Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate password for jsf client state encryption per VM #102

Closed
yurem opened this issue Dec 1, 2015 · 10 comments
Closed

Generate password for jsf client state encryption per VM #102

yurem opened this issue Dec 1, 2015 · 10 comments

Comments

@yurem
Copy link
Contributor

yurem commented Dec 1, 2015

We need to generate password in next section per VM:
7641eb8
@yurem
Copy link
Contributor Author

yurem commented Dec 1, 2015

All our oxAuth pages contains one hidden property. Example:
<input type="hidden" name="javax.faces.ViewState" id="javax.faces.ViewState" value="H4sIAAAAAAAAAM1aWWwcSRkuj+3YcSLiHJsD5XDiEMfJZDz3kWvjI46HjB2v7dwsTk9PzUxne7o73TWecaysdh92keAB0AISUhArwRsb8bASDzzArnhYCWlBRIIHnhZeAIljhRZxSBxV1cd091TP6SzbktvdPVV//fX9//fXX8dbfwL9ZRXsvpu5z61xAZGTCoFr2fuQR+
...

I think I find good answer: http://stackoverflow.com/questions/28231372/com-sun-faces-clientstatesavingpassword-recommendations-for-actual-password

In our case we uses: jsf-impl 1.2.12. I decompiled it and find inside: com.sun.faces.renderkit.ResponseStateManagerImpl
private void init()
{
...
String pass = webConfig.getEnvironmentEntry(com.sun.faces.config.WebConfiguration.WebEnvironmentEntry.ClientStateSavingPassword);
if(pass != null)
guard = new ByteArrayGuard(pass);

Hence it really uses encryption for javax.faces.ViewState if there next section in web.xml: 7641eb8

@yurem
Copy link
Contributor Author

yurem commented Dec 1, 2015

But according to commons-collections 3.2.2 release notes it do secure serialization now. Hence web.xml env property "ClientStateSavingPassword" probably not needed.

We need to make sure that jsf 1.2.12 do secure serialization with commons-collections 3.2.2. if yes we can remove env section from web.xml

@yuriyz
Copy link
Contributor

yuriyz commented Dec 1, 2015

See line 169 of ResponseStateManagerImpl. I assume we always need the password otherwise we will get simple input stream instead of encrypted one. (guard will be null if password is not specified in web.xml)

                if (guard != null) {
                    ois = serialProvider.createObjectInputStream(new CipherInputStream(bis, guard.getDecryptionCipher()));
                } else {
                    ois = serialProvider.createObjectInputStream(bis);
                }

@yurem
Copy link
Contributor Author

yurem commented Dec 1, 2015

yes, according to this example we have to set password

package org.xdi.oxauth.dev;

import java.io.File;
import java.io.IOException;
import java.util.Arrays;
import java.util.zip.GZIPInputStream;

import javax.crypto.CipherInputStream;

import org.apache.commons.io.FileUtils;

public class TestViewState {

private static void decode(String host, String viewString) throws IOException, ClassNotFoundException {
    try {
        GZIPInputStream is = new GZIPInputStream(new com.sun.faces.io.Base64InputStream(viewString));
        com.sun.faces.renderkit.ApplicationObjectInputStream objectInputStream = new com.sun.faces.renderkit.ApplicationObjectInputStream(is);
        Object res = objectInputStream.readObject();
        System.out.println(host + " : " + Arrays.toString((Object[]) res));
    } catch (java.io.StreamCorruptedException ex) {
        // Encrypted stream
        com.sun.faces.renderkit.ByteArrayGuard guard = new com.sun.faces.renderkit.ByteArrayGuard("1234567890");
        GZIPInputStream is = new GZIPInputStream(new com.sun.faces.io.Base64InputStream(viewString));
        com.sun.faces.renderkit.ApplicationObjectInputStream objectInputStream = new com.sun.faces.renderkit.ApplicationObjectInputStream(new CipherInputStream(is, guard.getDecryptionCipher()));
        Object res = objectInputStream.readObject();
        System.out.println(host + " encrypted : " + Arrays.toString((Object[]) res));
    }
}

public static void main(String[] args) throws IOException, ClassNotFoundException {
    decode("ce-release", "H4sIAAAAAAAAAM1aWWwcSRkuj+PYcSLiHJsD5XDsEOeYjOc+7GQ3PmJ72LGTtR0nm7A4PT3lmXZ6ujvdNZ7xWlntPrBI8ABoAQkpiEXwxkY8rMQDD7ArHlZCCohI8MDTwgsgcazQIg6Jo6r6mO6e6jmdZVtyu7un6q+/vv///vrreOtPoKekggN3MuvcBhcQOSkfuJZdhzwa//LPbn1rQDsn+gCoKACAk5oKIrxcDGglKbDG8VALcIoiCjyHBFkKLCEOwXlO4vJQTRcV8fSyCuGCnIMfrv3wR4+Csz/eQ+SUzwJyDZLWKoYULFORJSihwI30igDLi7KMcFntPngF+MpxWuEcu0IBFcXAHL5dKyGlhJZhBYGe9VUhFzGrJ2j1kQbV56GmYcU10Fc0nsz6UVp/uEH9GVktgl2inBck8mhvvBucl9V8YD0ra1pAg1wxUBJYIpble1DSlU/a+97dsO/XOQmKs6pcUvTqKXvzPa1At5NUD4XszfeAs02pPy1sGNUt6FO4ei+40KD5WZVTCgKfLmLUDQnRDjsQd3WgOfyEnFHdgj+Jq/eD8001n+GyUDQEpJwCGrWflkz1+0oaVCWuCO0A9LcMQDjYYQ/ClguMNSWA9mAJ8irEfVA4TSvLaq7DPoQ77YPlhzNUQLSBgCUo4qg3Kcsi5KSpAuTvZeUK6FdhERazUJ3v1CbRjlgVjtubP9h688nO6keCHakfCdubP9x689EO61vwPUfV9zeoPyUXi5yUmywhJEtgNw3s+ospZ5zKudgUDDMqly/iL7ou0aBdBmhPRsyOx7GW8YgmOqyfqpRIfXL5rKc+62kXzhX20YyihAQsgtMK85zS0/vrd39y6O4vuoFvBvSLMpeb4Xgkq2mwCxVUqBVkMVdRnrtCRews9xGR+K8LgbALo+sTs1dPu77pytP7dTKCq+AEs8SMWWLyB5l3Ku/dzftAz21wlJelDahqNJlJaxlZyi+WJEmQ8hnwCcdvOQT202xplGRLo0tIxYXGM2CvgmWuiXJ5Si5JCKoIHLAVS+NPODPC5faY5RZwoCeAncuAAesbTpis7zjtUvBVwX8WnjRDM6LU40H11V8+/NeffaDrNujZ4MQSrChd1LB+QOscqNpgQlW5zYygocprT45/4z3um92gKw12aMLLkKZ3XeUd5E4qj2Az988tz2dWJyeW0lMI7BmlDAhUiENgsQNVsRmZ50T4yj/23X0Y/Ocfu8HONOgrYHPzuCMZ0MsTLNRNo5v92IGgpGEUNeNLH+lPCXfeeN+p8aqgIOOtd4NTBU5CBhr/xRfODMlbDAEflOgTvVWcABlo7//tm9/9+2ufT/pIVw2ATO1puYUSie2vv/W147u/+v4XzUw3hgG3XHkHw9F7radum8uTp0/VeK8PgSP2rFmESAvMTyw+v5qexqNlIhXMxUIwySo1cf16Jn11GndttOY3AafYgWm4xpVENKN/PD2B0/FNmkfOPfz59Lj09Tf1nPsiGB69eXXyYnphZlSQeBF75KZcQqMIYiE4a9ftio3/wmdf//bjip3arqmB4eyPnqz87g/Ht2ZNwDBDdXStml1Y6TPsoEInCnOY6lBd4jCtXvzp25ffePh43gd8GbCLF3H6YGNGv4bL5GgdBA7phBLk0SWIHUMUXuayIhyvUF8/U4MRFAPLXH6FKHa1ouAAQzwP6FcXgUYFR3QdcUlXsXL/q3fef+c/X/HRYgesYtUS3/ncF5b+evvJJQoCbn+wGm1qxZEZUerRg/5bb6AR0jLp3UI5DE4Mb5kzjjsjOslIKFgWkAhHXnpg91V9WobDQfkSGLMTcvBKNOqPRwapBS4P1Zc4ZM2QiApL5HaR3AJIb8u0F4n1CnXpUeLmNDh0k9c5crtCbpMkMNHLMjtgkGWAQSVPslDhCPSGsrEIzIZpM+Q27R5vZnS361OhhB0J5myeR54+res+T+8vlC+AweEtPL6UZ0U5y1nTvcFTlwdH1jhRgyMPQG9Wj6oE4VtgpQnGDF4Jpfzx+KCpA8G+fiMEfWuKSVTL2Q1w0G4AszrTCKs2I1AJ2AhYMlRVPPvU8vStV5DWZP2FvBmt0ucyp0rkF1J1hWGyQ4xvXibrNkxmRLIkpulhez8WKTiYwEXccjgF14SFTD6fgDczt2Y2nucSy+s3hKX1FaWgpdcrSwVhYioVLE/eU+Y1ND8/pUZsLoAFVOfY5JPm6b6kRBW5HRS5HbjnUOLRpgKr8JHbfcuRnRcDhfbGgC4XRiHSlb1WV8bopN/gZdLep5O1uSGN7zqoUCVa0qJ1bywTN+aiS+lUlElB6o31yTcMjgxvSTIaFHI4/gtoM4B7noe5tOQkXQoknGEtFvUnUg52saUQVrnQTBlopuxo7rN7CF0wqbqIj7qIr0quit0B+rbXAbiEJ5Zz9bEMgE/Wxnd69xwtkiDugjXhT4W8RwtTGkF1wIlqKGStEVVxJbdlJpBzFpCK6agsV2wZvmiuXVc8C44Pb53CQRxtDvKiQNKRPEQZOS/fUIWz52z+iAf0044BnaK6QvJRnHLgyYyiL3MC/aLphOJQfw9VfwDQcWqn3ppDmQUwNrylf8fpzIbAQ6LMFP1wVtPzhgmEM65sCRHz6EUx+iMvnfOw9YvgptPW8aA/FE5Vjd1uc0MVfJWfBZdc4sP+pJOhdcBlOVTEdKiInajHa8PetLBhD3pVM3c4fLldK9guM8+DQya8Lp8acOfPesXvNfQW8vv3Ce5hEHThHiEULqli1aaNsY6aWEc9gyJdhW2Gy87Li9kdhMhYpF1DJMFpRgqMSa3BDHmewz7kGSynwIQL6YQ/FIzVya1rBLOgj1tL09sYN0+2imk8TvIOt25JUzdH5jHgHCuFXI2muFpWVjEjDW3p73S7Rc8495KFbD8Fzl8QjNhHd0Rc3oPADkWV3TnXrrrEbtmfEjUrVs36U4iMGW6zmwv1zc/REhF/KJT0diSbRJYHpUwreWc0dPG7oUPZdhma5vFxhlVatkCQb9cCF8BhHOXwAEMSPzyRsrDywD4Ooi7sYxj7qG0UZMkiqO+vom5+t+HVEndpORPUizry3fLaGjuCPp0gGlpjED4ctLaJPDtkWwzEfSH/YvWV7ICZofC2MtPcfmqBmcn6zLRJZDAzbObEYVdO/GEzVDRlN+0NJ7aDiuHYtlHR7ECzVEzihDQUZ1PRkuWiovndhpc9CO63B0F9F3Kbqfk0uBlJsrgZtrY/Pw7cDPLZdh0lAk7WMqm6merJzpopRjJaPwFzyGTx05xihCNOSJvhp237t2mfOLoNDA3mYLvAnwPPDG9V1Q5AiUxYvfgZBWEX3HEn3AxJBOSDVZCrJRx42RnqWNg099Zb5ehHxcxgLsRiZtTayN8+ZrasGmx7Ee484WPN5Py6LAr8Zs3aB6nSwvT0CnjW6USpEJme1l0WsLfMYq05Ywq7ZkxvEzyf0sJscK3tdbkYOGUPTbxcLMpSgMurEOo99Qx4teDhiUIwzgp4TKks8JLWqQ9PX219utkBrkmuXVwTYJiBgKIKGxy/2QDZSXDFhSyZBoTrIOuWy8A2ErROxGwjti0jmmp7CXQEHGPQcVnWOo0CNSN3KBj0J5P1w4DVLgtqMxmKuJKhpxoDUm2vAI6BMyyfogtEi5DLLRcg7q6nu86AaTd+YeyvzJV6b9ksHKPWKaqPRzjgtmttz4ABQbWoXVszVrU9AZ4Gk26AcW4ZYm6ce0lmwRu3DpltI7zHrKeeVuHNxj/C3aUxkHSBGsJeG2RG2dr9pWeqUNrO2CHHibsqqK6pnv5zXZDNTqpgxON0CM5aC3LO63jIUevch7vc/czh3be/9JsPfMZhjmu4jVOODSN3DbJblP3g8N92v7tv3jgC0vUrfQ2DK6ECmQTzHJLVgO0NMnYPLIsC5nzJxJ/jyWk1YoA60oc8FvQbOGdXqy5Ze16w2eFqlDCeHBtTJU5cJcqvqvB+CWpotaQK5GzFQkkUnRvJtZE0lPCnoo6RqLFIBtWjQesMp90rh2q3q8zjmtU9K6ubrDMyjQF1nozRTwlUj0UYh0KJS/3FEYS6fv8URkpDh7ZX1F1rA0as5WVlUxXyBeQZa5bBYlOncsIxf6JeVLe3NFQ9Ekvg+vf/eYTUoeXbnv2PgxHWjEEUF0l/tUWo4aEMei+Ofgbcbg7ihD9ZLzNhtViFmuxh+Ha3C/X/AIYKesm0NAAA");
    decode("ce-dev (commons-collections 3.2.2)", "H4sIAAAAAAAAAM1aWWwcSRkuj+3YcSLWOTYHihMnDnGOyXim546T3fiI49kdO47tHJuwOD095XEnPd2d7hrPOFZWuw+ABA+AFpCQglgJ3tgIiZV44AF2xcNKSAsiEjzwtPACSBwrtIhD4qiqPqa7p3pOZ9mW3O7uqfrrr+//v7/+Ot78E+gtaWDP7exdfp0PSbxcCF3J3YUCGv/yz25+a1A/JQUAqKgAgCO6BqKCUgzpJTm0ygtQD/GqKokCj0RFDi0hHsE5XuYLUMsUVen4sgbhvJKHH67+8EePw5d/vJPIKZ8E5BomrVVMKVimqshQRqFrmesiLC8qCsJl9fvgFRAoJ2iFU+wKa6gohWbx7UoJqSW0DCsI9N5dEfNRq3qSVh9tUH0O6jpWXAf9RfPJqh+j9Uca1J9RtCLYLikFUSaPzsa7wWlFK4Tu5hRdD+mQL4ZKIkvEsnIPyobyKWffuxv2fYGXoXRZU0qqUT3tbL63Fei2keqRiLP5XnCyKfWnxXWzug19GlfvA2caNH9Z49U1UcgUMeqmhFiHHUh4OtAcfmLerG7Dn8LVB8DppprP8jkomQLSbgGN2s/Ilvr9JR1qMl+ETgAGWgaAC3fYA852gXNNCaA9WIKCBnEfVF7Xy4qW77APXKd9sP1whgqINRCwBCUc9SYVRYK8PLUGhXs5pQIGNFiExRzU5jq1SawjVnEJZ/N7W28+1Vn9aLgj9aOcs/n9rTcf67C+Dd/zVP1gg/pTSrHIy/nJEkKKDHbQwG68WHLGqZyzTcEwo/GFIv5i6BILO2WA9mTEnXgcahmPWLLD+ulKidQnV8B+6reftuNcYRfNKEpIxCJ4fW2OV3v7fv3OT/bd+UU3CMyAAUnh8zO8gBQtA7ajNQ3qa4qUr6jPX6QitpX7iUj814UA58FoYeLypeOeb4by9L5ARnANHGaWmLFKTP4g+3bl3TuFAOi9BQ4KirwONZ0mMxk9q8iFxZIsi3IhCz7h+i2PwG6aLY2RbGlsCWm40HgWPKNimauSUp5SSjKCGgJ7HMUy+BPOjHC5nVa5eRzoCWCnsmDQ/oYTJvs7TrtUfFXwn40nzdDMKPXesPbqLx/9688B0HUL9K7zUglW1C5q2CCgdfZUbTChafxGVtRR5bUnQ994l/9mN+jKgB5dfABpetdV7iF3UnkUm3lgdnkuuzI5sZSZQmDnGGVAqEIcAosdrIrNKgIvwVf+sevOo/A//9gNtmVA/xo2t4A7kgV9AsFC2zC7OYAdCMo6RlE3v/ST/pRw5833bbqgiSoy3/rWeU3kZWSi8V984cyQvMURCECZPtFbxQ2Qifbu377xnb+/9vlUgHTVBMjSnpabL5HY/rk3vza046vvf9HKdOMYcNuVexiO3mc/dTtcnjx9qsZ7AwgccGbNEkR6aG5i8cWVzDQeLZPpcD4egSlWqYmFhWzm0jTu2ljNbyJOsUPTcJUvSWjG+Hh8AqfjGzSPnH308+lx+etvGDn3WTAyduPS5NnM/MyYKAsS9sgNpYTGEMRCcNZu2BUb/+pnvn/6RsVJbc/UwHT2x0+u/+4PQ5uXLcAwQw107ZpdWOkT7KBCJwqzmOpQW+IxrV766VsXXn/03lwABLJguyDh9MHBjAEdl8nTOgjsMwglKmNLEDuGJD7gcxIcr1BfP1GDEZRCy3zhOlHsUkXFAYZ4HjCuLgKNBg4YOuKSnmLlgVdvv//2f74SoMX22MWqJb792S8s/fXWk/MUBNz+cDXa1IojM6L044cDN19Ho6Rl0rv5MgcOj2xaM47bowbJSChYFpEER19+6PRVY1qGw0H5PDjnJOTwxVgsmIgOUwtcOFZf4jF7hkRUWCK3s+QWQkZblr1IrFepS48RN6fBoZu8zpLbRXKbJIGJXrbZAYMsgwwq+ZKFCkegL5KLR2GOo82Q27R3vJkx3K5fgzJ2JJh3eB55esHQfY7er5bPgOGRTTy+lC9LSo63p3vDRy8Mj67ykg5HH4K+nBFVCcI3wfUmGDN8MZIOJhLDlg4E+/qNEPTtKSZRLe80wF6nAazqTCOsOIxAJWAjYMlQ0/DsUy/Qtz5RXlWMF/Jmtkqfy7wmk19I1esMk+1jfPMzWbdpMjOSpTBN9zv7sUjBwQQu4pa55VR6MZuYflG9Jl+D6xOl9Au5vKrN318UCg/uxe9fvXpJTCxzcro8mbxZrEQnFORwASygOscmn3Rf9yUlqsj1UOR6cM+hLKANFVbhI7f7tiO7LwYK7Y0BXR6MIqQrz9hdOUcn/SYvU84+HanNDWl8N0CFGtGSFq17Y5m4MRc9SqdjTApSb6xPvhFwYGRTVtCwmMfxX0QbIdzzAsxnZDfp0iDpDmvxWDCZdrGLLYWwyoNm2kQz7URzl9ND6IJJ1UUC1EUCVXJVnA7Qv7UOwCd9sZytj2UIfLI2vtO772iRAgkPrMlgOuI/WljSCKqDblQjEXuNqIoruS0zgZy1gVQtR2W5YsvwxfLtuuJJMDSyeRQHcbQxLEgiSUcKEGWVgnJNE0+ecvgjHtCPuwZ0iup1ko/ilANPZlRjmRMYF00nVJf6O6n6g4COU9uM1lzKzINzI5vGd5zOrIsCJMpM0Q8ndSNvmEA448qVEDGPURSjP/ryKR9bvwRuuG2dCAcjXLpq7HabO1bBV/k5cN4jngum3AytAy7LoaKWQ0WdRB2qDXvT4roz6FXN3OHw5XWtcLvMPA32WfB6fGrQmz8bFb/b0FvI798juHMg7ME9Sihc0qSqTRtjHbOwjvkGRboK2wyX3ZcfszsIkfFou4ZIgeOMFBiTWodZ8jyLfcg3WE6BCQ/SyWAkHK+TW9cIZkGfsJemtzBuHmkV00SC5B1e3VKWbq7MY9A9Vor5Gk1xtZyiYUaa2tLf6XaLkXE+QxaygxS44Jpoxj66I+LxHgR6VE3x5lzb6xK7ZX9K1qxYNetPETJmeM1uLdQ3P0dLRoORSMrfkRwSWR6Utqzkn9HQxe+GDuXYZWiax0MMq7RsgbDQrgXOgP04yuEBhiR+eCJlY+WDfQLEPNjHMfYxxyjIkkVQ311F3fruwKsl7tJyFqhnDeS7ldVVdgR9OkE0ssogPBe2t4l8O+RYDMR9If/i9ZXsgJkRbkuZaW0/tcDMVH1mOiQymMlZOTHnyYk/bIaKluymveHwVlCRi28ZFa0ONEvFFE5IIwk2FW1ZHipa3x14OYPgbmcQNHYht5iaT4Ob0RSLm5y9/flx4GZYyLXrKFFwpJZJ1c1UX3bWTDFSsfoJmEsmi5/WFIOLuiFthp+O7d+mfeLgFjA0nIftAn8KPDuyWVU7BGUyYfXjZwxwHrgTbrgZkgjIe6sgV0u48HIy1LWwae2tt8rRj4qZ4XyExcyYvZG/dcxsWTXY9iLcacLHmsn5giKJwkbN2gep0sL09CJ4zu1E6QiZntZdFnC2zGKtNWPiPDOmtwieT2lhNrza9rpcHBx1hiZBKRYVOcQXNAiNnvoGvFrw8EQhnGAFPKZUFngp+9SHr6+2Pt3sANcU3y6uSTDCQEDVxHVe2GiA7CS46EGWTAO4Osh65TKwjYbtEzFbiG3LiKbbXgIdBYcYdFxW9E6jQM3IHQmHg6lU/TBgt8uC2kqGop5k6KnGgHTbK4DnwAmWT9EFokXI55fXIO6ur7vOgGkvfhz2V+ZKvb9sFo4x+xTVxyMc8Fu1tmfCgKBW1K+smqvavgBPg0kvwDi3jDA3zv0ks+BN2IfMthDeQ/ZTb6vw5hIf4e7SOZDygBrBXhtmRtna/aVnq1A6ztgh14m7KqieqZ7xc12QrU5qYNTndAjOWteUvN/xkIP2uQ9vufvZ/Ttufek3HwTMwxxXcBtHXRtG3hpktyj3wf6/7Xhn15x5BKTrV8YaBl9Ca2QSLPBI0UKON8jYPbAtCpjzJQt/XiCn1YgB6kg/5rOg38A5u1p1ydrzgs0OV2OE8eTYmCbz0gpRfkWD90tQRyslTSRnK+ZLkuTeSK6NpJFkMB1zjUSNRTKoHgvbZzidXnmsdrvKOq5Z3bOyu8k6I9MYUPfJGOOUQPVYhHkolLjUX1xBqOv3T2GkNHVoe0XdszZgxlpBUTc0sbCGfGPNMlhs6lQOFw8m60V1Z0vHqkdiCVz//j+PkAa0Qtuz/3EwypoxSNIi6a++CHU8lEH/xdFPg1vNQZwMpuplJqwWq1CTPYzAjnah/h/Wo9rptDQAAA==");
    decode("ce-dev (commons-collections 3.2.2) + com.sun.faces.ClientStateSavingPassword", "H4sIAAAAAAAAAAG4NEfLC0lFZXCjmybTU5YwGVon2IXpGUUCJyiLObPTFCpOIchMd3XVfgwhtWYuWh+J7dO/wfMLAEzbCgmOT8M1AEhWJPmQ+O33/qd+1QyVVqryCt6WUl3El93vnemNubI2q7wdr+PC2+UqwzbzMhuAI5Vo9NOnHgE5tmiYxS8Ljx6A9v6B7eHtDJpKhr4HgaVU9iOR7G/nV76uNtMUcqBTBysmjtWnJE8FLwaDJB13REeSFGGQinGZ3TLHs2pxfDiChtEC22V9c9YTtnsREdKEz5t+sYq8vdrELjH0gj0rnHk8b/QclQaXW6A2WgeFmsrU52Fvr/TJ2NLqWQhCm05qc47Ini9P5IhcEIJewYkO/Y2fSqRaWPYXumrdAlgq+28glOe+jwCouXwt0EWgojPfER7uXuhyHBaGIyKoaCbSalfn70QK7HuWR3QWzricerRZvA90/Q2nt1wzkgXfj6xPn7VCfwAMr8YA9ayqbuDSLzVHIh4wo/Xo/h/OblNnHjgb9R/kGvLA645haMVDzJfgvDEM6kOdpsq0xDy1Wd8xZ27j0znzFPkN3bRQ7w7rO2CcudKXpqaJWyNJmriCpH3M4i0FgT3R/MpO3lDtXOu+n7wzAAfFMNkCU2MFKTFPQyHQbjyULwEoiFARNIiIBPP5Vsrjn8m7SePXnDVfmi2JObwYBnSMURxO4X/JJUM6zu4Hrun9p5+Viz7tHs1onRV1Vd8KImAI/vDi5Gt6tbFpxVPyihMV1rzNNVriRoJ77kyeCzgipurSfGhI77q3zaSqhLMduWkQ4RW1qn0wWbngxJQHStJzqDGfxaOuPAbjxkxMv/QGH7VSMMyk2KlGGYRF7gU5THOcUBbRpUk2kKcRw+bYjS4olj6ESjMVI9p+K1lxdI5VcWNFHkvEH7ouV9ygeTPOYep5+511BNVG5rv5CrNL0qgLi+q9mNVXonsqIi1+zMdm0oxMGfd0+D6FUnZEEKAZ7xGR0eBGInRX+BnktycHgsKu3RlliEGG7TNDEY7Ybs5U1/qfY3ZdBDdEt/JzmkGcm7PdiiI1TMAyKLzYN9ZBrgDUGJw5lEaRhlxqX5k1egSS8M6sKUud57tejrn/+rRp5AoU6vjQOmcgLmTLSHjxRvwCcCMkY/SLZPyCfFsqnfjT7hZHCDeqBxB+qa6GD/Xe2JUatrbBJgzeQFkRgKvrESiS/9113ZKdmhJ7UajdswX/sQBNFYS6YKoyJpIvVXrQP/X+z2FTqHCxLqBb6irw03wzOV3hmHDCmTP1BIdSKrR2wqSGJzm5e+fKY5hSirP07Saopw67af3RxKoOagsMKpDcc6p7t8e3vpQyrCrBRC5HmYTXF5SwsidMym+d+hgiDsHXSJoHcEpyKxycIrHyv/q5cB0aX0kTP188LE6opaYU9yhd/FQUF/HMurJRprKkmQ1LmkNbUG1kaJtj8KiDlA25Ren37l/8bZ82Fa/8L84BZcYPYhTczsMNxg/Dz6Sq252X4s8+WuoMPmkYvpf/5cneEXmTqOXm2WSonhcxNZcd1i1bQAMsfOpDvfTfhni/SuvZYFmR+CLkADxYeeyazgmY2uBhTLHswpBherQyzSBj6v1Hf+jsuWDN8gsN8k0OaWtqrnEf7EayrVc+Z3Ff3YDImT3Lzq5pFiKNuvQ7nT5Jm6cibl6/OqbBZ/qgPeR3YkZzDSTO+qljzNWhkFvgLbLZczNqMGa5O7pS1+iNXgHE3vnCpNSVwAPWysU1fIpPScrdNqpDFo+9gBKXf47KXduphEvBUA3V6nYjYlSMIUBpixkl6NyEo1Ua26wITikh14+8FPLU54fPw1FMDf45qsbxBdpAJdRMIpsT+F92wT07/yl0b0HxZf6B7AFYEU5WCzQ1JTUesBnwfLV+mMxFFUpTf3Vi8SVDy+XSto/D1cFunz5jjBojGAHwGpOplpYW8BiRR9UUNaXZQtSxKrefTU5upyhKk3EpW64SDFxl4nXK16MfWA03IDcaX2SI/cCafSxmibDCeODXl4ZAjDtp/9Gz5rEz3S7Pn/i7jMLT2wKi1NojYa4fKtE+2H9OMEvQ9jZoxNM1a3XFezP3sRHjt3H6T3ZiZThQZy/pmqBma4/NzkjlSU9yktwnO5oAV96mGFCOWWQEtdnoqnuDFAMSAz024o3Q7wjtWNrd/miX5DPrMjjgSuCdDaPRsgq8dMD37ghyWdS7+RKPvaNmN0OaUi+u3LHaOGpA73fHDaCvLLAONvwDBUh8DGsDjC49uQXyf8gT+i4/ZjXj8RH0Ob2FSjFDcjtVbWkSf5u7l6EgaDAfHSTi+VMVPGpgWmMuYoV60uK+zce0mV4KhTSVUssC47VhD3tu/QVWPbecPvUIme7tSv5QFrtITOvYS32cYln+C6e78Lr2BEU8HQsy/eBBht8RymGdBchC+xZAM/frvurx72iLzEel3jRTAtctiUzyvGPWk+v+z5RCkHg6hHKH13jI1Y4OtlgpN+DMXomV6P2tDmDPXQy+wMscSiQJ3kENHUE44ycRhnMBta/ELTAZxEwCYn2hNBcynBTRn7OhO9fA6Hh5w17x7HXfB4iFKQ40l7FE5jmcjOfw9djYuYVxnE8rtE4Nnn4z3+SqF3Ssj6y7V3oQvMaRtPvlJQAmPC6/KI0joFbVNaJ6JQVWXQylzjGhMi1mlQb8aQLrCP2telLLaTskHdvIoJAPoVYIoTbLT5wNzFspBCpaT2lV1p5Unt0CPTsryNyoHLoqngIA8FVb6P0XoDtnShEGte0ISy9y7D8mrsUrXlvdhmZNS2Eoqj9repyovFyzuzOv+DDRRXYLHDBkhmeVFJD6umJS2/KJ6+A0fGNQPFIh75/ap61PaGj1x7GySJtwRHNxpQV5Ygp8qoyyV+KO1Xtafwila0jsKHoi2LtwQdkyxUGfOggqJ5FchlWQ8DKfuh4/QfXEZxk7Lqo5uJiZz9R/bVJptCgX+j/lBI6d7aDTDJwrRdep1cr5x7uaGKV8KQxvYoDhtLAP3mixA5HA669pj8yS5mIkKWeMxvqo3erC/rlLEGU1daj6LYnn++ypNF1X8+G1uCfV6HcQAV/6f4RfqGt5tl4JdnhXAe/TYYZEQ4gp8NojYn3DR0GvoOoob7Vxe0kLfZ1LQpLLzuNNeAqEpmaydMYVxFaeHpwBv1/6AnOlmeXrY1JuervUkJiO8qtYKwNojtMuDYn1to/mFFC/R4O3w25YrQ9/K/g5Avs/jShkUUxb22hdCnw5DKzBV3aYL+Nxvb6RDsPe4TSGOfu0BEZzIvAf4k7j5dVc4iDldUgKBKY9THPBRtkmiY6Er1xRGW0bGv8a5hiTP0qKSrGBAWIvXycy4RdtxFS5pzPUusBuTYY53QpVxEgzu9Dr0e1bYd5MmidZ7OFXU0miVFR9c1mL79W5Yut8yNGDV4QXZcODt9+TsHdKWNU4ys+wM7GU6URZU3np/AGo8yQqNJtsk+ZSkO+rzfTlTfUG5TqfEg2htSwPW828kdx/Q+kSbQxad0GpMvQVUD41ohVRlcqt649Oox5xLwO5e81gmlZyb7srHqFJ0oMuFdKAZJruejxHovMfLIeijLNxsxECsz0aSNw9e024PnlJzD335H5g0kHPbCNT7m7mYrq7XGGviGQr5k415GtL+AsVIjvA33uB04Mv2htKk1EeVeokCZ3i2YuJnIMvWXIcvbiX+LnHn14Skg9TqHkx0bPFOnTQczK95pQcX/Zaa257i/D/aSEwKzZ2z7EKfzA1DH6Rvz0BcqwQNIVK9nzqKImZvB4nU36UTY6C183rAZOT7wM3IqT5UOU4bkB+qGt/H3SQb1DA1Lts4cLUAXzQ6K3mB7cNyEdzzo66UC751KoTf2zLd9Q50jTtIilu6xNEwau6YGvcYNLd2Q2CO/IQws0FduTz49sRHAKZ2fb9JmcL9lXXD7ij3f3BH+dYnpQjjZSs1lMCXHcMQPjf3xwb1s1l6gSXynhuCQ4kw0C/rxG4FE3Okq3PfOqXOy+vjCdGKL0TeMtHJlXiKefMbpzxPdf2hkq5FKlgggeuuG+abYQ06/PteIzmZMqC1XKkT9GngrqepkWXbPW1ECKp++WivHGq/vLi2S1xLRn0MMb4cWVjS0syGAjLnwt2ZT7gwRAw3M8VhAOQuulbZANbE7c/koDOAAgJGzLrplsiGPK6DNXc0R00TeOTpxdLHuM5W+9rmhKliAjEEX4zddcexYFHVS2tI2TKQGIv3Z7Y+A6zwTs4+EFOTVfhiiI4s1rpneMaElmxPzbotPExzcMTItbFpbiBJ9ScyzuuvzAwHjR+TMSRRf4zP2OvhMEvguAgPk7zSCbHkG9iiAfld35Tf/8xRASWI6iZSoahnjFZk8YES+fLPM/6OgDjQL71K4r3raR5gBc8nw53X8NKpu9BOlFY9Y/vhHgHDc7Qdaar+eRRP9gkJ43pArHYAQ7jFg/0bvVoEk6Iv2vlHqEBWq3vLPmFQSZZFay7Jt2PS8Z7hKVhp+Ph7/+eykFsU3iAv9dL9aosqE3xpVEIwvgc4jWSg9PMW+Fwejq6u2zd6csHsmn5MBZLlFEdqQpcCLrq5nL4fadyZ0jD+wGXsWBdAZqXgD9n/RaAXOIFM7/KkSCyeHUp76PlIgvo9JdDB7hv1NcnqU0clwqssg2pRvsh1eD/oypf4qJg2q5jCiQSV/WYUH78nsakGpnLodjJ1PUEAgyxaG6VnDqzha3p7QmaSBMPcVXX7XnhubjFWIk48x0jnXS5is7Q9gYLKk5TR3aiueEjYqenCYssGiMDSGYKgW3Ats0GbehuEI211MtKf8E88y8AyeaqnUG0RSNXIguzPceF3OGNAdpho4o16/B5RwBUCLz5DEeozO+78n0yT0inUtbd5ZSWyS2aZpZDiN6D/UsXuVYAvhD8h30OXVsVB8iiujORvr8YlXa8N4JSvHfPIkstz9gwhhi8DbDDORIt8ZpG8wo/fopuqueDt2MjZ9xz+QkqiW4yrHJbc18riqL8+F8aAjXBwmJShvEBuKgrhmaY/iLeJR+6XKYx+9jC38k1kATuvdafQ4RJZ+0DLb7c3kBElCXymngnZRHr5SJ4Ia0yGW1p4KCG/wnbBYzXx+Q0WUohAuHip76azd+k70AYSe1PpVwGjTNw6vHm/TCoLMSebpFynvfNEAxNoajXsyXwGa699cwRfaH+TXPBQ7KWtZmRyWbzpJlSv641k0GyCQH5+VHMuyKhGN6efS7ciUhQH8REQ2lBdiddfWpFVVbXWosfoETSFbzZhSRg+BQloCEOF9jeO2Uq8OuufxESdSiW0qP8P591ql1oYCUx9RD7KB53rttJ/bVkzFsdxJHghKmGU0BVoI9RemtbtYn+/jhDN1bMgG1ObgoWn9VF0vwoAzMkNcXRKZBg1SZgk+SEEi8+kS7WWxcLWSvMK/XJes1f67Glk3pYtkX5N/YpM8gPsELK8bytDlZ9yByML1ySkF0G1owb1ZHUGB70c5LdVoIaRWMiVKEtB0ZDKefE7g/gaNkmbfSiiZMzuoup2XMRxxlKrUFnGv0URaL7zUWWszmF29yhU2fdfLlEQKRvQDokNHDUH8pI7okw9n5yQdwT1fiNBbjSByS802WG83QFq8EOE4oFO/U4dzqEOggo+4VuRdKMW+AmJuPo7e/OfNln8gzofv1bX2rHStB7JRxEv31eaLRt+SUDRnNvM9R+uvdYjJI30xyP+pSPgoumJ60pws5P77/wHSHcmdp5FNvvHB3HpT4aavn+QrbWAwPFu2tDcYnHi3kH/O5CAJbfXRVelCyba+ew3XnxxhOwabnrTl1oum/ISAphvbV1Vb263mP7MYx/0FM1DFJ0n0QGs6wUDvVf4hEApZGgIUlgCVKUeqdVARhs8f74cmnh1PxW7t0hCWkxQJgplGU8cE/yHQVuqWxAziYNbfD3q7Xf+M5Wt4LqbB7XF/qWwim7oCcnRKjREodMCsN6yT/SS8FdPUbwzeASQeW7PvT2xREFRm8C2j/uX+OURXi8rmR05Li6SR6qvVBQ4extVQ1f6vD52khvSiWRIeMJDlZntCecWafBFJqwE/E1G3LLygowey+Ljsyxw0nOWgsL8ltOUhOghsaFnCdJjh0tdE/OG7Fj6oXNycN3Pp4h5CFkGy+nXCJLrIQBJ7tDX3KWKYIWO71nm9NDToYoHBcNHN/WCOrtHi5mv+RDx5Cn2qCYSPAL/voopJg6HspLFHU93d4lKbUG2U36vvyALfibopHIIot3QLjX25VZorxLDo4FPMww1k67DNgCCvrhD0CAlx7axyLDa3Ar7jqA4c4DZ9mUwmIkG+/J4Ey6+1u3M/4nK1eRuLkhpEUDD+/ueoP+a6BE5rTs/PN4VnNAkoAJiFN0kulOXBaPGoUXvYIdUR7Mp8ZPTaJ45lCc6DjPWYGmctrG8bqV4dM+2T/RS5HO3JV1iadd+w/B0tZtPMX4fL6z/osZez5eIgFgUSMJ2Lj/CBLDebFV7G+B6i+oRiXybsBs7n4CFEfbd0EASd9gNUlTfF57cYmWzdUxNWxWfyjkqoe0apPGyXMAR00pdmGG9pLHbDVTe8FvF9mWzyDuG4q1uchr190d/toGySfGV0qiXdfbzrVIJ2doUYcophSw5nSYWsd0/qa6QtewzOQfJjWHb7lfFSp8QHRBAzd3fNrm1EdjqVLutvk3a1wUqKZDN0u+5P5WZ0KkAnsEF9B/B+CvqB7g60+YBkHv9LXNAaggEr991y1wLkyhCQPcPwc/7DXCWDw1cNx5UpMLomHJz+Owv8amjxp35eAiGQ4BxZ29bUrHfR2zvwdfDGN32CSIVsosHXmhyD33SldxGGk06U+5JkPMfOjZGuN5QGFO0ecUFEEnCbauxpdMRaUcaLMkavVYbFL+piQIlikPTck7N0fsevcgcc1jbmTzLray/lbAXswMpPBrVEyp0yVXjOE2bIeLHW/32TOJr/V4weADGCvfpWICF59ub8FdYZBZRGlmvRbCOcBKH7heAtV8pV/DkA84oxd2Hm6CY1A5tEgQnBaM83LWDrMY3UTcA6Ik64Yw3rEt2zXVmSRQiICS9FViGAkOXgaBeh1ep0JIzdOVSEYVbfsP2IyeQrBCxMFN9b22p65ojCZoWToFb16C4foscM+cgTe1Z/40s96uohsMnNHqh9wiQ9SP186mxk4/wD0fnnl/jyhkvtWdTpybyhnVr70MsvSiuhIfqt/4dOdjdxINNMUkhEvh6bMN/T6ggrzLvUugXYeMtNyJu3Kxa96G74DzZXy9sk47A7Zt0eiMo8i48KfiQ3T1d8Q+M5dZkHRQMHD/YDEu+puAJsVzMqvXM4gvi7ee1DKRaEY1vWp6Zje50nssIFQfnEmW2X2xgCqQRQEfoMbz1hzjEkn0CtgdeX3hhHqCQDgCpS0aizIEtyDpynMP6DUBCjI79FJqNzujNPdVPSQJB7BO7/5c2civxGm0FuMbXHTRi4EJFEq6Y8DX21mIW3HDCTA21rdKtuiCSybvvQA0oiLPxEh6QYcO8ZRqONnecncEx1NqAkId5KvoebwhzHf3Gn2hm6JvuCLNOl1tG6xmMrz5Pf4RZ3QCEPyCcNeyc3AHEvh6QDLXBdFCkilwt8FrPXvaqOPwRBguOIoL/ItQVtr32uw6fstOzYUuxhyoYZ4+6xKgF3zFMbL/fBYAaQl5gxBf4Q6te7i3Hj4/Q7x/PkP05hZ3OvvxRBvhDOUQ4sSzsSt+fr0ShwLpudXPkSWV42IRQvqShkA9h5msMUBHW1GO2gWs5JVSD7uZH4yy8lmBFyHmMUtH60JPX3Z092BIPTDPt2wK2/T9kFF3WHGqe2RWZRhwjYtp7excPPncFrmkoNZ3+cKieqhwHDZA5ktgyAVdEaSrj7+yohjVV6y8433hINBczSouAPEFCrAM5WOS5UExKhejUGDQDk7S5M1BVj4s5Jzxie1ngu7kX4tvQw/wiBqAs4J1J24POzyKzMfS4YxzgNVmmRWVZ/K7Sh0X5FCZTQQLD3bpbVKf8zvRLchWHwgadGT59nekgDSddmNoMukZ+KdlpsX5hTPplBa1+lUNsFoRargP/kKbqEbNmpCEGnDgrDWeI1cZAuFWmEhRVPRYCHptlKQ4agA+f6vqmRhHdTYKwU5Lqa9eAvnIuO4r/9IgmW8RqwZtb3qpHcpJdV0IxJDW2NyfTsG1PXuqHFl898b2kcta7z7iYOlPZuH2GVJAmSCv3MXE0FiwWpzCnB5/wR+U8gQFK3WhzgzgsVw1hOMXkBSqSQElgJdo7OgTOao33Z80FBvKCMYZZb4epmLcAhMaDutBHxx0ORgyZ+R1gLerKvekoSTMvqKDN59Btq07S7pAV5WNmc3SM4h1VeBXLDmfsEZgAMCwOR0rE8jNOiHVm45P4roAemc8Vu3JKjbCjaY1vIf4+P1T1lIRNuPBX6VXd5jfyZp+WNPqEC2g7jHiQCBRFF4ap/uQ5hEGJndBJEaePAdw7yk2tSn2q1RYtI1Ad4TQnRv5DW5/2Z9WZFczgeRWyoRqKEANX3UrqK6v9UOBTQ1k2mm4jZN1lKRmDPWzeAa1u3GbkQHuKvdO6JtV1QrlybGxui2igRnru8WoXhH4up7MxAYYtcd0KlkRgfc5/qD03Zo++ahwQ4+gjTObSabufVzWR2zkEXUzUQV6TbdEok0GH22ZGPjParII8eG2j9jJXHr91/FnkORH39KmqvtTCU/z8Y1c0xehikCdkIV9EEcV6VAtpBECs4SOyi0qx84ZhQWG8agaU8f7aYrzWBOCXXFSKV9WdxovvutIW2jzcwgEk7f1Mp5iknV5N/pY/USBnIrwHnBQ12gc5TAbrweIa9gJhucpkljXGMcYMkm4inR4kifPEibClRB7pPX7Sini1aaU3P/c6w+ajGvGCj39EprazZNDYcOczRxjAMFH3QIn9PqG63km8yO5BHrAF7zHWtc0TYQuk24Mjol1d1VyOMUFf0ixwPKo1aBR6kGfBPq+yecZQQzkiJdpGf3f46cpNbqTuOKXEQyqm8Kx6D2qvjfeaGFmdCe2qCFx4EnB6TqXndoUztfII7FoT42jK5AdC8aq1z7RlkgvC8uNJrzRQcSrg2z+0M6XseMTZEEgz2Fs/iqloVRIYVhduLrqhXjaCbjfPF+RZ9W/XmHZhBNNsWXBwVNVKRyxMwmzMFgwEnsBUyZpW8WFZMEgqDEiebFDr/04wiA2Y2cTkazmiOUrMjdUWOUWgxLZUx5l/hu2cgM1e1ckta7poQF1e3kiRo7Jn8qwxsidwIes2smQcVTjFE+4hlNf5yGf7791MWn9yce9BQ7wCQzjk1pga/HTZGSZbMl5eI73q/G1ay3lD3hnUKLoe63XFv9+8x0bzpnXAwtlaKX780CDx8CRFoh5/pQPQDVUDix95RkFz+85GlcHh6ZWD28ZZnWpTwAOngqNAhKJkV+Gk/GjFf5axMXdoAjsfD/FNN7datCIVVlgz2kuWK3FIRuKF/m/kLKyQOx+vQ+0cxoKVIXFjXIZpO3hwPsCfmIof8mX04gl3i1cMkWh9IW1Z4TcJMOAsPKja8YPl2p/GHG0x/Dtwu8+Aq8SXfHIj6GKngSGTwLEMANM1gOSsThpRX7tHRt3IFTrnHXVE25/6vwZT41Hkhop1lc3Tc7rPNfJDGGKGNNuunOwRLh6EDruC/MV8g5xntFfC1FRphHj8TEZ+2v5tyB3rbLnXcuSKJQRnk95CSzSZckE9WUfteU+WRxCUnaPM2RZP/Fk5+U7Zynuvf/ARJhq4UqdTuxgNB65UTEEbAK/C0XH5YH9hdC1TPtb8m/taBhaoMYZrTsHQJZGYoiT15iONxYuaPDmBFZzypYTZkO7V6RpS6V3uTEljv7tI0FTZardgXJw7/XzY+2QDsAi0jStjhGMq3YYUfWpcaGUgmxZm87SqMOi0KgbuMtPpaS6AcYazd3cFg+GNDioWGDWMagDN5Vu/mxVYocuj/XTKkcrKfu2HRoGGQpdsFOYOI8NZW0KAEZNpvROc5CLityIealYxmq4k8VrubGesZvbx7OyLkpq4nsq2bYNj+a+2oabsw6WOyi3PB/T5vm3i2ZRJ8ArUSlkDQWibMXi99aSfAb6ycvaTnOYeZ215gAs/Qj5pa/PmKoPkWmxcb3CuRYpVj2kV8uxVoxcvNLyNf1l8kMFI0e+Kc78jDTaMztuPY3eSjlFoL+vRDxJDdYYl1vQtMgpvYrw1xA4FnVLpAvJxTobKwim9hiLoqN2dT3S6c7yk8Z5e06bfqhb4CsnMhARJd2nltIEeQ/UFroCxqrkw1FSBaLwAou4MqsU4XQ4vlQ5T+86bvoMOpmZleFa/8JMMqkTaB4MFRXUCYJg8FxkiIbr8fthY8HFinl64NZvPeK3+/WyuTVBAUZ+yhA8Dw6lOQCYrg6bSC2QGadH6PubOVbcQzfGot4U0tfjbOxEODd7zQNbb4auSlDHHRNGtdxXfXufThrCGSoL9G2UfEcQiMRfjq/7Wa6SDIVzYCT8gispWySnBjgz0B3gqy7x7KhbNAcYF3O5gFGjrep5i0wPcy1/SyX2QW1+YcbGOILhp83OcP8/bgI9pXHOLYplq0c0AeBkVLs2N/uaea3aQVq6M8iEqgkSeYfnwkV24NOTUec4skY10vtU9q2lYQH4FQ2gUdHXYf1U4J80ndSt2GYUHyMlUP5IOuQOvdSKLgCttSH6oN0UkWgpG2q+Uuo2+pfrdGKmxG7WLvbaqYejWyretIPcZ5+Q1y5M7nmCM20X8UaG5XKDb+fxoUPe2YbIrOjJZ2HOO2QQKVSREkVRI5NmsLIGWhXUdXBxyTGzMHp9ZesfiT3BHMwtH2S7Ctj58B73dwH+Sy9ZxNb/VvRkEtvY2qbDJJsp+8dpbM7xXlbgVPRcCGJR7EIsFisEW9im6jpULXgIFGqt85PF5ytnCVGYCtA/FLnmkUVCMPzS6xXqKmcJzakAK+QLLpmJaEmA4+4uVhMEnpZgFbIBrwMCFcZsjcHUoGrNtAM6P5dB8pDDd8zg6Yjf+k/XkiDLora7pCmn+ulGV3qW4f9Uwnl9P2r2DIm2rvuSm/HNad9wrBVqUBO1VhG40d8hGDQs3e4iwMpj+p1ghjmv4Xr8fcrO58SOFMc8M4dciqZTcvVZwsX17BLYoWAWeHX36bP1CqDjH35MRZOO9MJschdg7RpAnkBtN8S5Zcn+8QvivB+Y9loCU5o9jQ8QJ/nSVYyHvSepnguzYkK7FkkCZUb2W41byxn9FjqoqaGx3UboIP+4BHSwkI45aZ+q8RxYwgK4W4ObUM8grl78wJ4njNRXugBORDJ64XHPl7yhsg0vdwyK+UF/eyhuHyqyAloiTQPsd7pettoE/6+YbLXqQbSTTqIRO/0myOQniCqV3KLm4ON2+MqUo1ZYSL7Tk6g8Lt7z5N3jYZgreOzw8CecIaoEqdqMrRFmSgVu/uhkC5OXwPdjsjPuA0qlmOGq2i1vIdpUNQSOTKl6EweTXL7a66c2pWrlR594o+bkihW7/9pAs9uX5Bym9e/Bx2t+MwfKomyyBaWi7Z0dChWrYycedJbIez7slIiTsjapdy7knk9G1Z9mBCk3OxWnHQy0hb0OyjJNTbJG3gSNMwUIwsd2Ioe2AqTckmThUQ+jH3b8qIXZvz5hiN237nH8JKjrjRtjXiNXg7EB6lrZEEKwMAimKd2dU2GT98CKeqwwNdAsQ+ymVrNITXjyObuDLcWRyWeVg1LgkQsYmieY4SaXGCLB4Pqn0jqfLntdLOIjc1IVQdLk/+jQSI0jD/8Ewl+jbZJeZsRsNnw97u153JY9Z5yzO8mAPjpypzZy6cB1KYHsoIbH++zXSSCafDSgZUcgNV7egoGoAaNS35nHTAxPDt1uy2JELqAsERXTv4YyuP0YlHljyfVqu8UiajhPVPO69d0Zs+JPePJf+w5WGyXp9UrDZAKLevxbnrdsKswXOxmOwbS9bvooxuqhr0Mpw6Ii/T7QRXnUS4QrZMXS/JyaRQwAYMVDpNe5RrYint5fF/MWoXN2vJYBbjYmQWAy0t/Vcib3WsVZ4e0avwjUnofQ2uIEBJENBB7xJcCNnmdRwCckKfo56AyhWWYhEtbKgbMFqjCKdQ2SBpcQ0HnEngTn+FXrBDYfO9fo1Ls/FUjVvNQvxGlxX4G/vu34X/dnrqcaqw1GmIXLy49CTxGzFE8FDSWYROkNwiJFuR6xLOnMsAGuDYC9NtDOOk5gJSjG/sutJXRwKsRk1mQmQvuLsLcf362QhpGpxy9bWuWyYjHG+hCwWoAxVxm7yWZW4HPoFCA6u5HF8MnuQzr/raIWXzmZ/v9tlT6Zk1IO6G1sOxm5saH7rKrXp1Qk4/woLTUFDPRXgO1ccGM+m1ZeySPN1ez7nlSD+KqQb5qOaEmDnd8dHq/jZZTzgjwXWEpWdLCym1KGicQBrdfdNEoLbvbnFHYlng+wcc5qIg3ngRaz1sbL8iwU7xU/Mk7Dz+OQ9I+2jpwhNw7BQLYXioKDFTygT4hEu3yQYNUQandzHfRc11DanzZ81am2iivf7o/LgJ/tPB0rizlRnC+MTIKVZW8whSA7SG2NXbBcqy4uyDGA/4qK7qSU7+WTvwe9DjxADywvW3PSCL27lFb9L7D/DHU4gec75UyDdFvre03ZYb8v5WzdgJYpah0btoAu8X7QCQzRHNwVxX4c9e4I84I5yg6yiRZSeMp/dFG6gh7H/cO5e9UFuekO+k5SXjbVCS5buVgt+WnQKBpOlgEJgRO/QsiNvI9iPqcpSOLrt5igDw8BDfoDZn5RmCfXjSl3Br+1idohADGfIfXtc0BWL6IUG0UztmoJe3LgZe1R2kLCnR96HbGK2UuU4iA9CqX7OTeC6Wo3wO6gDaZTKbUSY2ZaB2Ri17lKqZSmQbNviFoUT/BtmkfxDCGI5fmwHNvq47UTEWXAi4DphlIYKQD4fc2yREgdaOBmQOu/1W/Z7zta/hTmIWMaW2hHpS8Iu+lXAXXR2iqCz4p9OiKN6Crb7fI6kiY5Exz3vJM7Td4FNEV69Mby3+wZ8iRD2pX4dGo+SakgkCz61elGs8SUKjw2ChOD1inK7Qy6v7rMQ9Aefl6rcYrTfRbNsWOQDrh7XSa/5OQbvwHKfg2J4pkESwIPakGYzxPFLWRiGgl+QmdFilAOXVTmZ0EsAM9S9fq0dehaOUiywsXT2eCZnzvNbYiVHwZBry3NxEFP0RqlLSQJcDS52LId4GPuSqJPVyDTj/rB3wHRvJEu3P40riDKQeS2UgLeFR+K6ZdHlVKI45Gh8UPmTENn2Tby4Vxqch8z/nXMhWe37Q3I72JktuhLA9xz5gxWXpV1QaX2nxKeKemZjQDCnK1KfZIOROjPyI53SsNG/pmkkegVcsX+zAhveaiTrYDDNDBhDhzd3W16uwkXtFV1p3/hzqvm89qkj37nk13okbbsZCuQIaTS2Nrp35/XqbGUGlhw13h0ohOwn2HZ94brl0b46YXPUOuKrBgadcVicDqHlIrk2rDkiLoIv2eyhHK1SDabmM95jMVhf84VrCw6n+DIRmDjD4Bl4AbkG0Ir5uLpZ7L/PPgvg1oGF9tc+N4DcMK9lJxsr/rojsapfpE5c9mdMniD9fYJqCufbYDWF7zPaookIxVSF+Tc8oWFmrcRuivJSzqTv9Eey68PGGIWjTLCkl2lz1g/0aJJsqo6rBDQmLwRz1suTUQXAKfxkVyM+4Q4e8qypb59hHYfGXQM/+seyIpI32f1Ltm2pHWtgxS//VJTsO3Mc9tiwmOuEHWasx0rDcNPtcmL7CSkqs677XMflQCbidQ2b4vGeKsNdNOcac51Hk5h2Sk/0HoyprwkjlgEjzKpFB9kg8Q0Sw+Xg374DYVcScUZL6puycdvoVMAOpli3pP20tBzhIKERS0t9qRTOYGwWltMg0RbTS++dVRQ3NkDKdxOv16PpzogjNSFGK3r9AYiOg/Ln615j4rdp0WSlLvl+J9rXyBkDbDNJKUiVMzO1PKCl9uXLpjI7LKZTSeE8oztJKXFlIL1A67A+9x6wNm/GzvPeDuWPvNVF48irunCHryjGnTT5P+w/gKz0G+2k8lSuw++2dfDPOJhMP/0JSJR/u4o0uZoqqsrjkTNedNVGt4Fg4njh88AtQ68dSTsunG0zqV/sZ+u/M575krw4ial+0qQGqHA5c/8b+aw17SJ99byWD3tLyRqIIKnxlfs7t2FseHkgFv02l46Qby06e5AlKKhHBAjNmdCK9ngr/ivZPo3voFpr1engYgOJnnB6+3gOnKL2cHsnbajoSTWIullfASJFWNP+qCxfjq5kFluo2xuNaIwAQW6UU2UuDZHy+mmuEJnf/K9VyU3m6J9HrGBgyAvsfyhm0oXatWiOPLbXJQ48T/9fOmVmiEMLh0Te/XGjBF1+z8YR8MJ/f3mhtwTsiWyCwnMmYNaUUs+JlSn4eRaWuTJUAF164oz2M7+BhIyEY3LCFrqX2ZdEWGhoCvxrPUaTRFtaI5oaMYrCxPDFiJjP4H9SgpSm1KD23GNdvV0uKXUbRVXErJdrz5KqDotVYxakXkdxDmN1wDUS433gkti8Fhw+cnlSkXnVW5WX5ITtuKwVQKrjMIwffq90EWE0hE+bsyXZIC/Xl+4+xtmo4PkwVj0iSxWZWOeixutqOWmPsHlOWU9jC4w1lJuLfrVQI9yoSyw/wiXTlAMZLPii3bpIaEfd6o/DcG2k3TZIMfOCE5yxyC7cfqr9SqUkNBwWgLx79HtWNfJO3M5j6ZAF/EksjJnfs9Wzv+oPjo0rO2cENvVQ97OkpfeCiqYTdEydg9nP4yWDRBn37AYDtvEjOvDtOA5yZfZhnl+shrz9ac+KL9YZzO61AUgHk7Ka2L737hj7ZZCCJ8EkCg6FGS2vBDMb7tZB1XhiG0mZiZDKtnRcMgtD0OfP3rluiEMZDikBjQgeYUhJktfeBKT3LTQmtD3hnRZ9bPQ1URBApd/rFtD4LjCXUbibWjjm4O1ToV/Fbxgy0WQNix8NVaDnQJ691hLiSfxmzP23URPN2FsOC0iojY87N4Zexu6ufmN9ipthojjGXI6L+hEuR0rdj6yoWAzil9KdOqlmfvQDZoYUIGKveKdCKsi03gXqWvcrv3WgEvPHNuJoBcJ2ZHoZAFbmiBLe8yYdyET4tJaU/FTNA23YLTVG2PyZWJn20FIJ7xZzMOOJwVJJbruFqwYU8RaNxGXp6gpMbMYq3QFARr/0LTX5VZUoWQXYVjbfVHl1AFUspBh5fsrFm7I7QgLgqsk8ojNGKHoWwrzc3aRSua7NF13jnuiE/43yGHdTPIN/WtB25jcczeBgzhkPiRaZlNJDLb9G8C1WH6lweRXtqukVIVdf9rDBUPLq/o+vQhmxuZlhm6Zq1otPiBsUVb8tC6dSmZAjI++DzI0DCE/0aeV7HQmyeuqDWXlcDl9wfIbJKT2q/n6J1qOIkGAqJaMx3NmGcb6ZZLRqIjTIPDdyFaXeXYTtl6iKr+ciV5GHIQ2hCSUHP7C24Lv1ElUNzmnjvcIO8L6t5G0kTOMjTDQNuQgzzFTpbu1//Gze8QurvovfBcD4RZPPC02Fabx4FuXU7jLmOgqi81Kzr6QBNDaE8L7wg0Yq+Gg10ZGHYB715ii09C0EYVB8eXTTMMFjp/4vfeP1w297iPrqjRQMY2MFBID/A/1/GJTIAk/Z6i3bZXKzLSd7hKfNl+JzKnlJT+kedqYmU1xQ37elr1/cdKmKvUAMvIYDZ7IFGkSyq/8h+GlMlSKcAgC9CH1WfLYuR1xTX6yxgwYDxivFjilOTDxX769rpDZug32w7i8Jx9//8KUNQ/DuGqay/TXENwd3cFesO1z4PGu/qyXDgTick+Ma+rvy9XdD7Zy+XLaVWRFOBQrz1whuA8pg7IUMW2ukX/2wKpVz1P4uE/nd689Bcsa10eEs2LAtdRCcxDO6BPjkArpr8kZucokWpxiIOFz+GOM8r2MtizyMluuexaAUiuP11mXsSNumBo2QRd87m685D48jbC1y3pJwzK+y/aAssjLRF8BrG2QvjKyJPCcoO/sZN+2w8MdRW6ZAdVnOcmGExqrnm792/rkc+KQzRtwcjCSxmyvqy02zJumEfrWdu9Xtfg9ksuHjLb6J7S47O/btjKwuK57xzldxvpi6MfcW1FGFwv3SAvCHJgoHRw/bjU2yX0Pc/DOSovQTRcZKoJqVBRmLI5LuC1eC7qRmFrA0CLmfQSr6jk4opOCvDqWVvKFUjpNReIIMHw3aeZ5uPqEx4wg5XJGkOTST/aQ+7k+7ekM8BQn9DqWB0astXFpmJRkY72p+IF5jvwCqnytaf/QAqs0BzyDxEbPRpXzBXQZP+IAFmtpS+2STHjgeQ7iCzsx4i+rCDSdThBTzAMV6qowLQ/xSm7SrfjuFHo3snO8ihPJPc3Vq5doCF+fp0L8uBHpV+JxaZ2GHaLEGXwTj7pBPjrveVGtJ/oNAM/Wy8HXul/oosR39Ozusf9ohPSROrqVrupWB8ExHCAofSN1TLxSK1EzP/ShBog/ajMXs+MSXcS4hK+lPLZdA27p4y354vScYp51r121xTl2WTz4b8zPlw8/wBS9K7YPSTAJWKh+okPM0FxxGjLy6SK/b+/EpOjXPaWFHAijEXFwoUJgFRediq2PWLKTtHmAONhFzeZUGz7wQ7BRjHJ6jnC2X5Ua2qd/R0cWYF9fpM04INgfE0sERtqnIWNM2VCqtynhj66CQHY4KlR+j8DVkaWNfnNGk48QOlrEq0vOuLItpFsIZrG814xk4TSbsMY1kD/XENKfXOl2QwqpavOTe0oAZBRhA+hF9EYcvQcGO9oVe+Pj3Fp0cMfquRuUtlitdW5wmmFno6hbHsqCiy53R/MmqfWuFNwZxQs5ZrnV09NJF9ra0m/YT/arKvJ30AxuQZZkzI6CBA0yl9L37N1Ym/76Hh/U6jvGjrlAbZKV71EtlKfEO9yxVjwSFACr5NehY/NrIncjO9SYHDkulOSjyCDfSUuA3yGy8OIcgrA1CjJUsqhM2mYA7WhSGdZ7/hcRYsKhvXekPnG3mh9VT1rxP4ZfuMei1c3JCMOWo3hxrw+9xFtj28TpjmxPQ8E+G8uUFAse0K/caGIZbLY4zUJliwVXc6RqAhqCXMaGXEO7lp9CyzpG9chDBnHZWN4KM1gUPdrsIcWKpClWOiLnkoO6vYofkgVXnRZvr4LCb96UB8zJDNidVvf4UqrfVb8u1zDk3Uc0D5e7JtTBosCresA0wAQJRHHi9zF4h1ajKUAzzG6OQcMUZ4ynj/Qkx3ztbk5jO4t13vZK5Eu1iX+EQZFvWm1cmuX2J8KcnokbKtaBRVBUEeXYvOkcvkhEpvSRFNuVk9qkiRpCwngM+mnVWDL3ERM07j1toYHrDnanKqOL37m0JI9bzXxpUU4tA14BJ9Hfq0vYGhZbBr1akBH3hkaS8/KS+AdZrBsHJW+W0XFuXyR6B5vb5gqcTjYn9cd6kaxwRTghdYFytWOA5/ec0MhCu3b1PYzJHcw+zuVLXQx6GRPxtTVAxYyqnWrSmWBIsaE+cDLBH/sA1z7OU6D9dSI/fHGEiVmVf353XM5KYQcP7gyRMbCGDkjPArD/AmeOX6Z8rmSFJt2UpxmtFPXLvEBDczetac+uG0EwvJG8cEjCkXBGuUQwXipJlThJkHXfca9UCgWJimTbgigWuc2I4DSaztYGnvnIiPgIWlSJ6fC+uGAzno1TRvtGUOSstHywduknPDhBGPZkXGf1MVns92jHelNY8N7Sq12WZ/c4vQ+iuwaBAg+pliH29Vhcgx2xCtCCaj8XW88j9NnZ8BAwg8zQ1jElEG029Y/c2RmMStpi+tkrn5kfSzLV6/Z+h/Z2D1eGkwXT0SbNceim5FKBmyGaxR/tBgBxaHE2vfFZSWWeonC7dv9G9Xd8QOqP1VySdzbKP955oTQjPfDrien2uDQAAA==");
}

}

@yurem
Copy link
Contributor Author

yurem commented Dec 1, 2015

It's not convinient to update web.xml in every VM to secure it...
Maybe it's possible to change WebConfiguration before JSF will get value from it... In this case we can generate password on the fly at startup.

@yuriyz
Copy link
Contributor

yuriyz commented Dec 1, 2015

Isn't it easier to upgrade jsf, which already generates passwords on the fly.? Then we will also benefits from all other new stuff there.

@nynymike
Copy link
Contributor

nynymike commented Dec 1, 2015

Actually, we can generate web.xml during installation. So it doesn't seem like such a big deal to render a random password.

@yurem
Copy link
Contributor Author

yurem commented Dec 1, 2015

In setup.py we have method which update oxCas.war during install. We can use this method as reference for oxath.war update: https://github.com/GluuFederation/community-edition-setup/blob/master/setup.py#L999

@nynymike
Copy link
Contributor

nynymike commented Dec 1, 2015

ok, I changed my mind. Having to recreate the war is messy and would make upgrades harder.

@yurem
Copy link
Contributor Author

yurem commented Dec 10, 2015

I have tried to find solution for this today. 100% pure programmatic way is not possible because JNDI was developed for services integration. Also when I try to change JNDI context properties it throw exception that Context is read only.

I find another solution. It's not bed too: GluuFederation/community-edition-setup@9d2f97d

Setup put file $TOMCAT_HOME/conf/Catalina/localhost/oxauth.xml during install. This value override default value in oxauth.war/WEB-INF/web.xml:

< Context >
< Environment name="com.sun.faces.ClientStateSavingPassword" value="%(oxauth_jsf_salt)s" type="java.lang.String" override="false" />
< /Context >

@yurem yurem closed this as completed Dec 10, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yuriyz @nynymike @yurem