::Plugins::CredentialsConfiguration) add_plugin(Aws::Plugins::Logging) add_plugin(Aws::Plugins::ParamConverter) add_plugin(Aws::Plugins::ParamValidator) add_plugin(Aws::Plugins::UserAgent) add_plugin(Aws::Plugins::HelpfulSocketErrors) add_plugin(Aws::Plugins::RetryErrors) add_plugin(Aws::Plugins::GlobalConfiguration) add_plugin(Aws::Plugins::RegionalEndpoint) add_plugin(Aws::Plugins::EndpointDiscovery) add_plugin(Aws::Plugins::EndpointPattern) add_plugin(Aws::Plugins::ResponsePaging) add_plugin(Aws::Plugins::StubResponses) add_plugin(Aws::Plugins::IdempotencyToken) add_plugin(Aws::Plugins::JsonvalueConverter) add_plugin(Aws::Plugins::ClientMetricsPlugin) add_plugin(Aws::Plugins::ClientMetricsSendPlugin) add_plugin(Aws::Plugins::TransferEncoding) add_plugin(Aws::Plugins::HttpChecksum) add_plugin(Aws::Plugins::ChecksumAlgorithm) add_plugin(Aws::Plugins::RequestCompression) add_plugin(Aws::Plugins::DefaultsMode) add_plugin(Aws::Plugins::RecursionDetection) add_plugin(Aws::Plugins::Sign) add_plugin(Aws::Plugins::Protocols::RestJson) add_plugin(Aws::SSO::Plugins::Endpoints) # @overload initialize(options) # @param [Hash] options # @option options [required, Aws::CredentialProvider] :credentials # Your AWS credentials. This can be an instance of any one of the # following classes: # # * `Aws::Credentials` - Used for configuring static, non-refreshing # credentials. # # * `Aws::SharedCredentials` - Used for loading static credentials from a # shared file, such as `~/.aws/config`. # # * `Aws::AssumeRoleCredentials` - Used when you need to assume a role. # # * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to # assume a role after providing credentials via the web. # # * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an # access token generated from `aws login`. # # * `Aws::ProcessCredentials` - Used for loading credentials from a # process that outputs to stdout. # # * `Aws::InstanceProfileCredentials` - Used for loading credentials # from an EC2 IMDS on an EC2 instance. # # * `Aws::ECSCredentials` - Used for loading credentials from # instances running in ECS. # # * `Aws::CognitoIdentityCredentials` - Used for loading credentials # from the Cognito Identity service. # # When `:credentials` are not configured directly, the following # locations will be searched for credentials: # # * `Aws.config[:credentials]` # * The `:access_key_id`, `:secret_access_key`, and `:session_token` options. # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'] # * `~/.aws/credentials` # * `~/.aws/config` # * EC2/ECS IMDS instance profile - When used by default, the timeouts # are very aggressive. Construct and pass an instance of # `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to # enable retries and extended timeouts. Instance profile credential # fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED'] # to true. # # @option options [required, String] :region # The AWS region to connect to. The configured `:region` is # used to determine the service `:endpoint`. When not passed, # a default `:region` is searched for in the following locations: # # * `Aws.config[:region]` # * `ENV['AWS_REGION']` # * `ENV['AMAZON_REGION']` # * `ENV['AWS_DEFAULT_REGION']` # * `~/.aws/credentials` # * `~/.aws/config` # # @option options [String] :access_key_id # # @option options [Boolean] :active_endpoint_cache (false) # When set to `true`, a thread polling for endpoints will be running in # the background every 60 secs (default). Defaults to `false`. # # @option options [Boolean] :adaptive_retry_wait_to_fill (true) # Used only in `adaptive` retry mode. When true, the request will sleep # until there is sufficent client side capacity to retry the request. # When false, the request will raise a `RetryCapacityNotAvailableError` and will # not retry instead of sleeping. # # @option options [Boolean] :client_side_monitoring (false) # When `true`, client-side metrics will be collected for all API requests from # this client. # # @option options [String] :client_side_monitoring_client_id ("") # Allows you to provide an identifier for this client which will be attached to # all generated client side metrics. Defaults to an empty string. # # @option options [String] :client_side_monitoring_host ("127.0.0.1") # Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client # side monitoring agent is running on, where client metrics will be published via UDP. # # @option options [Integer] :client_side_monitoring_port (31000) # Required for publishing client metrics. The port that the client side monitoring # agent is running on, where client metrics will be published via UDP. # # @option options [Aws::ClientSideMonitoring::Publisher] :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher) # Allows you to provide a custom client-side monitoring publisher class. By default, # will use the Client Side Monitoring Agent Publisher. # # @option options [Boolean] :convert_params (true) # When `true`, an attempt is made to coerce request parameters into # the required types. # # @option options [Boolean] :correct_clock_skew (true) # Used only in `standard` and adaptive retry modes. Specifies whether to apply # a clock skew correction and retry requests with skewed client clocks. # # @option options [String] :defaults_mode ("legacy") # See {Aws::DefaultsModeConfiguration} for a list of the # accepted modes and the configuration defaults that are included. # # @option options [Boolean] :disable_host_prefix_injection (false) # Set to true to disable SDK automatically adding host prefix # to default service endpoint when available. # # @option options [Boolean] :disable_request_compression (false) # When set to 'true' the request body will not be compressed # for supported operations. # # @option options [String] :endpoint # The client endpoint is normally constructed from the `:region` # option. You should only configure an `:endpoint` when connecting # to test or custom endpoints. This should be a valid HTTP(S) URI. # # @option options [Integer] :endpoint_cache_max_entries (1000) # Used for the maximum size limit of the LRU cache storing endpoints data # for endpoint discovery enabled operations. Defaults to 1000. # # @option options [Integer] :endpoint_cache_max_threads (10) # Used for the maximum threads in use for polling endpoints to be cached, defaults to 10. # # @option options [Integer] :endpoint_cache_poll_interval (60) # When :endpoint_discovery and :active_endpoint_cache is enabled, # Use this option to config the time interval in seconds for making # requests fetching endpoints information. Defaults to 60 sec. # # @option options [Boolean] :endpoint_discovery (false) # When set to `true`, endpoint discovery will be enabled for operations when available. # # @option options [Boolean] :ignore_configured_endpoint_urls # Setting to true disables use of endpoint URLs provided via environment # variables and the shared configuration file. # # @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default) # The log formatter. # # @option options [Symbol] :log_level (:info) # The log level to send messages to the `:logger` at. # # @option options [Logger] :logger # The Logger instance to send log messages to. If this option # is not set, logging will be disabled. # # @option options [Integer] :max_attempts (3) # An integer representing the maximum number attempts that will be made for # a single request, including the initial attempt. For example, # setting this value to 5 will result in a request being retried up to # 4 times. Used in `standard` and `adaptive` retry modes. # # @option options [String] :profile ("default") # Used when loading credentials from the shared credentials file # at HOME/.aws/credentials. When not specified, 'default' is used. # # @option options [Integer] :request_min_compression_size_bytes (10240) # The minimum size in bytes that triggers compression for request # bodies. The value must be non-negative integer value between 0 # and 10485780 bytes inclusive. # # @option options [Proc] :retry_backoff # A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay. # This option is only used in the `legacy` retry mode. # # @option options [Float] :retry_base_delay (0.3) # The base delay in seconds used by the default backoff function. This option # is only used in the `legacy` retry mode. # # @option options [Symbol] :retry_jitter (:none) # A delay randomiser function used by the default backoff function. # Some predefined functions can be referenced by name - :none, :equal, :full, # otherwise a Proc that takes and returns a number. This option is only used # in the `legacy` retry mode. # # @see https://www.awsarchitectureblog.com/2015/03/backoff.html # # @option options [Integer] :retry_limit (3) # The maximum number of times to retry failed requests. Only # ~ 500 level server errors and certain ~ 400 level client errors # are retried. Generally, these are throttling errors, data # checksum errors, networking errors, timeout errors, auth errors, # endpoint discovery, and errors from expired credentials. # This option is only used in the `legacy` retry mode. # # @option options [Integer] :retry_max_delay (0) # The maximum number of seconds to delay between retries (0 for no limit) # used by the default backoff function. This option is only used in the # `legacy` retry mode. # # @option options [String] :retry_mode ("legacy") # Specifies which retry algorithm to use. Values are: # # * `legacy` - The pre-existing retry behavior. This is default value if # no retry mode is provided. # # * `standard` - A standardized set of retry rules across the AWS SDKs. # This includes support for retry quotas, which limit the number of # unsuccessful retries a client can make. # # * `adaptive` - An experimental retry mode that includes all the # functionality of `standard` mode along with automatic client side # throttling. This is a provisional mode that may change behavior # in the future. # # # @option options [String] :sdk_ua_app_id # A unique and opaque application ID that is appended to the # User-Agent header as app/. It should have a # maximum length of 50. # # @option options [String] :secret_access_key # # @option options [String] :session_token # # @option options [Boolean] :stub_responses (false) # Causes the client to return stubbed responses. By default # fake responses are generated and returned. You can specify # the response data to return or errors to raise by calling # {ClientStubs#stub_responses}. See {ClientStubs} for more information. # # ** Please note ** When response stubbing is enabled, no HTTP # requests are made, and retries are disabled. # # @option options [Aws::TokenProvider] :token_provider # A Bearer Token Provider. This can be an instance of any one of the # following classes: # # * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing # tokens. # # * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an # access token generated from `aws login`. # # When `:token_provider` is not configured directly, the `Aws::TokenProviderChain` # will be used to search for tokens configured for your profile in shared configuration files. # # @option options [Boolean] :use_dualstack_endpoint # When set to `true`, dualstack enabled endpoints (with `.aws` TLD) # will be used if available. # # @option options [Boolean] :use_fips_endpoint # When set to `true`, fips compatible endpoints will be used if available. # When a `fips` region is used, the region is normalized and this config # is set to `true`. # # @option options [Boolean] :validate_params (true) # When `true`, request parameters are validated before # sending the request. # # @option options [Aws::SSO::EndpointProvider] :endpoint_provider # The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::SSO::EndpointParameters` # # @option options [URI::HTTP,String] :http_proxy A proxy to send # requests through. Formatted like 'http://proxy.com:123'. # # @option options [Float] :http_open_timeout (15) The number of # seconds to wait when opening a HTTP session before raising a # `Timeout::Error`. # # @option options [Float] :http_read_timeout (60) The default # number of seconds to wait for response data. This value can # safely be set per-request on the session. # # @option options [Float] :http_idle_timeout (5) The number of # seconds a connection is allowed to sit idle before it is # considered stale. Stale connections are closed and removed # from the pool before making a request. # # @option options [Float] :http_continue_timeout (1) The number of # seconds to wait for a 100-continue response before sending the # request body. This option has no effect unless the request has # "Expect" header set to "100-continue". Defaults to `nil` which # disables this behaviour. This value can safely be set per # request on the session. # # @option options [Float] :ssl_timeout (nil) Sets the SSL timeout # in seconds. # # @option options [Boolean] :http_wire_trace (false) When `true`, # HTTP debug output will be sent to the `:logger`. # # @option options [Boolean] :ssl_verify_peer (true) When `true`, # SSL peer certificates are verified when establishing a # connection. # # @option options [String] :ssl_ca_bundle Full path to the SSL # certificate authority bundle file that should be used when # verifying peer certificates. If you do not pass # `:ssl_ca_bundle` or `:ssl_ca_directory` the the system default # will be used if available. # # @option options [String] :ssl_ca_directory Full path of the # directory that contains the unbundled SSL certificate # authority files for verifying peer certificates. If you do # not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the # system default will be used if available. # def initialize(*args) super end # @!group API Operations # Returns the STS short-term credentials for a given role name that is # assigned to the user. # # @option params [required, String] :role_name # The friendly name of the role that is assigned to the user. # # @option params [required, String] :account_id # The identifier for the AWS account that is assigned to the user. # # @option params [required, String] :access_token # The token issued by the `CreateToken` API call. For more information, # see [CreateToken][1] in the *IAM Identity Center OIDC API Reference # Guide*. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html # # @return [Types::GetRoleCredentialsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetRoleCredentialsResponse#role_credentials #role_credentials} => Types::RoleCredentials # # @example Request syntax with placeholder values # # resp = client.get_role_credentials({ # role_name: "RoleNameType", # required # account_id: "AccountIdType", # required # access_token: "AccessTokenType", # required # }) # # @example Response structure # # resp.role_credentials.access_key_id #=> String # resp.role_credentials.secret_access_key #=> String # resp.role_credentials.session_token #=> String # resp.role_credentials.expiration #=> Integer # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials AWS API Documentation # # @overload get_role_credentials(params = {}) # @param [Hash] params ({}) def get_role_credentials(params = {}, options = {}) req = build_request(:get_role_credentials, params) req.send_request(options) end # Lists all roles that are assigned to the user for a given AWS account. # # @option params [String] :next_token # The page token from the previous response output when you request # subsequent pages. # # @option params [Integer] :max_results # The number of items that clients can request per page. # # @option params [required, String] :access_token # The token issued by the `CreateToken` API call. For more information, # see [CreateToken][1] in the *IAM Identity Center OIDC API Reference # Guide*. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html # # @option params [required, String] :account_id # The identifier for the AWS account that is assigned to the user. # # @return [Types::ListAccountRolesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListAccountRolesResponse#next_token #next_token} => String # * {Types::ListAccountRolesResponse#role_list #role_list} => Array<Types::RoleInfo> # # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}. # # @example Request syntax with placeholder values # # resp = client.list_account_roles({ # next_token: "NextTokenType", # max_results: 1, # access_token: "AccessTokenType", # required # account_id: "AccountIdType", # required # }) # # @example Response structure # # resp.next_token #=> String # resp.role_list #=> Array # resp.role_list[0].role_name #=> String # resp.role_list[0].account_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles AWS API Documentation # # @overload list_account_roles(params = {}) # @param [Hash] params ({}) def list_account_roles(params = {}, options = {}) req = build_request(:list_account_roles, params) req.send_request(options) end # Lists all AWS accounts assigned to the user. These AWS accounts are # assigned by the administrator of the account. For more information, # see [Assign User Access][1] in the *IAM Identity Center User Guide*. # This operation returns a paginated response. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers # # @option params [String] :next_token # (Optional) When requesting subsequent pages, this is the page token # from the previous response output. # # @option params [Integer] :max_results # This is the number of items clients can request per page. # # @option params [required, String] :access_token # The token issued by the `CreateToken` API call. For more information, # see [CreateToken][1] in the *IAM Identity Center OIDC API Reference # Guide*. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html # # @return [Types::ListAccountsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListAccountsResponse#next_token #next_token} => String # * {Types::ListAccountsResponse#account_list #account_list} => Array<Types::AccountInfo> # # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}. # # @example Request syntax with placeholder values # # resp = client.list_accounts({ # next_token: "NextTokenType", # max_results: 1, # access_token: "AccessTokenType", # required # }) # # @example Response structure # # resp.next_token #=> String # resp.account_list #=> Array # resp.account_list[0].account_id #=> String # resp.account_list[0].account_name #=> String # resp.account_list[0].email_address #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts AWS API Documentation # # @overload list_accounts(params = {}) # @param [Hash] params ({}) def list_accounts(params = {}, options = {}) req = build_request(:list_accounts, params) req.send_request(options) end # Removes the locally stored SSO tokens from the client-side cache and # sends an API call to the IAM Identity Center service to invalidate the # corresponding server-side IAM Identity Center sign in session. # # If a user uses IAM Identity Center to access the AWS CLI, the user’s # IAM Identity Center sign in session is used to obtain an IAM session, # as specified in the corresponding IAM Identity Center permission set. # More specifically, IAM Identity Center assumes an IAM role in the # target account on behalf of the user, and the corresponding temporary # AWS credentials are returned to the client. # # After user logout, any existing IAM role sessions that were created by # using IAM Identity Center permission sets continue based on the # duration configured in the permission set. For more information, see # [User authentications][1] in the *IAM Identity Center User Guide*. # # # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html # # @option params [required, String] :access_token # The token issued by the `CreateToken` API call. For more information, # see [CreateToken][1] in the *IAM Identity Center OIDC API Reference # Guide*. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.logout({ # access_token: "AccessTokenType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout AWS API Documentation # # @overload logout(params = {}) # @param [Hash] params ({}) def logout(params = {}, options = {}) req = build_request(:logout, params) req.send_request(options) end # @!endgroup # @param params ({}) # @api private def build_request(operation_name, params = {}) handlers = @handlers.for(operation_name) context = Seahorse::Client::RequestContext.new( operation_name: operation_name, operation: config.api.operation(operation_name), client: self, params: params, config: config) context[:gem_name] = 'aws-sdk-core' context[:gem_version] = '3.191.2' Seahorse::Client::Request.new(handlers, context) end # @api private # @deprecated def waiter_names [] end class << self # @api private attr_reader :identifier # @api private def errors_module Errors end end end end aws-sdk-core-3.191.2/lib/aws-sdk-sso/errors.rb0000644000004100000410000000555614563437550021027 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SSO # When SSO returns an error response, the Ruby SDK constructs and raises an error. # These errors all extend Aws::SSO::Errors::ServiceError < {Aws::Errors::ServiceError} # # You can rescue all SSO errors using ServiceError: # # begin # # do stuff # rescue Aws::SSO::Errors::ServiceError # # rescues all SSO API errors # end # # # ## Request Context # ServiceError objects have a {Aws::Errors::ServiceError#context #context} method that returns # information about the request that generated the error. # See {Seahorse::Client::RequestContext} for more information. # # ## Error Classes # * {InvalidRequestException} # * {ResourceNotFoundException} # * {TooManyRequestsException} # * {UnauthorizedException} # # Additionally, error classes are dynamically generated for service errors based on the error code # if they are not defined above. module Errors extend Aws::Errors::DynamicErrors class InvalidRequestException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::SSO::Types::InvalidRequestException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def message @message || @data[:message] end end class ResourceNotFoundException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::SSO::Types::ResourceNotFoundException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def message @message || @data[:message] end end class TooManyRequestsException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::SSO::Types::TooManyRequestsException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def message @message || @data[:message] end end class UnauthorizedException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::SSO::Types::UnauthorizedException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def message @message || @data[:message] end end end end aws-sdk-core-3.191.2/lib/aws-sdk-sso/types.rb0000644000004100000410000002370314563437550020651 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SSO module Types # Provides information about your AWS account. # # @!attribute [rw] account_id # The identifier of the AWS account that is assigned to the user. # @return [String] # # @!attribute [rw] account_name # The display name of the AWS account that is assigned to the user. # @return [String] # # @!attribute [rw] email_address # The email address of the AWS account that is assigned to the user. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/AccountInfo AWS API Documentation # class AccountInfo < Struct.new( :account_id, :account_name, :email_address) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] role_name # The friendly name of the role that is assigned to the user. # @return [String] # # @!attribute [rw] account_id # The identifier for the AWS account that is assigned to the user. # @return [String] # # @!attribute [rw] access_token # The token issued by the `CreateToken` API call. For more # information, see [CreateToken][1] in the *IAM Identity Center OIDC # API Reference Guide*. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentialsRequest AWS API Documentation # class GetRoleCredentialsRequest < Struct.new( :role_name, :account_id, :access_token) SENSITIVE = [:access_token] include Aws::Structure end # @!attribute [rw] role_credentials # The credentials for the role that is assigned to the user. # @return [Types::RoleCredentials] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentialsResponse AWS API Documentation # class GetRoleCredentialsResponse < Struct.new( :role_credentials) SENSITIVE = [] include Aws::Structure end # Indicates that a problem occurred with the input to the request. For # example, a required parameter might be missing or out of range. # # @!attribute [rw] message # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/InvalidRequestException AWS API Documentation # class InvalidRequestException < Struct.new( :message) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] next_token # The page token from the previous response output when you request # subsequent pages. # @return [String] # # @!attribute [rw] max_results # The number of items that clients can request per page. # @return [Integer] # # @!attribute [rw] access_token # The token issued by the `CreateToken` API call. For more # information, see [CreateToken][1] in the *IAM Identity Center OIDC # API Reference Guide*. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html # @return [String] # # @!attribute [rw] account_id # The identifier for the AWS account that is assigned to the user. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRolesRequest AWS API Documentation # class ListAccountRolesRequest < Struct.new( :next_token, :max_results, :access_token, :account_id) SENSITIVE = [:access_token] include Aws::Structure end # @!attribute [rw] next_token # The page token client that is used to retrieve the list of accounts. # @return [String] # # @!attribute [rw] role_list # A paginated response with the list of roles and the next token if # more results are available. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRolesResponse AWS API Documentation # class ListAccountRolesResponse < Struct.new( :next_token, :role_list) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] next_token # (Optional) When requesting subsequent pages, this is the page token # from the previous response output. # @return [String] # # @!attribute [rw] max_results # This is the number of items clients can request per page. # @return [Integer] # # @!attribute [rw] access_token # The token issued by the `CreateToken` API call. For more # information, see [CreateToken][1] in the *IAM Identity Center OIDC # API Reference Guide*. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountsRequest AWS API Documentation # class ListAccountsRequest < Struct.new( :next_token, :max_results, :access_token) SENSITIVE = [:access_token] include Aws::Structure end # @!attribute [rw] next_token # The page token client that is used to retrieve the list of accounts. # @return [String] # # @!attribute [rw] account_list # A paginated response with the list of account information and the # next token if more results are available. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountsResponse AWS API Documentation # class ListAccountsResponse < Struct.new( :next_token, :account_list) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] access_token # The token issued by the `CreateToken` API call. For more # information, see [CreateToken][1] in the *IAM Identity Center OIDC # API Reference Guide*. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/LogoutRequest AWS API Documentation # class LogoutRequest < Struct.new( :access_token) SENSITIVE = [:access_token] include Aws::Structure end # The specified resource doesn't exist. # # @!attribute [rw] message # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ResourceNotFoundException AWS API Documentation # class ResourceNotFoundException < Struct.new( :message) SENSITIVE = [] include Aws::Structure end # Provides information about the role credentials that are assigned to # the user. # # @!attribute [rw] access_key_id # The identifier used for the temporary security credentials. For more # information, see [Using Temporary Security Credentials to Request # Access to AWS Resources][1] in the *AWS IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html # @return [String] # # @!attribute [rw] secret_access_key # The key that is used to sign the request. For more information, see # [Using Temporary Security Credentials to Request Access to AWS # Resources][1] in the *AWS IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html # @return [String] # # @!attribute [rw] session_token # The token used for temporary credentials. For more information, see # [Using Temporary Security Credentials to Request Access to AWS # Resources][1] in the *AWS IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html # @return [String] # # @!attribute [rw] expiration # The date on which temporary security credentials expire. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/RoleCredentials AWS API Documentation # class RoleCredentials < Struct.new( :access_key_id, :secret_access_key, :session_token, :expiration) SENSITIVE = [:secret_access_key, :session_token] include Aws::Structure end # Provides information about the role that is assigned to the user. # # @!attribute [rw] role_name # The friendly name of the role that is assigned to the user. # @return [String] # # @!attribute [rw] account_id # The identifier of the AWS account assigned to the user. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/RoleInfo AWS API Documentation # class RoleInfo < Struct.new( :role_name, :account_id) SENSITIVE = [] include Aws::Structure end # Indicates that the request is being made too frequently and is more # than what the server can handle. # # @!attribute [rw] message # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/TooManyRequestsException AWS API Documentation # class TooManyRequestsException < Struct.new( :message) SENSITIVE = [] include Aws::Structure end # Indicates that the request is not authorized. This can happen due to # an invalid access token in the request. # # @!attribute [rw] message # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/UnauthorizedException AWS API Documentation # class UnauthorizedException < Struct.new( :message) SENSITIVE = [] include Aws::Structure end end end aws-sdk-core-3.191.2/lib/aws-sdk-sso/endpoints.rb0000644000004100000410000000372614563437550021513 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SSO # @api private module Endpoints class GetRoleCredentials def self.build(context) unless context.config.regional_endpoint endpoint = context.config.endpoint.to_s end Aws::SSO::EndpointParameters.new( region: context.config.region, use_dual_stack: context.config.use_dualstack_endpoint, use_fips: context.config.use_fips_endpoint, endpoint: endpoint, ) end end class ListAccountRoles def self.build(context) unless context.config.regional_endpoint endpoint = context.config.endpoint.to_s end Aws::SSO::EndpointParameters.new( region: context.config.region, use_dual_stack: context.config.use_dualstack_endpoint, use_fips: context.config.use_fips_endpoint, endpoint: endpoint, ) end end class ListAccounts def self.build(context) unless context.config.regional_endpoint endpoint = context.config.endpoint.to_s end Aws::SSO::EndpointParameters.new( region: context.config.region, use_dual_stack: context.config.use_dualstack_endpoint, use_fips: context.config.use_fips_endpoint, endpoint: endpoint, ) end end class Logout def self.build(context) unless context.config.regional_endpoint endpoint = context.config.endpoint.to_s end Aws::SSO::EndpointParameters.new( region: context.config.region, use_dual_stack: context.config.use_dualstack_endpoint, use_fips: context.config.use_fips_endpoint, endpoint: endpoint, ) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-sso/endpoint_parameters.rb0000644000004100000410000000363414563437550023551 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SSO # Endpoint parameters used to influence endpoints per request. # # @!attribute region # The AWS region used to dispatch the request. # # @return [String] # # @!attribute use_dual_stack # When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error. # # @return [Boolean] # # @!attribute use_fips # When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error. # # @return [Boolean] # # @!attribute endpoint # Override the endpoint used to send this request # # @return [String] # EndpointParameters = Struct.new( :region, :use_dual_stack, :use_fips, :endpoint, ) do include Aws::Structure # @api private class << self PARAM_MAP = { 'Region' => :region, 'UseDualStack' => :use_dual_stack, 'UseFIPS' => :use_fips, 'Endpoint' => :endpoint, }.freeze end def initialize(options = {}) self[:region] = options[:region] self[:use_dual_stack] = options[:use_dual_stack] self[:use_dual_stack] = false if self[:use_dual_stack].nil? if self[:use_dual_stack].nil? raise ArgumentError, "Missing required EndpointParameter: :use_dual_stack" end self[:use_fips] = options[:use_fips] self[:use_fips] = false if self[:use_fips].nil? if self[:use_fips].nil? raise ArgumentError, "Missing required EndpointParameter: :use_fips" end self[:endpoint] = options[:endpoint] end end end aws-sdk-core-3.191.2/lib/aws-defaults/0000755000004100000410000000000014563437550017377 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-defaults/default_configuration.rb0000644000004100000410000001330214563437550024276 0ustar www-datawww-data# frozen_string_literal: true require_relative 'defaults_mode_config_resolver' module Aws # A defaults mode determines how certain default configuration options are resolved in the SDK. # # *Note*: For any mode other than `'legacy'` the vended default values might change as best practices may # evolve. As a result, it is encouraged to perform testing when upgrading the SDK if you are using a mode other than # `'legacy'`. While the `'legacy'` defaults mode is specific to Ruby, # other modes are standardized across all of the AWS SDKs. # # The defaults mode can be configured: # # * Directly on a client via `:defaults_mode` # # * On a configuration profile via the "defaults_mode" profile file property. # # * Globally via the "AWS_DEFAULTS_MODE" environment variable. # # # #defaults START - documentation # The following `:default_mode` values are supported: # # * `'standard'` - # The STANDARD mode provides the latest recommended default values # that should be safe to run in most scenarios # # Note that the default values vended from this mode might change as # best practices may evolve. As a result, it is encouraged to perform # tests when upgrading the SDK # # * `'in-region'` - # The IN\_REGION mode builds on the standard mode and includes # optimization tailored for applications which call AWS services from # within the same AWS region # # Note that the default values vended from this mode might change as # best practices may evolve. As a result, it is encouraged to perform # tests when upgrading the SDK # # * `'cross-region'` - # The CROSS\_REGION mode builds on the standard mode and includes # optimization tailored for applications which call AWS services in a # different region # # Note that the default values vended from this mode might change as # best practices may evolve. As a result, it is encouraged to perform # tests when upgrading the SDK # # * `'mobile'` - # The MOBILE mode builds on the standard mode and includes # optimization tailored for mobile applications # # Note that the default values vended from this mode might change as # best practices may evolve. As a result, it is encouraged to perform # tests when upgrading the SDK # # * `'auto'` - # The AUTO mode is an experimental mode that builds on the standard # mode. The SDK will attempt to discover the execution environment to # determine the appropriate settings automatically. # # Note that the auto detection is heuristics-based and does not # guarantee 100% accuracy. STANDARD mode will be used if the execution # environment cannot be determined. The auto detection might query # [EC2 Instance Metadata service][1], which might introduce latency. # Therefore we recommend choosing an explicit defaults\_mode instead # if startup latency is critical to your application # # * `'legacy'` - # The LEGACY mode provides default settings that vary per SDK and were # used prior to establishment of defaults\_mode # # Based on the provided mode, the SDK will vend sensible default values # tailored to the mode for the following settings: # # * `:retry_mode` - # A retry mode specifies how the SDK attempts retries. See [Retry # Mode][2] # # * `:sts_regional_endpoints` - # Specifies how the SDK determines the AWS service endpoint that it # uses to talk to the AWS Security Token Service (AWS STS). See # [Setting STS Regional endpoints][3] # # * `:s3_us_east_1_regional_endpoint` - # Specifies how the SDK determines the AWS service endpoint that it # uses to talk to the Amazon S3 for the us-east-1 region # # * `:http_open_timeout` - # The amount of time after making an initial connection attempt on a # socket, where if the client does not receive a completion of the # connect handshake, the client gives up and fails the operation # # * `:ssl_timeout` - # The maximum amount of time that a TLS handshake is allowed to take # from the time the CLIENT HELLO message is sent to ethe time the # client and server have fully negotiated ciphers and exchanged keys # # All options above can be configured by users, and the overridden value will take precedence. # # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html # [2]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-retry_mode.html # [3]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-sts_regional_endpoints.html # # #defaults END - documentation module DefaultsModeConfiguration # @api private # #defaults START - configuration SDK_DEFAULT_CONFIGURATION = { "version" => 1, "base" => { "retryMode" => "standard", "stsRegionalEndpoints" => "regional", "s3UsEast1RegionalEndpoints" => "regional", "connectTimeoutInMillis" => 1100, "tlsNegotiationTimeoutInMillis" => 1100 }, "modes" => { "standard" => { "connectTimeoutInMillis" => { "override" => 3100 }, "tlsNegotiationTimeoutInMillis" => { "override" => 3100 } }, "in-region" => { }, "cross-region" => { "connectTimeoutInMillis" => { "override" => 3100 }, "tlsNegotiationTimeoutInMillis" => { "override" => 3100 } }, "mobile" => { "connectTimeoutInMillis" => { "override" => 30000 }, "tlsNegotiationTimeoutInMillis" => { "override" => 30000 } } } } # #defaults END - configuration end endaws-sdk-core-3.191.2/lib/aws-defaults/defaults_mode_config_resolver.rb0000644000004100000410000000633114563437550026010 0ustar www-datawww-data# frozen_string_literal: true module Aws #@api private class DefaultsModeConfigResolver @@application_region = nil @@application_region_mutex = Mutex.new @@imds_client = EC2Metadata.new(retries: 0, http_open_timeout: 0.01) # mappings from Ruby SDK configuration names to the # sdk defaults option names and (optional) scale modifiers CFG_OPTIONS = { retry_mode: { name: "retryMode" }, sts_regional_endpoints: { name: "stsRegionalEndpoints" }, s3_us_east_1_regional_endpoint: { name: "s3UsEast1RegionalEndpoints" }, http_open_timeout: { name: "connectTimeoutInMillis", scale: 0.001 }, http_read_timeout: { name: "timeToFirstByteTimeoutInMillis", scale: 0.001 }, ssl_timeout: { name: "tlsNegotiationTimeoutInMillis", scale: 0.001 } }.freeze def initialize(sdk_defaults, cfg) @sdk_defaults = sdk_defaults @cfg = cfg @resolved_mode = nil @mutex = Mutex.new end # option_name should be the symbolized ruby name to resolve # returns the ruby appropriate value or nil if none are resolved def resolve(option_name) return unless (std_option = CFG_OPTIONS[option_name]) mode = resolved_mode.downcase return nil if mode == 'legacy' value = resolve_for_mode(std_option[:name], mode) value = value * std_option[:scale] if value && std_option[:scale] value end private def resolved_mode @mutex.synchronize do return @resolved_mode unless @resolved_mode.nil? @resolved_mode = @cfg.defaults_mode == 'auto' ? resolve_auto_mode : @cfg.defaults_mode end end def resolve_auto_mode return "mobile" if env_mobile? region = application_current_region if region @cfg.region == region ? "in-region": "cross-region" else # We don't seem to be mobile, and we couldn't determine whether we're running within an AWS region. Fall back to standard. 'standard' end end def application_current_region resolved_region = @@application_region_mutex.synchronize do return @@application_region unless @@application_region.nil? region = nil if ENV['AWS_EXECUTION_ENV'] region = ENV['AWS_REGION'] || ENV['AWS_DEFAULT_REGION'] end if region.nil? && ENV['AWS_EC2_METADATA_DISABLED']&.downcase != "true" begin region = @@imds_client.get('/latest/meta-data/placement/region') rescue # unable to get region, leave it unset end end # required so that we cache the unknown/nil result @@application_region = region || :unknown end resolved_region == :unknown ? nil : resolved_region end def resolve_for_mode(name, mode) base_value = @sdk_defaults['base'][name] mode_value = @sdk_defaults['modes'].fetch(mode, {})[name] if mode_value.nil? return base_value end return mode_value['override'] unless mode_value['override'].nil? return base_value + mode_value['add'] unless mode_value['add'].nil? return base_value * mode_value['multiply'] unless mode_value['multiply'].nil? return base_value end def env_mobile? false end end endaws-sdk-core-3.191.2/lib/aws-sdk-sts.rb0000644000004100000410000000303414563437550017505 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE unless Module.const_defined?(:Aws) require 'aws-sdk-core' require 'aws-sigv4' end require_relative 'aws-sdk-sts/types' require_relative 'aws-sdk-sts/client_api' require_relative 'aws-sdk-sts/plugins/endpoints.rb' require_relative 'aws-sdk-sts/client' require_relative 'aws-sdk-sts/errors' require_relative 'aws-sdk-sts/resource' require_relative 'aws-sdk-sts/endpoint_parameters' require_relative 'aws-sdk-sts/endpoint_provider' require_relative 'aws-sdk-sts/endpoints' require_relative 'aws-sdk-sts/customizations' # This module provides support for AWS Security Token Service. This module is available in the # `aws-sdk-core` gem. # # # Client # # The {Client} class provides one method for each API operation. Operation # methods each accept a hash of request parameters and return a response # structure. # # sts = Aws::STS::Client.new # resp = sts.assume_role(params) # # See {Client} for more information. # # # Errors # # Errors returned from AWS Security Token Service are defined in the # {Errors} module and all extend {Errors::ServiceError}. # # begin # # do stuff # rescue Aws::STS::Errors::ServiceError # # rescues all AWS Security Token Service API errors # end # # See {Errors} for more information. # # @!group service module Aws::STS GEM_VERSION = '3.191.2' end aws-sdk-core-3.191.2/lib/aws-sdk-ssooidc/0000755000004100000410000000000014563437550020012 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-ssooidc/customizations.rb0000644000004100000410000000003514563437550023430 0ustar www-datawww-data# frozen_string_literal: trueaws-sdk-core-3.191.2/lib/aws-sdk-ssooidc/resource.rb0000644000004100000410000000100314563437550022160 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SSOOIDC class Resource # @param options ({}) # @option options [Client] :client def initialize(options = {}) @client = options[:client] || Client.new(options) end # @return [Client] def client @client end end end aws-sdk-core-3.191.2/lib/aws-sdk-ssooidc/plugins/0000755000004100000410000000000014563437550021473 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-ssooidc/plugins/endpoints.rb0000644000004100000410000000466214563437550024033 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SSOOIDC module Plugins class Endpoints < Seahorse::Client::Plugin option( :endpoint_provider, doc_type: 'Aws::SSOOIDC::EndpointProvider', rbs_type: 'untyped', docstring: 'The endpoint provider used to resolve endpoints. Any '\ 'object that responds to `#resolve_endpoint(parameters)` '\ 'where `parameters` is a Struct similar to '\ '`Aws::SSOOIDC::EndpointParameters`' ) do |cfg| Aws::SSOOIDC::EndpointProvider.new end # @api private class Handler < Seahorse::Client::Handler def call(context) unless context[:discovered_endpoint] params = parameters_for_operation(context) endpoint = context.config.endpoint_provider.resolve_endpoint(params) context.http_request.endpoint = endpoint.url apply_endpoint_headers(context, endpoint.headers) context[:endpoint_params] = params context[:endpoint_properties] = endpoint.properties end context[:auth_scheme] = Aws::Endpoints.resolve_auth_scheme(context, endpoint) @handler.call(context) end private def apply_endpoint_headers(context, headers) headers.each do |key, values| value = values .compact .map { |s| Seahorse::Util.escape_header_list_string(s.to_s) } .join(',') context.http_request.headers[key] = value end end def parameters_for_operation(context) case context.operation_name when :create_token Aws::SSOOIDC::Endpoints::CreateToken.build(context) when :create_token_with_iam Aws::SSOOIDC::Endpoints::CreateTokenWithIAM.build(context) when :register_client Aws::SSOOIDC::Endpoints::RegisterClient.build(context) when :start_device_authorization Aws::SSOOIDC::Endpoints::StartDeviceAuthorization.build(context) end end end def add_handlers(handlers, _config) handlers.add(Handler, step: :build, priority: 75) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-ssooidc/client_api.rb0000644000004100000410000004611614563437550022456 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SSOOIDC # @api private module ClientApi include Seahorse::Model AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException') AccessToken = Shapes::StringShape.new(name: 'AccessToken') Assertion = Shapes::StringShape.new(name: 'Assertion') AuthCode = Shapes::StringShape.new(name: 'AuthCode') AuthorizationPendingException = Shapes::StructureShape.new(name: 'AuthorizationPendingException') ClientId = Shapes::StringShape.new(name: 'ClientId') ClientName = Shapes::StringShape.new(name: 'ClientName') ClientSecret = Shapes::StringShape.new(name: 'ClientSecret') ClientType = Shapes::StringShape.new(name: 'ClientType') CreateTokenRequest = Shapes::StructureShape.new(name: 'CreateTokenRequest') CreateTokenResponse = Shapes::StructureShape.new(name: 'CreateTokenResponse') CreateTokenWithIAMRequest = Shapes::StructureShape.new(name: 'CreateTokenWithIAMRequest') CreateTokenWithIAMResponse = Shapes::StructureShape.new(name: 'CreateTokenWithIAMResponse') DeviceCode = Shapes::StringShape.new(name: 'DeviceCode') Error = Shapes::StringShape.new(name: 'Error') ErrorDescription = Shapes::StringShape.new(name: 'ErrorDescription') ExpirationInSeconds = Shapes::IntegerShape.new(name: 'ExpirationInSeconds') ExpiredTokenException = Shapes::StructureShape.new(name: 'ExpiredTokenException') GrantType = Shapes::StringShape.new(name: 'GrantType') IdToken = Shapes::StringShape.new(name: 'IdToken') InternalServerException = Shapes::StructureShape.new(name: 'InternalServerException') IntervalInSeconds = Shapes::IntegerShape.new(name: 'IntervalInSeconds') InvalidClientException = Shapes::StructureShape.new(name: 'InvalidClientException') InvalidClientMetadataException = Shapes::StructureShape.new(name: 'InvalidClientMetadataException') InvalidGrantException = Shapes::StructureShape.new(name: 'InvalidGrantException') InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException') InvalidRequestRegionException = Shapes::StructureShape.new(name: 'InvalidRequestRegionException') InvalidScopeException = Shapes::StructureShape.new(name: 'InvalidScopeException') Location = Shapes::StringShape.new(name: 'Location') LongTimeStampType = Shapes::IntegerShape.new(name: 'LongTimeStampType') RefreshToken = Shapes::StringShape.new(name: 'RefreshToken') Region = Shapes::StringShape.new(name: 'Region') RegisterClientRequest = Shapes::StructureShape.new(name: 'RegisterClientRequest') RegisterClientResponse = Shapes::StructureShape.new(name: 'RegisterClientResponse') Scope = Shapes::StringShape.new(name: 'Scope') Scopes = Shapes::ListShape.new(name: 'Scopes') SlowDownException = Shapes::StructureShape.new(name: 'SlowDownException') StartDeviceAuthorizationRequest = Shapes::StructureShape.new(name: 'StartDeviceAuthorizationRequest') StartDeviceAuthorizationResponse = Shapes::StructureShape.new(name: 'StartDeviceAuthorizationResponse') SubjectToken = Shapes::StringShape.new(name: 'SubjectToken') TokenType = Shapes::StringShape.new(name: 'TokenType') TokenTypeURI = Shapes::StringShape.new(name: 'TokenTypeURI') URI = Shapes::StringShape.new(name: 'URI') UnauthorizedClientException = Shapes::StructureShape.new(name: 'UnauthorizedClientException') UnsupportedGrantTypeException = Shapes::StructureShape.new(name: 'UnsupportedGrantTypeException') UserCode = Shapes::StringShape.new(name: 'UserCode') AccessDeniedException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error")) AccessDeniedException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description")) AccessDeniedException.struct_class = Types::AccessDeniedException AuthorizationPendingException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error")) AuthorizationPendingException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description")) AuthorizationPendingException.struct_class = Types::AuthorizationPendingException CreateTokenRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientId, required: true, location_name: "clientId")) CreateTokenRequest.add_member(:client_secret, Shapes::ShapeRef.new(shape: ClientSecret, required: true, location_name: "clientSecret")) CreateTokenRequest.add_member(:grant_type, Shapes::ShapeRef.new(shape: GrantType, required: true, location_name: "grantType")) CreateTokenRequest.add_member(:device_code, Shapes::ShapeRef.new(shape: DeviceCode, location_name: "deviceCode")) CreateTokenRequest.add_member(:code, Shapes::ShapeRef.new(shape: AuthCode, location_name: "code")) CreateTokenRequest.add_member(:refresh_token, Shapes::ShapeRef.new(shape: RefreshToken, location_name: "refreshToken")) CreateTokenRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scopes, location_name: "scope")) CreateTokenRequest.add_member(:redirect_uri, Shapes::ShapeRef.new(shape: URI, location_name: "redirectUri")) CreateTokenRequest.struct_class = Types::CreateTokenRequest CreateTokenResponse.add_member(:access_token, Shapes::ShapeRef.new(shape: AccessToken, location_name: "accessToken")) CreateTokenResponse.add_member(:token_type, Shapes::ShapeRef.new(shape: TokenType, location_name: "tokenType")) CreateTokenResponse.add_member(:expires_in, Shapes::ShapeRef.new(shape: ExpirationInSeconds, location_name: "expiresIn")) CreateTokenResponse.add_member(:refresh_token, Shapes::ShapeRef.new(shape: RefreshToken, location_name: "refreshToken")) CreateTokenResponse.add_member(:id_token, Shapes::ShapeRef.new(shape: IdToken, location_name: "idToken")) CreateTokenResponse.struct_class = Types::CreateTokenResponse CreateTokenWithIAMRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientId, required: true, location_name: "clientId")) CreateTokenWithIAMRequest.add_member(:grant_type, Shapes::ShapeRef.new(shape: GrantType, required: true, location_name: "grantType")) CreateTokenWithIAMRequest.add_member(:code, Shapes::ShapeRef.new(shape: AuthCode, location_name: "code")) CreateTokenWithIAMRequest.add_member(:refresh_token, Shapes::ShapeRef.new(shape: RefreshToken, location_name: "refreshToken")) CreateTokenWithIAMRequest.add_member(:assertion, Shapes::ShapeRef.new(shape: Assertion, location_name: "assertion")) CreateTokenWithIAMRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scopes, location_name: "scope")) CreateTokenWithIAMRequest.add_member(:redirect_uri, Shapes::ShapeRef.new(shape: URI, location_name: "redirectUri")) CreateTokenWithIAMRequest.add_member(:subject_token, Shapes::ShapeRef.new(shape: SubjectToken, location_name: "subjectToken")) CreateTokenWithIAMRequest.add_member(:subject_token_type, Shapes::ShapeRef.new(shape: TokenTypeURI, location_name: "subjectTokenType")) CreateTokenWithIAMRequest.add_member(:requested_token_type, Shapes::ShapeRef.new(shape: TokenTypeURI, location_name: "requestedTokenType")) CreateTokenWithIAMRequest.struct_class = Types::CreateTokenWithIAMRequest CreateTokenWithIAMResponse.add_member(:access_token, Shapes::ShapeRef.new(shape: AccessToken, location_name: "accessToken")) CreateTokenWithIAMResponse.add_member(:token_type, Shapes::ShapeRef.new(shape: TokenType, location_name: "tokenType")) CreateTokenWithIAMResponse.add_member(:expires_in, Shapes::ShapeRef.new(shape: ExpirationInSeconds, location_name: "expiresIn")) CreateTokenWithIAMResponse.add_member(:refresh_token, Shapes::ShapeRef.new(shape: RefreshToken, location_name: "refreshToken")) CreateTokenWithIAMResponse.add_member(:id_token, Shapes::ShapeRef.new(shape: IdToken, location_name: "idToken")) CreateTokenWithIAMResponse.add_member(:issued_token_type, Shapes::ShapeRef.new(shape: TokenTypeURI, location_name: "issuedTokenType")) CreateTokenWithIAMResponse.add_member(:scope, Shapes::ShapeRef.new(shape: Scopes, location_name: "scope")) CreateTokenWithIAMResponse.struct_class = Types::CreateTokenWithIAMResponse ExpiredTokenException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error")) ExpiredTokenException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description")) ExpiredTokenException.struct_class = Types::ExpiredTokenException InternalServerException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error")) InternalServerException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description")) InternalServerException.struct_class = Types::InternalServerException InvalidClientException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error")) InvalidClientException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description")) InvalidClientException.struct_class = Types::InvalidClientException InvalidClientMetadataException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error")) InvalidClientMetadataException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description")) InvalidClientMetadataException.struct_class = Types::InvalidClientMetadataException InvalidGrantException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error")) InvalidGrantException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description")) InvalidGrantException.struct_class = Types::InvalidGrantException InvalidRequestException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error")) InvalidRequestException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description")) InvalidRequestException.struct_class = Types::InvalidRequestException InvalidRequestRegionException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error")) InvalidRequestRegionException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description")) InvalidRequestRegionException.add_member(:endpoint, Shapes::ShapeRef.new(shape: Location, location_name: "endpoint")) InvalidRequestRegionException.add_member(:region, Shapes::ShapeRef.new(shape: Region, location_name: "region")) InvalidRequestRegionException.struct_class = Types::InvalidRequestRegionException InvalidScopeException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error")) InvalidScopeException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description")) InvalidScopeException.struct_class = Types::InvalidScopeException RegisterClientRequest.add_member(:client_name, Shapes::ShapeRef.new(shape: ClientName, required: true, location_name: "clientName")) RegisterClientRequest.add_member(:client_type, Shapes::ShapeRef.new(shape: ClientType, required: true, location_name: "clientType")) RegisterClientRequest.add_member(:scopes, Shapes::ShapeRef.new(shape: Scopes, location_name: "scopes")) RegisterClientRequest.struct_class = Types::RegisterClientRequest RegisterClientResponse.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientId, location_name: "clientId")) RegisterClientResponse.add_member(:client_secret, Shapes::ShapeRef.new(shape: ClientSecret, location_name: "clientSecret")) RegisterClientResponse.add_member(:client_id_issued_at, Shapes::ShapeRef.new(shape: LongTimeStampType, location_name: "clientIdIssuedAt")) RegisterClientResponse.add_member(:client_secret_expires_at, Shapes::ShapeRef.new(shape: LongTimeStampType, location_name: "clientSecretExpiresAt")) RegisterClientResponse.add_member(:authorization_endpoint, Shapes::ShapeRef.new(shape: URI, location_name: "authorizationEndpoint")) RegisterClientResponse.add_member(:token_endpoint, Shapes::ShapeRef.new(shape: URI, location_name: "tokenEndpoint")) RegisterClientResponse.struct_class = Types::RegisterClientResponse Scopes.member = Shapes::ShapeRef.new(shape: Scope) SlowDownException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error")) SlowDownException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description")) SlowDownException.struct_class = Types::SlowDownException StartDeviceAuthorizationRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientId, required: true, location_name: "clientId")) StartDeviceAuthorizationRequest.add_member(:client_secret, Shapes::ShapeRef.new(shape: ClientSecret, required: true, location_name: "clientSecret")) StartDeviceAuthorizationRequest.add_member(:start_url, Shapes::ShapeRef.new(shape: URI, required: true, location_name: "startUrl")) StartDeviceAuthorizationRequest.struct_class = Types::StartDeviceAuthorizationRequest StartDeviceAuthorizationResponse.add_member(:device_code, Shapes::ShapeRef.new(shape: DeviceCode, location_name: "deviceCode")) StartDeviceAuthorizationResponse.add_member(:user_code, Shapes::ShapeRef.new(shape: UserCode, location_name: "userCode")) StartDeviceAuthorizationResponse.add_member(:verification_uri, Shapes::ShapeRef.new(shape: URI, location_name: "verificationUri")) StartDeviceAuthorizationResponse.add_member(:verification_uri_complete, Shapes::ShapeRef.new(shape: URI, location_name: "verificationUriComplete")) StartDeviceAuthorizationResponse.add_member(:expires_in, Shapes::ShapeRef.new(shape: ExpirationInSeconds, location_name: "expiresIn")) StartDeviceAuthorizationResponse.add_member(:interval, Shapes::ShapeRef.new(shape: IntervalInSeconds, location_name: "interval")) StartDeviceAuthorizationResponse.struct_class = Types::StartDeviceAuthorizationResponse UnauthorizedClientException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error")) UnauthorizedClientException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description")) UnauthorizedClientException.struct_class = Types::UnauthorizedClientException UnsupportedGrantTypeException.add_member(:error, Shapes::ShapeRef.new(shape: Error, location_name: "error")) UnsupportedGrantTypeException.add_member(:error_description, Shapes::ShapeRef.new(shape: ErrorDescription, location_name: "error_description")) UnsupportedGrantTypeException.struct_class = Types::UnsupportedGrantTypeException # @api private API = Seahorse::Model::Api.new.tap do |api| api.version = "2019-06-10" api.metadata = { "apiVersion" => "2019-06-10", "endpointPrefix" => "oidc", "jsonVersion" => "1.1", "protocol" => "rest-json", "serviceAbbreviation" => "SSO OIDC", "serviceFullName" => "AWS SSO OIDC", "serviceId" => "SSO OIDC", "signatureVersion" => "v4", "signingName" => "sso-oauth", "uid" => "sso-oidc-2019-06-10", } api.add_operation(:create_token, Seahorse::Model::Operation.new.tap do |o| o.name = "CreateToken" o.http_method = "POST" o.http_request_uri = "/token" o['authtype'] = "none" o.input = Shapes::ShapeRef.new(shape: CreateTokenRequest) o.output = Shapes::ShapeRef.new(shape: CreateTokenResponse) o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException) o.errors << Shapes::ShapeRef.new(shape: InvalidClientException) o.errors << Shapes::ShapeRef.new(shape: InvalidGrantException) o.errors << Shapes::ShapeRef.new(shape: UnauthorizedClientException) o.errors << Shapes::ShapeRef.new(shape: UnsupportedGrantTypeException) o.errors << Shapes::ShapeRef.new(shape: InvalidScopeException) o.errors << Shapes::ShapeRef.new(shape: AuthorizationPendingException) o.errors << Shapes::ShapeRef.new(shape: SlowDownException) o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException) o.errors << Shapes::ShapeRef.new(shape: ExpiredTokenException) o.errors << Shapes::ShapeRef.new(shape: InternalServerException) end) api.add_operation(:create_token_with_iam, Seahorse::Model::Operation.new.tap do |o| o.name = "CreateTokenWithIAM" o.http_method = "POST" o.http_request_uri = "/token?aws_iam=t" o.input = Shapes::ShapeRef.new(shape: CreateTokenWithIAMRequest) o.output = Shapes::ShapeRef.new(shape: CreateTokenWithIAMResponse) o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException) o.errors << Shapes::ShapeRef.new(shape: InvalidClientException) o.errors << Shapes::ShapeRef.new(shape: InvalidGrantException) o.errors << Shapes::ShapeRef.new(shape: UnauthorizedClientException) o.errors << Shapes::ShapeRef.new(shape: UnsupportedGrantTypeException) o.errors << Shapes::ShapeRef.new(shape: InvalidScopeException) o.errors << Shapes::ShapeRef.new(shape: AuthorizationPendingException) o.errors << Shapes::ShapeRef.new(shape: SlowDownException) o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException) o.errors << Shapes::ShapeRef.new(shape: ExpiredTokenException) o.errors << Shapes::ShapeRef.new(shape: InternalServerException) o.errors << Shapes::ShapeRef.new(shape: InvalidRequestRegionException) end) api.add_operation(:register_client, Seahorse::Model::Operation.new.tap do |o| o.name = "RegisterClient" o.http_method = "POST" o.http_request_uri = "/client/register" o['authtype'] = "none" o.input = Shapes::ShapeRef.new(shape: RegisterClientRequest) o.output = Shapes::ShapeRef.new(shape: RegisterClientResponse) o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException) o.errors << Shapes::ShapeRef.new(shape: InvalidScopeException) o.errors << Shapes::ShapeRef.new(shape: InvalidClientMetadataException) o.errors << Shapes::ShapeRef.new(shape: InternalServerException) end) api.add_operation(:start_device_authorization, Seahorse::Model::Operation.new.tap do |o| o.name = "StartDeviceAuthorization" o.http_method = "POST" o.http_request_uri = "/device_authorization" o['authtype'] = "none" o.input = Shapes::ShapeRef.new(shape: StartDeviceAuthorizationRequest) o.output = Shapes::ShapeRef.new(shape: StartDeviceAuthorizationResponse) o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException) o.errors << Shapes::ShapeRef.new(shape: InvalidClientException) o.errors << Shapes::ShapeRef.new(shape: UnauthorizedClientException) o.errors << Shapes::ShapeRef.new(shape: SlowDownException) o.errors << Shapes::ShapeRef.new(shape: InternalServerException) end) end end end aws-sdk-core-3.191.2/lib/aws-sdk-ssooidc/endpoint_provider.rb0000644000004100000410000000642014563437550024073 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SSOOIDC class EndpointProvider def resolve_endpoint(parameters) region = parameters.region use_dual_stack = parameters.use_dual_stack use_fips = parameters.use_fips endpoint = parameters.endpoint if Aws::Endpoints::Matchers.set?(endpoint) if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported" end if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true) raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported" end return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {}) end if Aws::Endpoints::Matchers.set?(region) if (partition_result = Aws::Endpoints::Matchers.aws_partition(region)) if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true) if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack")) return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {}) end raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both" end if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true) if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov") return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.amazonaws.com", headers: {}, properties: {}) end return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {}) end raise ArgumentError, "FIPS is enabled but this partition does not support FIPS" end if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true) if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack")) return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {}) end raise ArgumentError, "DualStack is enabled but this partition does not support DualStack" end return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {}) end end raise ArgumentError, "Invalid Configuration: Missing Region" raise ArgumentError, 'No endpoint could be resolved' end end end aws-sdk-core-3.191.2/lib/aws-sdk-ssooidc/client.rb0000644000004100000410000013622414563437550021625 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE require 'seahorse/client/plugins/content_length.rb' require 'aws-sdk-core/plugins/credentials_configuration.rb' require 'aws-sdk-core/plugins/logging.rb' require 'aws-sdk-core/plugins/param_converter.rb' require 'aws-sdk-core/plugins/param_validator.rb' require 'aws-sdk-core/plugins/user_agent.rb' require 'aws-sdk-core/plugins/helpful_socket_errors.rb' require 'aws-sdk-core/plugins/retry_errors.rb' require 'aws-sdk-core/plugins/global_configuration.rb' require 'aws-sdk-core/plugins/regional_endpoint.rb' require 'aws-sdk-core/plugins/endpoint_discovery.rb' require 'aws-sdk-core/plugins/endpoint_pattern.rb' require 'aws-sdk-core/plugins/response_paging.rb' require 'aws-sdk-core/plugins/stub_responses.rb' require 'aws-sdk-core/plugins/idempotency_token.rb' require 'aws-sdk-core/plugins/jsonvalue_converter.rb' require 'aws-sdk-core/plugins/client_metrics_plugin.rb' require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb' require 'aws-sdk-core/plugins/transfer_encoding.rb' require 'aws-sdk-core/plugins/http_checksum.rb' require 'aws-sdk-core/plugins/checksum_algorithm.rb' require 'aws-sdk-core/plugins/request_compression.rb' require 'aws-sdk-core/plugins/defaults_mode.rb' require 'aws-sdk-core/plugins/recursion_detection.rb' require 'aws-sdk-core/plugins/sign.rb' require 'aws-sdk-core/plugins/protocols/rest_json.rb' Aws::Plugins::GlobalConfiguration.add_identifier(:ssooidc) module Aws::SSOOIDC # An API client for SSOOIDC. To construct a client, you need to configure a `:region` and `:credentials`. # # client = Aws::SSOOIDC::Client.new( # region: region_name, # credentials: credentials, # # ... # ) # # For details on configuring region and credentials see # the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html). # # See {#initialize} for a full list of supported configuration options. class Client < Seahorse::Client::Base include Aws::ClientStubs @identifier = :ssooidc set_api(ClientApi::API) add_plugin(Seahorse::Client::Plugins::ContentLength) add_plugin(Aws::Plugins::CredentialsConfiguration) add_plugin(Aws::Plugins::Logging) add_plugin(Aws::Plugins::ParamConverter) add_plugin(Aws::Plugins::ParamValidator) add_plugin(Aws::Plugins::UserAgent) add_plugin(Aws::Plugins::HelpfulSocketErrors) add_plugin(Aws::Plugins::RetryErrors) add_plugin(Aws::Plugins::GlobalConfiguration) add_plugin(Aws::Plugins::RegionalEndpoint) add_plugin(Aws::Plugins::EndpointDiscovery) add_plugin(Aws::Plugins::EndpointPattern) add_plugin(Aws::Plugins::ResponsePaging) add_plugin(Aws::Plugins::StubResponses) add_plugin(Aws::Plugins::IdempotencyToken) add_plugin(Aws::Plugins::JsonvalueConverter) add_plugin(Aws::Plugins::ClientMetricsPlugin) add_plugin(Aws::Plugins::ClientMetricsSendPlugin) add_plugin(Aws::Plugins::TransferEncoding) add_plugin(Aws::Plugins::HttpChecksum) add_plugin(Aws::Plugins::ChecksumAlgorithm) add_plugin(Aws::Plugins::RequestCompression) add_plugin(Aws::Plugins::DefaultsMode) add_plugin(Aws::Plugins::RecursionDetection) add_plugin(Aws::Plugins::Sign) add_plugin(Aws::Plugins::Protocols::RestJson) add_plugin(Aws::SSOOIDC::Plugins::Endpoints) # @overload initialize(options) # @param [Hash] options # @option options [required, Aws::CredentialProvider] :credentials # Your AWS credentials. This can be an instance of any one of the # following classes: # # * `Aws::Credentials` - Used for configuring static, non-refreshing # credentials. # # * `Aws::SharedCredentials` - Used for loading static credentials from a # shared file, such as `~/.aws/config`. # # * `Aws::AssumeRoleCredentials` - Used when you need to assume a role. # # * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to # assume a role after providing credentials via the web. # # * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an # access token generated from `aws login`. # # * `Aws::ProcessCredentials` - Used for loading credentials from a # process that outputs to stdout. # # * `Aws::InstanceProfileCredentials` - Used for loading credentials # from an EC2 IMDS on an EC2 instance. # # * `Aws::ECSCredentials` - Used for loading credentials from # instances running in ECS. # # * `Aws::CognitoIdentityCredentials` - Used for loading credentials # from the Cognito Identity service. # # When `:credentials` are not configured directly, the following # locations will be searched for credentials: # # * `Aws.config[:credentials]` # * The `:access_key_id`, `:secret_access_key`, and `:session_token` options. # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'] # * `~/.aws/credentials` # * `~/.aws/config` # * EC2/ECS IMDS instance profile - When used by default, the timeouts # are very aggressive. Construct and pass an instance of # `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to # enable retries and extended timeouts. Instance profile credential # fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED'] # to true. # # @option options [required, String] :region # The AWS region to connect to. The configured `:region` is # used to determine the service `:endpoint`. When not passed, # a default `:region` is searched for in the following locations: # # * `Aws.config[:region]` # * `ENV['AWS_REGION']` # * `ENV['AMAZON_REGION']` # * `ENV['AWS_DEFAULT_REGION']` # * `~/.aws/credentials` # * `~/.aws/config` # # @option options [String] :access_key_id # # @option options [Boolean] :active_endpoint_cache (false) # When set to `true`, a thread polling for endpoints will be running in # the background every 60 secs (default). Defaults to `false`. # # @option options [Boolean] :adaptive_retry_wait_to_fill (true) # Used only in `adaptive` retry mode. When true, the request will sleep # until there is sufficent client side capacity to retry the request. # When false, the request will raise a `RetryCapacityNotAvailableError` and will # not retry instead of sleeping. # # @option options [Boolean] :client_side_monitoring (false) # When `true`, client-side metrics will be collected for all API requests from # this client. # # @option options [String] :client_side_monitoring_client_id ("") # Allows you to provide an identifier for this client which will be attached to # all generated client side metrics. Defaults to an empty string. # # @option options [String] :client_side_monitoring_host ("127.0.0.1") # Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client # side monitoring agent is running on, where client metrics will be published via UDP. # # @option options [Integer] :client_side_monitoring_port (31000) # Required for publishing client metrics. The port that the client side monitoring # agent is running on, where client metrics will be published via UDP. # # @option options [Aws::ClientSideMonitoring::Publisher] :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher) # Allows you to provide a custom client-side monitoring publisher class. By default, # will use the Client Side Monitoring Agent Publisher. # # @option options [Boolean] :convert_params (true) # When `true`, an attempt is made to coerce request parameters into # the required types. # # @option options [Boolean] :correct_clock_skew (true) # Used only in `standard` and adaptive retry modes. Specifies whether to apply # a clock skew correction and retry requests with skewed client clocks. # # @option options [String] :defaults_mode ("legacy") # See {Aws::DefaultsModeConfiguration} for a list of the # accepted modes and the configuration defaults that are included. # # @option options [Boolean] :disable_host_prefix_injection (false) # Set to true to disable SDK automatically adding host prefix # to default service endpoint when available. # # @option options [Boolean] :disable_request_compression (false) # When set to 'true' the request body will not be compressed # for supported operations. # # @option options [String] :endpoint # The client endpoint is normally constructed from the `:region` # option. You should only configure an `:endpoint` when connecting # to test or custom endpoints. This should be a valid HTTP(S) URI. # # @option options [Integer] :endpoint_cache_max_entries (1000) # Used for the maximum size limit of the LRU cache storing endpoints data # for endpoint discovery enabled operations. Defaults to 1000. # # @option options [Integer] :endpoint_cache_max_threads (10) # Used for the maximum threads in use for polling endpoints to be cached, defaults to 10. # # @option options [Integer] :endpoint_cache_poll_interval (60) # When :endpoint_discovery and :active_endpoint_cache is enabled, # Use this option to config the time interval in seconds for making # requests fetching endpoints information. Defaults to 60 sec. # # @option options [Boolean] :endpoint_discovery (false) # When set to `true`, endpoint discovery will be enabled for operations when available. # # @option options [Boolean] :ignore_configured_endpoint_urls # Setting to true disables use of endpoint URLs provided via environment # variables and the shared configuration file. # # @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default) # The log formatter. # # @option options [Symbol] :log_level (:info) # The log level to send messages to the `:logger` at. # # @option options [Logger] :logger # The Logger instance to send log messages to. If this option # is not set, logging will be disabled. # # @option options [Integer] :max_attempts (3) # An integer representing the maximum number attempts that will be made for # a single request, including the initial attempt. For example, # setting this value to 5 will result in a request being retried up to # 4 times. Used in `standard` and `adaptive` retry modes. # # @option options [String] :profile ("default") # Used when loading credentials from the shared credentials file # at HOME/.aws/credentials. When not specified, 'default' is used. # # @option options [Integer] :request_min_compression_size_bytes (10240) # The minimum size in bytes that triggers compression for request # bodies. The value must be non-negative integer value between 0 # and 10485780 bytes inclusive. # # @option options [Proc] :retry_backoff # A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay. # This option is only used in the `legacy` retry mode. # # @option options [Float] :retry_base_delay (0.3) # The base delay in seconds used by the default backoff function. This option # is only used in the `legacy` retry mode. # # @option options [Symbol] :retry_jitter (:none) # A delay randomiser function used by the default backoff function. # Some predefined functions can be referenced by name - :none, :equal, :full, # otherwise a Proc that takes and returns a number. This option is only used # in the `legacy` retry mode. # # @see https://www.awsarchitectureblog.com/2015/03/backoff.html # # @option options [Integer] :retry_limit (3) # The maximum number of times to retry failed requests. Only # ~ 500 level server errors and certain ~ 400 level client errors # are retried. Generally, these are throttling errors, data # checksum errors, networking errors, timeout errors, auth errors, # endpoint discovery, and errors from expired credentials. # This option is only used in the `legacy` retry mode. # # @option options [Integer] :retry_max_delay (0) # The maximum number of seconds to delay between retries (0 for no limit) # used by the default backoff function. This option is only used in the # `legacy` retry mode. # # @option options [String] :retry_mode ("legacy") # Specifies which retry algorithm to use. Values are: # # * `legacy` - The pre-existing retry behavior. This is default value if # no retry mode is provided. # # * `standard` - A standardized set of retry rules across the AWS SDKs. # This includes support for retry quotas, which limit the number of # unsuccessful retries a client can make. # # * `adaptive` - An experimental retry mode that includes all the # functionality of `standard` mode along with automatic client side # throttling. This is a provisional mode that may change behavior # in the future. # # # @option options [String] :sdk_ua_app_id # A unique and opaque application ID that is appended to the # User-Agent header as app/. It should have a # maximum length of 50. # # @option options [String] :secret_access_key # # @option options [String] :session_token # # @option options [Boolean] :stub_responses (false) # Causes the client to return stubbed responses. By default # fake responses are generated and returned. You can specify # the response data to return or errors to raise by calling # {ClientStubs#stub_responses}. See {ClientStubs} for more information. # # ** Please note ** When response stubbing is enabled, no HTTP # requests are made, and retries are disabled. # # @option options [Aws::TokenProvider] :token_provider # A Bearer Token Provider. This can be an instance of any one of the # following classes: # # * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing # tokens. # # * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an # access token generated from `aws login`. # # When `:token_provider` is not configured directly, the `Aws::TokenProviderChain` # will be used to search for tokens configured for your profile in shared configuration files. # # @option options [Boolean] :use_dualstack_endpoint # When set to `true`, dualstack enabled endpoints (with `.aws` TLD) # will be used if available. # # @option options [Boolean] :use_fips_endpoint # When set to `true`, fips compatible endpoints will be used if available. # When a `fips` region is used, the region is normalized and this config # is set to `true`. # # @option options [Boolean] :validate_params (true) # When `true`, request parameters are validated before # sending the request. # # @option options [Aws::SSOOIDC::EndpointProvider] :endpoint_provider # The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::SSOOIDC::EndpointParameters` # # @option options [URI::HTTP,String] :http_proxy A proxy to send # requests through. Formatted like 'http://proxy.com:123'. # # @option options [Float] :http_open_timeout (15) The number of # seconds to wait when opening a HTTP session before raising a # `Timeout::Error`. # # @option options [Float] :http_read_timeout (60) The default # number of seconds to wait for response data. This value can # safely be set per-request on the session. # # @option options [Float] :http_idle_timeout (5) The number of # seconds a connection is allowed to sit idle before it is # considered stale. Stale connections are closed and removed # from the pool before making a request. # # @option options [Float] :http_continue_timeout (1) The number of # seconds to wait for a 100-continue response before sending the # request body. This option has no effect unless the request has # "Expect" header set to "100-continue". Defaults to `nil` which # disables this behaviour. This value can safely be set per # request on the session. # # @option options [Float] :ssl_timeout (nil) Sets the SSL timeout # in seconds. # # @option options [Boolean] :http_wire_trace (false) When `true`, # HTTP debug output will be sent to the `:logger`. # # @option options [Boolean] :ssl_verify_peer (true) When `true`, # SSL peer certificates are verified when establishing a # connection. # # @option options [String] :ssl_ca_bundle Full path to the SSL # certificate authority bundle file that should be used when # verifying peer certificates. If you do not pass # `:ssl_ca_bundle` or `:ssl_ca_directory` the the system default # will be used if available. # # @option options [String] :ssl_ca_directory Full path of the # directory that contains the unbundled SSL certificate # authority files for verifying peer certificates. If you do # not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the # system default will be used if available. # def initialize(*args) super end # @!group API Operations # Creates and returns access and refresh tokens for clients that are # authenticated using client secrets. The access token can be used to # fetch short-term credentials for the assigned AWS accounts or to # access application APIs using `bearer` authentication. # # @option params [required, String] :client_id # The unique identifier string for the client or application. This value # comes from the result of the RegisterClient API. # # @option params [required, String] :client_secret # A secret string generated for the client. This value should come from # the persisted result of the RegisterClient API. # # @option params [required, String] :grant_type # Supports the following OAuth grant types: Device Code and Refresh # Token. Specify either of the following values, depending on the grant # type that you want: # # * Device Code - `urn:ietf:params:oauth:grant-type:device_code` # # * Refresh Token - `refresh_token` # # For information about how to obtain the device code, see the # StartDeviceAuthorization topic. # # @option params [String] :device_code # Used only when calling this API for the Device Code grant type. This # short-term code is used to identify this authorization request. This # comes from the result of the StartDeviceAuthorization API. # # @option params [String] :code # Used only when calling this API for the Authorization Code grant type. # The short-term code is used to identify this authorization request. # This grant type is currently unsupported for the CreateToken API. # # @option params [String] :refresh_token # Used only when calling this API for the Refresh Token grant type. This # token is used to refresh short-term tokens, such as the access token, # that might expire. # # For more information about the features and limitations of the current # IAM Identity Center OIDC implementation, see *Considerations for Using # this Guide* in the [IAM Identity Center OIDC API Reference][1]. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html # # @option params [Array] :scope # The list of scopes for which authorization is requested. The access # token that is issued is limited to the scopes that are granted. If # this value is not specified, IAM Identity Center authorizes all scopes # that are configured for the client during the call to RegisterClient. # # @option params [String] :redirect_uri # Used only when calling this API for the Authorization Code grant type. # This value specifies the location of the client or application that # has registered to receive the authorization code. # # @return [Types::CreateTokenResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateTokenResponse#access_token #access_token} => String # * {Types::CreateTokenResponse#token_type #token_type} => String # * {Types::CreateTokenResponse#expires_in #expires_in} => Integer # * {Types::CreateTokenResponse#refresh_token #refresh_token} => String # * {Types::CreateTokenResponse#id_token #id_token} => String # # # @example Example: Call OAuth/OIDC /token endpoint for Device Code grant with Secret authentication # # resp = client.create_token({ # client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID", # client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0", # device_code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzIn0EXAMPLEDEVICECODE", # grant_type: "urn:ietf:params:oauth:grant-type:device-code", # }) # # resp.to_h outputs the following: # { # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN", # expires_in: 1579729529, # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN", # token_type: "Bearer", # } # # @example Example: Call OAuth/OIDC /token endpoint for Refresh Token grant with Secret authentication # # resp = client.create_token({ # client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID", # client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0", # grant_type: "refresh_token", # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN", # scope: [ # "codewhisperer:completions", # ], # }) # # resp.to_h outputs the following: # { # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN", # expires_in: 1579729529, # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN", # token_type: "Bearer", # } # # @example Request syntax with placeholder values # # resp = client.create_token({ # client_id: "ClientId", # required # client_secret: "ClientSecret", # required # grant_type: "GrantType", # required # device_code: "DeviceCode", # code: "AuthCode", # refresh_token: "RefreshToken", # scope: ["Scope"], # redirect_uri: "URI", # }) # # @example Response structure # # resp.access_token #=> String # resp.token_type #=> String # resp.expires_in #=> Integer # resp.refresh_token #=> String # resp.id_token #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateToken AWS API Documentation # # @overload create_token(params = {}) # @param [Hash] params ({}) def create_token(params = {}, options = {}) req = build_request(:create_token, params) req.send_request(options) end # Creates and returns access and refresh tokens for clients and # applications that are authenticated using IAM entities. The access # token can be used to fetch short-term credentials for the assigned AWS # accounts or to access application APIs using `bearer` authentication. # # @option params [required, String] :client_id # The unique identifier string for the client or application. This value # is an application ARN that has OAuth grants configured. # # @option params [required, String] :grant_type # Supports the following OAuth grant types: Authorization Code, Refresh # Token, JWT Bearer, and Token Exchange. Specify one of the following # values, depending on the grant type that you want: # # * Authorization Code - `authorization_code` # # * Refresh Token - `refresh_token` # # * JWT Bearer - `urn:ietf:params:oauth:grant-type:jwt-bearer` # # * Token Exchange - `urn:ietf:params:oauth:grant-type:token-exchange` # # @option params [String] :code # Used only when calling this API for the Authorization Code grant type. # This short-term code is used to identify this authorization request. # The code is obtained through a redirect from IAM Identity Center to a # redirect URI persisted in the Authorization Code GrantOptions for the # application. # # @option params [String] :refresh_token # Used only when calling this API for the Refresh Token grant type. This # token is used to refresh short-term tokens, such as the access token, # that might expire. # # For more information about the features and limitations of the current # IAM Identity Center OIDC implementation, see *Considerations for Using # this Guide* in the [IAM Identity Center OIDC API Reference][1]. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html # # @option params [String] :assertion # Used only when calling this API for the JWT Bearer grant type. This # value specifies the JSON Web Token (JWT) issued by a trusted token # issuer. To authorize a trusted token issuer, configure the JWT Bearer # GrantOptions for the application. # # @option params [Array] :scope # The list of scopes for which authorization is requested. The access # token that is issued is limited to the scopes that are granted. If the # value is not specified, IAM Identity Center authorizes all scopes # configured for the application, including the following default # scopes: `openid`, `aws`, `sts:identity_context`. # # @option params [String] :redirect_uri # Used only when calling this API for the Authorization Code grant type. # This value specifies the location of the client or application that # has registered to receive the authorization code. # # @option params [String] :subject_token # Used only when calling this API for the Token Exchange grant type. # This value specifies the subject of the exchange. The value of the # subject token must be an access token issued by IAM Identity Center to # a different client or application. The access token must have # authorized scopes that indicate the requested application as a target # audience. # # @option params [String] :subject_token_type # Used only when calling this API for the Token Exchange grant type. # This value specifies the type of token that is passed as the subject # of the exchange. The following value is supported: # # * Access Token - `urn:ietf:params:oauth:token-type:access_token` # # @option params [String] :requested_token_type # Used only when calling this API for the Token Exchange grant type. # This value specifies the type of token that the requester can receive. # The following values are supported: # # * Access Token - `urn:ietf:params:oauth:token-type:access_token` # # * Refresh Token - `urn:ietf:params:oauth:token-type:refresh_token` # # @return [Types::CreateTokenWithIAMResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateTokenWithIAMResponse#access_token #access_token} => String # * {Types::CreateTokenWithIAMResponse#token_type #token_type} => String # * {Types::CreateTokenWithIAMResponse#expires_in #expires_in} => Integer # * {Types::CreateTokenWithIAMResponse#refresh_token #refresh_token} => String # * {Types::CreateTokenWithIAMResponse#id_token #id_token} => String # * {Types::CreateTokenWithIAMResponse#issued_token_type #issued_token_type} => String # * {Types::CreateTokenWithIAMResponse#scope #scope} => Array<String> # # # @example Example: Call OAuth/OIDC /token endpoint for Authorization Code grant with IAM authentication # # resp = client.create_token_with_iam({ # client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222", # code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzg0In0EXAMPLEAUTHCODE", # grant_type: "authorization_code", # redirect_uri: "https://mywebapp.example/redirect", # scope: [ # "openid", # "aws", # "sts:identity_context", # ], # }) # # resp.to_h outputs the following: # { # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN", # expires_in: 1579729529, # id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsInN0czphdWRpdF9jb250ZXh0IjoiRVhBTVBMRUFVRElUQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.Xyah6qbk78qThzJ41iFU2yfGuRqqtKXHrJYwQ8L9Ip0", # issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token", # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN", # scope: [ # "openid", # "aws", # "sts:identity_context", # ], # token_type: "Bearer", # } # # @example Example: Call OAuth/OIDC /token endpoint for Refresh Token grant with IAM authentication # # resp = client.create_token_with_iam({ # client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222", # grant_type: "refresh_token", # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN", # }) # # resp.to_h outputs the following: # { # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN", # expires_in: 1579729529, # issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token", # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN", # scope: [ # "openid", # "aws", # "sts:identity_context", # ], # token_type: "Bearer", # } # # @example Example: Call OAuth/OIDC /token endpoint for JWT Bearer grant with IAM authentication # # resp = client.create_token_with_iam({ # assertion: "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjFMVE16YWtpaGlSbGFfOHoyQkVKVlhlV01xbyJ9.eyJ2ZXIiOiIyLjAiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vOTEyMjA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkL3YyLjAiLCJzdWIiOiJBQUFBQUFBQUFBQUFBQUFBQUFBQUFJa3pxRlZyU2FTYUZIeTc4MmJidGFRIiwiYXVkIjoiNmNiMDQwMTgtYTNmNS00NmE3LWI5OTUtOTQwYzc4ZjVhZWYzIiwiZXhwIjoxNTM2MzYxNDExLCJpYXQiOjE1MzYyNzQ3MTEsIm5iZiI6MTUzNjI3NDcxMSwibmFtZSI6IkFiZSBMaW5jb2xuIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiQWJlTGlAbWljcm9zb2Z0LmNvbSIsIm9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC02NmYzLTMzMzJlY2E3ZWE4MSIsInRpZCI6IjkxMjIwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCIsIm5vbmNlIjoiMTIzNTIzIiwiYWlvIjoiRGYyVVZYTDFpeCFsTUNXTVNPSkJjRmF0emNHZnZGR2hqS3Y4cTVnMHg3MzJkUjVNQjVCaXN2R1FPN1lXQnlqZDhpUURMcSFlR2JJRGFreXA1bW5PcmNkcUhlWVNubHRlcFFtUnA2QUlaOGpZIn0.1AFWW-Ck5nROwSlltm7GzZvDwUkqvhSQpm55TQsmVo9Y59cLhRXpvB8n-55HCr9Z6G_31_UbeUkoz612I2j_Sm9FFShSDDjoaLQr54CreGIJvjtmS3EkK9a7SJBbcpL1MpUtlfygow39tFjY7EVNW9plWUvRrTgVk7lYLprvfzw-CIqw3gHC-T7IK_m_xkr08INERBtaecwhTeN4chPC4W3jdmw_lIxzC48YoQ0dB1L9-ImX98Egypfrlbm0IBL5spFzL6JDZIRRJOu8vecJvj1mq-IUhGt0MacxX8jdxYLP-KUu2d9MbNKpCKJuZ7p8gwTL5B7NlUdh_dmSviPWrw", # client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222", # grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer", # }) # # resp.to_h outputs the following: # { # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN", # expires_in: 1579729529, # id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsInN0czphdWRpdF9jb250ZXh0IjoiRVhBTVBMRUFVRElUQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.Xyah6qbk78qThzJ41iFU2yfGuRqqtKXHrJYwQ8L9Ip0", # issued_token_type: "urn:ietf:params:oauth:token-type:refresh_token", # refresh_token: "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN", # scope: [ # "openid", # "aws", # "sts:identity_context", # ], # token_type: "Bearer", # } # # @example Example: Call OAuth/OIDC /token endpoint for Token Exchange grant with IAM authentication # # resp = client.create_token_with_iam({ # client_id: "arn:aws:sso::123456789012:application/ssoins-111111111111/apl-222222222222", # grant_type: "urn:ietf:params:oauth:grant-type:token-exchange", # requested_token_type: "urn:ietf:params:oauth:token-type:access_token", # subject_token: "aoak-Hig8TUDPNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZDIFFERENTACCESSTOKEN", # subject_token_type: "urn:ietf:params:oauth:token-type:access_token", # }) # # resp.to_h outputs the following: # { # access_token: "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN", # expires_in: 1579729529, # id_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhd3M6aWRlbnRpdHlfc3RvcmVfaWQiOiJkLTMzMzMzMzMzMzMiLCJzdWIiOiI3MzA0NDhmMi1lMGExLTcwYTctYzk1NC0wMDAwMDAwMDAwMDAiLCJhd3M6aW5zdGFuY2VfYWNjb3VudCI6IjExMTExMTExMTExMSIsInN0czppZGVudGl0eV9jb250ZXh0IjoiRVhBTVBMRUlERU5USVRZQ09OVEVYVCIsImlzcyI6Imh0dHBzOi8vaWRlbnRpdHljZW50ZXIuYW1hem9uYXdzLmNvbS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmlkZW50aXR5X3N0b3JlX2FybiI6ImFybjphd3M6aWRlbnRpdHlzdG9yZTo6MTExMTExMTExMTExOmlkZW50aXR5c3RvcmUvZC0zMzMzMzMzMzMzIiwiYXVkIjoiYXJuOmF3czpzc286OjEyMzQ1Njc4OTAxMjphcHBsaWNhdGlvbi9zc29pbnMtMTExMTExMTExMTExL2FwbC0yMjIyMjIyMjIyMjIiLCJhd3M6aW5zdGFuY2VfYXJuIjoiYXJuOmF3czpzc286OjppbnN0YW5jZS9zc29pbnMtMTExMTExMTExMTExIiwiYXdzOmNyZWRlbnRpYWxfaWQiOiJfWlIyTjZhVkJqMjdGUEtheWpfcEtwVjc3QVBERl80MXB4ZXRfWWpJdUpONlVJR2RBdkpFWEFNUExFQ1JFRElEIiwiYXV0aF90aW1lIjoiMjAyMC0wMS0yMlQxMjo0NToyOVoiLCJleHAiOjE1Nzk3Mjk1MjksImlhdCI6MTU3OTcyNTkyOX0.5SYiW1kMsuUr7nna-l5tlakM0GNbMHvIM2_n0QD23jM", # issued_token_type: "urn:ietf:params:oauth:token-type:access_token", # scope: [ # "openid", # "aws", # "sts:identity_context", # ], # token_type: "Bearer", # } # # @example Request syntax with placeholder values # # resp = client.create_token_with_iam({ # client_id: "ClientId", # required # grant_type: "GrantType", # required # code: "AuthCode", # refresh_token: "RefreshToken", # assertion: "Assertion", # scope: ["Scope"], # redirect_uri: "URI", # subject_token: "SubjectToken", # subject_token_type: "TokenTypeURI", # requested_token_type: "TokenTypeURI", # }) # # @example Response structure # # resp.access_token #=> String # resp.token_type #=> String # resp.expires_in #=> Integer # resp.refresh_token #=> String # resp.id_token #=> String # resp.issued_token_type #=> String # resp.scope #=> Array # resp.scope[0] #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM AWS API Documentation # # @overload create_token_with_iam(params = {}) # @param [Hash] params ({}) def create_token_with_iam(params = {}, options = {}) req = build_request(:create_token_with_iam, params) req.send_request(options) end # Registers a client with IAM Identity Center. This allows clients to # initiate device authorization. The output should be persisted for # reuse through many authentication requests. # # @option params [required, String] :client_name # The friendly name of the client. # # @option params [required, String] :client_type # The type of client. The service supports only `public` as a client # type. Anything other than public will be rejected by the service. # # @option params [Array] :scopes # The list of scopes that are defined by the client. Upon authorization, # this list is used to restrict permissions when granting an access # token. # # @return [Types::RegisterClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::RegisterClientResponse#client_id #client_id} => String # * {Types::RegisterClientResponse#client_secret #client_secret} => String # * {Types::RegisterClientResponse#client_id_issued_at #client_id_issued_at} => Integer # * {Types::RegisterClientResponse#client_secret_expires_at #client_secret_expires_at} => Integer # * {Types::RegisterClientResponse#authorization_endpoint #authorization_endpoint} => String # * {Types::RegisterClientResponse#token_endpoint #token_endpoint} => String # # # @example Example: Call OAuth/OIDC /register-client endpoint # # resp = client.register_client({ # client_name: "My IDE Plugin", # client_type: "public", # scopes: [ # "sso:account:access", # "codewhisperer:completions", # ], # }) # # resp.to_h outputs the following: # { # client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID", # client_id_issued_at: 1579725929, # client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0", # client_secret_expires_at: 1587584729, # } # # @example Request syntax with placeholder values # # resp = client.register_client({ # client_name: "ClientName", # required # client_type: "ClientType", # required # scopes: ["Scope"], # }) # # @example Response structure # # resp.client_id #=> String # resp.client_secret #=> String # resp.client_id_issued_at #=> Integer # resp.client_secret_expires_at #=> Integer # resp.authorization_endpoint #=> String # resp.token_endpoint #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClient AWS API Documentation # # @overload register_client(params = {}) # @param [Hash] params ({}) def register_client(params = {}, options = {}) req = build_request(:register_client, params) req.send_request(options) end # Initiates device authorization by requesting a pair of verification # codes from the authorization service. # # @option params [required, String] :client_id # The unique identifier string for the client that is registered with # IAM Identity Center. This value should come from the persisted result # of the RegisterClient API operation. # # @option params [required, String] :client_secret # A secret string that is generated for the client. This value should # come from the persisted result of the RegisterClient API operation. # # @option params [required, String] :start_url # The URL for the Amazon Web Services access portal. For more # information, see [Using the Amazon Web Services access portal][1] in # the *IAM Identity Center User Guide*. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html # # @return [Types::StartDeviceAuthorizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::StartDeviceAuthorizationResponse#device_code #device_code} => String # * {Types::StartDeviceAuthorizationResponse#user_code #user_code} => String # * {Types::StartDeviceAuthorizationResponse#verification_uri #verification_uri} => String # * {Types::StartDeviceAuthorizationResponse#verification_uri_complete #verification_uri_complete} => String # * {Types::StartDeviceAuthorizationResponse#expires_in #expires_in} => Integer # * {Types::StartDeviceAuthorizationResponse#interval #interval} => Integer # # # @example Example: Call OAuth/OIDC /start-device-authorization endpoint # # resp = client.start_device_authorization({ # client_id: "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID", # client_secret: "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0", # start_url: "https://identitycenter.amazonaws.com/ssoins-111111111111", # }) # # resp.to_h outputs the following: # { # device_code: "yJraWQiOiJrZXktMTU2Njk2ODA4OCIsImFsZyI6IkhTMzIn0EXAMPLEDEVICECODE", # expires_in: 1579729529, # interval: 1, # user_code: "makdfsk83yJraWQiOiJrZXktMTU2Njk2sImFsZyI6IkhTMzIn0EXAMPLEUSERCODE", # verification_uri: "https://device.sso.us-west-2.amazonaws.com", # verification_uri_complete: "https://device.sso.us-west-2.amazonaws.com?user_code=makdfsk83yJraWQiOiJrZXktMTU2Njk2sImFsZyI6IkhTMzIn0EXAMPLEUSERCODE", # } # # @example Request syntax with placeholder values # # resp = client.start_device_authorization({ # client_id: "ClientId", # required # client_secret: "ClientSecret", # required # start_url: "URI", # required # }) # # @example Response structure # # resp.device_code #=> String # resp.user_code #=> String # resp.verification_uri #=> String # resp.verification_uri_complete #=> String # resp.expires_in #=> Integer # resp.interval #=> Integer # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/StartDeviceAuthorization AWS API Documentation # # @overload start_device_authorization(params = {}) # @param [Hash] params ({}) def start_device_authorization(params = {}, options = {}) req = build_request(:start_device_authorization, params) req.send_request(options) end # @!endgroup # @param params ({}) # @api private def build_request(operation_name, params = {}) handlers = @handlers.for(operation_name) context = Seahorse::Client::RequestContext.new( operation_name: operation_name, operation: config.api.operation(operation_name), client: self, params: params, config: config) context[:gem_name] = 'aws-sdk-core' context[:gem_version] = '3.191.2' Seahorse::Client::Request.new(handlers, context) end # @api private # @deprecated def waiter_names [] end class << self # @api private attr_reader :identifier # @api private def errors_module Errors end end end end aws-sdk-core-3.191.2/lib/aws-sdk-ssooidc/errors.rb0000644000004100000410000002022414563437550021653 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SSOOIDC # When SSOOIDC returns an error response, the Ruby SDK constructs and raises an error. # These errors all extend Aws::SSOOIDC::Errors::ServiceError < {Aws::Errors::ServiceError} # # You can rescue all SSOOIDC errors using ServiceError: # # begin # # do stuff # rescue Aws::SSOOIDC::Errors::ServiceError # # rescues all SSOOIDC API errors # end # # # ## Request Context # ServiceError objects have a {Aws::Errors::ServiceError#context #context} method that returns # information about the request that generated the error. # See {Seahorse::Client::RequestContext} for more information. # # ## Error Classes # * {AccessDeniedException} # * {AuthorizationPendingException} # * {ExpiredTokenException} # * {InternalServerException} # * {InvalidClientException} # * {InvalidClientMetadataException} # * {InvalidGrantException} # * {InvalidRequestException} # * {InvalidRequestRegionException} # * {InvalidScopeException} # * {SlowDownException} # * {UnauthorizedClientException} # * {UnsupportedGrantTypeException} # # Additionally, error classes are dynamically generated for service errors based on the error code # if they are not defined above. module Errors extend Aws::Errors::DynamicErrors class AccessDeniedException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::SSOOIDC::Types::AccessDeniedException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def error @data[:error] end # @return [String] def error_description @data[:error_description] end end class AuthorizationPendingException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::SSOOIDC::Types::AuthorizationPendingException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def error @data[:error] end # @return [String] def error_description @data[:error_description] end end class ExpiredTokenException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::SSOOIDC::Types::ExpiredTokenException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def error @data[:error] end # @return [String] def error_description @data[:error_description] end end class InternalServerException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::SSOOIDC::Types::InternalServerException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def error @data[:error] end # @return [String] def error_description @data[:error_description] end end class InvalidClientException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::SSOOIDC::Types::InvalidClientException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def error @data[:error] end # @return [String] def error_description @data[:error_description] end end class InvalidClientMetadataException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::SSOOIDC::Types::InvalidClientMetadataException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def error @data[:error] end # @return [String] def error_description @data[:error_description] end end class InvalidGrantException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::SSOOIDC::Types::InvalidGrantException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def error @data[:error] end # @return [String] def error_description @data[:error_description] end end class InvalidRequestException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::SSOOIDC::Types::InvalidRequestException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def error @data[:error] end # @return [String] def error_description @data[:error_description] end end class InvalidRequestRegionException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::SSOOIDC::Types::InvalidRequestRegionException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def error @data[:error] end # @return [String] def error_description @data[:error_description] end # @return [String] def endpoint @data[:endpoint] end # @return [String] def region @data[:region] end end class InvalidScopeException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::SSOOIDC::Types::InvalidScopeException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def error @data[:error] end # @return [String] def error_description @data[:error_description] end end class SlowDownException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::SSOOIDC::Types::SlowDownException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def error @data[:error] end # @return [String] def error_description @data[:error_description] end end class UnauthorizedClientException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::SSOOIDC::Types::UnauthorizedClientException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def error @data[:error] end # @return [String] def error_description @data[:error_description] end end class UnsupportedGrantTypeException < ServiceError # @param [Seahorse::Client::RequestContext] context # @param [String] message # @param [Aws::SSOOIDC::Types::UnsupportedGrantTypeException] data def initialize(context, message, data = Aws::EmptyStructure.new) super(context, message, data) end # @return [String] def error @data[:error] end # @return [String] def error_description @data[:error_description] end end end end aws-sdk-core-3.191.2/lib/aws-sdk-ssooidc/types.rb0000644000004100000410000006533714563437550021521 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SSOOIDC module Types # You do not have sufficient access to perform this action. # # @!attribute [rw] error # Single error code. For this exception the value will be # `access_denied`. # @return [String] # # @!attribute [rw] error_description # Human-readable text providing additional information, used to assist # the client developer in understanding the error that occurred. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/AccessDeniedException AWS API Documentation # class AccessDeniedException < Struct.new( :error, :error_description) SENSITIVE = [] include Aws::Structure end # Indicates that a request to authorize a client with an access user # session token is pending. # # @!attribute [rw] error # Single error code. For this exception the value will be # `authorization_pending`. # @return [String] # # @!attribute [rw] error_description # Human-readable text providing additional information, used to assist # the client developer in understanding the error that occurred. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/AuthorizationPendingException AWS API Documentation # class AuthorizationPendingException < Struct.new( :error, :error_description) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] client_id # The unique identifier string for the client or application. This # value comes from the result of the RegisterClient API. # @return [String] # # @!attribute [rw] client_secret # A secret string generated for the client. This value should come # from the persisted result of the RegisterClient API. # @return [String] # # @!attribute [rw] grant_type # Supports the following OAuth grant types: Device Code and Refresh # Token. Specify either of the following values, depending on the # grant type that you want: # # * Device Code - `urn:ietf:params:oauth:grant-type:device_code` # # * Refresh Token - `refresh_token` # # For information about how to obtain the device code, see the # StartDeviceAuthorization topic. # @return [String] # # @!attribute [rw] device_code # Used only when calling this API for the Device Code grant type. This # short-term code is used to identify this authorization request. This # comes from the result of the StartDeviceAuthorization API. # @return [String] # # @!attribute [rw] code # Used only when calling this API for the Authorization Code grant # type. The short-term code is used to identify this authorization # request. This grant type is currently unsupported for the # CreateToken API. # @return [String] # # @!attribute [rw] refresh_token # Used only when calling this API for the Refresh Token grant type. # This token is used to refresh short-term tokens, such as the access # token, that might expire. # # For more information about the features and limitations of the # current IAM Identity Center OIDC implementation, see *Considerations # for Using this Guide* in the [IAM Identity Center OIDC API # Reference][1]. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html # @return [String] # # @!attribute [rw] scope # The list of scopes for which authorization is requested. The access # token that is issued is limited to the scopes that are granted. If # this value is not specified, IAM Identity Center authorizes all # scopes that are configured for the client during the call to # RegisterClient. # @return [Array] # # @!attribute [rw] redirect_uri # Used only when calling this API for the Authorization Code grant # type. This value specifies the location of the client or application # that has registered to receive the authorization code. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenRequest AWS API Documentation # class CreateTokenRequest < Struct.new( :client_id, :client_secret, :grant_type, :device_code, :code, :refresh_token, :scope, :redirect_uri) SENSITIVE = [:client_secret, :refresh_token] include Aws::Structure end # @!attribute [rw] access_token # A bearer token to access AWS accounts and applications assigned to a # user. # @return [String] # # @!attribute [rw] token_type # Used to notify the client that the returned token is an access # token. The supported token type is `Bearer`. # @return [String] # # @!attribute [rw] expires_in # Indicates the time in seconds when an access token will expire. # @return [Integer] # # @!attribute [rw] refresh_token # A token that, if present, can be used to refresh a previously issued # access token that might have expired. # # For more information about the features and limitations of the # current IAM Identity Center OIDC implementation, see *Considerations # for Using this Guide* in the [IAM Identity Center OIDC API # Reference][1]. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html # @return [String] # # @!attribute [rw] id_token # The `idToken` is not implemented or supported. For more information # about the features and limitations of the current IAM Identity # Center OIDC implementation, see *Considerations for Using this # Guide* in the [IAM Identity Center OIDC API Reference][1]. # # A JSON Web Token (JWT) that identifies who is associated with the # issued access token. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenResponse AWS API Documentation # class CreateTokenResponse < Struct.new( :access_token, :token_type, :expires_in, :refresh_token, :id_token) SENSITIVE = [:access_token, :refresh_token, :id_token] include Aws::Structure end # @!attribute [rw] client_id # The unique identifier string for the client or application. This # value is an application ARN that has OAuth grants configured. # @return [String] # # @!attribute [rw] grant_type # Supports the following OAuth grant types: Authorization Code, # Refresh Token, JWT Bearer, and Token Exchange. Specify one of the # following values, depending on the grant type that you want: # # * Authorization Code - `authorization_code` # # * Refresh Token - `refresh_token` # # * JWT Bearer - `urn:ietf:params:oauth:grant-type:jwt-bearer` # # * Token Exchange - # `urn:ietf:params:oauth:grant-type:token-exchange` # @return [String] # # @!attribute [rw] code # Used only when calling this API for the Authorization Code grant # type. This short-term code is used to identify this authorization # request. The code is obtained through a redirect from IAM Identity # Center to a redirect URI persisted in the Authorization Code # GrantOptions for the application. # @return [String] # # @!attribute [rw] refresh_token # Used only when calling this API for the Refresh Token grant type. # This token is used to refresh short-term tokens, such as the access # token, that might expire. # # For more information about the features and limitations of the # current IAM Identity Center OIDC implementation, see *Considerations # for Using this Guide* in the [IAM Identity Center OIDC API # Reference][1]. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html # @return [String] # # @!attribute [rw] assertion # Used only when calling this API for the JWT Bearer grant type. This # value specifies the JSON Web Token (JWT) issued by a trusted token # issuer. To authorize a trusted token issuer, configure the JWT # Bearer GrantOptions for the application. # @return [String] # # @!attribute [rw] scope # The list of scopes for which authorization is requested. The access # token that is issued is limited to the scopes that are granted. If # the value is not specified, IAM Identity Center authorizes all # scopes configured for the application, including the following # default scopes: `openid`, `aws`, `sts:identity_context`. # @return [Array] # # @!attribute [rw] redirect_uri # Used only when calling this API for the Authorization Code grant # type. This value specifies the location of the client or application # that has registered to receive the authorization code. # @return [String] # # @!attribute [rw] subject_token # Used only when calling this API for the Token Exchange grant type. # This value specifies the subject of the exchange. The value of the # subject token must be an access token issued by IAM Identity Center # to a different client or application. The access token must have # authorized scopes that indicate the requested application as a # target audience. # @return [String] # # @!attribute [rw] subject_token_type # Used only when calling this API for the Token Exchange grant type. # This value specifies the type of token that is passed as the subject # of the exchange. The following value is supported: # # * Access Token - `urn:ietf:params:oauth:token-type:access_token` # @return [String] # # @!attribute [rw] requested_token_type # Used only when calling this API for the Token Exchange grant type. # This value specifies the type of token that the requester can # receive. The following values are supported: # # * Access Token - `urn:ietf:params:oauth:token-type:access_token` # # * Refresh Token - `urn:ietf:params:oauth:token-type:refresh_token` # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAMRequest AWS API Documentation # class CreateTokenWithIAMRequest < Struct.new( :client_id, :grant_type, :code, :refresh_token, :assertion, :scope, :redirect_uri, :subject_token, :subject_token_type, :requested_token_type) SENSITIVE = [:refresh_token, :assertion, :subject_token] include Aws::Structure end # @!attribute [rw] access_token # A bearer token to access AWS accounts and applications assigned to a # user. # @return [String] # # @!attribute [rw] token_type # Used to notify the requester that the returned token is an access # token. The supported token type is `Bearer`. # @return [String] # # @!attribute [rw] expires_in # Indicates the time in seconds when an access token will expire. # @return [Integer] # # @!attribute [rw] refresh_token # A token that, if present, can be used to refresh a previously issued # access token that might have expired. # # For more information about the features and limitations of the # current IAM Identity Center OIDC implementation, see *Considerations # for Using this Guide* in the [IAM Identity Center OIDC API # Reference][1]. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html # @return [String] # # @!attribute [rw] id_token # A JSON Web Token (JWT) that identifies the user associated with the # issued access token. # @return [String] # # @!attribute [rw] issued_token_type # Indicates the type of tokens that are issued by IAM Identity Center. # The following values are supported: # # * Access Token - `urn:ietf:params:oauth:token-type:access_token` # # * Refresh Token - `urn:ietf:params:oauth:token-type:refresh_token` # @return [String] # # @!attribute [rw] scope # The list of scopes for which authorization is granted. The access # token that is issued is limited to the scopes that are granted. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAMResponse AWS API Documentation # class CreateTokenWithIAMResponse < Struct.new( :access_token, :token_type, :expires_in, :refresh_token, :id_token, :issued_token_type, :scope) SENSITIVE = [:access_token, :refresh_token, :id_token] include Aws::Structure end # Indicates that the token issued by the service is expired and is no # longer valid. # # @!attribute [rw] error # Single error code. For this exception the value will be # `expired_token`. # @return [String] # # @!attribute [rw] error_description # Human-readable text providing additional information, used to assist # the client developer in understanding the error that occurred. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/ExpiredTokenException AWS API Documentation # class ExpiredTokenException < Struct.new( :error, :error_description) SENSITIVE = [] include Aws::Structure end # Indicates that an error from the service occurred while trying to # process a request. # # @!attribute [rw] error # Single error code. For this exception the value will be # `server_error`. # @return [String] # # @!attribute [rw] error_description # Human-readable text providing additional information, used to assist # the client developer in understanding the error that occurred. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InternalServerException AWS API Documentation # class InternalServerException < Struct.new( :error, :error_description) SENSITIVE = [] include Aws::Structure end # Indicates that the `clientId` or `clientSecret` in the request is # invalid. For example, this can occur when a client sends an incorrect # `clientId` or an expired `clientSecret`. # # @!attribute [rw] error # Single error code. For this exception the value will be # `invalid_client`. # @return [String] # # @!attribute [rw] error_description # Human-readable text providing additional information, used to assist # the client developer in understanding the error that occurred. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidClientException AWS API Documentation # class InvalidClientException < Struct.new( :error, :error_description) SENSITIVE = [] include Aws::Structure end # Indicates that the client information sent in the request during # registration is invalid. # # @!attribute [rw] error # Single error code. For this exception the value will be # `invalid_client_metadata`. # @return [String] # # @!attribute [rw] error_description # Human-readable text providing additional information, used to assist # the client developer in understanding the error that occurred. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidClientMetadataException AWS API Documentation # class InvalidClientMetadataException < Struct.new( :error, :error_description) SENSITIVE = [] include Aws::Structure end # Indicates that a request contains an invalid grant. This can occur if # a client makes a CreateToken request with an invalid grant type. # # @!attribute [rw] error # Single error code. For this exception the value will be # `invalid_grant`. # @return [String] # # @!attribute [rw] error_description # Human-readable text providing additional information, used to assist # the client developer in understanding the error that occurred. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidGrantException AWS API Documentation # class InvalidGrantException < Struct.new( :error, :error_description) SENSITIVE = [] include Aws::Structure end # Indicates that something is wrong with the input to the request. For # example, a required parameter might be missing or out of range. # # @!attribute [rw] error # Single error code. For this exception the value will be # `invalid_request`. # @return [String] # # @!attribute [rw] error_description # Human-readable text providing additional information, used to assist # the client developer in understanding the error that occurred. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidRequestException AWS API Documentation # class InvalidRequestException < Struct.new( :error, :error_description) SENSITIVE = [] include Aws::Structure end # Indicates that a token provided as input to the request was issued by # and is only usable by calling IAM Identity Center endpoints in another # region. # # @!attribute [rw] error # Single error code. For this exception the value will be # `invalid_request`. # @return [String] # # @!attribute [rw] error_description # Human-readable text providing additional information, used to assist # the client developer in understanding the error that occurred. # @return [String] # # @!attribute [rw] endpoint # Indicates the IAM Identity Center endpoint which the requester may # call with this token. # @return [String] # # @!attribute [rw] region # Indicates the region which the requester may call with this token. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidRequestRegionException AWS API Documentation # class InvalidRequestRegionException < Struct.new( :error, :error_description, :endpoint, :region) SENSITIVE = [] include Aws::Structure end # Indicates that the scope provided in the request is invalid. # # @!attribute [rw] error # Single error code. For this exception the value will be # `invalid_scope`. # @return [String] # # @!attribute [rw] error_description # Human-readable text providing additional information, used to assist # the client developer in understanding the error that occurred. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/InvalidScopeException AWS API Documentation # class InvalidScopeException < Struct.new( :error, :error_description) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] client_name # The friendly name of the client. # @return [String] # # @!attribute [rw] client_type # The type of client. The service supports only `public` as a client # type. Anything other than public will be rejected by the service. # @return [String] # # @!attribute [rw] scopes # The list of scopes that are defined by the client. Upon # authorization, this list is used to restrict permissions when # granting an access token. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClientRequest AWS API Documentation # class RegisterClientRequest < Struct.new( :client_name, :client_type, :scopes) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] client_id # The unique identifier string for each client. This client uses this # identifier to get authenticated by the service in subsequent calls. # @return [String] # # @!attribute [rw] client_secret # A secret string generated for the client. The client will use this # string to get authenticated by the service in subsequent calls. # @return [String] # # @!attribute [rw] client_id_issued_at # Indicates the time at which the `clientId` and `clientSecret` were # issued. # @return [Integer] # # @!attribute [rw] client_secret_expires_at # Indicates the time at which the `clientId` and `clientSecret` will # become invalid. # @return [Integer] # # @!attribute [rw] authorization_endpoint # An endpoint that the client can use to request authorization. # @return [String] # # @!attribute [rw] token_endpoint # An endpoint that the client can use to create tokens. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClientResponse AWS API Documentation # class RegisterClientResponse < Struct.new( :client_id, :client_secret, :client_id_issued_at, :client_secret_expires_at, :authorization_endpoint, :token_endpoint) SENSITIVE = [:client_secret] include Aws::Structure end # Indicates that the client is making the request too frequently and is # more than the service can handle. # # @!attribute [rw] error # Single error code. For this exception the value will be `slow_down`. # @return [String] # # @!attribute [rw] error_description # Human-readable text providing additional information, used to assist # the client developer in understanding the error that occurred. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/SlowDownException AWS API Documentation # class SlowDownException < Struct.new( :error, :error_description) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] client_id # The unique identifier string for the client that is registered with # IAM Identity Center. This value should come from the persisted # result of the RegisterClient API operation. # @return [String] # # @!attribute [rw] client_secret # A secret string that is generated for the client. This value should # come from the persisted result of the RegisterClient API operation. # @return [String] # # @!attribute [rw] start_url # The URL for the Amazon Web Services access portal. For more # information, see [Using the Amazon Web Services access portal][1] in # the *IAM Identity Center User Guide*. # # # # [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/StartDeviceAuthorizationRequest AWS API Documentation # class StartDeviceAuthorizationRequest < Struct.new( :client_id, :client_secret, :start_url) SENSITIVE = [:client_secret] include Aws::Structure end # @!attribute [rw] device_code # The short-lived code that is used by the device when polling for a # session token. # @return [String] # # @!attribute [rw] user_code # A one-time user verification code. This is needed to authorize an # in-use device. # @return [String] # # @!attribute [rw] verification_uri # The URI of the verification page that takes the `userCode` to # authorize the device. # @return [String] # # @!attribute [rw] verification_uri_complete # An alternate URL that the client can use to automatically launch a # browser. This process skips the manual step in which the user visits # the verification page and enters their code. # @return [String] # # @!attribute [rw] expires_in # Indicates the number of seconds in which the verification code will # become invalid. # @return [Integer] # # @!attribute [rw] interval # Indicates the number of seconds the client must wait between # attempts when polling for a session. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/StartDeviceAuthorizationResponse AWS API Documentation # class StartDeviceAuthorizationResponse < Struct.new( :device_code, :user_code, :verification_uri, :verification_uri_complete, :expires_in, :interval) SENSITIVE = [] include Aws::Structure end # Indicates that the client is not currently authorized to make the # request. This can happen when a `clientId` is not issued for a public # client. # # @!attribute [rw] error # Single error code. For this exception the value will be # `unauthorized_client`. # @return [String] # # @!attribute [rw] error_description # Human-readable text providing additional information, used to assist # the client developer in understanding the error that occurred. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/UnauthorizedClientException AWS API Documentation # class UnauthorizedClientException < Struct.new( :error, :error_description) SENSITIVE = [] include Aws::Structure end # Indicates that the grant type in the request is not supported by the # service. # # @!attribute [rw] error # Single error code. For this exception the value will be # `unsupported_grant_type`. # @return [String] # # @!attribute [rw] error_description # Human-readable text providing additional information, used to assist # the client developer in understanding the error that occurred. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/UnsupportedGrantTypeException AWS API Documentation # class UnsupportedGrantTypeException < Struct.new( :error, :error_description) SENSITIVE = [] include Aws::Structure end end end aws-sdk-core-3.191.2/lib/aws-sdk-ssooidc/endpoints.rb0000644000004100000410000000377114563437550022352 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SSOOIDC # @api private module Endpoints class CreateToken def self.build(context) unless context.config.regional_endpoint endpoint = context.config.endpoint.to_s end Aws::SSOOIDC::EndpointParameters.new( region: context.config.region, use_dual_stack: context.config.use_dualstack_endpoint, use_fips: context.config.use_fips_endpoint, endpoint: endpoint, ) end end class CreateTokenWithIAM def self.build(context) unless context.config.regional_endpoint endpoint = context.config.endpoint.to_s end Aws::SSOOIDC::EndpointParameters.new( region: context.config.region, use_dual_stack: context.config.use_dualstack_endpoint, use_fips: context.config.use_fips_endpoint, endpoint: endpoint, ) end end class RegisterClient def self.build(context) unless context.config.regional_endpoint endpoint = context.config.endpoint.to_s end Aws::SSOOIDC::EndpointParameters.new( region: context.config.region, use_dual_stack: context.config.use_dualstack_endpoint, use_fips: context.config.use_fips_endpoint, endpoint: endpoint, ) end end class StartDeviceAuthorization def self.build(context) unless context.config.regional_endpoint endpoint = context.config.endpoint.to_s end Aws::SSOOIDC::EndpointParameters.new( region: context.config.region, use_dual_stack: context.config.use_dualstack_endpoint, use_fips: context.config.use_fips_endpoint, endpoint: endpoint, ) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-ssooidc/endpoint_parameters.rb0000644000004100000410000000364014563437550024405 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SSOOIDC # Endpoint parameters used to influence endpoints per request. # # @!attribute region # The AWS region used to dispatch the request. # # @return [String] # # @!attribute use_dual_stack # When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error. # # @return [Boolean] # # @!attribute use_fips # When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error. # # @return [Boolean] # # @!attribute endpoint # Override the endpoint used to send this request # # @return [String] # EndpointParameters = Struct.new( :region, :use_dual_stack, :use_fips, :endpoint, ) do include Aws::Structure # @api private class << self PARAM_MAP = { 'Region' => :region, 'UseDualStack' => :use_dual_stack, 'UseFIPS' => :use_fips, 'Endpoint' => :endpoint, }.freeze end def initialize(options = {}) self[:region] = options[:region] self[:use_dual_stack] = options[:use_dual_stack] self[:use_dual_stack] = false if self[:use_dual_stack].nil? if self[:use_dual_stack].nil? raise ArgumentError, "Missing required EndpointParameter: :use_dual_stack" end self[:use_fips] = options[:use_fips] self[:use_fips] = false if self[:use_fips].nil? if self[:use_fips].nil? raise ArgumentError, "Missing required EndpointParameter: :use_fips" end self[:endpoint] = options[:endpoint] end end end aws-sdk-core-3.191.2/lib/seahorse.rb0000644000004100000410000000377614563437550017153 0ustar www-datawww-data# frozen_string_literal: true require_relative 'seahorse/util' # client require_relative 'seahorse/client/block_io' require_relative 'seahorse/client/configuration' require_relative 'seahorse/client/handler' require_relative 'seahorse/client/handler_builder' require_relative 'seahorse/client/handler_list' require_relative 'seahorse/client/handler_list_entry' require_relative 'seahorse/client/managed_file' require_relative 'seahorse/client/networking_error' require_relative 'seahorse/client/plugin' require_relative 'seahorse/client/plugin_list' require_relative 'seahorse/client/request' require_relative 'seahorse/client/request_context' require_relative 'seahorse/client/response' require_relative 'seahorse/client/async_response' # client http require_relative 'seahorse/client/http/headers' require_relative 'seahorse/client/http/request' require_relative 'seahorse/client/http/response' require_relative 'seahorse/client/http/async_response' # client logging require_relative 'seahorse/client/logging/handler' require_relative 'seahorse/client/logging/formatter' # net http handler require_relative 'seahorse/client/net_http/connection_pool' require_relative 'seahorse/client/net_http/handler' # http2 handler require_relative 'seahorse/client/h2/connection' require_relative 'seahorse/client/h2/handler' # plugins require_relative 'seahorse/client/plugins/content_length' require_relative 'seahorse/client/plugins/endpoint' require_relative 'seahorse/client/plugins/logging' require_relative 'seahorse/client/plugins/net_http' require_relative 'seahorse/client/plugins/h2' require_relative 'seahorse/client/plugins/raise_response_errors' require_relative 'seahorse/client/plugins/response_target' require_relative 'seahorse/client/plugins/request_callback' # model require_relative 'seahorse/model/api' require_relative 'seahorse/model/operation' require_relative 'seahorse/model/authorizer' require_relative 'seahorse/model/shapes' require_relative 'seahorse/client/base' require_relative 'seahorse/client/async_base' aws-sdk-core-3.191.2/lib/aws-sdk-ssooidc.rb0000644000004100000410000000305714563437550020344 0ustar www-datawww-data# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE unless Module.const_defined?(:Aws) require 'aws-sdk-core' require 'aws-sigv4' end require_relative 'aws-sdk-ssooidc/types' require_relative 'aws-sdk-ssooidc/client_api' require_relative 'aws-sdk-ssooidc/plugins/endpoints.rb' require_relative 'aws-sdk-ssooidc/client' require_relative 'aws-sdk-ssooidc/errors' require_relative 'aws-sdk-ssooidc/resource' require_relative 'aws-sdk-ssooidc/endpoint_parameters' require_relative 'aws-sdk-ssooidc/endpoint_provider' require_relative 'aws-sdk-ssooidc/endpoints' require_relative 'aws-sdk-ssooidc/customizations' # This module provides support for AWS SSO OIDC. This module is available in the # `aws-sdk-core` gem. # # # Client # # The {Client} class provides one method for each API operation. Operation # methods each accept a hash of request parameters and return a response # structure. # # ssooidc = Aws::SSOOIDC::Client.new # resp = ssooidc.create_token(params) # # See {Client} for more information. # # # Errors # # Errors returned from AWS SSO OIDC are defined in the # {Errors} module and all extend {Errors::ServiceError}. # # begin # # do stuff # rescue Aws::SSOOIDC::Errors::ServiceError # # rescues all AWS SSO OIDC API errors # end # # See {Errors} for more information. # # @!group service module Aws::SSOOIDC GEM_VERSION = '3.191.2' end aws-sdk-core-3.191.2/lib/seahorse/0000755000004100000410000000000014563437550016611 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/seahorse/client/0000755000004100000410000000000014563437550020067 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/seahorse/client/handler.rb0000644000004100000410000000123214563437550022027 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client class Handler # @param [Handler] handler (nil) The next handler in the stack that # should be called from within the {#call} method. This value # must only be nil for send handlers. def initialize(handler = nil) @handler = handler end # @return [Handler, nil] attr_accessor :handler # @param [RequestContext] context # @return [Response] def call(context) @handler.call(context) end def inspect "#<#{self.class.name||'UnnamedHandler'} @handler=#{@handler.inspect}>" end end end end aws-sdk-core-3.191.2/lib/seahorse/client/async_response.rb0000644000004100000410000000276714563437550023463 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client class AsyncResponse def initialize(options = {}) @response = Response.new(context: options[:context]) @stream = options[:stream] @stream_mutex = options[:stream_mutex] @close_condition = options[:close_condition] @sync_queue = options[:sync_queue] end def context @response.context end def error @response.error end def on(range, &block) @response.on(range, &block) self end def on_complete(&block) @response.on_complete(&block) self end def wait if error && context.config.raise_response_errors raise error elsif @stream # have a sync signal that #signal can be blocked on # else, if #signal is called before #wait # will be waiting for a signal never arrives @sync_queue << "sync_signal" # now #signal is unlocked for # signaling close condition when ready @stream_mutex.synchronize { @close_condition.wait(@stream_mutex) } @response end end def join! if error && context.config.raise_response_errors raise error elsif @stream # close callback is waiting # for the "sync_signal" @sync_queue << "sync_signal" @stream.close @response end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/request.rb0000644000004100000410000000447514563437550022116 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client class Request include HandlerBuilder # @param [HandlerList] handlers # @param [RequestContext] context def initialize(handlers, context) @handlers = handlers @context = context end # @return [HandlerList] attr_reader :handlers # @return [RequestContext] attr_reader :context # Sends the request, returning a {Response} object. # # response = request.send_request # # # Streaming Responses # # By default, HTTP responses are buffered into memory. This can be # bad if you are downloading large responses, e.g. large files. # You can avoid this by streaming the response to a block or some other # target. # # ## Streaming to a File # # You can stream the raw HTTP response body to a File, or any IO-like # object, by passing the `:target` option. # # # create a new file at the given path # request.send_request(target: '/path/to/target/file') # # # or provide an IO object to write to # File.open('photo.jpg', 'wb') do |file| # request.send_request(target: file) # end # # **Please Note**: The target IO object may receive `#truncate(0)` # if the request generates a networking error and bytes have already # been written to the target. # # ## Block Streaming # # Pass a block to `#send_request` and the response will be yielded in # chunks to the given block. # # # stream the response data # request.send_request do |chunk| # file.write(chunk) # end # # **Please Note**: When streaming to a block, it is not possible to # retry failed requests. # # @option options [String, IO] :target When specified, the HTTP response # body is written to target. This is helpful when you are sending # a request that may return a large payload that you don't want to # load into memory. # # @return [Response] # def send_request(options = {}, &block) @context[:response_target] = options[:target] || block @handlers.to_stack.call(@context) end end end end aws-sdk-core-3.191.2/lib/seahorse/client/h2/0000755000004100000410000000000014563437550020400 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/seahorse/client/h2/handler.rb0000644000004100000410000001106014563437550022340 0ustar www-datawww-data# frozen_string_literal: true begin require 'http/2' rescue LoadError; end require 'securerandom' module Seahorse module Client # @api private module H2 NETWORK_ERRORS = [ SocketError, EOFError, IOError, Timeout::Error, Errno::ECONNABORTED, Errno::ECONNRESET, Errno::EPIPE, Errno::EINVAL, Errno::ETIMEDOUT, OpenSSL::SSL::SSLError, Errno::EHOSTUNREACH, Errno::ECONNREFUSED,# OpenSSL::SSL::SSLErrorWaitReadable ] # @api private DNS_ERROR_MESSAGES = [ 'getaddrinfo: nodename nor servname provided, or not known', # MacOS 'getaddrinfo: Name or service not known' # GNU ] class Handler < Client::Handler def call(context) stream = nil begin conn = context.client.connection stream = conn.new_stream stream_mutex = Mutex.new close_condition = ConditionVariable.new sync_queue = Queue.new conn.connect(context.http_request.endpoint) _register_callbacks( context.http_response, stream, stream_mutex, close_condition, sync_queue ) conn.debug_output("sending initial request ...") if input_emitter = context[:input_event_emitter] _send_initial_headers(context.http_request, stream) # prepare for sending events later input_emitter.stream = stream # request sigv4 serves as the initial #prior_signature input_emitter.encoder.prior_signature = context.http_request.headers['authorization'].split('Signature=').last input_emitter.validate_event = context.config.validate_params else _send_initial_headers(context.http_request, stream) _send_initial_data(context.http_request, stream) end conn.start(stream) rescue *NETWORK_ERRORS => error error = NetworkingError.new( error, error_message(context.http_request, error)) context.http_response.signal_error(error) rescue => error conn.debug_output(error.inspect) # not retryable context.http_response.signal_error(error) end AsyncResponse.new( context: context, stream: stream, stream_mutex: stream_mutex, close_condition: close_condition, sync_queue: sync_queue ) end private def _register_callbacks(resp, stream, stream_mutex, close_condition, sync_queue) stream.on(:headers) do |headers| resp.signal_headers(headers) end stream.on(:data) do |data| resp.signal_data(data) end stream.on(:close) do resp.signal_done # block until #wait is ready for signal # else deadlock may happen because #signal happened # eariler than #wait (see AsyncResponse#wait) sync_queue.pop stream_mutex.synchronize { close_condition.signal } end end def _send_initial_headers(req, stream) begin headers = _h2_headers(req) stream.headers(headers, end_stream: false) rescue => e raise Http2InitialRequestError.new(e) end end def _send_initial_data(req, stream) begin data = req.body.read stream.data(data, end_stream: true) rescue => e raise Http2InitialRequestError.new(e) end data end # H2 pseudo headers # https://http2.github.io/http2-spec/#rfc.section.8.1.2.3 def _h2_headers(req) headers = {} headers[':method'] = req.http_method.upcase headers[':scheme'] = req.endpoint.scheme headers[':path'] = req.endpoint.path.empty? ? '/' : req.endpoint.path if req.endpoint.query && !req.endpoint.query.empty? headers[':path'] += "?#{req.endpoint.query}" end req.headers.each {|k, v| headers[k.downcase] = v } headers end def error_message(req, error) if error.is_a?(SocketError) && DNS_ERROR_MESSAGES.include?(error.message) host = req.endpoint.host "unable to connect to `#{host}`; SocketError: #{error.message}" else error.message end end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/h2/connection.rb0000644000004100000410000001662714563437550023100 0ustar www-datawww-data# frozen_string_literal: true begin require 'http/2' rescue LoadError; end require 'openssl' require 'socket' module Seahorse module Client # @api private module H2 # H2 Connection build on top of `http/2` gem # (requires Ruby >= 2.1) # with TLS layer plus ALPN, requires: # Ruby >= 2.3 and OpenSSL >= 1.0.2 class Connection OPTIONS = { max_concurrent_streams: 100, connection_timeout: 60, connection_read_timeout: 60, http_wire_trace: false, logger: nil, ssl_verify_peer: true, ssl_ca_bundle: nil, ssl_ca_directory: nil, ssl_ca_store: nil, enable_alpn: false } # chunk read size at socket CHUNKSIZE = 1024 SOCKET_FAMILY = ::Socket::AF_INET def initialize(options = {}) OPTIONS.each_pair do |opt_name, default_value| value = options[opt_name].nil? ? default_value : options[opt_name] instance_variable_set("@#{opt_name}", value) end @h2_client = HTTP2::Client.new( settings_max_concurrent_streams: max_concurrent_streams ) @logger = if @http_wire_trace options[:logger] || Logger.new($stdout) end @chunk_size = options[:read_chunk_size] || CHUNKSIZE @errors = [] @status = :ready @mutex = Mutex.new # connection can be shared across requests @socket = nil @socket_thread = nil end OPTIONS.keys.each do |attr_name| attr_reader(attr_name) end alias ssl_verify_peer? ssl_verify_peer attr_reader :errors attr_accessor :input_signal_thread def new_stream begin @h2_client.new_stream rescue => error raise Http2StreamInitializeError.new(error) end end def connect(endpoint) @mutex.synchronize { if @status == :ready tcp, addr = _tcp_socket(endpoint) debug_output("opening connection to #{endpoint.host}:#{endpoint.port} ...") _nonblocking_connect(tcp, addr) debug_output('opened') if endpoint.scheme == 'https' @socket = OpenSSL::SSL::SSLSocket.new(tcp, _tls_context) @socket.sync_close = true @socket.hostname = endpoint.host debug_output("starting TLS for #{endpoint.host}:#{endpoint.port} ...") @socket.connect debug_output('TLS established') else @socket = tcp end _register_h2_callbacks @status = :active elsif @status == :closed msg = 'Async Client HTTP2 Connection is closed, you may'\ ' use #new_connection to create a new HTTP2 Connection for this client' raise Http2ConnectionClosedError.new(msg) end } end def start(stream) @mutex.synchronize { return if @socket_thread @socket_thread = Thread.new do while @socket && !@socket.closed? begin data = @socket.read_nonblock(@chunk_size) @h2_client << data rescue IO::WaitReadable begin unless IO.select([@socket], nil, nil, connection_read_timeout) self.debug_output('socket connection read time out') self.close! else # available, retry to start reading retry end rescue # error can happen when closing the socket # while it's waiting for read self.close! end rescue EOFError self.close! rescue => error self.debug_output(error.inspect) @errors << error self.close! end end @socket_thread = nil end @socket_thread.abort_on_exception = true } end def close! @mutex.synchronize { self.debug_output('closing connection ...') if @socket @socket.close @socket = nil end @status = :closed } end def closed? @status == :closed end def debug_output(msg, type = nil) prefix = case type when :send then '-> ' when :receive then '<- ' else '' end return unless @logger _debug_entry(prefix + msg) end private def _debug_entry(str) @logger << str @logger << "\n" end def _register_h2_callbacks @h2_client.on(:frame) do |bytes| if @socket.nil? msg = 'Connection is closed due to errors, '\ 'you can find errors at async_client.connection.errors' raise Http2ConnectionClosedError.new(msg) else @socket.print(bytes) @socket.flush end end if @http_wire_trace @h2_client.on(:frame_sent) do |frame| debug_output("frame: #{frame.inspect}", :send) end @h2_client.on(:frame_received) do |frame| debug_output("frame: #{frame.inspect}", :receive) end end end def _tcp_socket(endpoint) tcp = ::Socket.new(SOCKET_FAMILY, ::Socket::SOCK_STREAM, 0) tcp.setsockopt(::Socket::IPPROTO_TCP, ::Socket::TCP_NODELAY, 1) address = ::Socket.getaddrinfo(endpoint.host, nil, SOCKET_FAMILY).first[3] sockaddr = ::Socket.sockaddr_in(endpoint.port, address) [tcp, sockaddr] end def _nonblocking_connect(tcp, addr) begin tcp.connect_nonblock(addr) rescue IO::WaitWritable unless IO.select(nil, [tcp], nil, connection_timeout) tcp.close raise end begin tcp.connect_nonblock(addr) rescue Errno::EISCONN # tcp socket connected, continue end end end def _tls_context ssl_ctx = OpenSSL::SSL::SSLContext.new(:TLSv1_2) if ssl_verify_peer? ssl_ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER ssl_ctx.ca_file = ssl_ca_bundle ? ssl_ca_bundle : _default_ca_bundle ssl_ctx.ca_path = ssl_ca_directory ? ssl_ca_directory : _default_ca_directory ssl_ctx.cert_store = ssl_ca_store if ssl_ca_store else ssl_ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE end if enable_alpn debug_output('enabling ALPN for TLS ...') ssl_ctx.alpn_protocols = ['h2'] end ssl_ctx end def _default_ca_bundle File.exist?(OpenSSL::X509::DEFAULT_CERT_FILE) ? OpenSSL::X509::DEFAULT_CERT_FILE : nil end def _default_ca_directory Dir.exist?(OpenSSL::X509::DEFAULT_CERT_DIR) ? OpenSSL::X509::DEFAULT_CERT_DIR : nil end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/configuration.rb0000644000004100000410000001506514563437550023272 0ustar www-datawww-data# frozen_string_literal: true require 'set' module Seahorse module Client # Configuration is used to define possible configuration options and # then build read-only structures with user-supplied data. # # ## Adding Configuration Options # # Add configuration options with optional default values. These are used # when building configuration objects. # # configuration = Configuration.new # # configuration.add_option(:max_retries, 3) # configuration.add_option(:use_ssl, true) # # cfg = configuration.build! # #=> # # # ## Building Configuration Objects # # Calling {#build!} on a {Configuration} object causes it to return # a read-only (frozen) struct. Options passed to {#build!} are merged # on top of any default options. # # configuration = Configuration.new # configuration.add_option(:color, 'red') # # # default # cfg1 = configuration.build! # cfg1.color #=> 'red' # # # supplied color # cfg2 = configuration.build!(color: 'blue') # cfg2.color #=> 'blue' # # ## Accepted Options # # If you try to {#build!} a {Configuration} object with an unknown # option, an `ArgumentError` is raised. # # configuration = Configuration.new # configuration.add_option(:color) # configuration.add_option(:size) # configuration.add_option(:category) # # configuration.build!(price: 100) # #=> raises an ArgumentError, :price was not added as an option # class Configuration # @api private Defaults = Class.new(Array) do def each(&block) reverse.to_a.each(&block) end end # @api private class DynamicDefault attr_accessor :block def initialize(block = nil) @block = block end def call(*args) @block.call(*args) end end # @api private def initialize @defaults = Hash.new { |h,k| h[k] = Defaults.new } end # Adds a getter method that returns the named option or a default # value. Default values can be passed as a static positional argument # or via a block. # # # defaults to nil # configuration.add_option(:name) # # # with a string default # configuration.add_option(:name, 'John Doe') # # # with a dynamic default value, evaluated once when calling #build! # configuration.add_option(:name, 'John Doe') # configuration.add_option(:username) do |config| # config.name.gsub(/\W+/, '').downcase # end # cfg = configuration.build! # cfg.name #=> 'John Doe' # cfg.username #=> 'johndoe' # # @param [Symbol] name The name of the configuration option. This will # be used to define a getter by the same name. # # @param default The default value for this option. You can specify # a default by passing a value, a `Proc` object or a block argument. # Procs and blocks are evaluated when {#build!} is called. # # @return [self] def add_option(name, default = nil, &block) default = DynamicDefault.new(block) if block_given? @defaults[name.to_sym] << default self end # Constructs and returns a configuration structure. # Values not present in `options` will default to those supplied via # add option. # # configuration = Configuration.new # configuration.add_option(:enabled, true) # # cfg1 = configuration.build! # cfg1.enabled #=> true # # cfg2 = configuration.build!(enabled: false) # cfg2.enabled #=> false # # If you pass in options to `#build!` that have not been defined, # then an `ArgumentError` will be raised. # # configuration = Configuration.new # configuration.add_option(:enabled, true) # # # oops, spelling error for :enabled # cfg = configuration.build!(enabld: true) # #=> raises ArgumentError # # The object returned is a frozen `Struct`. # # configuration = Configuration.new # configuration.add_option(:enabled, true) # # cfg = configuration.build! # cfg.enabled #=> true # cfg[:enabled] #=> true # cfg['enabled'] #=> true # # @param [Hash] options ({}) A hash of configuration options. # @return [Struct] Returns a frozen configuration `Struct`. def build!(options = {}) struct = empty_struct apply_options(struct, options) apply_defaults(struct, options) struct end private def empty_struct Struct.new(*@defaults.keys.sort).new end def apply_options(struct, options) options.each do |opt, value| begin struct[opt] = value rescue NameError msg = "invalid configuration option `#{opt.inspect}'" raise ArgumentError, msg end end end def apply_defaults(struct, options) @defaults.each do |opt_name, defaults| unless options.key?(opt_name) struct[opt_name] = defaults end end DefaultResolver.new(struct).resolve end # @api private class DefaultResolver def initialize(struct) @struct = struct @members = Set.new(@struct.members) end def resolve @members.each { |opt_name| value_at(opt_name) } end def respond_to?(method_name, *args) @members.include?(method_name) or super end def override_config(k, v) @struct[k] = v end private def value_at(opt_name) value = @struct[opt_name] if value.is_a?(Defaults) resolve_defaults(opt_name, value) else value end end def resolve_defaults(opt_name, defaults) defaults.each do |default| default = default.call(self) if default.is_a?(DynamicDefault) @struct[opt_name] = default break if !default.nil? end @struct[opt_name] end def method_missing(method_name, *args) if @members.include?(method_name) value_at(method_name) else super end end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/async_base.rb0000644000004100000410000000225714563437550022531 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client class AsyncBase < Seahorse::Client::Base # default H2 plugins @plugins = PluginList.new([ Plugins::Endpoint, Plugins::H2, Plugins::ResponseTarget ]) def initialize(plugins, options) super @connection = H2::Connection.new(options) @options = options end # @return [H2::Connection] attr_reader :connection # @return [Array] Returns a list of valid async request # operation names. def operation_names self.class.api.async_operation_names end # Closes the underlying HTTP2 Connection for the client # @return [Symbol] Returns the status of the connection (:closed) def close_connection @connection.close! end # Creates a new HTTP2 Connection for the client # @return [Seahorse::Client::H2::Connection] def new_connection if @connection.closed? @connection = H2::Connection.new(@options) else @connection end end def connection_errors @connection.errors end end end end aws-sdk-core-3.191.2/lib/seahorse/client/logging/0000755000004100000410000000000014563437550021515 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/seahorse/client/logging/handler.rb0000644000004100000410000000171614563437550023464 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client # @deprecated Use Aws::Logging instead. # @api private module Logging class Handler < Client::Handler # @param [RequestContext] context # @return [Response] def call(context) context[:logging_started_at] = Time.now @handler.call(context).tap do |response| context[:logging_completed_at] = Time.now log(context.config, response) end end private # @param [Configuration] config # @param [Response] response # @return [void] def log(config, response) config.logger.send(config.log_level, format(config, response)) end # @param [Configuration] config # @param [Response] response # @return [String] def format(config, response) config.log_formatter.format(response) end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/logging/formatter.rb0000644000004100000410000002316614563437550024055 0ustar www-datawww-data# frozen_string_literal: true require 'pathname' module Seahorse module Client # @deprecated Use Aws::Logging instead. # @api private module Logging # A log formatter receives a {Response} object and return # a log message as a string. When you construct a {Formatter}, you provide # a pattern string with substitutions. # # pattern = ':operation :http_response_status_code :time' # formatter = Seahorse::Client::Logging::Formatter.new(pattern) # formatter.format(response) # #=> 'get_bucket 200 0.0352' # # # Canned Formatters # # Instead of providing your own pattern, you can choose a canned log # formatter. # # * {Formatter.default} # * {Formatter.colored} # * {Formatter.short} # # # Pattern Substitutions # # You can put any of these placeholders into you pattern. # # * `:client_class` - The name of the client class. # # * `:operation` - The name of the client request method. # # * `:request_params` - The user provided request parameters. Long # strings are truncated/summarized if they exceed the # {#max_string_size}. Other objects are inspected. # # * `:time` - The total time in seconds spent on the # request. This includes client side time spent building # the request and parsing the response. # # * `:retries` - The number of times a client request was retried. # # * `:http_request_method` - The http request verb, e.g., `POST`, # `PUT`, `GET`, etc. # # * `:http_request_endpoint` - The request endpoint. This includes # the scheme, host and port, but not the path. # # * `:http_request_scheme` - This is replaced by `http` or `https`. # # * `:http_request_host` - The host name of the http request # endpoint (e.g. 's3.amazon.com'). # # * `:http_request_port` - The port number (e.g. '443' or '80'). # # * `:http_request_headers` - The http request headers, inspected. # # * `:http_request_body` - The http request payload. # # * `:http_response_status_code` - The http response status # code, e.g., `200`, `404`, `500`, etc. # # * `:http_response_headers` - The http response headers, inspected. # # * `:http_response_body` - The http response body contents. # # * `:error_class` # # * `:error_message` # class Formatter # @param [String] pattern The log format pattern should be a string # and may contain substitutions. # # @option options [Integer] :max_string_size (1000) When summarizing # request parameters, strings longer than this value will be # truncated. # def initialize(pattern, options = {}) @pattern = pattern @max_string_size = options[:max_string_size] || 1000 end # @return [String] attr_reader :pattern # @return [Integer] attr_reader :max_string_size # Given a {Response}, this will format a log message and return it # as a string. # @param [Response] response # @return [String] def format(response) pattern.gsub(/:(\w+)/) {|sym| send("_#{sym[1..-1]}", response) } end # @api private def eql?(other) other.is_a?(self.class) and other.pattern == self.pattern end alias :== :eql? private def method_missing(method_name, *args) if method_name.to_s.chars.first == '_' ":#{method_name.to_s[1..-1]}" else super end end def _client_class(response) response.context.client.class.name end def _operation(response) response.context.operation_name end def _request_params(response) summarize_hash(response.context.params) end def _time(response) duration = response.context[:logging_completed_at] - response.context[:logging_started_at] ("%.06f" % duration).sub(/0+$/, '') end def _retries(response) response.context.retries end def _http_request_endpoint(response) response.context.http_request.endpoint.to_s end def _http_request_scheme(response) response.context.http_request.endpoint.scheme end def _http_request_host(response) response.context.http_request.endpoint.host end def _http_request_port(response) response.context.http_request.endpoint.port.to_s end def _http_request_method(response) response.context.http_request.http_method end def _http_request_headers(response) response.context.http_request.headers.inspect end def _http_request_body(response) summarize_value(response.context.http_request.body_contents) end def _http_response_status_code(response) response.context.http_response.status_code.to_s end def _http_response_headers(response) response.context.http_response.headers.inspect end def _http_response_body(response) if response.context.http_response.body.respond_to?(:rewind) summarize_value(response.context.http_response.body_contents) else '' end end def _error_class(response) response.error ? response.error.class.name : '' end def _error_message(response) response.error ? response.error.message : '' end # @param [Hash] hash # @return [String] def summarize_hash(hash) hash.keys.first.is_a?(String) ? summarize_string_hash(hash) : summarize_symbol_hash(hash) end def summarize_symbol_hash(hash) hash.map do |key,v| "#{key}:#{summarize_value(v)}" end.join(",") end def summarize_string_hash(hash) hash.map do |key,v| "#{key.inspect}=>#{summarize_value(v)}" end.join(",") end # @param [Object] value # @return [String] def summarize_value value case value when String then summarize_string(value) when Hash then '{' + summarize_hash(value) + '}' when Array then summarize_array(value) when File then summarize_file(value.path) when Pathname then summarize_file(value) else value.inspect end end # @param [String] str # @return [String] def summarize_string str max = max_string_size if str.size > max "#" else str.inspect end end # Given the path to a file on disk, this method returns a summarized # inspecton string that includes the file size. # @param [String] path # @return [String] def summarize_file path "#" end # @param [Array] array # @return [String] def summarize_array array "[" + array.map{|v| summarize_value(v) }.join(",") + "]" end class << self # The default log format. # # @example A sample of the default format. # # [ClientClass 200 0.580066 0 retries] list_objects(:bucket_name => 'bucket') # # @return [Formatter] # def default pattern = [] pattern << "[:client_class" pattern << ":http_response_status_code" pattern << ":time" pattern << ":retries retries]" pattern << ":operation(:request_params)" pattern << ":error_class" pattern << ":error_message" Formatter.new(pattern.join(' ') + "\n") end # The short log format. Similar to default, but it does not # inspect the request params or report on retries. # # @example A sample of the short format # # [ClientClass 200 0.494532] list_buckets # # @return [Formatter] # def short pattern = [] pattern << "[:client_class" pattern << ":http_response_status_code" pattern << ":time]" pattern << ":operation" pattern << ":error_class" Formatter.new(pattern.join(' ') + "\n") end # The default log format with ANSI colors. # # @example A sample of the colored format (sans the ansi colors). # # [ClientClass 200 0.580066 0 retries] list_objects(:bucket_name => 'bucket') # # @return [Formatter] # def colored bold = "\x1b[1m" color = "\x1b[34m" reset = "\x1b[0m" pattern = [] pattern << "#{bold}#{color}[:client_class" pattern << ":http_response_status_code" pattern << ":time" pattern << ":retries retries]#{reset}#{bold}" pattern << ":operation(:request_params)" pattern << ":error_class" pattern << ":error_message#{reset}" Formatter.new(pattern.join(' ') + "\n") end end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/request_context.rb0000644000004100000410000000436514563437550023660 0ustar www-datawww-data# frozen_string_literal: true require 'stringio' module Seahorse module Client class RequestContext # @option options [required,Symbol] :operation_name (nil) # @option options [required,Model::Operation] :operation (nil) # @option options [Model::Authorizer] :authorizer (nil) # @option options [Hash] :params ({}) # @option options [Configuration] :config (nil) # @option options [Http::Request] :http_request (Http::Request.new) # @option options [Http::Response] :http_response (Http::Response.new) # and #rewind. def initialize(options = {}) @operation_name = options[:operation_name] @operation = options[:operation] @authorizer = options[:authorizer] @client = options[:client] @params = options[:params] || {} @config = options[:config] @http_request = options[:http_request] || Http::Request.new @http_response = options[:http_response] || Http::Response.new @retries = 0 @metadata = {} end # @return [Symbol] Name of the API operation called. attr_accessor :operation_name # @return [Model::Operation] attr_accessor :operation # @return [Model::Authorizer] APIG SDKs only attr_accessor :authorizer # @return [Seahorse::Client::Base] attr_accessor :client # @return [Hash] The hash of request parameters. attr_accessor :params # @return [Configuration] The client configuration. attr_accessor :config # @return [Http::Request] attr_accessor :http_request # @return [Http::Response] attr_accessor :http_response # @return [Integer] attr_accessor :retries # @return [Hash] attr_reader :metadata # Returns the metadata for the given `key`. # @param [Symbol] key # @return [Object] def [](key) @metadata[key] end # Sets the request context metadata for the given `key`. Request metadata # useful for handlers that need to keep state on the request, without # sending that data with the request over HTTP. # @param [Symbol] key # @param [Object] value def []=(key, value) @metadata[key] = value end end end end aws-sdk-core-3.191.2/lib/seahorse/client/base.rb0000644000004100000410000001447614563437550021342 0ustar www-datawww-data# frozen_string_literal: true require 'thread' module Seahorse module Client class Base include HandlerBuilder # default plugins @plugins = PluginList.new([ Plugins::Endpoint, Plugins::NetHttp, Plugins::RaiseResponseErrors, Plugins::ResponseTarget, Plugins::RequestCallback ]) # @api private def initialize(plugins, options) @config = build_config(plugins, options) @handlers = build_handler_list(plugins) after_initialize(plugins) end # @return [Configuration] attr_reader :config # @return [HandlerList] attr_reader :handlers # Builds and returns a {Request} for the named operation. The request # will not have been sent. # @param [Symbol, String] operation_name # @return [Request] def build_request(operation_name, params = {}) Request.new( @handlers.for(operation_name), context_for(operation_name, params)) end # @api private def inspect "#<#{self.class.name}>" end # @return [Array] Returns a list of valid request operation # names. These are valid arguments to {#build_request} and are also # valid methods. def operation_names self.class.api.operation_names - self.class.api.async_operation_names end private # Constructs a {Configuration} object and gives each plugin the # opportunity to register options with default values. def build_config(plugins, options) config = Configuration.new config.add_option(:api) plugins.each do |plugin| plugin.add_options(config) if plugin.respond_to?(:add_options) end config.build!(options.merge(api: self.class.api)) end # Gives each plugin the opportunity to register handlers for this client. def build_handler_list(plugins) plugins.inject(HandlerList.new) do |handlers, plugin| if plugin.respond_to?(:add_handlers) plugin.add_handlers(handlers, @config) end handlers end end # Gives each plugin the opportunity to modify this client. def after_initialize(plugins) plugins.reverse.each do |plugin| plugin.after_initialize(self) if plugin.respond_to?(:after_initialize) end end # @return [RequestContext] def context_for(operation_name, params) RequestContext.new( operation_name: operation_name, operation: config.api.operation(operation_name), client: self, params: params, config: config) end class << self def new(options = {}) plugins = build_plugins options = options.dup before_initialize(plugins, options) client = allocate client.send(:initialize, plugins, options) client end # Registers a plugin with this client. # # @example Register a plugin # # ClientClass.add_plugin(PluginClass) # # @example Register a plugin by name # # ClientClass.add_plugin('gem-name.PluginClass') # # @example Register a plugin with an object # # plugin = MyPluginClass.new(options) # ClientClass.add_plugin(plugin) # # @param [Class, Symbol, String, Object] plugin # @see .clear_plugins # @see .set_plugins # @see .remove_plugin # @see .plugins # @return [void] def add_plugin(plugin) @plugins.add(plugin) end # @see .clear_plugins # @see .set_plugins # @see .add_plugin # @see .plugins # @return [void] def remove_plugin(plugin) @plugins.remove(plugin) end # @see .set_plugins # @see .add_plugin # @see .remove_plugin # @see .plugins # @return [void] def clear_plugins @plugins.set([]) end # @param [Array] plugins # @see .clear_plugins # @see .add_plugin # @see .remove_plugin # @see .plugins # @return [void] def set_plugins(plugins) @plugins.set(plugins) end # Returns the list of registered plugins for this Client. Plugins are # inherited from the client super class when the client is defined. # @see .clear_plugins # @see .set_plugins # @see .add_plugin # @see .remove_plugin # @return [Array] def plugins Array(@plugins).freeze end # @return [Model::Api] def api @api ||= Model::Api.new end # @param [Model::Api] api # @return [Model::Api] def set_api(api) @api = api define_operation_methods @api end # @option options [Model::Api, Hash] :api ({}) # @option options [Array] :plugins ([]) A list of plugins to # add to the client class created. # @return [Class] def define(options = {}) subclass = Class.new(self) subclass.set_api(options[:api] || api) Array(options[:plugins]).each do |plugin| subclass.add_plugin(plugin) end subclass end alias extend define private def define_operation_methods operations_module = Module.new @api.operation_names.each do |method_name| operations_module.send(:define_method, method_name) do |*args, &block| params = args[0] || {} options = args[1] || {} build_request(method_name, params).send_request(options, &block) end end include(operations_module) end def build_plugins plugins.map { |plugin| plugin.is_a?(Class) ? plugin.new : plugin } end def before_initialize(plugins, options) plugins.each do |plugin| plugin.before_initialize(self, options) if plugin.respond_to?(:before_initialize) end end def inherited(subclass) subclass.instance_variable_set('@plugins', PluginList.new(@plugins)) end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/plugins/0000755000004100000410000000000014563437550021550 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/seahorse/client/plugins/request_callback.rb0000644000004100000410000001075614563437550025412 0ustar www-datawww-data# frozen_string_literal: true require 'pathname' require 'forwardable' module Seahorse module Client module Plugins # @api private class ReadCallbackIO extend Forwardable def_delegators :@io, :size def initialize(io, on_read = nil) @io = io @on_read = on_read if on_read.is_a? Proc @bytes_read = 0 # Some IO objects support readpartial - IO.copy_stream used by the # request will call readpartial if available, so define a wrapper # for it if the underlying IO supports it. if @io.respond_to?(:readpartial) def self.readpartial(*args) @io.readpartial(*args).tap do |chunk| handle_chunk(chunk) end end end end attr_reader :io def read(*args) @io.read(*args).tap do |chunk| handle_chunk(chunk) end end private def handle_chunk(chunk) @bytes_read += chunk.bytesize if chunk && chunk.respond_to?(:bytesize) total_size = @io.respond_to?(:size) ? @io.size : nil @on_read.call(chunk, @bytes_read, total_size) if @on_read end end # @api private class RequestCallback < Plugin option( :on_chunk_sent, default: nil, doc_type: 'Proc', docstring: <<-DOCS) When a Proc object is provided, it will be used as callback when each chunk of the request body is sent. It provides three arguments: the chunk, the number of bytes read from the body, and the total number of bytes in the body. DOCS option(:on_chunk_received, default: nil, doc_type: 'Proc', docstring: <<-DOCS) When a Proc object is provided, it will be used as callback when each chunk of the response body is received. It provides three arguments: the chunk, the number of bytes received, and the total number of bytes in the response (or nil if the server did not send a `content-length`). DOCS # @api private class OptionHandler < Client::Handler def call(context) if context.params.is_a?(Hash) && context.params[:on_chunk_sent] on_chunk_sent = context.params.delete(:on_chunk_sent) end on_chunk_sent = context.config.on_chunk_sent if on_chunk_sent.nil? context[:on_chunk_sent] = on_chunk_sent if on_chunk_sent if context.params.is_a?(Hash) && context.params[:on_chunk_received] on_chunk_received = context.params.delete(:on_chunk_received) end on_chunk_received = context.config.on_chunk_received if on_chunk_received.nil? add_response_events(on_chunk_received, context) if on_chunk_received @handler.call(context) end def add_response_events(on_chunk_received, context) shared_data = {bytes_received: 0} context.http_response.on_headers do |_status, headers| shared_data[:content_length] = headers['content-length']&.to_i end context.http_response.on_data do |chunk| shared_data[:bytes_received] += chunk.bytesize if chunk && chunk.respond_to?(:bytesize) on_chunk_received.call(chunk, shared_data[:bytes_received], shared_data[:content_length]) end end end # @api private class ReadCallbackHandler < Client::Handler def call(context) if (callback = context[:on_chunk_sent]) context.http_request.body = ReadCallbackIO.new( context.http_request.body, callback ) @handler.call(context).tap do unwrap_callback_body(context) end else @handler.call(context) end end def unwrap_callback_body(context) body = context.http_request.body if body.is_a? ReadCallbackIO context.http_request.body = body.io end end end # OptionHandler is needed to remove :on_chunk_sent # from the params before build handler(OptionHandler, step: :initialize) # ReadCallbackHandlerneeds to go late in the call stack # other plugins including Sigv4 and content_md5 read the request body # and rewind it handler(ReadCallbackHandler, step: :sign, priority: 0) end end end end aws-sdk-core-3.191.2/lib/seahorse/client/plugins/operation_methods.rb0000644000004100000410000000330114563437550025615 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client module Plugins # Defines a helper method for each API operation that builds and # sends the named request. # # # Helper Methods # # This plugin adds a helper method that lists the available API # operations. # # client.operation_names # #=> [:api_operation_name1, :api_operation_name2, ...] # # Additionally, it adds a helper method for each operation. This helper # handles building and sending the appropriate {Request}. # # # without OperationMethods plugin # req = client.build_request(:api_operation_name, request_params) # resp = req.send_request # # # using the helper method defined by OperationMethods # resp = client.api_operation_name(request_params) # class OperationMethods < Plugin def after_initialize(client) unless client.respond_to?(:operation_names) client.class.mutex.synchronize do unless client.respond_to?(:operation_names) add_operation_helpers(client, client.config.api.operation_names) end end end end def add_operation_helpers(client, operations) operations.each do |name| client.class.send(:define_method, name) do |*args, &block| params = args[0] || {} send_options = args[1] || {} build_request(name, params).send_request(send_options, &block) end end client.class.send(:define_method, :operation_names) { operations } end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/plugins/logging.rb0000644000004100000410000000164714563437550023533 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client module Plugins # @api private class Logging < Plugin option(:logger, default: nil, doc_type: 'Logger', docstring: <<-DOCS) The Logger instance to send log messages to. If this option is not set, logging is disabled. DOCS option(:log_level, default: :info, doc_type: Symbol, docstring: 'The log level to send messages to the logger at.') option(:log_formatter, default: Seahorse::Client::Logging::Formatter.default, doc_default: 'Aws::Log::Formatter.default', doc_type: 'Aws::Log::Formatter', docstring: 'The log formatter.') def add_handlers(handlers, config) if config.logger handlers.add(Client::Logging::Handler, step: :validate) end end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/plugins/response_target.rb0000644000004100000410000000522114563437550025301 0ustar www-datawww-data# frozen_string_literal: true require 'pathname' module Seahorse module Client module Plugins # @api private class ResponseTarget < Plugin # This handler is responsible for replacing the HTTP response body IO # object with custom targets, such as a block, or a file. It is important # to not write data to the custom target in the case of a non-success # response. We do not want to write an XML error message to someone's # file. class Handler < Client::Handler def call(context) if context.params.is_a?(Hash) && context.params[:response_target] context[:response_target] = context.params.delete(:response_target) end target = context[:response_target] add_event_listeners(context, target) if target @handler.call(context) end private def add_event_listeners(context, target) context.http_response.on_headers(200..299) do # In a fresh response body will be a StringIO # However, when a request is retried we may have # an existing ManagedFile or BlockIO and those # should be reused. if context.http_response.body.is_a? StringIO context.http_response.body = io(target, context.http_response.headers) end end context.http_response.on_success(200..299) do body = context.http_response.body if body.is_a?(ManagedFile) && body.open? body.close end end context.http_response.on_error do body = context.http_response.body # When using response_target of file we do not want to write # error messages to the file. So set the body to a new StringIO if body.is_a? ManagedFile File.unlink(body) context.http_response.body = StringIO.new end # Aws::S3::Encryption::DecryptHandler (with lower priority) # has callbacks registered after ResponseTarget::Handler, # where http_response.body is an IODecrypter # and has error callbacks handling for it so no action is required here end end def io(target, headers) case target when Proc then BlockIO.new(headers, &target) when String, Pathname then ManagedFile.new(target, 'w+b') else target end end end handler(Handler, step: :initialize, priority: 90) end end end end aws-sdk-core-3.191.2/lib/seahorse/client/plugins/content_length.rb0000644000004100000410000000203614563437550025111 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client module Plugins class ContentLength < Plugin # @api private class Handler < Client::Handler # https://github.com/ruby/net-http/blob/master/lib/net/http/requests.rb # Methods without body are forwards compatible, because content-length # may be set for requests without body but is technically incorrect. METHODS_WITHOUT_BODY = Set.new( %w[GET HEAD DELETE OPTIONS TRACE COPY MOVE] ) def call(context) body = context.http_request.body method = context.http_request.http_method # We use Net::HTTP with body_stream which doesn't do this by default if body.respond_to?(:size) && !METHODS_WITHOUT_BODY.include?(method) context.http_request.headers['Content-Length'] = body.size end @handler.call(context) end end handler(Handler, step: :sign, priority: 0) end end end end aws-sdk-core-3.191.2/lib/seahorse/client/plugins/h2.rb0000644000004100000410000000523614563437550022414 0ustar www-datawww-data# frozen_string_literal: true require 'seahorse/client/h2/handler' module Seahorse module Client module Plugins class H2 < Plugin # H2 Client option(:max_concurrent_streams, default: 100, doc_type: Integer, docstring: <<-DOCS) Maximum concurrent streams used in HTTP2 connection, defaults to 100. Note that server may send back :settings_max_concurrent_streams value which will take priority when initializing new streams. DOCS option(:connection_timeout, default: 60, doc_type: Integer, docstring: <<-DOCS) Connection timeout in seconds, defaults to 60 sec. DOCS option(:connection_read_timeout, default: 60, doc_type: Integer, docstring: <<-DOCS) Connection read timeout in seconds, defaults to 60 sec. DOCS option(:read_chunk_size, default: 1024, doc_type: Integer, docstring: '') option(:raise_response_errors, default: true, doc_type: 'Boolean', docstring: <<-DOCS) Defaults to `true`, raises errors if exist when #wait or #join! is called upon async response. DOCS # SSL Context option(:ssl_ca_bundle, default: nil, doc_type: String, docstring: <<-DOCS) do |cfg| Full path to the SSL certificate authority bundle file that should be used when verifying peer certificates. If you do not pass `:ssl_ca_directory` or `:ssl_ca_bundle` the system default will be used if available. DOCS ENV['AWS_CA_BUNDLE'] || Aws.shared_config.ca_bundle(profile: cfg.profile) if cfg.respond_to?(:profile) end option(:ssl_ca_directory, default: nil, doc_type: String, docstring: <<-DOCS) Full path of the directory that contains the unbundled SSL certificate authority files for verifying peer certificates. If you do not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the system default will be used if available. DOCS option(:ssl_ca_store, default: nil, doc_type: String, docstring: '') option(:ssl_verify_peer, default: true, doc_type: 'Boolean', docstring: <<-DOCS) When `true`, SSL peer certificates are verified when establishing a connection. DOCS option(:http_wire_trace, default: false, doc_type: 'Boolean', docstring: <<-DOCS) When `true`, HTTP2 debug output will be sent to the `:logger`. DOCS option(:enable_alpn, default: false, doc_type: 'Boolean', docstring: <<-DOCS) Set to `true` to enable ALPN in HTTP2 over TLS. Requires Openssl version >= 1.0.2. Defaults to false. Note: not all service HTTP2 operations supports ALPN on server side, please refer to service documentation. DOCS option(:logger) handler(Client::H2::Handler, step: :send) end end end end aws-sdk-core-3.191.2/lib/seahorse/client/plugins/net_http.rb0000644000004100000410000000443214563437550023725 0ustar www-datawww-data# frozen_string_literal: true require 'seahorse/client/net_http/handler' module Seahorse module Client module Plugins class NetHttp < Plugin option(:http_proxy, default: nil, doc_type: String, docstring: '') option(:http_open_timeout, default: 15, doc_type: Integer, docstring: '') do |cfg| resolve_http_open_timeout(cfg) end option(:http_read_timeout, default: 60, doc_type: Integer, docstring: '') do |cfg| resolve_http_read_timeout(cfg) end option(:http_idle_timeout, default: 5, doc_type: Integer, docstring: '') option(:http_continue_timeout, default: 1, doc_type: Integer, docstring: '') option(:http_wire_trace, default: false, doc_type: 'Boolean', docstring: '') option(:ssl_verify_peer, default: true, doc_type: 'Boolean', docstring: '') option(:ssl_ca_bundle, doc_type: String, docstring: '') do |cfg| ENV['AWS_CA_BUNDLE'] || Aws.shared_config.ca_bundle(profile: cfg.profile) if cfg.respond_to?(:profile) end option(:ssl_ca_directory, default: nil, doc_type: String, docstring: '') option(:ssl_ca_store, default: nil, doc_type: String, docstring: '') option(:ssl_timeout, default: nil, doc_type: Float, docstring: '') do |cfg| resolve_ssl_timeout(cfg) end option(:logger) # for backwards compat handler(Client::NetHttp::Handler, step: :send) def self.resolve_http_open_timeout(cfg) default_mode_value = if cfg.respond_to?(:defaults_mode_config_resolver) cfg.defaults_mode_config_resolver.resolve(:http_open_timeout) end default_mode_value || 15 end def self.resolve_http_read_timeout(cfg) default_mode_value = if cfg.respond_to?(:defaults_mode_config_resolver) cfg.defaults_mode_config_resolver.resolve(:http_read_timeout) end default_mode_value || 60 end def self.resolve_ssl_timeout(cfg) default_mode_value = if cfg.respond_to?(:defaults_mode_config_resolver) cfg.defaults_mode_config_resolver.resolve(:ssl_timeout) end default_mode_value || nil end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/plugins/endpoint.rb0000644000004100000410000000264214563437550023721 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client module Plugins class Endpoint < Plugin option(:endpoint, doc_type: 'String, URI::HTTPS, URI::HTTP', docstring: <<-DOCS) Normally you should not configure the `:endpoint` option directly. This is normally constructed from the `:region` option. Configuring `:endpoint` is normally reserved for connecting to test or custom endpoints. The endpoint should be a URI formatted like: 'http://example.com' 'https://example.com' 'http://example.com:123' DOCS def add_handlers(handlers, config) handlers.add(Handler, priority: 90) end def after_initialize(client) endpoint = client.config.endpoint if endpoint.nil? msg = "missing required option `:endpoint'" raise ArgumentError, msg end endpoint = URI.parse(endpoint.to_s) if URI::HTTPS === endpoint or URI::HTTP === endpoint client.config.endpoint = endpoint else msg = 'expected :endpoint to be a HTTP or HTTPS endpoint' raise ArgumentError, msg end end class Handler < Client::Handler def call(context) context.http_request.endpoint = URI.parse(context.config.endpoint.to_s) @handler.call(context) end end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/plugins/raise_response_errors.rb0000644000004100000410000000132614563437550026514 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client module Plugins class RaiseResponseErrors < Plugin option(:raise_response_errors, default: true, doc_type: 'Boolean', docstring: 'When `true`, response errors are raised.') # @api private class Handler < Client::Handler def call(context) response = @handler.call(context) raise response.error if response.error response end end def add_handlers(handlers, config) if config.raise_response_errors handlers.add(Handler, step: :validate, priority: 95) end end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/response.rb0000644000004100000410000000501314563437550022251 0ustar www-datawww-data# frozen_string_literal: true require 'delegate' module Seahorse module Client class Response < Delegator # @option options [RequestContext] :context (nil) # @option options [Integer] :status_code (nil) # @option options [Http::Headers] :headers (Http::Headers.new) # @option options [String] :body ('') def initialize(options = {}) @context = options[:context] || RequestContext.new @data = options[:data] @error = options[:error] @http_request = @context.http_request @http_response = @context.http_response @http_response.on_error do |error| @error = error end end # @return [RequestContext] attr_reader :context # @return The response data. This may be `nil` if the response contains # an {#error}. attr_accessor :data # @return [StandardError, nil] attr_accessor :error # @return [String, nil] returns the algorithm used to validate # the response checksum. Returns nil if no verification was done. def checksum_validated context[:http_checksum][:validated] if context[:http_checksum] end # @overload on(status_code, &block) # @param [Integer] status_code The block will be # triggered only for responses with the given status code. # # @overload on(status_code_range, &block) # @param [Range] status_code_range The block will be # triggered only for responses with a status code that falls # witin the given range. # # @return [self] def on(range, &_block) response = self @context.http_response.on_success(range) do yield response end self end # Yields to the block if the response has a 200 level status code. # @return [self] def on_success(&block) on(200..299, &block) end # @return [Boolean] Returns `true` if the response is complete with # a ~ 200 level http status code. def successful? (200..299).cover?(@context.http_response.status_code) && @error.nil? end # @api private def on_complete(&block) @context.http_response.on_done(&block) self end # Necessary to define as a subclass of Delegator # @api private def __getobj__ @data end # Necessary to define as a subclass of Delegator # @api private def __setobj__(obj) @data = obj end end end end aws-sdk-core-3.191.2/lib/seahorse/client/block_io.rb0000644000004100000410000000137114563437550022177 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client class BlockIO def initialize(headers = nil, &block) @headers = headers @block = block @size = 0 end # @param [String] chunk # @return [Integer] def write(chunk) @block.call(chunk, @headers) ensure chunk.bytesize.tap { |chunk_size| @size += chunk_size } end # @param [Integer] bytes (nil) # @param [String] output_buffer (nil) # @return [String, nil] def read(bytes = nil, output_buffer = nil) data = bytes ? nil : '' output_buffer ? output_buffer.replace(data || '') : data end # @return [Integer] def size @size end end end end aws-sdk-core-3.191.2/lib/seahorse/client/plugin.rb0000644000004100000410000000716414563437550021722 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client class Plugin extend HandlerBuilder # @param [Configuration] config # @return [void] def add_options(config) self.class.options.each do |option| if option.default_block config.add_option(option.name, &option.default_block) else config.add_option(option.name, option.default) end end end # @param [HandlerList] handlers # @param [Configuration] config # @return [void] def add_handlers(handlers, config) handlers.copy_from(self.class.handlers) end # @param [Class] client_class # @param [Hash] options # @return [void] def before_initialize(client_class, options) self.class.before_initialize_hooks.each do |block| block.call(client_class, options) end end # @param [Client::Base] client # @return [void] def after_initialize(client) self.class.after_initialize_hooks.each do |block| block.call(client) end end class << self # @overload option(name, options = {}, &block) # @option options [Object] :default Can also be set by passing a block. # @option options [String] :doc_default # @option options [Boolean] :required # @option options [String] :doc_type # @option options [String] :docs # @return [void] def option(name, default = nil, options = {}, &block) # For backwards-compat reasons, the default value can be passed as 2nd # positional argument (before the options hash) or as the `:default` option # in the options hash. if default.is_a? Hash options = default else options[:default] = default end options[:default_block] = block if block_given? self.options << PluginOption.new(name, options) end def before_initialize(&block) before_initialize_hooks << block end def after_initialize(&block) after_initialize_hooks << block end # @api private def options @options ||= [] end # @api private def handlers @handlers ||= HandlerList.new end # @api private def before_initialize_hooks @before_initialize_hooks ||= [] end # @api private def after_initialize_hooks @after_initialize_hooks ||= [] end # @api private def literal(string) CodeLiteral.new(string) end # @api private class CodeLiteral < String def inspect to_s end end end # @api private class PluginOption def initialize(name, options = {}) @name = name @doc_default = nil options.each_pair do |opt_name, opt_value| self.send("#{opt_name}=", opt_value) end end attr_reader :name attr_accessor :default attr_accessor :default_block attr_accessor :required attr_accessor :doc_type attr_writer :doc_default attr_accessor :docstring attr_accessor :rbs_type def doc_default(options) if @doc_default.nil? && !default.is_a?(Proc) default else @doc_default.respond_to?(:call) ? @doc_default.call(options) : @doc_default end end def documented? !!docstring end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/events.rb0000644000004100000410000000060714563437550021723 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client module EventEmitter def initialize(*args) @listeners = {} super end def emit(event_name, *args, &block) @listeners[event_name] ||= [] @listeners[event_name] << block if block_given? end def signal(event, *args) @listeners end end end end aws-sdk-core-3.191.2/lib/seahorse/client/net_http/0000755000004100000410000000000014563437550021714 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/seahorse/client/net_http/handler.rb0000644000004100000410000001564014563437550023664 0ustar www-datawww-data# frozen_string_literal: true require 'net/https' require 'openssl' module Seahorse module Client # @api private module NetHttp # The default HTTP handler for Seahorse::Client. This is based on # the Ruby's `Net::HTTP`. class Handler < Client::Handler # @api private class TruncatedBodyError < IOError def initialize(bytes_expected, bytes_received) msg = "http response body truncated, expected #{bytes_expected} "\ "bytes, received #{bytes_received} bytes" super(msg) end end NETWORK_ERRORS = [ SocketError, EOFError, IOError, Timeout::Error, Errno::ECONNABORTED, Errno::ECONNRESET, Errno::EPIPE, Errno::EINVAL, Errno::ETIMEDOUT, OpenSSL::SSL::SSLError, Errno::EHOSTUNREACH, Errno::ECONNREFUSED, Net::HTTPFatalError # for proxy connection failures ] # does not exist in Ruby 1.9.3 if OpenSSL::SSL.const_defined?(:SSLErrorWaitReadable) NETWORK_ERRORS << OpenSSL::SSL::SSLErrorWaitReadable end # @api private DNS_ERROR_MESSAGES = [ 'getaddrinfo: nodename nor servname provided, or not known', # MacOS 'getaddrinfo: Name or service not known' # GNU ] # Raised when a {Handler} cannot construct a `Net::HTTP::Request` # from the given http verb. class InvalidHttpVerbError < StandardError; end # @param [RequestContext] context # @return [Response] def call(context) transmit(context.config, context.http_request, context.http_response) Response.new(context: context) end # @param [Configuration] config # @return [ConnectionPool] def pool_for(config) ConnectionPool.for(pool_options(config)) end private def error_message(req, error) if error.is_a?(SocketError) && DNS_ERROR_MESSAGES.include?(error.message) host = req.endpoint.host "unable to connect to `#{host}`; SocketError: #{error.message}" else error.message end end # @param [Configuration] config # @param [Http::Request] req # @param [Http::Response] resp # @return [void] def transmit(config, req, resp) session(config, req) do |http| # Monkey patch default content-type set by Net::HTTP Thread.current[:net_http_skip_default_content_type] = true http.request(build_net_request(req)) do |net_resp| status_code = net_resp.code.to_i headers = extract_headers(net_resp) bytes_received = 0 resp.signal_headers(status_code, headers) net_resp.read_body do |chunk| bytes_received += chunk.bytesize resp.signal_data(chunk) end complete_response(req, resp, bytes_received) end end rescue *NETWORK_ERRORS => error # these are retryable error = NetworkingError.new(error, error_message(req, error)) resp.signal_error(error) rescue => error # not retryable resp.signal_error(error) ensure # ensure we turn off monkey patch in case of error Thread.current[:net_http_skip_default_content_type] = nil end def complete_response(req, resp, bytes_received) if should_verify_bytes?(req, resp) verify_bytes_received(resp, bytes_received) else resp.signal_done end end def should_verify_bytes?(req, resp) req.http_method != 'HEAD' && resp.headers['content-length'] end def verify_bytes_received(resp, bytes_received) bytes_expected = resp.headers['content-length'].to_i if bytes_expected == bytes_received resp.signal_done else error = TruncatedBodyError.new(bytes_expected, bytes_received) resp.signal_error(NetworkingError.new(error, error.message)) end end def session(config, req, &block) pool_for(config).session_for(req.endpoint) do |http| # Ruby 2.5, can disable retries for idempotent operations # avoid patching for Ruby 2.5 for disable retry http.max_retries = 0 if http.respond_to?(:max_retries) http.read_timeout = config.http_read_timeout yield(http) end end # Extracts the {ConnectionPool} configuration options. # @param [Configuration] config # @return [Hash] def pool_options(config) ConnectionPool::OPTIONS.keys.inject({}) do |opts,opt| opts[opt] = config.send(opt) opts end end # Constructs and returns a Net::HTTP::Request object from # a {Http::Request}. # @param [Http::Request] request # @return [Net::HTTP::Request] def build_net_request(request) request_class = net_http_request_class(request) req = request_class.new(request.endpoint.request_uri, headers(request)) # Net::HTTP adds a default Content-Type when a body is present. # Set the body stream when it has an unknown size or when it is > 0. if !request.body.respond_to?(:size) || (request.body.respond_to?(:size) && request.body.size > 0) req.body_stream = request.body end req end # @param [Http::Request] request # @raise [InvalidHttpVerbError] # @return Returns a base `Net::HTTP::Request` class, e.g., # `Net::HTTP::Get`, `Net::HTTP::Post`, etc. def net_http_request_class(request) Net::HTTP.const_get(request.http_method.capitalize) rescue NameError msg = "`#{request.http_method}` is not a valid http verb" raise InvalidHttpVerbError, msg end # @param [Http::Request] request # @return [Hash] Returns a vanilla hash of headers to send with the # HTTP request. def headers(request) # Net::HTTP adds a default header for accept-encoding (2.0.0+). # Setting a default empty value defeats this. # # Removing this is necessary for most services to not break request # signatures as well as dynamodb crc32 checks (these fail if the # response is gzipped). headers = { 'accept-encoding' => '' } request.headers.each_pair do |key, value| headers[key] = value end headers end # @param [Net::HTTP::Response] response # @return [Hash] def extract_headers(response) response.to_hash.inject({}) do |headers, (k, v)| headers[k] = v.first headers end end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/net_http/connection_pool.rb0000644000004100000410000002757114563437550025445 0ustar www-datawww-data# frozen_string_literal: true require 'cgi' require 'net/http' require 'net/https' require 'delegate' require 'thread' require 'logger' require_relative 'patches' Seahorse::Client::NetHttp::Patches.apply! module Seahorse module Client # @api private module NetHttp class ConnectionPool @pools_mutex = Mutex.new @pools = {} @default_logger = Logger.new($stdout) OPTIONS = { http_proxy: nil, http_open_timeout: 15, http_read_timeout: 60, http_idle_timeout: 5, http_continue_timeout: 1, http_wire_trace: false, logger: nil, ssl_verify_peer: true, ssl_ca_bundle: nil, ssl_ca_directory: nil, ssl_ca_store: nil, ssl_timeout: nil } # @api private def initialize(options = {}) OPTIONS.each_pair do |opt_name, default_value| value = options[opt_name].nil? ? default_value : options[opt_name] instance_variable_set("@#{opt_name}", value) end @pool_mutex = Mutex.new @pool = {} end OPTIONS.keys.each do |attr_name| attr_reader(attr_name) end alias http_wire_trace? http_wire_trace alias ssl_verify_peer? ssl_verify_peer # Makes an HTTP request, yielding a Net::HTTPResponse object. # # pool.request(URI.parse('http://domain'), Net::HTTP::Get.new('/')) do |resp| # puts resp.code # status code # puts resp.to_h.inspect # dump the headers # puts resp.body # end # # @param [URI::HTTP, URI::HTTPS] endpoint The HTTP(S) endpoint # to connect to (e.g. 'https://domain.com'). # # @param [Net::HTTPRequest] request The request to make. This can be # any request object from Net::HTTP (e.g. Net::HTTP::Get, # Net::HTTP::POST, etc). # # @yieldparam [Net::HTTPResponse] net_http_response # # @return (see #session_for) def request(endpoint, request, &block) session_for(endpoint) do |http| yield(http.request(request)) end end # @param [URI::HTTP, URI::HTTPS] endpoint The HTTP(S) endpoint # to connect to (e.g. 'https://domain.com'). # # @yieldparam [Net::HTTPSession] session # # @return [nil] def session_for(endpoint, &block) endpoint = remove_path_and_query(endpoint) session = nil # attempt to recycle an already open session @pool_mutex.synchronize do _clean if @pool.key?(endpoint) session = @pool[endpoint].shift end end begin session ||= start_session(endpoint) session.read_timeout = http_read_timeout session.continue_timeout = http_continue_timeout if session.respond_to?(:continue_timeout=) yield(session) rescue session.finish if session raise else # No error raised? Good, check the session into the pool. @pool_mutex.synchronize do @pool[endpoint] = [] unless @pool.key?(endpoint) @pool[endpoint] << session end end nil end # @return [Integer] Returns the count of sessions currently in the # pool, not counting those currently in use. def size @pool_mutex.synchronize do size = 0 @pool.each_pair do |endpoint,sessions| size += sessions.size end size end end # Removes stale http sessions from the pool (that have exceeded # the idle timeout). # @return [nil] def clean! @pool_mutex.synchronize { _clean } nil end # Closes and removes all sessions from the pool. # If empty! is called while there are outstanding requests they may # get checked back into the pool, leaving the pool in a non-empty # state. # @return [nil] def empty! @pool_mutex.synchronize do @pool.each_pair do |endpoint,sessions| sessions.each(&:finish) end @pool.clear end nil end private def remove_path_and_query(endpoint) endpoint.dup.tap do |e| e.path = '' e.query = nil end.to_s end class << self # Returns a connection pool constructed from the given options. # Calling this method twice with the same options will return # the same pool. # # @option options [URI::HTTP,String] :http_proxy A proxy to send # requests through. Formatted like 'http://proxy.com:123'. # # @option options [Float] :http_open_timeout (15) The number of # seconds to wait when opening an HTTP session before raising a # `Timeout::Error`. # # @option options [Float] :http_read_timeout (60) The default # number of seconds to wait for response data. This value can be # safely set per-request on the session yielded by {#session_for}. # # @option options [Float] :http_idle_timeout (5) The number of # seconds a connection is allowed to sit idle before it is # considered stale. Stale connections are closed and removed # from the pool before making a request. # # @option options [Float] :http_continue_timeout (1) The number of # seconds to wait for a 100-continue response before sending the # request body. This option has no effect unless the request has # "Expect" header set to "100-continue". Defaults to `nil` which # disables this behaviour. This value can safely be set per # request on the session yielded by {#session_for}. # # @option options [Float] :ssl_timeout (nil) Sets the SSL timeout # in seconds. # # @option options [Boolean] :http_wire_trace (false) When `true`, # HTTP debug output will be sent to the `:logger`. # # @option options [Logger] :logger Where debug output is sent. # Defaults to `nil` when `:http_wire_trace` is `false`. # Defaults to `Logger.new($stdout)` when `:http_wire_trace` is # `true`. # # @option options [Boolean] :ssl_verify_peer (true) When `true`, # SSL peer certificates are verified when establishing a # connection. # # @option options [String] :ssl_ca_bundle Full path to the SSL # certificate authority bundle file that should be used when # verifying peer certificates. If you do not pass # `:ssl_ca_bundle` or `:ssl_ca_directory` the system default # will be used if available. # # @option options [String] :ssl_ca_directory Full path of the # directory that contains the unbundled SSL certificate # authority files for verifying peer certificates. If you do # not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the # system default will be used if available. # # @return [ConnectionPool] def for options = {} options = pool_options(options) @pools_mutex.synchronize do @pools[options] ||= new(options) end end # @return [Array] Returns a list of the # constructed connection pools. def pools @pools_mutex.synchronize do @pools.values end end private # Filters an option hash, merging in default values. # @return [Hash] def pool_options options wire_trace = !!options[:http_wire_trace] logger = options[:logger] || @default_logger if wire_trace verify_peer = options.key?(:ssl_verify_peer) ? !!options[:ssl_verify_peer] : true { :http_proxy => URI.parse(options[:http_proxy].to_s), :http_continue_timeout => options[:http_continue_timeout], :http_open_timeout => options[:http_open_timeout] || 15, :http_idle_timeout => options[:http_idle_timeout] || 5, :http_read_timeout => options[:http_read_timeout] || 60, :http_wire_trace => wire_trace, :logger => logger, :ssl_verify_peer => verify_peer, :ssl_ca_bundle => options[:ssl_ca_bundle], :ssl_ca_directory => options[:ssl_ca_directory], :ssl_ca_store => options[:ssl_ca_store], :ssl_timeout => options[:ssl_timeout] } end end private # Extract the parts of the http_proxy URI # @return [Array(String)] def http_proxy_parts return [ http_proxy.host, http_proxy.port, (http_proxy.user && CGI::unescape(http_proxy.user)), (http_proxy.password && CGI::unescape(http_proxy.password)) ] end # Starts and returns a new HTTP(S) session. # @param [String] endpoint # @return [Net::HTTPSession] def start_session endpoint endpoint = URI.parse(endpoint) args = [] args << endpoint.host args << endpoint.port args += http_proxy_parts http = ExtendedSession.new(Net::HTTP.new(*args.compact)) http.set_debug_output(logger) if http_wire_trace? http.open_timeout = http_open_timeout http.keep_alive_timeout = http_idle_timeout if http.respond_to?(:keep_alive_timeout=) if endpoint.scheme == 'https' http.use_ssl = true http.ssl_timeout = ssl_timeout if ssl_verify_peer? http.verify_mode = OpenSSL::SSL::VERIFY_PEER http.ca_file = ssl_ca_bundle if ssl_ca_bundle http.ca_path = ssl_ca_directory if ssl_ca_directory http.cert_store = ssl_ca_store if ssl_ca_store else http.verify_mode = OpenSSL::SSL::VERIFY_NONE end else http.use_ssl = false end http.start http end # Removes stale sessions from the pool. This method *must* be called # @note **Must** be called behind a `@pool_mutex` synchronize block. def _clean now = Aws::Util.monotonic_milliseconds @pool.each_pair do |endpoint,sessions| sessions.delete_if do |session| if session.last_used.nil? or now - session.last_used > http_idle_timeout * 1000 session.finish true end end end end # Helper methods extended onto Net::HTTPSession objects opened by the # connection pool. # @api private class ExtendedSession < Delegator def initialize(http) super(http) @http = http end # @return [Integer,nil] attr_reader :last_used def __getobj__ @http end def __setobj__(obj) @http = obj end # Sends the request and tracks that this session has been used. def request(*args, &block) @http.request(*args, &block) @last_used = Aws::Util.monotonic_milliseconds end # Attempts to close/finish the session without raising an error. def finish @http.finish rescue IOError nil end end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/net_http/patches.rb0000644000004100000410000000156314563437550023675 0ustar www-datawww-data# frozen_string_literal: true require 'net/http' module Seahorse module Client # @api private module NetHttp # @api private module Patches def self.apply! Net::HTTPGenericRequest.prepend(PatchDefaultContentType) end # For requests with bodies, Net::HTTP sets a default content type of: # 'application/x-www-form-urlencoded' # There are cases where we should not send content type at all. # Even when no body is supplied, Net::HTTP uses a default empty body # and sets it anyway. This patch disables the behavior when a Thread # local variable is set. module PatchDefaultContentType def supply_default_content_type return if Thread.current[:net_http_skip_default_content_type] super end end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/managed_file.rb0000644000004100000410000000047214563437550023012 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client # This utility class is used to track files opened by Seahorse. # This allows Seahorse to know what files it needs to close. class ManagedFile < File # @return [Boolean] def open? !closed? end end end end aws-sdk-core-3.191.2/lib/seahorse/client/networking_error.rb0000644000004100000410000000173614563437550024023 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client class NetworkingError < StandardError def initialize(error, msg = nil) super(msg || error.message) set_backtrace(error.backtrace) @original_error = error end attr_reader :original_error end # Raised when sending initial headers and data failed # for event stream requests over Http2 class Http2InitialRequestError < StandardError def initialize(error) @original_error = error end # @return [HTTP2::Error] attr_reader :original_error end # Raised when connection failed to initialize a new stream class Http2StreamInitializeError < StandardError def initialize(error) @original_error = error end # @return [HTTP2::Error] attr_reader :original_error end # Rasied when trying to use an closed connection class Http2ConnectionClosedError < StandardError; end end end aws-sdk-core-3.191.2/lib/seahorse/client/handler_list_entry.rb0000644000004100000410000000614614563437550024314 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client # A container for an un-constructed handler. A handler entry has the # handler class, and information about handler priority/order. # # This class is an implementation detail of the {HandlerList} class. # Do not rely on public interfaces of this class. class HandlerListEntry STEPS = { initialize: 400, validate: 300, build: 200, sign: 100, send: 0, } # @option options [required, Class] :handler_class # @option options [required, Integer] :inserted The insertion # order/position. This is used to determine sort order when two # entries have the same priority. # @option options [Symbol] :step (:build) # @option options [Integer] :priority (50) # @option options [Set] :operations def initialize(options) @options = options @handler_class = option(:handler_class, options) @inserted = option(:inserted, options) @operations = options[:operations] @operations = Set.new(options[:operations]).map(&:to_s) if @operations set_step(options[:step] || :build) set_priority(options[:priority] || 50) compute_weight end # @return [Handler, Class] Returns the handler. This may # be a constructed handler object or a handler class. attr_reader :handler_class # @return [Integer] The insertion order/position. This is used to # determine sort order when two entries have the same priority. # Entries inserted later (with a higher inserted value) have a # lower priority. attr_reader :inserted # @return [Symbol] attr_reader :step # @return [Integer] attr_reader :priority # @return [Set] attr_reader :operations # @return [Integer] attr_reader :weight # @api private def <=>(other) if weight == other.weight other.inserted <=> inserted else weight <=> other.weight end end # @option options (see #initialize) # @return [HandlerListEntry] def copy(options = {}) HandlerListEntry.new(@options.merge(options)) end private def option(name, options) if options.key?(name) options[name] else msg = "missing option: `%s'" raise ArgumentError, msg % name.inspect end end def set_step(step) if STEPS.key?(step) @step = step else msg = "invalid :step `%s', must be one of :initialize, :validate, "\ ':build, :sign or :send' raise ArgumentError, msg % step.inspect end end def set_priority(priority) if (0..99).include?(priority) @priority = priority else msg = "invalid :priority `%s', must be between 0 and 99" raise ArgumentError, msg % priority.inspect end end def compute_weight @weight = STEPS[@step] + @priority end end end end aws-sdk-core-3.191.2/lib/seahorse/client/handler_list.rb0000644000004100000410000001434414563437550023072 0ustar www-datawww-data# frozen_string_literal: true require 'thread' require 'set' module Seahorse module Client class HandlerList include Enumerable # @api private def initialize(options = {}) @index = options[:index] || 0 @entries = {} @mutex = Mutex.new entries = options[:entries] || [] add_entries(entries) unless entries.empty? end # @return [Array] def entries @mutex.synchronize do @entries.values end end # Registers a handler. Handlers are used to build a handler stack. # Handlers default to the `:build` step with default priority of 50. # The step and priority determine where in the stack a handler # will be. # # ## Handler Stack Ordering # # A handler stack is built from the inside-out. The stack is # seeded with the send handler. Handlers are constructed recursively # in reverse step and priority order so that the highest priority # handler is on the outside. # # By constructing the stack from the inside-out, this ensures # that the validate handlers will be called first and the sign handlers # will be called just before the final and only send handler is called. # # ## Steps # # Handlers are ordered first by step. These steps represent the # life-cycle of a request. Valid steps are: # # * `:initialize` # * `:validate` # * `:build` # * `:sign` # * `:send` # # Many handlers can be added to the same step, except for `:send`. # There can be only one `:send` handler. Adding an additional # `:send` handler replaces the previous one. # # ## Priorities # # Handlers within a single step are executed in priority order. The # higher the priority, the earlier in the stack the handler will # be called. # # * Handler priority is an integer between 0 and 99, inclusively. # * Handler priority defaults to 50. # * When multiple handlers are added to the same step with the same # priority, the last one added will have the highest priority and # the first one added will have the lowest priority. # # @param [Class] handler_class This should be a subclass # of {Handler}. # # @option options [Symbol] :step (:build) The request life-cycle # step the handler should run in. Defaults to `:build`. The # list of possible steps, in high-to-low priority order are: # # * `:initialize` # * `:validate` # * `:build` # * `:sign` # * `:send` # # There can only be one send handler. Registering an additional # `:send` handler replaces the previous one. # # @option options [Integer] :priority (50) The priority of this # handler within a step. The priority must be between 0 and 99 # inclusively. It defaults to 50. When two handlers have the # same `:step` and `:priority`, the handler registered last has # the highest priority. # # @option options [Array] :operations A list of # operations names the handler should be applied to. When # `:operations` is omitted, the handler is applied to all # operations for the client. # # @raise [InvalidStepError] # @raise [InvalidPriorityError] # @note There can be only one `:send` handler. Adding an additional # send handler replaces the previous. # # @return [Class] Returns the handler class that was added. # def add(handler_class, options = {}) @mutex.synchronize do add_entry( HandlerListEntry.new(options.merge( handler_class: handler_class, inserted: next_index )) ) end handler_class end # @param [Class] handler_class def remove(handler_class) @entries.each do |key, entry| @entries.delete(key) if entry.handler_class == handler_class end end # Copies handlers from the `source_list` onto the current handler list. # If a block is given, only the entries that return a `true` value # from the block will be copied. # @param [HandlerList] source_list # @return [void] def copy_from(source_list, &block) entries = [] source_list.entries.each do |entry| if block_given? entries << entry.copy(inserted: next_index) if yield(entry) else entries << entry.copy(inserted: next_index) end end add_entries(entries) end # Returns a handler list for the given operation. The returned # will have the operation specific handlers merged with the common # handlers. # @param [String] operation The name of an operation. # @return [HandlerList] def for(operation) HandlerList.new(index: @index, entries: filter(operation.to_s)) end # Yields the handlers in stack order, which is reverse priority. def each(&block) entries.sort.each do |entry| yield(entry.handler_class) if entry.operations.nil? end end # Constructs the handlers recursively, building a handler stack. # The `:send` handler will be at the top of the stack and the # `:validate` handlers will be at the bottom. # @return [Handler] def to_stack inject(nil) { |stack, handler| handler.new(stack) } end private def add_entries(entries) @mutex.synchronize do entries.each { |entry| add_entry(entry) } end end def add_entry(entry) key = entry.step == :send ? :send : entry.object_id @entries[key] = entry end def filter(operation) entries.inject([]) do |filtered, entry| if entry.operations.nil? filtered << entry.copy elsif entry.operations.include?(operation) filtered << entry.copy(operations: nil) end filtered end end def next_index @index += 1 end end end end aws-sdk-core-3.191.2/lib/seahorse/client/http/0000755000004100000410000000000014563437550021046 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/seahorse/client/http/async_response.rb0000644000004100000410000000223114563437550024424 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client module Http class AsyncResponse < Seahorse::Client::Http::Response def initialize(options = {}) super end def signal_headers(headers) # H2 headers arrive as array of pair hash = headers.inject({}) do |h, pair| key, value = pair h[key] = value h end @status_code = hash[":status"].to_i @headers = Headers.new(hash) emit(:headers, @status_code, @headers) end def signal_done(options = {}) # H2 only has header and body # ':status' header will be sent back if options.keys.sort == [:body, :headers] signal_headers(options[:headers]) signal_data(options[:body]) signal_done elsif options.empty? @body.rewind if @body.respond_to?(:rewind) @done = true emit(:done) else msg = "options must be empty or must contain :headers and :body" raise ArgumentError, msg end end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/http/request.rb0000644000004100000410000000354014563437550023065 0ustar www-datawww-data# frozen_string_literal: true require 'stringio' require 'uri' module Seahorse module Client module Http class Request # @option options [URI::HTTP, URI::HTTPS] :endpoint (nil) # @option options [String] :http_method ('GET') # @option options [Headers] :headers (Headers.new) # @option options [Body] :body (StringIO.new) def initialize(options = {}) self.endpoint = options[:endpoint] self.http_method = options[:http_method] || 'GET' self.headers = Headers.new(options[:headers] || {}) self.body = options[:body] end # @return [String] The HTTP request method, e.g. `GET`, `PUT`, etc. attr_accessor :http_method # @return [Headers] The hash of request headers. attr_accessor :headers # @return [URI::HTTP, URI::HTTPS, nil] def endpoint @endpoint end # @param [String, URI::HTTP, URI::HTTPS, nil] endpoint def endpoint=(endpoint) endpoint = URI.parse(endpoint) if endpoint.is_a?(String) if endpoint.nil? or URI::HTTP === endpoint or URI::HTTPS === endpoint @endpoint = endpoint else msg = 'invalid endpoint, expected URI::HTTP, URI::HTTPS, or nil, '\ "got #{endpoint.inspect}" raise ArgumentError, msg end end # @return [IO] def body @body end # @return [String] def body_contents body.rewind contents = body.read body.rewind contents end # @param [#read, #size, #rewind] io def body=(io) @body = case io when nil then StringIO.new('') when String then StringIO.new(io) else io end end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/http/headers.rb0000644000004100000410000000522614563437550023013 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client module Http # Provides a Hash-like interface for HTTP headers. Header names # are treated indifferently as lower-cased strings. Header values # are cast to strings. # # headers = Http::Headers.new # headers['Content-Length'] = 100 # headers[:Authorization] = 'Abc' # # headers.keys # #=> ['content-length', 'authorization'] # # headers.values # #=> ['100', 'Abc'] # # You can get the header values as a vanilla hash by calling {#to_h}: # # headers.to_h # #=> { 'content-length' => '100', 'authorization' => 'Abc' } # class Headers include Enumerable # @api private def initialize(headers = {}) @data = {} headers.each_pair do |key, value| self[key] = value end end # @param [String] key # @return [String] def [](key) @data[key.to_s.downcase] end # @param [String] key # @param [String] value def []=(key, value) @data[key.to_s.downcase] = value.to_s end # @param [Hash] headers # @return [Headers] def update(headers) headers.each_pair do |k, v| self[k] = v end self end # @param [String] key def delete(key) @data.delete(key.to_s.downcase) end def clear @data = {} end # @return [Array] def keys @data.keys end # @return [Array] def values @data.values end # @return [Array] def values_at(*keys) @data.values_at(*keys.map{ |key| key.to_s.downcase }) end # @yield [key, value] # @yieldparam [String] key # @yieldparam [String] value # @return [nil] def each(&block) if block_given? @data.each_pair do |key, value| yield(key, value) end nil else @data.enum_for(:each) end end alias each_pair each # @return [Boolean] Returns `true` if the header is set. def key?(key) @data.key?(key.to_s.downcase) end alias has_key? key? alias include? key? # @return [Hash] def to_hash @data.dup end alias to_h to_hash # @api private def inspect @data.inspect end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/http/response.rb0000644000004100000410000001175314563437550023240 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client module Http class Response # @option options [Integer] :status_code (0) # @option options [Headers] :headers (Headers.new) # @option options [IO] :body (StringIO.new) def initialize(options = {}) @status_code = options[:status_code] || 0 @headers = options[:headers] || Headers.new @body = options[:body] || StringIO.new @listeners = Hash.new { |h,k| h[k] = [] } @complete = false @done = nil @error = nil end # @return [Integer] Returns `0` if the request failed to generate # any response. attr_accessor :status_code # @return [Headers] attr_accessor :headers # @return [StandardError, nil] attr_reader :error # @return [IO] def body @body end # @param [#read, #size, #rewind] io def body=(io) @body = case io when nil then StringIO.new('') when String then StringIO.new(io) else io end end # @return [String|Array] def body_contents if body.is_a?(Array) # an array of parsed events body else body.rewind contents = body.read body.rewind contents end end # @param [Integer] status_code # @param [Hash] headers def signal_headers(status_code, headers) @status_code = status_code @headers = Headers.new(headers) emit(:headers, @status_code, @headers) end # @param [string] chunk def signal_data(chunk) unless chunk == '' @body.write(chunk) emit(:data, chunk) end end # Completes the http response. # # @example Completing the response in a single call # # http_response.signal_done( # status_code: 200, # headers: {}, # body: '' # ) # # @example Complete the response in parts # # # signal headers straight-way # http_response.signal_headers(200, {}) # # # signal data as it is received from the socket # http_response.signal_data("...") # http_response.signal_data("...") # http_response.signal_data("...") # # # signal done once the body data is all written # http_response.signal_done # # @overload signal_done() # # @overload signal_done(options = {}) # @option options [required, Integer] :status_code # @option options [required, Hash] :headers # @option options [required, String] :body # def signal_done(options = {}) if options.keys.sort == [:body, :headers, :status_code] signal_headers(options[:status_code], options[:headers]) signal_data(options[:body]) signal_done elsif options.empty? @body.rewind if @body.respond_to?(:rewind) @done = true emit(:done) else msg = 'options must be empty or must contain :status_code, :headers, '\ 'and :body' raise ArgumentError, msg end end # @param [StandardError] networking_error def signal_error(networking_error) @error = networking_error signal_done end def on_headers(status_code_range = nil, &block) @listeners[:headers] << listener(status_code_range, block) end def on_data(&callback) @listeners[:data] << callback end def on_done(status_code_range = nil, &callback) listener = listener(status_code_range, callback) if @done listener.call else @listeners[:done] << listener end end def on_success(status_code_range = 200..599, &callback) on_done(status_code_range) do unless @error yield end end end def on_error(&callback) on_done(0..599) do if @error yield(@error) end end end def reset @status_code = 0 @headers.clear @body.truncate(0) @error = nil end private def listener(range, callback) range = range..range if Integer === range if range lambda do |*args| if range.include?(@status_code) callback.call(*args) end end else callback end end def emit(event_name, *args) @listeners[event_name].each { |listener| listener.call(*args) } end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/plugin_list.rb0000644000004100000410000000661314563437550022753 0ustar www-datawww-data# frozen_string_literal: true require 'set' require 'thread' module Seahorse module Client class PluginList include Enumerable # @param [Array, Set] plugins # @option options [Mutex] :mutex def initialize(plugins = [], options = {}) @mutex = options[:mutex] || Mutex.new @plugins = Set.new if plugins.is_a?(PluginList) plugins.send(:each_plugin) { |plugin| _add(plugin) } else plugins.each { |plugin| _add(plugin) } end end # Adds and returns the `plugin`. # @param [Plugin] plugin # @return [void] def add(plugin) @mutex.synchronize do _add(plugin) end nil end # Removes and returns the `plugin`. # @param [Plugin] plugin # @return [void] def remove(plugin) @mutex.synchronize do @plugins.delete(PluginWrapper.new(plugin)) end nil end # Replaces the existing list of plugins. # @param [Array] plugins # @return [void] def set(plugins) @mutex.synchronize do @plugins.clear plugins.each do |plugin| _add(plugin) end end nil end # Enumerates the plugins. # @return [Enumerator] def each(&block) each_plugin do |plugin_wrapper| yield(plugin_wrapper.plugin) end end private # Not safe to call outside the mutex. def _add(plugin) @plugins << PluginWrapper.new(plugin) end # Yield each PluginDetail behind the mutex def each_plugin(&block) @mutex.synchronize do @plugins.each(&block) end end # A utility class that computes the canonical name for a plugin # and defers requiring the plugin until the plugin class is # required. # @api private class PluginWrapper # @param [String, Symbol, Module, Class] plugin def initialize(plugin) case plugin when Module @canonical_name = plugin.name || plugin.object_id @plugin = plugin when Symbol, String words = plugin.to_s.split('.') @canonical_name = words.pop @gem_name = words.empty? ? nil : words.join('.') @plugin = nil else @canonical_name = plugin.object_id @plugin = plugin end end # @return [String] attr_reader :canonical_name # @return [Class] def plugin @plugin ||= require_plugin end # Returns the given plugin if it is already a PluginWrapper. def self.new(plugin) if plugin.is_a?(self) plugin else super end end # @return [Boolean] # @api private def eql? other canonical_name == other.canonical_name end # @return [String] # @api private def hash canonical_name.hash end private # @return [Class] def require_plugin require(@gem_name) if @gem_name plugin_class = Kernel @canonical_name.split('::').each do |const_name| plugin_class = plugin_class.const_get(const_name) end plugin_class end end end end end aws-sdk-core-3.191.2/lib/seahorse/client/handler_builder.rb0000644000004100000410000000235414563437550023543 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client # This module provides the ability to add handlers to a class or # module. The including class or extending module must respond to # `#handlers`, returning a {HandlerList}. module HandlerBuilder def handle_request(*args, &block) handler(*args) do |context| block.call(context) @handler.call(context) end end def handle_response(*args, &block) handler(*args) do |context| resp = @handler.call(context) block.call(resp) if resp.context.http_response.status_code > 0 resp end end def handle(*args, &block) options = args.last.is_a?(Hash) ? args.pop : {} handler_class = block ? handler_for(*args, &block) : args.first handlers.add(handler_class, options) end alias handler handle # @api private def handler_for(name = nil, &block) if name const_set(name, new_handler(block)) else new_handler(block) end end # @api private def new_handler(block) Class.new(Handler) do define_method(:call, &block) end end end end end aws-sdk-core-3.191.2/lib/seahorse/model/0000755000004100000410000000000014563437550017711 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/seahorse/model/shapes.rb0000644000004100000410000001426514563437550021531 0ustar www-datawww-data# frozen_string_literal: true require 'set' module Seahorse module Model module Shapes class ShapeRef def initialize(options = {}) @metadata = {} @required = false @deprecated = false @location = nil @location_name = nil @event = false @eventstream = false @eventpayload = false @eventpayload_type = ''.freeze @eventheader = false @eventheader_type = ''.freeze options.each do |key, value| if key == :metadata value.each do |k,v| self[k] = v end else send("#{key}=", value) end end end # @return [Shape] attr_accessor :shape # @return [Boolean] attr_accessor :required # @return [String, nil] attr_accessor :documentation # @return [Boolean] attr_accessor :deprecated # @return [Boolean] attr_accessor :event # @return [Boolean] attr_accessor :eventstream # @return [Boolean] attr_accessor :eventpayload # @return [Boolean] attr_accessor :eventheader # @return [String] attr_accessor :eventpayload_type # @return [Boolean] attr_accessor :eventheader_type # @return [Boolean] attr_accessor :document # @return [String, nil] def location @location || (shape && shape[:location]) end def location= location @location = location end # @return [String, nil] def location_name @location_name || (shape && shape[:location_name]) end def location_name= location_name @location_name = location_name end # Gets metadata for the given `key`. def [](key) if @metadata.key?(key.to_s) @metadata[key.to_s] else @shape[key.to_s] end end # Sets metadata for the given `key`. def []=(key, value) @metadata[key.to_s] = value end end class Shape def initialize(options = {}) @metadata = {} options.each_pair do |key, value| if respond_to?("#{key}=") send("#{key}=", value) else self[key] = value end end end # @return [String] attr_accessor :name # @return [String, nil] attr_accessor :documentation # @return [Boolean] attr_accessor :union # Gets metadata for the given `key`. def [](key) @metadata[key.to_s] end # Sets metadata for the given `key`. def []=(key, value) @metadata[key.to_s] = value end end class BlobShape < Shape # @return [Integer, nil] attr_accessor :min # @return [Integer, nil] attr_accessor :max end class BooleanShape < Shape; end class FloatShape < Shape # @return [Integer, nil] attr_accessor :min # @return [Integer, nil] attr_accessor :max end class IntegerShape < Shape # @return [Integer, nil] attr_accessor :min # @return [Integer, nil] attr_accessor :max end class ListShape < Shape # @return [ShapeRef] attr_accessor :member # @return [Integer, nil] attr_accessor :min # @return [Integer, nil] attr_accessor :max # @return [Boolean] attr_accessor :flattened end class MapShape < Shape # @return [ShapeRef] attr_accessor :key # @return [ShapeRef] attr_accessor :value # @return [Integer, nil] attr_accessor :min # @return [Integer, nil] attr_accessor :max # @return [Boolean] attr_accessor :flattened end class StringShape < Shape # @return [Set, nil] attr_accessor :enum # @return [Integer, nil] attr_accessor :min # @return [Integer, nil] attr_accessor :max end class StructureShape < Shape def initialize(options = {}) @members = {} @members_by_location_name = {} @required = Set.new super end # @return [Set] attr_accessor :required # @return [Class] attr_accessor :struct_class # @param [Symbol] name # @param [ShapeRef] shape_ref def add_member(name, shape_ref) name = name.to_sym @required << name if shape_ref.required @members_by_location_name[shape_ref.location_name] = [name, shape_ref] @members[name] = shape_ref end # @return [Array] def member_names @members.keys end # @param [Symbol] member_name # @return [Boolean] Returns `true` if there exists a member with # the given name. def member?(member_name) @members.key?(member_name.to_sym) end # @return [Enumerator<[Symbol,ShapeRef]>] def members @members.to_enum end # @param [Symbol] name # @return [ShapeRef] def member(name) if member?(name) @members[name.to_sym] else raise ArgumentError, "no such member #{name.inspect}" end end # @api private def member_by_location_name(location_name) @members_by_location_name[location_name] end end class UnionShape < StructureShape def initialize(options = {}) @member_subclasses = {} super options.merge(union: true) end # @api private def member_subclass(member) @member_subclasses[member] end # @api private def add_member_subclass(member, subclass) @member_subclasses[member] = subclass end end class TimestampShape < Shape; end class DocumentShape < Shape; end end end end aws-sdk-core-3.191.2/lib/seahorse/model/operation.rb0000644000004100000410000000273414563437550022244 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Model class Operation def initialize @http_method = 'POST' @http_request_uri = '/' @deprecated = false @errors = [] @metadata = {} @async = false end # @return [String, nil] attr_accessor :name # @return [String] attr_accessor :http_method # @return [String] attr_accessor :http_request_uri # @return [Boolean] attr_accessor :http_checksum_required # @return [Hash] attr_accessor :http_checksum # @return [Hash] attr_accessor :request_compression # @return [Boolean] attr_accessor :deprecated # @return [Boolean] attr_accessor :endpoint_operation # @return [Hash] attr_accessor :endpoint_discovery # @return [String, nil] attr_accessor :documentation # @return [Hash, nil] attr_accessor :endpoint_pattern # @return [String, nil] attr_accessor :authorizer # @return [ShapeRef, nil] attr_accessor :input # @return [ShapeRef, nil] attr_accessor :output # @return [Array] attr_accessor :errors # APIG only # @return [Boolean] attr_accessor :require_apikey # @return [Boolean] attr_accessor :async def [](key) @metadata[key.to_s] end def []=(key, value) @metadata[key.to_s] = value end end end end aws-sdk-core-3.191.2/lib/seahorse/model/authorizer.rb0000644000004100000410000000053014563437550022430 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Model class Authorizer def initialize @type = 'provided' @placement = {} end # @return [String] attr_accessor :name # @return [String] attr_accessor :type # @return [Hash] attr_accessor :placement end end end aws-sdk-core-3.191.2/lib/seahorse/model/api.rb0000644000004100000410000000335214563437550021012 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Model class Api def initialize @metadata = {} @operations = {} @authorizers = {} @endpoint_operation = nil @require_endpoint_discovery = false end # @return [String, nil] attr_accessor :version # @return [Hash] attr_accessor :metadata # @return [Symbol|nil] attr_accessor :endpoint_operation # @return [Boolean|nil] attr_accessor :require_endpoint_discovery def operations(&block) if block_given? @operations.each(&block) else @operations.enum_for(:each) end end def operation(name) if @operations.key?(name.to_sym) @operations[name.to_sym] else raise ArgumentError, "unknown operation #{name.inspect}" end end def operation_names @operations.keys end def async_operation_names @operations.select {|_, op| op.async }.keys end def add_operation(name, operation) @operations[name.to_sym] = operation end def authorizers(&block) if block_given? @authorizers.each(&block) else @authorizers.enum_for(:each) end end def authorizer(name) if @authorizers.key?(name.to_sym) @authorizers[name.to_sym] else raise ArgumentError, "unknown authorizer #{name.inspect}" end end def authorizer_names @authorizers.keys end def add_authorizer(name, authorizer) @authorizers[name.to_sym] = authorizer end def inspect(*args) "#<#{self.class.name}>" end end end end aws-sdk-core-3.191.2/lib/seahorse/util.rb0000644000004100000410000000132014563437550020107 0ustar www-datawww-data# frozen_string_literal: true require 'cgi' module Seahorse # @api private module Util class << self def uri_escape(string) CGI.escape(string.to_s.encode('UTF-8')).gsub('+', '%20').gsub('%7E', '~') end def uri_path_escape(path) path.gsub(/[^\/]+/) { |part| uri_escape(part) } end def escape_header_list_string(s) s.include?('"') || s.include?(',') ? "\"#{s.gsub('"', '\"')}\"" : s end # Checks for a valid host label # @see https://tools.ietf.org/html/rfc3986#section-3.2.2 # @see https://tools.ietf.org/html/rfc1123#page-13 def host_label?(str) str =~ /^(?!-)[a-zA-Z0-9-]{1,63}(? "i-023a25f10a73a0f79" # # @note This implementation always returns a String and will not parse any # responses. Parsable responses may include JSON objects or directory # listings, which are strings separated by line feeds (ASCII 10). # # @example Fetching and parsing JSON meta-data # # require 'json' # data = ec2_metadata.get('/latest/dynamic/instance-identity/document') # JSON.parse(data) # => {"accountId"=>"012345678912", ... } # # @example Fetching and parsing directory listings # # listing = ec2_metadata.get('/latest/meta-data') # listing.split(10.chr) # => ["ami-id", "ami-launch-index", ...] # # @note Unlike other services, IMDS does not have a service API model. This # means that we cannot confidently generate code with methods and # response structures. This implementation ensures that new IMDS features # are always supported by being deployed to the instance and does not # require code changes. # # @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-categories.html # @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html # @param [String] path The full path to the metadata. def get(path) retry_errors(max_retries: @retries) do @mutex.synchronize do fetch_token unless @token && !@token.expired? end open_connection do |conn| http_get(conn, path, @token.value) end end end private def resolve_endpoint(endpoint, endpoint_mode) return endpoint if endpoint case endpoint_mode.downcase when 'ipv4' then 'http://169.254.169.254' when 'ipv6' then 'http://[fd00:ec2::254]' else raise ArgumentError, ':endpoint_mode is not valid, expected IPv4 or IPv6, '\ "got: #{endpoint_mode}" end end def fetch_token open_connection do |conn| created_time = Time.now token_value, token_ttl = http_put(conn, @token_ttl) @token = Token.new(value: token_value, ttl: token_ttl, created_time: created_time) end end def http_get(connection, path, token) headers = { 'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}", 'x-aws-ec2-metadata-token' => token } request = Net::HTTP::Get.new(path, headers) response = connection.request(request) case response.code.to_i when 200 response.body when 401 raise TokenExpiredError when 404 raise MetadataNotFoundError end end def http_put(connection, ttl) headers = { 'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}", 'x-aws-ec2-metadata-token-ttl-seconds' => ttl.to_s } request = Net::HTTP::Put.new(METADATA_TOKEN_PATH, headers) response = connection.request(request) case response.code.to_i when 200 [ response.body, response.header['x-aws-ec2-metadata-token-ttl-seconds'].to_i ] when 400 raise TokenRetrievalError when 403 raise RequestForbiddenError end end def open_connection uri = URI.parse(@endpoint) http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port) http.open_timeout = @http_open_timeout http.read_timeout = @http_read_timeout http.set_debug_output(@http_debug_output) if @http_debug_output http.start yield(http).tap { http.finish } end def retry_errors(options = {}, &_block) max_retries = options[:max_retries] retries = 0 begin yield # These errors should not be retried. rescue TokenRetrievalError, MetadataNotFoundError, RequestForbiddenError raise # StandardError is not ideal but it covers Net::HTTP errors. # https://gist.github.com/tenderlove/245188 rescue StandardError, TokenExpiredError raise unless retries < max_retries @backoff.call(retries) retries += 1 retry end end def backoff(backoff) case backoff when Proc then backoff when Numeric then ->(_) { Kernel.sleep(backoff) } else ->(num_failures) { Kernel.sleep(1.2**num_failures) } end end # @api private class Token def initialize(options = {}) @ttl = options[:ttl] @value = options[:value] @created_time = options[:created_time] || Time.now end # [String] Returns the token value. attr_reader :value # [Boolean] Returns true if the token expired. def expired? Time.now - @created_time > @ttl end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/waiters.rb0000644000004100000410000000020514563437550021277 0ustar www-datawww-data# frozen_string_literal: true require_relative 'waiters/errors' require_relative 'waiters/poller' require_relative 'waiters/waiter' aws-sdk-core-3.191.2/lib/aws-sdk-core/rest/0000755000004100000410000000000014563437550020254 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/rest/handler.rb0000644000004100000410000000113314563437550022214 0ustar www-datawww-data# frozen_string_literal: true module Aws # @api private module Rest class Handler < Seahorse::Client::Handler def call(context) Rest::Request::Builder.new.apply(context) resp = @handler.call(context) resp.on(200..299) { |response| Response::Parser.new.apply(response) } resp.on(200..599) { |response| apply_request_id(context) } resp end private def apply_request_id(context) h = context.http_response.headers context[:request_id] ||= h['x-amz-request-id'] || h['x-amzn-requestid'] end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/rest/response/0000755000004100000410000000000014563437550022112 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/rest/response/status_code.rb0000644000004100000410000000113414563437550024753 0ustar www-datawww-data# frozen_string_literal: true module Aws module Rest module Response class StatusCode # @param [Seahorse::Model::Shapes::ShapeRef] rules def initialize(rules) @rules = rules end # @param [Seahorse::Client::Http::Response] http_resp # @param [Hash, Struct] data def apply(http_resp, data) @rules.shape.members.each do |member_name, member_ref| if member_ref.location == 'statusCode' data[member_name] = http_resp.status_code end end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/rest/response/headers.rb0000644000004100000410000000424614563437550024060 0ustar www-datawww-data# frozen_string_literal: true require 'time' require 'base64' module Aws module Rest module Response class Headers include Seahorse::Model::Shapes # @param [Seahorse::Model::ShapeRef] rules def initialize(rules) @rules = rules end # @param [Seahorse::Client::Http::Response] http_resp # @param [Hash, Struct] target def apply(http_resp, target) headers = http_resp.headers @rules.shape.members.each do |name, ref| case ref.location when 'header' then extract_header_value(headers, name, ref, target) when 'headers' then extract_header_map(headers, name, ref, target) end end end def extract_header_value(headers, name, ref, data) if headers.key?(ref.location_name) data[name] = cast_value(ref, headers[ref.location_name]) end end def cast_value(ref, value) value = extract_json_trait(value) if ref['jsonvalue'] case ref.shape when StringShape then value when IntegerShape then value.to_i when FloatShape then value.to_f when BooleanShape then value == 'true' when ListShape then value.split(",").map { |v| cast_value(ref.shape.member, v) } when TimestampShape if value =~ /^\d+(\.\d*)/ Time.at(value.to_f) elsif value =~ /^\d+$/ Time.at(value.to_i) else begin Time.parse(value) rescue nil end end else raise "unsupported shape #{ref.shape.class}" end end def extract_header_map(headers, name, ref, data) data[name] = {} prefix = ref.location_name || '' headers.each do |header_name, header_value| if match = header_name.match(/^#{prefix}(.+)/i) data[name][match[1]] = header_value end end end def extract_json_trait(value) Aws::Json.load(Base64.decode64(value)) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/rest/response/body.rb0000644000004100000410000000302514563437550023374 0ustar www-datawww-data# frozen_string_literal: true module Aws module Rest module Response class Body include Seahorse::Model::Shapes # @param [Class] parser_class # @param [Seahorse::Model::ShapeRef] rules def initialize(parser_class, rules) @parser_class = parser_class @rules = rules end # @param [IO] body # @param [Hash, Struct] data def apply(body, data) if event_stream? data[@rules[:payload]] = parse_eventstream(body) elsif streaming? data[@rules[:payload]] = body elsif @rules[:payload] data[@rules[:payload]] = parse(body.read, @rules[:payload_member]) elsif !@rules.shape.member_names.empty? parse(body.read, @rules, data) end end private def event_stream? @rules[:payload] && @rules[:payload_member].eventstream end def streaming? @rules[:payload] && ( BlobShape === @rules[:payload_member].shape || StringShape === @rules[:payload_member].shape ) end def parse(body, rules, target = nil) @parser_class.new(rules).parse(body, target) if body.size > 0 end def parse_eventstream(body) # body contains an array of parsed event when they arrive @rules[:payload_member].shape.struct_class.new do |payload| body.each { |event| payload << event } end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/rest/response/parser.rb0000644000004100000410000000273214563437550023737 0ustar www-datawww-data# frozen_string_literal: true module Aws module Rest module Response class Parser def apply(response) # TODO : remove this unless check once response stubbing is fixed if rules = response.context.operation.output response.data = rules.shape.struct_class.new extract_status_code(rules, response) extract_headers(rules, response) extract_body(rules, response) else response.data = EmptyStructure.new end end private def extract_status_code(rules, response) status_code = StatusCode.new(rules) status_code.apply(response.context.http_response, response.data) end def extract_headers(rules, response) headers = Headers.new(rules) headers.apply(response.context.http_response, response.data) end def extract_body(rules, response) Body.new(parser_class(response), rules). apply( response.context.http_response.body, response.data ) end def parser_class(response) protocol = response.context.config.api.metadata['protocol'] case protocol when 'rest-xml' then Xml::Parser when 'rest-json' then Json::Parser when 'api-gateway' then Json::Parser else raise "unsupported protocol #{protocol}" end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/rest/request/0000755000004100000410000000000014563437550021744 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/rest/request/headers.rb0000644000004100000410000000423214563437550023705 0ustar www-datawww-data# frozen_string_literal: true require 'time' require 'base64' module Aws module Rest module Request class Headers include Seahorse::Model::Shapes # @param [Seahorse::Model::ShapeRef] rules def initialize(rules) @rules = rules end # @param [Seahorse::Client::Http::Request] http_req # @param [Hash] params def apply(http_req, params) @rules.shape.members.each do |name, ref| value = params[name] next if value.nil? case ref.location when 'header' then apply_header_value(http_req.headers, ref, value) when 'headers' then apply_header_map(http_req.headers, ref, value) end end end private def apply_header_value(headers, ref, value) value = apply_json_trait(value) if ref['jsonvalue'] case ref.shape when TimestampShape then headers[ref.location_name] = timestamp(ref, value) when ListShape then list(headers, ref, value) else headers[ref.location_name] = value.to_s end end def timestamp(ref, value) case ref['timestampFormat'] || ref.shape['timestampFormat'] when 'unixTimestamp' then value.to_i when 'iso8601' then value.utc.iso8601 else # header default to rfc822 value.utc.httpdate end end def list(headers, ref, value) return if !value || value.empty? headers[ref.location_name] = value .compact .map { |s| Seahorse::Util.escape_header_list_string(s.to_s) } .join(',') end def apply_header_map(headers, ref, values) prefix = ref.location_name || '' values.each_pair do |name, value| headers["#{prefix}#{name}"] = value.to_s end end # With complex headers value in json syntax, # base64 encodes value to avoid weird characters # causing potential issues in headers def apply_json_trait(value) Base64.strict_encode64(value) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/rest/request/builder.rb0000644000004100000410000000262214563437550023721 0ustar www-datawww-data# frozen_string_literal: true module Aws module Rest module Request class Builder def apply(context) populate_http_method(context) populate_endpoint(context) populate_headers(context) populate_body(context) end private def populate_http_method(context) context.http_request.http_method = context.operation.http_method end def populate_endpoint(context) context.http_request.endpoint = Endpoint.new( context.operation.input, context.operation.http_request_uri, ).uri(context.http_request.endpoint, context.params) end def populate_headers(context) headers = Headers.new(context.operation.input) headers.apply(context.http_request, context.params) end def populate_body(context) Body.new( serializer_class(context), context.operation.input ).apply(context.http_request, context.params) end def serializer_class(context) protocol = context.config.api.metadata['protocol'] case protocol when 'rest-xml' then Xml::Builder when 'rest-json' then Json::Builder when 'api-gateway' then Json::Builder else raise "unsupported protocol #{protocol}" end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/rest/request/body.rb0000644000004100000410000000425614563437550023235 0ustar www-datawww-data# frozen_string_literal: true module Aws module Rest module Request class Body include Seahorse::Model::Shapes # @param [Class] serializer_class # @param [Seahorse::Model::ShapeRef] rules def initialize(serializer_class, rules) @serializer_class = serializer_class @rules = rules end # @param [Seahorse::Client::Http::Request] http_req # @param [Hash] params def apply(http_req, params) body = build_body(params) # for rest-json, ensure we send at least an empty object # don't send an empty object for streaming? case. if body.nil? && @serializer_class == Json::Builder && modeled_body? && !streaming? body = '{}' end http_req.body = body end private # operation is modeled for body when it is modeled for a payload # either with payload trait or normal members. def modeled_body? return true if @rules[:payload] @rules.shape.members.each do |member| _name, shape = member return true if shape.location.nil? end false end def build_body(params) if streaming? params[@rules[:payload]] elsif @rules[:payload] params = params[@rules[:payload]] serialize(@rules[:payload_member], params) if params else params = body_params(params) serialize(@rules, params) unless params.empty? end end def streaming? @rules[:payload] && ( BlobShape === @rules[:payload_member].shape || StringShape === @rules[:payload_member].shape ) end def serialize(rules, params) @serializer_class.new(rules).serialize(params) end def body_params(params) @rules.shape.members.inject({}) do |hash, (member_name, member_ref)| if !member_ref.location && params.key?(member_name) hash[member_name] = params[member_name] end hash end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/rest/request/endpoint.rb0000644000004100000410000000454214563437550024116 0ustar www-datawww-data# frozen_string_literal: true require 'uri' module Aws module Rest module Request class Endpoint # @param [Seahorse::Model::Shapes::ShapeRef] rules # @param [String] request_uri_pattern def initialize(rules, request_uri_pattern) @rules = rules request_uri_pattern.split('?').tap do |path_part, query_part| @path_pattern = path_part @query_prefix = query_part end end # @param [URI::HTTPS,URI::HTTP] base_uri # @param [Hash,Struct] params # @return [URI::HTTPS,URI::HTTP] def uri(base_uri, params) uri = URI.parse(base_uri.to_s) apply_path_params(uri, params) apply_querystring_params(uri, params) uri end private def apply_path_params(uri, params) path = uri.path.sub(/\/$/, '') + @path_pattern.split('?')[0] uri.path = path.gsub(/{.+?}/) do |placeholder| param_value_for_placeholder(placeholder, params) end end def param_value_for_placeholder(placeholder, params) name = param_name(placeholder) value = params[name].to_s raise ArgumentError, ":#{name} must not be blank" if value.empty? if placeholder.include?('+') value.gsub(/[^\/]+/) { |v| escape(v) } else escape(value) end end def param_name(placeholder) location_name = placeholder.gsub(/[{}+]/,'') param_name, _ = @rules.shape.member_by_location_name(location_name) param_name end def apply_querystring_params(uri, params) # collect params that are supposed to be part of the query string parts = @rules.shape.members.inject([]) do |prts, (member_name, member_ref)| if member_ref.location == 'querystring' && !params[member_name].nil? prts << [member_ref, params[member_name]] end prts end querystring = QuerystringBuilder.new.build(parts) querystring = [@query_prefix, querystring == '' ? nil : querystring].compact.join('&') querystring = nil if querystring == '' uri.query = querystring end def escape(string) Seahorse::Util.uri_escape(string) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/rest/request/querystring_builder.rb0000644000004100000410000000617514563437550026404 0ustar www-datawww-data# frozen_string_literal: true module Aws module Rest module Request class QuerystringBuilder include Seahorse::Model::Shapes SUPPORTED_TYPES = [ BooleanShape, FloatShape, IntegerShape, StringShape, TimestampShape ].freeze # Provide shape references and param values: # # [ # [shape_ref1, 123], # [shape_ref2, "text"] # ] # # Returns a querystring: # # "Count=123&Words=text" # # @param [Array>] params An array of # model shape references and request parameter value pairs. # # @return [String] Returns a built querystring def build(params) params.map do |(shape_ref, param_value)| build_part(shape_ref, param_value) end.join('&') end private def build_part(shape_ref, param_value) case shape_ref.shape # supported scalar types when *SUPPORTED_TYPES "#{shape_ref.location_name}=#{query_value(shape_ref, param_value)}" when MapShape generate_query_map(shape_ref, param_value) when ListShape generate_query_list(shape_ref, param_value) else raise NotImplementedError end end def timestamp(ref, value) case ref['timestampFormat'] || ref.shape['timestampFormat'] when 'unixTimestamp' then value.to_i when 'rfc822' then value.utc.httpdate else # querystring defaults to iso8601 value.utc.iso8601 end end def query_value(ref, value) case ref.shape when TimestampShape escape(timestamp(ref, value)) when *SUPPORTED_TYPES escape(value.to_s) else raise NotImplementedError end end def generate_query_list(ref, values) member_ref = ref.shape.member values.map do |value| value = query_value(member_ref, value) "#{ref.location_name}=#{value}" end end def generate_query_map(ref, value) case ref.shape.value.shape when StringShape query_map_of_string(value) when ListShape query_map_of_string_list(value) else msg = 'Only map of string and string list supported' raise NotImplementedError, msg end end def query_map_of_string(hash) list = [] hash.each_pair do |key, value| list << "#{escape(key)}=#{escape(value)}" end list end def query_map_of_string_list(hash) list = [] hash.each_pair do |key, values| values.each do |value| list << "#{escape(key)}=#{escape(value)}" end end list end def escape(string) Seahorse::Util.uri_escape(string) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/token.rb0000644000004100000410000000115714563437550020750 0ustar www-datawww-data# frozen_string_literal: true module Aws class Token # @param [String] token # @param [Time] expiration def initialize(token, expiration=nil) @token = token @expiration = expiration end # @return [String, nil] attr_reader :token # @return [Time, nil] attr_reader :expiration # @return [Boolean] Returns `true` if token is set def set? !token.nil? && !token.empty? end # Removing the token from the default inspect string. # @api private def inspect "#<#{self.class.name} token=[FILTERED]> expiration=#{expiration}>" end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/shared_config.rb0000644000004100000410000004441114563437550022423 0ustar www-datawww-data# frozen_string_literal: true module Aws # @api private class SharedConfig SSO_CREDENTIAL_PROFILE_KEYS = %w[sso_account_id sso_role_name].freeze SSO_PROFILE_KEYS = %w[sso_session sso_start_url sso_region sso_account_id sso_role_name].freeze SSO_TOKEN_PROFILE_KEYS = %w[sso_session].freeze SSO_SESSION_KEYS = %w[sso_region sso_start_url].freeze # @return [String] attr_reader :credentials_path # @return [String] attr_reader :config_path # @return [String] attr_reader :profile_name # Constructs a new SharedConfig provider object. This will load the shared # credentials file, and optionally the shared configuration file, as ini # files which support profiles. # # By default, the shared credential file (the default path for which is # `~/.aws/credentials`) and the shared config file (the default path for # which is `~/.aws/config`) are loaded. However, if you set the # `ENV['AWS_SDK_CONFIG_OPT_OUT']` environment variable, only the shared # credential file will be loaded. You can specify the shared credential # file path with the `ENV['AWS_SHARED_CREDENTIALS_FILE']` environment # variable or with the `:credentials_path` option. Similarly, you can # specify the shared config file path with the `ENV['AWS_CONFIG_FILE']` # environment variable or with the `:config_path` option. # # The default profile name is 'default'. You can specify the profile name # with the `ENV['AWS_PROFILE']` environment variable or with the # `:profile_name` option. # # @param [Hash] options # @option options [String] :credentials_path Path to the shared credentials # file. If not specified, will check `ENV['AWS_SHARED_CREDENTIALS_FILE']` # before using the default value of "#{Dir.home}/.aws/credentials". # @option options [String] :config_path Path to the shared config file. # If not specified, will check `ENV['AWS_CONFIG_FILE']` before using the # default value of "#{Dir.home}/.aws/config". # @option options [String] :profile_name The credential/config profile name # to use. If not specified, will check `ENV['AWS_PROFILE']` before using # the fixed default value of 'default'. # @option options [Boolean] :config_enabled If true, loads the shared config # file and enables new config values outside of the old shared credential # spec. def initialize(options = {}) @parsed_config = nil @profile_name = determine_profile(options) @config_enabled = options[:config_enabled] @credentials_path = options[:credentials_path] || determine_credentials_path @credentials_path = File.expand_path(@credentials_path) if @credentials_path @parsed_credentials = {} load_credentials_file if loadable?(@credentials_path) if @config_enabled @config_path = options[:config_path] || determine_config_path @config_path = File.expand_path(@config_path) if @config_path load_config_file if loadable?(@config_path) end end # @api private def fresh(options = {}) @profile_name = nil @credentials_path = nil @config_path = nil @parsed_credentials = {} @parsed_config = nil @config_enabled = options[:config_enabled] ? true : false @profile_name = determine_profile(options) @credentials_path = options[:credentials_path] || determine_credentials_path load_credentials_file if loadable?(@credentials_path) if @config_enabled @config_path = options[:config_path] || determine_config_path load_config_file if loadable?(@config_path) end end # @return [Boolean] Returns `true` if a credential file # exists and has appropriate read permissions at {#path}. # @note This method does not indicate if the file found at {#path} # will be parsable, only if it can be read. def loadable?(path) !path.nil? && File.exist?(path) && File.readable?(path) end # @return [Boolean] returns `true` if use of the shared config file is # enabled. def config_enabled? @config_enabled ? true : false end # Sources static credentials from shared credential/config files. # # @param [Hash] opts # @option options [String] :profile the name of the configuration file from # which credentials are being sourced. # @return [Aws::Credentials] credentials sourced from configuration values, # or `nil` if no valid credentials were found. def credentials(opts = {}) p = opts[:profile] || @profile_name validate_profile_exists(p) if (credentials = credentials_from_shared(p, opts)) credentials elsif (credentials = credentials_from_config(p, opts)) credentials end end # Attempts to assume a role from shared config or shared credentials file. # Will always attempt first to assume a role from the shared credentials # file, if present. def assume_role_credentials_from_config(opts = {}) p = opts.delete(:profile) || @profile_name chain_config = opts.delete(:chain_config) credentials = assume_role_from_profile(@parsed_credentials, p, opts, chain_config) if @parsed_config credentials ||= assume_role_from_profile(@parsed_config, p, opts, chain_config) end credentials end def assume_role_web_identity_credentials_from_config(opts = {}) p = opts[:profile] || @profile_name if @config_enabled && @parsed_config entry = @parsed_config.fetch(p, {}) if entry['web_identity_token_file'] && entry['role_arn'] cfg = { role_arn: entry['role_arn'], web_identity_token_file: entry['web_identity_token_file'], role_session_name: entry['role_session_name'] } cfg[:region] = opts[:region] if opts[:region] AssumeRoleWebIdentityCredentials.new(cfg) end end end # Attempts to load from shared config or shared credentials file. # Will always attempt first to load from the shared credentials # file, if present. def sso_credentials_from_config(opts = {}) p = opts[:profile] || @profile_name credentials = sso_credentials_from_profile(@parsed_credentials, p) if @parsed_config credentials ||= sso_credentials_from_profile(@parsed_config, p) end credentials end # Attempts to load from shared config or shared credentials file. # Will always attempt first to load from the shared credentials # file, if present. def sso_token_from_config(opts = {}) p = opts[:profile] || @profile_name token = sso_token_from_profile(@parsed_credentials, p) if @parsed_config token ||= sso_token_from_profile(@parsed_config, p) end token end # Source a custom configured endpoint from the shared configuration file # # @param [Hash] opts # @option opts [String] :profile # @option opts [String] :service_id def configured_endpoint(opts = {}) # services section is only allowed in the shared config file (not credentials) profile = opts[:profile] || @profile_name service_id = opts[:service_id]&.gsub(" ", "_")&.downcase if @parsed_config && (prof_config = @parsed_config[profile]) services_section_name = prof_config['services'] if (services_config = @parsed_config["services #{services_section_name}"]) && (service_config = services_config[service_id]) return service_config['endpoint_url'] if service_config['endpoint_url'] end return prof_config['endpoint_url'] end nil end # Add an accessor method (similar to attr_reader) to return a configuration value # Uses the get_config_value below to control where # values are loaded from def self.config_reader(*attrs) attrs.each do |attr| define_method(attr) { |opts = {}| get_config_value(attr.to_s, opts) } end end config_reader( :region, :ca_bundle, :credential_process, :endpoint_discovery_enabled, :use_dualstack_endpoint, :use_fips_endpoint, :ec2_metadata_service_endpoint, :ec2_metadata_service_endpoint_mode, :ec2_metadata_v1_disabled, :max_attempts, :retry_mode, :adaptive_retry_wait_to_fill, :correct_clock_skew, :csm_client_id, :csm_enabled, :csm_host, :csm_port, :sts_regional_endpoints, :s3_use_arn_region, :s3_us_east_1_regional_endpoint, :s3_disable_multiregion_access_points, :s3_disable_express_session_auth, :defaults_mode, :sdk_ua_app_id, :disable_request_compression, :request_min_compression_size_bytes, :ignore_configured_endpoint_urls ) private # Get a config value from from shared credential/config files. # Only loads a value when config_enabled is true # Return a value from credentials preferentially over config def get_config_value(key, opts) p = opts[:profile] || @profile_name value = @parsed_credentials.fetch(p, {})[key] if @parsed_credentials value ||= @parsed_config.fetch(p, {})[key] if @config_enabled && @parsed_config value end def assume_role_from_profile(cfg, profile, opts, chain_config) if cfg && prof_cfg = cfg[profile] opts[:source_profile] ||= prof_cfg['source_profile'] credential_source = opts.delete(:credential_source) credential_source ||= prof_cfg['credential_source'] if opts[:source_profile] && credential_source raise Errors::CredentialSourceConflictError, "Profile #{profile} has a source_profile, and "\ 'a credential_source. For assume role credentials, must '\ 'provide only source_profile or credential_source, not both.' elsif opts[:source_profile] opts[:visited_profiles] ||= Set.new opts[:credentials] = resolve_source_profile(opts[:source_profile], opts) if opts[:credentials] opts[:role_session_name] ||= prof_cfg['role_session_name'] opts[:role_session_name] ||= 'default_session' opts[:role_arn] ||= prof_cfg['role_arn'] opts[:duration_seconds] ||= prof_cfg['duration_seconds'] opts[:external_id] ||= prof_cfg['external_id'] opts[:serial_number] ||= prof_cfg['mfa_serial'] opts[:profile] = opts.delete(:source_profile) opts.delete(:visited_profiles) AssumeRoleCredentials.new(opts) else raise Errors::NoSourceProfileError, "Profile #{profile} has a role_arn, and source_profile, but the"\ ' source_profile does not have credentials.' end elsif credential_source opts[:credentials] = credentials_from_source( credential_source, chain_config ) if opts[:credentials] opts[:role_session_name] ||= prof_cfg['role_session_name'] opts[:role_session_name] ||= 'default_session' opts[:role_arn] ||= prof_cfg['role_arn'] opts[:duration_seconds] ||= prof_cfg['duration_seconds'] opts[:external_id] ||= prof_cfg['external_id'] opts[:serial_number] ||= prof_cfg['mfa_serial'] opts.delete(:source_profile) # Cleanup AssumeRoleCredentials.new(opts) else raise Errors::NoSourceCredentials, "Profile #{profile} could not get source credentials from"\ " provider #{credential_source}" end elsif prof_cfg['role_arn'] raise Errors::NoSourceProfileError, "Profile #{profile} has a role_arn, but no source_profile." end end end def resolve_source_profile(profile, opts = {}) if opts[:visited_profiles] && opts[:visited_profiles].include?(profile) raise Errors::SourceProfileCircularReferenceError end opts[:visited_profiles].add(profile) if opts[:visited_profiles] profile_config = @parsed_credentials[profile] if @config_enabled profile_config ||= @parsed_config[profile] end if (creds = credentials(profile: profile)) creds # static credentials elsif profile_config && profile_config['source_profile'] opts.delete(:source_profile) assume_role_credentials_from_config(opts.merge(profile: profile)) elsif (provider = assume_role_web_identity_credentials_from_config(opts.merge(profile: profile))) provider.credentials if provider.credentials.set? elsif (provider = assume_role_process_credentials_from_config(profile)) provider.credentials if provider.credentials.set? elsif (provider = sso_credentials_from_config(profile: profile)) provider.credentials if provider.credentials.set? end end def credentials_from_source(credential_source, config) case credential_source when 'Ec2InstanceMetadata' InstanceProfileCredentials.new( retries: config ? config.instance_profile_credentials_retries : 0, http_open_timeout: config ? config.instance_profile_credentials_timeout : 1, http_read_timeout: config ? config.instance_profile_credentials_timeout : 1 ) when 'EcsContainer' ECSCredentials.new else raise Errors::InvalidCredentialSourceError, "Unsupported credential_source: #{credential_source}" end end def assume_role_process_credentials_from_config(profile) validate_profile_exists(profile) credential_process = @parsed_credentials.fetch(profile, {})['credential_process'] if @parsed_config credential_process ||= @parsed_config.fetch(profile, {})['credential_process'] end ProcessCredentials.new(credential_process) if credential_process end def credentials_from_shared(profile, _opts) if @parsed_credentials && prof_config = @parsed_credentials[profile] credentials_from_profile(prof_config) end end def credentials_from_config(profile, _opts) if @parsed_config && prof_config = @parsed_config[profile] credentials_from_profile(prof_config) end end # If any of the sso_ profile values are present, attempt to construct # SSOCredentials def sso_credentials_from_profile(cfg, profile) if @parsed_config && (prof_config = cfg[profile]) && !(prof_config.keys & SSO_CREDENTIAL_PROFILE_KEYS).empty? if sso_session_name = prof_config['sso_session'] sso_session = sso_session(cfg, profile, sso_session_name) sso_region = sso_session['sso_region'] sso_start_url = sso_session['sso_start_url'] # validate sso_region and sso_start_url don't conflict if set on profile and session if prof_config['sso_region'] && prof_config['sso_region'] != sso_region raise ArgumentError, "sso-session #{sso_session_name}'s sso_region (#{sso_region}) " \ "does not match the profile #{profile}'s sso_region (#{prof_config['sso_region']}'" end if prof_config['sso_start_url'] && prof_config['sso_start_url'] != sso_start_url raise ArgumentError, "sso-session #{sso_session_name}'s sso_start_url (#{sso_start_url}) " \ "does not match the profile #{profile}'s sso_start_url (#{prof_config['sso_start_url']}'" end else sso_region = prof_config['sso_region'] sso_start_url = prof_config['sso_start_url'] end SSOCredentials.new( sso_account_id: prof_config['sso_account_id'], sso_role_name: prof_config['sso_role_name'], sso_session: prof_config['sso_session'], sso_region: sso_region, sso_start_url: sso_start_url ) end end # If the required sso_ profile values are present, attempt to construct # SSOTokenProvider def sso_token_from_profile(cfg, profile) if @parsed_config && (prof_config = cfg[profile]) && !(prof_config.keys & SSO_TOKEN_PROFILE_KEYS).empty? sso_session_name = prof_config['sso_session'] sso_session = sso_session(cfg, profile, sso_session_name) SSOTokenProvider.new( sso_session: sso_session_name, sso_region: sso_session['sso_region'] ) end end def credentials_from_profile(prof_config) creds = Credentials.new( prof_config['aws_access_key_id'], prof_config['aws_secret_access_key'], prof_config['aws_session_token'] ) creds if creds.set? end def load_credentials_file @parsed_credentials = IniParser.ini_parse( File.read(@credentials_path) ) end def load_config_file @parsed_config = IniParser.ini_parse(File.read(@config_path)) end def determine_credentials_path ENV['AWS_SHARED_CREDENTIALS_FILE'] || default_shared_config_path('credentials') end def determine_config_path ENV['AWS_CONFIG_FILE'] || default_shared_config_path('config') end def default_shared_config_path(file) File.join(Dir.home, '.aws', file) rescue ArgumentError # Dir.home raises ArgumentError when ENV['home'] is not set nil end def validate_profile_exists(profile) unless (@parsed_credentials && @parsed_credentials[profile]) || (@parsed_config && @parsed_config[profile]) msg = "Profile `#{profile}' not found in #{@credentials_path}"\ "#{" or #{@config_path}" if @config_path}" raise Errors::NoSuchProfileError, msg end end def determine_profile(options) ret = options[:profile_name] ret ||= ENV['AWS_PROFILE'] ret ||= 'default' ret end def sso_session(cfg, profile, sso_session_name) # aws sso-configure may add quotes around sso session names with whitespace sso_session = cfg["sso-session #{sso_session_name}"] || cfg["sso-session '#{sso_session_name}'"] unless sso_session raise ArgumentError, "sso-session #{sso_session_name} must be defined in the config file. " \ "Referenced by profile #{profile}" end unless sso_session['sso_region'] raise ArgumentError, "sso-session #{sso_session_name} missing required parameter: sso_region" end sso_session end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/deprecations.rb0000644000004100000410000000402514563437550022305 0ustar www-datawww-data# frozen_string_literal: true module Aws # A utility module that provides a class method that wraps # a method such that it generates a deprecation warning when called. # Given the following class: # # class Example # # def do_something # end # # end # # If you want to deprecate the `#do_something` method, you can extend # this module and then call `deprecated` on the method (after it # has been defined). # # class Example # # extend Aws::Deprecations # # def do_something # end # # def do_something_else # end # # deprecated :do_something # # end # # The `#do_something` method will continue to function, but will # generate a deprecation warning when called. # # @api private module Deprecations # @param [Symbol] method The name of the deprecated method. # # @option options [String] :message The warning message to issue # when the deprecated method is called. # # @option options [String] :use The name of a method that should be used. # # @option options [String] :version The version that will remove the # deprecated method. # def deprecated(method, options = {}) deprecation_msg = options[:message] || begin "#################### DEPRECATION WARNING ####################\n"\ "Called deprecated method `#{method}` of #{self}."\ "#{" Use `#{options[:use]}` instead.\n" if options[:use]}"\ "#{"Method `#{method}` will be removed in #{options[:version]}."\ if options[:version]}"\ "\n#############################################################" end alias_method(:"deprecated_#{method}", method) warned = false # we only want to issue this warning once define_method(method) do |*args, &block| unless warned warned = true warn(deprecation_msg + "\n" + caller.join("\n")) end send("deprecated_#{method}", *args, &block) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/assume_role_credentials.rb0000644000004100000410000000475114563437550024526 0ustar www-datawww-data# frozen_string_literal: true require 'set' module Aws # An auto-refreshing credential provider that assumes a role via # {Aws::STS::Client#assume_role}. # # role_credentials = Aws::AssumeRoleCredentials.new( # client: Aws::STS::Client.new(...), # role_arn: "linked::account::arn", # role_session_name: "session-name" # ) # ec2 = Aws::EC2::Client.new(credentials: role_credentials) # # If you omit `:client` option, a new {Aws::STS::Client} object will be # constructed with additional options that were provided. # # @see Aws::STS::Client#assume_role class AssumeRoleCredentials include CredentialProvider include RefreshingCredentials # @option options [required, String] :role_arn # @option options [required, String] :role_session_name # @option options [String] :policy # @option options [Integer] :duration_seconds # @option options [String] :external_id # @option options [STS::Client] :client # @option options [Callable] before_refresh Proc called before # credentials are refreshed. Useful for updating tokens. # `before_refresh` is called when AWS credentials are # required and need to be refreshed. Tokens can be refreshed using # the following example: # # before_refresh = Proc.new do |assume_role_credentials| do # assume_role_credentials.assume_role_params['token_code'] = update_token # end # def initialize(options = {}) client_opts = {} @assume_role_params = {} options.each_pair do |key, value| if self.class.assume_role_options.include?(key) @assume_role_params[key] = value elsif !CLIENT_EXCLUDE_OPTIONS.include?(key) client_opts[key] = value end end @client = client_opts[:client] || STS::Client.new(client_opts) @async_refresh = true super end # @return [STS::Client] attr_reader :client # @return [Hash] attr_reader :assume_role_params private def refresh c = @client.assume_role(@assume_role_params).credentials @credentials = Credentials.new( c.access_key_id, c.secret_access_key, c.session_token ) @expiration = c.expiration end class << self # @api private def assume_role_options @aro ||= begin input = STS::Client.api.operation(:assume_role).input Set.new(input.shape.member_names) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/waiters/0000755000004100000410000000000014563437550020755 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/waiters/poller.rb0000644000004100000410000000666314563437550022612 0ustar www-datawww-data# frozen_string_literal: true module Aws module Waiters # Polls a single API operation inspecting the response data and/or error # for states matching one of its acceptors. # @api private class Poller # @api private RAISE_HANDLER = Seahorse::Client::Plugins::RaiseResponseErrors::Handler # @option options [required, String] :operation_name # @option options [required, Array] :acceptors # @api private def initialize(options = {}) @operation_name = options.fetch(:operation_name) @acceptors = options.fetch(:acceptors) end # @return [Symbol] attr_reader :operation_name # Makes an API call, returning the resultant state and the response. # # * `:success` - A success state has been matched. # * `:failure` - A terminate failure state has been matched. # * `:retry` - The waiter may be retried. # * `:error` - The waiter encountered an un-expected error. # # @example A trival (bad) example of a waiter that polls indefinetly. # # loop do # # state, resp = poller.call(client:client, params:{}) # # case state # when :success then return true # when :failure then return false # when :retry then next # when :error then raise 'oops' # end # # end # # @option options [required,Client] :client # @option options [required,Hash] :params # @return [Array] def call(options = {}) response = send_request(options) @acceptors.each do |acceptor| if acceptor_matches?(acceptor, response) return [acceptor['state'].to_sym, response] end end [response.error ? :error : :retry, response] end private def send_request(options) req = options[:client].build_request(@operation_name, options[:params]) req.handlers.remove(RAISE_HANDLER) Aws::Plugins::UserAgent.feature('waiter') do req.send_request end end def acceptor_matches?(acceptor, response) send("matches_#{acceptor['matcher']}?", acceptor, response) end def matches_path?(acceptor, response) if response.data JMESPath.search(path(acceptor), response.data) == acceptor['expected'] else false end end def matches_pathAll?(acceptor, response) non_empty_array(acceptor, response) do |values| values.all? { |value| value == acceptor['expected'] } end end def matches_pathAny?(acceptor, response) non_empty_array(acceptor, response) do |values| values.any? { |value| value == acceptor['expected'] } end end def matches_status?(acceptor, response) response.context.http_response.status_code == acceptor['expected'] end def matches_error?(acceptor, response) Aws::Errors::ServiceError === response.error && response.error.code == acceptor['expected'].delete('.') end def path(acceptor) acceptor['argument'] end def non_empty_array(acceptor, response, &block) if response.data values = JMESPath.search(path(acceptor), response.data) Array === values && values.count > 0 ? yield(values) : false else false end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/waiters/waiter.rb0000644000004100000410000000762414563437550022606 0ustar www-datawww-data# frozen_string_literal: true module Aws module Waiters # @api private class Waiter # @api private RAISE_HANDLER = Seahorse::Client::Plugins::RaiseResponseErrors::Handler # @api private def initialize(options = {}) @poller = options[:poller] @max_attempts = options[:max_attempts] @delay = options[:delay] @before_attempt = Array(options[:before_attempt]) @before_wait = Array(options[:before_wait]) end # @api private attr_reader :poller # @return [Integer] attr_accessor :max_attempts # @return [Float] attr_accessor :delay alias interval delay alias interval= delay= # Register a callback that is invoked before every polling attempt. # Yields the number of attempts made so far. # # waiter.before_attempt do |attempts| # puts "#{attempts} made, about to make attempt #{attempts + 1}" # end # # Throwing `:success` or `:failure` from the given block will stop # the waiter and return or raise. You can pass a custom message to the # throw: # # # raises Aws::Waiters::Errors::WaiterFailed # waiter.before_attempt do |attempts| # throw :failure, 'custom-error-message' # end # # # cause the waiter to stop polling and return # waiter.before_attempt do |attempts| # throw :success # end # # @yieldparam [Integer] attempts The number of attempts made. def before_attempt(&block) @before_attempt << block if block_given? end # Register a callback that is invoked after an attempt but before # sleeping. Yields the number of attempts made and the previous response. # # waiter.before_wait do |attempts, response| # puts "#{attempts} made" # puts response.error.inspect # puts response.data.inspect # end # # Throwing `:success` or `:failure` from the given block will stop # the waiter and return or raise. You can pass a custom message to the # throw: # # # raises Aws::Waiters::Errors::WaiterFailed # waiter.before_attempt do |attempts| # throw :failure, 'custom-error-message' # end # # # cause the waiter to stop polling and return # waiter.before_attempt do |attempts| # throw :success # end # # # @yieldparam [Integer] attempts The number of attempts already made. # @yieldparam [Seahorse::Client::Response] response The response from # the previous polling attempts. def before_wait(&block) @before_wait << block if block_given? end # @option options [Client] :client # @option options [Hash] :params def wait(options) catch(:success) do failure_msg = catch(:failure) do return poll(options) end raise Errors::WaiterFailed.new(failure_msg || 'waiter failed') end || true end private def poll(options) n = 0 loop do trigger_before_attempt(n) state, resp = @poller.call(options) n += 1 case state when :retry when :success then return resp when :failure then raise Errors::FailureStateError.new(resp) when :error then raise Errors::UnexpectedError.new(resp.error) end raise Errors::TooManyAttemptsError.new(n) if n == @max_attempts trigger_before_wait(n, resp) sleep(@delay) end end def trigger_before_attempt(attempts) @before_attempt.each { |block| block.call(attempts) } end def trigger_before_wait(attempts, response) @before_wait.each { |block| block.call(attempts, response) } end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/waiters/errors.rb0000644000004100000410000000307514563437550022623 0ustar www-datawww-data# frozen_string_literal: true module Aws module Waiters module Errors # Raised when a waiter detects a condition where the waiter can never # succeed. class WaiterFailed < StandardError; end class FailureStateError < WaiterFailed MSG = "stopped waiting, encountered a failure state" def initialize(response) @response = response super(MSG) end # @return [Seahorse::Client::Response] The response that matched # the failure state. attr_reader :response end class TooManyAttemptsError < WaiterFailed MSG = "stopped waiting after %d attempts without success" def initialize(attempts) @attempts = attempts super(MSG % [attempts]) end # @return [Integer] attr_reader :attempts end class UnexpectedError < WaiterFailed MSG = "stopped waiting due to an unexpected error: %s" def initialize(error) @error = error super(MSG % [error.message]) end # @return [Exception] The unexpected error. attr_reader :error end # Raised when attempting to get a waiter by name and the waiter has not # been defined. class NoSuchWaiterError < ArgumentError MSG = "no such waiter %s; valid waiter names are: %s" def initialize(waiter_name, waiter_names) waiter_names = waiter_names.map(&:inspect).join(', ') super(MSG % [waiter_name.inspect, waiter_names]) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/async_client_stubs.rb0000644000004100000410000000401714563437550023521 0ustar www-datawww-data# frozen_string_literal: true module Aws module AsyncClientStubs include Aws::ClientStubs # @api private def setup_stubbing @stubs = {} @stub_mutex = Mutex.new if Hash === @config.stub_responses @config.stub_responses.each do |operation_name, stubs| apply_stubs(operation_name, Array === stubs ? stubs : [stubs]) end end # When a client is stubbed allow the user to access the requests made @api_requests = [] # allow to access signaled events when client is stubbed @send_events = [] requests = @api_requests send_events = @send_events self.handle do |context| if input_stream = context[:input_event_stream_handler] stub_stream = StubStream.new stub_stream.send_events = send_events input_stream.event_emitter.stream = stub_stream input_stream.event_emitter.validate_event = context.config.validate_params end requests << { operation_name: context.operation_name, params: context.params, context: context } @handler.call(context) end end def send_events if config.stub_responses @send_events else msg = 'This method is only implemented for stubbed clients, and is '\ 'available when you enable stubbing in the constructor with `stub_responses: true`' raise NotImplementedError.new(msg) end end class StubStream def initialize @state = :open end attr_accessor :send_events attr_reader :state def data(bytes, options = {}) if options[:end_stream] @state = :closed else decoder = Aws::EventStream::Decoder.new event = decoder.decode_chunk(bytes).first @send_events << decoder.decode_chunk(event.payload.read).first end end def closed? @state == :closed end def close @state = :closed end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/client_side_monitoring/0000755000004100000410000000000014563437550024026 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/client_side_monitoring/request_metrics.rb0000644000004100000410000001476114563437550027602 0ustar www-datawww-data# frozen_string_literal: true module Aws module ClientSideMonitoring # @api private class RequestMetrics attr_reader :api_call, :api_call_attempts FIELD_MAX_LENGTH = { "ClientId" => 255, "UserAgent" => 256, "SdkException" => 128, "SdkExceptionMessage" => 512, "AwsException" => 128, "AwsExceptionMessage" => 512, "FinalAwsException" => 128, "FinalAwsExceptionMessage" => 512, "FinalSdkException" => 128, "FinalSdkExceptionMessage" => 512, } def initialize(opts = {}) @service = opts[:service] @api = opts[:operation] @client_id = opts[:client_id] @timestamp = opts[:timestamp] # In epoch milliseconds @region = opts[:region] @version = 1 @api_call = ApiCall.new(@service, @api, @client_id, @version, @timestamp, @region) @api_call_attempts = [] end def build_call_attempt(opts = {}) timestamp = opts[:timestamp] fqdn = opts[:fqdn] region = opts[:region] user_agent = opts[:user_agent] access_key = opts[:access_key] session_token = opts[:session_token] ApiCallAttempt.new( @service, @api, @client_id, @version, timestamp, fqdn, region, user_agent, access_key, session_token ) end def add_call_attempt(attempt) @api_call_attempts << attempt end class ApiCall attr_reader :service, :api, :client_id, :timestamp, :version, :attempt_count, :latency, :region, :max_retries_exceeded, :final_http_status_code, :user_agent, :final_aws_exception, :final_aws_exception_message, :final_sdk_exception, :final_sdk_exception_message def initialize(service, api, client_id, version, timestamp, region) @service = service @api = api @client_id = client_id @version = version @timestamp = timestamp @region = region end def complete(opts = {}) @latency = opts[:latency] @attempt_count = opts[:attempt_count] @user_agent = opts[:user_agent] if opts[:final_error_retryable] @max_retries_exceeded = 1 else @max_retries_exceeded = 0 end @final_http_status_code = opts[:final_http_status_code] @final_aws_exception = opts[:final_aws_exception] @final_aws_exception_message = opts[:final_aws_exception_message] @final_sdk_exception = opts[:final_sdk_exception] @final_sdk_exception_message = opts[:final_sdk_exception_message] @region = opts[:region] if opts[:region] # in case region changes end def to_json(*a) document = { "Type" => "ApiCall", "Service" => @service, "Api" => @api, "ClientId" => @client_id, "Timestamp" => @timestamp, "Version" => @version, "AttemptCount" => @attempt_count, "Latency" => @latency, "Region" => @region, "MaxRetriesExceeded" => @max_retries_exceeded, "UserAgent" => @user_agent, "FinalHttpStatusCode" => @final_http_status_code, } document["FinalSdkException"] = @final_sdk_exception if @final_sdk_exception document["FinalSdkExceptionMessage"] = @final_sdk_exception_message if @final_sdk_exception_message document["FinalAwsException"] = @final_aws_exception if @final_aws_exception document["FinalAwsExceptionMessage"] = @final_aws_exception_message if @final_aws_exception_message document = _truncate(document) document.to_json end private def _truncate(document) document.each do |key, value| limit = FIELD_MAX_LENGTH[key] if limit && value.to_s.length > limit document[key] = value.to_s.slice(0...limit) end end document end end class ApiCallAttempt attr_reader :service, :api, :client_id, :version, :timestamp, :user_agent, :access_key, :session_token attr_accessor :region, :fqdn, :request_latency, :http_status_code, :aws_exception_msg, :x_amz_request_id, :x_amz_id_2, :x_amzn_request_id, :sdk_exception, :aws_exception, :sdk_exception_msg def initialize( service, api, client_id, version, timestamp, fqdn, region, user_agent, access_key, session_token ) @service = service @api = api @client_id = client_id @version = version @timestamp = timestamp @fqdn = fqdn @region = region @user_agent = user_agent @access_key = access_key @session_token = session_token end def to_json(*a) json = { "Type" => "ApiCallAttempt", "Service" => @service, "Api" => @api, "ClientId" => @client_id, "Timestamp" => @timestamp, "Version" => @version, "Fqdn" => @fqdn, "Region" => @region, "UserAgent" => @user_agent, "AccessKey" => @access_key } # Optional Fields json["SessionToken"] = @session_token if @session_token json["HttpStatusCode"] = @http_status_code if @http_status_code json["AwsException"] = @aws_exception if @aws_exception json["AwsExceptionMessage"] = @aws_exception_msg if @aws_exception_msg json["XAmznRequestId"] = @x_amzn_request_id if @x_amzn_request_id json["XAmzRequestId"] = @x_amz_request_id if @x_amz_request_id json["XAmzId2"] = @x_amz_id_2 if @x_amz_id_2 json["AttemptLatency"] = @request_latency if @request_latency json["SdkException"] = @sdk_exception if @sdk_exception json["SdkExceptionMessage"] = @sdk_exception_msg if @sdk_exception_msg json = _truncate(json) json.to_json end private def _truncate(document) document.each do |key, value| limit = FIELD_MAX_LENGTH[key] if limit && value.to_s.length > limit document[key] = value.to_s.slice(0...limit) end end document end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/client_side_monitoring/publisher.rb0000644000004100000410000000214014563437550026345 0ustar www-datawww-data# frozen_string_literal: true require 'thread' require 'socket' module Aws module ClientSideMonitoring # @api private class Publisher attr_reader :agent_port attr_reader :agent_host def initialize(opts = {}) @agent_host = opts[:agent_host] || "127.0.0.1" @agent_port = opts[:agent_port] @mutex = Mutex.new end def agent_port=(value) @mutex.synchronize do @agent_port = value end end def agent_host=(value) @mutex.synchronize do @agent_host = value end end def publish(request_metrics) send_datagram(request_metrics.api_call.to_json) request_metrics.api_call_attempts.each do |attempt| send_datagram(attempt.to_json) end end def send_datagram(msg) if @agent_port socket = UDPSocket.new begin socket.connect(@agent_host, @agent_port) socket.send(msg, 0) rescue Errno::ECONNREFUSED # Drop on the floor end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/arn.rb0000644000004100000410000000467514563437550020420 0ustar www-datawww-data# frozen_string_literal: true module Aws # Create and provide access to components of Amazon Resource Names (ARN). # # You can create an ARN and access it's components like the following: # # arn = Aws::ARN.new( # partition: 'aws', # service: 's3', # region: 'us-west-2', # account_id: '12345678910', # resource: 'foo/bar' # ) # # => # # # arn.to_s # # => "arn:aws:s3:us-west-2:12345678910:foo/bar" # # arn.partition # # => 'aws' # arn.service # # => 's3' # arn.resource # # => foo/bar # # # Note: parser available for parsing resource details # @see Aws::ARNParser#parse_resource # # @see https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-arns class ARN # @param [Hash] options # @option options [String] :partition # @option options [String] :service # @option options [String] :region # @option options [String] :account_id # @option options [String] :resource def initialize(options = {}) @partition = options[:partition] @service = options[:service] @region = options[:region] @account_id = options[:account_id] @resource = options[:resource] end # @return [String] attr_reader :partition # @return [String] attr_reader :service # @return [String] attr_reader :region # @return [String] attr_reader :account_id # @return [String] attr_reader :resource # Validates ARN contains non-empty required components. # Region and account_id can be optional. # # @return [Boolean] def valid? !partition.nil? && !partition.empty? && !service.nil? && !service.empty? && !resource.nil? && !resource.empty? end # Return the ARN format in string # # @return [String] def to_s "arn:#{partition}:#{service}:#{region}:#{account_id}:#{resource}" end # Return the ARN as a hash # # @return [Hash] def to_h { partition: @partition, service: @service, region: @region, account_id: @account_id, resource: @resource } end # Return the ARN as JSON # # @return [Hash] def as_json(_options = nil) { 'partition' => @partition, 'service' => @service, 'region' => @region, 'accountId' => @account_id, 'resource' => @resource } end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/xml.rb0000644000004100000410000000053714563437550020431 0ustar www-datawww-data# frozen_string_literal: true require_relative 'xml/builder' require_relative 'xml/default_list' require_relative 'xml/default_map' require_relative 'xml/doc_builder' require_relative 'xml/error_handler' require_relative 'xml/parser' require_relative 'xml/parser/stack' require_relative 'xml/parser/frame' require_relative 'xml/parser/parsing_error' aws-sdk-core-3.191.2/lib/aws-sdk-core/process_credentials.rb0000644000004100000410000000526414563437550023666 0ustar www-datawww-data# frozen_string_literal: true module Aws # A credential provider that executes a given process and attempts # to read its stdout to recieve a JSON payload containing the credentials. # # credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc') # ec2 = Aws::EC2::Client.new(credentials: credentials) # # Automatically handles refreshing credentials if an Expiration time is # provided in the credentials payload. # # @see https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes class ProcessCredentials include CredentialProvider include RefreshingCredentials # Creates a new ProcessCredentials object, which allows an # external process to be used as a credential provider. # # @param [String] process Invocation string for process # credentials provider. def initialize(process) @process = process @credentials = credentials_from_process(@process) @async_refresh = false super end private def credentials_from_process(proc_invocation) begin raw_out = `#{proc_invocation}` process_status = $? rescue Errno::ENOENT raise Errors::InvalidProcessCredentialsPayload.new("Could not find process #{proc_invocation}") end if process_status.success? begin creds_json = Aws::Json.load(raw_out) rescue Aws::Json::ParseError raise Errors::InvalidProcessCredentialsPayload.new("Invalid JSON response") end payload_version = creds_json['Version'] if payload_version == 1 _parse_payload_format_v1(creds_json) else raise Errors::InvalidProcessCredentialsPayload.new("Invalid version #{payload_version} for credentials payload") end else raise Errors::InvalidProcessCredentialsPayload.new('credential_process provider failure, the credential process had non zero exit status and failed to provide credentials') end end def _parse_payload_format_v1(creds_json) creds = Credentials.new( creds_json['AccessKeyId'], creds_json['SecretAccessKey'], creds_json['SessionToken'] ) @expiration = creds_json['Expiration'] ? Time.iso8601(creds_json['Expiration']) : nil return creds if creds.set? raise Errors::InvalidProcessCredentialsPayload.new("Invalid payload for JSON credentials version 1") end def refresh @credentials = credentials_from_process(@process) end def near_expiration?(expiration_length) # are we within 5 minutes of expiration? @expiration && (Time.now.to_i + expiration_length) > @expiration.to_i end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/param_converter.rb0000644000004100000410000001310214563437550023010 0ustar www-datawww-data# frozen_string_literal: true require 'stringio' require 'date' require 'time' require 'tempfile' require 'thread' module Aws # @api private class ParamConverter include Seahorse::Model::Shapes @mutex = Mutex.new @converters = Hash.new { |h,k| h[k] = {} } def initialize(rules) @rules = rules @opened_files = [] end # @api private attr_reader :opened_files # @param [Hash] params # @return [Hash] def convert(params) if @rules structure(@rules, params) else params end end def close_opened_files @opened_files.each(&:close) @opened_files = [] end private def structure(ref, values) values = c(ref, values) if ::Struct === values || Hash === values values.each_pair do |k, v| unless v.nil? if ref.shape.member?(k) values[k] = member(ref.shape.member(k), v) end end end end values end def list(ref, values) values = c(ref, values) if values.is_a?(Array) values.map { |v| member(ref.shape.member, v) } else values end end def map(ref, values) values = c(ref, values) if values.is_a?(Hash) values.each.with_object({}) do |(key, value), hash| hash[member(ref.shape.key, key)] = member(ref.shape.value, value) end else values end end def member(ref, value) case ref.shape when StructureShape then structure(ref, value) when ListShape then list(ref, value) when MapShape then map(ref, value) else c(ref, value) end end def c(ref, value) self.class.c(ref.shape.class, value, self) end class << self def convert(shape, params) new(shape).convert(params) end # Registers a new value converter. Converters run in the context # of a shape and value class. # # # add a converter that stringifies integers # shape_class = Seahorse::Model::Shapes::StringShape # ParamConverter.add(shape_class, Integer) { |i| i.to_s } # # @param [Class] shape_class # @param [Class] value_class # @param [#call] converter (nil) An object that responds to `#call` # accepting a single argument. This function should perform # the value conversion if possible, returning the result. # If the conversion is not possible, the original value should # be returned. # @return [void] def add(shape_class, value_class, converter = nil, &block) @converters[shape_class][value_class] = converter || block end def ensure_open(file, converter) if file.closed? new_file = File.open(file.path, 'rb') converter.opened_files << new_file new_file else file end end # @api private def c(shape, value, instance = nil) if converter = converter_for(shape, value) converter.call(value, instance) else value end end private def converter_for(shape_class, value) unless @converters[shape_class].key?(value.class) @mutex.synchronize { unless @converters[shape_class].key?(value.class) @converters[shape_class][value.class] = find(shape_class, value) end } end @converters[shape_class][value.class] end def find(shape_class, value) converter = nil each_base_class(shape_class) do |klass| @converters[klass].each do |value_class, block| if value_class === value converter = block break end end break if converter end converter end def each_base_class(shape_class, &block) shape_class.ancestors.each do |ancestor| yield(ancestor) if @converters.key?(ancestor) end end end add(StructureShape, Hash) { |h| h.dup } add(StructureShape, ::Struct) add(MapShape, Hash) { |h| h.dup } add(MapShape, ::Struct) do |s| s.members.each.with_object({}) {|k,h| h[k] = s[k] } end add(ListShape, Array) { |a| a.dup } add(ListShape, Enumerable) { |value| value.to_a } add(StringShape, String) add(StringShape, Symbol) { |sym| sym.to_s } add(IntegerShape, Integer) add(IntegerShape, Float) { |f| f.to_i } add(IntegerShape, String) do |str| begin Integer(str) rescue ArgumentError str end end add(FloatShape, Float) add(FloatShape, Integer) { |i| i.to_f } add(FloatShape, String) do |str| begin Float(str) rescue ArgumentError str end end add(TimestampShape, Time) add(TimestampShape, Date) { |d| d.to_time } add(TimestampShape, DateTime) { |dt| dt.to_time } add(TimestampShape, Integer) { |i| Time.at(i) } add(TimestampShape, Float) { |f| Time.at(f) } add(TimestampShape, String) do |str| begin Time.parse(str) rescue ArgumentError str end end add(BooleanShape, TrueClass) add(BooleanShape, FalseClass) add(BooleanShape, String) do |str| { 'true' => true, 'false' => false }[str] end add(BlobShape, IO) add(BlobShape, File) { |file, converter| ensure_open(file, converter) } add(BlobShape, Tempfile) { |tmpfile, converter| ensure_open(tmpfile, converter) } add(BlobShape, StringIO) add(BlobShape, String) end end aws-sdk-core-3.191.2/lib/aws-sdk-core/refreshing_credentials.rb0000644000004100000410000000523614563437550024343 0ustar www-datawww-data# frozen_string_literal: true module Aws # Base class used credential classes that can be refreshed. This # provides basic refresh logic in a thread-safe manner. Classes mixing in # this module are expected to implement a #refresh method that populates # the following instance variables: # # * `@access_key_id` # * `@secret_access_key` # * `@session_token` # * `@expiration` # # @api private module RefreshingCredentials SYNC_EXPIRATION_LENGTH = 300 # 5 minutes ASYNC_EXPIRATION_LENGTH = 600 # 10 minutes CLIENT_EXCLUDE_OPTIONS = Set.new([:before_refresh]).freeze def initialize(options = {}) @mutex = Mutex.new @before_refresh = options.delete(:before_refresh) if Hash === options @before_refresh.call(self) if @before_refresh refresh end # @return [Credentials] def credentials refresh_if_near_expiration! @credentials end # Refresh credentials. # @return [void] def refresh! @mutex.synchronize do @before_refresh.call(self) if @before_refresh refresh end end private def sync_expiration_length self.class::SYNC_EXPIRATION_LENGTH end def async_expiration_length self.class::ASYNC_EXPIRATION_LENGTH end # Refreshes credentials asynchronously and synchronously. # If we are near to expiration, block while getting new credentials. # Otherwise, if we're approaching expiration, use the existing credentials # but attempt a refresh in the background. def refresh_if_near_expiration! # Note: This check is an optimization. Rather than acquire the mutex on every #refresh_if_near_expiration # call, we check before doing so, and then we check within the mutex to avoid a race condition. # See issue: https://github.com/aws/aws-sdk-ruby/issues/2641 for more info. if near_expiration?(sync_expiration_length) @mutex.synchronize do if near_expiration?(sync_expiration_length) @before_refresh.call(self) if @before_refresh refresh end end elsif @async_refresh && near_expiration?(async_expiration_length) unless @mutex.locked? Thread.new do @mutex.synchronize do if near_expiration?(async_expiration_length) @before_refresh.call(self) if @before_refresh refresh end end end end end end def near_expiration?(expiration_length) if @expiration # Are we within expiration? (Time.now.to_i + expiration_length) > @expiration.to_i else true end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/pager.rb0000644000004100000410000000342314563437550020724 0ustar www-datawww-data# frozen_string_literal: true require 'jmespath' module Aws # @api private class Pager # @option options [required, Hash] :tokens # @option options [String] :limit_key # @option options [String] :more_results def initialize(options) @tokens = options.fetch(:tokens) @limit_key = options.fetch(:limit_key, nil) @more_results = options.fetch(:more_results, nil) end # @return [Symbol, nil] attr_reader :limit_key # @return [Hash, nil] attr_reader :tokens # @param [Seahorse::Client::Response] response # @return [Hash] def next_tokens(response) @tokens.each.with_object({}) do |(source, target), next_tokens| value = JMESPath.search(source, response.data) next_tokens[target.to_sym] = value unless empty_value?(value) end end # @api private def prev_tokens(response) @tokens.each.with_object({}) do |(_, target), tokens| value = JMESPath.search(target, response.context.params) tokens[target.to_sym] = value unless empty_value?(value) end end # @param [Seahorse::Client::Response] response # @return [Boolean] def truncated?(response) if @more_results JMESPath.search(@more_results, response.data) else next_t = next_tokens(response) prev_t = prev_tokens(response) !(next_t.empty? || next_t == prev_t) end end private def empty_value?(value) value.nil? || value == '' || value == [] || value == {} end class NullPager # @return [nil] attr_reader :limit_key def next_tokens {} end def prev_tokens {} end def truncated?(response) false end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/binary/0000755000004100000410000000000014563437550020563 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/binary/event_stream_encoder.rb0000644000004100000410000000275214563437550025311 0ustar www-datawww-data# frozen_string_literal: true require 'aws-eventstream' module Aws module Binary # @api private class EventStreamEncoder # @param [String] protocol # @param [ShapeRef] rules ShapeRef of the eventstream member # @param [ShapeRef] input_ref ShapeRef of the input shape # @param [Aws::Sigv4::Signer] signer def initialize(protocol, rules, input_ref, signer) @encoder = Aws::EventStream::Encoder.new @event_builder = EventBuilder.new(serializer_class(protocol), rules) @input_ref = input_ref @rules = rules @signer = signer @prior_signature = nil end attr_reader :rules attr_accessor :prior_signature def encode(event_type, params) if event_type == :end_stream payload = '' else payload = @encoder.encode(@event_builder.apply(event_type, params)) end headers, signature = @signer.sign_event(@prior_signature, payload, @encoder) @prior_signature = signature message = Aws::EventStream::Message.new( headers: headers, payload: StringIO.new(payload) ) @encoder.encode(message) end private def serializer_class(protocol) case protocol when 'rest-xml' then Xml::Builder when 'rest-json' then Json::Builder when 'json' then Json::Builder else raise "unsupported protocol #{protocol} for event stream" end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/binary/event_parser.rb0000644000004100000410000001045614563437550023613 0ustar www-datawww-data# frozen_string_literal: true module Aws module Binary # @api private class EventParser include Seahorse::Model::Shapes # @param [Class] parser_class # @param [Seahorse::Model::ShapeRef] rules (of eventstream member) # @param [Array] error_refs array of errors ShapeRef # @param [Seahorse::Model::ShapeRef] output_ref def initialize(parser_class, rules, error_refs, output_ref) @parser_class = parser_class @rules = rules @error_refs = error_refs @output_ref = output_ref end # Parse raw event message into event struct # based on its ShapeRef # # @return [Struct] Event Struct def apply(raw_event) parse(raw_event) end private def parse(raw_event) message_type = raw_event.headers.delete(":message-type") if message_type case message_type.value when 'error' parse_error_event(raw_event) when 'event' parse_event(raw_event) when 'exception' parse_exception(raw_event) else raise Aws::Errors::EventStreamParserError.new( 'Unrecognized :message-type value for the event') end else # no :message-type header, regular event by default parse_event(raw_event) end end def parse_exception(raw_event) exception_type = raw_event.headers.delete(":exception-type").value name, ref = @rules.shape.member_by_location_name(exception_type) # exception lives in payload implictly exception = parse_payload(raw_event.payload.read, ref) exception.event_type = name exception end def parse_error_event(raw_event) error_code = raw_event.headers.delete(":error-code") error_message = raw_event.headers.delete(":error-message") Aws::Errors::EventError.new( :error, error_code ? error_code.value : error_code, error_message ? error_message.value : error_message ) end def parse_event(raw_event) event_type = raw_event.headers.delete(":event-type").value # content_type = raw_event.headers.delete(":content-type").value if event_type == 'initial-response' event = Struct.new(:event_type, :response).new event.event_type = :initial_response event.response = parse_payload(raw_event.payload.read, @output_ref) return event end # locate event from eventstream name, ref = @rules.shape.member_by_location_name(event_type) unless ref && ref.event return Struct.new(:event_type, :raw_event_type, :raw_event) .new(:unknown_event, event_type, raw_event) end event = ref.shape.struct_class.new explicit_payload = false implicit_payload_members = {} ref.shape.members.each do |member_name, member_ref| unless member_ref.eventheader if member_ref.eventpayload explicit_payload = true else implicit_payload_members[member_name] = member_ref end end end # implicit payload if !explicit_payload && !implicit_payload_members.empty? event = parse_payload(raw_event.payload.read, ref) end event.event_type = name # locate payload and headers in the event ref.shape.members.each do |member_name, member_ref| if member_ref.eventheader # allow incomplete event members in response if raw_event.headers.key?(member_ref.location_name) event.send("#{member_name}=", raw_event.headers[member_ref.location_name].value) end elsif member_ref.eventpayload # explicit payload eventpayload_streaming?(member_ref) ? event.send("#{member_name}=", raw_event.payload) : event.send("#{member_name}=", parse_payload(raw_event.payload.read, member_ref)) end end event end def eventpayload_streaming?(ref) BlobShape === ref.shape || StringShape === ref.shape end def parse_payload(body, rules) @parser_class.new(rules).parse(body) if body.size > 0 end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/binary/event_stream_decoder.rb0000644000004100000410000000403014563437550025266 0ustar www-datawww-data# frozen_string_literal: true require 'aws-eventstream' module Aws module Binary # @api private class EventStreamDecoder # @param [String] protocol # @param [ShapeRef] rules ShapeRef of the eventstream member # @param [ShapeRef] output_ref ShapeRef of output shape # @param [Array] error_refs array of ShapeRefs for errors # @param [EventStream|nil] event_stream_handler A Service EventStream object # that registered with callbacks for processing events when they arrive def initialize(protocol, rules, output_ref, error_refs, io, event_stream_handler = nil) @decoder = Aws::EventStream::Decoder.new @event_parser = EventParser.new(parser_class(protocol), rules, error_refs, output_ref) @stream_class = extract_stream_class(rules.shape.struct_class) @emitter = event_stream_handler.event_emitter @events = [] end # @return [Array] events Array of arrived event objects attr_reader :events def write(chunk) raw_event, eof = @decoder.decode_chunk(chunk) emit_event(raw_event) if raw_event while !eof # exhaust message_buffer data raw_event, eof = @decoder.decode_chunk emit_event(raw_event) if raw_event end end private def emit_event(raw_event) event = @event_parser.apply(raw_event) @events << event @emitter.signal(event.event_type, event) unless @emitter.nil? end def parser_class(protocol) case protocol when 'rest-xml' then Aws::Xml::Parser when 'rest-json' then Aws::Json::Parser when 'json' then Aws::Json::Parser else raise "unsupported protocol #{protocol} for event stream" end end def extract_stream_class(type_class) parts = type_class.to_s.split('::') parts.inject(Kernel) do |const, part_name| part_name == 'Types' ? const.const_get('EventStreams') : const.const_get(part_name) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/binary/decode_handler.rb0000644000004100000410000000312014563437550024024 0ustar www-datawww-data# frozen_string_literal: true module Aws module Binary # @api private class DecodeHandler < Seahorse::Client::Handler def call(context) if eventstream_member = eventstream?(context) attach_eventstream_listeners(context, eventstream_member) end @handler.call(context) end private def eventstream?(ctx) ctx.operation.output.shape.members.each do |_, ref| return ref if ref.eventstream end end def attach_eventstream_listeners(context, rules) context.http_response.on_headers(200) do protocol = context.config.api.metadata['protocol'] output_handler = context[:output_event_stream_handler] || context[:event_stream_handler] context.http_response.body = EventStreamDecoder.new( protocol, rules, context.operation.output, context.operation.errors, context.http_response.body, output_handler) if input_emitter = context[:input_event_emitter] # #emit will be blocked until 200 success # see Aws::EventEmitter#emit input_emitter.signal_queue << "ready" end end context.http_response.on_success(200) do context.http_response.body = context.http_response.body.events end context.http_response.on_error do # Potential enhancement to made # since we don't want to track raw bytes in memory context.http_response.body = StringIO.new end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/binary/encode_handler.rb0000644000004100000410000000240714563437550024045 0ustar www-datawww-data# frozen_string_literal: true module Aws module Binary # @api private class EncodeHandler < Seahorse::Client::Handler def call(context) if eventstream_member = eventstream_input?(context) input_es_handler = context[:input_event_stream_handler] input_es_handler.event_emitter.encoder = EventStreamEncoder.new( context.config.api.metadata['protocol'], eventstream_member, context.operation.input, signer_for(context) ) context[:input_event_emitter] = input_es_handler.event_emitter end @handler.call(context) end private def signer_for(context) # New endpoint/signing logic, use the auth scheme to make a signer if context[:auth_scheme] Aws::Plugins::Sign.signer_for(context[:auth_scheme], context.config) else # Previous implementation always assumed sigv4_signer from config. # Relies only on sigv4 signing (and plugin) for event stream services context.config.sigv4_signer end end def eventstream_input?(ctx) ctx.operation.input.shape.members.each do |_, ref| return ref if ref.eventstream end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/binary/event_builder.rb0000644000004100000410000001004614563437550023740 0ustar www-datawww-data# frozen_string_literal: true module Aws module Binary # @api private class EventBuilder include Seahorse::Model::Shapes # @param [Class] serializer_class # @param [Seahorse::Model::ShapeRef] rules (of eventstream member) def initialize(serializer_class, rules) @serializer_class = serializer_class @rules = rules end def apply(event_type, params) event_ref = @rules.shape.member(event_type) _event_stream_message(event_ref, params) end private def _event_stream_message(event_ref, params) es_headers = {} payload = "" es_headers[":message-type"] = Aws::EventStream::HeaderValue.new( type: "string", value: "event") es_headers[":event-type"] = Aws::EventStream::HeaderValue.new( type: "string", value: event_ref.location_name) explicit_payload = false implicit_payload_members = {} event_ref.shape.members.each do |member_name, member_ref| unless member_ref.eventheader if member_ref.eventpayload explicit_payload = true else implicit_payload_members[member_name] = member_ref end end end # implict payload if !explicit_payload && !implicit_payload_members.empty? if implicit_payload_members.size > 1 payload_shape = Shapes::StructureShape.new implicit_payload_members.each do |m_name, m_ref| payload_shape.add_member(m_name, m_ref) end payload_ref = Shapes::ShapeRef.new(shape: payload_shape) payload = build_payload_members(payload_ref, params) else m_name, m_ref = implicit_payload_members.first streaming, content_type = _content_type(m_ref.shape) es_headers[":content-type"] = Aws::EventStream::HeaderValue.new( type: "string", value: content_type) payload = _build_payload(streaming, m_ref, params[m_name]) end end event_ref.shape.members.each do |member_name, member_ref| if member_ref.eventheader && params[member_name] header_value = params[member_name] es_headers[member_ref.shape.name] = Aws::EventStream::HeaderValue.new( type: _header_value_type(member_ref.shape, header_value), value: header_value ) elsif member_ref.eventpayload && params[member_name] # explicit payload streaming, content_type = _content_type(member_ref.shape) es_headers[":content-type"] = Aws::EventStream::HeaderValue.new( type: "string", value: content_type) payload = _build_payload(streaming, member_ref, params[member_name]) end end Aws::EventStream::Message.new( headers: es_headers, payload: StringIO.new(payload) ) end def _content_type(shape) case shape when BlobShape then [true, "application/octet-stream"] when StringShape then [true, "text/plain"] when StructureShape then if @serializer_class.name.include?('Xml') [false, "text/xml"] elsif @serializer_class.name.include?('Json') [false, "application/json"] end else raise Aws::Errors::EventStreamBuilderError.new( "Unsupport eventpayload shape: #{shape.name}") end end def _header_value_type(shape, value) case shape when StringShape then "string" when IntegerShape then "integer" when TimestampShape then "timestamp" when BlobShape then "bytes" when BooleanShape then !!value ? "bool_true" : "bool_false" else raise Aws::Errors::EventStreamBuilderError.new( "Unsupported eventheader shape: #{shape.name}") end end def _build_payload(streaming, ref, value) streaming ? value : @serializer_class.new(ref).serialize(value) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/eager_loader.rb0000644000004100000410000000125114563437550022234 0ustar www-datawww-data# frozen_string_literal: true require 'set' module Aws # @api private class EagerLoader def initialize @loaded = Set.new end # @return [Set] attr_reader :loaded # @param [Module] klass_or_module # @return [self] def load(klass_or_module) @loaded << klass_or_module klass_or_module.constants.each do |const_name| path = klass_or_module.autoload?(const_name) begin require(path) if path const = klass_or_module.const_get(const_name) self.load(const) if Module === const && !@loaded.include?(const) rescue LoadError end end self end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/util.rb0000644000004100000410000000271314563437550020604 0ustar www-datawww-data# frozen_string_literal: true require 'cgi' module Aws # @api private module Util class << self def deep_merge(left, right) case left when Hash then left.merge(right) { |key, v1, v2| deep_merge(v1, v2) } when Array then right + left else right end end def copy_hash(hash) if Hash === hash deep_copy(hash) else raise ArgumentError, "expected hash, got `#{hash.class}`" end end def deep_copy(obj) case obj when nil then nil when true then true when false then false when Hash obj.inject({}) do |h, (k,v)| h[k] = deep_copy(v) h end when Array obj.map { |v| deep_copy(v) } else if obj.respond_to?(:dup) obj.dup elsif obj.respond_to?(:clone) obj.clone else obj end end end def monotonic_milliseconds if defined?(Process::CLOCK_MONOTONIC) Process.clock_gettime(Process::CLOCK_MONOTONIC, :millisecond) else DateTime.now.strftime('%Q').to_i end end def monotonic_seconds monotonic_milliseconds / 1000.0 end def str_2_bool(str) case str.to_s when "true" then true when "false" then false else nil end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/credential_provider_chain.rb0000644000004100000410000001363114563437550025016 0ustar www-datawww-data# frozen_string_literal: true module Aws # @api private class CredentialProviderChain def initialize(config = nil) @config = config end # @return [CredentialProvider, nil] def resolve providers.each do |method_name, options| provider = send(method_name, options.merge(config: @config)) return provider if provider && provider.set? end nil end private def providers [ [:static_credentials, {}], [:static_profile_assume_role_web_identity_credentials, {}], [:static_profile_sso_credentials, {}], [:static_profile_assume_role_credentials, {}], [:static_profile_credentials, {}], [:static_profile_process_credentials, {}], [:env_credentials, {}], [:assume_role_web_identity_credentials, {}], [:sso_credentials, {}], [:assume_role_credentials, {}], [:shared_credentials, {}], [:process_credentials, {}], [:instance_profile_credentials, { retries: @config ? @config.instance_profile_credentials_retries : 0, http_open_timeout: @config ? @config.instance_profile_credentials_timeout : 1, http_read_timeout: @config ? @config.instance_profile_credentials_timeout : 1 }] ] end def static_credentials(options) if options[:config] Credentials.new( options[:config].access_key_id, options[:config].secret_access_key, options[:config].session_token ) end end def static_profile_assume_role_web_identity_credentials(options) if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile Aws.shared_config.assume_role_web_identity_credentials_from_config( profile: options[:config].profile, region: options[:config].region ) end end def static_profile_sso_credentials(options) if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile Aws.shared_config.sso_credentials_from_config( profile: options[:config].profile ) end end def static_profile_assume_role_credentials(options) if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile assume_role_with_profile(options, options[:config].profile) end end def static_profile_credentials(options) if options[:config] && options[:config].profile SharedCredentials.new(profile_name: options[:config].profile) end rescue Errors::NoSuchProfileError nil end def static_profile_process_credentials(options) if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile process_provider = Aws.shared_config.credential_process(profile: options[:config].profile) ProcessCredentials.new(process_provider) if process_provider end rescue Errors::NoSuchProfileError nil end def env_credentials(_options) key = %w[AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY] secret = %w[AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY AWS_SECRET_KEY] token = %w[AWS_SESSION_TOKEN AMAZON_SESSION_TOKEN] Credentials.new(envar(key), envar(secret), envar(token)) end def envar(keys) keys.each do |key| return ENV[key] if ENV.key?(key) end nil end def determine_profile_name(options) (options[:config] && options[:config].profile) || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default' end def shared_credentials(options) profile_name = determine_profile_name(options) SharedCredentials.new(profile_name: profile_name) rescue Errors::NoSuchProfileError nil end def process_credentials(options) profile_name = determine_profile_name(options) if Aws.shared_config.config_enabled? && (process_provider = Aws.shared_config.credential_process(profile: profile_name)) ProcessCredentials.new(process_provider) end rescue Errors::NoSuchProfileError nil end def sso_credentials(options) profile_name = determine_profile_name(options) if Aws.shared_config.config_enabled? Aws.shared_config.sso_credentials_from_config(profile: profile_name) end rescue Errors::NoSuchProfileError nil end def assume_role_credentials(options) if Aws.shared_config.config_enabled? assume_role_with_profile(options, determine_profile_name(options)) end end def assume_role_web_identity_credentials(options) region = options[:config].region if options[:config] if (role_arn = ENV['AWS_ROLE_ARN']) && (token_file = ENV['AWS_WEB_IDENTITY_TOKEN_FILE']) cfg = { role_arn: role_arn, web_identity_token_file: token_file, role_session_name: ENV['AWS_ROLE_SESSION_NAME'] } cfg[:region] = region if region AssumeRoleWebIdentityCredentials.new(cfg) elsif Aws.shared_config.config_enabled? profile = options[:config].profile if options[:config] Aws.shared_config.assume_role_web_identity_credentials_from_config( profile: profile, region: region ) end end def instance_profile_credentials(options) profile_name = determine_profile_name(options) if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] || ENV['AWS_CONTAINER_CREDENTIALS_FULL_URI'] ECSCredentials.new(options) else InstanceProfileCredentials.new(options.merge(profile: profile_name)) end end def assume_role_with_profile(options, profile_name) assume_opts = { profile: profile_name, chain_config: @config } if options[:config] && options[:config].region assume_opts[:region] = options[:config].region end Aws.shared_config.assume_role_credentials_from_config(assume_opts) end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/ini_parser.rb0000644000004100000410000000322414563437550021760 0ustar www-datawww-data# frozen_string_literal: true module Aws # @api private class IniParser class << self def ini_parse(raw) current_profile = nil current_prefix = nil item = nil previous_item = nil raw.lines.inject({}) do |acc, line| line = line.split(/^|\s;/).first # remove comments profile = line.match(/^\[([^\[\]]+)\]\s*(#.+)?$/) unless line.nil? if profile current_profile = profile[1] named_profile = current_profile.match(/^profile\s+(.+?)$/) current_profile = named_profile[1] if named_profile elsif current_profile unless line.nil? previous_item = item item = line.match(/^(.+?)\s*=\s*(.+?)\s*$/) prefix = line.match(/^(.+?)\s*=\s*$/) end if item && item[1].match(/^\s+/) # Need to add lines to a nested configuration. if current_prefix.nil? && previous_item[2].strip.empty? current_prefix = previous_item[1] acc[current_profile][current_prefix] = {} end inner_item = line.match(/^\s*(.+?)\s*=\s*(.+?)\s*$/) acc[current_profile] ||= {} acc[current_profile][current_prefix] ||= {} acc[current_profile][current_prefix][inner_item[1]] = inner_item[2] elsif item current_prefix = nil acc[current_profile] ||= {} acc[current_profile][item[1]] = item[2] elsif prefix current_prefix = prefix[1] end end acc end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/sso_credentials.rb0000644000004100000410000001523214563437550023010 0ustar www-datawww-data# frozen_string_literal: true module Aws # An auto-refreshing credential provider that assumes a role via # {Aws::SSO::Client#get_role_credentials} using a cached access # token. When `sso_session` is specified, token refresh logic from # {Aws::SSOTokenProvider} will be used to refresh the token if possible. # This class does NOT implement the SSO login token flow - tokens # must generated separately by running `aws login` from the # AWS CLI with the correct profile. The `SSOCredentials` will # auto-refresh the AWS credentials from SSO. # # # You must first run aws sso login --profile your-sso-profile # sso_credentials = Aws::SSOCredentials.new( # sso_account_id: '123456789', # sso_role_name: "role_name", # sso_region: "us-east-1", # sso_session: 'my_sso_session' # ) # ec2 = Aws::EC2::Client.new(credentials: sso_credentials) # # If you omit `:client` option, a new {Aws::SSO::Client} object will be # constructed with additional options that were provided. # # @see Aws::SSO::Client#get_role_credentials # @see https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html class SSOCredentials include CredentialProvider include RefreshingCredentials # @api private LEGACY_REQUIRED_OPTS = [:sso_start_url, :sso_account_id, :sso_region, :sso_role_name].freeze TOKEN_PROVIDER_REQUIRED_OPTS = [:sso_session, :sso_account_id, :sso_region, :sso_role_name].freeze # @api private SSO_LOGIN_GUIDANCE = 'The SSO session associated with this profile has '\ 'expired or is otherwise invalid. To refresh this SSO session run '\ 'aws sso login with the corresponding profile.'.freeze # @option options [required, String] :sso_account_id The AWS account ID # that temporary AWS credentials will be resolved for # # @option options [required, String] :sso_role_name The corresponding # IAM role in the AWS account that temporary AWS credentials # will be resolved for. # # @option options [required, String] :sso_region The AWS region where the # SSO directory for the given sso_start_url is hosted. # # @option options [String] :sso_session The SSO Token used for fetching # the token. If provided, refresh logic from the {Aws::SSOTokenProvider} # will be used. # # @option options [String] :sso_start_url (legacy profiles) If provided, # legacy token fetch behavior will be used, which does not support # token refreshing. The start URL is provided by the SSO # service via the console and is the URL used to # login to the SSO directory. This is also sometimes referred to as # the "User Portal URL". # # @option options [SSO::Client] :client Optional `SSO::Client`. If not # provided, a client will be constructed. # # @option options [Callable] before_refresh Proc called before # credentials are refreshed. `before_refresh` is called # with an instance of this object when # AWS credentials are required and need to be refreshed. def initialize(options = {}) options = options.select {|k, v| !v.nil? } if (options[:sso_session]) missing_keys = TOKEN_PROVIDER_REQUIRED_OPTS.select { |k| options[k].nil? } unless missing_keys.empty? raise ArgumentError, "Missing required keys: #{missing_keys}" end @legacy = false @sso_role_name = options.delete(:sso_role_name) @sso_account_id = options.delete(:sso_account_id) # if client has been passed, don't pass through to SSOTokenProvider @client = options.delete(:client) options.delete(:sso_start_url) @token_provider = Aws::SSOTokenProvider.new(options.dup) @sso_session = options.delete(:sso_session) @sso_region = options.delete(:sso_region) unless @client client_opts = {} options.each_pair { |k,v| client_opts[k] = v unless CLIENT_EXCLUDE_OPTIONS.include?(k) } client_opts[:region] = @sso_region client_opts[:credentials] = nil @client = Aws::SSO::Client.new(client_opts) end else # legacy behavior missing_keys = LEGACY_REQUIRED_OPTS.select { |k| options[k].nil? } unless missing_keys.empty? raise ArgumentError, "Missing required keys: #{missing_keys}" end @legacy = true @sso_start_url = options.delete(:sso_start_url) @sso_region = options.delete(:sso_region) @sso_role_name = options.delete(:sso_role_name) @sso_account_id = options.delete(:sso_account_id) # validate we can read the token file read_cached_token client_opts = {} options.each_pair { |k,v| client_opts[k] = v unless CLIENT_EXCLUDE_OPTIONS.include?(k) } client_opts[:region] = @sso_region client_opts[:credentials] = nil @client = options[:client] || Aws::SSO::Client.new(client_opts) end @async_refresh = true super end # @return [SSO::Client] attr_reader :client private def read_cached_token cached_token = Json.load(File.read(sso_cache_file)) # validation unless cached_token['accessToken'] && cached_token['expiresAt'] raise ArgumentError, 'Missing required field(s)' end expires_at = DateTime.parse(cached_token['expiresAt']) if expires_at < DateTime.now raise ArgumentError, 'Cached SSO Token is expired.' end cached_token rescue Errno::ENOENT, Aws::Json::ParseError, ArgumentError raise Errors::InvalidSSOCredentials, SSO_LOGIN_GUIDANCE end def refresh c = if @legacy cached_token = read_cached_token @client.get_role_credentials( account_id: @sso_account_id, role_name: @sso_role_name, access_token: cached_token['accessToken'] ).role_credentials else @client.get_role_credentials( account_id: @sso_account_id, role_name: @sso_role_name, access_token: @token_provider.token.token ).role_credentials end @credentials = Credentials.new( c.access_key_id, c.secret_access_key, c.session_token ) @expiration = Time.at(c.expiration / 1000.0) end def sso_cache_file start_url_sha1 = OpenSSL::Digest::SHA1.hexdigest(@sso_start_url.encode('utf-8')) File.join(Dir.home, '.aws', 'sso', 'cache', "#{start_url_sha1}.json") rescue ArgumentError # Dir.home raises ArgumentError when ENV['home'] is not set raise ArgumentError, "Unable to load sso_cache_file: ENV['HOME'] is not set." end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/json.rb0000644000004100000410000000156314563437550020602 0ustar www-datawww-data# frozen_string_literal: true require 'json' require_relative 'json/builder' require_relative 'json/error_handler' require_relative 'json/handler' require_relative 'json/parser' require_relative 'json/json_engine' require_relative 'json/oj_engine' module Aws # @api private module Json class ParseError < StandardError def initialize(error) @error = error super(error.message) end attr_reader :error end class << self def load(json) ENGINE.load(json) end def load_file(path) load(File.open(path, 'r', encoding: 'UTF-8', &:read)) end def dump(value) ENGINE.dump(value) end private def select_engine require 'oj' OjEngine rescue LoadError JSONEngine end end # @api private ENGINE = select_engine end end aws-sdk-core-3.191.2/lib/aws-sdk-core/token_provider_chain.rb0000644000004100000410000000230014563437550024013 0ustar www-datawww-data# frozen_string_literal: true module Aws # @api private class TokenProviderChain def initialize(config = nil) @config = config end # @return [TokenProvider, nil] def resolve providers.each do |method_name, options| provider = send(method_name, options.merge(config: @config)) return provider if provider && provider.set? end nil end private def providers [ [:static_profile_sso_token, {}], [:sso_token, {}] ] end def static_profile_sso_token(options) if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile Aws.shared_config.sso_token_from_config( profile: options[:config].profile ) end end def sso_token(options) profile_name = determine_profile_name(options) if Aws.shared_config.config_enabled? Aws.shared_config.sso_token_from_config(profile: profile_name) end rescue Errors::NoSuchProfileError nil end def determine_profile_name(options) (options[:config] && options[:config].profile) || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default' end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/0000755000004100000410000000000014563437550020760 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/http_checksum.rb0000644000004100000410000000362114563437550024150 0ustar www-datawww-data# frozen_string_literal: true require 'openssl' module Aws module Plugins # @api private class HttpChecksum < Seahorse::Client::Plugin # @api private class Handler < Seahorse::Client::Handler CHUNK_SIZE = 1 * 1024 * 1024 # one MB def call(context) if checksum_required?(context) && !context[:checksum_algorithms] && # skip in favor of flexible checksum !context[:s3_express_endpoint] # s3 express endpoints do not support md5 body = context.http_request.body context.http_request.headers['Content-Md5'] ||= md5(body) end @handler.call(context) end private def checksum_required?(context) context.operation.http_checksum_required || (context.operation.http_checksum && context.operation.http_checksum['requestChecksumRequired']) end # @param [File, Tempfile, IO#read, String] value # @return [String] def md5(value) if (value.is_a?(File) || value.is_a?(Tempfile)) && !value.path.nil? && File.exist?(value.path) OpenSSL::Digest::MD5.file(value).base64digest elsif value.respond_to?(:read) md5 = OpenSSL::Digest::MD5.new update_in_chunks(md5, value) md5.base64digest else OpenSSL::Digest::MD5.digest(value).base64digest end end def update_in_chunks(digest, io) loop do chunk = io.read(CHUNK_SIZE) break unless chunk digest.update(chunk) end io.rewind end end def add_handlers(handlers, _config) # priority set low to ensure checksum is computed AFTER the request is # built but before it is signed handlers.add(Handler, priority: 10, step: :build) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/invocation_id.rb0000644000004100000410000000140614563437550024133 0ustar www-datawww-data# frozen_string_literal: true require 'securerandom' module Aws module Plugins # @api private class InvocationId < Seahorse::Client::Plugin # @api private class Handler < Seahorse::Client::Handler def call(context) apply_invocation_id(context) @handler.call(context) end private def apply_invocation_id(context) context.http_request.headers['amz-sdk-invocation-id'] = SecureRandom.uuid if context[:input_event_emitter] # only used for eventstreaming at input context.http_request.headers['x-amz-content-sha256'] = 'STREAMING-AWS4-HMAC-SHA256-EVENTS' end end end handler(Handler, step: :initialize) end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/credentials_configuration.rb0000644000004100000410000000660214563437550026535 0ustar www-datawww-data# frozen_string_literal: true module Aws # @api private module Plugins # @api private class CredentialsConfiguration < Seahorse::Client::Plugin option(:access_key_id, doc_type: String, docstring: '') option(:secret_access_key, doc_type: String, docstring: '') option(:session_token, doc_type: String, docstring: '') option(:profile, doc_default: 'default', doc_type: String, docstring: <<-DOCS) Used when loading credentials from the shared credentials file at HOME/.aws/credentials. When not specified, 'default' is used. DOCS option(:credentials, required: true, doc_type: 'Aws::CredentialProvider', rbs_type: 'untyped', docstring: <<-DOCS Your AWS credentials. This can be an instance of any one of the following classes: * `Aws::Credentials` - Used for configuring static, non-refreshing credentials. * `Aws::SharedCredentials` - Used for loading static credentials from a shared file, such as `~/.aws/config`. * `Aws::AssumeRoleCredentials` - Used when you need to assume a role. * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to assume a role after providing credentials via the web. * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an access token generated from `aws login`. * `Aws::ProcessCredentials` - Used for loading credentials from a process that outputs to stdout. * `Aws::InstanceProfileCredentials` - Used for loading credentials from an EC2 IMDS on an EC2 instance. * `Aws::ECSCredentials` - Used for loading credentials from instances running in ECS. * `Aws::CognitoIdentityCredentials` - Used for loading credentials from the Cognito Identity service. When `:credentials` are not configured directly, the following locations will be searched for credentials: * `Aws.config[:credentials]` * The `:access_key_id`, `:secret_access_key`, and `:session_token` options. * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'] * `~/.aws/credentials` * `~/.aws/config` * EC2/ECS IMDS instance profile - When used by default, the timeouts are very aggressive. Construct and pass an instance of `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to enable retries and extended timeouts. Instance profile credential fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED'] to true. DOCS ) do |config| CredentialProviderChain.new(config).resolve end option(:instance_profile_credentials_retries, 0) option(:instance_profile_credentials_timeout, 1) option(:token_provider, required: false, doc_type: 'Aws::TokenProvider', rbs_type: 'untyped', docstring: <<-DOCS A Bearer Token Provider. This can be an instance of any one of the following classes: * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing tokens. * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an access token generated from `aws login`. When `:token_provider` is not configured directly, the `Aws::TokenProviderChain` will be used to search for tokens configured for your profile in shared configuration files. DOCS ) do |config| if config.stub_responses StaticTokenProvider.new('token') else TokenProviderChain.new(config).resolve end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/signature_v4.rb0000644000004100000410000001175214563437550023725 0ustar www-datawww-data# frozen_string_literal: true require 'aws-sigv4' module Aws module Plugins # @api private # Necessary to exist after endpoints 2.0 class SignatureV4 < Seahorse::Client::Plugin V4_AUTH = %w[v4 v4-unsigned-payload v4-unsigned-body] option(:sigv4_signer) do |cfg| SignatureV4.build_signer(cfg) end option(:sigv4_name) do |cfg| signingName = if cfg.region Aws::Partitions::EndpointProvider.signing_service( cfg.region, cfg.api.metadata['endpointPrefix'] ) end signingName || cfg.api.metadata['signingName'] || cfg.api.metadata['endpointPrefix'] end option(:sigv4_region) do |cfg| if cfg.region if cfg.respond_to?(:sts_regional_endpoints) sts_regional = cfg.sts_regional_endpoints end Aws::Partitions::EndpointProvider.signing_region( cfg.region, cfg.api.metadata['endpointPrefix'], sts_regional ) end end option(:unsigned_operations) do |cfg| if cfg.api.metadata['signatureVersion'] == 'v4' # select operations where authtype is set and is not v4 cfg.api.operation_names.select do |o| cfg.api.operation(o)['authtype'] && !V4_AUTH.include?(cfg.api.operation(o)['authtype']) end else # service is not v4 auth # select all operations where authtype is not v4 # (includes operations with no explicit authtype) cfg.api.operation_names.select do |o| !V4_AUTH.include?(cfg.api.operation(o)['authtype']) end end end def add_handlers(handlers, cfg) if cfg.unsigned_operations.empty? handlers.add(Handler, step: :sign) else operations = cfg.api.operation_names - cfg.unsigned_operations handlers.add(Handler, step: :sign, operations: operations) end end class Handler < Seahorse::Client::Handler def call(context) SignatureV4.apply_signature(context: context) @handler.call(context) end end class MissingCredentialsSigner def sign_request(*args) raise Errors::MissingCredentialsError end end class << self # @api private def build_signer(cfg) if cfg.credentials && cfg.sigv4_region Aws::Sigv4::Signer.new( service: cfg.sigv4_name, region: cfg.sigv4_region, credentials_provider: cfg.credentials, unsigned_headers: ['content-length', 'user-agent', 'x-amzn-trace-id'] ) elsif cfg.credentials raise Errors::MissingRegionError elsif cfg.sigv4_region # Instead of raising now, we return a signer that raises only # if you attempt to sign a request. Some services have unsigned # operations and it okay to initialize clients for these services # without credentials. Unsigned operations have an "authtype" # trait of "none". MissingCredentialsSigner.new end end # @api private def apply_signature(options = {}) context = apply_authtype(options[:context]) signer = options[:signer] || context.config.sigv4_signer req = context.http_request # in case this request is being re-signed req.headers.delete('Authorization') req.headers.delete('X-Amz-Security-Token') req.headers.delete('X-Amz-Date') req.headers.delete('x-Amz-Region-Set') if context.config.respond_to?(:clock_skew) && context.config.clock_skew && context.config.correct_clock_skew endpoint = context.http_request.endpoint skew = context.config.clock_skew.clock_correction(endpoint) if skew.abs > 0 req.headers['X-Amz-Date'] = (Time.now.utc + skew).strftime("%Y%m%dT%H%M%SZ") end end # compute the signature begin signature = signer.sign_request( http_method: req.http_method, url: req.endpoint, headers: req.headers, body: req.body ) rescue Aws::Sigv4::Errors::MissingCredentialsError raise Aws::Errors::MissingCredentialsError end # apply signature headers req.headers.update(signature.headers) # add request metadata with signature components for debugging context[:canonical_request] = signature.canonical_request context[:string_to_sign] = signature.string_to_sign end # @api private def apply_authtype(context) if context.operation['authtype'].eql?('v4-unsigned-body') && context.http_request.endpoint.scheme.eql?('https') context.http_request.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD' end context end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/logging.rb0000644000004100000410000000335014563437550022734 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # @see Log::Formatter # @api private class Logging < Seahorse::Client::Plugin option(:logger, doc_type: 'Logger', rbs_type: 'untyped', docstring: <<-DOCS The Logger instance to send log messages to. If this option is not set, logging will be disabled. DOCS ) option(:log_level, default: :info, doc_type: Symbol, docstring: 'The log level to send messages to the `:logger` at.' ) option(:log_formatter, doc_type: 'Aws::Log::Formatter', rbs_type: 'untyped', doc_default: literal('Aws::Log::Formatter.default'), docstring: 'The log formatter.' ) do |config| Log::Formatter.default if config.logger end def add_handlers(handlers, config) handlers.add(Handler, step: :validate) if config.logger end class Handler < Seahorse::Client::Handler # @param [RequestContext] context # @return [Response] def call(context) context[:logging_started_at] = Time.now @handler.call(context).tap do |response| context[:logging_completed_at] = Time.now log(context.config, response) end end private # @param [Configuration] config # @param [Response] response # @return [void] def log(config, response) config.logger.send(config.log_level, format(config, response)) end # @param [Configuration] config # @param [Response] response # @return [String] def format(config, response) config.log_formatter.format(response) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/param_converter.rb0000644000004100000410000000150414563437550024474 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # @api private class ParamConverter < Seahorse::Client::Plugin option(:convert_params, default: true, doc_type: 'Boolean', docstring: <<-DOCS When `true`, an attempt is made to coerce request parameters into the required types. DOCS ) def add_handlers(handlers, config) handlers.add(Handler, step: :initialize) if config.convert_params end class Handler < Seahorse::Client::Handler def call(context) converter = Aws::ParamConverter.new(context.operation.input) context.params = converter.convert(context.params) @handler.call(context).on_complete do |resp| converter.close_opened_files end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/retry_errors.rb0000644000004100000410000003416614563437550024060 0ustar www-datawww-data# frozen_string_literal: true require 'set' require_relative 'retries/error_inspector' require_relative 'retries/retry_quota' require_relative 'retries/client_rate_limiter' require_relative 'retries/clock_skew' module Aws module Plugins # @api private class RetryErrors < Seahorse::Client::Plugin # BEGIN LEGACY OPTIONS EQUAL_JITTER = ->(delay) { (delay / 2) + Kernel.rand(0..(delay / 2)) } FULL_JITTER = ->(delay) { Kernel.rand(0..delay) } NO_JITTER = ->(delay) { delay } JITTERS = { none: NO_JITTER, equal: EQUAL_JITTER, full: FULL_JITTER } JITTERS.default_proc = lambda { |h, k| raise KeyError, "#{k} is not a named jitter function. Must be one of #{h.keys}" } DEFAULT_BACKOFF = lambda do |c| delay = 2**c.retries * c.config.retry_base_delay if (c.config.retry_max_delay || 0) > 0 delay = [delay, c.config.retry_max_delay].min end jitter = c.config.retry_jitter jitter = JITTERS[jitter] if jitter.is_a?(Symbol) delay = jitter.call(delay) if jitter Kernel.sleep(delay) end option( :retry_limit, default: 3, doc_type: Integer, docstring: <<-DOCS) The maximum number of times to retry failed requests. Only ~ 500 level server errors and certain ~ 400 level client errors are retried. Generally, these are throttling errors, data checksum errors, networking errors, timeout errors, auth errors, endpoint discovery, and errors from expired credentials. This option is only used in the `legacy` retry mode. DOCS option( :retry_max_delay, default: 0, doc_type: Integer, docstring: <<-DOCS) The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function. This option is only used in the `legacy` retry mode. DOCS option( :retry_base_delay, default: 0.3, doc_type: Float, docstring: <<-DOCS) The base delay in seconds used by the default backoff function. This option is only used in the `legacy` retry mode. DOCS option( :retry_jitter, default: :none, doc_type: Symbol, rbs_type: '(:none | :equal | :full | ^(Integer) -> Integer)', docstring: <<-DOCS) A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number. This option is only used in the `legacy` retry mode. @see https://www.awsarchitectureblog.com/2015/03/backoff.html DOCS option( :retry_backoff, default: DEFAULT_BACKOFF, doc_type: Proc, docstring: <<-DOCS) A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay. This option is only used in the `legacy` retry mode. DOCS # END LEGACY OPTIONS option( :retry_mode, default: 'legacy', doc_type: String, rbs_type: '("legacy" | "standard" | "adaptive")', docstring: <<-DOCS) do |cfg| Specifies which retry algorithm to use. Values are: * `legacy` - The pre-existing retry behavior. This is default value if no retry mode is provided. * `standard` - A standardized set of retry rules across the AWS SDKs. This includes support for retry quotas, which limit the number of unsuccessful retries a client can make. * `adaptive` - An experimental retry mode that includes all the functionality of `standard` mode along with automatic client side throttling. This is a provisional mode that may change behavior in the future. DOCS resolve_retry_mode(cfg) end option( :max_attempts, default: 3, doc_type: Integer, docstring: <<-DOCS) do |cfg| An integer representing the maximum number attempts that will be made for a single request, including the initial attempt. For example, setting this value to 5 will result in a request being retried up to 4 times. Used in `standard` and `adaptive` retry modes. DOCS resolve_max_attempts(cfg) end option( :adaptive_retry_wait_to_fill, default: true, doc_type: 'Boolean', docstring: <<-DOCS) do |cfg| Used only in `adaptive` retry mode. When true, the request will sleep until there is sufficent client side capacity to retry the request. When false, the request will raise a `RetryCapacityNotAvailableError` and will not retry instead of sleeping. DOCS resolve_adaptive_retry_wait_to_fill(cfg) end option( :correct_clock_skew, default: true, doc_type: 'Boolean', docstring: <<-DOCS) do |cfg| Used only in `standard` and adaptive retry modes. Specifies whether to apply a clock skew correction and retry requests with skewed client clocks. DOCS resolve_correct_clock_skew(cfg) end # @api private undocumented option(:client_rate_limiter) { Retries::ClientRateLimiter.new } # @api private undocumented option(:retry_quota) { Retries::RetryQuota.new } # @api private undocumented option(:clock_skew) { Retries::ClockSkew.new } def self.resolve_retry_mode(cfg) default_mode_value = if cfg.respond_to?(:defaults_mode_config_resolver) cfg.defaults_mode_config_resolver.resolve(:retry_mode) end value = ENV['AWS_RETRY_MODE'] || Aws.shared_config.retry_mode(profile: cfg.profile) || default_mode_value || 'legacy' # Raise if provided value is not one of the retry modes if value != 'legacy' && value != 'standard' && value != 'adaptive' raise ArgumentError, 'Must provide either `legacy`, `standard`, or `adaptive` for '\ 'retry_mode profile option or for ENV[\'AWS_RETRY_MODE\']' end value end def self.resolve_max_attempts(cfg) value = (ENV['AWS_MAX_ATTEMPTS']) || Aws.shared_config.max_attempts(profile: cfg.profile) || '3' value = value.to_i # Raise if provided value is not a positive integer if value <= 0 raise ArgumentError, 'Must provide a positive integer for max_attempts profile '\ 'option or for ENV[\'AWS_MAX_ATTEMPTS\']' end value end def self.resolve_adaptive_retry_wait_to_fill(cfg) value = ENV['AWS_ADAPTIVE_RETRY_WAIT_TO_FILL'] || Aws.shared_config.adaptive_retry_wait_to_fill(profile: cfg.profile) || 'true' # Raise if provided value is not true or false if value != 'true' && value != 'false' raise ArgumentError, 'Must provide either `true` or `false` for '\ 'adaptive_retry_wait_to_fill profile option or for '\ 'ENV[\'AWS_ADAPTIVE_RETRY_WAIT_TO_FILL\']' end value == 'true' end def self.resolve_correct_clock_skew(cfg) value = ENV['AWS_CORRECT_CLOCK_SKEW'] || Aws.shared_config.correct_clock_skew(profile: cfg.profile) || 'true' # Raise if provided value is not true or false if value != 'true' && value != 'false' raise ArgumentError, 'Must provide either `true` or `false` for '\ 'correct_clock_skew profile option or for '\ 'ENV[\'AWS_CORRECT_CLOCK_SKEW\']' end value == 'true' end class Handler < Seahorse::Client::Handler # Max backoff (in seconds) MAX_BACKOFF = 20 def call(context) context.metadata[:retries] ||= {} config = context.config get_send_token(config) add_retry_headers(context) response = @handler.call(context) error_inspector = Retries::ErrorInspector.new( response.error, response.context.http_response.status_code ) request_bookkeeping(context, response, error_inspector) if error_inspector.endpoint_discovery?(context) key = config.endpoint_cache.extract_key(context) config.endpoint_cache.delete(key) end # Clock correction needs to be updated from the response even when # the request is not retryable but should only be updated # in the case of clock skew errors if error_inspector.clock_skew?(context) config.clock_skew.update_clock_correction(context) end # Estimated skew needs to be updated on every request config.clock_skew.update_estimated_skew(context) return response unless retryable?(context, response, error_inspector) return response if context.retries >= config.max_attempts - 1 context.metadata[:retries][:capacity_amount] = config.retry_quota.checkout_capacity(error_inspector) return response unless context.metadata[:retries][:capacity_amount] > 0 delay = exponential_backoff(context.retries) Kernel.sleep(delay) retry_request(context, error_inspector) end private def get_send_token(config) # either fail fast or block until a token becomes available # must be configurable # need a maximum rate at which we can send requests (max_send_rate) # is unset until a throttle is seen if config.retry_mode == 'adaptive' config.client_rate_limiter.token_bucket_acquire( 1, config.adaptive_retry_wait_to_fill ) end end # maxsendrate is updated if on adaptive mode and based on response # retry quota is updated if the request is successful (both modes) def request_bookkeeping(context, response, error_inspector) config = context.config if response.successful? config.retry_quota.release( context.metadata[:retries][:capacity_amount] ) end if config.retry_mode == 'adaptive' is_throttling_error = error_inspector.throttling_error? config.client_rate_limiter.update_sending_rate(is_throttling_error) end end def retryable?(context, response, error_inspector) return false if response.successful? error_inspector.retryable?(context) && context.http_response.body.respond_to?(:truncate) end def exponential_backoff(retries) # for a transient error, use backoff [Kernel.rand * 2**retries, MAX_BACKOFF].min end def retry_request(context, error) context.retries += 1 context.config.credentials.refresh! if refresh_credentials?(context, error) context.http_request.body.rewind context.http_response.reset call(context) end def refresh_credentials?(context, error) error.expired_credentials? && context.config.credentials.respond_to?(:refresh!) end def add_retry_headers(context) request_pairs = { 'attempt' => context.retries, 'max' => context.config.max_attempts } if (ttl = compute_request_ttl(context)) request_pairs['ttl'] = ttl end # create the request header formatted_header = request_pairs.map { |k, v| "#{k}=#{v}" }.join('; ') context.http_request.headers['amz-sdk-request'] = formatted_header end def compute_request_ttl(context) return if context.operation.async endpoint = context.http_request.endpoint estimated_skew = context.config.clock_skew.estimated_skew(endpoint) if context.config.respond_to?(:http_read_timeout) read_timeout = context.config.http_read_timeout end if estimated_skew && read_timeout (Time.now.utc + read_timeout + estimated_skew) .strftime('%Y%m%dT%H%M%SZ') end end end class LegacyHandler < Seahorse::Client::Handler def call(context) response = @handler.call(context) if response.error error_inspector = Retries::ErrorInspector.new( response.error, response.context.http_response.status_code ) if error_inspector.endpoint_discovery?(context) key = context.config.endpoint_cache.extract_key(context) context.config.endpoint_cache.delete(key) end retry_if_possible(response, error_inspector) else response end end private def retry_if_possible(response, error_inspector) context = response.context if should_retry?(context, error_inspector) retry_request(context, error_inspector) else response end end def retry_request(context, error) delay_retry(context) context.retries += 1 context.config.credentials.refresh! if refresh_credentials?(context, error) context.http_request.body.rewind context.http_response.reset call(context) end def delay_retry(context) context.config.retry_backoff.call(context) end def should_retry?(context, error) error.retryable?(context) && context.retries < retry_limit(context) && response_truncatable?(context) end def refresh_credentials?(context, error) error.expired_credentials? && context.config.credentials.respond_to?(:refresh!) end def retry_limit(context) context.config.retry_limit end def response_truncatable?(context) context.http_response.body.respond_to?(:truncate) end end def add_handlers(handlers, config) if config.retry_mode == 'legacy' if config.retry_limit > 0 handlers.add(LegacyHandler, step: :sign, priority: 99) end else handlers.add(Handler, step: :sign, priority: 99) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/api_key.rb0000644000004100000410000000265014563437550022731 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # Provide support for `api_key` parameter for `api-gateway` protocol # specific `api-gateway` protocol gems' user-agent class ApiKey < Seahorse::Client::Plugin option(:api_key, default: nil, doc_type: 'String', docstring: <<-DOCS) When provided, `x-api-key` header will be injected with the value provided. DOCS def add_handlers(handlers, config) handlers.add(OptionHandler, step: :initialize) handlers.add(ApiKeyHandler, step: :build, priority: 0) end # @api private class OptionHandler < Seahorse::Client::Handler def call(context) if context.operation.require_apikey if context.params.is_a?(Hash) && context.params[:api_key] api_key = context.params.delete(:api_key) end api_key = context.config.api_key if api_key.nil? context[:api_key] = api_key end @handler.call(context) end end # @api private class ApiKeyHandler < Seahorse::Client::Handler def call(context) if context[:api_key] apply_api_key(context) end @handler.call(context) end private def apply_api_key(context) context.http_request.headers['x-api-key'] = context[:api_key] end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/checksum_algorithm.rb0000644000004100000410000003002014563437550025150 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # @api private class ChecksumAlgorithm < Seahorse::Client::Plugin CHUNK_SIZE = 1 * 1024 * 1024 # one MB # determine the set of supported client side checksum algorithms # CRC32c requires aws-crt (optional sdk dependency) for support CLIENT_ALGORITHMS = begin supported = %w[SHA256 SHA1 CRC32] begin require 'aws-crt' supported << 'CRC32C' rescue LoadError end supported end.freeze # priority order of checksum algorithms to validate responses against # Remove any algorithms not supported by client (ie, depending on CRT availability) CHECKSUM_ALGORITHM_PRIORITIES = %w[CRC32C SHA1 CRC32 SHA256] & CLIENT_ALGORITHMS # byte size of checksums, used in computing the trailer length CHECKSUM_SIZE = { 'CRC32' => 16, 'CRC32C' => 16, 'SHA1' => 36, 'SHA256' => 52 } # Interface for computing digests on request/response bodies # which may be files, strings or IO like objects # Applies only to digest functions that produce 32 bit integer checksums # (eg CRC32) class Digest32 attr_reader :value # @param [Object] digest_fn def initialize(digest_fn) @digest_fn = digest_fn @value = 0 end def update(chunk) @value = @digest_fn.call(chunk, @value) end def base64digest Base64.encode64([@value].pack('N')).chomp end end def add_handlers(handlers, _config) handlers.add(OptionHandler, step: :initialize) # priority set low to ensure checksum is computed AFTER the request is # built but before it is signed handlers.add(ChecksumHandler, priority: 15, step: :build) end private def self.request_algorithm_selection(context) return unless context.operation.http_checksum input_member = context.operation.http_checksum['requestAlgorithmMember'] context.params[input_member.to_sym]&.upcase if input_member end def self.request_validation_mode(context) return unless context.operation.http_checksum input_member = context.operation.http_checksum['requestValidationModeMember'] context.params[input_member.to_sym] if input_member end def self.operation_response_algorithms(context) return unless context.operation.http_checksum context.operation.http_checksum['responseAlgorithms'] end # @api private class OptionHandler < Seahorse::Client::Handler def call(context) context[:http_checksum] ||= {} # validate request configuration if (request_input = ChecksumAlgorithm.request_algorithm_selection(context)) unless CLIENT_ALGORITHMS.include? request_input if (request_input == 'CRC32C') raise ArgumentError, "CRC32C requires crt support - install the aws-crt gem for support." else raise ArgumentError, "#{request_input} is not a supported checksum algorithm." end end end # validate response configuration if (ChecksumAlgorithm.request_validation_mode(context)) # Compute an ordered list as the union between priority supported and the # operation's modeled response algorithms. validation_list = CHECKSUM_ALGORITHM_PRIORITIES & ChecksumAlgorithm.operation_response_algorithms(context) context[:http_checksum][:validation_list] = validation_list end @handler.call(context) end end # @api private class ChecksumHandler < Seahorse::Client::Handler def call(context) if should_calculate_request_checksum?(context) request_algorithm_input = ChecksumAlgorithm.request_algorithm_selection(context) || context[:default_request_checksum_algorithm] context[:checksum_algorithms] = request_algorithm_input request_checksum_property = { 'algorithm' => request_algorithm_input, 'in' => checksum_request_in(context), 'name' => "x-amz-checksum-#{request_algorithm_input.downcase}" } calculate_request_checksum(context, request_checksum_property) end if should_verify_response_checksum?(context) add_verify_response_checksum_handlers(context) end @handler.call(context) end private def should_calculate_request_checksum?(context) context.operation.http_checksum && (ChecksumAlgorithm.request_algorithm_selection(context) || context[:default_request_checksum_algorithm]) end def should_verify_response_checksum?(context) context[:http_checksum][:validation_list] && !context[:http_checksum][:validation_list].empty? end def calculate_request_checksum(context, checksum_properties) case checksum_properties['in'] when 'header' header_name = checksum_properties['name'] body = context.http_request.body_contents if body context.http_request.headers[header_name] ||= ChecksumAlgorithm.calculate_checksum(checksum_properties['algorithm'], body) end when 'trailer' apply_request_trailer_checksum(context, checksum_properties) end end def apply_request_trailer_checksum(context, checksum_properties) location_name = checksum_properties['name'] # set required headers headers = context.http_request.headers headers['Content-Encoding'] = 'aws-chunked' headers['X-Amz-Content-Sha256'] = 'STREAMING-UNSIGNED-PAYLOAD-TRAILER' headers['X-Amz-Trailer'] = location_name # We currently always compute the size in the modified body wrapper - allowing us # to set the Content-Length header (set by content_length plugin). # This means we cannot use Transfer-Encoding=chunked if !context.http_request.body.respond_to?(:size) raise Aws::Errors::ChecksumError, 'Could not determine length of the body' end headers['X-Amz-Decoded-Content-Length'] = context.http_request.body.size context.http_request.body = AwsChunkedTrailerDigestIO.new( context.http_request.body, checksum_properties['algorithm'], location_name ) end # Add events to the http_response to verify the checksum as its read # This prevents the body from being read multiple times # verification is done only once a successful response has completed def add_verify_response_checksum_handlers(context) http_response = context.http_response checksum_context = { } http_response.on_headers do |_status, headers| header_name, algorithm = response_header_to_verify(headers, context[:http_checksum][:validation_list]) if header_name expected = headers[header_name] unless context[:http_checksum][:skip_on_suffix] && /-[\d]+$/.match(expected) checksum_context[:algorithm] = algorithm checksum_context[:header_name] = header_name checksum_context[:digest] = ChecksumAlgorithm.digest_for_algorithm(algorithm) checksum_context[:expected] = expected end end end http_response.on_data do |chunk| checksum_context[:digest].update(chunk) if checksum_context[:digest] end http_response.on_success do if checksum_context[:digest] && (computed = checksum_context[:digest].base64digest) if computed != checksum_context[:expected] raise Aws::Errors::ChecksumError, "Checksum validation failed on #{checksum_context[:header_name]} "\ "computed: #{computed}, expected: #{checksum_context[:expected]}" end context[:http_checksum][:validated] = checksum_context[:algorithm] end end end # returns nil if no headers to verify def response_header_to_verify(headers, validation_list) validation_list.each do |algorithm| header_name = "x-amz-checksum-#{algorithm}" return [header_name, algorithm] if headers[header_name] end nil end # determine where (header vs trailer) a request checksum should be added def checksum_request_in(context) if context.operation['authtype'].eql?('v4-unsigned-body') 'trailer' else 'header' end end end def self.calculate_checksum(algorithm, body) digest = ChecksumAlgorithm.digest_for_algorithm(algorithm) if body.respond_to?(:read) ChecksumAlgorithm.update_in_chunks(digest, body) else digest.update(body) end digest.base64digest end def self.digest_for_algorithm(algorithm) case algorithm when 'CRC32' Digest32.new(Zlib.method(:crc32)) when 'CRC32C' # this will only be used if input algorithm is CRC32C AND client supports it (crt available) Digest32.new(Aws::Crt::Checksums.method(:crc32c)) when 'SHA1' Digest::SHA1.new when 'SHA256' Digest::SHA256.new end end # The trailer size (in bytes) is the overhead + the trailer name + # the length of the base64 encoded checksum def self.trailer_length(algorithm, location_name) CHECKSUM_SIZE[algorithm] + location_name.size end def self.update_in_chunks(digest, io) loop do chunk = io.read(CHUNK_SIZE) break unless chunk digest.update(chunk) end io.rewind end # Wrapper for request body that implements application-layer # chunking with Digest computed on chunks + added as a trailer class AwsChunkedTrailerDigestIO CHUNK_SIZE = 16384 def initialize(io, algorithm, location_name) @io = io @location_name = location_name @algorithm = algorithm @digest = ChecksumAlgorithm.digest_for_algorithm(algorithm) @trailer_io = nil end # the size of the application layer aws-chunked + trailer body def size # compute the number of chunks # a full chunk has 4 + 4 bytes overhead, a partial chunk is len.to_s(16).size + 4 orig_body_size = @io.size n_full_chunks = orig_body_size / CHUNK_SIZE partial_bytes = orig_body_size % CHUNK_SIZE chunked_body_size = n_full_chunks * (CHUNK_SIZE + 8) chunked_body_size += partial_bytes.to_s(16).size + partial_bytes + 4 unless partial_bytes.zero? trailer_size = ChecksumAlgorithm.trailer_length(@algorithm, @location_name) chunked_body_size + trailer_size end def rewind @io.rewind end def read(length, buf = nil) # account for possible leftover bytes at the end, if we have trailer bytes, send them if @trailer_io return @trailer_io.read(length, buf) end chunk = @io.read(length) if chunk @digest.update(chunk) application_chunked = "#{chunk.bytesize.to_s(16)}\r\n#{chunk}\r\n" return StringIO.new(application_chunked).read(application_chunked.size, buf) else trailers = {} trailers[@location_name] = @digest.base64digest trailers = trailers.map { |k,v| "#{k}:#{v}"}.join("\r\n") @trailer_io = StringIO.new("0\r\n#{trailers}\r\n\r\n") chunk = @trailer_io.read(length, buf) end chunk end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/sign.rb0000644000004100000410000001455314563437550022255 0ustar www-datawww-data# frozen_string_literal: true require 'aws-sigv4' module Aws module Plugins # @api private class Sign < Seahorse::Client::Plugin # These once had defaults. But now they are used as overrides to # new endpoint and auth resolution. option(:sigv4_signer) option(:sigv4_name) option(:sigv4_region) option(:unsigned_operations, default: []) supported_auth_types = %w[sigv4 bearer sigv4-s3express none] supported_auth_types += ['sigv4a'] if Aws::Sigv4::Signer.use_crt? SUPPORTED_AUTH_TYPES = supported_auth_types.freeze def add_handlers(handlers, cfg) operations = cfg.api.operation_names - cfg.unsigned_operations handlers.add(Handler, step: :sign, operations: operations) end # @api private # Return a signer with the `sign(context)` method def self.signer_for(auth_scheme, config, sigv4_region_override = nil, sigv4_credentials_override = nil) case auth_scheme['name'] when 'sigv4', 'sigv4a', 'sigv4-s3express' sigv4_overrides = { region: sigv4_region_override, credentials: sigv4_credentials_override } SignatureV4.new(auth_scheme, config, sigv4_overrides) when 'bearer' Bearer.new else NullSigner.new end end class Handler < Seahorse::Client::Handler def call(context) # Skip signing if using sigv2 signing from s3_signer in S3 unless v2_signing?(context.config) signer = Sign.signer_for( context[:auth_scheme], context.config, context[:sigv4_region], context[:sigv4_credentials] ) signer.sign(context) end @handler.call(context) end private def v2_signing?(config) # 's3' is legacy signing, 'v4' is default config.respond_to?(:signature_version) && config.signature_version == 's3' end end # @api private class Bearer def initialize end def sign(context) if context.http_request.endpoint.scheme != 'https' raise ArgumentError, 'Unable to use bearer authorization on non https endpoint.' end token_provider = context.config.token_provider raise Errors::MissingBearerTokenError unless token_provider&.set? context.http_request.headers['Authorization'] = "Bearer #{token_provider.token.token}" end def presign_url(*args) raise ArgumentError, 'Bearer auth does not support presigned urls' end def sign_event(*args) raise ArgumentError, 'Bearer auth does not support event signing' end end # @api private class SignatureV4 def initialize(auth_scheme, config, sigv4_overrides = {}) scheme_name = auth_scheme['name'] unless %w[sigv4 sigv4a sigv4-s3express].include?(scheme_name) raise ArgumentError, "Expected sigv4, sigv4a, or sigv4-s3express auth scheme, got #{scheme_name}" end region = if scheme_name == 'sigv4a' auth_scheme['signingRegionSet'].first else auth_scheme['signingRegion'] end begin @signer = Aws::Sigv4::Signer.new( service: config.sigv4_name || auth_scheme['signingName'], region: sigv4_overrides[:region] || config.sigv4_region || region, credentials_provider: sigv4_overrides[:credentials] || config.credentials, signing_algorithm: scheme_name.to_sym, uri_escape_path: !!!auth_scheme['disableDoubleEncoding'], normalize_path: !!!auth_scheme['disableNormalizePath'], unsigned_headers: %w[content-length user-agent x-amzn-trace-id] ) rescue Aws::Sigv4::Errors::MissingCredentialsError raise Aws::Errors::MissingCredentialsError end end def sign(context) req = context.http_request apply_authtype(context, req) reset_signature(req) apply_clock_skew(context, req) # compute the signature begin signature = @signer.sign_request( http_method: req.http_method, url: req.endpoint, headers: req.headers, body: req.body ) rescue Aws::Sigv4::Errors::MissingCredentialsError # Necessary for when credentials is explicitly set to nil raise Aws::Errors::MissingCredentialsError end # apply signature headers req.headers.update(signature.headers) # add request metadata with signature components for debugging context[:canonical_request] = signature.canonical_request context[:string_to_sign] = signature.string_to_sign end def presign_url(*args) @signer.presign_url(*args) end def sign_event(*args) @signer.sign_event(*args) end private def apply_authtype(context, req) if context.operation['authtype'].eql?('v4-unsigned-body') && req.endpoint.scheme.eql?('https') req.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD' end end def reset_signature(req) # in case this request is being re-signed req.headers.delete('Authorization') req.headers.delete('X-Amz-Security-Token') req.headers.delete('X-Amz-Date') req.headers.delete('x-Amz-Region-Set') end def apply_clock_skew(context, req) if context.config.respond_to?(:clock_skew) && context.config.clock_skew && context.config.correct_clock_skew endpoint = context.http_request.endpoint skew = context.config.clock_skew.clock_correction(endpoint) if skew.abs.positive? req.headers['X-Amz-Date'] = (Time.now.utc + skew).strftime('%Y%m%dT%H%M%SZ') end end end end # @api private class NullSigner def sign(context) end def presign_url(*args) end def sign_event(*args) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb0000644000004100000410000000611714563437550026705 0ustar www-datawww-data# frozen_string_literal: true require 'date' module Aws module Plugins class ClientMetricsSendPlugin < Seahorse::Client::Plugin def add_handlers(handlers, config) if config.client_side_monitoring && config.client_side_monitoring_port # AttemptHandler comes just before we would retry an error. # Or before we would follow redirects. handlers.add(AttemptHandler, step: :sign, priority: 39) # LatencyHandler is as close to sending as possible. handlers.add(LatencyHandler, step: :sign, priority: 0) end end class LatencyHandler < Seahorse::Client::Handler def call(context) start_time = Aws::Util.monotonic_milliseconds resp = @handler.call(context) end_time = Aws::Util.monotonic_milliseconds latency = end_time - start_time context.metadata[:current_call_attempt].request_latency = latency resp end end class AttemptHandler < Seahorse::Client::Handler def call(context) request_metrics = context.metadata[:client_metrics] attempt_opts = { timestamp: DateTime.now.strftime('%Q').to_i, fqdn: context.http_request.endpoint.host, region: context.config.region, user_agent: context.http_request.headers["user-agent"], } # It will generally cause an error, but it is semantically valid for # credentials to not exist. if context.config.credentials attempt_opts[:access_key] = context.config.credentials.credentials.access_key_id attempt_opts[:session_token] = context.config.credentials.credentials.session_token end call_attempt = request_metrics.build_call_attempt(attempt_opts) context.metadata[:current_call_attempt] = call_attempt resp = @handler.call(context) if context.metadata[:redirect_region] call_attempt.region = context.metadata[:redirect_region] end headers = context.http_response.headers if headers.include?("x-amz-id-2") call_attempt.x_amz_id_2 = headers["x-amz-id-2"] end if headers.include?("x-amz-request-id") call_attempt.x_amz_request_id = headers["x-amz-request-id"] end if headers.include?("x-amzn-request-id") call_attempt.x_amzn_request_id = headers["x-amzn-request-id"] end call_attempt.http_status_code = context.http_response.status_code if e = resp.error e_name = _extract_error_name(e) e_msg = e.message call_attempt.aws_exception = "#{e_name}" call_attempt.aws_exception_msg = "#{e_msg}" end request_metrics.add_call_attempt(call_attempt) resp end private def _extract_error_name(error) if error.is_a?(Aws::Errors::ServiceError) error.class.code else error.class.name.to_s end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/transfer_encoding.rb0000644000004100000410000000300414563437550024774 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # For Streaming Input Operations, when `requiresLength` is enabled # checking whether `Content-Length` header can be set, # for `v4-unsigned-body` operations, set `Transfer-Encoding` header class TransferEncoding < Seahorse::Client::Plugin # @api private class Handler < Seahorse::Client::Handler def call(context) if streaming?(context.operation.input) # If it's an IO object and not a File / String / String IO unless context.http_request.body.respond_to?(:size) if requires_length?(context.operation.input) # if size of the IO is not available but required raise Aws::Errors::MissingContentLength.new elsif context.operation['authtype'] == "v4-unsigned-body" context.http_request.headers['Transfer-Encoding'] = 'chunked' end end end @handler.call(context) end private def streaming?(ref) if payload = ref[:payload_member] payload["streaming"] || # checking ref and shape payload.shape["streaming"] else false end end def requires_length?(ref) payload = ref[:payload_member] payload["requiresLength"] || # checking ref and shape payload.shape["requiresLength"] end end handler(Handler, step: :sign) end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/protocols/0000755000004100000410000000000014563437550023004 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/protocols/rest_xml.rb0000644000004100000410000000035414563437550025170 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins module Protocols class RestXml < Seahorse::Client::Plugin handler(Rest::Handler) handler(Xml::ErrorHandler, step: :sign) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/protocols/api_gateway.rb0000644000004100000410000000151214563437550025622 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins module Protocols class ApiGateway < Seahorse::Client::Plugin class ContentTypeHandler < Seahorse::Client::Handler def call(context) body = context.http_request.body # Rest::Handler will set a default JSON body, so size can be checked # if this handler is run after serialization. if !body.respond_to?(:size) || (body.respond_to?(:size) && body.size > 0) context.http_request.headers['Content-Type'] ||= 'application/json' end @handler.call(context) end end handler(Rest::Handler) handler(ContentTypeHandler, priority: 30) handler(Json::ErrorHandler, step: :sign) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/protocols/query.rb0000644000004100000410000000041614563437550024477 0ustar www-datawww-data# frozen_string_literal: true require_relative '../../query' module Aws module Plugins module Protocols class Query < Seahorse::Client::Plugin handler(Aws::Query::Handler) handler(Xml::ErrorHandler, step: :sign) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/protocols/ec2.rb0000644000004100000410000000161614563437550024006 0ustar www-datawww-data# frozen_string_literal: true require_relative '../../query' module Aws module Plugins module Protocols class EC2 < Seahorse::Client::Plugin class Handler < Aws::Query::Handler def apply_params(param_list, params, rules) Aws::Query::EC2ParamBuilder.new(param_list).apply(rules, params) end def parse_xml(context) if rules = context.operation.output parser = Xml::Parser.new(rules) data = parser.parse(xml(context)) do |path, value| if path.size == 2 && path.last == 'requestId' context.metadata[:request_id] = value end end data else EmptyStructure.new end end end handler(Handler) handler(Xml::ErrorHandler, step: :sign) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/protocols/json_rpc.rb0000644000004100000410000000157314563437550025154 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins module Protocols class JsonRpc < Seahorse::Client::Plugin option(:simple_json, default: false, doc_type: 'Boolean', docstring: <<-DOCS) Disables request parameter conversion, validation, and formatting. Also disable response data type conversions. This option is useful when you want to ensure the highest level of performance by avoiding overhead of walking request parameters and response data structures. When `:simple_json` is enabled, the request parameters hash must be formatted exactly as the DynamoDB API expects. DOCS option(:validate_params) { |config| !config.simple_json } option(:convert_params) { |config| !config.simple_json } handler(Json::Handler) handler(Json::ErrorHandler, step: :sign) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/protocols/rest_json.rb0000644000004100000410000000150614563437550025341 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins module Protocols class RestJson < Seahorse::Client::Plugin class ContentTypeHandler < Seahorse::Client::Handler def call(context) body = context.http_request.body # Rest::Handler will set a default JSON body, so size can be checked # if this handler is run after serialization. if !body.respond_to?(:size) || (body.respond_to?(:size) && body.size > 0) context.http_request.headers['Content-Type'] ||= 'application/json' end @handler.call(context) end end handler(Rest::Handler) handler(ContentTypeHandler, priority: 30) handler(Json::ErrorHandler, step: :sign) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/request_compression.rb0000644000004100000410000001561314563437550025424 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # @api private class RequestCompression < Seahorse::Client::Plugin DEFAULT_MIN_COMPRESSION_SIZE = 10_240 MIN_COMPRESSION_SIZE_LIMIT = 10_485_760 SUPPORTED_ENCODINGS = %w[gzip].freeze CHUNK_SIZE = 1 * 1024 * 1024 # one MB option( :disable_request_compression, default: false, doc_type: 'Boolean', docstring: <<-DOCS) do |cfg| When set to 'true' the request body will not be compressed for supported operations. DOCS resolve_disable_request_compression(cfg) end option( :request_min_compression_size_bytes, default: 10_240, doc_type: 'Integer', docstring: <<-DOCS) do |cfg| The minimum size in bytes that triggers compression for request bodies. The value must be non-negative integer value between 0 and 10485780 bytes inclusive. DOCS resolve_request_min_compression_size_bytes(cfg) end def after_initialize(client) validate_disable_request_compression_input(client.config) validate_request_min_compression_size_bytes_input(client.config) end def validate_disable_request_compression_input(cfg) unless [true, false].include?(cfg.disable_request_compression) raise ArgumentError, 'Must provide either `true` or `false` for the '\ '`disable_request_compression` configuration option.' end end def validate_request_min_compression_size_bytes_input(cfg) value = Integer(cfg.request_min_compression_size_bytes) unless value.between?(0, MIN_COMPRESSION_SIZE_LIMIT) raise ArgumentError, 'Must provide a non-negative integer value between '\ '`0` and `10485760` bytes inclusive for the '\ '`request_min_compression_size_bytes` configuration option.' end end def add_handlers(handlers, _config) # priority set to ensure compression happens BEFORE checksum handlers.add(CompressionHandler, priority: 16, step: :build) end class << self private def resolve_disable_request_compression(cfg) value = ENV['AWS_DISABLE_REQUEST_COMPRESSION'] || Aws.shared_config.disable_request_compression(profile: cfg.profile) || 'false' Aws::Util.str_2_bool(value) end def resolve_request_min_compression_size_bytes(cfg) value = ENV['AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES'] || Aws.shared_config.request_min_compression_size_bytes(profile: cfg.profile) || DEFAULT_MIN_COMPRESSION_SIZE.to_s Integer(value) end end # @api private class CompressionHandler < Seahorse::Client::Handler def call(context) if should_compress?(context) selected_encoding = request_encoding_selection(context) if selected_encoding if streaming?(context.operation.input) process_streaming_compression(selected_encoding, context) elsif context.http_request.body.size >= context.config.request_min_compression_size_bytes process_compression(selected_encoding, context) end end end @handler.call(context) end private def request_encoding_selection(context) encoding_list = context.operation.request_compression['encodings'] encoding_list.find { |encoding| RequestCompression::SUPPORTED_ENCODINGS.include?(encoding) } end def update_content_encoding(encoding, context) headers = context.http_request.headers if headers['Content-Encoding'] headers['Content-Encoding'] += ',' + encoding else headers['Content-Encoding'] = encoding end end def should_compress?(context) context.operation.request_compression && !context.config.disable_request_compression end def streaming?(input) if payload = input[:payload_member] # checking ref and shape payload['streaming'] || payload.shape['streaming'] else false end end def process_compression(encoding, context) case encoding when 'gzip' gzip_compress(context) else raise StandardError, "We currently do not support #{encoding} encoding" end update_content_encoding(encoding, context) end def gzip_compress(context) compressed = StringIO.new compressed.binmode gzip_writer = Zlib::GzipWriter.new(compressed) if context.http_request.body.respond_to?(:read) update_in_chunks(gzip_writer, context.http_request.body) else gzip_writer.write(context.http_request.body) end gzip_writer.close new_body = StringIO.new(compressed.string) context.http_request.body = new_body end def update_in_chunks(compressor, io) loop do chunk = io.read(CHUNK_SIZE) break unless chunk compressor.write(chunk) end end def process_streaming_compression(encoding, context) case encoding when 'gzip' context.http_request.body = GzipIO.new(context.http_request.body) else raise StandardError, "We currently do not support #{encoding} encoding" end update_content_encoding(encoding, context) end # @api private class GzipIO def initialize(body) @body = body @buffer = ChunkBuffer.new @gzip_writer = Zlib::GzipWriter.new(@buffer) end def read(length, buff = nil) if @gzip_writer.closed? # an empty string to signify an end as # there will be nothing remaining to be read StringIO.new('').read(length, buff) return end chunk = @body.read(length) if !chunk || chunk.empty? # closing the writer will write one last chunk # with a trailer (to be read from the @buffer) @gzip_writer.close else # flush happens first to ensure that header fields # are being sent over since write will override @gzip_writer.flush @gzip_writer.write(chunk) end StringIO.new(@buffer.last_chunk).read(length, buff) end end # @api private class ChunkBuffer def initialize @last_chunk = nil end attr_reader :last_chunk def write(data) @last_chunk = data end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/retries/0000755000004100000410000000000014563437550022435 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/retries/clock_skew.rb0000644000004100000410000000667314563437550025122 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins module Retries # @api private class ClockSkew CLOCK_SKEW_THRESHOLD = 5 * 60 # five minutes def initialize @mutex = Mutex.new # clock_corrections are recorded only on errors # and only when time difference is greater than the # CLOCK_SKEW_THRESHOLD @endpoint_clock_corrections = Hash.new(0) # estimated_skew is calculated on every request # and is used to estimate a TTL for requests @endpoint_estimated_skews = Hash.new(nil) end # Gets the clock_correction in seconds to apply to a given endpoint # @param endpoint [URI / String] def clock_correction(endpoint) @mutex.synchronize { @endpoint_clock_corrections[endpoint.to_s] } end # The estimated skew factors in any clock skew from # the service along with any network latency. # This provides a more accurate value for the ttl, # which should represent when the client will stop # waiting for a request. # Estimated Skew should not be used to correct clock skew errors # it should only be used to estimate TTL for a request def estimated_skew(endpoint) @mutex.synchronize { @endpoint_estimated_skews[endpoint.to_s] } end # Determines whether a request has clock skew by comparing # the current time against the server's time in the response # @param context [Seahorse::Client::RequestContext] def clock_skewed?(context) server_time = server_time(context.http_response) !!server_time && (Time.now.utc - server_time).abs > CLOCK_SKEW_THRESHOLD end # Called only on clock skew related errors # Update the stored clock skew correction value for an endpoint # from the server's time in the response # @param context [Seahorse::Client::RequestContext] def update_clock_correction(context) endpoint = context.http_request.endpoint now_utc = Time.now.utc server_time = server_time(context.http_response) if server_time && (now_utc - server_time).abs > CLOCK_SKEW_THRESHOLD set_clock_correction(endpoint, server_time - now_utc) end end # Called for every request # Update our estimated clock skew for the endpoint # from the servers time in the response # @param context [Seahorse::Client::RequestContext] def update_estimated_skew(context) endpoint = context.http_request.endpoint now_utc = Time.now.utc server_time = server_time(context.http_response) return unless server_time @mutex.synchronize do @endpoint_estimated_skews[endpoint.to_s] = server_time - now_utc end end private # @param response [Seahorse::Client::Http::Response:] def server_time(response) begin Time.parse(response.headers['date']).utc rescue nil end end # Sets the clock correction for an endpoint # @param endpoint [URI / String] # @param correction [Number] def set_clock_correction(endpoint, correction) @mutex.synchronize do @endpoint_clock_corrections[endpoint.to_s] = correction end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/retries/retry_quota.rb0000644000004100000410000000373514563437550025350 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins module Retries # @api private # Used in 'standard' and 'adaptive' retry modes. class RetryQuota INITIAL_RETRY_TOKENS = 500 RETRY_COST = 5 NO_RETRY_INCREMENT = 1 TIMEOUT_RETRY_COST = 10 def initialize(opts = {}) @mutex = Mutex.new @max_capacity = opts.fetch(:max_capacity, INITIAL_RETRY_TOKENS) @available_capacity = @max_capacity end # check if there is sufficient capacity to retry # and return it. If there is insufficient capacity # return 0 # @return [Integer] The amount of capacity checked out def checkout_capacity(error_inspector) @mutex.synchronize do capacity_amount = if error_inspector.networking? TIMEOUT_RETRY_COST else RETRY_COST end # unable to acquire capacity return 0 if capacity_amount > @available_capacity @available_capacity -= capacity_amount capacity_amount end end # capacity_amount refers to the amount of capacity requested from # the last retry. It can either be RETRY_COST, TIMEOUT_RETRY_COST, # or unset. def release(capacity_amount) # Implementation note: The release() method is called for # every API call. In the common case where the request is # successful and we're at full capacity, we can avoid locking. # We can't exceed max capacity so there's no work we have to do. return if @available_capacity == @max_capacity @mutex.synchronize do @available_capacity += capacity_amount || NO_RETRY_INCREMENT @available_capacity = [@available_capacity, @max_capacity].min end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/retries/client_rate_limiter.rb0000644000004100000410000001075114563437550027004 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins module Retries # @api private # Used only in 'adaptive' retry mode class ClientRateLimiter MIN_CAPACITY = 1 MIN_FILL_RATE = 0.5 SMOOTH = 0.8 # How much to scale back after a throttling response BETA = 0.7 # Controls how aggressively we scale up after being throttled SCALE_CONSTANT = 0.4 def initialize @mutex = Mutex.new @fill_rate = nil @max_capacity = nil @current_capacity = 0 @last_timestamp = nil @enabled = false @measured_tx_rate = 0 @last_tx_rate_bucket = Aws::Util.monotonic_seconds @request_count = 0 @last_max_rate = 0 @last_throttle_time = Aws::Util.monotonic_seconds @calculated_rate = nil end def token_bucket_acquire(amount, wait_to_fill = true) # Client side throttling is not enabled until we see a # throttling error return unless @enabled @mutex.synchronize do token_bucket_refill # Next see if we have enough capacity for the requested amount while @current_capacity < amount raise Aws::Errors::RetryCapacityNotAvailableError unless wait_to_fill @mutex.sleep((amount - @current_capacity) / @fill_rate) token_bucket_refill end @current_capacity -= amount end end def update_sending_rate(is_throttling_error) @mutex.synchronize do update_measured_rate if is_throttling_error rate_to_use = if @enabled [@measured_tx_rate, @fill_rate].min else @measured_tx_rate end # The fill_rate is from the token bucket @last_max_rate = rate_to_use calculate_time_window @last_throttle_time = Aws::Util.monotonic_seconds @calculated_rate = cubic_throttle(rate_to_use) enable_token_bucket else calculate_time_window @calculated_rate = cubic_success(Aws::Util.monotonic_seconds) end new_rate = [@calculated_rate, 2 * @measured_tx_rate].min token_bucket_update_rate(new_rate) end end private def token_bucket_refill timestamp = Aws::Util.monotonic_seconds unless @last_timestamp @last_timestamp = timestamp return end fill_amount = (timestamp - @last_timestamp) * @fill_rate @current_capacity = [ @max_capacity, @current_capacity + fill_amount ].min @last_timestamp = timestamp end def token_bucket_update_rate(new_rps) # Refill based on our current rate before we update to the # new fill rate token_bucket_refill @fill_rate = [new_rps, MIN_FILL_RATE].max @max_capacity = [new_rps, MIN_CAPACITY].max # When we scale down we can't have a current capacity that exceeds our # max_capacity. @current_capacity = [@current_capacity, @max_capacity].min end def enable_token_bucket @enabled = true end def update_measured_rate t = Aws::Util.monotonic_seconds time_bucket = (t * 2).floor / 2.0 @request_count += 1 if time_bucket > @last_tx_rate_bucket current_rate = @request_count / (time_bucket - @last_tx_rate_bucket) @measured_tx_rate = (current_rate * SMOOTH) + (@measured_tx_rate * (1 - SMOOTH)) @request_count = 0 @last_tx_rate_bucket = time_bucket end end def calculate_time_window # This is broken out into a separate calculation because it only # gets updated when @last_max_rate changes so it can be cached. @time_window = ((@last_max_rate * (1 - BETA)) / SCALE_CONSTANT)**(1.0 / 3) end def cubic_success(timestamp) dt = timestamp - @last_throttle_time (SCALE_CONSTANT * ((dt - @time_window)**3)) + @last_max_rate end def cubic_throttle(rate_to_use) rate_to_use * BETA end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/retries/error_inspector.rb0000644000004100000410000001105514563437550026203 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins module Retries # @api private # This class will be obsolete when APIs contain modeled exceptions class ErrorInspector EXPIRED_CREDS = Set.new( [ 'InvalidClientTokenId', # query services 'UnrecognizedClientException', # json services 'InvalidAccessKeyId', # s3 'AuthFailure', # ec2 'InvalidIdentityToken', # sts 'ExpiredToken', # route53 'ExpiredTokenException' # kinesis ] ) THROTTLING_ERRORS = Set.new( [ 'Throttling', # query services 'ThrottlingException', # json services 'ThrottledException', # sns 'RequestThrottled', # sqs 'RequestThrottledException', # generic service 'ProvisionedThroughputExceededException', # dynamodb 'TransactionInProgressException', # dynamodb 'RequestLimitExceeded', # ec2 'BandwidthLimitExceeded', # cloud search 'LimitExceededException', # kinesis 'TooManyRequestsException', # batch 'PriorRequestNotComplete', # route53 'SlowDown', # s3 'EC2ThrottledException' # ec2 ] ) CHECKSUM_ERRORS = Set.new( [ 'CRC32CheckFailed', # dynamodb 'BadDigest' # s3 ] ) NETWORKING_ERRORS = Set.new( [ 'RequestTimeout', # s3 'InternalError', # s3 'RequestTimeoutException', # glacier 'IDPCommunicationError' # sts ] ) # See: https://github.com/aws/aws-sdk-net/blob/5810dfe401e0eac2e59d02276d4b479224b4538e/sdk/src/Core/Amazon.Runtime/Pipeline/RetryHandler/RetryPolicy.cs#L78 CLOCK_SKEW_ERRORS = Set.new( [ 'RequestTimeTooSkewed', 'RequestExpired', 'InvalidSignatureException', 'SignatureDoesNotMatch', 'AuthFailure', 'RequestInTheFuture' ] ) def initialize(error, http_status_code) @error = error @name = extract_name(@error) @http_status_code = http_status_code end def expired_credentials? !!(EXPIRED_CREDS.include?(@name) || @name.match(/expired/i)) end def throttling_error? !!(THROTTLING_ERRORS.include?(@name) || @name.match(/throttl/i) || @http_status_code == 429) || modeled_throttling? end def checksum? CHECKSUM_ERRORS.include?(@name) end def networking? @error.is_a?(Seahorse::Client::NetworkingError) || @error.is_a?(Errors::NoSuchEndpointError) || NETWORKING_ERRORS.include?(@name) end def server? (500..599).cover?(@http_status_code) end def endpoint_discovery?(context) return false unless context.operation.endpoint_discovery @http_status_code == 421 || @name == 'InvalidEndpointException' || @error.is_a?(Errors::EndpointDiscoveryError) end def modeled_retryable? @error.is_a?(Errors::ServiceError) && @error.retryable? end def modeled_throttling? @error.is_a?(Errors::ServiceError) && @error.throttling? end def clock_skew?(context) CLOCK_SKEW_ERRORS.include?(@name) && context.config.clock_skew.clock_skewed?(context) end def retryable?(context) server? || modeled_retryable? || throttling_error? || networking? || checksum? || endpoint_discovery?(context) || (expired_credentials? && refreshable_credentials?(context)) || clock_skew?(context) end private def refreshable_credentials?(context) context.config.credentials.respond_to?(:refresh!) end def extract_name(error) if error.is_a?(Errors::ServiceError) error.class.code || error.class.name.to_s else error.class.name.to_s end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/apig_authorizer_token.rb0000644000004100000410000000154114563437550025702 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # apply APIG custom authorizer token to # operations with 'authtype' of 'custom' only class APIGAuthorizerToken < Seahorse::Client::Plugin option(:authorizer_token, default: nil) def add_handlers(handlers, config) handlers.add(AuthTokenHandler, step: :sign) end # @api private class AuthTokenHandler < Seahorse::Client::Handler def call(context) if context.operation['authtype'] == 'custom' && context.config.authorizer_token && context.authorizer.placement[:location] == 'header' header = context.authorizer.placement[:name] context.http_request.headers[header] = context.config.authorizer_token end @handler.call(context) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/stub_responses.rb0000644000004100000410000000715614563437550024374 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # @api private class StubResponses < Seahorse::Client::Plugin option(:stub_responses, default: false, doc_type: 'Boolean', rbs_type: 'untyped', docstring: <<-DOCS) Causes the client to return stubbed responses. By default fake responses are generated and returned. You can specify the response data to return or errors to raise by calling {ClientStubs#stub_responses}. See {ClientStubs} for more information. ** Please note ** When response stubbing is enabled, no HTTP requests are made, and retries are disabled. DOCS option(:region) do |config| 'us-stubbed-1' if config.stub_responses end option(:credentials) do |config| if config.stub_responses Credentials.new('stubbed-akid', 'stubbed-secret') end end def add_handlers(handlers, config) handlers.add(Handler, step: :send) if config.stub_responses end def after_initialize(client) if client.config.stub_responses client.setup_stubbing client.handlers.remove(RetryErrors::Handler) client.handlers.remove(RetryErrors::LegacyHandler) client.handlers.remove(ClientMetricsPlugin::Handler) client.handlers.remove(ClientMetricsSendPlugin::LatencyHandler) client.handlers.remove(ClientMetricsSendPlugin::AttemptHandler) client.handlers.remove(Seahorse::Client::Plugins::RequestCallback::OptionHandler) client.handlers.remove(Seahorse::Client::Plugins::RequestCallback::ReadCallbackHandler) end end class Handler < Seahorse::Client::Handler def call(context) stub = context.client.next_stub(context) resp = Seahorse::Client::Response.new(context: context) async_mode = context.client.is_a? Seahorse::Client::AsyncBase if Hash === stub && stub[:mutex] stub[:mutex].synchronize { apply_stub(stub, resp, async_mode) } else apply_stub(stub, resp, async_mode) end async_mode ? Seahorse::Client::AsyncResponse.new( context: context, stream: context[:input_event_stream_handler].event_emitter.stream, sync_queue: Queue.new) : resp end def apply_stub(stub, response, async_mode = false) http_resp = response.context.http_response case when stub[:error] then signal_error(stub[:error], http_resp) when stub[:http] then signal_http(stub[:http], http_resp, async_mode) when stub[:data] then response.data = stub[:data] end end def signal_error(error, http_resp) if Exception === error http_resp.signal_error(error) else http_resp.signal_error(error.new) end end # @param [Seahorse::Client::Http::Response] stub # @param [Seahorse::Client::Http::Response | Seahorse::Client::Http::AsyncResponse] http_resp # @param [Boolean] async_mode def signal_http(stub, http_resp, async_mode = false) if async_mode h2_headers = stub.headers.to_h.inject([]) do |arr, (k, v)| arr << [k, v] end h2_headers << [":status", stub.status_code] http_resp.signal_headers(h2_headers) else http_resp.signal_headers(stub.status_code, stub.headers.to_h) end while chunk = stub.body.read(1024 * 1024) http_resp.signal_data(chunk) end stub.body.rewind http_resp.signal_done end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/event_stream_configuration.rb0000644000004100000410000000162514563437550026734 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins class EventStreamConfiguration < Seahorse::Client::Plugin option(:event_stream_handler, default: nil, doc_type: 'Proc', docstring: <<-DOCS) When an EventStream or Proc object is provided, it will be used as callback for each chunk of event stream response received along the way. DOCS option(:input_event_stream_handler, default: nil, doc_type: 'Proc', docstring: <<-DOCS) When an EventStream or Proc object is provided, it can be used for sending events for the event stream. DOCS option(:output_event_stream_handler, default: nil, doc_type: 'Proc', docstring: <<-DOCS) When an EventStream or Proc object is provided, it will be used as callback for each chunk of event stream response received along the way. DOCS end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/jsonvalue_converter.rb0000644000004100000410000000341414563437550025404 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # Converts input value to JSON Syntax for members with jsonvalue trait class JsonvalueConverter < Seahorse::Client::Plugin # @api private class Handler < Seahorse::Client::Handler def call(context) context.operation.input.shape.members.each do |m, ref| convert_jsonvalue(m, ref, context.params, 'params') end @handler.call(context) end def convert_jsonvalue(m, ref, params, context) return if params.nil? || !params.key?(m) if ref['jsonvalue'] params[m] = serialize_jsonvalue(params[m], "#{context}[#{m}]") else case ref.shape when Seahorse::Model::Shapes::StructureShape ref.shape.members.each do |member_m, ref| convert_jsonvalue(member_m, ref, params[m], "#{context}[#{m}]") end when Seahorse::Model::Shapes::ListShape if ref.shape.member['jsonvalue'] params[m] = params[m].each_with_index.map do |v, i| serialize_jsonvalue(v, "#{context}[#{m}][#{i}]") end end when Seahorse::Model::Shapes::MapShape if ref.shape.value['jsonvalue'] params[m].each do |k, v| params[m][k] = serialize_jsonvalue(v, "#{context}[#{m}][#{k}]") end end end end end def serialize_jsonvalue(v, context) unless v.respond_to?(:to_json) raise ArgumentError, "The value of #{context} is not JSON serializable." end v.to_json end end handler(Handler, step: :initialize) end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/client_metrics_plugin.rb0000644000004100000410000002651214563437550025675 0ustar www-datawww-data# frozen_string_literal: true require 'date' require_relative 'retries/error_inspector' module Aws module Plugins class ClientMetricsPlugin < Seahorse::Client::Plugin option(:client_side_monitoring, default: false, doc_type: 'Boolean', docstring: <<-DOCS) do |cfg| When `true`, client-side metrics will be collected for all API requests from this client. DOCS resolve_client_side_monitoring(cfg) end option(:client_side_monitoring_port, default: 31000, doc_type: Integer, docstring: <<-DOCS) do |cfg| Required for publishing client metrics. The port that the client side monitoring agent is running on, where client metrics will be published via UDP. DOCS resolve_client_side_monitoring_port(cfg) end option(:client_side_monitoring_host, default: "127.0.0.1", doc_type: String, docstring: <<-DOCS) do |cfg| Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client side monitoring agent is running on, where client metrics will be published via UDP. DOCS resolve_client_side_monitoring_host(cfg) end option(:client_side_monitoring_publisher, default: ClientSideMonitoring::Publisher, doc_type: Aws::ClientSideMonitoring::Publisher, rbs_type: 'untyped', docstring: <<-DOCS) do |cfg| Allows you to provide a custom client-side monitoring publisher class. By default, will use the Client Side Monitoring Agent Publisher. DOCS resolve_publisher(cfg) end option(:client_side_monitoring_client_id, default: "", doc_type: String, docstring: <<-DOCS) do |cfg| Allows you to provide an identifier for this client which will be attached to all generated client side metrics. Defaults to an empty string. DOCS resolve_client_id(cfg) end def add_handlers(handlers, config) if config.client_side_monitoring && config.client_side_monitoring_port handlers.add(Handler, step: :initialize) publisher = config.client_side_monitoring_publisher publisher.agent_port = config.client_side_monitoring_port publisher.agent_host = config.client_side_monitoring_host end end private def self.resolve_publisher(cfg) ClientSideMonitoring::Publisher.new end def self.resolve_client_side_monitoring_port(cfg) env_source = ENV["AWS_CSM_PORT"] env_source = nil if env_source == "" cfg_source = Aws.shared_config.csm_port(profile: cfg.profile) if env_source env_source.to_i elsif cfg_source cfg_source.to_i else 31000 end end def self.resolve_client_side_monitoring_host(cfg) env_source = ENV["AWS_CSM_HOST"] env_source = nil if env_source == "" cfg_source = Aws.shared_config.csm_host(profile: cfg.profile) if env_source env_source elsif cfg_source cfg_source else "127.0.0.1" end end def self.resolve_client_side_monitoring(cfg) env_source = ENV["AWS_CSM_ENABLED"] env_source = nil if env_source == "" if env_source.is_a?(String) && (env_source.downcase == "false" || env_source.downcase == "f") env_source = false end cfg_source = Aws.shared_config.csm_enabled(profile: cfg.profile) if env_source || cfg_source true else false end end def self.resolve_client_id(cfg) default = "" env_source = ENV["AWS_CSM_CLIENT_ID"] env_source = nil if env_source == "" cfg_source = Aws.shared_config.csm_client_id(profile: cfg.profile) env_source || cfg_source || default end class Handler < Seahorse::Client::Handler def call(context) publisher = context.config.client_side_monitoring_publisher service_id = context.config.api.metadata["serviceId"] # serviceId not present in all versions, need a fallback service_id ||= _calculate_service_id(context) request_metrics = ClientSideMonitoring::RequestMetrics.new( service: service_id, operation: context.operation.name, client_id: context.config.client_side_monitoring_client_id, region: context.config.region, timestamp: DateTime.now.strftime('%Q').to_i, ) context.metadata[:client_metrics] = request_metrics start_time = Aws::Util.monotonic_milliseconds final_error_retryable = false final_aws_exception = nil final_aws_exception_message = nil final_sdk_exception = nil final_sdk_exception_message = nil begin @handler.call(context) rescue StandardError => e # Handle SDK Exceptions inspector = Retries::ErrorInspector.new( e, context.http_response.status_code ) if inspector.retryable?(context) final_error_retryable = true end if request_metrics.api_call_attempts.empty? attempt = request_metrics.build_call_attempt attempt.sdk_exception = e.class.to_s attempt.sdk_exception_msg = e.message request_metrics.add_call_attempt(attempt) elsif request_metrics.api_call_attempts.last.aws_exception.nil? # Handle exceptions during response handlers attempt = request_metrics.api_call_attempts.last attempt.sdk_exception = e.class.to_s attempt.sdk_exception_msg = e.message elsif !e.class.to_s.match(request_metrics.api_call_attempts.last.aws_exception) # Handle response handling exceptions that happened in addition to # an AWS exception attempt = request_metrics.api_call_attempts.last attempt.sdk_exception = e.class.to_s attempt.sdk_exception_msg = e.message end # Else we don't have an SDK exception and are done. final_attempt = request_metrics.api_call_attempts.last final_aws_exception = final_attempt.aws_exception final_aws_exception_message = final_attempt.aws_exception_msg final_sdk_exception = final_attempt.sdk_exception final_sdk_exception_message = final_attempt.sdk_exception_msg raise e ensure end_time = Aws::Util.monotonic_milliseconds complete_opts = { latency: end_time - start_time, attempt_count: context.retries + 1, user_agent: context.http_request.headers["user-agent"], final_error_retryable: final_error_retryable, final_http_status_code: context.http_response.status_code, final_aws_exception: final_aws_exception, final_aws_exception_message: final_aws_exception_message, final_sdk_exception: final_sdk_exception, final_sdk_exception_message: final_sdk_exception_message } if context.metadata[:redirect_region] complete_opts[:region] = context.metadata[:redirect_region] end request_metrics.api_call.complete(complete_opts) # Report the metrics by passing the complete RequestMetrics object if publisher publisher.publish(request_metrics) end # Else we drop all this on the floor. end end private def _calculate_service_id(context) class_name = context.client.class.to_s.match(/(.+)::Client/)[1] class_name.sub!(/^Aws::/, '') _fallback_service_id(class_name) end def _fallback_service_id(id) # Need hard-coded exceptions since information needed to # reverse-engineer serviceId is not present in older versions. # This list should not need to grow. exceptions = { "ACMPCA" => "ACM PCA", "APIGateway" => "API Gateway", "AlexaForBusiness" => "Alexa For Business", "ApplicationAutoScaling" => "Application Auto Scaling", "ApplicationDiscoveryService" => "Application Discovery Service", "AutoScaling" => "Auto Scaling", "AutoScalingPlans" => "Auto Scaling Plans", "CloudHSMV2" => "CloudHSM V2", "CloudSearchDomain" => "CloudSearch Domain", "CloudWatchEvents" => "CloudWatch Events", "CloudWatchLogs" => "CloudWatch Logs", "CognitoIdentity" => "Cognito Identity", "CognitoIdentityProvider" => "Cognito Identity Provider", "CognitoSync" => "Cognito Sync", "ConfigService" => "Config Service", "CostExplorer" => "Cost Explorer", "CostandUsageReportService" => "Cost and Usage Report Service", "DataPipeline" => "Data Pipeline", "DatabaseMigrationService" => "Database Migration Service", "DeviceFarm" => "Device Farm", "DirectConnect" => "Direct Connect", "DirectoryService" => "Directory Service", "DynamoDBStreams" => "DynamoDB Streams", "ElasticBeanstalk" => "Elastic Beanstalk", "ElasticLoadBalancing" => "Elastic Load Balancing", "ElasticLoadBalancingV2" => "Elastic Load Balancing v2", "ElasticTranscoder" => "Elastic Transcoder", "ElasticsearchService" => "Elasticsearch Service", "IoTDataPlane" => "IoT Data Plane", "IoTJobsDataPlane" => "IoT Jobs Data Plane", "IoT1ClickDevicesService" => "IoT 1Click Devices Service", "IoT1ClickProjects" => "IoT 1Click Projects", "KinesisAnalytics" => "Kinesis Analytics", "KinesisVideo" => "Kinesis Video", "KinesisVideoArchivedMedia" => "Kinesis Video Archived Media", "KinesisVideoMedia" => "Kinesis Video Media", "LambdaPreview" => "Lambda", "Lex" => "Lex Runtime Service", "LexModelBuildingService" => "Lex Model Building Service", "Lightsail" => "Lightsail", "MQ" => "mq", "MachineLearning" => "Machine Learning", "MarketplaceCommerceAnalytics" => "Marketplace Commerce Analytics", "MarketplaceEntitlementService" => "Marketplace Entitlement Service", "MarketplaceMetering" => "Marketplace Metering", "MediaStoreData" => "MediaStore Data", "MigrationHub" => "Migration Hub", "ResourceGroups" => "Resource Groups", "ResourceGroupsTaggingAPI" => "Resource Groups Tagging API", "Route53" => "Route 53", "Route53Domains" => "Route 53 Domains", "SecretsManager" => "Secrets Manager", "SageMakerRuntime" => "SageMaker Runtime", "ServiceCatalog" => "Service Catalog", "ServiceDiscovery" => "ServiceDiscovery", "Signer" => "signer", "States" => "SFN", "StorageGateway" => "Storage Gateway", "TranscribeService" => "Transcribe Service", "WAFRegional" => "WAF Regional", } if exceptions[id] exceptions[id] else id end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/regional_endpoint.rb0000644000004100000410000001551714563437550025016 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # @api private class RegionalEndpoint < Seahorse::Client::Plugin option(:profile) option(:region, required: true, doc_type: String, docstring: <<-DOCS) do |cfg| The AWS region to connect to. The configured `:region` is used to determine the service `:endpoint`. When not passed, a default `:region` is searched for in the following locations: * `Aws.config[:region]` * `ENV['AWS_REGION']` * `ENV['AMAZON_REGION']` * `ENV['AWS_DEFAULT_REGION']` * `~/.aws/credentials` * `~/.aws/config` DOCS resolve_region(cfg) end option(:use_dualstack_endpoint, doc_type: 'Boolean', docstring: <<-DOCS) do |cfg| When set to `true`, dualstack enabled endpoints (with `.aws` TLD) will be used if available. DOCS resolve_use_dualstack_endpoint(cfg) end option(:use_fips_endpoint, doc_type: 'Boolean', docstring: <<-DOCS) do |cfg| When set to `true`, fips compatible endpoints will be used if available. When a `fips` region is used, the region is normalized and this config is set to `true`. DOCS resolve_use_fips_endpoint(cfg) end # This option signals whether :endpoint was provided or not. # Legacy endpoints must continue to be generated at client time. option(:regional_endpoint, false) option(:ignore_configured_endpoint_urls, doc_type: 'Boolean', docstring: <<-DOCS) do |cfg| Setting to true disables use of endpoint URLs provided via environment variables and the shared configuration file. DOCS resolve_ignore_configured_endpoint_urls(cfg) end option(:endpoint, doc_type: String, docstring: <<-DOCS) do |cfg| The client endpoint is normally constructed from the `:region` option. You should only configure an `:endpoint` when connecting to test or custom endpoints. This should be a valid HTTP(S) URI. DOCS resolve_endpoint(cfg) end def after_initialize(client) if client.config.region.nil? || client.config.region == '' raise Errors::MissingRegionError end end class << self private def resolve_region(cfg) keys = %w[AWS_REGION AMAZON_REGION AWS_DEFAULT_REGION] env_region = ENV.values_at(*keys).compact.first env_region = nil if env_region == '' cfg_region = Aws.shared_config.region(profile: cfg.profile) env_region || cfg_region end def resolve_use_dualstack_endpoint(cfg) value = ENV['AWS_USE_DUALSTACK_ENDPOINT'] value ||= Aws.shared_config.use_dualstack_endpoint( profile: cfg.profile ) Aws::Util.str_2_bool(value) || false end def resolve_use_fips_endpoint(cfg) value = ENV['AWS_USE_FIPS_ENDPOINT'] value ||= Aws.shared_config.use_fips_endpoint(profile: cfg.profile) Aws::Util.str_2_bool(value) || false end def resolve_ignore_configured_endpoint_urls(cfg) value = ENV['AWS_IGNORE_CONFIGURED_ENDPOINT_URLS'] value ||= Aws.shared_config.ignore_configured_endpoint_urls(profile: cfg.profile) Aws::Util.str_2_bool(value&.downcase) || false end # NOTE: with Endpoints 2.0, some of this logic is deprecated # but because new old service gems may depend on new core versions # we must preserve that behavior. # Additional behavior controls the setting of the custom SDK::Endpoint # parameter. # When the `regional_endpoint` config is set to true - this indicates to # Endpoints2.0 that a custom endpoint has NOT been configured by the user. def resolve_endpoint(cfg) endpoint = resolve_custom_config_endpoint(cfg) endpoint_prefix = cfg.api.metadata['endpointPrefix'] return endpoint unless endpoint.nil? && cfg.region && endpoint_prefix validate_region!(cfg.region) handle_legacy_pseudo_regions(cfg) # set regional_endpoint flag - this indicates to Endpoints 2.0 # that a custom endpoint has NOT been configured by the user cfg.override_config(:regional_endpoint, true) resolve_legacy_endpoint(cfg) end # get a custom configured endpoint from ENV or configuration def resolve_custom_config_endpoint(cfg) return if cfg.ignore_configured_endpoint_urls env_service_endpoint(cfg) || env_global_endpoint(cfg) || shared_config_endpoint(cfg) end def env_service_endpoint(cfg) service_id = cfg.api.metadata['serviceId'] || cfg.api.metadata['endpointPrefix'] env_service_id = service_id.gsub(" ", "_").upcase return unless endpoint = ENV["AWS_ENDPOINT_URL_#{env_service_id}"] cfg.logger&.debug( "Endpoint configured from ENV['AWS_ENDPOINT_URL_#{env_service_id}']: #{endpoint}\n") endpoint end def env_global_endpoint(cfg) return unless endpoint = ENV['AWS_ENDPOINT_URL'] cfg.logger&.debug( "Endpoint configured from ENV['AWS_ENDPOINT_URL']: #{endpoint}\n") endpoint end def shared_config_endpoint(cfg) service_id = cfg.api.metadata['serviceId'] || cfg.api.metadata['endpointPrefix'] return unless endpoint = Aws.shared_config.configured_endpoint(profile: cfg.profile, service_id: service_id) cfg.logger&.debug( "Endpoint configured from shared config(profile: #{cfg.profile}): #{endpoint}\n") endpoint end # check region is a valid RFC host label def validate_region!(region) unless Seahorse::Util.host_label?(region) raise Errors::InvalidRegionError end end def handle_legacy_pseudo_regions(cfg) region = cfg.region new_region = region.gsub('fips-', '').gsub('-fips', '') if region != new_region warn("Legacy region #{region} was transformed to #{new_region}."\ '`use_fips_endpoint` config was set to true.') cfg.override_config(:use_fips_endpoint, true) cfg.override_config(:region, new_region) end end # set a default endpoint in config using legacy (endpoints.json) resolver def resolve_legacy_endpoint(cfg) endpoint_prefix = cfg.api.metadata['endpointPrefix'] if cfg.respond_to?(:sts_regional_endpoints) sts_regional = cfg.sts_regional_endpoints end Aws::Partitions::EndpointProvider.resolve( cfg.region, endpoint_prefix, sts_regional, { dualstack: cfg.use_dualstack_endpoint, fips: cfg.use_fips_endpoint } ) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/signature_v2.rb0000644000004100000410000000237514563437550023724 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # @api private # Necessary to keep after Endpoints 2.0 class SignatureV2 < Seahorse::Client::Plugin option(:v2_signer) do |cfg| Aws::Sigv2::Signer.new(credentials_provider: cfg.credentials) end def add_handlers(handlers, _) handlers.add(Handler, step: :sign) end class Handler < Seahorse::Client::Handler def call(context) apply_signature( context.http_request, context.config.v2_signer ) @handler.call(context) end private def apply_signature(req, signer) param_list = req.body.param_list param_list.delete('Timestamp') # in case of re-signing signature = signer.sign_request( http_method: req.http_method, url: req.endpoint, params: param_list.inject({}) do |hash, param| hash[param.name] = param.value hash end ) # apply signature signature.each_pair do |param_name, param_value| param_list.set(param_name, param_value) end req.body = param_list.to_io end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/response_paging.rb0000644000004100000410000000102114563437550024462 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # @api private class ResponsePaging < Seahorse::Client::Plugin class Handler < Seahorse::Client::Handler def call(context) context[:original_params] = context.params resp = @handler.call(context) PageableResponse.apply(resp) resp.pager = context.operation[:pager] || Aws::Pager::NullPager.new resp end end handle(Handler, step: :initialize, priority: 90) end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/helpful_socket_errors.rb0000644000004100000410000000226314563437550025713 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # @api private class HelpfulSocketErrors < Seahorse::Client::Plugin class Handler < Seahorse::Client::Handler # Wrap `SocketError` errors with `Aws::Errors::NoSuchEndpointError` def call(context) response = @handler.call(context) response.context.http_response.on_error do |error| if socket_endpoint_error?(error) response.error = no_such_endpoint_error(context, error) end end response end private def socket_endpoint_error?(error) Seahorse::Client::NetworkingError === error && SocketError === error.original_error && error.original_error.message.match(/failed to open tcp connection/i) && error.original_error.message.match(/getaddrinfo: nodename nor servname provided, or not known/i) end def no_such_endpoint_error(context, error) Errors::NoSuchEndpointError.new({ context: context, original_error: error.original_error, }) end end handle(Handler, step: :sign) end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/param_validator.rb0000644000004100000410000000132014563437550024446 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # @api private class ParamValidator < Seahorse::Client::Plugin option(:validate_params, default: true, doc_type: 'Boolean', docstring: <<-DOCS) When `true`, request parameters are validated before sending the request. DOCS def add_handlers(handlers, config) if config.validate_params handlers.add(Handler, step: :validate, priority: 50) end end class Handler < Seahorse::Client::Handler def call(context) Aws::ParamValidator.validate!(context.operation.input, context.params) @handler.call(context) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/apig_user_agent.rb0000644000004100000410000000150614563437550024443 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # @api private class APIGUserAgent < Seahorse::Client::Plugin option(:user_agent_suffix) # @api private class Handler < Seahorse::Client::Handler def call(context) set_user_agent(context) @handler.call(context) end def set_user_agent(context) ua = "aws-apig-ruby/#{CORE_GEM_VERSION}" begin ua += " #{RUBY_ENGINE}/#{RUBY_VERSION}" rescue ua += " RUBY_ENGINE_NA/#{RUBY_VERSION}" end ua += " #{RUBY_PLATFORM}" ua += " #{context.config.user_agent_suffix}" if context.config.user_agent_suffix context.http_request.headers['User-Agent'] = ua.strip end end handler(Handler) end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/bearer_authorization.rb0000644000004100000410000000432314563437550025527 0ustar www-datawww-data# frozen_string_literal: true module Aws # @api private module Plugins # @api private class BearerAuthorization < Seahorse::Client::Plugin option(:token_provider, required: false, doc_type: 'Aws::TokenProvider', docstring: <<-DOCS A Bearer Token Provider. This can be an instance of any one of the following classes: * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing tokens. * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an access token generated from `aws login`. When `:token_provider` is not configured directly, the `Aws::TokenProviderChain` will be used to search for tokens configured for your profile in shared configuration files. DOCS ) do |config| if config.stub_responses StaticTokenProvider.new('token') else TokenProviderChain.new(config).resolve end end def add_handlers(handlers, cfg) bearer_operations = if cfg.api.metadata['signatureVersion'] == 'bearer' # select operations where authtype is either not set or is bearer cfg.api.operation_names.select do |o| !cfg.api.operation(o)['authtype'] || cfg.api.operation(o)['authtype'] == 'bearer' end else # service is not bearer auth # select only operations where authtype is explicitly bearer cfg.api.operation_names.select do |o| cfg.api.operation(o)['authtype'] == 'bearer' end end handlers.add(Handler, step: :sign, operations: bearer_operations) end class Handler < Seahorse::Client::Handler def call(context) if context.http_request.endpoint.scheme != 'https' raise ArgumentError, 'Unable to use bearer authorization on non https endpoint.' end token_provider = context.config.token_provider if token_provider && token_provider.set? context.http_request.headers['Authorization'] = "Bearer #{token_provider.token.token}" else raise Errors::MissingBearerTokenError end @handler.call(context) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/apig_credentials_configuration.rb0000644000004100000410000000211114563437550027524 0ustar www-datawww-data# frozen_string_literal: true module Aws # @api private module Plugins # @api private # Used for APIGateway generated SDKs credentials config class APIGCredentialsConfiguration < Seahorse::Client::Plugin option(:access_key_id, doc_type: String, docstring: '') option(:secret_access_key, doc_type: String, docstring: '') option(:session_token, doc_type: String, docstring: '') option(:profile, doc_type: String, docstring: '') option(:credentials, required: false, doc_type: 'Aws::CredentialProvider', docstring: <<-DOCS AWS Credentials options is only required when your API uses [AWS Signature Version 4](http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html), more AWS Credentials Configuration Options are available [here](https://github.com/aws/aws-sdk-ruby#configuration). DOCS ) do |config| CredentialProviderChain.new(config).resolve end option(:instance_profile_credentials_retries, 0) option(:instance_profile_credentials_timeout, 1) end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/global_configuration.rb0000644000004100000410000000504414563437550025477 0ustar www-datawww-data# frozen_string_literal: true require 'set' module Aws module Plugins # This plugin provides the ability to provide global configuration for # all AWS classes or specific ones. # # ## Global AWS configuration # # You can specify global configuration defaults via `Aws.config` # # Aws.config[:region] = 'us-west-2' # # Options applied to `Aws.config` are merged with constructed # service interfaces. # # # uses the global configuration # Aws::EC2.new.config.region #=> 'us-west-2' # # # constructor args have priority over global configuration # Aws::EC2.new(region: 'us-east-1').config.region #=> 'us-east-1' # # ## Service Specific Global Configuration # # Some services have very specific configuration options that are not # shared by other services. # # # oops, this option is only recognized by Aws::S3 # Aws.config[:force_path_style] = true # Aws::EC2.new # #=> raises ArgumentError: invalid configuration option `:force_path_style' # # To avoid this issue, you can nest service specific options # # Aws.config[:s3] = { force_path_style: true } # # Aws::EC2.new # no error this time # Aws::S3.new.config.force_path_style #=> true # # @api private class GlobalConfiguration < Seahorse::Client::Plugin @identifiers = Set.new() # @api private def before_initialize(client_class, options) # apply service specific defaults before the global aws defaults apply_service_defaults(client_class, options) apply_aws_defaults(client_class, options) end private def apply_service_defaults(client_class, options) if defaults = Aws.config[client_class.identifier] defaults.each do |option_name, default| options[option_name] = default unless options.key?(option_name) end end end def apply_aws_defaults(client_class, options) Aws.config.each do |option_name, default| next if self.class.identifiers.include?(option_name) next if options.key?(option_name) options[option_name] = default end end class << self # Registers an additional service identifier. # @api private def add_identifier(identifier) @identifiers << identifier end # @return [Set] # @api private def identifiers @identifiers end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/defaults_mode.rb0000644000004100000410000000175314563437550024126 0ustar www-datawww-data# frozen_string_literal: true module Aws # @api private module Plugins # @api private class DefaultsMode < Seahorse::Client::Plugin option(:defaults_mode, default: 'legacy', doc_type: String, docstring: <<-DOCS See {Aws::DefaultsModeConfiguration} for a list of the accepted modes and the configuration defaults that are included. DOCS ) do |cfg| resolve_defaults_mode(cfg) end option(:defaults_mode_config_resolver, doc_type: 'Aws::DefaultsModeConfigResolver') do |cfg| Aws::DefaultsModeConfigResolver.new( Aws::DefaultsModeConfiguration::SDK_DEFAULT_CONFIGURATION, cfg) end class << self private def resolve_defaults_mode(cfg) value = ENV['AWS_DEFAULTS_MODE'] value ||= Aws.shared_config.defaults_mode( profile: cfg.profile ) value&.downcase || "legacy" end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/recursion_detection.rb0000644000004100000410000000206314563437550025355 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # @api private class RecursionDetection < Seahorse::Client::Plugin # @api private class Handler < Seahorse::Client::Handler def call(context) unless context.http_request.headers.key?('x-amzn-trace-id') if ENV['AWS_LAMBDA_FUNCTION_NAME'] && (trace_id = validate_header(ENV['_X_AMZN_TRACE_ID'])) context.http_request.headers['x-amzn-trace-id'] = trace_id end end @handler.call(context) end private def validate_header(header_value) return unless header_value if (header_value.chars & (0..31).map(&:chr)).any? raise ArgumentError, 'Invalid _X_AMZN_TRACE_ID value: '\ 'contains ASCII control characters' end header_value end end # should be at the end of build so that # modeled traits / service customizations apply first handler(Handler, step: :build, order: 99) end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/idempotency_token.rb0000644000004100000410000000151114563437550025023 0ustar www-datawww-data# frozen_string_literal: true require 'securerandom' module Aws module Plugins # Provides support for auto filling operation parameters # that enabled with `idempotencyToken` trait with random UUID v4 # when no value is provided # @api private class IdempotencyToken < Seahorse::Client::Plugin # @api private class Handler < Seahorse::Client::Handler def call(context) auto_fill(context.params, context.operation.input) @handler.call(context) end private def auto_fill(params, ref) ref.shape.members.each do |name, member_ref| if member_ref['idempotencyToken'] params[name] ||= SecureRandom.uuid end end end end handler(Handler, step: :initialize) end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/endpoint_pattern.rb0000644000004100000410000000354214563437550024666 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # @api private class EndpointPattern < Seahorse::Client::Plugin option(:disable_host_prefix_injection, default: false, doc_type: 'Boolean', docstring: <<-DOCS Set to true to disable SDK automatically adding host prefix to default service endpoint when available. DOCS ) def add_handlers(handlers, config) handlers.add(Handler, priority: 10) end class Handler < Seahorse::Client::Handler def call(context) if !context.config.disable_host_prefix_injection endpoint_trait = context.operation.endpoint_pattern if endpoint_trait && !endpoint_trait.empty? _apply_endpoint_trait(context, endpoint_trait) end end @handler.call(context) end private def _apply_endpoint_trait(context, trait) # currently only support host pattern ori_host = context.http_request.endpoint.host if pattern = trait['hostPrefix'] host_prefix = pattern.gsub(/\{.+?\}/) do |label| label = label.delete("{}") _replace_label_value( ori_host, label, context.operation.input, context.params) end context.http_request.endpoint.host = host_prefix + context.http_request.endpoint.host end end def _replace_label_value(ori, label, input_ref, params) name = nil input_ref.shape.members.each do |m_name, ref| if ref['hostLabel'] && ref['hostLabelName'] == label name = m_name end end if name.nil? || params[name].nil? raise Errors::MissingEndpointHostLabelValue.new(name) end params[name] end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/endpoint_discovery.rb0000644000004100000410000001310014563437550025207 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # @api private class EndpointDiscovery < Seahorse::Client::Plugin option(:endpoint_discovery, doc_default: Proc.new { |options| options[:require_endpoint_discovery] }, doc_type: 'Boolean', docstring: <<-DOCS) do |cfg| When set to `true`, endpoint discovery will be enabled for operations when available. DOCS resolve_endpoint_discovery(cfg) end option(:endpoint_cache_max_entries, default: 1000, doc_type: Integer, docstring: <<-DOCS Used for the maximum size limit of the LRU cache storing endpoints data for endpoint discovery enabled operations. Defaults to 1000. DOCS ) option(:endpoint_cache_max_threads, default: 10, doc_type: Integer, docstring: <<-DOCS Used for the maximum threads in use for polling endpoints to be cached, defaults to 10. DOCS ) option(:endpoint_cache_poll_interval, default: 60, doc_type: Integer, docstring: <<-DOCS When :endpoint_discovery and :active_endpoint_cache is enabled, Use this option to config the time interval in seconds for making requests fetching endpoints information. Defaults to 60 sec. DOCS ) option(:endpoint_cache) do |cfg| Aws::EndpointCache.new( max_entries: cfg.endpoint_cache_max_entries, max_threads: cfg.endpoint_cache_max_threads ) end option(:active_endpoint_cache, default: false, doc_type: 'Boolean', docstring: <<-DOCS When set to `true`, a thread polling for endpoints will be running in the background every 60 secs (default). Defaults to `false`. DOCS ) def add_handlers(handlers, config) handlers.add(Handler, priority: 90) if config.regional_endpoint end class Handler < Seahorse::Client::Handler def call(context) if context.operation.endpoint_operation context.http_request.headers['x-amz-api-version'] = context.config.api.version _apply_endpoint_discovery_user_agent(context) elsif discovery_cfg = context.operation.endpoint_discovery endpoint = _discover_endpoint( context, Aws::Util.str_2_bool(discovery_cfg["required"]) ) if endpoint context.http_request.endpoint = _valid_uri(endpoint.address) # Skips dynamic endpoint usage, use this endpoint instead context[:discovered_endpoint] = true end if endpoint || context.config.endpoint_discovery _apply_endpoint_discovery_user_agent(context) end end @handler.call(context) end private def _valid_uri(address) # returned address can be missing scheme if address.start_with?('http') URI.parse(address) else URI.parse("https://" + address) end end def _apply_endpoint_discovery_user_agent(ctx) if ctx.config.user_agent_suffix.nil? ctx.config.user_agent_suffix = "endpoint-discovery" elsif !ctx.config.user_agent_suffix.include? "endpoint-discovery" ctx.config.user_agent_suffix += "endpoint-discovery" end end def _discover_endpoint(ctx, required) cache = ctx.config.endpoint_cache key = cache.extract_key(ctx) if required unless ctx.config.endpoint_discovery raise ArgumentError, "Operation #{ctx.operation.name} requires "\ 'endpoint_discovery to be enabled.' end # required for the operation unless cache.key?(key) cache.update(key, ctx) end endpoint = cache[key] # hard fail if endpoint is not discovered raise Aws::Errors::EndpointDiscoveryError.new unless endpoint endpoint elsif ctx.config.endpoint_discovery # not required for the operation # but enabled if cache.key?(key) cache[key] elsif ctx.config.active_endpoint_cache # enabled active cache pull interval = ctx.config.endpoint_cache_poll_interval if key.include?('_') # identifier related, kill the previous polling thread by key # because endpoint req params might be changed cache.delete_polling_thread(key) end # start a thread for polling endpoints when non-exist unless cache.threads_key?(key) thread = Thread.new do while !cache.key?(key) do cache.update(key, ctx) sleep(interval) end end cache.update_polling_pool(key, thread) end cache[key] else # disabled active cache pull # attempt, buit fail soft cache.update(key, ctx) cache[key] end end end end private def self.resolve_endpoint_discovery(cfg) env = ENV['AWS_ENABLE_ENDPOINT_DISCOVERY'] default = cfg.api.require_endpoint_discovery shared_cfg = Aws.shared_config.endpoint_discovery_enabled(profile: cfg.profile) resolved = Aws::Util.str_2_bool(env) || Aws::Util.str_2_bool(shared_cfg) env.nil? && shared_cfg.nil? ? default : !!resolved end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/plugins/user_agent.rb0000644000004100000410000001070514563437550023444 0ustar www-datawww-data# frozen_string_literal: true module Aws module Plugins # @api private class UserAgent < Seahorse::Client::Plugin # @api private option(:user_agent_suffix) # @api private option(:user_agent_frameworks, default: []) option( :sdk_ua_app_id, doc_type: 'String', docstring: <<-DOCS) do |cfg| A unique and opaque application ID that is appended to the User-Agent header as app/. It should have a maximum length of 50. DOCS app_id = ENV['AWS_SDK_UA_APP_ID'] app_id ||= Aws.shared_config.sdk_ua_app_id(profile: cfg.profile) app_id end def self.feature(feature, &block) Thread.current[:aws_sdk_core_user_agent_feature] ||= [] Thread.current[:aws_sdk_core_user_agent_feature] << "ft/#{feature}" block.call ensure Thread.current[:aws_sdk_core_user_agent_feature].pop end # @api private class Handler < Seahorse::Client::Handler def call(context) set_user_agent(context) @handler.call(context) end def set_user_agent(context) context.http_request.headers['User-Agent'] = UserAgent.new(context).to_s end class UserAgent def initialize(context) @context = context end def to_s ua = "aws-sdk-ruby3/#{CORE_GEM_VERSION}" ua += ' ua/2.0' ua += " #{api_metadata}" if api_metadata ua += " #{os_metadata}" ua += " #{language_metadata}" ua += " #{env_metadata}" if env_metadata ua += " #{config_metadata}" if config_metadata ua += " #{app_id}" if app_id ua += " #{feature_metadata}" if feature_metadata ua += " #{framework_metadata}" if framework_metadata if @context.config.user_agent_suffix ua += " #{@context.config.user_agent_suffix}" end ua.strip end private # Used to be gem_name/gem_version def api_metadata service_id = @context.config.api.metadata['serviceId'] return unless service_id service_id = service_id.gsub(' ', '_').downcase gem_version = @context[:gem_version] "api/#{service_id}##{gem_version}" end # Used to be RUBY_PLATFORM def os_metadata os = case RbConfig::CONFIG['host_os'] when /mac|darwin/ 'macos' when /linux|cygwin/ 'linux' when /mingw|mswin/ 'windows' else 'other' end metadata = "os/#{os}" local_version = Gem::Platform.local.version metadata += "##{local_version}" if local_version metadata += " md/#{RbConfig::CONFIG['host_cpu']}" metadata end # Used to be RUBY_ENGINE/RUBY_VERSION def language_metadata "lang/#{RUBY_ENGINE}##{RUBY_ENGINE_VERSION} md/#{RUBY_VERSION}" end def env_metadata return unless (execution_env = ENV['AWS_EXECUTION_ENV']) "exec-env/#{execution_env}" end def config_metadata "cfg/retry-mode##{@context.config.retry_mode}" end def app_id return unless (app_id = @context.config.sdk_ua_app_id) # Sanitize and only allow these characters app_id = app_id.gsub(/[^!#$%&'*+\-.^_`|~0-9A-Za-z]/, '-') "app/#{app_id}" end def feature_metadata return unless Thread.current[:aws_sdk_core_user_agent_feature] Thread.current[:aws_sdk_core_user_agent_feature].join(' ') end def framework_metadata if (frameworks_cfg = @context.config.user_agent_frameworks).empty? return end # Frameworks may be aws-record, aws-sdk-rails, etc. regex = /gems\/(?#{frameworks_cfg.join('|')})-(?\d+\.\d+\.\d+)/.freeze frameworks = {} Kernel.caller.each do |line| match = line.match(regex) next unless match frameworks[match[:name]] = match[:version] end frameworks.map { |n, v| "lib/#{n}##{v}" }.join(' ') end end end handler(Handler, priority: 1) end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/token_provider.rb0000644000004100000410000000030414563437550022653 0ustar www-datawww-data# frozen_string_literal: true module Aws module TokenProvider # @return [Token] attr_reader :token # @return [Boolean] def set? !!token && token.set? end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/arn_parser.rb0000644000004100000410000000221214563437550021755 0ustar www-datawww-data# frozen_string_literal: true module Aws module ARNParser # Parse a string with an ARN format into an {Aws::ARN} object. # `InvalidARNError` would be raised when encountering a parsing error or the # ARN object contains invalid components (nil/empty). # # @param [String] arn_str # # @return [Aws::ARN] # @see https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-arns def self.parse(arn_str) parts = arn_str.nil? ? [] : arn_str.split(':', 6) raise Aws::Errors::InvalidARNError if parts.size < 6 # part[0] is "arn" arn = ARN.new( partition: parts[1], service: parts[2], region: parts[3], account_id: parts[4], resource: parts[5] ) raise Aws::Errors::InvalidARNError unless arn.valid? arn end # Checks whether a String could be a ARN or not. An ARN starts with 'arn:' # and has at least 6 segments separated by a colon (:). # # @param [String] str # # @return [Boolean] def self.arn?(str) !str.nil? && str.start_with?('arn:') && str.scan(/:/).length >= 5 end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/credential_provider.rb0000644000004100000410000000042514563437550023651 0ustar www-datawww-data# frozen_string_literal: true module Aws module CredentialProvider # @return [Credentials] attr_reader :credentials # @return [Time] attr_reader :expiration # @return [Boolean] def set? !!@credentials && @credentials.set? end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/query/0000755000004100000410000000000014563437550020444 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/query/handler.rb0000644000004100000410000000546614563437550022421 0ustar www-datawww-data# frozen_string_literal: true module Aws # @api private module Query class Handler < Seahorse::Client::Handler include Seahorse::Model::Shapes CONTENT_TYPE = 'application/x-www-form-urlencoded; charset=utf-8' WRAPPER_STRUCT = ::Struct.new(:result, :response_metadata) METADATA_STRUCT = ::Struct.new(:request_id) METADATA_REF = begin request_id = ShapeRef.new( shape: StringShape.new, location_name: 'RequestId') response_metadata = StructureShape.new response_metadata.struct_class = METADATA_STRUCT response_metadata.add_member(:request_id, request_id) ShapeRef.new(shape: response_metadata, location_name: 'ResponseMetadata') end # @param [Seahorse::Client::RequestContext] context # @return [Seahorse::Client::Response] def call(context) build_request(context) @handler.call(context).on_success do |response| response.error = nil parsed = parse_xml(context) if parsed.nil? || parsed == EmptyStructure response.data = EmptyStructure.new else response.data = parsed end end end private def build_request(context) context.http_request.http_method = 'POST' context.http_request.headers['Content-Type'] = CONTENT_TYPE param_list = ParamList.new param_list.set('Version', context.config.api.version) param_list.set('Action', context.operation.name) if input_shape = context.operation.input apply_params(param_list, context.params, input_shape) end context.http_request.body = param_list.to_io end def apply_params(param_list, params, rules) ParamBuilder.new(param_list).apply(rules, params) end def parse_xml(context) data = Xml::Parser.new(rules(context)).parse(xml(context)) remove_wrapper(data, context) end def xml(context) context.http_response.body_contents end def rules(context) shape = Seahorse::Model::Shapes::StructureShape.new if context.operation.output shape.add_member(:result, ShapeRef.new( shape: context.operation.output.shape, location_name: context.operation.name + 'Result' )) end shape.struct_class = WRAPPER_STRUCT shape.add_member(:response_metadata, METADATA_REF) ShapeRef.new(shape: shape) end def remove_wrapper(data, context) if context.operation.output if data.response_metadata context[:request_id] = data.response_metadata.request_id end data.result || Structure.new(*context.operation.output.shape.member_names) else data end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/query/ec2_param_builder.rb0000644000004100000410000000372614563437550024340 0ustar www-datawww-data# frozen_string_literal: true require 'base64' module Aws module Query class EC2ParamBuilder include Seahorse::Model::Shapes def initialize(param_list) @params = param_list end attr_reader :params def apply(ref, params) structure(ref, params, '') end private def structure(ref, values, prefix) shape = ref.shape values.each_pair do |name, value| unless value.nil? member_ref = shape.member(name) format(member_ref, value, prefix + query_name(member_ref)) end end end def list(ref, values, prefix) if values.empty? set(prefix, '') else member_ref = ref.shape.member values.each.with_index do |value, n| format(member_ref, value, "#{prefix}.#{n+1}") end end end def format(ref, value, prefix) case ref.shape when StructureShape then structure(ref, value, prefix + '.') when ListShape then list(ref, value, prefix) when MapShape then raise NotImplementedError when BlobShape then set(prefix, blob(value)) when TimestampShape then set(prefix, timestamp(ref, value)) else set(prefix, value.to_s) end end def query_name(ref) ref['queryName'] || ucfirst(ref.location_name) end def set(name, value) params.set(name, value) end def ucfirst(str) str[0].upcase + str[1..-1] end def blob(value) value = value.read unless String === value Base64.strict_encode64(value) end def timestamp(ref, value) case ref['timestampFormat'] || ref.shape['timestampFormat'] when 'unixTimestamp' then value.to_i when 'rfc822' then value.utc.httpdate else # ec2 defaults to iso8601 value.utc.iso8601 end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/query/param_list.rb0000644000004100000410000000337114563437550023130 0ustar www-datawww-data# frozen_string_literal: true require 'stringio' module Aws module Query class ParamList include Enumerable # @api private def initialize @params = {} end # @param [String] param_name # @param [String, nil] param_value # @return [Param] def set(param_name, param_value = nil) param = Param.new(param_name, param_value) @params[param.name] = param param end alias []= set # @return [Param, nil] def [](param_name) @params[param_name.to_s] end # @param [String] param_name # @return [Param, nil] def delete(param_name) @params.delete(param_name) end # @return [Enumerable] def each(&block) to_a.each(&block) end # @return [Boolean] def empty? @params.empty? end # @return [Array] Returns an array of sorted {Param} objects. def to_a @params.values.sort end # @return [String] def to_s to_a.map(&:to_s).join('&') end # @return [#read, #rewind, #size] def to_io IoWrapper.new(self) end # @api private class IoWrapper # @param [ParamList] param_list def initialize(param_list) @param_list = param_list @io = StringIO.new(param_list.to_s) end # @return [ParamList] attr_reader :param_list # @return [Integer] def size @io.size end # @return [void] def rewind @io.rewind end # @return [String, nil] def read(bytes = nil, output_buffer = nil) @io.read(bytes, output_buffer) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/query/param_builder.rb0000644000004100000410000000524314563437550023603 0ustar www-datawww-data# frozen_string_literal: true require 'base64' module Aws module Query class ParamBuilder include Seahorse::Model::Shapes def initialize(param_list) @params = param_list end attr_reader :params def apply(ref, params) structure(ref, params, '') end private def structure(ref, values, prefix) shape = ref.shape values.each_pair do |name, value| next if value.nil? member_ref = shape.member(name) format(member_ref, value, prefix + query_name(member_ref)) end end def list(ref, values, prefix) member_ref = ref.shape.member if values.empty? set(prefix, '') return end if flat?(ref) if name = query_name(member_ref) parts = prefix.split('.') parts.pop parts.push(name) prefix = parts.join('.') end else prefix += '.' + (member_ref.location_name || 'member') end values.each.with_index do |value, n| format(member_ref, value, "#{prefix}.#{n+1}") end end def map(ref, values, prefix) key_ref = ref.shape.key value_ref = ref.shape.value prefix += '.entry' unless flat?(ref) key_name = "%s.%d.#{query_name(key_ref, 'key')}" value_name = "%s.%d.#{query_name(value_ref, 'value')}" values.each.with_index do |(key, value), n| format(key_ref, key, key_name % [prefix, n + 1]) format(value_ref, value, value_name % [prefix, n + 1]) end end def format(ref, value, prefix) case ref.shape when StructureShape then structure(ref, value, prefix + '.') when ListShape then list(ref, value, prefix) when MapShape then map(ref, value, prefix) when BlobShape then set(prefix, blob(value)) when TimestampShape then set(prefix, timestamp(ref, value)) else set(prefix, value.to_s) end end def query_name(ref, default = nil) ref.location_name || default end def set(name, value) params.set(name, value) end def flat?(ref) ref.shape.flattened end def timestamp(ref, value) case ref['timestampFormat'] || ref.shape['timestampFormat'] when 'unixTimestamp' then value.to_i when 'rfc822' then value.utc.httpdate else # query defaults to iso8601 value.utc.iso8601 end end def blob(value) value = value.read unless String === value Base64.strict_encode64(value) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/query/param.rb0000644000004100000410000000144214563437550022072 0ustar www-datawww-data# frozen_string_literal: true module Aws module Query class Param # @param [String] name # @param [String, nil] value (nil) def initialize(name, value = nil) @name = name.to_s @value = value end # @return [String] attr_reader :name # @return [String, nil] attr_reader :value # @return [String] def to_s value ? "#{escape(name)}=#{escape(value)}" : "#{escape(name)}=" end # @api private def ==(other) other.kind_of?(Param) && other.name == name && other.value == value end # @api private def <=> other name <=> other.name end private def escape(str) Seahorse::Util.uri_escape(str) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/assume_role_web_identity_credentials.rb0000644000004100000410000000655314563437550027276 0ustar www-datawww-data# frozen_string_literal: true require 'set' require 'securerandom' require 'base64' module Aws # An auto-refreshing credential provider that assumes a role via # {Aws::STS::Client#assume_role_with_web_identity}. # # role_credentials = Aws::AssumeRoleWebIdentityCredentials.new( # client: Aws::STS::Client.new(...), # role_arn: "linked::account::arn", # web_identity_token_file: "/path/to/token/file", # role_session_name: "session-name" # ... # ) # ec2 = Aws::EC2::Client.new(credentials: role_credentials) # # If you omit `:client` option, a new {Aws::STS::Client} object will be # constructed with additional options that were provided. # # @see Aws::STS::Client#assume_role_with_web_identity class AssumeRoleWebIdentityCredentials include CredentialProvider include RefreshingCredentials # @param [Hash] options # @option options [required, String] :role_arn the IAM role # to be assumed # # @option options [required, String] :web_identity_token_file # absolute path to the file on disk containing OIDC token # # @option options [String] :role_session_name the IAM session # name used to distinguish session, when not provided, base64 # encoded UUID is generated as the session name # # @option options [STS::Client] :client # # @option options [Callable] before_refresh Proc called before # credentials are refreshed. `before_refresh` is called # with an instance of this object when # AWS credentials are required and need to be refreshed. def initialize(options = {}) client_opts = {} @assume_role_web_identity_params = {} @token_file = options.delete(:web_identity_token_file) @async_refresh = true options.each_pair do |key, value| if self.class.assume_role_web_identity_options.include?(key) @assume_role_web_identity_params[key] = value elsif !CLIENT_EXCLUDE_OPTIONS.include?(key) client_opts[key] = value end end unless @assume_role_web_identity_params[:role_session_name] # not provided, generate encoded UUID as session name @assume_role_web_identity_params[:role_session_name] = _session_name end @client = client_opts[:client] || STS::Client.new(client_opts.merge(credentials: false)) super end # @return [STS::Client] attr_reader :client private def refresh # read from token file everytime it refreshes @assume_role_web_identity_params[:web_identity_token] = _token_from_file(@token_file) c = @client.assume_role_with_web_identity( @assume_role_web_identity_params).credentials @credentials = Credentials.new( c.access_key_id, c.secret_access_key, c.session_token ) @expiration = c.expiration end def _token_from_file(path) unless path && File.exist?(path) raise Aws::Errors::MissingWebIdentityTokenFile.new end File.read(path) end def _session_name Base64.strict_encode64(SecureRandom.uuid) end class << self # @api private def assume_role_web_identity_options @arwio ||= begin input = Aws::STS::Client.api.operation(:assume_role_with_web_identity).input Set.new(input.shape.member_names) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/structure.rb0000644000004100000410000000413714563437550021671 0ustar www-datawww-data# frozen_string_literal: true module Aws # @api private module Structure def initialize(values = {}) values.each do |k, v| self[k] = v end end # @return [Boolean] Returns `true` if this structure has a value # set for the given member. def key?(member_name) !self[member_name].nil? end # @return [Boolean] Returns `true` if all of the member values are `nil`. def empty? values.compact == [] end # Deeply converts the Structure into a hash. Structure members that # are `nil` are omitted from the resultant hash. # # You can call #orig_to_h to get vanilla #to_h behavior as defined # in stdlib Struct. # # @return [Hash] def to_h(obj = self, options = {}) case obj when Struct obj.each_pair.with_object({}) do |(member, value), hash| member = member.to_s if options[:as_json] hash[member] = to_hash(value, options) unless value.nil? end when Hash obj.each.with_object({}) do |(key, value), hash| key = key.to_s if options[:as_json] hash[key] = to_hash(value, options) end when Array obj.collect { |value| to_hash(value, options) } else obj end end alias to_hash to_h # Wraps the default #to_s logic with filtering of sensitive parameters. def to_s(obj = self) Aws::Log::ParamFilter.new.filter(obj, obj.class).to_s end class << self # @api private def new(*args) if args.empty? Aws::EmptyStructure else struct = Struct.new(*args) struct.send(:include, Aws::Structure) struct end end # @api private def self.included(base_class) base_class.send(:undef_method, :each) end end module Union def member self.members.select { |k| self[k] != nil }.first end def value self[member] if member end end end # @api private class EmptyStructure < Struct.new('AwsEmptyStructure') include(Aws::Structure) end end aws-sdk-core-3.191.2/lib/aws-sdk-core/xml/0000755000004100000410000000000014563437550020077 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/xml/parser/0000755000004100000410000000000014563437550021373 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/xml/parser/stack.rb0000644000004100000410000000305114563437550023024 0ustar www-datawww-data# frozen_string_literal: true module Aws module Xml class Parser class Stack def initialize(ref, result = nil, &unhandled_callback) @ref = ref @frame = self @result = result @unhandled_callback = unhandled_callback end attr_reader :frame attr_reader :result def start_element(name) @frame = @frame.child_frame(name.to_s) end def attr(name, value) if name.to_s == 'encoding' && value.to_s == 'base64' @frame = BlobFrame.new(name, @frame.parent, @frame.ref) else start_element(name) text(value) end_element(name) end end def text(value) @frame.set_text(value) end def end_element(*args) @frame.parent.consume_child_frame(@frame) if @frame.parent.is_a?(FlatListFrame) @frame = @frame.parent @frame.parent.consume_child_frame(@frame) end @frame = @frame.parent end def error(msg, line = nil, column = nil) raise ParsingError.new(msg, line, column) end def child_frame(name) Frame.new(name, self, @ref, @result) end def consume_child_frame(frame) @result = frame.result end # @api private def yield_unhandled_value(path, value) if @unhandled_callback @unhandled_callback.call(path, value) end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/xml/parser/parsing_error.rb0000644000004100000410000000052114563437550024572 0ustar www-datawww-data# frozen_string_literal: true module Aws module Xml class Parser class ParsingError < RuntimeError def initialize(msg, line, column) super(msg) end # @return [Integer,nil] attr_reader :line # @return [Integer,nil] attr_reader :column end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/xml/parser/engines/0000755000004100000410000000000014563437550023023 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/xml/parser/engines/ox.rb0000644000004100000410000000062614563437550024002 0ustar www-datawww-data# frozen_string_literal: true require 'ox' require 'stringio' module Aws module Xml class Parser class OxEngine def initialize(stack) @stack = stack end def parse(xml) Ox.sax_parse( @stack, StringIO.new(xml), :convert_special => true, :skip => :skip_return ) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/xml/parser/engines/libxml.rb0000644000004100000410000000271314563437550024642 0ustar www-datawww-data# frozen_string_literal: true require 'libxml' module Aws module Xml class Parser class LibxmlEngine include LibXML::XML::SaxParser::Callbacks def initialize(stack) @stack = stack end def parse(xml) parser = ::LibXML::XML::SaxParser.string(xml) parser.callbacks = self parser.parse end def on_start_element_ns(element_name, attributes, prefix = nil, uri = nil, ns = {}) # libxml-ruby does not provide a mapping from element attribute # names to their qname prefixes. The following code line assumes # that if a attribute ns is defined it applies to all attributes. # This is necessary to support parsing S3 Object ACL Grantees. # qnames are not used by any other AWS attribute. Also, new # services are using JSON, limiting the possible blast radius # of this patch. attr_ns_prefix = ns.keys.first @stack.start_element(element_name) attributes.each do |attr_name, attr_value| attr_name = "#{attr_ns_prefix}:#{attr_name}" if attr_ns_prefix @stack.attr(attr_name, attr_value) end end def on_end_element_ns(*ignored) @stack.end_element end def on_characters(chars) @stack.text(chars) end def on_error(msg) @stack.error(msg) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/xml/parser/engines/rexml.rb0000644000004100000410000000175414563437550024506 0ustar www-datawww-data# frozen_string_literal: true require 'rexml/document' require 'rexml/streamlistener' module Aws module Xml class Parser class RexmlEngine include REXML::StreamListener def initialize(stack) @stack = stack @depth = 0 end def parse(xml) begin mutable_xml = xml.dup # REXML only accepts mutable string source = REXML::Source.new(mutable_xml) REXML::Parsers::StreamParser.new(source, self).parse rescue REXML::ParseException => error @stack.error(error.message) end end def tag_start(name, attrs) @depth += 1 @stack.start_element(name) attrs.each do |attr| @stack.attr(*attr) end end def text(value) @stack.text(value) if @depth > 0 end def tag_end(name) @stack.end_element @depth -= 1 end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/xml/parser/engines/oga.rb0000644000004100000410000000154514563437550024123 0ustar www-datawww-data# frozen_string_literal: true # Oga Java requires JRuby.runtime require 'jruby' if RUBY_PLATFORM == 'java' require 'oga' module Aws module Xml class Parser class OgaEngine def initialize(stack) @stack = stack @depth = 0 end def parse(xml) Oga.sax_parse_xml(self, xml, strict:true) rescue LL::ParserError => error raise ParsingError.new(error.message, nil, nil) end def on_element(namespace, name, attrs = {}) @depth += 1 @stack.start_element(name) attrs.each do |attr| @stack.attr(*attr) end end def on_text(value) @stack.text(value) if @depth > 0 end def after_element(_, _) @stack.end_element @depth -= 1 end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/xml/parser/engines/nokogiri.rb0000644000004100000410000000172314563437550025174 0ustar www-datawww-data# frozen_string_literal: true require 'nokogiri' module Aws module Xml class Parser class NokogiriEngine def initialize(stack) @stack = stack end def parse(xml) Nokogiri::XML::SAX::Parser.new(self).parse(xml) end def xmldecl(*args); end def start_document; end def end_document; end def comment(*args); end def start_element_namespace(element_name, attributes = [], *ignored) @stack.start_element(element_name) attributes.each do |attr| name = attr.localname name = "#{attr.prefix}:#{name}" if attr.prefix @stack.attr(name, attr.value) end end def characters(chars) @stack.text(chars) end def end_element_namespace(*ignored) @stack.end_element end def error(msg) @stack.error(msg) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/xml/parser/frame.rb0000644000004100000410000001765514563437550023030 0ustar www-datawww-data# frozen_string_literal: true require 'base64' require 'time' module Aws module Xml class Parser class Frame include Seahorse::Model::Shapes class << self def new(path, parent, ref, result = nil) if self == Frame frame = frame_class(ref).allocate frame.send(:initialize, path, parent, ref, result) frame else super end end private def frame_class(ref) klass = FRAME_CLASSES[ref.shape.class] if ListFrame == klass && (ref.shape.flattened || ref["flattened"]) FlatListFrame elsif MapFrame == klass && (ref.shape.flattened || ref["flattened"]) MapEntryFrame else klass end end end def initialize(path, parent, ref, result) @path = path @parent = parent @ref = ref @result = result @text = [] end attr_reader :parent attr_reader :ref attr_reader :result def set_text(value) @text << value end def child_frame(xml_name) NullFrame.new(xml_name, self) end def consume_child_frame(child); end # @api private def path if Stack === parent [@path] else parent.path + [@path] end end # @api private def yield_unhandled_value(path, value) parent.yield_unhandled_value(path, value) end end class StructureFrame < Frame def initialize(xml_name, parent, ref, result = nil) super @result ||= ref.shape.struct_class.new @members = {} ref.shape.members.each do |member_name, member_ref| apply_default_value(member_name, member_ref) @members[xml_name(member_ref)] = { name: member_name, ref: member_ref, } end end def child_frame(xml_name) if @member = @members[xml_name] Frame.new(xml_name, self, @member[:ref]) elsif @ref.shape.union UnknownMemberFrame.new(xml_name, self, nil, @result) else NullFrame.new(xml_name, self) end end def consume_child_frame(child) case child when MapEntryFrame @result[@member[:name]][child.key.result] = child.value.result when FlatListFrame @result[@member[:name]] << child.result when UnknownMemberFrame @result[:unknown] = { 'name' => child.path.last, 'value' => child.result } when NullFrame else @result[@member[:name]] = child.result end if @ref.shape.union # a union may only have one member set # convert to the union subclass # The default Struct created will have defaults set for all values # This also sets only one of the values leaving everything else nil # as required for unions set_member_name = @member ? @member[:name] : :unknown member_subclass = @ref.shape.member_subclass(set_member_name).new # shape.member_subclass(target.member).new member_subclass[set_member_name] = @result[set_member_name] @result = member_subclass end end private def apply_default_value(name, ref) case ref.shape when ListShape then @result[name] = DefaultList.new when MapShape then @result[name] = DefaultMap.new end end def xml_name(ref) if flattened_list?(ref) ref.shape.member.location_name || ref.location_name else ref.location_name end end def flattened_list?(ref) ListShape === ref.shape && (ref.shape.flattened || ref["flattened"]) end end class ListFrame < Frame def initialize(*args) super @result = [] @member_xml_name = @ref.shape.member.location_name || 'member' end def child_frame(xml_name) if xml_name == @member_xml_name Frame.new(xml_name, self, @ref.shape.member) else raise NotImplementedError end end def consume_child_frame(child) @result << child.result unless NullFrame === child end end class FlatListFrame < Frame def initialize(xml_name, *args) super @member = Frame.new(xml_name, self, @ref.shape.member) end def result @member.result end def set_text(value) @member.set_text(value) end def child_frame(xml_name) @member.child_frame(xml_name) end def consume_child_frame(child) @result = @member.result end end class MapFrame < Frame def initialize(*args) super @result = {} end def child_frame(xml_name) if xml_name == 'entry' MapEntryFrame.new(xml_name, self, @ref) else raise NotImplementedError end end def consume_child_frame(child) @result[child.key.result] = child.value.result end end class MapEntryFrame < Frame def initialize(xml_name, *args) super @key_name = @ref.shape.key.location_name || 'key' @key = Frame.new(xml_name, self, @ref.shape.key) @value_name = @ref.shape.value.location_name || 'value' @value = Frame.new(xml_name, self, @ref.shape.value) end # @return [StringFrame] attr_reader :key # @return [Frame] attr_reader :value def child_frame(xml_name) if @key_name == xml_name @key elsif @value_name == xml_name @value else NullFrame.new(xml_name, self) end end end class NullFrame < Frame def self.new(xml_name, parent) super(xml_name, parent, nil, nil) end def set_text(value) yield_unhandled_value(path, value) super end end class UnknownMemberFrame < Frame def result @text.join end end class BlobFrame < Frame def result @text.empty? ? nil : Base64.decode64(@text.join) end end class BooleanFrame < Frame def result @text.empty? ? nil : (@text.join == 'true') end end class FloatFrame < Frame def result @text.empty? ? nil : @text.join.to_f end end class IntegerFrame < Frame def result @text.empty? ? nil : @text.join.to_i end end class StringFrame < Frame def result @text.join end end class TimestampFrame < Frame def result @text.empty? ? nil : parse(@text.join) end def parse(value) case value when nil then nil when /^\d+$/ then Time.at(value.to_i) else begin Time.parse(value).utc rescue ArgumentError raise "unhandled timestamp format `#{value}'" end end end end include Seahorse::Model::Shapes FRAME_CLASSES = { NilClass => NullFrame, BlobShape => BlobFrame, BooleanShape => BooleanFrame, FloatShape => FloatFrame, IntegerShape => IntegerFrame, ListShape => ListFrame, MapShape => MapFrame, StringShape => StringFrame, StructureShape => StructureFrame, UnionShape => StructureFrame, TimestampShape => TimestampFrame, } end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/xml/error_handler.rb0000644000004100000410000000566114563437550023262 0ustar www-datawww-data# frozen_string_literal: true require 'cgi' module Aws module Xml class ErrorHandler < Seahorse::Client::Handler def call(context) @handler.call(context).on(300..599) do |response| response.error = error(context) unless response.error response.data = nil end end private def error(context) body = context.http_response.body_contents if body.empty? code = http_status_error_code(context) message = '' data = EmptyStructure.new else code, message, data = extract_error(body, context) end context[:request_id] = request_id(body) errors_module = context.client.class.errors_module error_class = errors_module.error_class(code).new(context, message, data) error_class end def extract_error(body, context) code = error_code(body, context) [ code, error_message(body), error_data(context, code) ] end def error_data(context, code) data = EmptyStructure.new if error_rules = context.operation.errors error_rules.each do |rule| # for modeled shape with error trait # match `code` in the error trait before # match modeled shape name error_shape_code = rule.shape['error']['code'] if rule.shape['error'] match = (code == error_shape_code || code == rule.shape.name) if match && rule.shape.members.any? data = Parser.new(rule).parse(context.http_response.body_contents) end end end data rescue Xml::Parser::ParsingError EmptyStructure.new end def error_code(body, context) if matches = body.match(/(.+?)<\/Code>/) remove_prefix(unescape(matches[1]), context) else http_status_error_code(context) end end def http_status_error_code(context) status_code = context.http_response.status_code { 302 => 'MovedTemporarily', 304 => 'NotModified', 400 => 'BadRequest', 403 => 'Forbidden', 404 => 'NotFound', 412 => 'PreconditionFailed', 413 => 'RequestEntityTooLarge', }[status_code] || "Http#{status_code}Error" end def remove_prefix(error_code, context) if prefix = context.config.api.metadata['errorPrefix'] error_code.sub(/^#{prefix}/, '') else error_code end end def error_message(body) if matches = body.match(/(.+?)<\/Message>/m) unescape(matches[1]) else '' end end def request_id(body) if matches = body.match(/(.+?)<\/RequestId>/m) matches[1] end end def unescape(str) CGI.unescapeHTML(str) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/xml/default_map.rb0000644000004100000410000000022214563437550022701 0ustar www-datawww-data# frozen_string_literal: true module Aws module Xml # @api private class DefaultMap < Hash alias nil? empty? end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/xml/builder.rb0000644000004100000410000001035114563437550022052 0ustar www-datawww-data# frozen_string_literal: true require 'base64' module Aws module Xml class Builder include Seahorse::Model::Shapes def initialize(rules, options = {}) @rules = rules @xml = options[:target] || [] indent = options[:indent] || '' pad = options[:pad] || '' @builder = DocBuilder.new(target: @xml, indent: indent, pad: pad) end def to_xml(params) structure(@rules.location_name, @rules, params) @xml.join end alias serialize to_xml private def structure(name, ref, values) if values.empty? node(name, ref) else node(name, ref, structure_attrs(ref, values)) do ref.shape.members.each do |member_name, member_ref| next if values[member_name].nil? next if xml_attribute?(member_ref) member(member_ref.location_name, member_ref, values[member_name]) end end end end def structure_attrs(ref, values) ref.shape.members.inject({}) do |attrs, (member_name, member_ref)| if xml_attribute?(member_ref) && values.key?(member_name) attrs[member_ref.location_name] = values[member_name] end attrs end end def list(name, ref, values) if ref[:flattened] || ref.shape.flattened values.each do |value| member(ref.shape.member.location_name || name, ref.shape.member, value) end else node(name, ref) do values.each do |value| mname = ref.shape.member.location_name || 'member' member(mname, ref.shape.member, value) end end end end def map(name, ref, hash) key_ref = ref.shape.key value_ref = ref.shape.value if ref.shape.flattened hash.each do |key, value| node(name, ref) do member(key_ref.location_name || 'key', key_ref, key) member(value_ref.location_name || 'value', value_ref, value) end end else node(name, ref) do hash.each do |key, value| node('entry', ref) do member(key_ref.location_name || 'key', key_ref, key) member(value_ref.location_name || 'value', value_ref, value) end end end end end def member(name, ref, value) case ref.shape when StructureShape then structure(name, ref, value) when ListShape then list(name, ref, value) when MapShape then map(name, ref, value) when TimestampShape then node(name, ref, timestamp(ref, value)) when BlobShape then node(name, ref, blob(value)) else node(name, ref, value.to_s) end end def blob(value) value = value.read unless String === value Base64.strict_encode64(value) end def timestamp(ref, value) case ref['timestampFormat'] || ref.shape['timestampFormat'] when 'unixTimestamp' then value.to_i when 'rfc822' then value.utc.httpdate else # xml defaults to iso8601 value.utc.iso8601 end end # The `args` list may contain: # # * [] - empty, no value or attributes # * [value] - inline element, no attributes # * [value, attributes_hash] - inline element with attributes # * [attributes_hash] - self closing element with attributes # # Pass a block if you want to nest XML nodes inside. When doing this, # you may *not* pass a value to the `args` list. # def node(name, ref, *args, &block) attrs = args.last.is_a?(Hash) ? args.pop : {} attrs = shape_attrs(ref).merge(attrs) args << attrs @builder.node(name, *args, &block) end def shape_attrs(ref) if xmlns = ref['xmlNamespace'] if prefix = xmlns['prefix'] { 'xmlns:' + prefix => xmlns['uri'] } else { 'xmlns' => xmlns['uri'] } end else {} end end def xml_attribute?(ref) !!ref['xmlAttribute'] end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/xml/doc_builder.rb0000644000004100000410000000507614563437550022707 0ustar www-datawww-data# frozen_string_literal: true module Aws module Xml class DocBuilder # @option options [#<<] :target ('') # @option options [String] :pad ('') # @option options [String] :indent ('') def initialize(options = {}) @target = options[:target] || ( # The String has to be mutable # because @target implements `<<` method. String.new ) @indent = options[:indent] || '' @pad = options[:pad] || '' @end_of_line = @indent == '' ? '' : "\n" end attr_reader :target # @overload node(name, attributes = {}) # Adds a self closing element without any content. # # @overload node(name, value, attributes = {}) # Adds an element that opens and closes on the same line with # simple text content. # # @overload node(name, attributes = {}, &block) # Adds a wrapping element. Calling {#node} from inside # the yielded block creates nested elements. # # @return [void] # def node(name, *args, &block) attrs = args.last.is_a?(Hash) ? args.pop : {} if block_given? @target << open_el(name, attrs) @target << @end_of_line increase_pad(&block) @target << @pad @target << close_el(name) elsif args.empty? @target << empty_element(name, attrs) else @target << inline_element(name, args.first, attrs) end end private def empty_element(name, attrs) "#{@pad}<#{name}#{attributes(attrs)}/>#{@end_of_line}" end def inline_element(name, value, attrs) "#{open_el(name, attrs)}#{escape(value, :text)}#{close_el(name)}" end def open_el(name, attrs) "#{@pad}<#{name}#{attributes(attrs)}>" end def close_el(name) "#{@end_of_line}" end def escape(string, text_or_attr) string.to_s .encode(:xml => text_or_attr) .gsub("\u{000D}", ' ') # Carriage Return .gsub("\u{000A}", ' ') # Line Feed .gsub("\u{0085}", '…') # Next Line .gsub("\u{2028}", '
') # Line Separator end def attributes(attr) if attr.empty? '' else ' ' + attr.map do |key, value| "#{key}=#{escape(value, :attr)}" end.join(' ') end end def increase_pad(&block) pre_increase = @pad @pad = @pad + @indent block.call @pad = pre_increase end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/xml/default_list.rb0000644000004100000410000000022414563437550023101 0ustar www-datawww-data# frozen_string_literal: true module Aws module Xml # @api private class DefaultList < Array alias nil? empty? end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/xml/parser.rb0000644000004100000410000000526014563437550021723 0ustar www-datawww-data# frozen_string_literal: true module Aws # @api private module Xml # A SAX-style XML parser that uses a shape context to handle types. class Parser # @param [Seahorse::Model::ShapeRef] rules def initialize(rules, options = {}) @rules = rules @engine = options[:engine] || self.class.engine end # Parses the XML document, returning a parsed structure. # # If you pass a block, this will yield for XML # elements that are not modeled in the rules given # to the constructor. # # parser.parse(xml) do |path, value| # puts "uhandled: #{path.join('/')} - #{value}" # end # # The purpose of the unhandled callback block is to # allow callers to access values such as the EC2 # request ID that are part of the XML body but not # part of the operation result. # # @param [String] xml An XML document string to parse. # @param [Structure] target (nil) # @return [Structure] def parse(xml, target = nil, &unhandled_callback) xml = '' if xml.nil? or xml.empty? stack = Stack.new(@rules, target, &unhandled_callback) @engine.new(stack).parse(xml.to_s) stack.result end class << self # @param [Symbol,Class] engine # Must be one of the following values: # # * :ox # * :oga # * :libxml # * :nokogiri # * :rexml # def engine= engine @engine = Class === engine ? engine : load_engine(engine) end # @return [Class] Returns the default parsing engine. # One of: # # * {OxEngine} # * {OgaEngine} # * {LibxmlEngine} # * {NokogiriEngine} # * {RexmlEngine} # def engine set_default_engine unless @engine @engine end def set_default_engine [:ox, :oga, :libxml, :nokogiri, :rexml].each do |name| @engine ||= try_load_engine(name) end unless @engine raise 'Unable to find a compatible xml library. ' \ 'Ensure that you have installed or added to your Gemfile one of ' \ 'ox, oga, libxml, nokogiri or rexml' end end private def load_engine(name) require "aws-sdk-core/xml/parser/engines/#{name}" const_name = name[0].upcase + name[1..-1] + 'Engine' const_get(const_name) end def try_load_engine(name) load_engine(name) rescue LoadError false end end set_default_engine end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/param_validator.rb0000644000004100000410000001647714563437550023010 0ustar www-datawww-data# frozen_string_literal: true module Aws # @api private class ParamValidator include Seahorse::Model::Shapes EXPECTED_GOT = 'expected %s to be %s, got class %s instead.' # @param [Seahorse::Model::Shapes::ShapeRef] rules # @param [Hash] params # @return [void] def self.validate!(rules, params) new(rules).validate!(params) end # @param [Seahorse::Model::Shapes::ShapeRef] rules # @option options [Boolean] :validate_required (true) def initialize(rules, options = {}) @rules = rules || begin shape = StructureShape.new shape.struct_class = EmptyStructure ShapeRef.new(shape: shape) end @validate_required = options[:validate_required] != false @input = options[:input].nil? ? true : !!options[:input] end # @param [Hash] params # @return [void] def validate!(params) errors = [] structure(@rules, params, errors, 'params') if @rules raise ArgumentError, error_messages(errors) unless errors.empty? end private def structure(ref, values, errors, context) # ensure the value is hash like return unless correct_type?(ref, values, errors, context) if ref.eventstream # input eventstream is provided from event signals values.each do |value| # each event is structure type case value[:message_type] when 'event' val = value.dup val.delete(:message_type) structure(ref.shape.member(val[:event_type]), val, errors, context) when 'error' # Error is unmodeled when 'exception' # Pending raise Aws::Errors::EventStreamParserError.new( ':exception event validation is not supported') end end else shape = ref.shape # ensure required members are present if @validate_required shape.required.each do |member_name| input_eventstream = ref.shape.member(member_name).eventstream && @input if values[member_name].nil? && !input_eventstream param = "#{context}[#{member_name.inspect}]" errors << "missing required parameter #{param}" end end end if @validate_required && shape.union if values.length > 1 errors << "multiple values provided to union at #{context} - must contain exactly one of the supported types: #{shape.member_names.join(', ')}" elsif values.length == 0 errors << "No values provided to union at #{context} - must contain exactly one of the supported types: #{shape.member_names.join(', ')}" end end # validate non-nil members values.each_pair do |name, value| unless value.nil? # :event_type is not modeled # and also needed when construct body next if name == :event_type if shape.member?(name) member_ref = shape.member(name) shape(member_ref, value, errors, context + "[#{name.inspect}]") else errors << "unexpected value at #{context}[#{name.inspect}]" end end end end end def list(ref, values, errors, context) # ensure the value is an array unless values.is_a?(Array) errors << expected_got(context, "an Array", values) return end # validate members member_ref = ref.shape.member values.each.with_index do |value, index| shape(member_ref, value, errors, context + "[#{index}]") end end def map(ref, values, errors, context) unless Hash === values errors << expected_got(context, "a hash", values) return end key_ref = ref.shape.key value_ref = ref.shape.value values.each do |key, value| shape(key_ref, key, errors, "#{context} #{key.inspect} key") shape(value_ref, value, errors, context + "[#{key.inspect}]") end end def document(ref, value, errors, context) document_types = [Hash, Array, Numeric, String, TrueClass, FalseClass, NilClass] unless document_types.any? { |t| value.is_a?(t) } errors << expected_got(context, "one of #{document_types.join(', ')}", value) end # recursively validate types for aggregated types case value when Hash value.each do |k, v| document(ref, v, errors, context + "[#{k}]") end when Array value.each do |v| document(ref, v, errors, context) end end end def shape(ref, value, errors, context) case ref.shape when StructureShape then structure(ref, value, errors, context) when ListShape then list(ref, value, errors, context) when MapShape then map(ref, value, errors, context) when DocumentShape then document(ref, value, errors, context) when StringShape unless value.is_a?(String) errors << expected_got(context, "a String", value) end when IntegerShape unless value.is_a?(Integer) errors << expected_got(context, "an Integer", value) end when FloatShape unless value.is_a?(Float) errors << expected_got(context, "a Float", value) end when TimestampShape unless value.is_a?(Time) errors << expected_got(context, "a Time object", value) end when BooleanShape unless [true, false].include?(value) errors << expected_got(context, "true or false", value) end when BlobShape unless value.is_a?(String) if streaming_input?(ref) unless io_like?(value, _require_size = false) errors << expected_got( context, "a String or IO like object that supports read and rewind", value ) end elsif !io_like?(value, _require_size = true) errors << expected_got( context, "a String or IO like object that supports read, rewind, and size", value ) end end else raise "unhandled shape type: #{ref.shape.class.name}" end end def correct_type?(ref, value, errors, context) if ref.eventstream && @input errors << "instead of providing value directly for eventstreams at input,"\ " expected to use #signal events per stream" return false end case value when Hash then true when ref.shape.struct_class then true when Enumerator then ref.eventstream && value.respond_to?(:event_types) else errors << expected_got(context, "a hash", value) false end end def io_like?(value, require_size = true) value.respond_to?(:read) && value.respond_to?(:rewind) && (!require_size || value.respond_to?(:size)) end def streaming_input?(ref) (ref["streaming"] || ref.shape["streaming"]) end def error_messages(errors) if errors.size == 1 errors.first else prefix = "\n - " "parameter validator found #{errors.size} errors:" + prefix + errors.join(prefix) end end def expected_got(context, expected, got) EXPECTED_GOT % [context, expected, got.class.name] end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/endpoint_cache.rb0000644000004100000410000001207114563437550022570 0ustar www-datawww-data# frozen_string_literal: true module Aws # @api private # a LRU cache caching endpoints data class EndpointCache # default cache entries limit MAX_ENTRIES = 1000 # default max threads pool size MAX_THREADS = 10 def initialize(options = {}) @max_entries = options[:max_entries] || MAX_ENTRIES @entries = {} # store endpoints @max_threads = options[:max_threads] || MAX_THREADS @pool = {} # store polling threads @mutex = Mutex.new @require_identifier = nil # whether endpoint operation support identifier end # @return [Integer] Max size limit of cache attr_reader :max_entries # @return [Integer] Max count of polling threads attr_reader :max_threads # return [Hash] Polling threads pool attr_reader :pool # @param [String] key # @return [Endpoint] def [](key) @mutex.synchronize do # fetching an existing endpoint delete it and then append it endpoint = @entries[key] if endpoint @entries.delete(key) @entries[key] = endpoint end endpoint end end # @param [String] key # @param [Hash] value def []=(key, value) @mutex.synchronize do # delete the least recent used endpoint when cache is full unless @entries.size < @max_entries old_key, = @entries.shift delete_polling_thread(old_key) end # delete old value if exists @entries.delete(key) @entries[key] = Endpoint.new(value.to_hash) end end # checking whether an unexpired endpoint key exists in cache # @param [String] key # @return [Boolean] def key?(key) @mutex.synchronize do if @entries.key?(key) && (@entries[key].nil? || @entries[key].expired?) @entries.delete(key) end @entries.key?(key) end end # checking whether an polling thread exist for the key # @param [String] key # @return [Boolean] def threads_key?(key) @pool.key?(key) end # remove entry only # @param [String] key def delete(key) @mutex.synchronize do @entries.delete(key) end end # kill the old polling thread and remove it from pool # @param [String] key def delete_polling_thread(key) Thread.kill(@pool[key]) if threads_key?(key) @pool.delete(key) end # update cache with requests (using service endpoint operation) # to fetch endpoint list (with identifiers when available) # @param [String] key # @param [RequestContext] ctx def update(key, ctx) resp = _request_endpoint(ctx) if resp && resp.endpoints resp.endpoints.each { |e| self[key] = e } end end # extract the key to be used in the cache from request context # @param [RequestContext] ctx # @return [String] def extract_key(ctx) parts = [] # fetching from cred provider directly gives warnings parts << ctx.config.credentials.credentials.access_key_id if _endpoint_operation_identifier(ctx) parts << ctx.operation_name ctx.operation.input.shape.members.inject(parts) do |p, (name, ref)| p << ctx.params[name] if ref['endpointdiscoveryid'] p end end parts.join('_') end # update polling threads pool # param [String] key # param [Thread] thread def update_polling_pool(key, thread) unless @pool.size < @max_threads _, thread = @pool.shift Thread.kill(thread) end @pool[key] = thread end # kill all polling threads def stop_polling! @pool.each { |_, t| Thread.kill(t) } @pool = {} end private def _request_endpoint(ctx) params = {} if _endpoint_operation_identifier(ctx) # build identifier params when available params[:operation] = ctx.operation.name ctx.operation.input.shape.members.inject(params) do |p, (name, ref)| if ref['endpointdiscoveryid'] p[:identifiers] ||= {} p[:identifiers][ref.location_name] = ctx.params[name] end p end end begin endpoint_operation_name = ctx.config.api.endpoint_operation ctx.client.send(endpoint_operation_name, params) rescue Aws::Errors::ServiceError nil end end def _endpoint_operation_identifier(ctx) return @require_identifier unless @require_identifier.nil? operation_name = ctx.config.api.endpoint_operation operation = ctx.config.api.operation(operation_name) @require_identifier = operation.input.shape.members.any? end class Endpoint # default endpoint cache time, 1 minute CACHE_PERIOD = 1 def initialize(options) @address = options.fetch(:address) @cache_period = options[:cache_period_in_minutes] || CACHE_PERIOD @created_time = Time.now end # [String] valid URI address (with path) attr_reader :address def expired? Time.now - @created_time > @cache_period * 60 end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/pageable_response.rb0000644000004100000410000001534014563437550023305 0ustar www-datawww-data# frozen_string_literal: true module Aws # Decorates a {Seahorse::Client::Response} with paging convenience methods. # Some AWS calls provide paged responses to limit the amount of data returned # with each response. To optimize for latency, some APIs may return an # inconsistent number of responses per page. You should rely on the values of # the `next_page?` method or using enumerable methods such as `each` rather # than the number of items returned to iterate through results. See below for # examples. # # @note Methods such as `to_json` will enumerate all of the responses before # returning the full response as JSON. # # # Paged Responses Are Enumerable # The simplest way to handle paged response data is to use the built-in # enumerator in the response object, as shown in the following example. # # s3 = Aws::S3::Client.new # # s3.list_objects(bucket:'aws-sdk').each do |response| # puts response.contents.map(&:key) # end # # This yields one response object per API call made, and enumerates objects # in the named bucket. The SDK retrieves additional pages of data to # complete the request. # # # Handling Paged Responses Manually # To handle paging yourself, use the response’s `next_page?` method to verify # there are more pages to retrieve, or use the last_page? method to verify # there are no more pages to retrieve. # # If there are more pages, use the `next_page` method to retrieve the # next page of results, as shown in the following example. # # s3 = Aws::S3::Client.new # # # Get the first page of data # response = s3.list_objects(bucket:'aws-sdk') # # # Get additional pages # while response.next_page? do # response = response.next_page # # Use the response data here... # puts response.contents.map(&:key) # end # module PageableResponse def self.apply(base) base.extend Extension base.instance_variable_set(:@last_page, nil) base.instance_variable_set(:@more_results, nil) base end # @return [Paging::Pager] attr_accessor :pager # Returns `true` if there are no more results. Calling {#next_page} # when this method returns `false` will raise an error. # @return [Boolean] def last_page? # Actual implementation is in PageableResponse::Extension end # Returns `true` if there are more results. Calling {#next_page} will # return the next response. # @return [Boolean] def next_page? # Actual implementation is in PageableResponse::Extension end # @return [Seahorse::Client::Response] def next_page(params = {}) # Actual implementation is in PageableResponse::Extension end # Yields the current and each following response to the given block. # @yieldparam [Response] response # @return [Enumerable,nil] Returns a new Enumerable if no block is given. def each(&block) # Actual implementation is in PageableResponse::Extension end alias each_page each private # @param [Hash] params A hash of additional request params to # merge into the next page request. # @return [Seahorse::Client::Response] Returns the next page of # results. def next_response(params) # Actual implementation is in PageableResponse::Extension end # @param [Hash] params A hash of additional request params to # merge into the next page request. # @return [Hash] Returns the hash of request parameters for the # next page, merging any given params. def next_page_params(params) # Actual implementation is in PageableResponse::Extension end # Raised when calling {PageableResponse#next_page} on a pager that # is on the last page of results. You can call {PageableResponse#last_page?} # or {PageableResponse#next_page?} to know if there are more pages. class LastPageError < RuntimeError # @param [Seahorse::Client::Response] response def initialize(response) @response = response super("unable to fetch next page, end of results reached") end # @return [Seahorse::Client::Response] attr_reader :response end # A handful of Enumerable methods, such as #count are not safe # to call on a pageable response, as this would trigger n api calls # simply to count the number of response pages, when likely what is # wanted is to access count on the data. Same for #to_h. # @api private module UnsafeEnumerableMethods def count if data.respond_to?(:count) data.count else raise NoMethodError, "undefined method `count'" end end def respond_to?(method_name, *args) if method_name == :count data.respond_to?(:count) else super end end def to_h data.to_h end def as_json(_options = {}) data.to_h(data, as_json: true) end def to_json(options = {}) as_json.to_json(options) end end # The actual decorator module implementation. It is in a distinct module # so that it can be used to extend objects without busting Ruby's constant cache. # object.extend(mod) bust the constant cache only if `mod` contains constants of its own. # @api private module Extension include Enumerable include UnsafeEnumerableMethods attr_accessor :pager def last_page? if @last_page.nil? @last_page = !@pager.truncated?(self) end @last_page end def next_page? !last_page? end def next_page(params = {}) if last_page? raise LastPageError.new(self) else next_response(params) end end def each(&block) return enum_for(:each_page) unless block_given? response = self yield(response) until response.last_page? response = response.next_page yield(response) end end alias each_page each private def next_response(params) params = next_page_params(params) request = context.client.build_request(context.operation_name, params) Aws::Plugins::UserAgent.feature('paginator') do request.send_request end end def next_page_params(params) # Remove all previous tokens from original params # Sometimes a token can be nil and merge would not include it. tokens = @pager.tokens.values.map(&:to_sym) params_without_tokens = context[:original_params].reject { |k, _v| tokens.include?(k) } params_without_tokens.merge!(@pager.next_tokens(self).merge(params)) params_without_tokens end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/refreshing_token.rb0000644000004100000410000000310514563437550023157 0ustar www-datawww-data# frozen_string_literal: true require 'thread' module Aws # Module/mixin used by token provider classes that can be refreshed. This # provides basic refresh logic in a thread-safe manner. Classes mixing in # this module are expected to implement a #refresh method that populates # the following instance variable: # # * `@token` [Token] - {Aws::Token} object with the `expiration` and `token` # fields set. # # @api private module RefreshingToken def initialize(options = {}) @mutex = Mutex.new @before_refresh = options.delete(:before_refresh) if Hash === options @before_refresh.call(self) if @before_refresh refresh end # @return [Token] def token refresh_if_near_expiration @token end # @return [Time,nil] def expiration refresh_if_near_expiration @expiration end # Refresh token. # @return [void] def refresh! @mutex.synchronize do @before_refresh.call(self) if @before_refresh refresh end end private # Refreshes token if it is within # 5 minutes of expiration. def refresh_if_near_expiration if near_expiration? @mutex.synchronize do if near_expiration? @before_refresh.call(self) if @before_refresh refresh end end end end def near_expiration? if @token && @token.expiration # are we within 5 minutes of expiration? (Time.now.to_i + 5 * 60) > @token.expiration.to_i else true end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/sso_token_provider.rb0000644000004100000410000001126714563437550023551 0ustar www-datawww-data# frozen_string_literal: true module Aws class SSOTokenProvider include TokenProvider include RefreshingToken # @api private SSO_REQUIRED_OPTS = [:sso_region, :sso_session].freeze # @api private SSO_LOGIN_GUIDANCE = 'The SSO session associated with this profile has '\ 'expired or is otherwise invalid. To refresh this SSO session run '\ 'aws sso login with the corresponding profile.'.freeze # @option options [required, String] :sso_region The AWS region where the # SSO directory for the given sso_start_url is hosted. # # @option options [required, String] :sso_session The SSO Session used to # for fetching this token. # # @option options [SSOOIDC::Client] :client Optional `SSOOIDC::Client`. If not # provided, a client will be constructed. # # @option options [Callable] before_refresh Proc called before # credentials are refreshed. `before_refresh` is called # with an instance of this object when # AWS credentials are required and need to be refreshed. def initialize(options = {}) missing_keys = SSO_REQUIRED_OPTS.select { |k| options[k].nil? } unless missing_keys.empty? raise ArgumentError, "Missing required keys: #{missing_keys}" end @sso_session = options.delete(:sso_session) @sso_region = options.delete(:sso_region) options[:region] = @sso_region options[:credentials] = nil options[:token_provider] = nil @client = options[:client] || Aws::SSOOIDC::Client.new(options) super end # @return [SSOOIDC::Client] attr_reader :client private def refresh # token is valid and not in refresh window - do not refresh it. return if @token && @token.expiration && !near_expiration? # token may not exist or is out of the expiration window # attempt to refresh from disk first (another process/application may have refreshed already) token_json = read_cached_token @token = Token.new(token_json['accessToken'], token_json['expiresAt']) return if @token && @token.expiration && !near_expiration? # The token is expired and needs to be refreshed if can_refresh_token?(token_json) begin current_time = Time.now resp = @client.create_token( grant_type: 'refresh_token', client_id: token_json['clientId'], client_secret: token_json['clientSecret'], refresh_token: token_json['refreshToken'] ) token_json['accessToken'] = resp.access_token token_json['expiresAt'] = current_time + resp.expires_in @token = Token.new(token_json['accessToken'], token_json['expiresAt']) if resp.refresh_token token_json['refreshToken'] = resp.refresh_token else token_json.delete('refreshToken') end update_token_cache(token_json) rescue # refresh has failed, continue attempting to use the token if its not hard expired end end if !@token.expiration || @token.expiration < Time.now # Token is hard expired, raise an exception raise Errors::InvalidSSOToken, 'Token is invalid and failed to refresh.' end end def read_cached_token cached_token = Json.load(File.read(sso_cache_file)) # validation unless cached_token['accessToken'] && cached_token['expiresAt'] raise ArgumentError, 'Missing required field(s)' end cached_token['expiresAt'] = Time.parse(cached_token['expiresAt']) cached_token rescue Errno::ENOENT, Aws::Json::ParseError, ArgumentError raise Errors::InvalidSSOToken, SSO_LOGIN_GUIDANCE end def update_token_cache(token_json) cached_token = token_json.dup cached_token['expiresAt'] = cached_token['expiresAt'].iso8601 File.write(sso_cache_file, Json.dump(cached_token)) end def sso_cache_file sso_session_sha1 = OpenSSL::Digest::SHA1.hexdigest(@sso_session.encode('utf-8')) File.join(Dir.home, '.aws', 'sso', 'cache', "#{sso_session_sha1}.json") rescue ArgumentError # Dir.home raises ArgumentError when ENV['home'] is not set raise ArgumentError, "Unable to load sso_cache_file: ENV['HOME'] is not set." end # return true if all required fields are present # return false if registrationExpiresAt exists and is later than now def can_refresh_token?(token_json) if token_json['clientId'] && token_json['clientSecret'] && token_json['refreshToken'] return !token_json['registrationExpiresAt'] || Time.parse(token_json['registrationExpiresAt']) > Time.now else false end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/query.rb0000644000004100000410000000032514563437550020771 0ustar www-datawww-data# frozen_string_literal: true require_relative 'query/ec2_param_builder' require_relative 'query/handler' require_relative 'query/param' require_relative 'query/param_builder' require_relative 'query/param_list' aws-sdk-core-3.191.2/lib/aws-sdk-core/shared_credentials.rb0000644000004100000410000000471014563437550023451 0ustar www-datawww-data# frozen_string_literal: true require_relative 'ini_parser' module Aws class SharedCredentials include CredentialProvider # @api private KEY_MAP = { 'aws_access_key_id' => 'access_key_id', 'aws_secret_access_key' => 'secret_access_key', 'aws_session_token' => 'session_token', } # Constructs a new SharedCredentials object. This will load static # (access_key_id, secret_access_key and session_token) AWS access # credentials from an ini file, which supports profiles. The default # profile name is 'default'. You can specify the profile name with the # `ENV['AWS_PROFILE']` or with the `:profile_name` option. # # To use credentials from the default credential resolution chain # create a client without the credential option specified. # You may access the resolved credentials through # `client.config.credentials`. # # @option [String] :path Path to the shared file. Defaults # to "#{Dir.home}/.aws/credentials". # # @option [String] :profile_name Defaults to 'default' or # `ENV['AWS_PROFILE']`. # def initialize(options = {}) shared_config = Aws.shared_config @path = options[:path] @path ||= shared_config.credentials_path @profile_name = options[:profile_name] @profile_name ||= ENV['AWS_PROFILE'] @profile_name ||= shared_config.profile_name if @path && @path == shared_config.credentials_path @credentials = shared_config.credentials(profile: @profile_name) else config = SharedConfig.new( credentials_path: @path, profile_name: @profile_name ) @credentials = config.credentials(profile: @profile_name) end end # @return [String] attr_reader :path # @return [String] attr_reader :profile_name # @return [Credentials] attr_reader :credentials # @api private def inspect parts = [ self.class.name, "profile_name=#{profile_name.inspect}", "path=#{path.inspect}", ] "#<#{parts.join(' ')}>" end # @deprecated This method is no longer used. # @return [Boolean] Returns `true` if a credential file # exists and has appropriate read permissions at {#path}. # @note This method does not indicate if the file found at {#path} # will be parsable, only if it can be read. def loadable? !path.nil? && File.exist?(path) && File.readable?(path) end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/resources/0000755000004100000410000000000014563437550021311 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/resources/collection.rb0000644000004100000410000000540514563437550023775 0ustar www-datawww-data# frozen_string_literal: true module Aws module Resources class Collection extend Aws::Deprecations include Enumerable # @param [Enumerator] batches # @option options [Integer] :limit # @option options [Integer] :size # @api private def initialize(batches, options = {}) @batches = batches @limit = options[:limit] @size = options[:size] end # @return [Integer,nil] # Returns the size of this collection if known, returns `nil` when # an API call is necessary to enumerate items in this collection. def size @size end alias :length :size # @deprecated # @api private def batches ::Enumerator.new do |y| batch_enum.each do |batch| y << self.class.new([batch], size: batch.size) end end end # @deprecated # @api private def [](index) if @size @batches[0][index] else raise "unable to index into a lazy loaded collection" end end deprecated :[] # @return [Enumerator] def each(&block) enum = ::Enumerator.new do |y| batch_enum.each do |batch| batch.each do |band| y.yield(band) end end end enum.each(&block) if block enum end # @param [Integer] count # @return [Resource, Collection] def first(count = nil) if count items = limit(count).to_a self.class.new([items], size: items.size) else begin each.next rescue StopIteration nil end end end # Returns a new collection that will enumerate a limited number of items. # # collection.limit(10).each do |band| # # yields at most 10 times # end # # @return [Collection] # @param [Integer] limit def limit(limit) Collection.new(@batches, limit: limit) end private def batch_enum case @limit when 0 then [] when nil then non_empty_batches else limited_batches end end def non_empty_batches ::Enumerator.new do |y| @batches.each do |batch| y.yield(batch) if batch.size > 0 end end end def limited_batches ::Enumerator.new do |y| yielded = 0 @batches.each do |batch| batch = batch.take(@limit - yielded) if batch.size > 0 y.yield(batch) yielded += batch.size end break if yielded == @limit end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/binary.rb0000644000004100000410000000043614563437550021113 0ustar www-datawww-data# frozen_string_literal: true require_relative 'binary/decode_handler' require_relative 'binary/encode_handler' require_relative 'binary/event_stream_decoder' require_relative 'binary/event_stream_encoder' require_relative 'binary/event_builder' require_relative 'binary/event_parser' aws-sdk-core-3.191.2/lib/aws-sdk-core/client_stubs.rb0000644000004100000410000002613214563437550022326 0ustar www-datawww-data# frozen_string_literal: true require 'thread' module Aws # This module provides the ability to specify the data and/or errors to # return when a client is using stubbed responses. Pass # `:stub_responses => true` to a client constructor to enable this # behavior. # # Also allows you to see the requests made by the client by reading the # api_requests instance variable module ClientStubs # @api private def setup_stubbing @stubs = {} @stub_mutex = Mutex.new if Hash === @config.stub_responses @config.stub_responses.each do |operation_name, stubs| apply_stubs(operation_name, Array === stubs ? stubs : [stubs]) end end # When a client is stubbed allow the user to access the requests made requests = @api_requests = [] requests_mutex = @requests_mutex = Mutex.new self.handle do |context| requests_mutex.synchronize do requests << { operation_name: context.operation_name, params: context.params, context: context } end @handler.call(context) end end # Configures what data / errors should be returned from the named operation # when response stubbing is enabled. # # ## Basic usage # # When you enable response stubbing, the client will generate fake # responses and will not make any HTTP requests. # # client = Aws::S3::Client.new(stub_responses: true) # client.list_buckets # #=> # # # You can provide stub data that will be returned by the client. # # # stub data in the constructor # client = Aws::S3::Client.new(stub_responses: { # list_buckets: { buckets: [{name: 'my-bucket' }] }, # get_object: { body: 'data' }, # }) # # client.list_buckets.buckets.map(&:name) #=> ['my-bucket'] # client.get_object(bucket:'name', key:'key').body.read #=> 'data' # # You can also specify the stub data using {#stub_responses} # # client = Aws::S3::Client.new(stub_responses: true) # client.stub_responses(:list_buckets, { # buckets: [{ name: 'my-bucket' }] # }) # # client.list_buckets.buckets.map(&:name) # #=> ['my-bucket'] # # With a Resource class {#stub_responses} on the corresponding client: # # s3 = Aws::S3::Resource.new(stub_responses: true) # s3.client.stub_responses(:list_buckets, { # buckets: [{ name: 'my-bucket' }] # }) # # s3.buckets.map(&:name) # #=> ['my-bucket'] # # Lastly, default stubs can be configured via `Aws.config`: # # Aws.config[:s3] = { # stub_responses: { # list_buckets: { buckets: [{name: 'my-bucket' }] } # } # } # # Aws::S3::Client.new.list_buckets.buckets.map(&:name) # #=> ['my-bucket'] # # Aws::S3::Resource.new.buckets.map(&:name) # #=> ['my-bucket'] # # ## Dynamic Stubbing # # In addition to creating static stubs, it's also possible to generate # stubs dynamically based on the parameters with which operations were # called, by passing a `Proc` object: # # s3 = Aws::S3::Resource.new(stub_responses: true) # s3.client.stub_responses(:put_object, -> (context) { # s3.client.stub_responses(:get_object, content_type: context.params[:content_type]) # }) # # The yielded object is an instance of {Seahorse::Client::RequestContext}. # # ## Stubbing Errors # # When stubbing is enabled, the SDK will default to generate # fake responses with placeholder values. You can override the data # returned. You can also specify errors it should raise. # # # simulate service errors, give the error code # client.stub_responses(:get_object, 'NotFound') # client.get_object(bucket:'aws-sdk', key:'foo') # #=> raises Aws::S3::Errors::NotFound # # # to simulate other errors, give the error class, you must # # be able to construct an instance with `.new` # client.stub_responses(:get_object, Timeout::Error) # client.get_object(bucket:'aws-sdk', key:'foo') # #=> raises new Timeout::Error # # # or you can give an instance of an error class # client.stub_responses(:get_object, RuntimeError.new('custom message')) # client.get_object(bucket:'aws-sdk', key:'foo') # #=> raises the given runtime error object # # ## Stubbing HTTP Responses # # As an alternative to providing the response data, you can provide # an HTTP response. # # client.stub_responses(:get_object, { # status_code: 200, # headers: { 'header-name' => 'header-value' }, # body: "...", # }) # # To stub a HTTP response, pass a Hash with all three of the following # keys set: # # * **`:status_code`** - - The HTTP status code # * **`:headers`** - Hash - A hash of HTTP header keys and values # * **`:body`** - - The HTTP response body. # # ## Stubbing Multiple Responses # # Calling an operation multiple times will return similar responses. # You can configure multiple stubs and they will be returned in sequence. # # client.stub_responses(:head_object, [ # 'NotFound', # { content_length: 150 }, # ]) # # client.head_object(bucket:'aws-sdk', key:'foo') # #=> raises Aws::S3::Errors::NotFound # # resp = client.head_object(bucket:'aws-sdk', key:'foo') # resp.content_length #=> 150 # # @param [Symbol] operation_name # # @param [Mixed] stubs One or more responses to return from the named # operation. # # @return [void] # # @raise [RuntimeError] Raises a runtime error when called # on a client that has not enabled response stubbing via # `:stub_responses => true`. def stub_responses(operation_name, *stubs) if config.stub_responses apply_stubs(operation_name, stubs.flatten) else msg = 'stubbing is not enabled; enable stubbing in the constructor '\ 'with `:stub_responses => true`' raise msg end end # Allows you to access all of the requests that the stubbed client has made. # # @param [Hash] options The options for the api requests. # @option options [Boolean] :exclude_presign (false) Set to true to filter # out unsent requests from generated presigned urls. # @return [Array] Returns an array of the api requests made. Each request # object contains the :operation_name, :params, and :context. # @raise [NotImplementedError] Raises `NotImplementedError` when the client # is not stubbed. def api_requests(options = {}) if config.stub_responses @requests_mutex.synchronize do if options[:exclude_presign] @api_requests.reject {|req| req[:context][:presigned_url] } else @api_requests end end else msg = 'This method is only implemented for stubbed clients, and is '\ 'available when you enable stubbing in the constructor with `stub_responses: true`' raise NotImplementedError.new(msg) end end # Generates and returns stubbed response data from the named operation. # # s3 = Aws::S3::Client.new # s3.stub_data(:list_buckets) # #=> #> # # In addition to generating default stubs, you can provide data to # apply to the response stub. # # s3.stub_data(:list_buckets, buckets:[{name:'aws-sdk'}]) # #=> #], # owner=#> # # @param [Symbol] operation_name # @param [Hash] data # @return [Structure] Returns a stubbed response data structure. The # actual class returned will depend on the given `operation_name`. def stub_data(operation_name, data = {}) Stubbing::StubData.new(config.api.operation(operation_name)).stub(data) end # @api private def next_stub(context) operation_name = context.operation_name.to_sym stub = @stub_mutex.synchronize do stubs = @stubs[operation_name] || [] case stubs.length when 0 then default_stub(operation_name) when 1 then stubs.first else stubs.shift end end Proc === stub ? convert_stub(operation_name, stub.call(context)) : stub end private def default_stub(operation_name) stub = stub_data(operation_name) http_response_stub(operation_name, stub) end # This method converts the given stub data and converts it to a # HTTP response (when possible). This enables the response stubbing # plugin to provide a HTTP response that triggers all normal events # during response handling. def apply_stubs(operation_name, stubs) @stub_mutex.synchronize do @stubs[operation_name.to_sym] = stubs.map do |stub| convert_stub(operation_name, stub) end end end def convert_stub(operation_name, stub) stub = case stub when Proc then stub when Exception, Class then { error: stub } when String then service_error_stub(stub) when Hash then http_response_stub(operation_name, stub) else { data: stub } end if Hash === stub stub[:mutex] = Mutex.new end stub end def service_error_stub(error_code) { http: protocol_helper.stub_error(error_code) } end def http_response_stub(operation_name, data) if Hash === data && data.keys.sort == [:body, :headers, :status_code] { http: hash_to_http_resp(data) } else { http: data_to_http_resp(operation_name, data) } end end def hash_to_http_resp(data) http_resp = Seahorse::Client::Http::Response.new http_resp.status_code = data[:status_code] http_resp.headers.update(data[:headers]) http_resp.body = data[:body] http_resp end def data_to_http_resp(operation_name, data) api = config.api operation = api.operation(operation_name) ParamValidator.new(operation.output, input: false).validate!(data) protocol_helper.stub_data(api, operation, data) end def protocol_helper case config.api.metadata['protocol'] when 'json' then Stubbing::Protocols::Json when 'query' then Stubbing::Protocols::Query when 'ec2' then Stubbing::Protocols::EC2 when 'rest-json' then Stubbing::Protocols::RestJson when 'rest-xml' then Stubbing::Protocols::RestXml when 'api-gateway' then Stubbing::Protocols::ApiGateway else raise "unsupported protocol" end.new end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/rest.rb0000644000004100000410000000066514563437550020610 0ustar www-datawww-data# frozen_string_literal: true require_relative 'rest/handler' require_relative 'rest/request/body' require_relative 'rest/request/builder' require_relative 'rest/request/endpoint' require_relative 'rest/request/headers' require_relative 'rest/request/querystring_builder' require_relative 'rest/response/body' require_relative 'rest/response/headers' require_relative 'rest/response/parser' require_relative 'rest/response/status_code' aws-sdk-core-3.191.2/lib/aws-sdk-core/json/0000755000004100000410000000000014563437550020250 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/json/handler.rb0000644000004100000410000000530114563437550022211 0ustar www-datawww-data# frozen_string_literal: true module Aws module Json class Handler < Seahorse::Client::Handler CONTENT_TYPE = 'application/x-amz-json-%s' # @param [Seahorse::Client::RequestContext] context # @return [Seahorse::Client::Response] def call(context) build_request(context) response = @handler.call(context) response.on(200..299) { |resp| parse_response(resp) } response.on(200..599) { |resp| apply_request_id(context) } response end private def build_request(context) context.http_request.http_method = 'POST' context.http_request.headers['Content-Type'] = content_type(context) context.http_request.headers['X-Amz-Target'] = target(context) context.http_request.body = build_body(context) end def build_body(context) if simple_json?(context) Json.dump(context.params) else Builder.new(context.operation.input).serialize(context.params) end end def parse_response(response) response.data = parse_body(response.context) end def parse_body(context) if simple_json?(context) Json.load(context.http_response.body_contents) elsif rules = context.operation.output json = context.http_response.body_contents if json.is_a?(Array) # an array of emitted events if json[0].respond_to?(:response) # initial response exists # it must be the first event arrived resp_struct = json.shift.response else resp_struct = context.operation.output.shape.struct_class.new end rules.shape.members.each do |name, ref| if ref.eventstream resp_struct.send("#{name}=", json.to_enum) end end resp_struct else Parser.new( rules, query_compatible: query_compatible?(context) ).parse(json == '' ? '{}' : json) end else EmptyStructure.new end end def content_type(context) CONTENT_TYPE % [context.config.api.metadata['jsonVersion']] end def target(context) prefix = context.config.api.metadata['targetPrefix'] "#{prefix}.#{context.operation.name}" end def apply_request_id(context) context[:request_id] = context.http_response.headers['x-amzn-requestid'] end def simple_json?(context) context.config.simple_json end def query_compatible?(context) context.config.api.metadata.key?('awsQueryCompatible') end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/json/json_engine.rb0000644000004100000410000000050414563437550023072 0ustar www-datawww-data# frozen_string_literal: true module Aws module Json module JSONEngine class << self def load(json) JSON.parse(json) rescue JSON::ParserError => e raise ParseError.new(e) end def dump(value) JSON.dump(value) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/json/oj_engine.rb0000644000004100000410000000172714563437550022541 0ustar www-datawww-data# frozen_string_literal: true module Aws module Json module OjEngine # @api private LOAD_OPTIONS = { mode: :compat, symbol_keys: false, empty_string: false }.freeze # @api private DUMP_OPTIONS = { mode: :compat }.freeze class << self def load(json) Oj.load(json, LOAD_OPTIONS) rescue *PARSE_ERRORS => e raise ParseError.new(e) end def dump(value) Oj.dump(value, DUMP_OPTIONS) end private # Oj before 1.4.0 does not define Oj::ParseError and instead raises # SyntaxError on failure def detect_oj_parse_errors require 'oj' if Oj.const_defined?(:ParseError) [Oj::ParseError, EncodingError, JSON::ParserError] else [SyntaxError] end rescue LoadError nil end end # @api private PARSE_ERRORS = detect_oj_parse_errors end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/json/error_handler.rb0000644000004100000410000000460014563437550023423 0ustar www-datawww-data# frozen_string_literal: true module Aws module Json class ErrorHandler < Xml::ErrorHandler # @param [Seahorse::Client::RequestContext] context # @return [Seahorse::Client::Response] def call(context) @handler.call(context).on(300..599) do |response| response.error = error(context) response.data = nil end end private def extract_error(body, context) json = Json.load(body) code = error_code(json, context) message = error_message(code, json) data = parse_error_data(context, code) [code, message, data] rescue Json::ParseError [http_status_error_code(context), '', EmptyStructure.new] end def error_code(json, context) code = if aws_query_error?(context) error = context.http_response.headers['x-amzn-query-error'].split(';')[0] remove_prefix(error, context) else json['__type'] end code ||= json['code'] code ||= context.http_response.headers['x-amzn-errortype'] if code code.split('#').last else http_status_error_code(context) end end def aws_query_error?(context) context.config.api.metadata['awsQueryCompatible'] && context.http_response.headers['x-amzn-query-error'] end def remove_prefix(error_code, context) if prefix = context.config.api.metadata['errorPrefix'] error_code.sub(/^#{prefix}/, '') else error_code end end def error_message(code, json) if code == 'RequestEntityTooLarge' 'Request body must be less than 1 MB' else json['message'] || json['Message'] || '' end end def parse_error_data(context, code) data = EmptyStructure.new if error_rules = context.operation.errors error_rules.each do |rule| # match modeled shape name with the type(code) only # some type(code) might contains invalid characters # such as ':' (efs) etc match = rule.shape.name == code.gsub(/[^^a-zA-Z0-9]/, '') if match && rule.shape.members.any? data = Parser.new(rule).parse(context.http_response.body_contents) end end end data end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/json/builder.rb0000644000004100000410000000340114563437550022221 0ustar www-datawww-data# frozen_string_literal: true require 'base64' module Aws module Json class Builder include Seahorse::Model::Shapes def initialize(rules) @rules = rules end def to_json(params) Json.dump(format(@rules, params)) end alias serialize to_json private def structure(ref, values) shape = ref.shape values.each_pair.with_object({}) do |(key, value), data| if shape.member?(key) && !value.nil? member_ref = shape.member(key) member_name = member_ref.location_name || key data[member_name] = format(member_ref, value) end end end def list(ref, values) member_ref = ref.shape.member values.collect { |value| format(member_ref, value) } end def map(ref, values) value_ref = ref.shape.value values.each.with_object({}) do |(key, value), data| data[key] = format(value_ref, value) end end def format(ref, value) case ref.shape when StructureShape then structure(ref, value) when ListShape then list(ref, value) when MapShape then map(ref, value) when TimestampShape then timestamp(ref, value) when BlobShape then encode(value) else value end end def encode(blob) Base64.strict_encode64(String === blob ? blob : blob.read) end def timestamp(ref, value) case ref['timestampFormat'] || ref.shape['timestampFormat'] when 'iso8601' then value.utc.iso8601 when 'rfc822' then value.utc.httpdate else # rest-json and jsonrpc default to unixTimestamp value.to_i end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/json/parser.rb0000644000004100000410000000607514563437550022101 0ustar www-datawww-data# frozen_string_literal: true require 'base64' require 'time' module Aws module Json class Parser include Seahorse::Model::Shapes # @param [Seahorse::Model::ShapeRef] rules def initialize(rules, query_compatible: false) @rules = rules @query_compatible = query_compatible end # @param [String] json def parse(json, target = nil) parse_ref(@rules, Json.load(json), target) end private def structure(ref, values, target = nil) shape = ref.shape target = ref.shape.struct_class.new if target.nil? values.each do |key, value| member_name, member_ref = shape.member_by_location_name(key) if member_ref target[member_name] = parse_ref(member_ref, value) elsif shape.union && key != '__type' target[:unknown] = { 'name' => key, 'value' => value } end end # In services that were previously Query/XML, members that were # "flattened" defaulted to empty lists. In JSON, these values are nil, # which is backwards incompatible. To preserve backwards compatibility, # we set a default value of [] for these members. if @query_compatible ref.shape.members.each do |member_name, member_target| next unless target[member_name].nil? if flattened_list?(member_target.shape) target[member_name] = [] elsif flattened_map?(member_target.shape) target[member_name] = {} end end end if shape.union # convert to subclass member_subclass = shape.member_subclass(target.member).new member_subclass[target.member] = target.value target = member_subclass end target end def list(ref, values, target = nil) target = [] if target.nil? values.each do |value| target << parse_ref(ref.shape.member, value) end target end def map(ref, values, target = nil) target = {} if target.nil? values.each do |key, value| target[key] = parse_ref(ref.shape.value, value) end target end def parse_ref(ref, value, target = nil) if value.nil? nil else case ref.shape when StructureShape then structure(ref, value, target) when ListShape then list(ref, value, target) when MapShape then map(ref, value, target) when TimestampShape then time(value) when BlobShape then Base64.decode64(value) when BooleanShape then value.to_s == 'true' else value end end end # @param [String, Integer] value # @return [Time] def time(value) value.is_a?(Numeric) ? Time.at(value) : Time.parse(value) end def flattened_list?(shape) shape.is_a?(ListShape) && shape.flattened end def flattened_map?(shape) shape.is_a?(MapShape) && shape.flattened end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/static_token_provider.rb0000644000004100000410000000040514563437550024224 0ustar www-datawww-data# frozen_string_literal: true module Aws class StaticTokenProvider include TokenProvider # @param [String] token # @param [Time] expiration def initialize(token, expiration=nil) @token = Token.new(token, expiration) end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/credentials.rb0000644000004100000410000000206714563437550022126 0ustar www-datawww-data# frozen_string_literal: true module Aws class Credentials # @param [String] access_key_id # @param [String] secret_access_key # @param [String] session_token (nil) def initialize(access_key_id, secret_access_key, session_token = nil) @access_key_id = access_key_id @secret_access_key = secret_access_key @session_token = session_token end # @return [String, nil] attr_reader :access_key_id # @return [String, nil] attr_reader :secret_access_key # @return [String, nil] attr_reader :session_token # @return [Credentials] def credentials self end # @return [Boolean] Returns `true` if the access key id and secret # access key are both set. def set? !access_key_id.nil? && !access_key_id.empty? && !secret_access_key.nil? && !secret_access_key.empty? end # Removing the secret access key from the default inspect string. # @api private def inspect "#<#{self.class.name} access_key_id=#{access_key_id.inspect}>" end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/errors.rb0000644000004100000410000003163114563437550021144 0ustar www-datawww-data# frozen_string_literal: true module Aws module Errors class NonSupportedRubyVersionError < RuntimeError; end # The base class for all errors returned by an Amazon Web Service. # All ~400 level client errors and ~500 level server errors are raised # as service errors. This indicates it was an error returned from the # service and not one generated by the client. class ServiceError < RuntimeError # @param [Seahorse::Client::RequestContext] context # @param [String, nil] message # @param [Aws::Structure] data def initialize(context, message, data = Aws::EmptyStructure.new) @code = self.class.code @context = context @data = data @message = message && !message.empty? ? message : self.class.to_s super(@message) end # @return [String] attr_reader :code # @return [Seahorse::Client::RequestContext] The context of the request # that triggered the remote service to return this error. attr_reader :context # @return [Aws::Structure] attr_accessor :data class << self # @return [String, nil] attr_accessor :code end # @api private undocumented def retryable? false end # @api private undocumented def throttling? false end end # Raised when InstanceProfileCredentialsProvider or # EcsCredentialsProvider fails to parse the metadata response after retries class MetadataParserError < RuntimeError def initialize(*args) msg = 'Failed to parse metadata service response.' super(msg) end end # Raised when a `streaming` operation has `requiresLength` trait # enabled but request payload size/length cannot be calculated class MissingContentLength < RuntimeError def initialize(*args) msg = 'Required `Content-Length` value missing for the request.' super(msg) end end # Rasied when endpoint discovery failed for operations # that requires endpoints from endpoint discovery class EndpointDiscoveryError < RuntimeError def initialize(*args) msg = 'Endpoint discovery failed for the operation or discovered endpoint is not working, '\ 'request will keep failing until endpoint discovery succeeds or :endpoint option is provided.' super(msg) end end # raised when hostLabel member is not provided # at operation input when endpoint trait is available # with 'hostPrefix' requirement class MissingEndpointHostLabelValue < RuntimeError def initialize(name) msg = "Missing required parameter #{name} to construct"\ ' endpoint host prefix. You can disable host prefix by'\ ' setting :disable_host_prefix_injection to `true`.' super(msg) end end # Raised when attempting to #signal an event before # making an async request class SignalEventError < RuntimeError; end # Raised when EventStream Parser failed to parse # a raw event message class EventStreamParserError < RuntimeError; end # Raise when EventStream Builder failed to build # an event message with parameters provided class EventStreamBuilderError < RuntimeError; end # Error event in an event stream which has event_type :error # error code and error message can be retrieved when available. # # example usage: # # client.stream_foo(name: 'bar') do |event| # stream.on_error_event do |event| # puts "Error #{event.error_code}: #{event.error_message}" # raise event # end # end # class EventError < RuntimeError def initialize(event_type, code, message) @event_type = event_type @error_code = code @error_message = message end # @return [Symbol] attr_reader :event_type # @return [String] attr_reader :error_code # @return [String] attr_reader :error_message end # Raised when ARN string input doesn't follow the standard: # https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-arns class InvalidARNError < RuntimeError; end # Raised when the region from the ARN string is different from the :region # configured on the service client. class InvalidARNRegionError < RuntimeError def initialize(*args) msg = 'ARN region is different from the configured client region.' super(msg) end end # Raised when the partition of the ARN region is different than the # partition of the :region configured on the service client. class InvalidARNPartitionError < RuntimeError def initialize(*args) msg = 'ARN region partition is different from the configured '\ 'client region partition.' super(msg) end end # Various plugins perform client-side checksums of responses. # This error indicates a checksum failed. class ChecksumError < RuntimeError; end # Raised when a client is constructed and the specified shared # credentials profile does not exist. class NoSuchProfileError < RuntimeError; end # Raised when a client is constructed, where Assume Role credentials are # expected, and there is no source profile specified. class NoSourceProfileError < RuntimeError; end # Raised when a client is constructed with Assume Role credentials using # a credential_source, and that source type is unsupported. class InvalidCredentialSourceError < RuntimeError; end # Raised when a client is constructed with Assume Role credentials, but # the profile has both source_profile and credential_source. class CredentialSourceConflictError < RuntimeError; end # Raised when a client is constructed with Assume Role credentials using # a credential_source, and that source doesn't provide credentials. class NoSourceCredentialsError < RuntimeError; end # Raised when a client is constructed and credentials are not # set, or the set credentials are empty. class MissingCredentialsError < RuntimeError def initialize(*args) msg = 'unable to sign request without credentials set' super(msg) end end # Raised when :web_identity_token_file parameter is not # provided or the file doesn't exist when initializing # AssumeRoleWebIdentityCredentials credential provider class MissingWebIdentityTokenFile < RuntimeError def initialize(*args) msg = 'Missing :web_identity_token_file parameter or'\ ' invalid file path provided for'\ ' Aws::AssumeRoleWebIdentityCredentials provider' super(msg) end end # Raised when a credentials provider process returns a JSON # payload with either invalid version number or malformed contents class InvalidProcessCredentialsPayload < RuntimeError; end # Raised when SSO Credentials are invalid class InvalidSSOCredentials < RuntimeError; end # Raised when SSO Token is invalid class InvalidSSOToken < RuntimeError; end # Raised when a client is unable to sign a request because # the bearer token is not configured or available class MissingBearerTokenError < RuntimeError def initialize(*args) msg = 'unable to sign request without token set' super(msg) end end # Raised when there is a circular reference in chained # source_profiles class SourceProfileCircularReferenceError < RuntimeError; end # Raised when a client is constructed and region is not specified. class MissingRegionError < ArgumentError def initialize(*args) msg = 'No region was provided. Configure the `:region` option or '\ "export the region name to ENV['AWS_REGION']" super(msg) end end # Raised when a client is contsructed and the region is not valid. class InvalidRegionError < ArgumentError def initialize(*args) super(<<-MSG) Invalid `:region` option was provided. * Not every service is available in every region. * Never suffix region names with availability zones. Use "us-east-1", not "us-east-1a" Known AWS regions include (not specific to this service): #{possible_regions} MSG end private def possible_regions Aws.partitions.each_with_object([]) do |partition, region_names| partition.regions.each do |region| region_names << region.name end end.join("\n") end end # Raised when attempting to connect to an endpoint and a `SocketError` # is received from the HTTP client. This error is typically the result # of configuring an invalid `:region`. class NoSuchEndpointError < RuntimeError def initialize(options = {}) @context = options[:context] @endpoint = @context.http_request.endpoint @original_error = options[:original_error] super(<<-MSG) Encountered a `SocketError` while attempting to connect to: #{endpoint} This is typically the result of an invalid `:region` option or a poorly formatted `:endpoint` option. * Avoid configuring the `:endpoint` option directly. Endpoints are constructed from the `:region`. The `:endpoint` option is reserved for certain services or for connecting to non-standard test endpoints. * Not every service is available in every region. * Never suffix region names with availability zones. Use "us-east-1", not "us-east-1a" Known AWS regions include (not specific to this service): #{possible_regions} MSG end attr_reader :context attr_reader :endpoint attr_reader :original_error private def possible_regions Aws.partitions.each_with_object([]) do |partition, region_names| partition.regions.each do |region| region_names << region.name end end.join("\n") end end # Raised when attempting to retry a request # and no capacity is available to retry (See adaptive retry_mode) class RetryCapacityNotAvailableError < RuntimeError def initialize(*args) msg = 'Insufficient client side capacity available to retry request.' super(msg) end end # This module is mixed into another module, providing dynamic # error classes. Error classes all inherit from {ServiceError}. # # # creates and returns the class # Aws::S3::Errors::MyNewErrorClass # # Since the complete list of possible AWS errors returned by services # is not known, this allows us to create them as needed. This also # allows users to rescue errors by class without them being concrete # classes beforehand. # # @api private module DynamicErrors def self.extended(submodule) submodule.instance_variable_set('@const_set_mutex', Mutex.new) submodule.const_set(:ServiceError, Class.new(ServiceError)) end def const_missing(constant) set_error_constant(constant) end # Given the name of a service and an error code, this method # returns an error class (that extends {ServiceError}. # # Aws::S3::Errors.error_class('NoSuchBucket').new # #=> # # # @api private def error_class(error_code) constant = error_class_constant(error_code) if error_const_set?(constant) # modeled error class exist # set code attribute err_class = const_get(constant) err_class.code = constant.to_s err_class else set_error_constant(constant) end end private # Convert an error code to an error class name/constant. # This requires filtering non-safe characters from the constant # name and ensuring it begins with an uppercase letter. # @param [String] error_code # @return [Symbol] Returns a symbolized constant name for the given # `error_code`. def error_class_constant(error_code) constant = error_code.to_s constant = constant.gsub(/https?:.*$/, '') constant = constant.gsub(/[^a-zA-Z0-9]/, '') constant = 'Error' + constant unless constant.match(/^[a-z]/i) constant = constant[0].upcase + constant[1..-1] constant.to_sym end def set_error_constant(constant) @const_set_mutex.synchronize do # Ensure the const was not defined while blocked by the mutex if error_const_set?(constant) const_get(constant) else error_class = Class.new(const_get(:ServiceError)) error_class.code = constant.to_s const_set(constant, error_class) end end end def error_const_set?(constant) # Purposefully not using #const_defined? as that method returns true # for constants not defined directly in the current module. constants.include?(constant.to_sym) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/ecs_credentials.rb0000644000004100000410000002237614563437550022765 0ustar www-datawww-data# frozen_string_literal: true require 'time' require 'net/http' require 'resolv' module Aws # An auto-refreshing credential provider that loads credentials from # instances running in containers. # # ecs_credentials = Aws::ECSCredentials.new(retries: 3) # ec2 = Aws::EC2::Client.new(credentials: ecs_credentials) class ECSCredentials include CredentialProvider include RefreshingCredentials # @api private class Non200Response < RuntimeError; end # Raised when the token file cannot be read. class TokenFileReadError < RuntimeError; end # Raised when the token file is invalid. class InvalidTokenError < RuntimeError; end # These are the errors we trap when attempting to talk to the # instance metadata service. Any of these imply the service # is not present, no responding or some other non-recoverable # error. # @api private NETWORK_ERRORS = [ Errno::EHOSTUNREACH, Errno::ECONNREFUSED, Errno::EHOSTDOWN, Errno::ENETUNREACH, SocketError, Timeout::Error, Non200Response ].freeze # @param [Hash] options # @option options [Integer] :retries (5) Number of times to retry # when retrieving credentials. # @option options [String] :ip_address ('169.254.170.2') This value is # ignored if `endpoint` is set and `credential_path` is not set. # @option options [Integer] :port (80) This value is ignored if `endpoint` # is set and `credential_path` is not set. # @option options [String] :credential_path By default, the value of the # AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable. # @option options [String] :endpoint The container credential endpoint. # By default, this is the value of the AWS_CONTAINER_CREDENTIALS_FULL_URI # environment variable. This value is ignored if `credential_path` or # ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] is set. # @option options [Float] :http_open_timeout (5) # @option options [Float] :http_read_timeout (5) # @option options [Numeric, Proc] :delay By default, failures are retried # with exponential back-off, i.e. `sleep(1.2 ** num_failures)`. You can # pass a number of seconds to sleep between failed attempts, or # a Proc that accepts the number of failures. # @option options [IO] :http_debug_output (nil) HTTP wire # traces are sent to this object. You can specify something # like $stdout. # @option options [Callable] before_refresh Proc called before # credentials are refreshed. `before_refresh` is called # with an instance of this object when # AWS credentials are required and need to be refreshed. def initialize(options = {}) credential_path = options[:credential_path] || ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] endpoint = options[:endpoint] || ENV['AWS_CONTAINER_CREDENTIALS_FULL_URI'] initialize_uri(options, credential_path, endpoint) @retries = options[:retries] || 5 @http_open_timeout = options[:http_open_timeout] || 5 @http_read_timeout = options[:http_read_timeout] || 5 @http_debug_output = options[:http_debug_output] @backoff = backoff(options[:backoff]) @async_refresh = false super end # @return [Integer] The number of times to retry failed attempts to # fetch credentials from the instance metadata service. Defaults to 0. attr_reader :retries private def initialize_uri(options, credential_path, endpoint) if credential_path initialize_relative_uri(options, credential_path) # Use FULL_URI/endpoint only if RELATIVE_URI/path is not set elsif endpoint initialize_full_uri(endpoint) else raise ArgumentError, 'Cannot instantiate an ECS Credential Provider '\ 'without a credential path or endpoint.' end end def initialize_relative_uri(options, path) @host = options[:ip_address] || '169.254.170.2' @port = options[:port] || 80 @scheme = 'http' @credential_path = path end def initialize_full_uri(endpoint) uri = URI.parse(endpoint) validate_full_uri_scheme!(uri) validate_full_uri!(uri) @host = uri.hostname @port = uri.port @scheme = uri.scheme @credential_path = uri.request_uri end def validate_full_uri_scheme!(full_uri) return if full_uri.is_a?(URI::HTTP) || full_uri.is_a?(URI::HTTPS) raise ArgumentError, "'#{full_uri}' must be a valid HTTP or HTTPS URI" end # Validate that the full URI is using a loopback address if scheme is http. def validate_full_uri!(full_uri) return unless full_uri.scheme == 'http' begin return if valid_ip_address?(IPAddr.new(full_uri.host)) rescue IPAddr::InvalidAddressError addresses = Resolv.getaddresses(full_uri.host) return if addresses.all? { |addr| valid_ip_address?(IPAddr.new(addr)) } end raise ArgumentError, 'AWS_CONTAINER_CREDENTIALS_FULL_URI must use a local loopback '\ 'or an ECS or EKS link-local address when using the http scheme.' end def valid_ip_address?(ip_address) ip_loopback?(ip_address) || ecs_or_eks_ip?(ip_address) end # loopback? method is available in Ruby 2.5+ # Replicate the logic here. # loopback (IPv4 127.0.0.0/8, IPv6 ::1/128) def ip_loopback?(ip_address) case ip_address.family when Socket::AF_INET ip_address & 0xff000000 == 0x7f000000 when Socket::AF_INET6 ip_address == 1 else false end end # Verify that the IP address is a link-local address from ECS or EKS. # ECS container host (IPv4 `169.254.170.2`) # EKS container host (IPv4 `169.254.170.23`, IPv6 `fd00:ec2::23`) def ecs_or_eks_ip?(ip_address) case ip_address.family when Socket::AF_INET [0xa9feaa02, 0xa9feaa17].include?(ip_address) when Socket::AF_INET6 ip_address == 0xfd00_0ec2_0000_0000_0000_0000_0000_0023 else false end end def backoff(backoff) case backoff when Proc then backoff when Numeric then ->(_) { sleep(backoff) } else ->(num_failures) { Kernel.sleep(1.2**num_failures) } end end def refresh # Retry loading credentials up to 3 times is the instance metadata # service is responding but is returning invalid JSON documents # in response to the GET profile credentials call. retry_errors([Aws::Json::ParseError, StandardError], max_retries: 3) do c = Aws::Json.load(get_credentials.to_s) @credentials = Credentials.new( c['AccessKeyId'], c['SecretAccessKey'], c['Token'] ) @expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil end rescue Aws::Json::ParseError raise Aws::Errors::MetadataParserError end def get_credentials # Retry loading credentials a configurable number of times if # the instance metadata service is not responding. retry_errors(NETWORK_ERRORS, max_retries: @retries) do open_connection do |conn| http_get(conn, @credential_path) end end rescue TokenFileReadError, InvalidTokenError raise rescue StandardError => e warn("Error retrieving ECS Credentials: #{e.message}") '{}' end def fetch_authorization_token if (path = ENV['AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE']) fetch_authorization_token_file(path) elsif (token = ENV['AWS_CONTAINER_AUTHORIZATION_TOKEN']) token end end def fetch_authorization_token_file(path) File.read(path).strip rescue Errno::ENOENT raise TokenFileReadError, 'AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE is set '\ "but the file doesn't exist: #{path}" end def validate_authorization_token!(token) return unless token.include?("\r\n") raise InvalidTokenError, 'Invalid Authorization token: token contains '\ 'a newline and carriage return character.' end def open_connection http = Net::HTTP.new(@host, @port, nil) http.open_timeout = @http_open_timeout http.read_timeout = @http_read_timeout http.set_debug_output(@http_debug_output) if @http_debug_output http.use_ssl = @scheme == 'https' http.start yield(http).tap { http.finish } end def http_get(connection, path) request = Net::HTTP::Get.new(path) set_authorization_token(request) response = connection.request(request) raise Non200Response unless response.code.to_i == 200 response.body end def set_authorization_token(request) if (authorization_token = fetch_authorization_token) validate_authorization_token!(authorization_token) request['Authorization'] = authorization_token end end def retry_errors(error_classes, options = {}) max_retries = options[:max_retries] retries = 0 begin yield rescue TokenFileReadError, InvalidTokenError raise rescue *error_classes => _e raise unless retries < max_retries @backoff.call(retries) retries += 1 retry end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/stubbing/0000755000004100000410000000000014563437550021114 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/stubbing/data_applicator.rb0000644000004100000410000000213014563437550024564 0ustar www-datawww-data# frozen_string_literal: true module Aws module Stubbing class DataApplicator include Seahorse::Model::Shapes # @param [Seahorse::Models::Shapes::ShapeRef] rules def initialize(rules) @rules = rules end # @param [Hash] data # @param [Structure] stub def apply_data(data, stub) apply_data_to_struct(@rules, data, stub) end private def apply_data_to_struct(ref, data, struct) data.each do |key, value| struct[key] = member_value(ref.shape.member(key), value) end struct end def member_value(ref, value) case ref.shape when StructureShape apply_data_to_struct(ref, value, ref.shape.struct_class.new) when ListShape value.inject([]) do |list, v| list << member_value(ref.shape.member, v) end when MapShape value.inject({}) do |map, (k,v)| map[k.to_s] = member_value(ref.shape.value, v) map end else value end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/stubbing/protocols/0000755000004100000410000000000014563437550023140 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb0000644000004100000410000000154514563437550025327 0ustar www-datawww-data# frozen_string_literal: true module Aws module Stubbing module Protocols class RestXml < Rest def body_for(api, operation, rules, data) if eventstream?(rules) encode_eventstream_response(rules, data, Xml::Builder) else xml = [] rules.location_name = operation.name + 'Result' rules['xmlNamespace'] = { 'uri' => api.metadata['xmlNamespace'] } Xml::Builder.new(rules, target:xml).to_xml(data) xml.join end end def stub_error(error_code) http_resp = Seahorse::Client::Http::Response.new http_resp.status_code = 400 http_resp.body = XmlError.new(error_code).to_xml http_resp end def xmlns(api) api.metadata['xmlNamespace'] end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/stubbing/protocols/json.rb0000644000004100000410000000176114563437550024443 0ustar www-datawww-data# frozen_string_literal: true module Aws module Stubbing module Protocols class Json def stub_data(api, operation, data) resp = Seahorse::Client::Http::Response.new resp.status_code = 200 resp.headers["Content-Type"] = content_type(api) resp.headers["x-amzn-RequestId"] = "stubbed-request-id" resp.body = build_body(operation, data) resp end def stub_error(error_code) http_resp = Seahorse::Client::Http::Response.new http_resp.status_code = 400 http_resp.body = <<-JSON.strip { "code": #{error_code.inspect}, "message": "stubbed-response-error-message" } JSON http_resp end private def content_type(api) "application/x-amz-json-#{api.metadata['jsonVersion']}" end def build_body(operation, data) Aws::Json::Builder.new(operation.output).to_json(data) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/stubbing/protocols/api_gateway.rb0000644000004100000410000000021714563437550025757 0ustar www-datawww-data# frozen_string_literal: true module Aws module Stubbing module Protocols class ApiGateway < RestJson end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/stubbing/protocols/query.rb0000644000004100000410000000232214563437550024631 0ustar www-datawww-data# frozen_string_literal: true module Aws module Stubbing module Protocols class Query def stub_data(api, operation, data) resp = Seahorse::Client::Http::Response.new resp.status_code = 200 resp.body = build_body(api, operation, data) resp end def stub_error(error_code) http_resp = Seahorse::Client::Http::Response.new http_resp.status_code = 400 http_resp.body = XmlError.new(error_code).to_xml http_resp end private def build_body(api, operation, data) xml = [] builder = Aws::Xml::DocBuilder.new(target: xml, indent: ' ') builder.node(operation.name + 'Response', xmlns: xmlns(api)) do if (rules = operation.output) rules.location_name = operation.name + 'Result' Xml::Builder.new(rules, target: xml, pad:' ').to_xml(data) end builder.node('ResponseMetadata') do builder.node('RequestId', 'stubbed-request-id') end end xml.join end def xmlns(api) api.metadata['xmlNamespace'] end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/stubbing/protocols/ec2.rb0000644000004100000410000000253714563437550024145 0ustar www-datawww-data# frozen_string_literal: true module Aws module Stubbing module Protocols class EC2 def stub_data(api, operation, data) resp = Seahorse::Client::Http::Response.new resp.status_code = 200 resp.body = build_body(api, operation, data) if operation.output resp.headers['Content-Length'] = resp.body.size resp.headers['Content-Type'] = 'text/xml;charset=UTF-8' resp.headers['Server'] = 'AmazonEC2' resp end def stub_error(error_code) http_resp = Seahorse::Client::Http::Response.new http_resp.status_code = 400 http_resp.body = <<-XML.strip #{error_code} stubbed-response-error-message XML http_resp end private def build_body(api, operation, data) xml = [] Xml::Builder.new(operation.output, target:xml).to_xml(data) xml.shift xml.pop xmlns = "http://ec2.amazonaws.com/doc/#{api.version}/".inspect xml.unshift(" stubbed-request-id") xml.unshift("<#{operation.name}Response xmlns=#{xmlns}>\n") xml.push("\n") xml.join end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/stubbing/protocols/rest.rb0000644000004100000410000001437314563437550024452 0ustar www-datawww-data# frozen_string_literal: true require 'aws-eventstream' module Aws module Stubbing module Protocols class Rest include Seahorse::Model::Shapes def stub_data(api, operation, data) resp = new_http_response apply_status_code(operation, resp, data) apply_headers(operation, resp, data) apply_body(api, operation, resp, data) resp end private def new_http_response resp = Seahorse::Client::Http::Response.new resp.status_code = 200 resp.headers["x-amzn-RequestId"] = "stubbed-request-id" resp end def apply_status_code(operation, resp, data) operation.output.shape.members.each do |member_name, member_ref| if member_ref.location == 'statusCode' resp.status_code = data[member_name] if data.key?(member_name) end end end def apply_headers(operation, resp, data) Aws::Rest::Request::Headers.new(operation.output).apply(resp, data) end def apply_body(api, operation, resp, data) resp.body = build_body(api, operation, data) end def build_body(api, operation, data) rules = operation.output if head_operation(operation) '' elsif streaming?(rules) data[rules[:payload]] elsif rules[:payload] body_for(api, operation, rules[:payload_member], data[rules[:payload]]) else filtered = Seahorse::Model::Shapes::ShapeRef.new( shape: Seahorse::Model::Shapes::StructureShape.new.tap do |s| rules.shape.members.each do |member_name, member_ref| s.add_member(member_name, member_ref) if member_ref.location.nil? end end ) body_for(api, operation, filtered, data) end end def streaming?(ref) if ref[:payload] case ref[:payload_member].shape when StringShape then true when BlobShape then true else false end else false end end def head_operation(operation) operation.http_method == 'HEAD' end def eventstream?(rules) rules.eventstream end def encode_eventstream_response(rules, data, builder) data.inject('') do |stream, event_data| # construct message headers and payload opts = {headers: {}} case event_data.delete(:message_type) when 'event' encode_event(opts, rules, event_data, builder) when 'error' # errors are unmodeled encode_error(opts, event_data) when 'exception' # Pending raise 'Stubbing :exception event is not supported' end [stream, Aws::EventStream::Encoder.new.encode( Aws::EventStream::Message.new(opts) )].pack('a*a*') end end def encode_error(opts, event_data) opts[:headers][':error-message'] = Aws::EventStream::HeaderValue.new( value: event_data[:error_message], type: 'string' ) opts[:headers][':error-code'] = Aws::EventStream::HeaderValue.new( value: event_data[:error_code], type: 'string' ) opts[:headers][':message-type'] = Aws::EventStream::HeaderValue.new( value: 'error', type: 'string' ) opts end def encode_unknown_event(opts, event_type, event_data) # right now h2 events are only rest_json opts[:payload] = StringIO.new(Aws::Json.dump(event_data)) opts[:headers][':event-type'] = Aws::EventStream::HeaderValue.new( value: event_type.to_s, type: 'string' ) opts[:headers][':message-type'] = Aws::EventStream::HeaderValue.new( value: 'event', type: 'string' ) opts end def encode_modeled_event(opts, rules, event_type, event_data, builder) event_ref = rules.shape.member(event_type) explicit_payload = false implicit_payload_members = {} event_ref.shape.members.each do |name, ref| if ref.eventpayload explicit_payload = true else implicit_payload_members[name] = ref end end if !explicit_payload && !implicit_payload_members.empty? unless implicit_payload_members.size > 1 m_name, _ = implicit_payload_members.first value = {} value[m_name] = event_data[m_name] opts[:payload] = StringIO.new(builder.new(event_ref).serialize(value)) end end event_data.each do |k, v| member_ref = event_ref.shape.member(k) if member_ref.eventheader opts[:headers][member_ref.location_name] = Aws::EventStream::HeaderValue.new( value: v, type: member_ref.eventheader_type ) elsif member_ref.eventpayload case member_ref.eventpayload_type when 'string' opts[:payload] = StringIO.new(v) when 'blob' opts[:payload] = v when 'structure' opts[:payload] = StringIO.new(builder.new(member_ref).serialize(v)) end end end opts[:headers][':event-type'] = Aws::EventStream::HeaderValue.new( value: event_ref.location_name, type: 'string' ) opts[:headers][':message-type'] = Aws::EventStream::HeaderValue.new( value: 'event', type: 'string' ) opts end def encode_event(opts, rules, event_data, builder) event_type = event_data.delete(:event_type) if rules.shape.member?(event_type) encode_modeled_event(opts, rules, event_type, event_data, builder) else encode_unknown_event(opts, event_type, event_data) end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/stubbing/protocols/rest_json.rb0000644000004100000410000000126214563437550025474 0ustar www-datawww-data# frozen_string_literal: true module Aws module Stubbing module Protocols class RestJson < Rest def body_for(_a, _b, rules, data) if eventstream?(rules) encode_eventstream_response(rules, data, Aws::Json::Builder) else Aws::Json::Builder.new(rules).serialize(data) end end def stub_error(error_code) http_resp = Seahorse::Client::Http::Response.new http_resp.status_code = 400 http_resp.body = <<-JSON.strip { "code": #{error_code.inspect}, "message": "stubbed-response-error-message" } JSON http_resp end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/stubbing/xml_error.rb0000644000004100000410000000057014563437550023454 0ustar www-datawww-data# frozen_string_literal: true module Aws module Stubbing class XmlError def initialize(error_code) @error_code = error_code end def to_xml <<-XML.strip #{@error_code} stubbed-response-error-message XML end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/stubbing/stub_data.rb0000644000004100000410000000345014563437550023411 0ustar www-datawww-data# frozen_string_literal: true module Aws # @api private module Stubbing class StubData def initialize(operation) @rules = operation.output @pager = operation[:pager] end def stub(data = {}) stub = EmptyStub.new(@rules).stub remove_paging_tokens(stub) remove_checksums(stub) apply_data(data, stub) stub end private def remove_checksums(stub) if @rules && @rules.shape.is_a?(Seahorse::Model::Shapes::StructureShape) @rules.shape.members.each do |key, member| if member.location == 'header' && member.location_name.start_with?('x-amz-checksum-') stub[key] = nil end end end end def remove_paging_tokens(stub) if @pager @pager.instance_variable_get("@tokens").keys.each do |path| if divide = (path[' || '] || path[' or ']) path = path.split(divide)[0] end parts = path.split(/\b/) # if nested struct/expression, EmptyStub auto-pop "string" # currently not support remove "string" for nested/expression # as it requires reverse JMESPATH search stub[parts[0]] = nil if parts.size == 1 end if more_results = @pager.instance_variable_get('@more_results') parts = more_results.split(/\b/) # if nested struct/expression, EmptyStub auto-pop false value # no further work needed stub[parts[0]] = false if parts.size == 1 end end end def apply_data(data, stub) ParamValidator.new(@rules, validate_required: false, input: false).validate!(data) DataApplicator.new(@rules).apply_data(data, stub) end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/stubbing/empty_stub.rb0000644000004100000410000000260114563437550023633 0ustar www-datawww-data# frozen_string_literal: true module Aws module Stubbing class EmptyStub include Seahorse::Model::Shapes # @param [Seahorse::Models::Shapes::ShapeRef] rules def initialize(rules) @rules = rules end # @return [Structure] def stub if @rules stub_ref(@rules) else EmptyStructure.new end end private def stub_ref(ref, visited = []) if visited.include?(ref.shape) return nil else visited = visited + [ref.shape] end case ref.shape when StructureShape then stub_structure(ref, visited) when ListShape then [] when MapShape then {} else stub_scalar(ref) end end def stub_structure(ref, visited) ref.shape.members.inject(ref.shape.struct_class.new) do |struct, (mname, mref)| # For eventstream shape, it returns an Enumerator unless mref.eventstream struct[mname] = stub_ref(mref, visited) end struct end end def stub_scalar(ref) case ref.shape when StringShape then ref.shape.name || 'string' when IntegerShape then 0 when FloatShape then 0.0 when BooleanShape then false when TimestampShape then Time.now else nil end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/endpoints.rb0000644000004100000410000000464014563437550021633 0ustar www-datawww-data# frozen_string_literal: true require_relative 'endpoints/rule' require_relative 'endpoints/condition' require_relative 'endpoints/endpoint_rule' require_relative 'endpoints/endpoint' require_relative 'endpoints/error_rule' require_relative 'endpoints/function' require_relative 'endpoints/matchers' require_relative 'endpoints/reference' require_relative 'endpoints/rules_provider' require_relative 'endpoints/rule_set' require_relative 'endpoints/templater' require_relative 'endpoints/tree_rule' require_relative 'endpoints/url' module Aws # @api private module Endpoints class << self def resolve_auth_scheme(context, endpoint) if endpoint && (auth_schemes = endpoint.properties['authSchemes']) auth_scheme = auth_schemes.find do |scheme| Aws::Plugins::Sign::SUPPORTED_AUTH_TYPES.include?(scheme['name']) end raise 'No supported auth scheme for this endpoint.' unless auth_scheme merge_signing_defaults(auth_scheme, context.config) else default_auth_scheme(context) end end private def default_auth_scheme(context) case default_api_authtype(context) when 'v4', 'v4-unsigned-body' auth_scheme = { 'name' => 'sigv4' } merge_signing_defaults(auth_scheme, context.config) when 's3', 's3v4' auth_scheme = { 'name' => 'sigv4', 'disableDoubleEncoding' => true, 'disableNormalizePath' => true } merge_signing_defaults(auth_scheme, context.config) when 'bearer' { 'name' => 'bearer' } when 'none', nil { 'name' => 'none' } end end def merge_signing_defaults(auth_scheme, config) if %w[sigv4 sigv4a sigv4-s3express].include?(auth_scheme['name']) auth_scheme['signingName'] ||= sigv4_name(config) if auth_scheme['name'] == 'sigv4a' auth_scheme['signingRegionSet'] ||= ['*'] else auth_scheme['signingRegion'] ||= config.region end end auth_scheme end def default_api_authtype(context) context.config.api.operation(context.operation_name)['authtype'] || context.config.api.metadata['signatureVersion'] end def sigv4_name(config) config.api.metadata['signingName'] || config.api.metadata['endpointPrefix'] end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/event_emitter.rb0000644000004100000410000000256314563437550022504 0ustar www-datawww-data# frozen_string_literal: true module Aws class EventEmitter def initialize @listeners = {} @validate_event = true @status = :sleep @signal_queue = Queue.new end attr_accessor :stream attr_accessor :encoder attr_accessor :validate_event attr_accessor :signal_queue def on(type, callback) (@listeners[type] ||= []) << callback end def signal(type, event) return unless @listeners[type] @listeners[type].each do |listener| listener.call(event) if event.event_type == type end end def emit(type, params) unless @stream raise Aws::Errors::SignalEventError.new( "Singaling events before making async request"\ " is not allowed." ) end if @validate_event && type != :end_stream Aws::ParamValidator.validate!( @encoder.rules.shape.member(type), params) end _ready_for_events? @stream.data( @encoder.encode(type, params), end_stream: type == :end_stream ) end private def _ready_for_events? return true if @status == :ready # blocked until once initial 200 response is received # signal will be available in @signal_queue # and this check will no longer be blocked @signal_queue.pop @status = :ready true end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/log/0000755000004100000410000000000014563437550020060 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/log/handler.rb0000644000004100000410000000161714563437550022027 0ustar www-datawww-data# frozen_string_literal: true module Seahorse module Client module Logging class Handler < Client::Handler # @param [RequestContext] context # @return [Response] def call(context) context[:logging_started_at] = Time.now @handler.call(context).tap do |response| context[:logging_completed_at] = Time.now log(context.config, response) end end private # @param [Configuration] config # @param [Response] response # @return [void] def log(config, response) config.logger.send(config.log_level, format(config, response)) end # @param [Configuration] config # @param [Response] response # @return [String] def format(config, response) config.log_formatter.format(response) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/log/param_filter.rb0000644000004100000410000001074314563437550023057 0ustar www-datawww-data# frozen_string_literal: true require 'pathname' require 'set' module Aws module Log class ParamFilter # DEPRECATED - This must exist for backwards compatibility. Sensitive # members are now computed for each request/response type. This can be # removed in a new major version. This list is no longer updated. # # A managed list of sensitive parameters that should be filtered from # logs. This is updated automatically as part of each release. See the # `tasks/update-sensitive-params.rake` for more information. # # @api private # begin SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :alexa_for_business_room_arn, :artifact_credentials, :auth_code, :auth_parameters, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :basic_auth_credentials, :block, :block_address, :block_data, :blocks, :body, :bot_configuration, :bot_email, :calling_name, :cause, :client_id, :client_request_token, :client_secret, :comment, :configuration, :content, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :custom_private_key, :db_password, :default_phone_number, :definition, :description, :destination_access_token, :digest_tip_address, :display_name, :domain_signing_private_key, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :emergency_phone_number, :error, :external_meeting_id, :external_model_endpoint_data_blobs, :external_user_id, :fall_back_phone_number, :feedback_token, :file, :filter_expression, :first_name, :full_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :join_token, :key, :key_id, :key_material, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_name, :master_user_password, :meeting_host_id, :message, :metadata, :name, :new_password, :next_password, :notes, :number, :oauth_token, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :private_key_plaintext, :proof, :proposed_password, :proxy_phone_number, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :resource_arn, :restore_metadata, :revision, :saml_assertion, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :session_token, :share_notes, :shared_secret, :slots, :sns_topic_arn, :source_access_token, :sqs_queue_arn, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :target_address, :task_parameters, :tech_contact, :temporary_password, :test_phone_number, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_data, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :vpn_psk, :web_identity_token, :zip_file] # end def initialize(options = {}) @enabled = options[:filter_sensitive_params] != false @additional_filters = options[:filter] || [] end def filter(values, type) case values when Struct then filter_struct(values, type) when Hash then filter_hash(values, type) when Array then filter_array(values, type) else values end end private def filter_struct(values, type) if values.class.include? Aws::Structure::Union values = { values.member => values.value } end filter_hash(values, type) end def filter_hash(values, type) if type.const_defined?('SENSITIVE') filters = type::SENSITIVE + @additional_filters else # Support backwards compatibility (new core + old service) filters = SENSITIVE + @additional_filters end filtered = {} values.each_pair do |key, value| filtered[key] = if @enabled && filters.include?(key) '[FILTERED]' else filter(value, type) end end filtered end def filter_array(values, type) values.map { |value| filter(value, type) } end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/log/formatter.rb0000644000004100000410000002022114563437550022405 0ustar www-datawww-data# frozen_string_literal: true require 'pathname' module Aws module Log # A log formatter generates a string for logging from a response. This # accomplished with a log pattern string: # # pattern = ':operation :http_response_status_code :time' # formatter = Aws::Log::Formatter.new(pattern) # formatter.format(response) # #=> 'get_bucket 200 0.0352' # # # Canned Formatters # # Instead of providing your own pattern, you can choose a canned log # formatter. # # * {Formatter.default} # * {Formatter.colored} # * {Formatter.short} # # # Pattern Substitutions # # You can put any of these placeholders into you pattern. # # * `:region` - The region configured for the client. # # * `:client_class` - The name of the client class. # # * `:operation` - The name of the client request method. # # * `:request_params` - The user provided request parameters. Long # strings are truncated/summarized if they exceed the # `:max_string_size`. Other objects are inspected. # # * `:time` - The total time in seconds spent on the # request. This includes client side time spent building # the request and parsing the response. # # * `:retries` - The number of times a client request was retried. # # * `:http_request_method` - The http request verb, e.g., `POST`, # `PUT`, `GET`, etc. # # * `:http_request_endpoint` - The request endpoint. This includes # the scheme, host and port, but not the path. # # * `:http_request_scheme` - This is replaced by `http` or `https`. # # * `:http_request_host` - The host name of the http request # endpoint (e.g. 's3.amazon.com'). # # * `:http_request_port` - The port number (e.g. '443' or '80'). # # * `:http_request_headers` - The http request headers, inspected. # # * `:http_request_body` - The http request payload. # # * `:http_response_status_code` - The http response status # code, e.g., `200`, `404`, `500`, etc. # # * `:http_response_headers` - The http response headers, inspected. # # * `:http_response_body` - The http response body contents. # # * `:error_class` # # * `:error_message` # class Formatter # @param [String] pattern The log format pattern should be a string # and may contain substitutions. # # @option options [Integer] :max_string_size (1000) When summarizing # request parameters, strings longer than this value will be # truncated. # # @option options [Array] :filter A list of parameter # names that should be filtered when logging `:request_params`. # # Formatter.new(pattern, filter: [:password]) # # The default list of filtered parameters is documented on the # {ParamFilter} class. # # @option options [Boolean] :filter_sensitive_params (true) Set to false # to disable the sensitive parameter filtering when logging # `:request_params`. def initialize(pattern, options = {}) @pattern = pattern @param_formatter = ParamFormatter.new(options) @param_filter = ParamFilter.new(options) end # @return [String] attr_reader :pattern # Given a response, this will format a log message and return it as a # string according to {#pattern}. # @param [Seahorse::Client::Response] response # @return [String] def format(response) pattern.gsub(/:(\w+)/) { |sym| send("_#{sym[1..-1]}", response) } end # @api private def method_missing(method_name, *args) if method_name.to_s.chars.first == '_' ":#{method_name.to_s[1..-1]}" else super end end private def _region(response) response.context.config.region end def _client_class(response) response.context.client.class.name end def _operation(response) response.context.operation_name end def _request_params(response) params = response.context.params type = response.context.operation.input.shape.struct_class @param_formatter.summarize(@param_filter.filter(params, type)) end def _time(response) duration = response.context[:logging_completed_at] - response.context[:logging_started_at] ("%.06f" % duration).sub(/0+$/, '') end def _retries(response) response.context.retries end def _http_request_endpoint(response) response.context.http_request.endpoint.to_s end def _http_request_scheme(response) response.context.http_request.endpoint.scheme end def _http_request_host(response) response.context.http_request.endpoint.host end def _http_request_port(response) response.context.http_request.endpoint.port.to_s end def _http_request_method(response) response.context.http_request.http_method end def _http_request_headers(response) response.context.http_request.headers.inspect end def _http_request_body(response) @param_formatter.summarize(response.context.http_request.body_contents) end def _http_response_status_code(response) response.context.http_response.status_code.to_s end def _http_response_headers(response) response.context.http_response.headers.inspect end def _http_response_body(response) if response.context.http_response.body.respond_to?(:rewind) @param_formatter.summarize( response.context.http_response.body_contents ) else '' end end def _error_class(response) response.error ? response.error.class.name : '' end def _error_message(response) response.error ? response.error.message : '' end class << self # The default log format. # @option (see #initialize) # @example A sample of the default format. # # [ClientClass 200 0.580066 0 retries] list_objects(:bucket_name => 'bucket') # # @return [Formatter] def default(options = {}) pattern = [] pattern << "[:client_class" pattern << ":http_response_status_code" pattern << ":time" pattern << ":retries retries]" pattern << ":operation(:request_params)" pattern << ":error_class" pattern << ":error_message" Formatter.new(pattern.join(' ') + "\n", options) end # The short log format. Similar to default, but it does not # inspect the request params or report on retries. # @option (see #initialize) # @example A sample of the short format # # [ClientClass 200 0.494532] list_buckets # # @return [Formatter] def short(options = {}) pattern = [] pattern << "[:client_class" pattern << ":http_response_status_code" pattern << ":time]" pattern << ":operation" pattern << ":error_class" Formatter.new(pattern.join(' ') + "\n", options) end # The default log format with ANSI colors. # @option (see #initialize) # @example A sample of the colored format (sans the ansi colors). # # [ClientClass 200 0.580066 0 retries] list_objects(:bucket_name => 'bucket') # # @return [Formatter] def colored(options = {}) bold = "\x1b[1m" color = "\x1b[34m" reset = "\x1b[0m" pattern = [] pattern << "#{bold}#{color}[:client_class" pattern << ":http_response_status_code" pattern << ":time" pattern << ":retries retries]#{reset}#{bold}" pattern << ":operation(:request_params)" pattern << ":error_class" pattern << ":error_message#{reset}" Formatter.new(pattern.join(' ') + "\n", options) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/log/param_formatter.rb0000644000004100000410000000325014563437550023570 0ustar www-datawww-data# frozen_string_literal: true require 'pathname' module Aws module Log # @api private class ParamFormatter # String longer than the max string size are truncated MAX_STRING_SIZE = 1000 def initialize(options = {}) @max_string_size = options[:max_string_size] || MAX_STRING_SIZE end def summarize(value) Hash === value ? summarize_hash(value) : summarize_value(value) end private def summarize_hash(hash) hash.keys.first.is_a?(String) ? summarize_string_hash(hash) : summarize_symbol_hash(hash) end def summarize_symbol_hash(hash) hash.map do |key,v| "#{key}:#{summarize_value(v)}" end.join(",") end def summarize_string_hash(hash) hash.map do |key,v| "#{key.inspect}=>#{summarize_value(v)}" end.join(",") end def summarize_string(str) if str.size > @max_string_size "#" else str.inspect end end def summarize_value(value) case value when String then summarize_string(value) when Hash then '{' + summarize_hash(value) + '}' when Array then summarize_array(value) when File then summarize_file(value.path) when Pathname then summarize_file(value) else value.inspect end end def summarize_file(path) "#" end def summarize_array(array) "[" + array.map{|v| summarize_value(v) }.join(",") + "]" end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/endpoints/0000755000004100000410000000000014563437550021302 5ustar www-datawww-dataaws-sdk-core-3.191.2/lib/aws-sdk-core/endpoints/rule.rb0000644000004100000410000000160014563437550022573 0ustar www-datawww-data# frozen_string_literal: true module Aws module Endpoints # This class is deprecated. It is used by the Runtime endpoint # resolution approach. It has been replaced by a code generated # approach in each service gem. It can be removed in a new # major version. It has to exist because # old service gems can use a new core version. # @api private class Rule # Resolves a value that is a function, reference, or template string. def resolve_value(value, parameters, assigns) if value.is_a?(Hash) && value['fn'] Function.new(fn: value['fn'], argv: value['argv']) .call(parameters, assigns) elsif value.is_a?(Hash) && value['ref'] Reference.new(ref: value['ref']).resolve(parameters, assigns) else Templater.resolve(value, parameters, assigns) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/endpoints/tree_rule.rb0000644000004100000410000000246214563437550023621 0ustar www-datawww-data# frozen_string_literal: true module Aws module Endpoints # This class is deprecated. It is used by the Runtime endpoint # resolution approach. It has been replaced by a code generated # approach in each service gem. It can be removed in a new # major version. It has to exist because # old service gems can use a new core version. # @api private class TreeRule def initialize(type: 'tree', conditions:, rules:, documentation: nil) @type = type @conditions = Condition.from_json(conditions) @rules = RuleSet.rules_from_json(rules) @documentation = documentation end attr_reader :type attr_reader :conditions attr_reader :error attr_reader :documentation def match(parameters, assigned = {}) assigns = assigned.dup matched = conditions.all? do |condition| output = condition.match?(parameters, assigns) assigns = assigns.merge(condition.assigned) if condition.assign output end resolve_rules(parameters, assigns) if matched end private def resolve_rules(parameters, assigns) @rules.each do |rule| output = rule.match(parameters, assigns) return output if output end nil end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/endpoints/matchers.rb0000644000004100000410000000713114563437550023437 0ustar www-datawww-data# frozen_string_literal: true require 'cgi' module Aws module Endpoints # generic matcher functions for service endpoints # @api private module Matchers # Regex that extracts anything in square brackets BRACKET_REGEX = /\[(.*?)\]/.freeze # CORE # isSet(value: Option) bool def self.set?(value) !value.nil? end # not(value: bool) bool def self.not(bool) !bool end # getAttr(value: Object | Array, path: string) Document def self.attr(value, path) parts = path.split('.') val = if (index = parts.first[BRACKET_REGEX, 1]) # remove brackets and index from part before indexing value[parts.first.gsub(BRACKET_REGEX, '')][index.to_i] else value[parts.first] end if parts.size == 1 val else attr(val, parts.slice(1..-1).join('.')) end end def self.substring(input, start, stop, reverse) return nil if start >= stop || input.size < stop return nil if input.chars.any? { |c| c.ord > 127 } return input[start...stop] unless reverse r_start = input.size - stop r_stop = input.size - start input[r_start...r_stop] end # stringEquals(value1: string, value2: string) bool def self.string_equals?(value1, value2) value1 == value2 end # booleanEquals(value1: bool, value2: bool) bool def self.boolean_equals?(value1, value2) value1 == value2 end # uriEncode(value: string) string def self.uri_encode(value) CGI.escape(value.encode('UTF-8')).gsub('+', '%20').gsub('%7E', '~') end # parseUrl(value: string) Option def self.parse_url(value) URL.new(value).as_json rescue ArgumentError, URI::InvalidURIError nil end # isValidHostLabel(value: string, allowSubDomains: bool) bool def self.valid_host_label?(value, allow_sub_domains = false) return false if value.empty? if allow_sub_domains labels = value.split('.', -1) return labels.all? { |l| valid_host_label?(l) } end !!(value =~ /\A(?!-)[a-zA-Z0-9-]{1,63}(? def self.aws_partition(value) partition = Aws::Partitions.find { |p| p.region?(value) } || Aws::Partitions.find { |p| value.match(p.region_regex) } || Aws::Partitions.find { |p| p.name == 'aws' } return nil unless partition partition.metadata end # aws.parseArn(value: string) Option def self.aws_parse_arn(value) arn = Aws::ARNParser.parse(value) json = arn.as_json # HACK: because of poor naming and also requirement of splitting resource = json.delete('resource') json['resourceId'] = resource.split(%r{[:\/]}, -1) json rescue Aws::Errors::InvalidARNError nil end # aws.isVirtualHostableS3Bucket(value: string, allowSubDomains: bool) bool def self.aws_virtual_hostable_s3_bucket?(value, allow_sub_domains = false) return false if value.empty? if allow_sub_domains labels = value.split('.', -1) return labels.all? { |l| aws_virtual_hostable_s3_bucket?(l) } end # must be between 3 and 63 characters long, no uppercase value =~ /\A(?!-)[a-z0-9-]{3,63}(? scheme, 'authority' => authority, 'path' => path, 'normalizedPath' => normalized_path, 'isIp' => is_ip } end private def _authority(url, uri) # don't include port if it's default and not parsed originally if uri.default_port == uri.port && !url.include?(":#{uri.port}") uri.host else "#{uri.host}:#{uri.port}" end end def _is_ip(authority) IPAddr.new(authority) true rescue IPAddr::InvalidAddressError false end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/endpoints/templater.rb0000644000004100000410000000370214563437550023626 0ustar www-datawww-data# frozen_string_literal: true module Aws module Endpoints # Does substitutions for templated endpoint strings # This class is deprecated. It is used by the Runtime endpoint # resolution approach. It has been replaced by a code generated # approach in each service gem. It can be removed in a new # major version. It has to exist because # old service gems can use a new core version. # @api private module Templater class << self def resolve(string, parameters, assigns) # scans for strings in curly brackets {} string.scan(/\{.+?\}/).each do |capture| value = capture[1..-2] # strips curly brackets string = string.gsub(capture, replace(value, parameters, assigns)) end string end private # Replaces the captured value with values from parameters or assign def replace(capture, parameters, assigns) # Pound sigil is used for getAttr calls indexes = capture.split('#') # no sigil found, just do substitution if indexes.size == 1 extract_value(capture, parameters, assigns) # sigil was found, need to call getAttr elsif indexes.size == 2 ref, property = indexes param = extract_value(ref, parameters, assigns) Matchers.attr(param, property) else raise "Invalid templatable value: #{capture}" end end # Checks both parameters and assigns hash for the referenced value def extract_value(key, parameters, assigns) if assigns.key?(key) assigns[key] elsif parameters.class.singleton_class::PARAM_MAP.key?(key) member_name = parameters.class.singleton_class::PARAM_MAP[key] parameters[member_name] else raise "Templatable value not found: #{key}" end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/endpoints/reference.rb0000644000004100000410000000160614563437550023570 0ustar www-datawww-data# frozen_string_literal: true module Aws module Endpoints # This class is deprecated. It is used by the Runtime endpoint # resolution approach. It has been replaced by a code generated # approach in each service gem. It can be removed in a new # major version. It has to exist because # old service gems can use a new core version. # @api private class Reference def initialize(ref:) @ref = ref end attr_reader :ref def resolve(parameters, assigns) if parameters.class.singleton_class::PARAM_MAP.key?(@ref) member_name = parameters.class.singleton_class::PARAM_MAP[@ref] parameters[member_name] elsif assigns.key?(@ref) assigns[@ref] else raise ArgumentError, "Reference #{@ref} is not a param or an assigned value." end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/endpoints/function.rb0000644000004100000410000000436414563437550023463 0ustar www-datawww-data# frozen_string_literal: true module Aws module Endpoints # This class is deprecated. It is used by the Runtime endpoint # resolution approach. It has been replaced by a code generated # approach in each service gem. It can be removed in a new # major version. It has to exist because # old service gems can use a new core version. # @api private class Function def initialize(fn:, argv:) @fn = fn @argv = build_argv(argv) end attr_reader :fn attr_reader :argv def call(parameters, assigns) args = [] @argv.each do |arg| if arg.is_a?(Reference) args << arg.resolve(parameters, assigns) elsif arg.is_a?(Function) args << arg.call(parameters, assigns) else if arg.is_a?(String) arg = Templater.resolve(arg, parameters, assigns) end args << arg end end case @fn when 'isSet' Matchers.set?(*args) when 'not' Matchers.not(*args) when 'getAttr' Matchers.attr(*args) when 'substring' Matchers.substring(*args) when 'stringEquals' Matchers.string_equals?(*args) when 'booleanEquals' Matchers.boolean_equals?(*args) when 'uriEncode' Matchers.uri_encode(*args) when 'parseURL' Matchers.parse_url(*args) when 'isValidHostLabel' Matchers.valid_host_label?(*args) when 'aws.partition' Matchers.aws_partition(*args) when 'aws.parseArn' Matchers.aws_parse_arn(*args) when 'aws.isVirtualHostableS3Bucket' Matchers.aws_virtual_hostable_s3_bucket?(*args) else raise "Function not found: #{@fn}" end end private def build_argv(argv_json) argv_json.each.with_object([]) do |arg, argv| argv << if arg.is_a?(Hash) && arg['ref'] Reference.new(ref: arg['ref']) elsif arg.is_a?(Hash) && arg['fn'] Function.new(fn: arg['fn'], argv: arg['argv']) else arg end end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/endpoints/condition.rb0000644000004100000410000000215614563437550023621 0ustar www-datawww-data# frozen_string_literal: true module Aws module Endpoints # This class is deprecated. It is used by the Runtime endpoint # resolution approach. It has been replaced by a code generated # approach in each service gem. It can be removed in a new # major version. It has to exist because # old service gems can use a new core version. # @api private class Condition def initialize(fn:, argv:, assign: nil) @fn = Function.new(fn: fn, argv: argv) @assign = assign @assigned = {} end attr_reader :fn attr_reader :argv attr_reader :assign attr_reader :assigned def match?(parameters, assigns) output = @fn.call(parameters, assigns) @assigned = @assigned.merge({ @assign => output }) if @assign output end def self.from_json(conditions_json) conditions_json.each.with_object([]) do |condition, conditions| conditions << new( fn: condition['fn'], argv: condition['argv'], assign: condition['assign'] ) end end end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/endpoints/endpoint.rb0000644000004100000410000000050414563437550023446 0ustar www-datawww-data# frozen_string_literal: true module Aws module Endpoints class Endpoint def initialize(url:, properties: {}, headers: {}) @url = url @properties = properties @headers = headers end attr_reader :url attr_reader :properties attr_reader :headers end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/type_builder.rb0000644000004100000410000000047214563437550022316 0ustar www-datawww-data# frozen_string_literal: true module Aws # @api private class TypeBuilder def initialize(svc_module) @types_module = svc_module.const_set(:Types, Module.new) end def build_type(shape, shapes) @types_module.const_set(shape.name, Structure.new(*shape.member_names)) end end end aws-sdk-core-3.191.2/lib/aws-sdk-core/instance_profile_credentials.rb0000644000004100000410000002707114563437550025534 0ustar www-datawww-data# frozen_string_literal: true require 'time' require 'net/http' module Aws # An auto-refreshing credential provider that loads credentials from # EC2 instances. # # instance_credentials = Aws::InstanceProfileCredentials.new # ec2 = Aws::EC2::Client.new(credentials: instance_credentials) class InstanceProfileCredentials include CredentialProvider include RefreshingCredentials # @api private class Non200Response < RuntimeError; end # @api private class TokenRetrivalError < RuntimeError; end # @api private class TokenExpiredError < RuntimeError; end # These are the errors we trap when attempting to talk to the # instance metadata service. Any of these imply the service # is not present, no responding or some other non-recoverable # error. # @api private NETWORK_ERRORS = [ Errno::EHOSTUNREACH, Errno::ECONNREFUSED, Errno::EHOSTDOWN, Errno::ENETUNREACH, SocketError, Timeout::Error, Non200Response ].freeze # Path base for GET request for profile and credentials # @api private METADATA_PATH_BASE = '/latest/meta-data/iam/security-credentials/'.freeze # Path for PUT request for token # @api private METADATA_TOKEN_PATH = '/latest/api/token'.freeze # @param [Hash] options # @option options [Integer] :retries (1) Number of times to retry # when retrieving credentials. # @option options [String] :endpoint ('http://169.254.169.254') The IMDS # endpoint. This option has precedence over the :endpoint_mode. # @option options [String] :endpoint_mode ('IPv4') The endpoint mode for # the instance metadata service. This is either 'IPv4' ('169.254.169.254') # or 'IPv6' ('[fd00:ec2::254]'). # @option options [Boolean] :disable_imds_v1 (false) Disable the use of the # legacy EC2 Metadata Service v1. # @option options [String] :ip_address ('169.254.169.254') Deprecated. Use # :endpoint instead. The IP address for the endpoint. # @option options [Integer] :port (80) # @option options [Float] :http_open_timeout (1) # @option options [Float] :http_read_timeout (1) # @option options [Numeric, Proc] :delay By default, failures are retried # with exponential back-off, i.e. `sleep(1.2 ** num_failures)`. You can # pass a number of seconds to sleep between failed attempts, or # a Proc that accepts the number of failures. # @option options [IO] :http_debug_output (nil) HTTP wire # traces are sent to this object. You can specify something # like $stdout. # @option options [Integer] :token_ttl Time-to-Live in seconds for EC2 # Metadata Token used for fetching Metadata Profile Credentials, defaults # to 21600 seconds # @option options [Callable] before_refresh Proc called before # credentials are refreshed. `before_refresh` is called # with an instance of this object when # AWS credentials are required and need to be refreshed. def initialize(options = {}) @retries = options[:retries] || 1 endpoint_mode = resolve_endpoint_mode(options) @endpoint = resolve_endpoint(options, endpoint_mode) @port = options[:port] || 80 @disable_imds_v1 = resolve_disable_v1(options) # Flag for if v2 flow fails, skip future attempts @imds_v1_fallback = false @http_open_timeout = options[:http_open_timeout] || 1 @http_read_timeout = options[:http_read_timeout] || 1 @http_debug_output = options[:http_debug_output] @backoff = backoff(options[:backoff]) @token_ttl = options[:token_ttl] || 21_600 @token = nil @no_refresh_until = nil @async_refresh = false super end # @return [Integer] Number of times to retry when retrieving credentials # from the instance metadata service. Defaults to 0 when resolving from # the default credential chain ({Aws::CredentialProviderChain}). attr_reader :retries private def resolve_endpoint_mode(options) value = options[:endpoint_mode] value ||= ENV['AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE'] value ||= Aws.shared_config.ec2_metadata_service_endpoint_mode( profile: options[:profile] ) value || 'IPv4' end def resolve_endpoint(options, endpoint_mode) value = options[:endpoint] || options[:ip_address] value ||= ENV['AWS_EC2_METADATA_SERVICE_ENDPOINT'] value ||= Aws.shared_config.ec2_metadata_service_endpoint( profile: options[:profile] ) return value if value case endpoint_mode.downcase when 'ipv4' then 'http://169.254.169.254' when 'ipv6' then 'http://[fd00:ec2::254]' else raise ArgumentError, ':endpoint_mode is not valid, expected IPv4 or IPv6, '\ "got: #{endpoint_mode}" end end def resolve_disable_v1(options) value = options[:disable_imds_v1] value ||= ENV['AWS_EC2_METADATA_V1_DISABLED'] value ||= Aws.shared_config.ec2_metadata_v1_disabled( profile: options[:profile] ) value = value.to_s.downcase if value Aws::Util.str_2_bool(value) || false end def backoff(backoff) case backoff when Proc then backoff when Numeric then ->(_) { sleep(backoff) } else ->(num_failures) { Kernel.sleep(1.2**num_failures) } end end def refresh if @no_refresh_until && @no_refresh_until > Time.now warn_expired_credentials return end # Retry loading credentials up to 3 times is the instance metadata # service is responding but is returning invalid JSON documents # in response to the GET profile credentials call. begin retry_errors([Aws::Json::ParseError], max_retries: 3) do c = Aws::Json.load(get_credentials.to_s) if empty_credentials?(@credentials) @credentials = Credentials.new( c['AccessKeyId'], c['SecretAccessKey'], c['Token'] ) @expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil if @expiration && @expiration < Time.now @no_refresh_until = Time.now + refresh_offset warn_expired_credentials end else # credentials are already set, update them only if the new ones are not empty if !c['AccessKeyId'] || c['AccessKeyId'].empty? # error getting new credentials @no_refresh_until = Time.now + refresh_offset warn_expired_credentials else @credentials = Credentials.new( c['AccessKeyId'], c['SecretAccessKey'], c['Token'] ) @expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil if @expiration && @expiration < Time.now @no_refresh_until = Time.now + refresh_offset warn_expired_credentials end end end end rescue Aws::Json::ParseError raise Aws::Errors::MetadataParserError end end def get_credentials # Retry loading credentials a configurable number of times if # the instance metadata service is not responding. if _metadata_disabled? '{}' else begin retry_errors(NETWORK_ERRORS, max_retries: @retries) do open_connection do |conn| # attempt to fetch token to start secure flow first # and rescue to failover fetch_token(conn) unless @imds_v1_fallback token = @token.value if token_set? # disable insecure flow if we couldn't get token # and imds v1 is disabled raise TokenRetrivalError if token.nil? && @disable_imds_v1 _get_credentials(conn, token) end end rescue => e warn("Error retrieving instance profile credentials: #{e}") '{}' end end end def fetch_token(conn) retry_errors(NETWORK_ERRORS, max_retries: @retries) do unless token_set? created_time = Time.now token_value, ttl = http_put( conn, METADATA_TOKEN_PATH, @token_ttl ) @token = Token.new(token_value, ttl, created_time) if token_value && ttl end end rescue *NETWORK_ERRORS # token attempt failed, reset token # fallback to non-token mode @token = nil @imds_v1_fallback = true end # token is optional - if nil, uses v1 (insecure) flow def _get_credentials(conn, token) metadata = http_get(conn, METADATA_PATH_BASE, token) profile_name = metadata.lines.first.strip http_get(conn, METADATA_PATH_BASE + profile_name, token) rescue TokenExpiredError # Token has expired, reset it # The next retry should fetch it @token = nil @imds_v1_fallback = false raise Non200Response end def token_set? @token && !@token.expired? end def _metadata_disabled? ENV.fetch('AWS_EC2_METADATA_DISABLED', 'false').downcase == 'true' end def open_connection uri = URI.parse(@endpoint) http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port) http.open_timeout = @http_open_timeout http.read_timeout = @http_read_timeout http.set_debug_output(@http_debug_output) if @http_debug_output http.start yield(http).tap { http.finish } end # GET request fetch profile and credentials def http_get(connection, path, token = nil) headers = { 'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}" } headers['x-aws-ec2-metadata-token'] = token if token response = connection.request(Net::HTTP::Get.new(path, headers)) case response.code.to_i when 200 response.body when 401 raise TokenExpiredError else raise Non200Response end end # PUT request fetch token with ttl def http_put(connection, path, ttl) headers = { 'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}", 'x-aws-ec2-metadata-token-ttl-seconds' => ttl.to_s } response = connection.request(Net::HTTP::Put.new(path, headers)) case response.code.to_i when 200 [ response.body, response.header['x-aws-ec2-metadata-token-ttl-seconds'].to_i ] when 400 raise TokenRetrivalError else raise Non200Response end end def retry_errors(error_classes, options = {}, &_block) max_retries = options[:max_retries] retries = 0 begin yield rescue *error_classes raise unless retries < max_retries @backoff.call(retries) retries += 1 retry end end def warn_expired_credentials warn("Attempting credential expiration extension due to a credential "\ "service availability issue. A refresh of these credentials "\ "will be attempted again in 5 minutes.") end def empty_credentials?(creds) !creds || !creds.access_key_id || creds.access_key_id.empty? end # Compute an offset for refresh with jitter def refresh_offset 300 + rand(0..60) end # @api private # Token used to fetch IMDS profile and credentials class Token def initialize(value, ttl, created_time = Time.now) @ttl = ttl @value = value @created_time = created_time end # [String] token value attr_reader :value def expired? Time.now - @created_time > @ttl end end end end aws-sdk-core-3.191.2/lib/aws-defaults.rb0000644000004100000410000000012414563437550017721 0ustar www-datawww-data# frozen_string_literal: true require_relative 'aws-defaults/default_configuration'aws-sdk-core-3.191.2/LICENSE.txt0000644000004100000410000002613614563437550016065 0ustar www-datawww-data Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. aws-sdk-core-3.191.2/VERSION0000644000004100000410000000001014563437550015271 0ustar www-datawww-data3.191.2 aws-sdk-core-3.191.2/aws-sdk-core.gemspec0000644000004100000410000003361314563437550020104 0ustar www-datawww-data######################################################### # This file has been automatically generated by gem2tgz # ######################################################### # -*- encoding: utf-8 -*- # stub: aws-sdk-core 3.191.2 ruby lib Gem::Specification.new do |s| s.name = "aws-sdk-core".freeze s.version = "3.191.2" s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version= s.metadata = { "changelog_uri" => "https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-core/CHANGELOG.md", "source_code_uri" => "https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-core" } if s.respond_to? :metadata= s.require_paths = ["lib".freeze] s.authors = ["Amazon Web Services".freeze] s.date = "2024-02-14" s.description = "Provides API clients for AWS. This gem is part of the official AWS SDK for Ruby.".freeze s.files = ["CHANGELOG.md".freeze, "LICENSE.txt".freeze, "VERSION".freeze, "ca-bundle.crt".freeze, "lib/aws-defaults.rb".freeze, "lib/aws-defaults/default_configuration.rb".freeze, "lib/aws-defaults/defaults_mode_config_resolver.rb".freeze, "lib/aws-sdk-core.rb".freeze, "lib/aws-sdk-core/arn.rb".freeze, "lib/aws-sdk-core/arn_parser.rb".freeze, "lib/aws-sdk-core/assume_role_credentials.rb".freeze, "lib/aws-sdk-core/assume_role_web_identity_credentials.rb".freeze, "lib/aws-sdk-core/async_client_stubs.rb".freeze, "lib/aws-sdk-core/binary.rb".freeze, "lib/aws-sdk-core/binary/decode_handler.rb".freeze, "lib/aws-sdk-core/binary/encode_handler.rb".freeze, "lib/aws-sdk-core/binary/event_builder.rb".freeze, "lib/aws-sdk-core/binary/event_parser.rb".freeze, "lib/aws-sdk-core/binary/event_stream_decoder.rb".freeze, "lib/aws-sdk-core/binary/event_stream_encoder.rb".freeze, "lib/aws-sdk-core/client_side_monitoring/publisher.rb".freeze, "lib/aws-sdk-core/client_side_monitoring/request_metrics.rb".freeze, "lib/aws-sdk-core/client_stubs.rb".freeze, "lib/aws-sdk-core/credential_provider.rb".freeze, "lib/aws-sdk-core/credential_provider_chain.rb".freeze, "lib/aws-sdk-core/credentials.rb".freeze, "lib/aws-sdk-core/deprecations.rb".freeze, "lib/aws-sdk-core/eager_loader.rb".freeze, "lib/aws-sdk-core/ec2_metadata.rb".freeze, "lib/aws-sdk-core/ecs_credentials.rb".freeze, "lib/aws-sdk-core/endpoint_cache.rb".freeze, "lib/aws-sdk-core/endpoints.rb".freeze, "lib/aws-sdk-core/endpoints/condition.rb".freeze, "lib/aws-sdk-core/endpoints/endpoint.rb".freeze, "lib/aws-sdk-core/endpoints/endpoint_rule.rb".freeze, "lib/aws-sdk-core/endpoints/error_rule.rb".freeze, "lib/aws-sdk-core/endpoints/function.rb".freeze, "lib/aws-sdk-core/endpoints/matchers.rb".freeze, "lib/aws-sdk-core/endpoints/reference.rb".freeze, "lib/aws-sdk-core/endpoints/rule.rb".freeze, "lib/aws-sdk-core/endpoints/rule_set.rb".freeze, "lib/aws-sdk-core/endpoints/rules_provider.rb".freeze, "lib/aws-sdk-core/endpoints/templater.rb".freeze, "lib/aws-sdk-core/endpoints/tree_rule.rb".freeze, "lib/aws-sdk-core/endpoints/url.rb".freeze, "lib/aws-sdk-core/errors.rb".freeze, "lib/aws-sdk-core/event_emitter.rb".freeze, "lib/aws-sdk-core/ini_parser.rb".freeze, "lib/aws-sdk-core/instance_profile_credentials.rb".freeze, "lib/aws-sdk-core/json.rb".freeze, "lib/aws-sdk-core/json/builder.rb".freeze, "lib/aws-sdk-core/json/error_handler.rb".freeze, "lib/aws-sdk-core/json/handler.rb".freeze, "lib/aws-sdk-core/json/json_engine.rb".freeze, "lib/aws-sdk-core/json/oj_engine.rb".freeze, "lib/aws-sdk-core/json/parser.rb".freeze, "lib/aws-sdk-core/log/formatter.rb".freeze, "lib/aws-sdk-core/log/handler.rb".freeze, "lib/aws-sdk-core/log/param_filter.rb".freeze, "lib/aws-sdk-core/log/param_formatter.rb".freeze, "lib/aws-sdk-core/pageable_response.rb".freeze, "lib/aws-sdk-core/pager.rb".freeze, "lib/aws-sdk-core/param_converter.rb".freeze, "lib/aws-sdk-core/param_validator.rb".freeze, "lib/aws-sdk-core/plugins/api_key.rb".freeze, "lib/aws-sdk-core/plugins/apig_authorizer_token.rb".freeze, "lib/aws-sdk-core/plugins/apig_credentials_configuration.rb".freeze, "lib/aws-sdk-core/plugins/apig_user_agent.rb".freeze, "lib/aws-sdk-core/plugins/bearer_authorization.rb".freeze, "lib/aws-sdk-core/plugins/checksum_algorithm.rb".freeze, "lib/aws-sdk-core/plugins/client_metrics_plugin.rb".freeze, "lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb".freeze, "lib/aws-sdk-core/plugins/credentials_configuration.rb".freeze, "lib/aws-sdk-core/plugins/defaults_mode.rb".freeze, "lib/aws-sdk-core/plugins/endpoint_discovery.rb".freeze, "lib/aws-sdk-core/plugins/endpoint_pattern.rb".freeze, "lib/aws-sdk-core/plugins/event_stream_configuration.rb".freeze, "lib/aws-sdk-core/plugins/global_configuration.rb".freeze, "lib/aws-sdk-core/plugins/helpful_socket_errors.rb".freeze, "lib/aws-sdk-core/plugins/http_checksum.rb".freeze, "lib/aws-sdk-core/plugins/idempotency_token.rb".freeze, "lib/aws-sdk-core/plugins/invocation_id.rb".freeze, "lib/aws-sdk-core/plugins/jsonvalue_converter.rb".freeze, "lib/aws-sdk-core/plugins/logging.rb".freeze, "lib/aws-sdk-core/plugins/param_converter.rb".freeze, "lib/aws-sdk-core/plugins/param_validator.rb".freeze, "lib/aws-sdk-core/plugins/protocols/api_gateway.rb".freeze, "lib/aws-sdk-core/plugins/protocols/ec2.rb".freeze, "lib/aws-sdk-core/plugins/protocols/json_rpc.rb".freeze, "lib/aws-sdk-core/plugins/protocols/query.rb".freeze, "lib/aws-sdk-core/plugins/protocols/rest_json.rb".freeze, "lib/aws-sdk-core/plugins/protocols/rest_xml.rb".freeze, "lib/aws-sdk-core/plugins/recursion_detection.rb".freeze, "lib/aws-sdk-core/plugins/regional_endpoint.rb".freeze, "lib/aws-sdk-core/plugins/request_compression.rb".freeze, "lib/aws-sdk-core/plugins/response_paging.rb".freeze, "lib/aws-sdk-core/plugins/retries/client_rate_limiter.rb".freeze, "lib/aws-sdk-core/plugins/retries/clock_skew.rb".freeze, "lib/aws-sdk-core/plugins/retries/error_inspector.rb".freeze, "lib/aws-sdk-core/plugins/retries/retry_quota.rb".freeze, "lib/aws-sdk-core/plugins/retry_errors.rb".freeze, "lib/aws-sdk-core/plugins/sign.rb".freeze, "lib/aws-sdk-core/plugins/signature_v2.rb".freeze, "lib/aws-sdk-core/plugins/signature_v4.rb".freeze, "lib/aws-sdk-core/plugins/stub_responses.rb".freeze, "lib/aws-sdk-core/plugins/transfer_encoding.rb".freeze, "lib/aws-sdk-core/plugins/user_agent.rb".freeze, "lib/aws-sdk-core/process_credentials.rb".freeze, "lib/aws-sdk-core/query.rb".freeze, "lib/aws-sdk-core/query/ec2_param_builder.rb".freeze, "lib/aws-sdk-core/query/handler.rb".freeze, "lib/aws-sdk-core/query/param.rb".freeze, "lib/aws-sdk-core/query/param_builder.rb".freeze, "lib/aws-sdk-core/query/param_list.rb".freeze, "lib/aws-sdk-core/refreshing_credentials.rb".freeze, "lib/aws-sdk-core/refreshing_token.rb".freeze, "lib/aws-sdk-core/resources/collection.rb".freeze, "lib/aws-sdk-core/rest.rb".freeze, "lib/aws-sdk-core/rest/handler.rb".freeze, "lib/aws-sdk-core/rest/request/body.rb".freeze, "lib/aws-sdk-core/rest/request/builder.rb".freeze, "lib/aws-sdk-core/rest/request/endpoint.rb".freeze, "lib/aws-sdk-core/rest/request/headers.rb".freeze, "lib/aws-sdk-core/rest/request/querystring_builder.rb".freeze, "lib/aws-sdk-core/rest/response/body.rb".freeze, "lib/aws-sdk-core/rest/response/headers.rb".freeze, "lib/aws-sdk-core/rest/response/parser.rb".freeze, "lib/aws-sdk-core/rest/response/status_code.rb".freeze, "lib/aws-sdk-core/shared_config.rb".freeze, "lib/aws-sdk-core/shared_credentials.rb".freeze, "lib/aws-sdk-core/sso_credentials.rb".freeze, "lib/aws-sdk-core/sso_token_provider.rb".freeze, "lib/aws-sdk-core/static_token_provider.rb".freeze, "lib/aws-sdk-core/structure.rb".freeze, "lib/aws-sdk-core/stubbing/data_applicator.rb".freeze, "lib/aws-sdk-core/stubbing/empty_stub.rb".freeze, "lib/aws-sdk-core/stubbing/protocols/api_gateway.rb".freeze, "lib/aws-sdk-core/stubbing/protocols/ec2.rb".freeze, "lib/aws-sdk-core/stubbing/protocols/json.rb".freeze, "lib/aws-sdk-core/stubbing/protocols/query.rb".freeze, "lib/aws-sdk-core/stubbing/protocols/rest.rb".freeze, "lib/aws-sdk-core/stubbing/protocols/rest_json.rb".freeze, "lib/aws-sdk-core/stubbing/protocols/rest_xml.rb".freeze, "lib/aws-sdk-core/stubbing/stub_data.rb".freeze, "lib/aws-sdk-core/stubbing/xml_error.rb".freeze, "lib/aws-sdk-core/token.rb".freeze, "lib/aws-sdk-core/token_provider.rb".freeze, "lib/aws-sdk-core/token_provider_chain.rb".freeze, "lib/aws-sdk-core/type_builder.rb".freeze, "lib/aws-sdk-core/util.rb".freeze, "lib/aws-sdk-core/waiters.rb".freeze, "lib/aws-sdk-core/waiters/errors.rb".freeze, "lib/aws-sdk-core/waiters/poller.rb".freeze, "lib/aws-sdk-core/waiters/waiter.rb".freeze, "lib/aws-sdk-core/xml.rb".freeze, "lib/aws-sdk-core/xml/builder.rb".freeze, "lib/aws-sdk-core/xml/default_list.rb".freeze, "lib/aws-sdk-core/xml/default_map.rb".freeze, "lib/aws-sdk-core/xml/doc_builder.rb".freeze, "lib/aws-sdk-core/xml/error_handler.rb".freeze, "lib/aws-sdk-core/xml/parser.rb".freeze, "lib/aws-sdk-core/xml/parser/engines/libxml.rb".freeze, "lib/aws-sdk-core/xml/parser/engines/nokogiri.rb".freeze, "lib/aws-sdk-core/xml/parser/engines/oga.rb".freeze, "lib/aws-sdk-core/xml/parser/engines/ox.rb".freeze, "lib/aws-sdk-core/xml/parser/engines/rexml.rb".freeze, "lib/aws-sdk-core/xml/parser/frame.rb".freeze, "lib/aws-sdk-core/xml/parser/parsing_error.rb".freeze, "lib/aws-sdk-core/xml/parser/stack.rb".freeze, "lib/aws-sdk-sso.rb".freeze, "lib/aws-sdk-sso/client.rb".freeze, "lib/aws-sdk-sso/client_api.rb".freeze, "lib/aws-sdk-sso/customizations.rb".freeze, "lib/aws-sdk-sso/endpoint_parameters.rb".freeze, "lib/aws-sdk-sso/endpoint_provider.rb".freeze, "lib/aws-sdk-sso/endpoints.rb".freeze, "lib/aws-sdk-sso/errors.rb".freeze, "lib/aws-sdk-sso/plugins/endpoints.rb".freeze, "lib/aws-sdk-sso/resource.rb".freeze, "lib/aws-sdk-sso/types.rb".freeze, "lib/aws-sdk-ssooidc.rb".freeze, "lib/aws-sdk-ssooidc/client.rb".freeze, "lib/aws-sdk-ssooidc/client_api.rb".freeze, "lib/aws-sdk-ssooidc/customizations.rb".freeze, "lib/aws-sdk-ssooidc/endpoint_parameters.rb".freeze, "lib/aws-sdk-ssooidc/endpoint_provider.rb".freeze, "lib/aws-sdk-ssooidc/endpoints.rb".freeze, "lib/aws-sdk-ssooidc/errors.rb".freeze, "lib/aws-sdk-ssooidc/plugins/endpoints.rb".freeze, "lib/aws-sdk-ssooidc/resource.rb".freeze, "lib/aws-sdk-ssooidc/types.rb".freeze, "lib/aws-sdk-sts.rb".freeze, "lib/aws-sdk-sts/client.rb".freeze, "lib/aws-sdk-sts/client_api.rb".freeze, "lib/aws-sdk-sts/customizations.rb".freeze, "lib/aws-sdk-sts/endpoint_parameters.rb".freeze, "lib/aws-sdk-sts/endpoint_provider.rb".freeze, "lib/aws-sdk-sts/endpoints.rb".freeze, "lib/aws-sdk-sts/errors.rb".freeze, "lib/aws-sdk-sts/plugins/endpoints.rb".freeze, "lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb".freeze, "lib/aws-sdk-sts/presigner.rb".freeze, "lib/aws-sdk-sts/resource.rb".freeze, "lib/aws-sdk-sts/types.rb".freeze, "lib/seahorse.rb".freeze, "lib/seahorse/client/async_base.rb".freeze, "lib/seahorse/client/async_response.rb".freeze, "lib/seahorse/client/base.rb".freeze, "lib/seahorse/client/block_io.rb".freeze, "lib/seahorse/client/configuration.rb".freeze, "lib/seahorse/client/events.rb".freeze, "lib/seahorse/client/h2/connection.rb".freeze, "lib/seahorse/client/h2/handler.rb".freeze, "lib/seahorse/client/handler.rb".freeze, "lib/seahorse/client/handler_builder.rb".freeze, "lib/seahorse/client/handler_list.rb".freeze, "lib/seahorse/client/handler_list_entry.rb".freeze, "lib/seahorse/client/http/async_response.rb".freeze, "lib/seahorse/client/http/headers.rb".freeze, "lib/seahorse/client/http/request.rb".freeze, "lib/seahorse/client/http/response.rb".freeze, "lib/seahorse/client/logging/formatter.rb".freeze, "lib/seahorse/client/logging/handler.rb".freeze, "lib/seahorse/client/managed_file.rb".freeze, "lib/seahorse/client/net_http/connection_pool.rb".freeze, "lib/seahorse/client/net_http/handler.rb".freeze, "lib/seahorse/client/net_http/patches.rb".freeze, "lib/seahorse/client/networking_error.rb".freeze, "lib/seahorse/client/plugin.rb".freeze, "lib/seahorse/client/plugin_list.rb".freeze, "lib/seahorse/client/plugins/content_length.rb".freeze, "lib/seahorse/client/plugins/endpoint.rb".freeze, "lib/seahorse/client/plugins/h2.rb".freeze, "lib/seahorse/client/plugins/logging.rb".freeze, "lib/seahorse/client/plugins/net_http.rb".freeze, "lib/seahorse/client/plugins/operation_methods.rb".freeze, "lib/seahorse/client/plugins/raise_response_errors.rb".freeze, "lib/seahorse/client/plugins/request_callback.rb".freeze, "lib/seahorse/client/plugins/response_target.rb".freeze, "lib/seahorse/client/request.rb".freeze, "lib/seahorse/client/request_context.rb".freeze, "lib/seahorse/client/response.rb".freeze, "lib/seahorse/model/api.rb".freeze, "lib/seahorse/model/authorizer.rb".freeze, "lib/seahorse/model/operation.rb".freeze, "lib/seahorse/model/shapes.rb".freeze, "lib/seahorse/util.rb".freeze, "lib/seahorse/version.rb".freeze, "sig/aws-sdk-core.rbs".freeze, "sig/aws-sdk-core/client_stubs.rbs".freeze, "sig/aws-sdk-core/errors.rbs".freeze, "sig/aws-sdk-core/resources/collection.rbs".freeze, "sig/aws-sdk-core/structure.rbs".freeze, "sig/aws-sdk-core/waiters/errors.rbs".freeze, "sig/seahorse/client/base.rbs".freeze, "sig/seahorse/client/handler_builder.rbs".freeze, "sig/seahorse/client/response.rbs".freeze] s.homepage = "https://github.com/aws/aws-sdk-ruby".freeze s.licenses = ["Apache-2.0".freeze] s.required_ruby_version = Gem::Requirement.new(">= 2.5".freeze) s.rubygems_version = "3.3.15".freeze s.summary = "AWS SDK for Ruby - Core".freeze if s.respond_to? :specification_version then s.specification_version = 4 end if s.respond_to? :add_runtime_dependency then s.add_runtime_dependency(%q.freeze, ["~> 1", ">= 1.3.0"]) s.add_runtime_dependency(%q.freeze, ["~> 1", ">= 1.651.0"]) s.add_runtime_dependency(%q.freeze, ["~> 1.8"]) s.add_runtime_dependency(%q.freeze, [">= 0"]) s.add_runtime_dependency(%q.freeze, ["~> 1", ">= 1.6.1"]) else s.add_dependency(%q.freeze, ["~> 1", ">= 1.3.0"]) s.add_dependency(%q.freeze, ["~> 1", ">= 1.651.0"]) s.add_dependency(%q.freeze, ["~> 1.8"]) s.add_dependency(%q.freeze, [">= 0"]) s.add_dependency(%q.freeze, ["~> 1", ">= 1.6.1"]) end end aws-sdk-core-3.191.2/sig/0000755000004100000410000000000014563437550015014 5ustar www-datawww-dataaws-sdk-core-3.191.2/sig/aws-sdk-core.rbs0000644000004100000410000000027114563437550020023 0ustar www-datawww-datamodule Aws attr_reader self.config: Hash[Symbol, untyped] def self.config=: (Hash[Symbol, untyped] config) -> Hash[Symbol, untyped] def self.use_bundled_cert!: () -> String end aws-sdk-core-3.191.2/sig/seahorse/0000755000004100000410000000000014563437550016625 5ustar www-datawww-dataaws-sdk-core-3.191.2/sig/seahorse/client/0000755000004100000410000000000014563437550020103 5ustar www-datawww-dataaws-sdk-core-3.191.2/sig/seahorse/client/response.rbs0000644000004100000410000000320214563437550022446 0ustar www-datawww-datamodule Seahorse module Client # RBS does not support Delegator. # the behavior is mimicked `Seahorse::Client::Response` as much as possible. interface _ResponseCommon def context: () -> untyped def checksum_validated: () -> ::String? def on: (Integer) { (self) -> void } -> self | (Range[Integer]) { (self) -> void } -> self def on_success: () { (self) -> void } -> self def successful?: () -> bool end # The interface for response success # An interface representing response is provided for each operation, # and _ResponseSuccess is embedded in this interface. # @example client.rbs # # interface _OperationResponseSuccess # include ::Seahorse::Client::_ResponseSuccess[Types::OperationOutput] # def foo: () -> ::String # def bar: () -> ::Integer # end # @client.operation: () -> _OperationResponseSuccess interface _ResponseSuccess[DATA] include _ResponseCommon def data: () -> DATA def data=: (DATA) -> DATA def error: () -> nil def error=: (nil) -> nil end # The interface for response error # It is useful to use annotation on ruby code # @example foo.rb # # client = Client.new(raise_response_errors: false) # # @type var response: ::Seahorse::Client::_ResponseError # response = client.operation() # response.error.message interface _ResponseError include _ResponseCommon def data: () -> nil def data=: (nil) -> nil def error: () -> StandardError def error=: (StandardError) -> StandardError end end end aws-sdk-core-3.191.2/sig/seahorse/client/handler_builder.rbs0000644000004100000410000000100514563437550023732 0ustar www-datawww-datamodule Seahorse module Client # This module provides the ability to add handlers to a class or # module. The including class or extending module must respond to # `#handlers`, returning a {HandlerList}. module HandlerBuilder def handle_request: (*untyped) { (untyped context) -> void } -> untyped def handle_response: (*untyped) { (untyped resp) -> void } -> untyped def handle: (*untyped) ?{ (untyped context) -> void } -> untyped alias handler handle end end end aws-sdk-core-3.191.2/sig/seahorse/client/base.rbs0000644000004100000410000000135014563437550021524 0ustar www-datawww-datamodule Seahorse module Client class Base include HandlerBuilder def self.new: (?untyped options) -> instance def self.add_plugin: (untyped plugin) -> untyped def self.remove_plugin: (untyped plugin) -> untyped def self.clear_plugins: () -> untyped def self.set_plugins: (Array[untyped] plugins) -> untyped def self.plugins: () -> Array[untyped] def self.api: () -> untyped def self.set_api: (untyped api) -> untyped def self.define: (?untyped options) -> untyped attr_reader config: untyped attr_reader handlers: untyped def build_request: (_ToS operation_name, ?untyped params) -> untyped def operation_names: () -> Array[Symbol] end end end aws-sdk-core-3.191.2/sig/aws-sdk-core/0000755000004100000410000000000014563437550017313 5ustar www-datawww-dataaws-sdk-core-3.191.2/sig/aws-sdk-core/waiters/0000755000004100000410000000000014563437550020771 5ustar www-datawww-dataaws-sdk-core-3.191.2/sig/aws-sdk-core/waiters/errors.rbs0000644000004100000410000000052514563437550023017 0ustar www-datawww-datamodule Aws module Waiters module Errors class WaiterFailed < StandardError end class FailureStateError < WaiterFailed end class TooManyAttemptsError < WaiterFailed end class UnexpectedError < WaiterFailed end class NoSuchWaiterError < ArgumentError end end end end aws-sdk-core-3.191.2/sig/aws-sdk-core/structure.rbs0000644000004100000410000000005414563437550022062 0ustar www-datawww-datamodule Aws class EmptyStructure end end aws-sdk-core-3.191.2/sig/aws-sdk-core/client_stubs.rbs0000644000004100000410000000066614563437550022531 0ustar www-datawww-datamodule Aws module ClientStubs def stub_responses: (Symbol operation_name, *untyped stubs) -> void def api_requests: (?exclude_presign: bool) -> Array[{ operation_name: Symbol, params: untyped, context: untyped }] | (?Hash[:exclude_presign, bool] options) -> Array[{ operation_name: Symbol, params: untyped, context: untyped }] def stub_data: (Symbol operation_name, ?untyped data) -> untyped end end aws-sdk-core-3.191.2/sig/aws-sdk-core/resources/0000755000004100000410000000000014563437550021325 5ustar www-datawww-dataaws-sdk-core-3.191.2/sig/aws-sdk-core/resources/collection.rbs0000644000004100000410000000072114563437550024170 0ustar www-datawww-datamodule Aws module Resources class Collection[T] include Enumerable[T] def initialize: (Enumerable[Enumerable[T]] batches, ?size: Integer, ?limit: Integer) -> void def each: () -> Enumerator[T, untyped] | () { (T) -> untyped } -> Enumerator[T, untyped] def size: () -> Integer? alias length size def first: () -> T? | (Integer) -> self def limit: (Integer) -> self end end end aws-sdk-core-3.191.2/sig/aws-sdk-core/errors.rbs0000644000004100000410000000117714563437550021345 0ustar www-datawww-datamodule Aws module Errors class NonSupportedRubyVersionError < RuntimeError end # The base class for all errors returned by an Amazon Web Service. # All ~400 level client errors and ~500 level server errors are raised # as service errors. This indicates it was an error returned from the # service and not one generated by the client. class ServiceError < RuntimeError def initialize: (untyped context, String? message, ?untyped data) -> void attr_reader code: String attr_reader context: untyped attr_reader data: untyped attr_accessor self.code: String? end end end aws-sdk-core-3.191.2/CHANGELOG.md0000644000004100000410000014163314563437550016053 0ustar www-datawww-dataUnreleased Changes ------------------ 3.191.2 (2024-02-14) ------------------ * Issue - Add base64 as dependency to prepare for Ruby 3.4 release (#2984). 3.191.1 (2024-02-07) ------------------ * Issue - Warn on previously silent credential failures (#2981). 3.191.0 (2024-01-26) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::SSOOIDC::Client with the latest API changes. * Feature - Updated Aws::SSO::Client with the latest API changes. * Feature - Add RBS signature files to support static type checking. 3.190.3 (2024-01-16) ------------------ * Issue - Add mutex around accessing stub api_requests. 3.190.2 (2024-01-09) ------------------ * Issue - Minor performance optimization. 3.190.1 (2023-12-20) ------------------ * Issue - Add mutex around stub api_requests. 3.190.0 (2023-11-29) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.189.0 (2023-11-28) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::SSOOIDC::Client with the latest API changes. * Feature - Updated Aws::SSO::Client with the latest API changes. * Feature - Support S3 Express authentication. 3.188.0 (2023-11-22) ------------------ * Feature - AWS SDK for Ruby no longer supports Ruby runtime versions 2.3 and 2.4. * Feature - Support `AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE` in `ECSCredentials` and also allow for ECS and EKS link-local http addresses. 3.187.1 (2023-11-20) ------------------ * Issue - For `awsQueryCompatible` services, default an empty list or map for shapes that were previously flattened in the query protocol. 3.187.0 (2023-11-17) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::SSOOIDC::Client with the latest API changes. 3.186.0 (2023-11-02) ------------------ * Feature - Support disabling IMDSv1 in `InstanceProfileCredentials` using `ENV['AWS_EC2_METADATA_V1_DISABLED']`, `ec2_metadata_v1_disabled` shared config, or the `disable_imds_v1` credentials option. 3.185.2 (2023-10-31) ------------------ * Issue - Fix query string support to lists of booleans, floats, integers and timestamps per rest-json protocol. 3.185.1 (2023-10-05) ------------------ * Issue - Ignore `__type` when deserializing Unions. 3.185.0 (2023-10-02) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::SSO::Client with the latest API changes. 3.184.0 (2023-09-27) ------------------ * Feature - Change the `ServiceError` data member from read only to read/write. 3.183.1 (2023-09-25) ------------------ * Issue - Remove value inspection from param validation errors. 3.183.0 (2023-09-20) ------------------ * Feature - Updated Aws::SSOOIDC::Client with the latest API changes. 3.182.0 (2023-09-19) ------------------ * Feature - Updated Aws::SSOOIDC::Client with the latest API changes. * Feature - Updated Aws::SSO::Client with the latest API changes. 3.181.1 (2023-09-14) ------------------ * Issue - Fix host label validation in endpoint matchers. 3.181.0 (2023-08-22) ------------------ * Feature - Add support for `on_chunk_received` callback. 3.180.3 (2023-08-09) ------------------ * Issue - Add support for sso-session names with whitespace configured by the CLI `aws sso configure` command (#2895). 3.180.2 (2023-08-07) ------------------ * Issue - Fix parsing of ini files with mixes of blank properties and nested configurations. 3.180.1 (2023-07-31) ------------------ * Issue - Remove checksums from default stubs (#2888). 3.180.0 (2023-07-25) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.179.0 (2023-07-24) ------------------ * Feature - Add `checksum_validated` method to response. 3.178.0 (2023-07-11) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::SSOOIDC::Client with the latest API changes. * Feature - Updated Aws::SSO::Client with the latest API changes. * Feature - Add support for configuring the endpoint URL in the shared configuration file or via an environment variable for a specific AWS service or all AWS services. 3.177.0 (2023-07-06) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::SSOOIDC::Client with the latest API changes. * Feature - Updated Aws::SSO::Client with the latest API changes. * Feature - Add support for Request Compression. 3.176.1 (2023-06-29) ------------------ * Issue - Fix signing for S3/S3 Control and `aws-crt` gem for certain object keys (#2849). * Issue - Ensure `SSOCredentials` `#expiration` is a `Time` (#2874) 3.176.0 (2023-06-28) ------------------ * Feature - Add :expiration accessor to `CredentialProvider` and do not refresh credentials when checking expiration (#2872). 3.175.0 (2023-06-15) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::SSOOIDC::Client with the latest API changes. * Feature - Updated Aws::SSO::Client with the latest API changes. 3.174.0 (2023-05-31) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::SSOOIDC::Client with the latest API changes. * Feature - Updated Aws::SSO::Client with the latest API changes. * Feature - Improve User-Agent metrics tracking. 3.173.1 (2023-05-24) ------------------ * Issue - Updated `checksum_algorithm` plugin to use IO.copy_stream for JRuby. 3.173.0 (2023-05-18) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.172.0 (2023-05-08) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Add :region option to `Aws::Log::Formatter`. 3.171.1 (2023-05-04) ------------------ * Issue - Fix error code parsing in AWS query compatible JSON services. 3.171.0 (2023-03-22) ------------------ * Feature - Add support for `AWS_CONTAINER_CREDENTIALS_FULL_URI` and `AWS_CONTAINER_AUTHORIZATION_TOKEN` environment variables to `ECSCredentials`. 3.170.1 (2023-03-17) ------------------ * Issue - Reduce memory usage in H2::Connection when `http_wire_log` is not set. 3.170.0 (2023-01-25) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.169.0 (2023-01-18) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::SSOOIDC::Client with the latest API changes. * Feature - Updated Aws::SSO::Client with the latest API changes. * Issue - Replace runtime endpoint resolution approach with generated ruby code for STS, SSO, and SSOOIDC. 3.168.4 (2022-12-08) ------------------ * Issue - Fix Sign to not sign Sigv2 requests to S3. 3.168.3 (2022-12-02) ------------------ * Issue - Retry S3's `BadDigest` error 3.168.2 (2022-11-29) ------------------ * Issue - Allow region resolution in `AssumeRoleCredentials` from `CredentialProviderChain`. 3.168.1 (2022-11-18) ------------------ * Issue - Fix initialization of SSOTokenProvider when `AWS_PROFILE` is specified. 3.168.0 (2022-11-17) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.167.0 (2022-11-09) ------------------ * Issue - Ensure the stream_thread is not killed before H2 connection status is updated (#2779). * Feature - Add token refresh support to `SSOCredentialProvider`. 3.166.0 (2022-10-26) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::SSOOIDC::Client with the latest API changes. * Feature - Updated Aws::SSO::Client with the latest API changes. 3.165.1 (2022-10-25) ------------------ * Issue - Require the SignatureV4 plugin to fix compatability with older `aws-sdk-s3` versions (#2774). 3.165.0 (2022-10-25) ------------------ * Feature - Updated Aws::SSOOIDC::Client with the latest API changes. * Feature - Updated Aws::SSO::Client with the latest API changes. * Feature - Add support for service gems to dynamically determine their own endpoints via modeling. Service gems now generate a plugin called "Endpoints" that defines configuration for EndpointProvider, a new public type, and any client config related to endpoints. Endpoint providers will resolve values using another new public type, Endpoint Parameters, generated for each service. The plugin will use the endpoint provider to resolve an endpoint and then apply it to the request prior to serialization. Endpoint providers can be composed to change endpoint resolution logic, i.e. for testing. In addition to endpoints, the endpoint provider may also override the authentication scheme (auth scheme) which details how the request should be signed for the endpoint. A new "Sign" plugin in core replaces the SignatureV4 plugin that will generically sign any type of auth scheme that a service might have. 3.164.0 (2022-10-21) ------------------ * Feature - Updated Aws::SSOOIDC::Client with the latest API changes. 3.163.0 (2022-10-20) ------------------ * Feature - Updated Aws::SSOOIDC::Client with the latest API changes. 3.162.0 (2022-10-19) ------------------ * Feature - Updated Aws::SSOOIDC::Client with the latest API changes. 3.161.0 (2022-10-18) ------------------ * Feature - Support AwsQueryCompatible trait to read error code from x-amzn-query-error header. 3.160.0 (2022-10-13) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.159.0 (2022-10-07) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.158.1 (2022-10-06) ------------------ * Issue - Ensure that the ReadCallbackIO is always unwrapped (#2761). 3.158.0 (2022-09-30) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.157.0 (2022-09-29) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.156.0 (2022-09-27) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.155.0 (2022-09-26) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.154.0 (2022-09-23) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.153.0 (2022-09-22) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.152.0 (2022-09-21) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.151.0 (2022-09-20) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.150.0 (2022-09-19) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.149.0 (2022-09-16) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.148.0 (2022-09-15) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.147.0 (2022-09-14) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.146.0 (2022-09-13) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.145.0 (2022-09-12) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.144.0 (2022-09-09) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.143.0 (2022-09-08) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.142.0 (2022-09-07) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.141.0 (2022-09-06) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.140.0 (2022-09-02) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.139.0 (2022-09-01) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.138.0 (2022-08-31) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.137.0 (2022-08-30) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. * Issue - Fix errors in recursion detection when `_X_AMZN_TRACE_ID` is unset (#2748). 3.136.0 (2022-08-25) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. * Feature - Updated Aws::SSOOIDC::Client with the latest API changes. 3.135.0 (2022-08-24) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.134.0 (2022-08-23) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. * Feature - Add support for Bearer Token Authentication and TokenProviders. * Issue - Validate that `_X_AMZN_TRACE_ID` ENV value contains only valid, non-control characters. 3.133.0 (2022-08-22) ------------------ * Feature - Moved functionality from `aws-sdk-ssooidc` into core. 3.132.0 (2022-08-08) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. 3.131.6 (2022-08-03) ------------------ * Issue - Fix typo in `RecursionDetection`, change amz to amzn in header and env name. 3.131.5 (2022-07-28) ------------------ * Issue - Fix `to_json` usage in nested hashes by defining `as_json` (#2733). 3.131.4 (2022-07-27) ------------------ * Issue - Fix `to_json` usage on pageable responses when using Rails (#2733). * Issue - Use `expand_path` on credential/config paths in SharedConfig (#2735). 3.131.3 (2022-07-18) ------------------ * Issue - Add support for serializing shapes on the body with `jsonvalue` members. 3.131.2 (2022-06-20) ------------------ * Issue - Populate context :request_id for XML error responses. 3.131.1 (2022-05-20) ------------------ * Issue - Bump the minimum version of `jmespath` dependency. 3.131.0 (2022-05-16) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.130.2 (2022-04-22) ------------------ * Issue - Don't pass `:before_refresh` to Client constructors in RefreshingCredential implementations (#2690). 3.130.1 (2022-04-12) ------------------ * Issue - Don't call `refresh!` on non-refreshable `Credentials` when retrying errors (#2685). 3.130.0 (2022-03-11) ------------------ * Feature - Asynchronously refresh AWS credentials (#2641). * Issue - Add x-amz-region-set to list of headers deleted for re-sign. 3.129.1 (2022-03-10) ------------------ * Issue - Make stubs thread safe by creating new responses for each operation call (#2675). 3.129.0 (2022-03-08) ------------------ * Feature - Add support for cases when `InstanceProfileCredentials` (IMDS) is unable to refresh credentials. 3.128.1 (2022-03-07) ------------------ * Issue - Fixed `Aws::PageableResponse` invalidating Ruby's global constant cache. 3.128.0 (2022-03-04) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.127.0 (2022-02-24) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::SSO::Client with the latest API changes. * Feature - Support `HttpChecksum` trait for requests and responses. 3.126.2 (2022-02-16) ------------------ * Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529). * Issue - Raise a `NoSuchProfileError` when config and credentials files don't exist. 3.126.1 (2022-02-14) ------------------ * Issue - Set `create_time` on IMDS tokens before fetch to reduce chance of using expired tokens and retry failures due to using expired tokens. 3.126.0 (2022-02-03) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. * Feature - Add support for recursion detection. 3.125.6 (2022-02-02) ------------------ * Issue - Ensure default message for ServiceError is a string (#2643). 3.125.5 (2022-01-19) ------------------ * Issue - Correctly serialize empty header lists. 3.125.4 (2022-01-18) ------------------ * Issue - Add `InternalError` to `ErrorInspector` for S3 errors. 3.125.3 (2022-01-12) ------------------ * Issue - Add `ExpiredTokenException` to `ErrorInspector` for Kinesis errors. 3.125.2 (2022-01-10) ------------------ * Issue - Correctly serialize lists of strings in headers with quotes and commas. 3.125.1 (2022-01-04) ------------------ * Issue - Parse a response with consecutive spaces correctly when ox is used as the XML parser. 3.125.0 (2021-12-21) ------------------ * Feature - Updated Aws::SSO::Client with the latest API changes. * Feature - Add `:defaults_mode` configuration - that determines how certain default configuration options are resolved in the SDK. 3.124.0 (2021-11-30) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::SSO::Client with the latest API changes. 3.123.0 (2021-11-23) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.122.1 (2021-11-09) ------------------ * Issue - Correctly serialize/deserialize header lists. 3.122.0 (2021-11-04) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::SSO::Client with the latest API changes. * Issue - Fix parsing of ISO8601 timestamps with millisecond precision in headers. * Feature - Support modeled dualstack endpoints. It can be configured with shared configuration (`use_dualstack_endpoint`), an ENV variable (`AWS_USE_DUALSTACK_ENDPOINT`), and a constructor option (`:use_dualstack_endpoint`). Requests made to services without a dualstack endpoint will fail. * Feature - Support modeled fips endpoints. It can be configured with shared configuration (`use_fips_endpoint`), an ENV variable (`AWS_USE_FIPS_ENDPOINT`), and a constructor option (`:use_fips_endpoint`). Requests made to services without a fips endpoint will fail. 3.121.6 (2021-11-02) ------------------ * Issue - Improve `SSOCredentials` error handling when profile file does not exist (#2605) 3.121.5 (2021-10-29) ------------------ * Issue - bump minimum version of `aws-partitions` (#2603). 3.121.4 (2021-10-28) ------------------ * Issue - This version has been yanked. (#2603). * Issue - use the `EndpointProvider` to lookup signing region and name. 3.121.3 (2021-10-20) ------------------ * Issue - Use endpointPrefix when looking up the `signing_region` from the `EndpointProvider`. 3.121.2 (2021-10-18) ------------------ * Issue - Fix an issue where Rest JSON services do not have a `Content-Type` header. * Issue - Remove blank `Content-Type` header from Net::HTTP handler, and prevent a default from being set. * Issue - Set `Content-Length` only for HTTP methods that take a body. 3.121.1 (2021-09-24) ------------------ * Issue - Fix error in finding union member for boolean shapes with `false` values. 3.121.0 (2021-09-02) ------------------ * Feature - Add support for S3 Multi-region access point configuration. 3.120.0 (2021-09-01) ------------------ * Feature - AWS SDK for Ruby no longer supports Ruby runtime versions 1.9, 2.0, 2.1, and 2.2. 3.119.1 (2021-08-20) ------------------ * Issue - Refactored `Aws::Json::Engine` to remove dead code and replaced usage of `JSON.load` with `JSON.parse`. 3.119.0 (2021-07-30) ------------------ * Feature - Support Document Types. Document types are used to carry open content. A document type value is serialized using the same format as its surroundings and requires no additional encoding or escaping.(#2523) 3.118.0 (2021-07-28) ------------------ * Feature - Add support for Tagged Unions using a "sealed" classes like approach where each union member has a corresponding subclass. 3.117.0 (2021-07-12) ------------------ * Feature - Support IPv6 endpoints for `Aws::InstanceProfileCredentials`. It supports two shared configuration options (`ec2_metadata_service_endpoint` & `ec2_metadata_service_endpoint_mode`), two ENV variables (`AWS_EC2_METADATA_SERVICE_ENDPOINT` & `AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE`), and two constructor options (`:endpoint` & `:endpoint_mode`). * Feature - Support IPv6 endpoint for `Aws::EC2Metadata` client. It can be configured with `:endpoint` or `:endpoint_mode`. 3.116.0 (2021-07-07) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.115.0 (2021-06-23) ------------------ * Feature - Add support for Assume Role Chaining in profiles. (#2531) * Issue - Fixed an issue with `Seahorse::Client::H2::Connection` for non-https endpoints. (#2542) 3.114.3 (2021-06-15) ------------------ * Issue - Fixed an issue with `Aws::PageableResponse` where it was modifying original params hash, causing frozen hashes to fail. 3.114.2 (2021-06-09) ------------------ * Issue - Fixed an issue with `Aws::PageableResponse` where intentionally nil tokens were not merged into the params for the next call. 3.114.1 (2021-06-02) ------------------ * Issue - Change XML Builder to not indent by default 3.114.0 (2021-04-13) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.113.1 (2021-03-29) ------------------ * Issue - Ensure end of line characters are correctly encoded in XML. 3.113.0 (2021-03-10) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::SSO::Client with the latest API changes. 3.112.1 (2021-03-04) ------------------ * Issue - Include LICENSE, CHANGELOG, and VERSION files with this gem. 3.112.0 (2021-02-02) ------------------ * Feature - The `hostPrefix` trait will now be applied to any customer provided `:endpoint`. This bug fix is a minor behavioral change for clients using custom endpoints for `s3control`, `iotsitewise`, and `servicediscovery`. This behavior can be disabled by configuring `:disable_host_prefix_injection` to `true`. 3.111.2 (2021-01-19) ------------------ * Issue - Fix a loading issue with SSO and STS gem aliases using `require_relative` instead of `require`. 3.111.1 (2021-01-15) ------------------ * Issue - Fix an issue with `max_attempts` validation raising incorrectly. 3.111.0 (2021-01-11) ------------------ * Feature - Adds an IMDSv2 client as `Aws::EC2Metadata`. 3.110.0 (2020-12-03) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Issue - Support `aws-sdk-sts` alias gem. * Issue - Retry when `Net:HTTPFatalError` is thrown by the `Net::HTTP` library. This can occur when proxy connections are configured. (#2439) 3.109.3 (2020-11-17) ------------------ * Issue - Use full namespace for SSO Client when creating `SSOCredentials` 3.109.2 (2020-11-04) ------------------ * Issue - Check for flattened on ref for lists when serializing. 3.109.1 (2020-10-05) ------------------ * Issue - For errors without a message, default to the error class. (#2388) 3.109.0 (2020-09-30) ------------------ * Feature - Add `Seahorse::Util.host_label?` to check strings for valid RFC-3986 host labels. * Feature - Add `Aws::ARN#to_h`. 3.108.0 (2020-09-25) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.107.0 (2020-09-15) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Issue - Fix circular dependency of `aws-sdk-sso` and `aws-sdk-core` (#2405). 3.106.0 (2020-09-14) ------------------ * Feature - Support `AWS_CA_BUNDLE` ENV variable and `ca_bundle` shared configuration options. The `:ssl_ca_bundle` client option will override either of these options. (#1907) 3.105.0 (2020-08-25) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::SSO::Client with the latest API changes. * Feature - Add `SSOCredentials`. Moved functionality from `aws-sdk-sso` into core. 3.104.4 (2020-08-19) ------------------ * Issue - Use Aws::Json for parsing instead of JSON 3.104.3 (2020-07-23) ------------------ * Issue - Revert duplication of params. Ensure code that relied on internal modification of parameters is not broken. 3.104.2 (2020-07-22) ------------------ * Issue - Validate IO like objects support read,rewind and size unless streaming. Fixes #2364 3.104.1 (2020-07-20) ------------------ * Issue - Duplicate params to ensure user provided params are not modified. Fixes #2366 3.104.0 (2020-07-15) ------------------ * Feature - Add headers to the `ResponseTarget` callback. A block passed as the response target on a streaming method will be called with the `chunk` and `headers`. * Feature - Added the `RequestCallback` plugin which allows clients and methods to set `on_chunk_sent` to a `Proc` which will be called as each chunk of the request body is sent. 3.103.0 (2020-07-01) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.102.1 (2020-06-25) ------------------ * Issue - Set the `response_target` on the context when deleting it from the parameters. 3.102.0 (2020-06-24) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.101.0 (2020-06-23) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Added sensitive params to request and response Types instead of just on a large list. * Feature - Provide an option `:filter_sensitive_params` for `Aws::Log::Formatter` to allow disabling of the sensitive param filter (#2312, #2105, #2082). 3.100.0 (2020-06-15) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.99.2 (2020-06-12) ------------------ * Issue - Don't retry streaming requests with blocks (#2311) 3.99.1 (2020-06-11) ------------------ * Issue - Republish after incorrect yank. 3.99.0 (2020-06-10) ------------------ * Issue - This version has been yanked. (#2327). * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated the list of parameters to filter when logging. * Feature - Support `httpChecksumRequired` on operations that require Content MD5 validation. * Issue - Validate `:region` as a valid DNS host label. 3.98.0 (2020-06-05) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.97.1 (2020-06-01) ------------------ * Issue - Convert ENV['AWS_MAX_ATTEMPTS'] String value to Integer when set. (#2319) * Issue - Handle unknown and unmodeled events from event streams by ignoring them and providing a new callback rather than raising an error. 3.97.0 (2020-05-28) ------------------ * Feature - Default endpoint_discovery to `true` for services with at least one operation that requires it. * Feature - Updated Aws::STS::Client with the latest API changes. 3.96.1 (2020-05-18) ------------------ * Issue - Raise `ArgumentError` for XML services when required URI elements are not included. 3.96.0 (2020-05-15) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.95.0 (2020-05-07) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.94.1 (2020-05-04) ------------------ * Issue - When handling errors in XML responses, don't set a new error on the response if one is already set. 3.94.0 (2020-04-08) ------------------ * Feature - Updated the list of parameters to filter when logging. * Issue - Update dependency on aws-eventstream 3.93.0 (2020-04-06) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.92.0 (2020-03-20) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Issue - Change the default of `sts_regional_endpoints` from 'legacy' to 'regional'. 3.91.1 (2020-03-10) ------------------ * Issue - Rescue from `JSON::ParserError` when using `Oj.mimic_JSON`. (#2247) 3.91.0 (2020-03-09) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Add `standard` and `adaptive` retry modes. 3.90.1 (2020-02-14) ------------------ * Issue - Perform a case-insensitive comparison when filtering sensitive parameters from logs * Issue - Add passthrough of region from client to STS when using `assume_role_web_identity_credentials`. 3.90.0 (2020-02-12) ------------------ * Issue - Updated the list of parameters to filter when logging. * Issue - Parse all values from shared credentials file when using `Aws.shared_config`. * Issue - Honor explicit profile in client config when credentials from AWS_ environment variables are present. * Issue - Fixed a bug where `Transfer-Encoding` could never be set to `chunked` in streaming operations because all body objects (`String`, `StringIO`) would respond to `#size`. 3.89.1 (2020-01-14) ------------------ * Issue - Fix erroneously reaped sessions from `Seahorse::Client::NetHttp::ConnectionPool` due to bad `last_used` time calculation * Issue - Use monotonic clocks when reaping sessions in `Seahorse::Client::NetHttp::ConnectionPool` * Issue - Fix "Conn close because of keep_alive_timeout" when reusing `Seahorse::Client::NetHttp::ConnectionPool` sessions 3.89.0 (2020-01-13) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.88.0 (2020-01-10) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.87.0 (2020-01-09) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Issue - Reuse connections even if `http_wire_trace` is true. 3.86.0 (2019-12-13) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.85.1 (2019-12-11) ------------------ * Issue - Change default timeout to 1 and number of retries to 1 for `InstanceProfileCredentials`. 3.85.0 (2019-12-09) ------------------ * Feature - Add STS Presigner module with a method to generate a presigned EKS token. * Issue - Fix issue for log formatters in clients where http_response_body does not respond to `rewind` when using a block. 3.84.0 (2019-12-04) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.83.0 (2019-12-03) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.82.0 (2019-11-25) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.81.0 (2019-11-22) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.80.0 (2019-11-20) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.79.0 (2019-11-19) ------------------ * Feature - Support EC2 IMDS updates. 3.78.0 (2019-11-15) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.77.0 (2019-11-13) ------------------ * Feature - Support `s3_us_east_1_regional_endpoint` from `SharedConfig` 3.76.0 (2019-11-07) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.75.0 (2019-11-06) ------------------ * Feature - Remove deprecated `access_key_id`, `secret_access_key`, and `session_token` methods in credential providers. 3.74.0 (2019-11-05) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.73.0 (2019-11-04) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.72.1 (2019-10-31) ------------------ * Issue - Fix `EndpointCache#key?` to be thread safe. 3.72.0 (2019-10-24) ------------------ * Feature - Updated the list of parameters to filter when logging. * Issue - Update minimum `aws-partition` gem dependency version 3.71.0 (2019-10-23) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Support enable STS regional endpoints by `sts_regional_endpoints: 'regional'` 3.70.0 (2019-10-22) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.69.1 (2019-10-18) ------------------ * Issue - Fix method redefinition warnings 3.69.0 (2019-10-17) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.68.1 (2019-10-02) ------------------ * Issue - Add final deprecation warnings to `access_key_id`, `secret_access_key`, and `session_token` in credential providers. * Issue - Remove misleading IO documentation from `BlobShape` error output. 3.68.0 (2019-09-16) ------------------ * Feature - Support assuming a role with `:source_profile` from a profile that can be resolved from a `ProcessCredentials` provider. 3.67.0 (2019-09-09) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.66.0 (2019-09-04) ------------------ * Feature - Support CLI AWS_DEFAULT_PROFILE environment variable [Github Issue](https://github.com/aws/aws-sdk-ruby/issues/1452). 3.65.1 (2019-08-28) ------------------ * Issue - Auto refresh credentials for Route53 `ExpiredToken` errors. 3.65.0 (2019-08-27) ------------------ * Feature - Support assuming a role `:source_profile` profile with `AssumeRoleWebIdentityCredentials`. 3.64.0 (2019-08-20) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.63.0 (2019-08-15) ------------------ * Feature - Support passing AssumeRole `duration_seconds` from shared credentials/config file. 3.62.0 (2019-08-02) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.61.2 (2019-07-29) ------------------ * Issue - Add `Aws::STS::InvalidIdentityToken` and `Aws::Errors::NoSuchEndpointError` error for retry. 3.61.1 (2019-07-25) ------------------ * Issue - Fix default STS Client credential sourcing in `Aws::AssumeRoleWebIdentityCredentialsProvider`. 3.61.0 (2019-07-24) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.60.0 (2019-07-23) ------------------ * Feature - Updated the list of parameters to filter when logging. * Issue - Handle `EncodingError` when using Oj gem [Github Issue](https://github.com/aws/aws-sdk-ruby/issues/1831) 3.59.0 (2019-07-03) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.58.0 (2019-07-01) ------------------ * Feature - Support `Aws::AssumeRoleWebIdentityCredentials` provider 3.57.0 (2019-06-28) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.56.0 (2019-06-17) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Support `:client_side_monitoring_host` configuration for CSM 3.55.0 (2019-06-14) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.54.2 (2019-06-03) ------------------ * Issue - Mirgate Proc.new without a block usage #2058. 3.54.1 (2019-05-30) ------------------ * Issue - Improved exception messages in credential providers to exclude detailed parse errors that may contain sensitive information. 3.54.0 (2019-05-28) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated the list of parameters to filter when logging. 3.53.1 (2019-05-22) ------------------ * Issue - Support #to_hash for Struct with `:members` member #2053 3.53.0 (2019-05-21) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated the list of parameters to filter when logging. * Feature - Adding support for modeled exceptions 3.52.1 (2019-05-15) ------------------ * Issue - Handle paginator stubs with expression #2040 3.52.0 (2019-05-14) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated the list of parameters to filter when logging. * Feature - Support transfer encoding and `requiresLength` trait 3.51.0 (2019-05-10) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.50.0 (2019-05-06) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.49.0 (2019-04-30) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.48.6 (2019-04-26) ------------------ * Issue - Call RefreshingCredentials initialize method in ProcessCredentials to set mutex. 3.48.5 (2019-04-24) ------------------ * Issue - Add PriorRequestNotComplete to throttling errors. 3.48.4 (2019-04-18) ------------------ * Issue - Small memory retention reduction. 3.48.3 (2019-03-26) ------------------ * Issue - event header ":event-type" uses member name instead of shape name 3.48.2 (2019-03-20) ------------------ * Issue - Support signal events after request only [HTTP2] 3.48.1 (2019-03-19) ------------------ * Issue - Clean up unnecessary error output when 'http-2' gem is not present. 3.48.0 (2019-03-18) ------------------ * Feature - Updated the list of parameters to filter when logging. * Feature - Fix http-2 Dependency for Old Ruby Versions (Github Issue #1994) 3.47.0 (2019-03-14) ------------------ * Feature - Support HTTP/2 based AWS event stream operations 3.46.2 (2019-02-19) ------------------ * Issue - Update NetHttp Patches per Ruby version (Github Issue: #1979) 3.46.1 (2019-02-12) ------------------ * Issue - Fix the issue that APIG SDK doesn't have regional endpoint related plugins. 3.46.0 (2019-01-16) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.45.0 (2019-01-11) ------------------ * Feature - Improve Query protocol handling of empty responses, to ensure response is an instance of `Aws::EmptyStructure` rather than the class `Aws::EmptyStructure` itself. * Issue - Plugin updates to support client-side monitoring. 3.44.2 (2019-01-04) ------------------ * Issue - Update to code paths and plugins for future SDK instrumentation and telemetry. 3.44.1 (2018-12-17) ------------------ * Issue - Update sensitive filtering logic to include `#to_s` calls of shapes. 3.44.0 (2018-12-07) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.43.0 (2018-12-04) ------------------ * Feature - Update user agent structure. 3.42.0 (2018-11-29) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.41.0 (2018-11-28) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.40.0 (2018-11-27) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.39.0 (2018-11-20) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated the list of parameters to filter when logging. * Feature - Adding support for endpoint trait (host prefix) per operation, to disable this feature, set `:disable_host_prefix_injection` to `false` for the client. 3.38.0 (2018-11-12) ------------------ * Feature - Updated the list of parameters to filter when logging. * Feature - Adding `TransactionInProgressException` for throttling retry 3.37.0 (2018-11-08) ------------------ * Feature - Adding support for endpoint discovery per operation, to enable this feature, set `:endpoint_discovery` to `true` for the client. Note: only available for services with endpoint discovery support. 3.36.0 (2018-10-30) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.35.0 (2018-10-24) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated the list of parameters to filter when logging. 3.34.0 (2018-10-23) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Allow 429 response code to trigger throttle detection 3.33.0 (2018-10-22) ------------------ * Feature - Update to code paths and plugins for future SDK instrumentation and telemetry. 3.32.0 (2018-10-18) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.31.0 (2018-10-16) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.30.0 (2018-10-04) ------------------ * Feature - Adds to code paths and plugins for future SDK instrumentation and telemetry. 3.29.0 (2018-09-28) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.28.0 (2018-09-25) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.27.1 (2018-09-21) ------------------ * Issue - Fixes a bug in the `:response_target` plugin error callback. Under certain circumstances a special body object can be removed before its error callback is triggered, breaking retry logic. 3.27.0 (2018-09-06) ------------------ * Feature - Adds code paths and plugins for future SDK instrumentation and telemetry to aws-sdk-sts. 3.26.0 (2018-09-05) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Adds code paths and plugins for future SDK instrumentation and telemetry. 3.25.0 (2018-08-29) ------------------ * Feature - Updated the list of parameters to filter when logging. * Issue - Add `:exclude_presign` option for #api_requests at client stubbing to allow excluding non-sent request from presigned url (Github Issue #1866) 3.24.1 (2018-08-13) ------------------ * Issue - Update `ca-bundle.crt` file with newer root certificate authorities. 3.24.0 (2018-08-03) ------------------ * Feature - Extensible Credential Providers, allows you to declare an executable to be run that outputs the credentials as a JSON payload allowing you to develop custom credential providers and easily add them to the credential resolution chain, [Docs](https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes) 3.23.0 (2018-07-31) ------------------ * Feature - Add Logged API Requests interface to stubbed clients 3.22.1 (2018-06-28) ------------------ * Issue - Performance enhancement to instance credential providers, to use a more precisely scoped Time parsing method for improved performance. 3.22.0 (2018-06-26) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Allows you to set custom paths to shared config and shared credential files via the `AWS_CONFIG_FILE` and `AWS_SHARED_CREDENTIALS_FILE` environment variables. * Feature - Flexible retry strategies. Provides the `:retry_max_delay`, `:retry_base_delay`, and `:retry_jitter` options, which modify the default backoff strategy without the need to define a full retry lambda from scratch. 3.21.3 (2018-06-20) ------------------ * Issue - Fix to support URI encoded characters in http_proxy 3.21.2 (2018-05-22) ------------------ * Issue - Update `EventEmitter` to `Aws::EventEmitter` [Github Issue](https://github.com/aws/aws-sdk-ruby/issues/1791) 3.21.1 (2018-05-18) ------------------ * Issue - Remove `raw_stream` tracking, [Github Issue](https://github.com/aws/aws-sdk-ruby/issues/1786) 3.21.0 (2018-05-17) ------------------ * Feature - Support `vnd.amazon.event-stream` binary stream protocol over HTTP1.1 3.20.2 (2018-04-26) ------------------ * Issue - Avoiding Net::HTTP patching for Ruby 2.5 3.20.1 (2018-04-24) ------------------ * Issue - Fix parsing flattened XML shape from shape reference for S3 https://github.com/aws/aws-sdk-ruby/issues/1764 3.20.0 (2018-04-23) ------------------ * Feature - Aws::InstanceProfileCredentials - Add sending a User-Agent other than the default User-Agent in Ruby. Adding the User-Agent `aws-sdk-ruby3/` to allow protection against Server Side Request Forgery (SSRF) credential theft vectors by use of a metadata proxy. 3.19.0 (2018-04-04) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.18.1 (2018-03-29) ------------------ * Issue - Fix undefined method `each`/`next` for `Enumerable::Enumerator` when this class exists in the environment 3.18.0 (2018-03-28) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.17.1 (2018-03-20) ------------------ * Issue - Support timestamp shape in querystring 3.17.0 (2018-02-27) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Issue - Fix Ruby warnings: Shadowed local variables "parts" and "headers" 3.16.0 (2018-02-20) ------------------ * Feature - Aws::InstanceProfileCredentials - When the `AWS_EC2_METADATA_DISABLED` environment variable is present with the value `true` (not case sensitive), the `Aws::InstanceProfileCredentials` credential provider will not be used. 3.15.0 (2018-02-06) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.14.0 (2018-01-15) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.13.1 (2018-01-12) ------------------ * Issue - Fix Ruby 2.5 warnings. 3.13.0 (2017-12-21) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.12.0 (2017-12-20) ------------------ * Feature - Adds support for credential_source when assuming a role via shared configuration. * Issue - Update APIGateway SDK user agent pattern 3.11.0 (2017-11-29) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.10.0 (2017-11-29) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.9.0 (2017-11-20) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated the list of parameters to filter when logging. 3.8.0 (2017-11-19) ------------------ * Feature - Add support for APIGateway protocol and custom service build. 3.7.0 (2017-11-07) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated the list of parameters to filter when logging. 3.6.1 (2017-11-07) ------------------ * Issue - Update empty struct stubbing shape 3.6.0 (2017-09-20) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.5.0 (2017-09-13) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.4.0 (2017-09-12) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.3.1 (2017-09-11) ------------------ * Issue - Fix core util deep copy issue #1603 3.3.0 (2017-09-07) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.2.1 (2017-09-06) ------------------ * Issue - Remove redundant version file. 3.2.0 (2017-08-31) ------------------ * Feature - Updated the list of parameters to filter when logging. * Issue - Update `aws-sdk-core` gemspec metadata. * Issue - Update `aws-sdk-core` gemspec metadata 3.1.0 (2017-08-30) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.0.0 (2017-08-29) ------------------ 3.0.0.rc20 (2017-08-14) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.0.0.rc19 (2017-07-31) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.0.0.rc18 (2017-07-24) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.0.0.rc17 (2017-07-12) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.0.0.rc16 (2017-07-06) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.0.0.rc15 (2017-07-06) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.0.0.rc14 (2017-06-29) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. 3.0.0.rc13 (2017-06-26) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated the list of parameters to filter when logging. * Issue - Aws::CredentialProviderChain - Fetching `AWS_PROFILE` environment variable before using `default` profile. 3.0.0.rc12 (2017-05-23) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Update throttling error pool of retry * Feature - Update `User-Agent` format 3.0.0.rc11 (2017-05-09) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::STS::Client with the latest API changes. 3.0.0.rc10 (2017-05-09) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::STS::Client with the latest API changes. 3.0.0.rc9 (2017-05-05) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Added support for Ruby 2.4 * Issue - Revert 'cgi/util' change that breaks Ruby 2.4 3.0.0.rc8 (2017-04-21) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated the list of parameters to filter when logging. 3.0.0.rc7 (2017-03-09) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated the list of parameters to filter when logging. 3.0.0.rc6 (2017-03-08) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::STS::Client with the latest API changes. 3.0.0.rc5 (2017-03-07) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::STS::Client with the latest API changes. 3.0.0.rc4 (2017-03-07) ------------------ * Feature - Updated the list of parameters to filter when logging. 3.0.0.rc3 (2017-01-24) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated the list of parameters to filter when logging. 3.0.0.rc2 (2016-12-09) ------------------ * Feature - Updated Aws::STS::Client with the latest API changes. * Feature - Updated the list of parameters to filter when logging. 3.0.0.rc1 (2016-12-05) ------------------ * Feature - Initial preview release of the `aws-sdk-core` gem. aws-sdk-core-3.191.2/ca-bundle.crt0000644000004100000410000066465414563437550016623 0ustar www-datawww-data# C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1 -----BEGIN CERTIFICATE----- MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE AwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw CQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ BgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUND VjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCb qau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoY HtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWo G2ioPej0RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpA lHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhr IA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/ 0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9wrqODJerWx5eH k6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2x/47 4KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMO m3WR5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpa cXpkatcnYGMN285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPl uUsXQA+xtrn13k/c4LOsOxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYI KwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmls ZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEuY3J0MB8GCCsG AQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeT VfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIG CCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUA cgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEA QwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA 7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQA cgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAA QwBQAFMAIABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUA czAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2Mu aHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRt aW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4GA1Ud DwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEF BQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdp D70ER9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gU JyCpZET/LtZ1qmxNYEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+m AM/EKXMRNt6GGT6d7hmKG9Ww7Y49nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepD vV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJTS+xJlsndQAJxGJ3KQhfnlms tn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3sCPdK6jT2iWH 7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szA h1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xF d3+YJ5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2H pPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7 -----END CERTIFICATE----- # OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES -----BEGIN CERTIFICATE----- MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ BgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBG Tk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALpxgHpMhm5/ yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcfqQgf BBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAz WHFctPVrbtQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxF tBDXaEAUwED653cXeuYLj2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z 374jNUUeAlz+taibmSXaXvMiwzn15Cou08YfxGyqxRxqAQVKL9LFwag0Jl1mpdIC IfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mwWsXmo8RZZUc1g16p6DUL mbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnTtOmlcYF7 wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peS MKGJ47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2 ZSysV4999AeU14ECll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMet UqIJ5G+GR4of6ygnXYMgrwTJbFaai0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUw AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPd9xf3E6Jobd2Sn9R2gzL+H YJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3 LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1 RXxlDPiyN8+sD8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYM LVN0V2Ue1bLdI4E7pWYjJ2cJj+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf 77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrTQfv6MooqtyuGC2mDOL7Nii4LcK2N JpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW+YJF1DngoABd15jm fZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7Ixjp 6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp 1txyM/1d8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B 9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wok RqEIr9baRRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYv uu8wd+RU4riEmViAqhOLUTpPSPaLtrM= -----END CERTIFICATE----- # CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT -----BEGIN CERTIFICATE----- MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX 4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ 51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== -----END CERTIFICATE----- # CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE -----BEGIN CERTIFICATE----- MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -----END CERTIFICATE----- # CN=AffirmTrust Commercial,O=AffirmTrust,C=US -----BEGIN CERTIFICATE----- MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= -----END CERTIFICATE----- # CN=AffirmTrust Networking,O=AffirmTrust,C=US -----BEGIN CERTIFICATE----- MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp 6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= -----END CERTIFICATE----- # CN=AffirmTrust Premium,O=AffirmTrust,C=US -----BEGIN CERTIFICATE----- MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ +jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S 5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B 8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc 0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e KeC2uAloGRwYQw== -----END CERTIFICATE----- # CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US -----BEGIN CERTIFICATE----- MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D 0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== -----END CERTIFICATE----- # CN=Amazon Root CA 1,O=Amazon,C=US -----BEGIN CERTIFICATE----- MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM 9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L 93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU 5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy rqXRfboQnoZsG4q5WTP468SQvvG5 -----END CERTIFICATE----- # CN=Amazon Root CA 2,O=Amazon,C=US -----BEGIN CERTIFICATE----- MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg 1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K 8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r 2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR 8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz 7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6 +XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI 0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2 LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY +gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl 7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+ fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63 n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE 76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H 9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT 4PsJYGw= -----END CERTIFICATE----- # CN=Amazon Root CA 3,O=Amazon,C=US -----BEGIN CERTIFICATE----- MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM YyRIHN8wfdVoOw== -----END CERTIFICATE----- # CN=Amazon Root CA 4,O=Amazon,C=US -----BEGIN CERTIFICATE----- MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5 MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi 9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB /zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW 1KyLa2tJElMzrdfkviT8tQp21KW8EA== -----END CERTIFICATE----- # C=DE,O=Atos,CN=Atos TrustedRoot 2011 -----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ 4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed -----END CERTIFICATE----- # CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES -----BEGIN CERTIFICATE----- MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF 6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF 661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS 3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF 3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V -----END CERTIFICATE----- # CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE -----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp -----END CERTIFICATE----- # CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO -----BEGIN CERTIFICATE----- MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr 6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN 9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h 9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo +fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h 3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= -----END CERTIFICATE----- # CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO -----BEGIN CERTIFICATE----- MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX 0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c /3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D 34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv 033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq 4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= -----END CERTIFICATE----- # CN=CA Disig Root R1,O=Disig a.s.,L=Bratislava,C=SK -----BEGIN CERTIFICATE----- MIIFaTCCA1GgAwIBAgIJAMMDmu5QkG4oMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNV BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIxMB4XDTEyMDcxOTA5MDY1NloXDTQy MDcxOTA5MDY1NlowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjEw ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqw3j33Jijp1pedxiy3QRk D2P9m5YJgNXoqqXinCaUOuiZc4yd39ffg/N4T0Dhf9Kn0uXKE5Pn7cZ3Xza1lK/o OI7bm+V8u8yN63Vz4STN5qctGS7Y1oprFOsIYgrY3LMATcMjfF9DCCMyEtztDK3A fQ+lekLZWnDZv6fXARz2m6uOt0qGeKAeVjGu74IKgEH3G8muqzIm1Cxr7X1r5OJe IgpFy4QxTaz+29FHuvlglzmxZcfe+5nkCiKxLU3lSCZpq+Kq8/v8kiky6bM+TR8n oc2OuRf7JT7JbvN32g0S9l3HuzYQ1VTW8+DiR0jm3hTaYVKvJrT1cU/J19IG32PK /yHoWQbgCNWEFVP3Q+V8xaCJmGtzxmjOZd69fwX3se72V6FglcXM6pM6vpmumwKj rckWtc7dXpl4fho5frLABaTAgqWjR56M6ly2vGfb5ipN0gTco65F97yLnByn1tUD 3AjLLhbKXEAz6GfDLuemROoRRRw1ZS0eRWEkG4IupZ0zXWX4Qfkuy5Q/H6MMMSRE 7cderVC6xkGbrPAXZcD4XW9boAo0PO7X6oifmPmvTiT6l7Jkdtqr9O3jw2Dv1fkC yC2fg69naQanMVXVz0tv/wQFx1isXxYb5dKj6zHbHzMVTdDypVP1y+E9Tmgt2BLd qvLmTZtJ5cUoobqwWsagtQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud DwEB/wQEAwIBBjAdBgNVHQ4EFgQUiQq0OJMa5qvum5EY+fU8PjXQ04IwDQYJKoZI hvcNAQEFBQADggIBADKL9p1Kyb4U5YysOMo6CdQbzoaz3evUuii+Eq5FLAR0rBNR xVgYZk2C2tXck8An4b58n1KeElb21Zyp9HWc+jcSjxyT7Ff+Bw+r1RL3D65hXlaA SfX8MPWbTx9BLxyE04nH4toCdu0Jz2zBuByDHBb6lM19oMgY0sidbvW9adRtPTXo HqJPYNcHKfyyo6SdbhWSVhlMCrDpfNIZTUJG7L399ldb3Zh+pE3McgODWF3vkzpB emOqfDqo9ayk0d2iLbYq/J8BjuIQscTK5GfbVSUZP/3oNn6z4eGBrxEWi1CXYBmC AMBrTXO40RMHPuq2MU/wQppt4hF05ZSsjYSVPCGvxdpHyN85YmLLW1AL14FABZyb 7bq2ix4Eb5YgOe2kfSnbSM6C3NQCjR0EMVrHS/BsYVLXtFHCgWzN4funodKSds+x DzdYpPJScWc/DIh4gInByLUfkmO+p3qKViwaqKactV2zY9ATIKHrkWzQjX2v3wvk F7mGnjixlAxYjOBVqjtjbZqJYLhkKpLGN/R+Q0O3c+gB53+XD9fyexn9GtePyfqF a3qdnom2piiZk4hA9z7NUaPK6u95RyG1/jLix8NRb76AdPCkwzryT+lf3xkK8jsT Q6wxpLPn6/wY1gGp8yqPNg7rtLG8t0zJa7+h89n07eLw4+1knj0vllJPgFOL -----END CERTIFICATE----- # CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK -----BEGIN CERTIFICATE----- MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy MDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjIw ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbCw3Oe NcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNH PWSb6WiaxswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3I x2ymrdMxp7zo5eFm1tL7A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbe QTg06ov80egEFGEtQX6sx3dOy1FU+16SGBsEWmjGycT6txOgmLcRK7fWV8x8nhfR yyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqVg8NTEQxzHQuyRpDRQjrO QG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa5Beny912 H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJ QfYEkoopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUD i/ZnWejBBhG93c+AAk9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORs nLMOPReisjQS1n6yqEm70XooQL6iFh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1 rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud DwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5uQu0wDQYJKoZI hvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqf GopTpti72TVVsRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkb lvdhuDvEK7Z4bLQjb/D907JedR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka +elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W81k/BfDxujRNt+3vrMNDcTa/F1bal TFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjxmHHEt38OFdAlab0i nSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01utI3 gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18Dr G5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL -----END CERTIFICATE----- # CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU -----BEGIN CERTIFICATE----- MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq 7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3 0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p 26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi 1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0 eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu tGWaIZDgqtCYvDi1czyL+Nw= -----END CERTIFICATE----- # CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU -----BEGIN CERTIFICATE----- MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9 MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0 Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795 B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/ AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== -----END CERTIFICATE----- # CN=Certigna,O=Dhimyotis,C=FR -----BEGIN CERTIFICATE----- MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q 130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG 9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== -----END CERTIFICATE----- # CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR -----BEGIN CERTIFICATE----- MIIFkjCCA3qgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJGUjET MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxHTAb BgNVBAMTFENlcnRpbm9taXMgLSBSb290IENBMB4XDTEzMTAyMTA5MTcxOFoXDTMz MTAyMTA5MTcxOFowWjELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMx FzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMR0wGwYDVQQDExRDZXJ0aW5vbWlzIC0g Um9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANTMCQosP5L2 fxSeC5yaah1AMGT9qt8OHgZbn1CF6s2Nq0Nn3rD6foCWnoR4kkjW4znuzuRZWJfl LieY6pOod5tK8O90gC3rMB+12ceAnGInkYjwSond3IjmFPnVAy//ldu9n+ws+hQV WZUKxkd8aRi5pwP5ynapz8dvtF4F/u7BUrJ1Mofs7SlmO/NKFoL21prbcpjp3vDF TKWrteoB4owuZH9kb/2jJZOLyKIOSY008B/sWEUuNKqEUL3nskoTuLAPrjhdsKkb 5nPJWqHZZkCqqU2mNAKthH6yI8H7KsZn9DS2sJVqM09xRLWtwHkziOC/7aOgFLSc CbAK42C++PhmiM1b8XcF4LVzbsF9Ri6OSyemzTUK/eVNfaoqoynHWmgE6OXWk6Ri wsXm9E/G+Z8ajYJJGYrKWUM66A0ywfRMEwNvbqY/kXPLynNvEiCL7sCCeN5LLsJJ wx3tFvYk9CcbXFcx3FXuqB5vbKziRcxXV4p1VxngtViZSTYxPDMBbRZKzbgqg4SG m/lg0h9tkQPTYKbVPZrdd5A9NaSfD171UkRpucC63M9933zZxKyGIjK8e2uR73r4 F2iw4lNVYC2vPsKD2NkJK/DAZNuHi5HMkesE/Xa0lZrmFAYb1TQdvtj/dBxThZng WVJKYe2InmtJiUZ+IFrZ50rlau7SZRFDAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTvkUz1pcMw6C8I6tNxIqSSaHh0 2TAfBgNVHSMEGDAWgBTvkUz1pcMw6C8I6tNxIqSSaHh02TANBgkqhkiG9w0BAQsF AAOCAgEAfj1U2iJdGlg+O1QnurrMyOMaauo++RLrVl89UM7g6kgmJs95Vn6RHJk/ 0KGRHCwPT5iVWVO90CLYiF2cN/z7ZMF4jIuaYAnq1fohX9B0ZedQxb8uuQsLrbWw F6YSjNRieOpWauwK0kDDPAUwPk2Ut59KA9N9J0u2/kTO+hkzGm2kQtHdzMjI1xZS g081lLMSVX3l4kLr5JyTCcBMWwerx20RoFAXlCOotQqSD7J6wWAsOMwaplv/8gzj qh8c3LigkyfeY+N/IZ865Z764BNqdeuWXGKRlI5nU7aJ+BIJy29SWwNyhlCVCNSN h4YVH5Uk2KRvms6knZtt0rJ2BobGVgjF6wnaNsIbW0G+YSrjcOa4pvi2WsS9Iff/ ql+hbHY5ZtbqTFXhADObE5hjyW/QASAJN1LnDE8+zbz1X5YnpyACleAu6AdBBR8V btaw5BngDwKTACdyxYvRVB9dSsNAl35VpnzBMwQUAR1JIGkLGZOdblgi90AMRgwj Y/M50n92Uaf0yKHxDHYiI0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ 8ow7bkrHxuaAKzyBvBGAFhAn1/DNP3nMcyrDflOR1m749fPH0FFNjkulW+YZFzvW gQncItzujrnEj1PhZ7szuIgVRs/taTX/dQ1G885x4cVrhkIGuUE= -----END CERTIFICATE----- # CN=Class 2 Primary CA,O=Certplus,C=FR -----BEGIN CERTIFICATE----- MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9 MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0 HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4 QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/ AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8 yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 l7+ijrRU -----END CERTIFICATE----- # CN=Certplus Root CA G1,O=Certplus,C=FR -----BEGIN CERTIFICATE----- MIIFazCCA1OgAwIBAgISESBVg+QtPlRWhS2DN7cs3EYRMA0GCSqGSIb3DQEBDQUA MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy dHBsdXMgUm9vdCBDQSBHMTAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBa MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy dHBsdXMgUm9vdCBDQSBHMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB ANpQh7bauKk+nWT6VjOaVj0W5QOVsjQcmm1iBdTYj+eJZJ+622SLZOZ5KmHNr49a iZFluVj8tANfkT8tEBXgfs+8/H9DZ6itXjYj2JizTfNDnjl8KvzsiNWI7nC9hRYt 6kuJPKNxQv4c/dMcLRC4hlTqQ7jbxofaqK6AJc96Jh2qkbBIb6613p7Y1/oA/caP 0FG7Yn2ksYyy/yARujVjBYZHYEMzkPZHogNPlk2dT8Hq6pyi/jQu3rfKG3akt62f 6ajUeD94/vI4CTYd0hYCyOwqaK/1jpTvLRN6HkJKHRUxrgwEV/xhc/MxVoYxgKDE EW4wduOU8F8ExKyHcomYxZ3MVwia9Az8fXoFOvpHgDm2z4QTd28n6v+WZxcIbekN 1iNQMLAVdBM+5S//Ds3EC0pd8NgAM0lm66EYfFkuPSi5YXHLtaW6uOrc4nBvCGrc h2c0798wct3zyT8j/zXhviEpIDCB5BmlIOklynMxdCm+4kLV87ImZsdo/Rmz5yCT mehd4F6H50boJZwKKSTUzViGUkAksnsPmBIgJPaQbEfIDbsYIC7Z/fyL8inqh3SV 4EJQeIQEQWGw9CEjjy3LKCHyamz0GqbFFLQ3ZU+V/YDI+HLlJWvEYLF7bY5KinPO WftwenMGE9nTdDckQQoRb5fc5+R+ob0V8rqHDz1oihYHAgMBAAGjYzBhMA4GA1Ud DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSowcCbkahDFXxd Bie0KlHYlwuBsTAfBgNVHSMEGDAWgBSowcCbkahDFXxdBie0KlHYlwuBsTANBgkq hkiG9w0BAQ0FAAOCAgEAnFZvAX7RvUz1isbwJh/k4DgYzDLDKTudQSk0YcbX8ACh 66Ryj5QXvBMsdbRX7gp8CXrc1cqh0DQT+Hern+X+2B50ioUHj3/MeXrKls3N/U/7 /SMNkPX0XtPGYX2eEeAC7gkE2Qfdpoq3DIMku4NQkv5gdRE+2J2winq14J2by5BS S7CTKtQ+FjPlnsZlFT5kOwQ/2wyPX1wdaR+v8+khjPPvl/aatxm2hHSco1S1cE5j 2FddUyGbQJJD+tZ3VTNPZNX70Cxqjm0lpu+F6ALEUz65noe8zDUa3qHpimOHZR4R Kttjd5cUvpoUmRGywO6wT/gUITJDT5+rosuoD6o7BlXGEilXCNQ314cnrUlZp5Gr RHpejXDbl85IULFzk/bwg2D5zfHhMf1bfHEhYxQUqq/F3pN+aLHsIqKqkHWetUNy 6mSjhEv9DKgma3GX7lZjZuhCVPnHHd/Qj1vfyDBviP4NxDMcU6ij/UgQ8uQKTuEV V/xuZDDCVRHc6qnNSlSsKWNEz0pAoNZoWRsz+e86i9sgktxChL8Bq4fA1SCC28a5 g4VCXA9DO2pJNdWY9BW/+mGBDAkgGNLQFwzLSABQ6XaCjGTXOqAHVcweMcDvOrRl ++O/QmueD6i9a5jc2NvLi6Td11n0bt3+qsOR0C5CB8AMTVPNJLFMWx5R9N/pkvo= -----END CERTIFICATE----- # CN=Certplus Root CA G2,O=Certplus,C=FR -----BEGIN CERTIFICATE----- MIICHDCCAaKgAwIBAgISESDZkc6uo+jF5//pAq/Pc7xVMAoGCCqGSM49BAMDMD4x CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs dXMgUm9vdCBDQSBHMjAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4x CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs dXMgUm9vdCBDQSBHMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABM0PW1aC3/BFGtat 93nwHcmsltaeTpwftEIRyoa/bfuFo8XlGVzX7qY/aWfYeOKmycTbLXku54uNAm8x Ik0G42ByRZ0OQneezs/lf4WbGOT8zC5y0xaTTsqZY1yhBSpsBqNjMGEwDgYDVR0P AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqDYwJ5jtpMxjwj FNiPwyCrKGBZMB8GA1UdIwQYMBaAFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMAoGCCqG SM49BAMDA2gAMGUCMHD+sAvZ94OX7PNVHdTcswYO/jOYnYs5kGuUIe22113WTNch p+e/IQ8rzfcq3IUHnQIxAIYUFuXcsGXCwI4Un78kFmjlvPl5adytRSv3tjFzzAal U5ORGpOucGpnutee5WEaXw== -----END CERTIFICATE----- # OU=certSIGN ROOT CA,O=certSIGN,C=RO -----BEGIN CERTIFICATE----- MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do 0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ 44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN 9u6wWk5JRFRYX0KD -----END CERTIFICATE----- # CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL -----BEGIN CERTIFICATE----- MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI 03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= -----END CERTIFICATE----- # CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL -----BEGIN CERTIFICATE----- MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMCIYDzIwMTExMDA2MDgz OTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZ VW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRp ZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3 b3JrIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWA DGSdhhuWZGc/IjoedQF97/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn 0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+oCgCXhVqqndwpyeI1B+twTUrWwbNWuKFB OJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40bRr5HMNUuctHFY9rnY3lE fktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2puTRZCr+E Sv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1m o130GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02i sx7QBlrd9pPPV3WZ9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOW OZV7bIBaTxNyxtd9KXpEulKkKtVBRgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgez Tv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pyehizKV/Ma5ciSixqClnrDvFAS adgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vMBhBgu4M1t15n 3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMC AQYwDQYJKoZIhvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQ F/xlhMcQSZDe28cmk4gmb3DWAl45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTf CVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuAL55MYIR4PSFk1vtBHxgP58l1cb29 XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMoclm2q8KMZiYcdywm djWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tMpkT/ WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jb AoJnwTnbw3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksq P/ujmv5zMnHCnsZy4YpoJ/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Ko b7a6bINDd82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnj XALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P 5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbi DrW5viSP -----END CERTIFICATE----- # CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN -----BEGIN CERTIFICATE----- MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03 sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5 /ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp 7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19 xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN 5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe /v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ 5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su -----END CERTIFICATE----- # CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -----BEGIN CERTIFICATE----- MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9 28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR 5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s +12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5 Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1 +HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF 5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1 glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2 pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ d0jQ -----END CERTIFICATE----- # CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB -----BEGIN CERTIFICATE----- MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe 3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== -----END CERTIFICATE----- # CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB -----BEGIN CERTIFICATE----- MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI 2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp +2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW /zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB ZQ== -----END CERTIFICATE----- # CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB -----BEGIN CERTIFICATE----- MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= -----END CERTIFICATE----- # CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB -----BEGIN CERTIFICATE----- MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR 6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC 9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV /erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z +pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB /wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM 4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV 2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl 0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB NVOFBkpdn627G190 -----END CERTIFICATE----- # CN=Cybertrust Global Root,O=Cybertrust\, Inc -----BEGIN CERTIFICATE----- MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5 7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW WL1WMRJOEcgh4LMRkWXbtKaIOM5V -----END CERTIFICATE----- # CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -----BEGIN CERTIFICATE----- MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290 IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl 6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+ xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU Cm26OWMohpLzGITY+9HPBVZkVw== -----END CERTIFICATE----- # CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US -----BEGIN CERTIFICATE----- MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe +o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== -----END CERTIFICATE----- # CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US -----BEGIN CERTIFICATE----- MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I 0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9 B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo IhNzbM8m9Yop5w== -----END CERTIFICATE----- # CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US -----BEGIN CERTIFICATE----- MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv 6pZjamVFkpUBtA== -----END CERTIFICATE----- # CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US -----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt 43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg 06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= -----END CERTIFICATE----- # CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US -----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI 2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx 1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV 5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY 1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl MrY= -----END CERTIFICATE----- # CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US -----BEGIN CERTIFICATE----- MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 sycX -----END CERTIFICATE----- # CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US -----BEGIN CERTIFICATE----- MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm +9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep +OkuE6N36B9K -----END CERTIFICATE----- # CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US -----BEGIN CERTIFICATE----- MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t 9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd +SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N 0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie 4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 /YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ -----END CERTIFICATE----- # CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US -----BEGIN CERTIFICATE----- MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBb MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3Qx ETAPBgNVBAsTCERTVCBBQ0VTMRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0w MzExMjAyMTE5NThaFw0xNzExMjAyMTE5NThaMFsxCzAJBgNVBAYTAlVTMSAwHgYD VQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UECxMIRFNUIEFDRVMx FzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPu ktKe1jzIDZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7 gLFViYsx+tC3dr5BPTCapCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZH fAjIgrrep4c9oW24MFbCswKBXy314powGCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4a ahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPyMjwmR/onJALJfh1biEIT ajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1UdEwEB/wQF MAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rk c3QuY29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjto dHRwOi8vd3d3LnRydXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMt aW5kZXguaHRtbDAdBgNVHQ4EFgQUCXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZI hvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V25FYrnJmQ6AgwbN99Pe7lv7Uk QIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6tFr8hlxCBPeP/ h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpR rscL9yuwNwXsvFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf2 9w4LTJxoeHtxMcfrHuBnQfO3oKfN5XozNmr6mis= -----END CERTIFICATE----- # CN=DST Root CA X3,O=Digital Signature Trust Co. -----BEGIN CERTIFICATE----- MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ -----END CERTIFICATE----- # CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE -----BEGIN CERTIFICATE----- MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03 UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42 tSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R ySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM lFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp /hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G A1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy MENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl cmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js L2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL BQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni acfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K zCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8 PIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y Johw1+qRzT65ysCQblrGXnRl11z+o+I= -----END CERTIFICATE----- # CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE -----BEGIN CERTIFICATE----- MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw NDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn ljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0 3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z qQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR p75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8 HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw ggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea HNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt dHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp 3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 -----END CERTIFICATE----- # CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES -----BEGIN CERTIFICATE----- MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB 8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1 YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3 dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R 85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm 4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4 opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y /X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EI= -----END CERTIFICATE----- # emailAddress=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE -----BEGIN CERTIFICATE----- MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1 MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYG CSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIwMTAxMDMwMTAxMDMwWhgPMjAzMDEy MTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNl ZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBS b290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUy euuOF0+W2Ap7kaJjbMeMTC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvO bntl8jixwKIy72KyaOBhU8E2lf/slLo2rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIw WFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw93X2PaRka9ZP585ArQ/d MtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtNP2MbRMNE 1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYD VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/ zQas8fElyalL1BSZMEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYB BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEF BQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+RjxY6hUFaTlrg4wCQiZrxTFGGV v9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqMlIpPnTX/dqQG E5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIW iAYLtqZLICjU3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/v GVCJYMzpJJUPwssd8m92kMfMdcGWxZ0= -----END CERTIFICATE----- # CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net -----BEGIN CERTIFICATE----- MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3 MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH 4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+ bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er fF6adulZkMV8gzURZVE= -----END CERTIFICATE----- # CN=Entrust Root Certification Authority,OU=(c) 2006 Entrust\, Inc.,OU=www.entrust.net/CPS is incorporated by reference,O=Entrust\, Inc.,C=US -----BEGIN CERTIFICATE----- MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi 94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP 9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m 0vdXcDazv/wor3ElhVsT/h5/WrQ8 -----END CERTIFICATE----- # CN=Entrust Root Certification Authority - EC1,OU=(c) 2012 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US -----BEGIN CERTIFICATE----- MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3 d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0 L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G -----END CERTIFICATE----- # CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US -----BEGIN CERTIFICATE----- MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0 aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1 U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0 jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/ jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v 1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g== -----END CERTIFICATE----- # OU=ePKI Root Certification Authority,O=Chunghwa Telecom Co.\, Ltd.,C=TW -----BEGIN CERTIFICATE----- MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1 TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/ gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2 j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6 5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS /jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D hNQ+IIX3Sj0rnP0qCglN6oH4EZw= -----END CERTIFICATE----- # CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş.,L=Ankara,C=TR -----BEGIN CERTIFICATE----- MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1 Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+ BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8 zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6 Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5 XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c 77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3 +GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6 FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA== -----END CERTIFICATE----- # CN=GDCA TrustAUTH R5 ROOT,O=GUANG DONG CERTIFICATE AUTHORITY CO.\,LTD.,C=CN -----BEGIN CERTIFICATE----- MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB /wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io 2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV 09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== -----END CERTIFICATE----- # CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US -----BEGIN CERTIFICATE----- MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU 1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV 5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== -----END CERTIFICATE----- # CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US -----BEGIN CERTIFICATE----- MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9 AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0 7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1 6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl 4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= -----END CERTIFICATE----- # CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -----BEGIN CERTIFICATE----- MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz rD6ogRLQy7rQkgu2npaqBA+K -----END CERTIFICATE----- # CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -----BEGIN CERTIFICATE----- MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0 BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz +uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn 5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G spki4cErx5z481+oghLrGREt -----END CERTIFICATE----- # CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US -----BEGIN CERTIFICATE----- MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0 IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8 cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+ nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB /wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG 9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9 ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw= -----END CERTIFICATE----- # CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US -----BEGIN CERTIFICATE----- MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEW MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVy c2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYD VQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1 c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC AQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0DE81 WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUG FF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdq XbboW0W63MOhBW9Wjo8QJqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxL se4YuU6W3Nx2/zu+z18DwPw76L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwb KNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8Fd IgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73 y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRt hAAnZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgoc QIgfksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4 Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNV HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAfBgNV HSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8EBAMCAYYwDQYJ KoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQ L1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgr Fg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSo ag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpqA1Ihn0CoZ1Dy81of398j9tx4TuaY T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m 1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH 6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS -----END CERTIFICATE----- # CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -----BEGIN CERTIFICATE----- MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7 G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2 zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4 ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2 Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r 6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z 09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B -----END CERTIFICATE----- # CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4 -----BEGIN CERTIFICATE----- MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs ewv4n4Q= -----END CERTIFICATE----- # CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5 -----BEGIN CERTIFICATE----- MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc 8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg 515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO xwy8p2Fp8fc74SrL+SvzZpA3 -----END CERTIFICATE----- # CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE -----BEGIN CERTIFICATE----- MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp 1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE 38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== -----END CERTIFICATE----- # CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2 -----BEGIN CERTIFICATE----- MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG 3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO 291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== -----END CERTIFICATE----- # CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 -----BEGIN CERTIFICATE----- MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK 6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH WD9f -----END CERTIFICATE----- # OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h /t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf ReYNnyicsbkqWletNw+vHX/bvZ8= -----END CERTIFICATE----- # CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US -----BEGIN CERTIFICATE----- MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH /PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu 9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo 2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI 4uJEvlz36hz1 -----END CERTIFICATE----- # CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -----BEGIN CERTIFICATE----- MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzAN BgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hl bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv b3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEwMzcxMlowgaoxCzAJ BgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmljIEFj YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5 MUQwQgYDVQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0 dXRpb25zIEVDQyBSb290Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKg QehLgoRc4vgxEZmGZE4JJS+dQS8KrjVPdJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJa jq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoKVlp8aQuqgAkkbH7BRqNC MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLQi C4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaep lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR -----END CERTIFICATE----- # CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR -----BEGIN CERTIFICATE----- MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD 75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp 5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p 6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI l7WdmplNsDz4SgCbZN2fOUvRJ9e4 -----END CERTIFICATE----- # CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -----BEGIN CERTIFICATE----- MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5k IFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMT N0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9v dENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkG A1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkx QDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC AQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA 4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL0BgzuNtFajT0 AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQZe10 4S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06C ojXdFPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV 9Cz82XBST3i4vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrD gfgXy5I2XdGj2HUb4Ysn6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6 Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargq NhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9muiNX6hME6wGko LfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNV HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVd ctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0I XtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMI M4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot 9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2V Z5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/ea j8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnh X9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQ l033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI/CbM1xyQVqdf bzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evIIVM4 pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHK e7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0 vm9qp/UsQu0yrbYhnr68 -----END CERTIFICATE----- # CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK -----BEGIN CERTIFICATE----- MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi AmvZWg== -----END CERTIFICATE----- # CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US -----BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT 3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU +ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1 bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB /zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH 6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93 nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3 +wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG 4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A 7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H -----END CERTIFICATE----- # CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US -----BEGIN CERTIFICATE----- MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7 ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy RBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS bdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF /YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R 3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw EUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy 9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ 2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV WaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD W/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN AQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV DRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9 TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW mhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df WN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5 +bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ tshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv 8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c -----END CERTIFICATE----- # CN=ISRG Root X1,O=Internet Security Research Group,C=US -----BEGIN CERTIFICATE----- MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ 0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ 3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq 4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= -----END CERTIFICATE----- # CN=Izenpe.com,O=IZENPE S.A.,C=ES -----BEGIN CERTIFICATE----- MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== -----END CERTIFICATE----- # CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU -----BEGIN CERTIFICATE----- MIIFwzCCA6ugAwIBAgIUCn6m30tEntpqJIWe5rgV0xZ/u7EwDQYJKoZIhvcNAQEL BQAwRjELMAkGA1UEBhMCTFUxFjAUBgNVBAoMDUx1eFRydXN0IFMuQS4xHzAdBgNV BAMMFkx1eFRydXN0IEdsb2JhbCBSb290IDIwHhcNMTUwMzA1MTMyMTU3WhcNMzUw MzA1MTMyMTU3WjBGMQswCQYDVQQGEwJMVTEWMBQGA1UECgwNTHV4VHJ1c3QgUy5B LjEfMB0GA1UEAwwWTHV4VHJ1c3QgR2xvYmFsIFJvb3QgMjCCAiIwDQYJKoZIhvcN AQEBBQADggIPADCCAgoCggIBANeFl78RmOnwYoNMPIf5U2o3C/IPPIfOb9wmKb3F ibrJgz337spbxm1Jc7TJRqMbNBM/wYlFV/TZsfs2ZUv7COJIcRHIbjuend+JZTem hfY7RBi2xjcwYkSSl2l9QjAk5A0MiWtj3sXh306pFGxT4GHO9hcvHTy95iJMHZP1 EMShduxq3sVs35a0VkBCwGKSMKEtFZSg0iAGCW5qbeXrt77U8PEVfIvmTroTzEsn Xpk8F12PgX8zPU/TPxvsXD/wPEx1bvKm1Z3aLQdjAsZy6ZS8TEmVT4hSyNvoaYL4 zDRbIvCGp4m9SAptZoFtyMhk+wHh9OHe2Z7d21vUKpkmFRseTJIpgp7VkoGSQXAZ 96Tlk0u8d2cx3Rz9MXANF5kM+Qw5GSoXtTBxVdUPrljhPS80m8+f9niFwpN6cj5m j5wWEWCPnolvZ77gR1o7DJpni89Gxq44o/KnvObWhWszJHAiS8sIm7vI+AIpHb4g DEa/a4ebsypmQjVGbKq6rfmYe+lQVRQxv7HaLe2ArWgk+2mr2HETMOZns4dA/Yl+ 8kPREd8vZS9kzl8UubG/Mb2HeFpZZYiq/FkySIbWTLkpS5XTdvN3JW1CHDiDTf2j X5t/Lax5Gw5CMZdjpPuKadUiDTSQMC6otOBttpSsvItO13D8xTiOZCXhTTmQzsmH hFhxAgMBAAGjgagwgaUwDwYDVR0TAQH/BAUwAwEB/zBCBgNVHSAEOzA5MDcGByuB KwEBAQowLDAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBvc2l0b3J5Lmx1eHRydXN0 Lmx1MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT/GCh2+UgFLKGu8SsbK7JT +Et8szAdBgNVHQ4EFgQU/xgodvlIBSyhrvErGyuyU/hLfLMwDQYJKoZIhvcNAQEL BQADggIBAGoZFO1uecEsh9QNcH7X9njJCwROxLHOk3D+sFTAMs2ZMGQXvw/l4jP9 BzZAcg4atmpZ1gDlaCDdLnINH2pkMSCEfUmmWjfrRcmF9dTHF5kH5ptV5AzoqbTO jFu1EVzPig4N1qx3gf4ynCSecs5U89BvolbW7MM3LGVYvlcAGvI1+ut7MV3CwRI9 loGIlonBWVx65n9wNOeD4rHh4bhY79SV5GCc8JaXcozrhAIuZY+kt9J/Z93I055c qqmkoCUUBpvsT34tC38ddfEz2O3OuHVtPlu5mB0xDVbYQw8wkbIEa91WvpWAVWe+ 2M2D2RjuLg+GLZKecBPs3lHJQ3gCpU3I+V/EkVhGFndadKpAvAefMLmx9xIX3eP/ JEAdemrRTxgKqpAd60Ae36EeRJIQmvKN4dFLRp7oRUKX6kWZ8+xm1QL68qZKJKre zrnK+T+Tb/mjuuqlPpmt/f97mfVl7vBZKGfXkJWkE4SphMHozs51k2MavDzq1WQf LSoSOcbDWjLtR5EWDrw4wVDej8oqkDQc7kGUnF4ZLvhFSZl0kbAEb+MEWrGrKqv+ x9CWttrhSmQGbmBNvUJO/3jaJMobtNeWOWyu8Q6qp31IiyBMz2TWuJdGsE7RKlY6 oJO9r4Ak4Ap+58rVyuiFVdw2KuGUaJPHZnJED4AhMmwlxyOAgwrr -----END CERTIFICATE----- # emailAddress=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU -----BEGIN CERTIFICATE----- MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7 N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1 +rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c 2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW -----END CERTIFICATE----- # CN=NetLock Arany (Class Gold) Főtanúsítvány,OU=Tanúsítványkiadók (Certification Services),O=NetLock Kft.,L=Budapest,C=HU -----BEGIN CERTIFICATE----- MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5 VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2 BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C +C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2 XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= -----END CERTIFICATE----- # CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US -----BEGIN CERTIFICATE----- MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8 6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/ h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH /nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey -----END CERTIFICATE----- # CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH -----BEGIN CERTIFICATE----- MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQSBDQTAeFw0w NTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYDVQQGEwJDSDEQMA4G A1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIwIAYD VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBX SVNlS2V5IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAy0+zAJs9Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxR VVuuk+g3/ytr6dTqvirdqFEr12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2 w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsF mQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg 4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t9 4B3RLoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOx SPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VFvbBsUfk2 ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4+vg1YFkCExh8 vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZi Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ /L7fCg0= -----END CERTIFICATE----- # CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH -----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i YWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x CzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG b3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh bCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3 HEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx WuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX 1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk u7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P 99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r M2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw AwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB BAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh cViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5 gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO ZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= -----END CERTIFICATE----- # CN=OpenTrust Root CA G1,O=OpenTrust,C=FR -----BEGIN CERTIFICATE----- MIIFbzCCA1egAwIBAgISESCzkFU5fX82bWTCp59rY45nMA0GCSqGSIb3DQEBCwUA MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w ZW5UcnVzdCBSb290IENBIEcxMB4XDTE0MDUyNjA4NDU1MFoXDTM4MDExNTAwMDAw MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU T3BlblRydXN0IFJvb3QgQ0EgRzEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQD4eUbalsUwXopxAy1wpLuwxQjczeY1wICkES3d5oeuXT2R0odsN7faYp6b wiTXj/HbpqbfRm9RpnHLPhsxZ2L3EVs0J9V5ToybWL0iEA1cJwzdMOWo010hOHQX /uMftk87ay3bfWAfjH1MBcLrARYVmBSO0ZB3Ij/swjm4eTrwSSTilZHcYTSSjFR0 77F9jAHiOH3BX2pfJLKOYheteSCtqx234LSWSE9mQxAGFiQD4eCcjsZGT44ameGP uY4zbGneWK2gDqdkVBFpRGZPTBKnjix9xNRbxQA0MMHZmf4yzgeEtE7NCv82TWLx p2NX5Ntqp66/K7nJ5rInieV+mhxNaMbBGN4zK1FGSxyO9z0M+Yo0FMT7MzUj8czx Kselu7Cizv5Ta01BG2Yospb6p64KTrk5M0ScdMGTHPjgniQlQ/GbI4Kq3ywgsNw2 TgOzfALU5nsaqocTvz6hdLubDuHAk5/XpGbKuxs74zD0M1mKB3IDVedzagMxbm+W G+Oin6+Sx+31QrclTDsTBM8clq8cIqPQqwWyTBIjUtz9GVsnnB47ev1CI9sjgBPw vFEVVJSmdz7QdFG9URQIOTfLHzSpMJ1ShC5VkLG631UAC9hWLbFJSXKAqWLXwPYY EQRVzXR7z2FwefR7LFxckvzluFqrTJOVoSfupb7PcSNCupt2LQIDAQABo2MwYTAO BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUl0YhVyE1 2jZVx/PxN3DlCPaTKbYwHwYDVR0jBBgwFoAUl0YhVyE12jZVx/PxN3DlCPaTKbYw DQYJKoZIhvcNAQELBQADggIBAB3dAmB84DWn5ph76kTOZ0BP8pNuZtQ5iSas000E PLuHIT839HEl2ku6q5aCgZG27dmxpGWX4m9kWaSW7mDKHyP7Rbr/jyTwyqkxf3kf gLMtMrpkZ2CvuVnN35pJ06iCsfmYlIrM4LvgBBuZYLFGZdwIorJGnkSI6pN+VxbS FXJfLkur1J1juONI5f6ELlgKn0Md/rcYkoZDSw6cMoYsYPXpSOqV7XAp8dUv/TW0 V8/bhUiZucJvbI/NeJWsZCj9VrDDb8O+WVLhX4SPgPL0DTatdrOjteFkdjpY3H1P XlZs5VVZV6Xf8YpmMIzUUmI4d7S+KNfKNsSbBfD4Fdvb8e80nR14SohWZ25g/4/I i+GOvUKpMwpZQhISKvqxnUOOBZuZ2mKtVzazHbYNeS2WuOvyDEsMpZTGMKcmGS3t TAZQMPH9WD25SxdfGbRqhFS0OE85og2WaMMolP3tLR9Ka0OWLpABEPs4poEL0L91 09S5zvE/bw4cHjdx5RiHdRk/ULlepEU0rbDK5uUTdg8xFKmOLZTW1YVNcxVPS/Ky Pu1svf0OnWZzsD2097+o4BGkxK51CUpjAEggpsadCwmKtODmzj7HPiY46SvepghJ AwSQiumPv+i2tCqjI40cHLI5kqiPAlxAOXXUc0ECd97N4EOH1uS6SsNsEn/+KuYj 1oxx -----END CERTIFICATE----- # CN=OpenTrust Root CA G2,O=OpenTrust,C=FR -----BEGIN CERTIFICATE----- MIIFbzCCA1egAwIBAgISESChaRu/vbm9UpaPI+hIvyYRMA0GCSqGSIb3DQEBDQUA MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w ZW5UcnVzdCBSb290IENBIEcyMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAw MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU T3BlblRydXN0IFJvb3QgQ0EgRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQDMtlelM5QQgTJT32F+D3Y5z1zCU3UdSXqWON2ic2rxb95eolq5cSG+Ntmh /LzubKh8NBpxGuga2F8ORAbtp+Dz0mEL4DKiltE48MLaARf85KxP6O6JHnSrT78e CbY2albz4e6WiWYkBuTNQjpK3eCasMSCRbP+yatcfD7J6xcvDH1urqWPyKwlCm/6 1UWY0jUJ9gNDlP7ZvyCVeYCYitmJNbtRG6Q3ffyZO6v/v6wNj0OxmXsWEH4db0fE FY8ElggGQgT4hNYdvJGmQr5J1WqIP7wtUdGejeBSzFfdNTVY27SPJIjki9/ca1TS gSuyzpJLHB9G+h3Ykst2Z7UJmQnlrBcUVXDGPKBWCgOz3GIZ38i1MH/1PCZ1Eb3X G7OHngevZXHloM8apwkQHZOJZlvoPGIytbU6bumFAYueQ4xncyhZW+vj3CzMpSZy YhK05pyDRPZRpOLAeiRXyg6lPzq1O4vldu5w5pLeFlwoW5cZJ5L+epJUzpM5ChaH vGOz9bGTXOBut9Dq+WIyiET7vycotjCVXRIouZW+j1MY5aIYFuJWpLIsEPUdN6b4 t/bQWVyJ98LVtZR00dX+G7bw5tYee9I8y6jj9RjzIR9u701oBnstXW5DiabA+aC/ gh7PU3+06yzbXfZqfUAkBXKJOAGTy3HCOV0GEfZvePg3DTmEJwIDAQABo2MwYTAO BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUajn6QiL3 5okATV59M4PLuG53hq8wHwYDVR0jBBgwFoAUajn6QiL35okATV59M4PLuG53hq8w DQYJKoZIhvcNAQENBQADggIBAJjLq0A85TMCl38th6aP1F5Kr7ge57tx+4BkJamz Gj5oXScmp7oq4fBXgwpkTx4idBvpkF/wrM//T2h6OKQQbA2xx6R3gBi2oihEdqc0 nXGEL8pZ0keImUEiyTCYYW49qKgFbdEfwFFEVn8nNQLdXpgKQuswv42hm1GqO+qT RmTFAHneIWv2V6CG1wZy7HBGS4tz3aAhdT7cHcCP009zHIXZ/n9iyJVvttN7jLpT wm+bREx50B1ws9efAvSyB7DH5fitIw6mVskpEndI2S9G/Tvw/HRwkqWOOAgfZDC2 t0v7NqwQjqBSM2OdAzVWxWm9xiNaJ5T2pBL4LTM8oValX9YZ6e18CL13zSdkzJTa TkZQh+D5wVOAHrut+0dSixv9ovneDiK3PTNZbNTe9ZUGMg1RGUFcPk8G97krgCf2 o6p6fAbhQ8MTOWIaNr3gKC6UAuQpLmBVrkA9sHSSXvAgZJY/X0VdiLWK2gKgW0VU 3jg9CcCoSmVGFvyqv1ROTVu+OEO3KMqLM6oaJbolXCkvW0pujOotnCr2BXbgd5eA iN1nE28daCSLT7d0geX0YJ96Vdc+N9oWaz53rK4YcJUIeSkDiv7BO7M/Gg+kO14f WKGVyasvc0rQLW6aWQ9VGHgtPFGml4vmu7JwqkwR3v98KzfUetF3NI/n+UL3PIEM S1IK -----END CERTIFICATE----- # CN=OpenTrust Root CA G3,O=OpenTrust,C=FR -----BEGIN CERTIFICATE----- MIICITCCAaagAwIBAgISESDm+Ez8JLC+BUCs2oMbNGA/MAoGCCqGSM49BAMDMEAx CzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5U cnVzdCBSb290IENBIEczMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFow QDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwUT3Bl blRydXN0IFJvb3QgQ0EgRzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARK7liuTcpm 3gY6oxH84Bjwbhy6LTAMidnW7ptzg6kjFYwvWYpa3RTqnVkrQ7cG7DK2uu5Bta1d oYXM6h0UZqNnfkbilPPntlahFVmhTzeXuSIevRHr9LIfXsMUmuXZl5mjYzBhMA4G A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHd8MUi2I5 DMlv4VBN0BBY3JWIbTAfBgNVHSMEGDAWgBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAK BggqhkjOPQQDAwNpADBmAjEAj6jcnboMBBf6Fek9LykBl7+BFjNAk2z8+e2AcG+q j9uEwov1NcoG3GRvaBbhj5G5AjEA2Euly8LQCGzpGPta3U1fJAuwACEl74+nBCZx 4nxp5V2a+EEfOzmTk51V6s2N8fvB -----END CERTIFICATE----- # CN=PSCProcert,C=VE,O=Sistema Nacional de Certificacion Electronica,OU=Proveedor de Certificados PROCERT,ST=Miranda,L=Chacao,emailAddress=contacto@procert.net.ve -----BEGIN CERTIFICATE----- MIIJhjCCB26gAwIBAgIBCzANBgkqhkiG9w0BAQsFADCCAR4xPjA8BgNVBAMTNUF1 dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIFJhaXogZGVsIEVzdGFkbyBWZW5lem9s YW5vMQswCQYDVQQGEwJWRTEQMA4GA1UEBxMHQ2FyYWNhczEZMBcGA1UECBMQRGlz dHJpdG8gQ2FwaXRhbDE2MDQGA1UEChMtU2lzdGVtYSBOYWNpb25hbCBkZSBDZXJ0 aWZpY2FjaW9uIEVsZWN0cm9uaWNhMUMwQQYDVQQLEzpTdXBlcmludGVuZGVuY2lh IGRlIFNlcnZpY2lvcyBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMSUwIwYJ KoZIhvcNAQkBFhZhY3JhaXpAc3VzY2VydGUuZ29iLnZlMB4XDTEwMTIyODE2NTEw MFoXDTIwMTIyNTIzNTk1OVowgdExJjAkBgkqhkiG9w0BCQEWF2NvbnRhY3RvQHBy b2NlcnQubmV0LnZlMQ8wDQYDVQQHEwZDaGFjYW8xEDAOBgNVBAgTB01pcmFuZGEx KjAoBgNVBAsTIVByb3ZlZWRvciBkZSBDZXJ0aWZpY2Fkb3MgUFJPQ0VSVDE2MDQG A1UEChMtU2lzdGVtYSBOYWNpb25hbCBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9u aWNhMQswCQYDVQQGEwJWRTETMBEGA1UEAxMKUFNDUHJvY2VydDCCAiIwDQYJKoZI hvcNAQEBBQADggIPADCCAgoCggIBANW39KOUM6FGqVVhSQ2oh3NekS1wwQYalNo9 7BVCwfWMrmoX8Yqt/ICV6oNEolt6Vc5Pp6XVurgfoCfAUFM+jbnADrgV3NZs+J74 BCXfgI8Qhd19L3uA3VcAZCP4bsm+lU/hdezgfl6VzbHvvnpC2Mks0+saGiKLt38G ieU89RLAu9MLmV+QfI4tL3czkkohRqipCKzx9hEC2ZUWno0vluYC3XXCFCpa1sl9 JcLB/KpnheLsvtF8PPqv1W7/U0HU9TI4seJfxPmOEO8GqQKJ/+MMbpfg353bIdD0 PghpbNjU5Db4g7ayNo+c7zo3Fn2/omnXO1ty0K+qP1xmk6wKImG20qCZyFSTXai2 0b1dCl53lKItwIKOvMoDKjSuc/HUtQy9vmebVOvh+qBa7Dh+PsHMosdEMXXqP+UH 0quhJZb25uSgXTcYOWEAM11G1ADEtMo88aKjPvM6/2kwLkDd9p+cJsmWN63nOaK/ 6mnbVSKVUyqUtd+tFjiBdWbjxywbk5yqjKPK2Ww8F22c3HxT4CAnQzb5EuE8XL1m v6JpIzi4mWCZDlZTOpx+FIywBm/xhnaQr/2v/pDGj59/i5IjnOcVdo/Vi5QTcmn7 K2FjiO/mpF7moxdqWEfLcU8UC17IAggmosvpr2uKGcfLFFb14dq12fy/czja+eev bqQ34gcnAgMBAAGjggMXMIIDEzASBgNVHRMBAf8ECDAGAQH/AgEBMDcGA1UdEgQw MC6CD3N1c2NlcnRlLmdvYi52ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAzNi0w MB0GA1UdDgQWBBRBDxk4qpl/Qguk1yeYVKIXTC1RVDCCAVAGA1UdIwSCAUcwggFD gBStuyIdxuDSAaj9dlBSk+2YwU2u06GCASakggEiMIIBHjE+MDwGA1UEAxM1QXV0 b3JpZGFkIGRlIENlcnRpZmljYWNpb24gUmFpeiBkZWwgRXN0YWRvIFZlbmV6b2xh bm8xCzAJBgNVBAYTAlZFMRAwDgYDVQQHEwdDYXJhY2FzMRkwFwYDVQQIExBEaXN0 cml0byBDYXBpdGFsMTYwNAYDVQQKEy1TaXN0ZW1hIE5hY2lvbmFsIGRlIENlcnRp ZmljYWNpb24gRWxlY3Ryb25pY2ExQzBBBgNVBAsTOlN1cGVyaW50ZW5kZW5jaWEg ZGUgU2VydmljaW9zIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25pY2ExJTAjBgkq hkiG9w0BCQEWFmFjcmFpekBzdXNjZXJ0ZS5nb2IudmWCAQowDgYDVR0PAQH/BAQD AgEGME0GA1UdEQRGMESCDnByb2NlcnQubmV0LnZloBUGBWCGXgIBoAwMClBTQy0w MDAwMDKgGwYFYIZeAgKgEgwQUklGLUotMzE2MzUzNzMtNzB2BgNVHR8EbzBtMEag RKBChkBodHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52ZS9sY3IvQ0VSVElGSUNBRE8t UkFJWi1TSEEzODRDUkxERVIuY3JsMCOgIaAfhh1sZGFwOi8vYWNyYWl6LnN1c2Nl cnRlLmdvYi52ZTA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly9v Y3NwLnN1c2NlcnRlLmdvYi52ZTBBBgNVHSAEOjA4MDYGBmCGXgMBAjAsMCoGCCsG AQUFBwIBFh5odHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52ZS9kcGMwDQYJKoZIhvcN AQELBQADggIBACtZ6yKZu4SqT96QxtGGcSOeSwORR3C7wJJg7ODU523G0+1ng3dS 1fLld6c2suNUvtm7CpsR72H0xpkzmfWvADmNg7+mvTV+LFwxNG9s2/NkAZiqlCxB 3RWGymspThbASfzXg0gTB1GEMVKIu4YXx2sviiCtxQuPcD4quxtxj7mkoP3Yldmv Wb8lK5jpY5MvYB7Eqvh39YtsL+1+LrVPQA3uvFd359m21D+VJzog1eWuq2w1n8Gh HVnchIHuTQfiSLaeS5UtQbHh6N5+LwUeaO6/u5BlOsju6rEYNxxik6SgMexxbJHm pHmJWhSnFFAFTKQAVzAswbVhltw+HoSvOULP5dAssSS830DD7X9jSr3hTxJkhpXz sOfIt+FTvZLm8wyWuevo5pLtp4EJFAv8lXrPj9Y0TzYS3F7RNHXGRoAvlQSMx4bE qCaJqD8Zm4G7UaRKhqsLEQ+xrmNTbSjq3TNWOByyrYDT13K9mmyZY+gAu0F2Bbdb mRiKw7gSXFbPVgx96OLP7bx0R/vu0xdOIk9W/1DzLuY5poLWccret9W6aAjtmcz9 opLLabid+Qqkpj5PkygqYWwHJgD/ll9ohri4zspV4KuxPX+Y1zMOWj3YeMLEYC/H YvBhkdI4sPaeVdtAgAUSM84dkpvRabP/v/GSCmE1P93+hvS84Bpxs2Km -----END CERTIFICATE----- # CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM -----BEGIN CERTIFICATE----- MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK SnQ2+Q== -----END CERTIFICATE----- # CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM -----BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV wedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe rNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341 68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh 4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp UhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o abw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc 3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G KubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt hfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO Tk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt zCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB BjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD ggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2 cDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN qXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5 YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2 8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD -----END CERTIFICATE----- # CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM -----BEGIN CERTIFICATE----- MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp +ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og /zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y 4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza 8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u -----END CERTIFICATE----- # CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM -----BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00 MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf qq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW n4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym c5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+ O7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1 o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq IcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz 8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh vNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l 7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG cC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB BjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD ggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC roijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga W/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n lv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE +V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4 WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M -----END CERTIFICATE----- # CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM -----BEGIN CERTIFICATE----- MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB 4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd 8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A 4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd +LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B 4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK 4SVhM7JZG+Ju1zdXtg2pEto= -----END CERTIFICATE----- # CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM -----BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00 MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR /xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu FoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR U7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c ra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR FHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k A9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw eyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl sSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp VzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q A4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB BjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD ggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI FUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv oxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg u/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP 0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf 3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl 8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+ DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0 -----END CERTIFICATE----- # CN=Secure Global CA,O=SecureTrust Corporation,C=US -----BEGIN CERTIFICATE----- MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa /FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW -----END CERTIFICATE----- # CN=SecureSign RootCA11,O=Japan Certification Services\, Inc.,C=JP -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0 MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8 h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9 UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni 8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5 pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN QSdJQO7e5iNEOdyhIta6A/I= -----END CERTIFICATE----- # CN=SecureTrust CA,O=SecureTrust Corporation,C=US -----BEGIN CERTIFICATE----- MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO 0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj 7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS 8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB /zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ 3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR 3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= -----END CERTIFICATE----- # OU=Security Communication EV RootCA1,O=SECOM Trust Systems CO.\,LTD.,C=JP -----BEGIN CERTIFICATE----- MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDEl MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMh U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIz MloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09N IFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNlY3VyaXR5IENvbW11 bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSE RMqm4miO/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gO zXppFodEtZDkBp2uoQSXWHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5 bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4zZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDF MxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4bepJz11sS6/vmsJWXMY1 VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK9U2vP9eC OKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0G CSqGSIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HW tWS3irO4G8za+6xmiEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZ q51ihPZRwSzJIxXYKLerJRO1RuGGAv8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDb EJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnWmHyojf6GPgcWkuF75x3sM3Z+ Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEWT1MKZPlO9L9O VL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490 -----END CERTIFICATE----- # OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP -----BEGIN CERTIFICATE----- MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== -----END CERTIFICATE----- # OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP -----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8 t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy 1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/ SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 -----END CERTIFICATE----- # CN=Sonera Class2 CA,O=Sonera,C=FI -----BEGIN CERTIFICATE----- MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt 5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s 3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu 8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/ 3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6 Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2 ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M -----END CERTIFICATE----- # CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL -----BEGIN CERTIFICATE----- MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJO TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFh dCBkZXIgTmVkZXJsYW5kZW4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0y MjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIg TmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBS b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkkSzrS M4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nC UiY4iKTWO0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3d Z//BYY1jTw+bbRcwJu+r0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46p rfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13l pJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gVXJrm0w912fxBmJc+qiXb j5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr08C+eKxC KFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS /ZbV0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0X cgOPvZuM5l5Tnrmd74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH 1vI4gnPah1vlPNOePqc7nvQDs/nxfRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrP px9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB /zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwaivsnuL8wbqg7 MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u 2dfOWBfoqSmuc0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHS v4ilf0X8rLiltTMMgsT7B/Zq5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTC wPTxGfARKbalGAKb12NMcIxHowNDXLldRqANb/9Zjr7dn3LDWyvfjFvO5QxGbJKy CqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tNf1zuacpzEPuKqf2e vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6 Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8 FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc 7uzXLg== -----END CERTIFICATE----- # CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL -----BEGIN CERTIFICATE----- MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oX DTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv b3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ5291 qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8Sp uOUfiUtnvWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPU Z5uW6M7XxgpT0GtJlvOjCwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvE pMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp 5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/M UGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTN GmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy 5V6548r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv 6q012iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6 B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYDVR0TAQH/ BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcCARYxaHR0cDov L3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqG SIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLyS CZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen 5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897 IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJK gnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL +63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxL vJxxcypFURmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkm bEgeqmiSBeGCc1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvk N1trSt8sV4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FC Y7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KAQ== -----END CERTIFICATE----- # CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL -----BEGIN CERTIFICATE----- MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloX DTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv b3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4yolQP cPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WW IkYFsO2tx1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqX xz8ecAgwoNzFs21v0IJyEavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFy KJLZWyNtZrVtB0LrpjPOktvA9mxjeM3KTj215VKb8b475lRgsGYeCasH/lSJEULR 9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUurmkVLoR9BvUhTFXFkC4az 5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU51nus6+N8 6U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7 Ngzp07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHP bMk7ccHViLVlvMDoFxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXt BznaqB16nzaeErAMZRKQFWDZJkBE41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTt XUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMBAAGjQjBAMA8GA1UdEwEB/wQF MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleuyjWcLhL75Lpd INyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwp LiniyMMB8jPqKqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8 Ipf3YF3qKS9Ysr1YvY2WTxB1v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixp gZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA8KCWAg8zxXHzniN9lLf9OtMJgwYh /WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b8KKaa8MFSu1BYBQw 0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0rmj1A fsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq 4BZ+Extq1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR 1VmiiXTTn74eS9fGbbeIJG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/ QFH1T/U67cjF68IeHRaVesd+QnGTbksVtzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM 94B7IWcnMFk= -----END CERTIFICATE----- # OU=Starfield Class 2 Certification Authority,O=Starfield Technologies\, Inc.,C=US -----BEGIN CERTIFICATE----- MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf 8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN +lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA 1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= -----END CERTIFICATE----- # CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US -----BEGIN CERTIFICATE----- MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg 8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 -----END CERTIFICATE----- # CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US -----BEGIN CERTIFICATE----- MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2 8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk 6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn 0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN sSi6 -----END CERTIFICATE----- # CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH -----BEGIN CERTIFICATE----- MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c 6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn 8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a 77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ -----END CERTIFICATE----- # CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH -----BEGIN CERTIFICATE----- MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH 6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ 2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u -----END CERTIFICATE----- # CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL -----BEGIN CERTIFICATE----- MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQEL BQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6 ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkw NzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9L cmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYDVQQDDA9TWkFGSVIg Uk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5QqEvN QLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT 3PSQ1hNKDJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw 3gAeqDRHu5rr/gsUvTaE2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr6 3fE9biCloBK0TXC5ztdyO4mTp4CEHCdJckm1/zuVnsHMyAHs6A6KCpbns6aH5db5 BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwiieDhZNRnvDF5YTy7ykHN XGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD AgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsF AAOCAQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw 8PRBEew/R40/cof5O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOG nXkZ7/e7DDWQw4rtTw/1zBLZpD67oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCP oky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul4+vJhaAlIDf7js4MNIThPIGy d05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6+/NNIxuZMzSg LvWpCz/UXeHPhJ/iGcJfitYgHuNztw== -----END CERTIFICATE----- # O=Government Root Certification Authority,C=TW -----BEGIN CERTIFICATE----- MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/ MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmlj YXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1ow PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qNw8XR IePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1q gQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKy yhwOeYHWtXBiCAEuTk8O1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAts F/tnyMKtsc2AtJfcdgEWFelq16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2 jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvx ls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FC VGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHK YS1tB6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoH EgKXTiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1Ud DgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkGBGcqBwAE MTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg209yewDL7MTqK UWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyf qzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaK ZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFE JPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7 hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1 EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6Mm nD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WX udpVBrkk7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44Vbnz ssQwmSNOXfJIoRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDe LMDDav7v3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAl pYYsfPQS -----END CERTIFICATE----- # CN=TeliaSonera Root CA v1,O=TeliaSonera -----BEGIN CERTIFICATE----- MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD VQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2 MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F VRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1 7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X Z75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+ /jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs 81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm dtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe Oh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu sDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs slESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ arMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD VR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG 9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl dxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx 0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj TQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed Y2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7 Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI OylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7 vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW t88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= -----END CERTIFICATE----- # CN=thawte Primary Root CA,OU=(c) 2006 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US -----BEGIN CERTIFICATE----- MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta 3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk 6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6 Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2 /qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/ LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7 jVaMaA== -----END CERTIFICATE----- # CN=thawte Primary Root CA - G2,OU=(c) 2007 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US -----BEGIN CERTIFICATE----- MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/ BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6 papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3 KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg== -----END CERTIFICATE----- # CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US -----BEGIN CERTIFICATE----- MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA 2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu MdRAGmI0Nj81Aa6sY6A= -----END CERTIFICATE----- # CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -----BEGIN CERTIFICATE----- MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDlRydXN0Q29y IEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3MjgwN1owgZwxCzAJBgNV BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3Ig RUNBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb 3w9U73NjKYKtR8aja+3+XzP4Q1HpGjORMRegdMTUpwHmspI+ap3tDvl0mEDTPwOA BoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23xFUfJ3zSCNV2HykVh0A5 3ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmcp0yJF4Ou owReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/ wZ0+fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZF ZtS6mFjBAgMBAAGjYzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAf BgNVHSMEGDAWgBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/ MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEABT41XBVwm8nHc2Fv civUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u/ukZMjgDfxT2 AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50 soIipX1TH0XsJ5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BI WJZpTdwHjFGTot+fDz2LYLSCjaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1Wi tJ/X5g== -----END CERTIFICATE----- # CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -----BEGIN CERTIFICATE----- MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29y IFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkxMjMxMTcyMzE2WjCB pDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFuYW1h IENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUG A1UECwweVHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZU cnVzdENvciBSb290Q2VydCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAv463leLCJhJrMxnHQFgKq1mqjQCj/IDHUHuO1CAmujIS2CNUSSUQIpid RtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4pQa81QBeCQryJ3pS/C3V seq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0JEsq1pme 9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CV EY4hgLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorW hnAbJN7+KIor0Gqw/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/ DeOxCbeKyKsZn3MzUOcwHwYDVR0jBBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcw DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQAD ggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5mDo4Nvu7Zp5I /5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZ yonnMlo2HD6CqFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djts L1Ac59v2Z3kf9YKVmgenFK+P3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdN zl/HHk484IkzlQsPpTLWPFp5LBk= -----END CERTIFICATE----- # CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -----BEGIN CERTIFICATE----- MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNV BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEfMB0GA1UEAwwWVHJ1c3RDb3Ig Um9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEyMzExNzI2MzlaMIGk MQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEg Q2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYD VQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRy dXN0Q29yIFJvb3RDZXJ0IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQCnIG7CKqJiJJWQdsg4foDSq8GbZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+ QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9NkRvRUqdw6VC0xK5mC8tkq 1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1oYxOdqHp 2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nK DOObXUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hape az6LMvYHL1cEksr1/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF 3wP+TfSvPd9cW436cOGlfifHhi5qjxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88 oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQPeSghYA2FFn3XVDjxklb9tTNM g9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+CtgrKAmrhQhJ8Z3 mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh 8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAd BgNVHQ4EFgQU2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6U nrybPZx9mCAZ5YwwYrIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYw DQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/hOsh80QA9z+LqBrWyOrsGS2h60COX dKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnpkpfbsEZC89NiqpX+ MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv2wnL /V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RX CI/hOWB3S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYa ZH9bDTMJBzN7Bj8RpFxwPIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW 2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dvDDqPys/cA8GiCcjl/YBeyGBCARsaU1q7 N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYURpFHmygk71dSTlxCnKr3 Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANExdqtvArB As8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp 5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu 1uwJ -----END CERTIFICATE----- # OU=Trustis FPS Root CA,O=Trustis Limited,C=GB -----BEGIN CERTIFICATE----- MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBF MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQL ExNUcnVzdGlzIEZQUyBSb290IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTEx MzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1RydXN0aXMgTGltaXRlZDEc MBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQRUN+ AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihH iTHcDnlkH5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjj vSkCqPoc4Vu5g6hBSLwacY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA 0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zto3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlB OrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEAAaNTMFEwDwYDVR0TAQH/ BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAdBgNVHQ4E FgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01 GX2cGE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmW zaD+vkAMXBJV+JOCyinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP4 1BIy+Q7DsdwyhEQsb8tGD+pmQQ9P8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZE f1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHVl/9D7S3B2l0pKoU/rGXuhg8F jZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYliB6XzCGcKQEN ZetX2fNXlrtIzYE= -----END CERTIFICATE----- # CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE -----BEGIN CERTIFICATE----- MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi 1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN 9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP BSeOE6Fuwg== -----END CERTIFICATE----- # CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE -----BEGIN CERTIFICATE----- MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN 8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ 1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT 91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p TpPDpFQUWw== -----END CERTIFICATE----- # CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR -----BEGIN CERTIFICATE----- MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w KwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0 BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3Vy dW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYDVQQG EwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXll IEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklU QUsxLTArBgNVBAsTJEthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBT TTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11IFNNIFNTTCBLb2sgU2VydGlmaWthc2kg LSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3UwM6q7 a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y86Ij5iySr LqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INr N3wcwv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2X YacQuFWQfw4tJzh03+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/ iSIzL+aFCr2lqBs23tPcLG07xxO9WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4f AJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQUZT/HiobGPN08VFw1+DrtUgxH V8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL BQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPf IPP54+M638yclNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4 lzwDGrpDxpa5RXI4s6ehlj2Re37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c 8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0jq5Rm+K37DwhuJi1/FwcJsoz7UMCf lo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= -----END CERTIFICATE----- # CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5,O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş.,L=Ankara,C=TR -----BEGIN CERTIFICATE----- MIIEJzCCAw+gAwIBAgIHAI4X/iQggTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UE BhMCVFIxDzANBgNVBAcMBkFua2FyYTFNMEsGA1UECgxEVMOcUktUUlVTVCBCaWxn aSDEsGxldGnFn2ltIHZlIEJpbGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkg QS7Fni4xQjBABgNVBAMMOVTDnFJLVFJVU1QgRWxla3Ryb25payBTZXJ0aWZpa2Eg SGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSBINTAeFw0xMzA0MzAwODA3MDFaFw0yMzA0 MjgwODA3MDFaMIGxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMU0wSwYD VQQKDERUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8 dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjFCMEAGA1UEAww5VMOcUktUUlVTVCBF bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIEg1MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCUZ4WWe60ghUEoI5RHwWrom /4NZzkQqL/7hzmAD/I0Dpe3/a6i6zDQGn1k19uwsu537jVJp45wnEFPzpALFp/kR Gml1bsMdi9GYjZOHp3GXDSHHmflS0yxjXVW86B8BSLlg/kJK9siArs1mep5Fimh3 4khon6La8eHBEJ/rPCmBp+EyCNSgBbGM+42WAA4+Jd9ThiI7/PS98wl+d+yG6w8z 5UNP9FR1bSmZLmZaQ9/LXMrI5Tjxfjs1nQ/0xVqhzPMggCTTV+wVunUlm+hkS7M0 hO8EuPbJbKoCPrZV4jI3X/xml1/N1p7HIL9Nxqw/dV8c7TKcfGkAaZHjIxhT6QID AQABo0IwQDAdBgNVHQ4EFgQUVpkHHtOsDGlktAxQR95DLL4gwPswDgYDVR0PAQH/ BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ5FdnsX SDLyOIspve6WSk6BGLFRRyDN0GSxDsnZAdkJzsiZ3GglE9Rc8qPoBP5yCccLqh0l VX6Wmle3usURehnmp349hQ71+S4pL+f5bFgWV1Al9j4uPqrtd3GqqpmWRgqujuwq URawXs3qZwQcWDD1YIq9pr1N5Za0/EKJAWv2cMhQOQwt1WbZyNKzMrcbGW3LM/nf peYVhDfwwvJllpKQd/Ct9JDpEXjXk4nAPQu6KfTomZ1yju2dL+6SfaHx/126M2CF Yv4HAqGEVka+lgqaE9chTLd8B59OTj+RdPsnnRHM3eaxynFNExc5JsUpISuTKWqW +qtB4Uu2NQvAmxU= -----END CERTIFICATE----- # CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW -----BEGIN CERTIFICATE----- MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5 NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT B1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF 10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz 0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh MBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH zIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc 46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2 yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi laLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP oA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA BDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE qYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm 4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB /zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL 1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF H6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo RI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+ nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh 15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW 6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW nsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j wa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy KwbQBM0= -----END CERTIFICATE----- # CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW -----BEGIN CERTIFICATE----- MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx 3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== -----END CERTIFICATE----- # CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US -----BEGIN CERTIFICATE----- MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= -----END CERTIFICATE----- # CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US -----BEGIN CERTIFICATE----- MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B 3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT 79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs 8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG jjxDah2nGN59PRbxYvnKkKj9 -----END CERTIFICATE----- # CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU=(c) 1999 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US -----BEGIN CERTIFICATE----- MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te 2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC /Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== -----END CERTIFICATE----- # CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU=(c) 2007 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US -----BEGIN CERTIFICATE----- MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC 4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== -----END CERTIFICATE----- # CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US -----BEGIN CERTIFICATE----- MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y 5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ 4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq -----END CERTIFICATE----- # CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US -----BEGIN CERTIFICATE----- MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF 9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN /BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4 sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+ seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz 4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+ BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3 7M2CYfE45k+XmCpajQ== -----END CERTIFICATE----- # CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US -----BEGIN CERTIFICATE----- MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h 2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq 299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3 LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd 7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw ++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt 398znM/jra6O1I7mT1GvFpLgXPYHDw== -----END CERTIFICATE----- # CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US -----BEGIN CERTIFICATE----- MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ O+7ETPTsJ3xCwnR8gooJybQDJbw= -----END CERTIFICATE-----