Offline tests for DigiCert ONE

ebourg · Apr 3, 2024 · c01b337 · c01b337
1 parent f9d0e5f
commit c01b337
Show file tree

Hide file tree

Showing 5 changed files with 448 additions and 4 deletions.
diff --git a/jsign-core/src/main/java/net/jsign/jca/DigiCertOneSigningService.java b/jsign-core/src/main/java/net/jsign/jca/DigiCertOneSigningService.java
@@ -78,12 +78,18 @@ public DigiCertOneSigningService(String apiKey, File keystore, String storepass)
  * @param keyManager the key manager to authenticate the client with the server
  */
  public DigiCertOneSigningService(String apiKey, X509KeyManager keyManager) {
- this.client = new RESTClient("https://one.digicert.com/signingmanager/api/v1/", conn -> {
+ this("https://clientauth.one.digicert.com", apiKey, keyManager);
+ }
+
+ DigiCertOneSigningService(String endpoint, String apiKey, X509KeyManager keyManager) {
+ this.client = new RESTClient(endpoint + "/signingmanager/api/v1/", conn -> {
  conn.setRequestProperty("x-api-key", apiKey);
  try {
  SSLContext context = SSLContext.getInstance("TLS");
  context.init(new KeyManager[]{keyManager}, null, new SecureRandom());
- ((HttpsURLConnection) conn).setSSLSocketFactory(context.getSocketFactory());
+ if (conn instanceof HttpsURLConnection) {
+ ((HttpsURLConnection) conn).setSSLSocketFactory(context.getSocketFactory());
+ }
  } catch (GeneralSecurityException e) {
  throw new RuntimeException("Unable to load the DigiCert ONE client certificate", e);
  }
@@ -195,7 +201,7 @@ public byte[] sign(SigningServicePrivateKey privateKey, String algorithm, byte[]
  try {
  Map<String, Object> args = new HashMap<>();
  args.put(JsonWriter.TYPE, "false");
- Map<String, ?> response = client.post("https://clientauth.one.digicert.com/signingmanager/api/v1/keypairs/" + privateKey.getId() + "/sign", JsonWriter.objectToJson(request, args));
+ Map<String, ?> response = client.post("keypairs/" + privateKey.getId() + "/sign", JsonWriter.objectToJson(request, args));
  String value = (String) response.get("signature");
 
  return Base64.getDecoder().decode(value);
@@ -204,7 +210,7 @@ public byte[] sign(SigningServicePrivateKey privateKey, String algorithm, byte[]
  }
  }
 
- private static KeyManager getKeyManager(File keystoreFile, String storepass) {
+ static KeyManager getKeyManager(File keystoreFile, String storepass) {
  try {
  KeyStore keystore = new KeyStoreBuilder().keystore(keystoreFile).storepass(storepass).build();
 

diff --git a/jsign-core/src/test/java/net/jsign/jca/DigiCertOneSigningServiceTest.java b/jsign-core/src/test/java/net/jsign/jca/DigiCertOneSigningServiceTest.java
@@ -0,0 +1,235 @@
+/**
+ * Copyright 2024 Emmanuel Bourg
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.jsign.jca;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyStoreException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.List;
+
+import javax.net.ssl.X509KeyManager;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import static net.jadler.Jadler.*;
+import static org.junit.Assert.*;
+
+public class DigiCertOneSigningServiceTest {
+
+ @Before
+ public void setUp() {
+ initJadler().withDefaultResponseStatus(404);
+ }
+
+ @After
+ public void tearDown() {
+ closeJadler();
+ }
+
+ private SigningService getTestService() {
+ File keystore = new File("target/test-classes/keystores/keystore.p12");
+ X509KeyManager keyManager = (X509KeyManager) DigiCertOneSigningService.getKeyManager(keystore, "password");
+ return new DigiCertOneSigningService("http://localhost:" + port(), "myapikey", keyManager);
+ }
+
+ @Test
+ public void testGetAliases() throws Exception {
+ onRequest()
+ .havingMethodEqualTo("GET")
+ .havingPathEqualTo("/signingmanager/api/v1/certificates")
+ .respond()
+ .withStatus(200)
+ .withContentType("application/json")
+ .withBody(new FileInputStream("target/test-classes/services/digicertone-certificates.json"));
+
+ SigningService service = getTestService();
+ List<String> aliases = service.aliases();
+
+ assertEquals("aliases", Collections.singletonList("jsign-2022-cert"), aliases);
+ }
+
+ @Test
+ public void testGetAliasesWithError() {
+ onRequest()
+ .havingMethodEqualTo("GET")
+ .havingPathEqualTo("/signingmanager/api/v1/certificates")
+ .respond()
+ .withStatus(500);
+
+ SigningService service = getTestService();
+ try {
+ service.aliases();
+ fail("No exception thrown");
+ } catch (KeyStoreException e) {
+ assertEquals("message", "Unable to retrieve DigiCert ONE certificate aliases", e.getMessage());
+ }
+ }
+
+ @Test
+ public void testGetCertificateChain() throws Exception {
+ onRequest()
+ .havingMethodEqualTo("GET")
+ .havingPathEqualTo("/signingmanager/api/v1/certificates")
+ .respond()
+ .withStatus(200)
+ .withContentType("application/json")
+ .withBody(new FileInputStream("target/test-classes/services/digicertone-certificates.json"));
+
+ SigningService service = getTestService();
+ Certificate[] chain = service.getCertificateChain("jsign-2022-cert");
+ assertNotNull("null chain", chain);
+ assertEquals("length", 3, chain.length);
+ assertEquals("subject 1", "CN=Jsign Code Signing Test Certificate 2022 (RSA)", ((X509Certificate) chain[0]).getSubjectDN().getName());
+ assertEquals("subject 2", "CN=Jsign Code Signing CA 2022", ((X509Certificate) chain[1]).getSubjectDN().getName());
+ assertEquals("subject 3", "CN=Jsign Root Certificate Authority 2022", ((X509Certificate) chain[2]).getSubjectDN().getName());
+ }
+
+ @Test
+ public void testGetCertificateChainWithInvalidAlias() {
+ onRequest()
+ .havingMethodEqualTo("GET")
+ .havingPathEqualTo("/signingmanager/api/v1/certificates")
+ .havingQueryStringEqualTo("alias=jsign-1977-cert")
+ .respond()
+ .withStatus(200)
+ .withContentType("application/json")
+ .withBody("{\"total\":0,\"offset\":0,\"limit\":20,\"items\":[]}");
+
+ SigningService service = getTestService();
+ try {
+ service.getCertificateChain("jsign-1977-cert");
+ fail("No exception thrown");
+ } catch (KeyStoreException e) {
+ assertEquals("message", "Unable to retrieve DigiCert ONE certificate 'jsign-1977-cert'", e.getMessage());
+ }
+ }
+
+ @Test
+ public void testGetCertificateChainWithError() {
+ onRequest()
+ .havingMethodEqualTo("GET")
+ .havingPathEqualTo("/signingmanager/api/v1/certificates")
+ .respond()
+ .withStatus(500);
+
+ SigningService service = getTestService();
+ try {
+ service.getCertificateChain("jsign-1995-cert");
+ fail("No exception thrown");
+ } catch (KeyStoreException e) {
+ assertEquals("message", "Unable to retrieve DigiCert ONE certificate 'jsign-1995-cert'", e.getMessage());
+ }
+ }
+
+ @Test
+ public void testGetPrivateKey() throws Exception {
+ onRequest()
+ .havingMethodEqualTo("GET")
+ .havingPathEqualTo("/signingmanager/api/v1/certificates")
+ .respond()
+ .withStatus(200)
+ .withContentType("application/json")
+ .withBody(new FileInputStream("target/test-classes/services/digicertone-certificates.json"));
+ onRequest()
+ .havingMethodEqualTo("GET")
+ .havingPathEqualTo("/signingmanager/api/v1//keypairs/ea936a8f-446d-8bab-b782-c01e8612bf1e")
+ .respond()
+ .withStatus(200)
+ .withContentType("application/json")
+ .withBody(new FileInputStream("target/test-classes/services/digicertone-keypairs.json"));
+
+ SigningService service = getTestService();
+ SigningServicePrivateKey privateKey = service.getPrivateKey("jsign-2022-cert");
+
+ assertNotNull("null key", privateKey);
+ assertEquals("id", "ea936a8f-446d-8bab-b782-c01e8612bf1e", privateKey.getId());
+ assertEquals("algorithm", "RSA", privateKey.getAlgorithm());
+ assertTrue("missing account info", privateKey.getProperties().containsKey("account"));
+ }
+
+ @Test
+ public void testGetPrivateKeyWithError() throws Exception {
+ onRequest()
+ .havingMethodEqualTo("GET")
+ .havingPathEqualTo("/signingmanager/api/v1/certificates")
+ .respond()
+ .withStatus(200)
+ .withContentType("application/json")
+ .withBody(new FileInputStream("target/test-classes/services/digicertone-certificates.json"));
+ onRequest()
+ .havingMethodEqualTo("GET")
+ .havingPathEqualTo("/signingmanager/api/v1//keypairs/ea936a8f-446d-8bab-b782-c01e8612bf1e")
+ .respond()
+ .withStatus(404)
+ .withContentType("application/json")
+ .withBody("{\"error\":{\"status\":\"invalid_input_field\",\"message\":\"Keypair not present for given keypairId ea936a8f-b782-446d-8bab-c01e8612bf1e. Please provide correct keypairId.\"}}");
+
+ SigningService service = getTestService();
+ try {
+ service.getPrivateKey("jsign-2022-cert", null);
+ fail("No exception thrown");
+ } catch (UnrecoverableKeyException e) {
+ assertEquals("message", "Unable to fetch DigiCert ONE private key for the certificate 'jsign-2022-cert'", e.getMessage());
+ assertEquals("root cause", "invalid_input_field: Keypair not present for given keypairId ea936a8f-b782-446d-8bab-c01e8612bf1e. Please provide correct keypairId.", e.getCause().getMessage());
+ }
+ }
+
+ @Test
+ public void testSign() throws Exception {
+ onRequest()
+ .havingMethodEqualTo("POST")
+ .havingPathEqualTo("/signingmanager/api/v1/keypairs/ea936a8f-446d-8bab-b782-c01e8612bf1e/sign")
+ .respond()
+ .withStatus(200)
+ .withContentType("application/json")
+ .withBody(new FileInputStream("target/test-classes/services/digicertone-sign.json"));
+
+ SigningService service = getTestService();
+ SigningServicePrivateKey privateKey = new SigningServicePrivateKey("ea936a8f-446d-8bab-b782-c01e8612bf1e", "RSA", service);
+ byte[] signature = service.sign(privateKey, "SHA256withRSA", "Hello".getBytes());
+
+ assertNotNull("null signature", signature);
+ assertEquals("length", 384, signature.length);
+ }
+
+ @Test
+ public void testSignWithInvalidKey() {
+ onRequest()
+ .havingMethodEqualTo("POST")
+ .havingPathEqualTo("/signingmanager/api/v1/keypairs/ea936a8f-446d-8bab-b782-c01e8612bf1e/sign")
+ .respond()
+ .withStatus(404)
+ .withContentType("application/json")
+ .withBody("{\"error\":{\"status\":\"invalid_input_field\",\"message\":\"Keypair not present for given keypairId aea936a8f-b782-446d-8bab-c01e8612bf1e. Please provide correct keypairId.\"}}");
+
+ SigningService service = getTestService();
+ SigningServicePrivateKey privateKey = new SigningServicePrivateKey("ea936a8f-446d-8bab-b782-c01e8612bf1e", "RSA", service);
+ try {
+ service.sign(privateKey, "SHA256withRSA", "Hello".getBytes());
+ fail("No exception thrown");
+ } catch (GeneralSecurityException e) {
+ assertEquals("message", "java.io.IOException: invalid_input_field: Keypair not present for given keypairId aea936a8f-b782-446d-8bab-c01e8612bf1e. Please provide correct keypairId.", e.getMessage());
+ }
+ }
+}
diff --git a/jsign-core/src/test/resources/services/digicertone-certificates.json b/jsign-core/src/test/resources/services/digicertone-certificates.json
@@ -0,0 +1,63 @@
+{
+ "total": 1,
+ "offset": 0,
+ "limit": 100,
+ "items": [
+ {
+ "id": "353d4f18-4b78-b17c-5325-f92375cf40ec",
+ "alias": "jsign-2022-cert",
+ "cert": "MIIDUDCCAjigAwIBAgIJAKQICQFhO1zTMA0GCSqGSIb3DQEBCwUAMCUxIzAhBgNVBAMMGkpzaWduIENvZGUgU2lnbmluZyBDQSAyMDIyMB4XDTIyMTExNTE4MTUzM1oXDTQyMTExMDE4MTUzM1owOTE3MDUGA1UEAwwuSnNpZ24gQ29kZSBTaWduaW5nIFRlc3QgQ2VydGlmaWNhdGUgMjAyMiAoUlNBKTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKaQUuWQrHnHyjkdhwWdqT+W0g9t6vTnQmU4y/Xpg5wsF1NRMh2ujLj7PQx++l7fZJx3vC1JJ1/RM6CVFBYuazLwfDjl4/Nj4nglit+ijOJtXnBxSGIpKZTaORw9aYcMIvHRixZFqpVIfA0I7gjEB/WkI6Hq+ePu0ZGANorggJx/QP5IhBPzKSmv+83cQA954JN8EjdyuMzVs2SqOygUbKNai4jlmitEUyKB/29k9po+99pJ3KUQe+BHli3fyEFNzUdP9nB6FUw+9ko48/C0q7qKerKknYW3ysZwD70WMd40a/4U1cABSFbVvyIVAa4dxRoco52Gkt+x1GhOCztLtQ8CAwEAAaNvMG0wCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwHQYDVR0OBBYEFBLEig5vFkfxsh/Oey8w5icoMTSTMB8GA1UdIwQYMBaAFJ9pNp0nqBx5bIhLCZF6EHl/ZnfaMA0GCSqGSIb3DQEBCwUAA4IBAQCFfbg7sXiWli9DyVz9LfrTzZOIwqilOSroemZ+W2YuKJEUs+NBBnmmmb2MQXZcm00fDKa0bSWJqGMfPeqsHZdMdlw4cZIhQ2wl67sdn/qtO8TpLcIZj2UlIgou8/afE6fN8w0mQPU9DOOPwDMzYQVJI3opuwVsAXj+82opBkx08yno2TIX7nt6PF51SMrqNVglzh8N31BAQ3CkjgPvnjDdgOxKsOubqFYzsMEtkmlF0EFS3BMJMvAHFGe1VRkhv1ejiBbaJXf50UGtJzgfnKYHR9HEaHoy4ka7FTHWKkEzjhsyjByGyVG8/jaelSJzqo3UbPXReg3yMPwWPqRpiCwh",
+ "certificate_fingerprint": "G4YB0Qe/pYeWzOokZraf0WomWrud8f7j1Okj8Ah4H7M=",
+ "certificate_status": "ACTIVE",
+ "account": {
+ "id": "02d7ea41-4b83-b19a-83b4-3f9c1b748e22",
+ "name": "The Jsign Project",
+ "cert_central_integration_allowed": true
+ },
+ "keypair": {
+ "id": "ea936a8f-446d-8bab-b782-c01e8612bf1e",
+ "alias": "jsign-2022-key",
+ "limit_by_users": true
+ },
+ "default_cert": true,
+ "created_on": "2023-11-08T18:02:21Z",
+ "created_by": "00000000-0000-0000-0000-000000000001",
+ "created_by_user": {
+ "id": "00000000-0000-0000-0000-000000000001",
+ "name": "Automated"
+ },
+ "modified_on": "2023-11-08T18:03:00Z",
+ "modified_by": "9d16b0a6-485b-a647-56c2-44b9aa1d2d47",
+ "modified_by_user": {
+ "id": "9d16b0a6-485b-a647-56c2-44b9aa1d2d47",
+ "name": "John Doe"
+ },
+ "enrollment_method": "CC_GENERATE",
+ "hierarchy": "PUBLIC",
+ "certificate_type": "EV",
+ "certificate_profile": {
+ "id": "38c25d61-428d-8a81-fc62-ad5a077c00ff",
+ "name": "Jsign - 1 year public cert"
+ },
+ "organization": {
+ "id": "123456"
+ },
+ "ca_certificate": {
+ "id": "987654321"
+ },
+ "chain": [
+ {
+ "cert_type": "intermediate",
+ "blob": "MIIETTCCAjWgAwIBAgIJAMkyYFBPzGLZMA0GCSqGSIb3DQEBCwUAMDAxLjAsBgNVBAMMJUpzaWduIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMjIwHhcNMjIxMTE1MTgxNTMzWhcNNDIxMTEwMTgxNTMzWjAlMSMwIQYDVQQDDBpKc2lnbiBDb2RlIFNpZ25pbmcgQ0EgMjAyMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpixZGfxZalF9pemY88A0E9HpOnxZNOPHeG054vm0SQNvr865ygHkXYcWZA/yRZ2SFQ/Y98Ne2buO5gXz7a7OOrF1qzsIGIo7b1p6ueFYthb1EDKArA6tEieiDzHI1PbNGbsGBwDZfVMDeIL003mMugFk0tIADmBEhDbxgRa+tMJ1CiN6ZZwUhSdX46WGPah0L+q+Iw0b6nbMl/r30R20utKIp8SPCg5JutOqBMGXuNg9CELIHTskdZkcA1BcKtW1Vbc9vloWlfvfWq8Xba2pqJ7pyV/UiJIjOBzdGZT2+cjsjcfJT20i8t/0o/sONS06WwKbz90OGWMc8W9z0dqBkCAwEAAaN1MHMwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwHQYDVR0OBBYEFJ9pNp0nqBx5bIhLCZF6EHl/ZnfaMB8GA1UdIwQYMBaAFNsIlZmOYVuVCwdDzsLTMOIDKQM+MA0GCSqGSIb3DQEBCwUAA4ICAQAThD8CGA+/T/fdw4jFWs4yFCnkpDFOYnCAs0zvzY3GnN9dQ1RjwJ2UtCHg8KIid9tR89vMnYgyk4Jst948FaWr17qzVRL5AwuKeE8xW2a5i18Lw2SwszAafcywSZEeuGtE58zl23gymfH1ADWwh8C+VVDLMCX1pFQXNdC+3MAMs75/QYe625YaDodw6MjkTDHIr9yY+UTbjePEJhMXOE00pwKHe/5khKrgaEGCINcIFcU2CtbwGKm7cbI1cjoecGGO+bMdrzFc86kTgG1bTULYUxm/E0Dj3UBLs0s3WjX3pcxpucyQ3Q5tlWA45vXMqOfP4QJ8m0QOimp8Br8eOyAgx37EtXhqN1hZ16pjMYYzgnigZK2M6/+IJbHCf1x+opub9fsXbZ8jdBwDLSBqzgHFhSS6NjFSO6CBJoDJ9wdXLkCZL6MB27jFij8o5QtJul5LuBCeFbk8moGwN3E5/U6fb/lewb8+pPTlvsQnnSVFe13XFF9MWWw6G3m48cpWbD4Gut7BbjemrWqcs/954GmYNfHUkAbg5sSVw/eT/bYCwXvFj/Z8cXG9p0vRWWbeXBAounp5lHEVSRBxOxM/oiJsXTRXLTdDrY6gixRB+qVczrS5US0GSU9hOPWj4YJ5NDPaNfIdphEWOK2yUABAaYZV+sAI0/9AU5FYoofSuf2AuA=="
+ },
+ {
+ "cert_type": "root",
+ "blob": "MIIFNjCCAx6gAwIBAgIJAJCKzj9nrGsjMA0GCSqGSIb3DQEBCwUAMDAxLjAsBgNVBAMMJUpzaWduIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMjIwHhcNMjIxMTE1MTgxNTMzWhcNNDIxMTEwMTgxNTMzWjAwMS4wLAYDVQQDDCVKc2lnbiBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDIyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqZRI3F6Sy1CvX0TzXQ+UgiEHdolh9e+L7+TuqrSiHC3L35EQxo7DUc7mHLwXT8p2WUZcy1k47rYUytaZ7clXREMjGAyDJ1mGp0MLeHWUp5IMZEl00j8dRrftawfGADj2IOmm9jZsPQnzJ4rl/MsB51h/z12Qh7Mtn1VHGM7+yVdUr0XVDaJkxL+jPhhAWR3rzZSOI5w5abgV2c0xqJJbsT/L342vBQq6Kg1QvGJiWfALj/spA39G94P92xoLAbV68BDWBnsIE6jRIf+ju7SEX7xBVFBN6nVx6bav/G5aktAnoF5B0bREkC2tKHFVntciyAaCPlff0Q6SM749gKvFi+m+tmupFQ55U9JjEEzlifSSunlNvqCxkR8dBCfTgi9WZ/8b6nR96GKH28xy+zn7xZSyuBpICmFY2aYQfs9gguz0EDhXxoy7mD2sf+fne40Np0kWiFHV46PZ32oRmWExVFDjXl6AVYpTc+FFDgLcm9wqq3jiCS1Qx+MbfoLqJ5DSabdpkjMsqgbWSdTCF8oMzaAn30EsZwgTPw8z2Oyhz4kAxeXeE50hn+SnEsdZ7HlPn2ANhq36qI61VVY4Yw0MQBHMXw6mOVC8TESY2A/iWf3iHh2CEkltTdyASYW70eJ3T0zBcmoDT28i+xD46HL9rWJ7O1Lc0HEwDx8w2ktrM4ECAwEAAaNTMFEwHQYDVR0OBBYEFNsIlZmOYVuVCwdDzsLTMOIDKQM+MB8GA1UdIwQYMBaAFNsIlZmOYVuVCwdDzsLTMOIDKQM+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBADfPJGlZAGSVQRGOaVhOyokP/wCSQ/DKxAXUx/KQ7vGH19ATIyaWeKl3x3Py/Cd7+2v2yxq7PQqsk6n+M6N7TzRSfIIqxhBkJsAooCUAJFDNQU4bMvnbhcIAn/w0i5ba7A5SQ2r5Dp2+n4ilVMf1mYnkeEMO+asJhkhqNVMQL3G70C1+yIDQaBV9L4lZAS+50wS+x/ZS5HK/aOG5RZWwn7UP71xawDV7v3Vr+H95mPj8De78SAqkCcXlJtvXjDdoBE8rynMDS0EatXnRjxZgb7rOfOeJGXn/AF1PM4rQy7fJrcWtZHsG5ScXJaJu1jWKPGXEJa3BTw4BJRK/8fffN5XW7RfFLNYVvD+JGEJF4pkS2WXkgafFN7wkYbj9AyjHT4AhJykZeIWBMllV7kAg73uQSkNw18VjpqIWXzVLIcdgi1O+8EAglYUEwUIAl2Cn3f9MACwg12J+8OUEc57OLfqeIZ/JPbIIvSw25RY/D9KqP/OtEXOF+9FSqYZ9xadHyUaGf/OopUMz2MTQ8hrmBBMRrq4SE/xk4UNtPgMGqMeBKKnGXQXgl1393DQg6EvjpdpFy2ZnzU6XUgZSzsC1clNz6COFIxv7kTM/L3QBJR9F+w5UgVofdK6J2zzobAjnJ35y40DNNIlXlL+buINL0mKLwcEkz6dGgAWiNsUGyNQG"
+ }
+ ],
+ "valid_from": "2022-11-15T00:00:00Z",
+ "valid_to": "2042-11-10T23:59:59Z",
+ "auto_renewal": true
+ }
+ ]
+}