4:23 a.m.
------=_NextPart_000_02D1_01CEE1EC.B38C9770
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_02D2_01CEE1EC.B38C9770"
------=_NextPart_001_02D2_01CEE1EC.B38C9770
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
So, just as what I suggested in last mail, please copy the files from server
to client again and run provisioner.sh:
1.3.1 copy PrivacyCA.cer and TrustStore.jks from appraiser to client.
Copy :/var/lib/oat-appraiser/ClientFiles/PrivacyCA.cer to
:/usr/share/oat-client/
Copy :/var/lib/oat-appraiser/ClientFiles/TrustStore.jks to
:/usr/share/oat-client/
Notes: please repeat above steps in case you have re-deployed your oat
appraiser.
Thanks
Jimmy
From: Nicolae Paladi [mailto:n.paladi@gmail.com]
Sent: Thursday, November 14, 2013 6:30 PM
To: Wei, Gang
Cc: Doron Fediuck; users(a)ovirt.org
Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
As far as I see, port 8443 is not occupied and tomcat6 is running:
root@host /usr/share/oat-client/script # netstat -anp | grep 8443
root@host /usr/share/oat-client/script # service tomcat6 status
tomcat6 (pid 30950) is running... [ OK ]
Also, just in case, I've checked if disabling iptables helps, and it
doesn't;
In the error trace, there is a line:
java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file
or directory)
and indeed, there is not file aik.cer at /usr/share/oat-client/aik.cer; when
is it supposed to
be generated?
cheers,
/Nicolae
On 14 November 2013 04:32, Wei, Gang <gang.wei(a)intel.com> wrote:
And you need to copy files from server to client before you try to run
provisioner.sh every time you run OAT_configure.sh again.
Jimmy
-----Original Message-----
From: Wei, Gang
Sent: Thursday, November 14, 2013 11:26 AM
To: Nicolae Paladi
Cc: Doron Fediuck; users(a)ovirt.org; Wei, Gang
Subject: RE: [Users] Trusted Pools and CentOS 6 packages
Can you try netstat -anp | grep 8443? Maybe it is occupied by apache.
Meanwhile check whether tomcat is up.
Jimmy
> -----Original Message-----
> From: Nicolae Paladi [mailto:n.paladi@gmail.com]
> Sent: Wednesday, November 13, 2013 10:43 PM
> To: Wei, Gang
> Cc: Doron Fediuck; users(a)ovirt.org
> Subject: Re: [Users] Trusted Pools and CentOS 6 packages
>
> Hi,
>
> I am using port 8443, since no other process -- as far as I know -- is
using it;
>
> below you will find all of the requested configuration files:
>
> Contents of /etc/oat_client/*:
> log4j.properties: http://pastebin.com/MQLM68vs
> OAT.properties: http://pastebin.com/LwHihxah
> OATprovisioner.properties: http://pastebin.com/0x5TShtZ
> TPMModule.properties: http://pastebin.com/hvw9gfRE
>
>
> server.xml: http://pastebin.com/VZ9Vk6iC
> OAT_client.sh: http://pastebin.com/St4yCGcF
>
> provisioner.sh: http://pastebin.com/RedqQt8V
>
>
> cheers,
> /Nicolae.
>
>
> On 13 November 2013 14:47, Wei, Gang <gang.wei(a)intel.com> wrote:
>
>
> This time it failed earlier. Looks like the PCA webservice2 was not
> listening on 8443 port. Have you replaced the port 8443 with 8442 in
> server
> side ($TOMCAT_HOME/conf/server.xml) but not change it in client side
> (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is
occupied
> by another app?
>
> Please copy the content from your current server.xml, OAT_client.sh,
> provisioner.sh and /etc/oat-client/* into the content of your reply
for
> analysis. (don't attach *.sh as attachments, that will get filtered
by my
> company's mailing system).
>
> Thanks
> Jimmy
>
>
>
> > -----Original Message-----
> > From: Nicolae Paladi [mailto:n.paladi@gmail.com]
> > Sent: Wednesday, November 13, 2013 7:01 PM
> > To: Wei, Gang
> > Cc: Doron Fediuck; users(a)ovirt.org
> > Subject: Re: [Users] Trusted Pools and CentOS 6 packages
> >
>
> > Hi,
> >
> > thank you for the feedback;
> > I've gone through the steps again, but obtained the exactly same
> problem:
> >
> > 1. I removed all of the previously installed packaged related to
OAT.
> >
> > 2. I followed the tutorial, until this command:
> >
> > bash provisioner.sh
> >
> > provisioner.sh: line 7: systemctl: command not found
> > ### ecStorage = NVRAM###
> > Performing TPM provisioning...FAILED
> > javax.xml.ws.WebServiceException: Failed to access the WSDL at:
> >
>
https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor
> > yService?wsdl. It failed with:
> > Connection refused.
> > at
> >
>
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP
> > arser.java:162)
> > at
> >
>
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> > ava:144)
> > at
> >
>
com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav
> > a:265)
> > at
> >
>
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)
> > at
> >
>
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)
> > at
> >
>
com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav
> a:104
> > )
> > at javax.xml.ws.Service.<init>(Service.java:77)
> > at
> >
>
gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe
> bSer
> >
>
vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryService
> Servi
> > ce.java:42)
> > at
> >
>
gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe
> bSer
> >
>
vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli
> > entInvoker.java:32)
> > at
> >
>
gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205)
> > Caused by: java.net.ConnectException: Connection
refused
> > at java.net.PlainSocketImpl.socketConnect(Native Method)
> > at
> >
>
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav
> a:339
> > )
> > at
> >
>
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI
> mpl.j
> > ava:200)
> > at
> >
>
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
> > at
> java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
> > at java.net.Socket.connect(Socket.java:579)
> > at
> sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)
> > at
> >
> sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)
> > at sun.net.NetworkClient.doConnect(NetworkClient.java:180)
> > at
> sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
> > at
> sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
> > at
> >
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)
> > at
> > sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)
> > at
> >
>
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt
> > tpClient(AbstractDelegateHttpsURLConnection.java:191)
> > at
> >
>
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec
> > tion.java:932)
> > at
> >
>
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A
> > bstractDelegateHttpsURLConnection.java:177)
> > at
> >
>
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn
> > ection.java:1300)
> > at
> >
>
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU
> > RLConnectionImpl.java:254)
> > at java.net.URL.openStream(URL.java:1037)
> > at
> >
>
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD
> > LParser.java:804)
> > at
> >
>
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL
> > Parser.java:262)
> > at
> >
>
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> > ava:129)
> > ... 8 more
> > Failed to initialize the TPM, error 1
> > Performing HIS identity provisioning...FAILED
> > gov.niarl.his.privacyca.TpmModule$TpmModuleException:
> > TpmModule.getCredential returned nonzero error: 2()
> > at
> >
gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)
> > at
> >
>
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j
> ava:
> > 217)
> > Failed to receive AIC from Privacy CA, error 1
> > Registering identity with server...FAILED
> > java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No
such file
> or
> > directory)
> > at java.io.FileInputStream.open(Native Method)
> > at
java.io.FileInputStream.<init>(FileInputStream.java:146)
> > at
java.io.FileInputStream.<init>(FileInputStream.java:101)
> > at
> gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
> > at
> >
>
>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
> 9
> )
> > Failed to register identity with appraiser, error 1
> >
>
> > Should I have updated anything else?
> >
> > cheers,
> > /Nicolae.
> >
> >
> >
> > On 1 November 2013 10:14, Wei, Gang <gang.wei(a)intel.com> wrote:
> >
> >
> > This is indeed an issue caused by the incompatibility
between
> OAT
> tpm
> > access
> > code & tpm-tools(tpm_takeownership -z). It has already been
> fixed.
> > Please
> > follow below wiki and try again.
> >
>
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> > Recipe.
> >
> > Thanks
> > Jimmy
> >
> > Nicolae Paladi wrote on 2013-10-28:
> >
> > > Hi, I've followed the recipe
> > >
> >
>
(https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
> >
> > > i pe) but didn't get it to run yet; I think a step is
missing --
> the AIK
> >
> > > is not available is /usr/share/oat-client (it was not
available in
> > > /var/lig/oat-appraiser/ClientFiles either); when I try to
run
> > > provisioner.sh, I get the following: provisioner.sh: line
7:
> systemctl:
> > > command not found ### ecStorage = NVRAM### Performing
> TPM
> > > provisioning...710 DONE Successfully initialized TPM
> Performing
> HIS
> > > identity provisioning...FAILED
> java.util.NoSuchElementException
> > > at
> > java.util.StringTokenizer.nextToken(StringTokenizer.java:349)
> > > at
> > >
> >
>
gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21
> > > 5)
> > > at
> > >
> >
>
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
> > > 2)
> > > at
> > >
>
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione
> >
> > > r.java: 225) Failed to receive AIC from Privacy CA, error
1
> Registering
> >
> > > identity with server...FAILED
java.io.FileNotFoundException:
> > > /usr/share/oat-client/aik.cer (No such file or directory)
> > > at java.io.FileInputStream.open(Native Method)
> > > at
> java.io.FileInputStream.<init>(FileInputStream.java:137)
> > > at
> java.io.FileInputStream.<init>(FileInputStream.java:96)
> > > at
> >
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
> > > at
> > >
> >
>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
> > 9
> > )
> > > Failed to register identity with appraiser, error 1
> > >
> > >
> > >
> > > Thanks,
> > > /Nicolae
> > >
> > >
> > > On 27 October 2013 22:55, Nicolae Paladi
> <n.paladi(a)gmail.com>
> wrote:
> > >
> > >
> > > Awesome, thanks!
> > >
> > > I'll try this out in the morning
> > >
> > > /Nicolae
> > >
> > >
> > > On 27 October 2013 17:03, Wei, Gang
> <gang.wei(a)intel.com>
> > wrote:
> > >
> > >
> > > Please refer to
> > >
> > >
> >
>
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> > > Recipe.
> > >
> > > Jimmy
> >
> >
>
>
>
------=_NextPart_001_02D2_01CEE1EC.B38C9770
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40"><head><META =
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii"><meta name=3DGenerator content=3D"Microsoft Word 14 =
(filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
h3
{mso-style-priority:9;
mso-style-link:"Heading 3 Char";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:13.5pt;
font-family:SimSun;
font-weight:bold;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:SimSun;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.Heading3Char
{mso-style-name:"Heading 3 Char";
mso-style-priority:9;
mso-style-link:"Heading 3";
font-family:SimSun;
font-weight:bold;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DZH-CN
link=3Dblue =
vlink=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal><span =
lang=3DEN-US =
style=3D'font-size:10.5pt;font-family:"Calibri","sans-serif";color:#1F497=
D'>So, just as what I suggested in last mail, please copy the files from =
server to client again and run
provisioner.sh:<o:p></o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:10.5pt;font-family:"Calibri","sans-serif";color:#1F497=
D'><o:p> </o:p></span></p><p class=3DMsoNormal
=
style=3D'mso-margin-top-alt:12.0pt;margin-right:0cm;margin-bottom:11.25pt=
;margin-left:0cm;background:white'><b><span lang=3DEN-US =
style=3D'font-size:18.0pt;font-family:"Helvetica","sans-serif";color:#333=
333'>1.3.1 copy PrivacyCA.cer and TrustStore.jks from appraiser to =
client.<o:p></o:p></span></b></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:11.25pt;margin-right:0cm;margin-bottom:11.25p=
t;margin-left:0cm;line-height:18.75pt;background:white'><span =
lang=3DEN-US =
style=3D'font-size:11.5pt;font-family:"Helvetica","sans-serif";color:#333=
333'>Copy :/var/lib/oat-appraiser/ClientFiles/PrivacyCA.cer to =
:/usr/share/oat-client/<o:p></o:p></span></p><p
class=3DMsoNormal =
style=3D'mso-margin-top-alt:11.25pt;margin-right:0cm;margin-bottom:11.25p=
t;margin-left:0cm;line-height:18.75pt;background:white'><span =
lang=3DEN-US =
style=3D'font-size:11.5pt;font-family:"Helvetica","sans-serif";color:#333=
333'>Copy :/var/lib/oat-appraiser/ClientFiles/TrustStore.jks to =
:/usr/share/oat-client/<o:p></o:p></span></p><p
class=3DMsoNormal =
style=3D'mso-margin-top-alt:11.25pt;margin-right:0cm;margin-bottom:11.25p=
t;margin-left:0cm;line-height:18.75pt;background:white'><b><i><span
=
lang=3DEN-US =
style=3D'font-size:11.5pt;font-family:"Helvetica","sans-serif";color:#333=
333'>Notes: please repeat above steps in case you have re-deployed your =
oat appraiser.</span></i></b><span lang=3DEN-US =
style=3D'font-size:11.5pt;font-family:"Helvetica","sans-serif";color:#333=
333'><o:p></o:p></span></p><p
class=3DMsoNormal><span lang=3DEN =
style=3D'font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o=
:p></span></p><p class=3DMsoNormal><span lang=3DEN =
style=3D'font-family:"Calibri","sans-serif";color:#1F497D'>Thanks<o:p></o=
:p></span></p><p class=3DMsoNormal><span lang=3DEN =
style=3D'font-family:"Calibri","sans-serif";color:#1F497D'>Jimmy<o:p></o:=
p></span></p><p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:10.5pt;font-family:"Calibri","sans-serif";color:#1F497=
D'><o:p> </o:p></span></p><div =
style=3D'border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm =
4.0pt'><div><div style=3D'border:none;border-top:solid #B5C4DF =
1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=3DMsoNormal><b><span =
lang=3DEN-US =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span>=
</b><span lang=3DEN-US =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
Nicolae =
Paladi [mailto:n.paladi@gmail.com] <br><b>Sent:</b> Thursday, November
=
14, 2013 6:30 PM<br><b>To:</b> Wei, Gang<br><b>Cc:</b>
Doron Fediuck; =
users@ovirt.org<br><b>Subject:</b> Re: [Users] Trusted Pools and CentOS
=
6 packages<o:p></o:p></span></p></div></div><p
class=3DMsoNormal><span =
lang=3DEN-US><o:p> </o:p></span></p><div><p
class=3DMsoNormal><span =
lang=3DEN-US>Hi, <o:p></o:p></span></p><div><p
=
class=3DMsoNormal><span =
lang=3DEN-US><o:p> </o:p></span></p></div><div><p
=
class=3DMsoNormal><span =
lang=3DEN-US><o:p> </o:p></span></p></div><div><p
=
class=3DMsoNormal><span lang=3DEN-US>As far as I see, port 8443 is not =
occupied and tomcat6 is
running:<o:p></o:p></span></p></div><div><p =
class=3DMsoNormal><span =
lang=3DEN-US><o:p> </o:p></span></p></div><div><div><p
=
class=3DMsoNormal><span lang=3DEN-US>root@host =
/usr/share/oat-client/script # netstat -anp | grep =
8443<o:p></o:p></span></p></div><div><p
class=3DMsoNormal><span =
lang=3DEN-US>root@host /usr/share/oat-client/script # service tomcat6 =
status<o:p></o:p></span></p></div><div><p
class=3DMsoNormal><span =
lang=3DEN-US>tomcat6 (pid 30950) is running... =
[ =
OK
]<o:p></o:p></span></p></div></div><div><p
=
class=3DMsoNormal><span =
lang=3DEN-US><o:p> </o:p></span></p></div><div><p
=
class=3DMsoNormal><span =
lang=3DEN-US><o:p> </o:p></span></p></div><div><p
=
class=3DMsoNormal><span lang=3DEN-US>Also, just in case, I've checked if =
disabling iptables helps, and it =
doesn't;<o:p></o:p></span></p></div><div><p
class=3DMsoNormal><span =
lang=3DEN-US><o:p> </o:p></span></p></div><div><p
=
class=3DMsoNormal><span =
lang=3DEN-US><o:p> </o:p></span></p></div><div><p
=
class=3DMsoNormal><span lang=3DEN-US>In the error trace, there is a =
line: <o:p></o:p></span></p></div><div><p
=
class=3DMsoNormal><b><span lang=3DEN-US>java.io.FileNotFoundException: =
/usr/share/oat-client/aik.cer (No such file or =
directory)</span></b><span =
lang=3DEN-US><o:p></o:p></span></p></div><div><p
class=3DMsoNormal><span =
lang=3DEN-US><o:p> </o:p></span></p></div><div><p
=
class=3DMsoNormal><span lang=3DEN-US>and indeed, there is not file =
aik.cer at /usr/share/oat-client/aik.cer; when is it supposed =
to<o:p></o:p></span></p></div><div><p
class=3DMsoNormal><span =
lang=3DEN-US>be
generated?<o:p></o:p></span></p></div><div><p =
class=3DMsoNormal><span =
lang=3DEN-US><o:p> </o:p></span></p></div><div><p
=
class=3DMsoNormal><span =
lang=3DEN-US>cheers,<o:p></o:p></span></p></div><div><p
=
class=3DMsoNormal><span =
lang=3DEN-US>/Nicolae<o:p></o:p></span></p></div><div><p
=
class=3DMsoNormal><span =
lang=3DEN-US><o:p> </o:p></span></p></div></div><div><p
=
class=3DMsoNormal style=3D'margin-bottom:12.0pt'><span =
lang=3DEN-US><o:p> </o:p></span></p><div><p
class=3DMsoNormal><span =
lang=3DEN-US>On 14 November 2013 04:32, Wei, Gang <<a =
href=3D"mailto:gang.wei@intel.com" =
target=3D"_blank">gang.wei(a)intel.com</a>&gt; =
wrote:<o:p></o:p></span></p><p class=3DMsoNormal><span
lang=3DEN-US>And =
you need to copy files from server to client before you try to =
run<br>provisioner.sh every time you run OAT_configure.sh =
again.<br><br>Jimmy<o:p></o:p></span></p><div><div><p
class=3DMsoNormal =
style=3D'margin-bottom:12.0pt'><span
lang=3DEN-US><br><br>> =
-----Original Message-----<br>> From: Wei, Gang<br>> Sent: =
Thursday, November 14, 2013 11:26 AM<br>> To: Nicolae
Paladi<br>> =
Cc: Doron Fediuck; <a =
href=3D"mailto:users@ovirt.org">users@ovirt.org</a>; Wei,
Gang<br>> =
Subject: RE: [Users] Trusted Pools and CentOS 6
packages<br>><br>> =
Can you try netstat -anp | grep 8443? Maybe it is occupied by =
apache.<br>><br>> Meanwhile check whether tomcat is =
up.<br>><br>>
Jimmy<br>><br>><br>> > -----Original =
Message-----<br>> > From: Nicolae Paladi [mailto:<a =
href=3D"mailto:n.paladi@gmail.com">n.paladi@gmail.com</a>]<br>>
> =
Sent: Wednesday, November 13, 2013 10:43 PM<br>> > To: Wei, =
Gang<br>> > Cc: Doron Fediuck; <a =
href=3D"mailto:users@ovirt.org">users@ovirt.org</a><br>>
> =
Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>> =
><br>> > Hi,<br>> ><br>>
> I am using port 8443, =
since no other process -- as far as I know -- is<br>> using =
it;<br>> ><br>> > below you will find all of the
requested =
configuration files:<br>> ><br>> > Contents of =
/etc/oat_client/*:<br>> > log4j.properties: <a =
href=3D"http://pastebin.com/MQLM68vs" =
target=3D"_blank">http://pastebin.com/MQLM68vs</a><...
> =
OAT.properties: <a href=3D"http://pastebin.com/LwHihxah" =
target=3D"_blank">http://pastebin.com/LwHihxah</a><...
> =
OATprovisioner.properties: <a href=3D"http://pastebin.com/0x5TShtZ" =
target=3D"_blank">http://pastebin.com/0x5TShtZ</a><...
> =
TPMModule.properties: <a href=3D"http://pastebin.com/hvw9gfRE" =
target=3D"_blank">http://pastebin.com/hvw9gfRE</a><...
><br>> =
><br>> > server.xml: <a
href=3D"http://pastebin.com/VZ9Vk6iC" =
target=3D"_blank">http://pastebin.com/VZ9Vk6iC</a><...
> =
OAT_client.sh: <a href=3D"http://pastebin.com/St4yCGcF" =
target=3D"_blank">http://pastebin.com/St4yCGcF</a><...
><br>> =
> provisioner.sh: <a href=3D"http://pastebin.com/RedqQt8V" =
target=3D"_blank">http://pastebin.com/RedqQt8V</a><...
><br>> =
><br>> > cheers,<br>> >
/Nicolae.<br>> ><br>> =
><br>> > On 13 November 2013 14:47, Wei, Gang <<a =
href=3D"mailto:gang.wei@intel.com">gang.wei@intel.com</a>> =
wrote:<br>> ><br>> ><br>> >
This time it =
failed earlier. Looks like the PCA webservice2 was not<br>> > =
listening on 8443 port. Have you replaced the port 8443 =
with 8442 in<br>> > server<br>> >
side =
($TOMCAT_HOME/conf/server.xml) but not change it in client side<br>> =
> (/usr/share/oat-client/script/OAT_client.sh)? Or the =
8443 port is<br>> occupied<br>> >
by another =
app?<br>> ><br>> > Please
copy the content =
from your current server.xml, OAT_client.sh,<br>> >
=
provisioner.sh and /etc/oat-client/* into the content of your =
reply<br>> for<br>> > analysis.
(don't attach =
*.sh as attachments, that will get filtered<br>> by my<br>>
> =
company's mailing system).<br>>
><br>> > =
Thanks<br>> >
Jimmy<br>> =
><br>> ><br>> ><br> > > =
-----Original
Message-----<br>> > > From: Nicolae =
Paladi [mailto:<a =
href=3D"mailto:n.paladi@gmail.com">n.paladi@gmail.com</a>]<br>>
> =
> Sent: Wednesday, November 13, 2013 7:01
PM<br>> =
> > To: Wei, Gang<br>
> > =
Cc: Doron Fediuck; <a =
href=3D"mailto:users@ovirt.org">users@ovirt.org</a><br>>
> =
> Subject: Re: [Users] Trusted Pools and CentOS 6 =
packages<br>> > ><br>>
><br>> > =
> Hi,<br>> >
><br>> > =
> thank you for the feedback;<br>> >
=
> I've gone through the steps again, but obtained the exactly =
same<br>> > problem:<br>> >
><br>> > =
> 1. I removed all of the previously installed packaged =
related to<br>> OAT.<br>> >
><br>> > =
> 2. I followed the tutorial, until this =
command:<br>> > ><br> > > =
bash
provisioner.sh<br>> > ><br>>
> =
> provisioner.sh: line 7: systemctl: command not found<br>>
=
> > ### ecStorage =3D NVRAM###<br>>
> =
> Performing TPM provisioning...FAILED<br>> >
=
> javax.xml.ws.WebServiceException: Failed to access the WSDL =
at:<br>> > ><br>>
><br>> <a =
href=3D"https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebServic=
e2Factor" =
target=3D"_blank">https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyC=
AWebService2Factor</a><br>> > >
yService?wsdl. It =
failed with:<br>> > >
=
Connection refused.<br>> > >
=
at<br>> > ><br>>
><br>> =
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP<br>&=
gt; > > arser.java:162)<br>> >
=
> at<br>> >
=
><br>> ><br>> =
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br=
> > >
ava:144)<br>> > > =
at<br>> >
><br>> =
><br>> =
com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav<b=
r>> > > a:265)<br> > > =
at<br>> >
><br>> =
><br>> =
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.ja=
va:228)<br>> > >
=
at<br>> > ><br>>
><br>> =
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.ja=
va:176)<br>> > >
=
at<br>> > ><br>>
><br>> =
com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav<br=
> > a:104<br>> >
> )<br>> > =
>
at =
javax.xml.ws.Service.<init>(Service.java:77)<br>> >
=
> at<br>>
> =
><br>> ><br>> =
gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe<b=
r>> > bSer<br>> >
><br>> ><br>> =
vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactorySer=
vice<br>> > Servi<br>
> > =
ce.java:42)<br>> >
> =
at<br>> > ><br>>
><br>> =
gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe<b=
r>> > bSer<br>> >
><br>> ><br>> =
vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cl=
i<br>> > >
entInvoker.java:32)<br>> > =
>
at<br>> > =
><br>> =
><br>gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.=
java:205)<br>> > > Caused by: =
java.net.ConnectException: Connection refused<br>> >
=
> at =
java.net.PlainSocketImpl.socketConnect(Native Method)<br>> > =
>
at<br>> > =
><br>> ><br>> =
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav<br=
> > a:339<br>> >
> )<br>> > =
>
at<br>> >
=
><br>> ><br>> =
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI<br=
> > mpl.j<br>> >
> ava:200)<br>> > =
> at<br>> >
=
><br>> =
><br>java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.=
java:182)<br>> > >
=
at<br>> > =
java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)<br>> > =
> at =
java.net.Socket.connect(Socket.java:579)<br>
> > =
at<br>> > =
sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)<br>> =
> >
at<br>> > =
><br>> > =
sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)<br=
> > >
at =
sun.net.NetworkClient.doConnect(NetworkClient.java:180)<br>> >
=
>
at<br>> > =
sun.net.www.http.HttpClient.openServer(HttpClient.java:432)<br>> > =
>
at<br>> > =
sun.net.www.http.HttpClient.openServer(HttpClient.java:527)<br>> > =
>
at<br>> > =
><br>> =
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)=
<br>> > >
at<br>> =
> > =
sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)<br>> =
> >
at<br>> > =
><br>> ><br>> =
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt<br=
> > > =
tpClient(AbstractDelegateHttpsURLConnection.java:191)<br>> > =
>
at<br>> > =
><br>> ><br>> =
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec<br=
> > >
tion.java:932)<br>> > =
>
at<br>> >
=
><br>> ><br>> =
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A<b=
r> > > =
bstractDelegateHttpsURLConnection.java:177)<br>> >
=
> at<br>> >
=
><br>> ><br>> =
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn<br=
> > >
ection.java:1300)<br>> > =
>
at<br>> >
=
><br>> ><br>> =
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU<b=
r>> > >
RLConnectionImpl.java:254)<br>> > =
> at =
java.net.URL.openStream(URL.java:1037)<br>
> > =
at<br>> > ><br>>
=
><br>> =
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD<br>&=
gt; > > LParser.java:804)<br>> >
=
> at<br>> >
=
><br>> ><br>> =
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL<br>&=
gt; > > Parser.java:262)<br>> >
=
> at<br>> >
=
><br>> ><br>> =
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br=
>> > > ava:129)<br> > > =
... 8 more<br>
> > =
Failed to initialize the TPM, error
1<br> > > =
Performing
HIS identity provisioning...FAILED<br>> > =
> gov.niarl.his.privacyca.TpmModule$TpmModuleException:<br>> >
=
> TpmModule.getCredential returned nonzero error: =
2()<br>> > >
=
at<br>> > ><br>> =
gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)<br>&g=
t; > >
at<br>> > =
><br>> =
><br>><br>gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisId=
entityProvisioner.j<br>> >
ava:<br>> > =
> 217)<br>> > > Failed
to receive AIC =
from Privacy CA, error 1<br>> > >
Registering =
identity with server...FAILED<br>
> > =
java.io.FileNotFoundException:
/usr/share/oat-client/aik.cer (No<br>> =
such file<br>> > or<br> > > =
directory)<br>> > >
=
at java.io.FileInputStream.open(Native Method)<br>> > =
> at<br>> =
java.io.FileInputStream.<init>(FileInputStream.java:146)<br>>
=
> >
at<br>> =
java.io.FileInputStream.<init>(FileInputStream.java:101)<br>>
=
> >
at<br>> > =
=
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>> =
> >
at<br>> > =
><br>> ><br>> =
><br>><br>gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegis=
terIdentity.java:9<br>> > 9<br>> >
)<br>> =
> > Failed to register identity with appraiser, =
error 1<br>> > ><br>>
><br>> > =
> Should I have updated anything else?<br>> >
=
><br>> > >
cheers,<br>> > =
> /Nicolae.<br>> >
><br>> > =
><br>> >
><br>> > =
> On 1 November 2013 10:14, Wei, Gang <<a =
href=3D"mailto:gang.wei@intel.com">gang.wei@intel.com</a>> =
wrote:<br>> > ><br>>
> =
><br>> > >
This is indeed =
an issue caused by the incompatibility<br>> between<br>>
> =
OAT<br>> > tpm<br> > > =
access<br>> > >
code & =
tpm-tools(tpm_takeownership -z). It has already been<br>> > =
fixed.<br>> > > Please<br>>
> =
> follow below wiki and try
again.<br>> > =
><br>> ><br>> <a =
href=3D"https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-...
HEL-" =
target=3D"_blank">https://github.com/OpenAttestation/OpenAtt...
/OAT-for-RHEL-</a><br>> > >
Recipe.<br>> > =
><br>> > >
=
Thanks<br>> > >
=
Jimmy<br>> > ><br> > > =
Nicolae Paladi wrote on 2013-10-28:<br>> > =
><br>> > >
=
> Hi, I've followed the recipe<br>> >
> =
><br>> >
><br>> ><br>> =
(<a =
href=3D"https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-...
HEL-Rec" =
target=3D"_blank">https://github.com/OpenAttestation/OpenAtt...
/OAT-for-RHEL-Rec</a><br>> >
><br>> > =
> > i pe) but
didn't get it to =
run yet; I think a step is<br>> missing --<br>> >
=
the AIK<br>> > ><br> > > =
> is not available is /usr/share/oat-client (it =
was not<br>> available in<br>> >
> =
> /var/lig/oat-appraiser/ClientFiles either); when I =
try to<br>> run<br>> > >
=
> provisioner.sh, I get the following: provisioner.sh: line<br>> =
7:<br>> > systemctl:<br> > > =
> command not found ### ecStorage =3D NVRAM### =
Performing<br>> > TPM<br>> >
> =
> provisioning...710 DONE Successfully initialized =
TPM<br>> > Performing<br>> >
HIS<br>> > =
> > identity =
provisioning...FAILED<br>> > =
java.util.NoSuchElementException<br>> > >
=
>
at<br>> > =
> =
java.util.StringTokenizer.nextToken(StringTokenizer.java:349)<br>> =
> > >
=
at<br>> > >
=
><br>> > ><br>>
><br>> =
gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21<br=
> > >
> 5)<br>> > =
>
> =
at<br>> > >
><br>> =
> ><br>> ><br>> =
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:2=
9<br>> > >
> 2)<br>> =
> > >
=
at<br>> > >
=
><br>> ><br>> =
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione=
<br>> > ><br>> >
> =
> r.java: 225) Failed to receive AIC from Privacy CA, =
error<br>> 1<br>> >
Registering<br>> > =
><br>> > >
=
> identity with server...FAILED<br>> =
java.io.FileNotFoundException:<br>> > >
=
> /usr/share/oat-client/aik.cer (No such file or =
directory)<br>> > >
> =
at java.io.FileInputStream.open(Native =
Method)<br>> > >
> =
at<br>> > =
java.io.FileInputStream.<init>(FileInputStream.java:137)<br>>
=
> > >
=
at<br>> > =
java.io.FileInputStream.<init>(FileInputStream.java:96)<br>> =
> > >
=
at<br>> > ><br>>
=
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>> =
> > >
=
at<br>> > >
=
><br>> > ><br>> =
><br>><br>gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegis=
terIdentity.java:9<br>> > >
9<br>> > =
> )<br>
> > =
>
Failed to register identity with appraiser, =
error 1<br>> > >
=
><br>> > >
><br>> =
> >
><br>> > =
> > Thanks,<br>>
> =
> > /Nicolae<br> > > =
><br>> > >
=
><br>> > >
> On =
27 October 2013 22:55, Nicolae Paladi<br>> > <<a =
href=3D"mailto:n.paladi@gmail.com">n.paladi@gmail.com</a>><br>>
=
> wrote:<br>> >
> =
><br>> > >
=
><br>> > >
> =
Awesome, thanks!<br>> >
> =
><br>> > >
=
> I'll try this out in the
morning<br>> > =
> ><br>>
> =
> >
/Nicolae<br>> =
> >
><br>> > =
> ><br> > > =
> On 27 October 2013 17:03,
=
Wei, Gang<br>> > <<a =
href=3D"mailto:gang.wei@intel.com">gang.wei@intel.com</a>><br>>
=
> > wrote:<br>> >
> =
><br>> > >
=
><br>> > >
> =
Please refer
to<br>> > =
> ><br>>
> =
> ><br>> >
><br>> =
><br>> <a =
href=3D"https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-...
HEL-" =
target=3D"_blank">https://github.com/OpenAttestation/OpenAtt...
/OAT-for-RHEL-</a><br>> > >
=
> Recipe.<br>> > >
=
><br>> > >
> =
Jimmy<br>>
> =
><br>> >
><br>> ><br>> =
><br>>
><o:p></o:p></span></p></div></div></div><p
=
class=3DMsoNormal><span =
lang=3DEN-US><o:p> </o:p></span></p></div></div></div></body></html>
------=_NextPart_001_02D2_01CEE1EC.B38C9770--
------=_NextPart_000_02D1_01CEE1EC.B38C9770
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCIX4w
ggMgMIICiaADAgECAgQ13vTPMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQK
EwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw
HhcNOTgwODIyMTY0MTUxWhcNMTgwODIyMTY0MTUxWjBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMH
RXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBXbFYZwhi7qCaLR8IbZEUaJgKHv7aBG8ThGIhw9F8
zp8F4LgB8E407OKKlQRkrPFrU18Fs8tngL9CAo7+3QEJ7OEAFE/8+/AM3UO6WyvhH4BwmRVXkxbx
D5dqt8JoIxzMTVkwrFEeO68r1u5jRXvF2V9Q0uNQDzqI578U/eDHuQIDAQABo4IBCTCCAQUwcAYD
VR0fBGkwZzBloGOgYaRfMF0xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQL
EyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwGgYD
VR0QBBMwEYEPMjAxODA4MjIxNjQxNTFaMAsGA1UdDwQEAwIBBjAfBgNVHSMEGDAWgBRI5mj5K9Ky
lddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUSOZo+SvSspXXR9gjIBBPM5iQn9QwDAYDVR0TBAUwAwEB
/zAaBgkqhkiG9n0HQQAEDTALGwVWMy4wYwMCBsAwDQYJKoZIhvcNAQEFBQADgYEAWM4p6vz33rXO
ArkXtYXRuePglcwlMQ0AppJuf7aSY55QldGab+QR3mOFbpjuqP9ayNNVsmZxV97AIes9KqcjSQEE
hkJ7/O5/ohZStWdn00DbOyZYsih3Pa4Ud2HW+ipmJ6AN+qdzXOpw8ZQhZURf+vzvKWipood573nv
T6wHdzgwggM9MIICpqADAgECAgMFsP8wDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAO
BgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhv
cml0eTAeFw0wNjAyMTYxODAxMzBaFw0xNjAyMTkxODAxMzBaMFIxCzAJBgNVBAYTAlVTMRowGAYD
VQQKExFJbnRlbCBDb3Jwb3JhdGlvbjEnMCUGA1UEAxMeSW50ZWwgRXh0ZXJuYWwgQmFzaWMgUG9s
aWN5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaXf1zm/UFahGfJkNdONk3Ti
KtwEwyLFdsQ8rd9Mi8jEeVo7brNG59wfoXvPQYjTvyz+vqxcxMJQ+eT5V/hyxiCnjTRve3asnN9B
RJRFI2c02RatjeHt5FSf1wBBIADc1fL/aqe6lsMboD4H3N8/QZGKLfgon6M3sRy2/4RGY/siEglO
tZEWb7kkNBNdcmC+HUYHIJSXmh6N6F+e67yHJGi7GFef9QI/kfAzNT6ZPeuV0ACrB358k+wuEudE
+JVZ+Jc9+sDnTWZ/83oBtc6eNZZ6ExX0+CrilSR+ce2A9aeim4CQii6L57oxrqIargTX3VyqWZL8
+qRr/ogtR2sCXQIDAQABo4GgMIGdMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUGsYMSsRHb6jb
rSvw9FYGo+03VAwwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Js
cy9zZWN1cmVjYS5jcmwwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwDwYDVR0TAQH/
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQATEDitpFSlSJVFsC03csCfntjvjwv7kJbSthd5Ucqz
3wZ+vbTpCD+EoAyTn7McqGyKzy3u+ZAS8Pg6JtdzgQ6fxDGSWdQoJUH1VfHKPZk92mTI0hhkIjIJ
CS0d4zH6/dNH12So+V3qgifiT9JhISRhHVQmPhRZZLCY1fOnw66tUDCCBDYwggMeoAMCAQICAQEw
DQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYD
VQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0
ZXJuYWwgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4MzhaMG8xCzAJBgNVBAYT
AlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQ
IE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC39xoz5vIABC054E5b7R+8bA/Ntfojts7emxEzl6QpTH2Tn71K
vJPtAxrjj8/lbVBa1pcplFqAsEl62y6V/bjKvzc4LR4+kUGtcFbH8E8/6DKedMrIkFTpxl8PeJ2a
QDwOrGGqXhSPnoehalDc15pOrwWzpnGUnHGzUGAKxxOdOAeGAqjpqGkmGJCrTLBPI6s6T4TY386f
4Wlvu9dC12tE5Met7m1BX3JacQg3s3llpFmglDf3AC8NwpJy2tA4ctsUqEXEXSp9t7TWxO6szRNE
t8kr3UMAJfphuWlqWCMRt6czj1Z1WfXNKddGtworZbbTQm8Vsrh7++/pXVPVNFonAgMBAAGjgdww
gdkwHQYDVR0OBBYEFK29mHo0tCb3+sQmVO8DveAky1QaMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MIGZBgNVHSMEgZEwgY6AFK29mHo0tCb3+sQmVO8DveAky1QaoXOkcTBvMQswCQYDVQQG
EwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRU
UCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290ggEBMA0GCSqGSIb3
DQEBBQUAA4IBAQCwm+CFJcLWI+IPlgaSnUGYnNmEeYHZHlsUByM2ZY+w2He7rEFsR2CDUbD5Mj3n
/PYmE8eAFqW/WvyHz3h5iSGa4kwHCoY1vPLeUcTSlrfcfk7ucP0cOesMAlEULY69FuDB30Z15ySt
7PRCtIWTcBBnup0GNUoY0yt6zFFCoXpj0ea7ocUrwja+Ew3mvWN+eXunCQ1Aq2rdj4rD9vaMGkIF
UdRF9Z+nYiFoFSBDPJnnfL0k2KmRF3OIP1YbMTgYtHEPms3IDp6OLhvhjJiDyx8x8URMxgRzSXZg
D8f4vReAay7pzEwOWpp5DyAKLtWeYyYeVZKU2IIXWnvQvMePToYEMIIE6zCCA9OgAwIBAgIQUukC
yhHoRJ2UZTgvoxowuzANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRk
VHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQD
ExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTEzMDMxOTAwMDAwMFoXDTIwMDUzMDEwNDgz
OFoweTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEaMBgG
A1UEChMRSW50ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElz
c3VpbmcgQ0EgNEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgsMyAndhJVfoD2wT6
OMfdv4XddrzrPcssq7/pa+Mh29RvGejPaqe+X1QpAjewTXNRFDGt+C+0/Rs+C3W4PAB8tzofl6qf
KL7sWs+xMYJHiDAOarVaRNCA0M1dSBvvV73/qx+r5Z8IOmLxJxqCXIsJGnumH9XrRxuK0G+dkV6U
oIMGHffZLoobdsB2c0YH++TzpvAOVjqiYOzr9Gx83DNBXCj8zeg+u7HrLrPIihG6V+RUQ1szT/1G
vNA6XIrhblWTgQSx9baOUJXhbzdAqpFxwAohTHDar8egdU9tsROusuYTpFFn/55aWQZaX6a3HjYc
6A6ZfQFF1NGj28fvJ4GjAgMBAAGjggF3MIIBczAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g
JMtUGjAdBgNVHQ4EFgQUHmkqtNwo/kcYTiELP7ysES/wmPUwDgYDVR0PAQH/BAQDAgGGMBIGA1Ud
EwEB/wQIMAYBAf8CAQAwNgYDVR0lBC8wLQYIKwYBBQUHAwQGCisGAQQBgjcKAwQGCisGAQQBgjcK
AwwGCSsGAQQBgjcVBTAXBgNVHSAEEDAOMAwGCiqGSIb4TQEFAWkwSQYDVR0fBEIwQDA+oDygOoY4
aHR0cDovL2NybC50cnVzdC1wcm92aWRlci5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmww
OgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC50cnVzdC1wcm92aWRlci5j
b20wNQYDVR0eBC4wLKAqMAuBCWludGVsLmNvbTAboBkGCisGAQQBgjcUAgOgCwwJaW50ZWwuY29t
MA0GCSqGSIb3DQEBBQUAA4IBAQApws2j/ZKjUmeiLwbtblDoVI+rV+bIpbexIN/Vqa/IeSMSB3bm
fswpEcYSZHHGjOI8qlyZt9dhT4nSDnrScKjmA8XvxZ3tmbNyYJybVQUV8jF/DpADX1tGlMLxswxp
JISXzLf0+DBr4cQ2ag9mwzrcN1nrOIOc+pxJtx9izyp3+bl3baulerkgZVS1fotftH+FJLD/ex8B
OcEuCIm2KVXJjs4YaZgoIBLYjTiK29JLVa15xdO305kPI1uXsu05sGuAwuFmSklb6k5H1/eHlUbZ
Lm4qQDtOH00L0ShJx3BAIAjD5RYptJDQiyPZQUvt8cq+apYpVMv3yxHO8jex40LgMIIFijCCBHKg
AwIBAgIKYSCKYgAAAAAACDANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMR
SW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHkludGVsIEV4dGVybmFsIEJhc2ljIFBvbGljeSBD
QTAeFw0wOTA1MTUxOTI3MjZaFw0xNTA1MTUxOTM3MjZaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQK
ExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWlu
ZyBDQSAzQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQEM1Wn9TU9vc9C+/Tc7KB+
eiYElmrcEWE32WUdHvWG+IcQHVQsikTmMyKKojNLw2B5s6Iekc8ivDo/wCfjZzX9JyftMnc+AArc
0la87Olybzm8K9jXEfTBvTnUSFSiI9ZYefITdiUgqlAFuljFZEHYKYtLuhrRacpmQfP4mV63NKdc
2bT804HRf6YptZFa4k6YN94zlrGNrBuQQ74WFzz/jLBusbUpEkro6Mu/ZYFOFWQrV9lBhF9Ruk8y
N+3N6n9fUo/qBigiF2kEn9xVh1ykl7SCGL2jBUkXx4qgV27a6Si8lRRdgrHGtN/HWnSWlLXTH5l5
75H4Lq++77OFv38CAwEAAaOCAlwwggJYMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFA7GKvdZ
sggQkCVvw939imYxMCvFMAsGA1UdDwQEAwIBhjASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQB
gjcVAgQWBBQ5oFY2ekKQ/5Ktim+VdMeSWb4QWTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAf
BgNVHSMEGDAWgBQaxgxKxEdvqNutK/D0Vgaj7TdUDDCBvQYDVR0fBIG1MIGyMIGvoIGsoIGphk5o
dHRwOi8vd3d3LmludGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFz
aWMlMjBQb2xpY3klMjBDQS5jcmyGV2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9z
aXRvcnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNybDCB4wYI
KwYBBQUHAQEEgdYwgdMwYwYIKwYBBQUHMAKGV2h0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRv
cnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNy
dDBsBggrBgEFBQcwAoZgaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9j
ZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EuY3J0MA0G
CSqGSIb3DQEBBQUAA4IBAQCxtQEHchVQhXyjEqtMVUMe6gkmPsIczHxSeqNbo9dsD+6xbT65JT+o
YgpIAtfEsYXeUJu1cChqpb22U5bMAz7eaQcW5bzefufWvA6lg2048B8oczBj/q+5P5NpYrUO8jOm
N4jTjfJq3ElZ7yFWpy7rB3Vm/aN6ATYqWfMbS/xfh+JCxmH3droUmMJI0/aZJHsLtjbjFnNsHDNr
JZX1vxlM78Lb1hjskTENPmhbVbfTj5i/ZGnhv4tmI8QZPCNtcegXJrfhRl2D9bWpdTOPrWiLDUqz
y1Z6KL7TcOS/PCl8RHCJXkPau/thTQCpIoDa2+c+3XA++gRTfAQ4svTO260NMIIF+zCCBOOgAwIB
AgIKHtX06gABAACWPTANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRSW50
ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0Eg
M0IwHhcNMTIwNjA4MDgwNTExWhcNMTUwNTE1MTkzNzI2WjA3MRIwEAYDVQQDEwlXZWksIEdhbmcx
ITAfBgkqhkiG9w0BCQEWEmdhbmcud2VpQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALNyfS4yC6aDo3DZ/oId96Dvi8CB5SJyDUcMhpKWZtzqPX2mMOqQNgv4qAtHUjt4
ibyPSjGZ+0EM3r63384gGcVR8+uxiuijBIOCkis6oGQ+TmBl1i28KobkE4jNnLCES0keisfNdzO8
vAOxIFbT9KxQl1f1MfvsZfyGfFYB53gHCh1VxdZ7a2XKaON+l2YYx2p5xGGZtDDb61ajXSGvdHK+
qMIfo7LMoZmY42t5NawgizwcqBPUOLR+JXOtyGGiXZx3wZPeRmZx/eCMPBhSlfewpvUrK8W0kL59
1Lv0HeUVEJye2bOmlLo1DeIp6KH9JujFB33KhHXvNsugc9IYUVMCAwEAAaOCAugwggLkMAsGA1Ud
DwQEAwIHgDA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiGw4x1hJnlUYP9gSiFjp9TgpHACWeB
3r05lfBDAgFkAgEIMB0GA1UdDgQWBBQYdG5bBKSgjlBUQ6dpUm2vjlkEKDAfBgNVHSMEGDAWgBQO
xir3WbIIEJAlb8Pd/YpmMTArxTCBzwYDVR0fBIHHMIHEMIHBoIG+oIG7hldodHRwOi8vd3d3Lmlu
dGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5n
JTIwQ0ElMjAzQigxKS5jcmyGYGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRv
cnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDNCKDEpLmNy
bDCB9QYIKwYBBQUHAQEEgegwgeUwbAYIKwYBBQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3Jl
cG9zaXRvcnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3Vpbmcl
MjBDQSUyMDNCKDEpLmNydDB1BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5j
b20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNz
dWluZyUyMENBJTIwM0IoMSkuY3J0MB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMMMCkG
CSsGAQQBgjcVCgQcMBowCgYIKwYBBQUHAwQwDAYKKwYBBAGCNwoDDDBBBgNVHREEOjA4oCIGCisG
AQQBgjcUAgOgFAwSZ2FuZy53ZWlAaW50ZWwuY29tgRJnYW5nLndlaUBpbnRlbC5jb20wDQYJKoZI
hvcNAQEFBQADggEBAHuycX8AxjwfC5zmWDh0QpY8vDSgyLXaUDYKm2+ATDJDn5kALJgxAqaThvqG
TH+oz73HQ7L8v7QxM0Yp1IQd/k5GeqMzhuXEoPM4rcORlOlvRqxBJNZUuYwxvyYaUpLU1W8EsOB2
zB31ykzdXH93b6ZpfJk78eqZuq00xHxU9mw4PXlWPnn1NDBYD1JH/ufCmpFk6sBE2bBf2u2miBEw
HoRUyoH1nbu78aOs4mE6fRC9NutIriNPI2790R3FAY8dLWl3nrpXs80TrUCptat61uNRJDH06KXe
81QCtvDVlBGbZ4gqWR3PZGsnJKeOLOO38PQvFFm1Xjs4DVYiPVYyCTIwggZfMIIFR6ADAgECAgoX
k5lZAAIAACHzMA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEUMBIG
A1UEBxMLU2FudGEgQ2xhcmExGjAYBgNVBAoTEUludGVsIENvcnBvcmF0aW9uMSswKQYDVQQDEyJJ
bnRlbCBFeHRlcm5hbCBCYXNpYyBJc3N1aW5nIENBIDRBMB4XDTEzMDgxOTAwMzYzN1oXDTE2MDgw
MzAwMzYzN1owNzESMBAGA1UEAxMJV2VpLCBHYW5nMSEwHwYJKoZIhvcNAQkBFhJnYW5nLndlaUBp
bnRlbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5n/5H2E4IaFTN6vf/5c8e
QY+u2n0X6FBqaOcJLEjHxkruNV8FYsNtngjFToTw6+1/UagW/vCKKovY9xdFN4hzbfufpgKS3qDm
r4xi0b4d9hKIItaClYfbfO90qdz/GuFJByWmjqqjWmzgS1gHP8lV/7skH8ykBPXP1pdbi9zsR5qc
dY1J9pv6+80W/7t6a1Hc/YcxiGPWBIoxeEcOwyIUvHkB3YCNiTF/b8Yd2XP7WOS5dTCyTQznSc4f
LWh4/+9uJ2DwNJSwmA3i/E8Ypuj2nkl2sON5XhHwLgZPAubbVetnE9GhYqC2gMPAtGdanjq89qLp
HooNYxSz5DBZ/qGXAgMBAAGjggMpMIIDJTALBgNVHQ8EBAMCBDAwPQYJKwYBBAGCNxUHBDAwLgYm
KwYBBAGCNxUIhsOMdYSZ5VGD/YEohY6fU4KRwAlnhLnZQYeE/04CAWQCAQ0wRAYJKoZIhvcNAQkP
BDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMH
MB0GA1UdDgQWBBQXPB4WAJS7jGIRmmWelsAl0gdIyzAfBgNVHSMEGDAWgBQeaSq03Cj+RxhOIQs/
vKwRL/CY9TCByQYDVR0fBIHBMIG+MIG7oIG4oIG1hlRodHRwOi8vd3d3LmludGVsLmNvbS9yZXBv
c2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5nJTIwQ0ElMjA0QS5j
cmyGXWh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIw
RXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDRBLmNybDCB9QYIKwYBBQUHAQEEgegw
geUwbAYIKwYBBQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRvcnkvY2VydGlmaWNh
dGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDRBKDIpLmNydDB1
BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9jZXJ0
aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNzdWluZyUyMENBJTIwNEEoMiku
Y3J0MB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMEMCkGCSsGAQQBgjcVCgQcMBowCgYI
KwYBBQUHAwQwDAYKKwYBBAGCNwoDBDBBBgNVHREEOjA4oCIGCisGAQQBgjcUAgOgFAwSZ2FuZy53
ZWlAaW50ZWwuY29tgRJnYW5nLndlaUBpbnRlbC5jb20wDQYJKoZIhvcNAQEFBQADggEBABbAGh9L
zr7TdotBWnVEUR2ZohZjdhIs7vMslFWmwYvuge2PkPTUhV6sUDWEE04S7+L+XUIvm5DOMCoqY+eJ
RfIDxpbqAEQOSf8Ro+xR2zsohSgbNiN7ocjh6siCW2FsPfdV2jV12eDMM4IvT5J2aAMLlQ8LSRq5
g+vaXrp0lengXNIGEUxHeQRTkQEEc/UsixV1FVBhlUjF5c6qKzSOY4xV/OMeMmxzoLf+h41zU4da
TYEeXeWsed//nrtoTVOYSJ3bko6kpnP/sOVKN1dmWZWi8h2hg3MP42mTZI+fiLCgBsCqNFlbfXeC
/OornRiCqKrjk1KERzICUuIKXYbqN+ExggPiMIID3gIBATBkMFYxCzAJBgNVBAYTAlVTMRowGAYD
VQQKExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNz
dWluZyBDQSAzQgIKHtX06gABAACWPTANBglghkgBZQMEAgEFAKCCAk8wGAYJKoZIhvcNAQkDMQsG
CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMxMTE1MDIyMzE4WjAvBgkqhkiG9w0BCQQxIgQg
javldfz4mHkCM7kSk1fiRRn2SH5U1glA+205tbvdWK4wgZgGCSsGAQQBgjcQBDGBijCBhzB5MQsw
CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFDASBgNVBAcTC1NhbnRhIENsYXJhMRowGAYDVQQKExFJ
bnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWluZyBD
QSA0QQIKF5OZWQACAAAh8zCBmgYLKoZIhvcNAQkQAgsxgYqggYcweTELMAkGA1UEBhMCVVMxCzAJ
BgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRp
b24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0EgNEECCheTmVkAAgAA
IfMwgasGCSqGSIb3DQEJDzGBnTCBmjALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAoGCCqGSIb3
DQMHMAsGCWCGSAFlAwQBAjAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwDQYIKoZIhvcNAwICAUAw
DQYIKoZIhvcNAwICASgwCwYJYIZIAWUDBAIBMAsGCWCGSAFlAwQCAzALBglghkgBZQMEAgIwBwYF
Kw4DAhowDQYJKoZIhvcNAQEBBQAEggEAE8lqq5vFOulvfb/7lWpEEUYnHxRcQDXuqU+zGEeTYpwD
zC/z0wbrVG+z9+6i8y+ONVrZqYa3UhJ6+izeGZDaN7PKCcwgFtW6aLMA4sIYhCChF/k8m6mBIL1I
HWKcbrW4qDPvn5Tdha5T27VoNuKnh6RwJMp76pLVV6cCJ65L2IqitcDU4LWUCDPoIU1aMAq/vRu0
7M5SpFDj6l8xY/xXmnNWWsnNXy891KbB3BcM7zq0n6IsChVV9PxhjZ4l67te/5NM8fIjV3JCglbU
x59A4rodI6clbciHsNGwRV77u13lQ3nZOC596n3B+yYAYlPliAWU+is7aUbSDVp3ktSNGQAAAAAA
AA==
------=_NextPart_000_02D1_01CEE1EC.B38C9770--