/composer-setup.php
PHP | 5030 lines | 871 code | 69 blank | 4090 comment | 84 complexity | e4fd28a313caec07596aae2143ed995e MD5 | raw file
Large files files are truncated, but you can click here to view the full file
- <?php
- /*
- * This file is part of Composer.
- *
- * (c) Nils Adermann <naderman@naderman.de>
- * Jordi Boggiano <j.boggiano@seld.be>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
- process(is_array($argv) ? $argv : array());
- /**
- * processes the installer
- */
- function process($argv)
- {
- // Determine ANSI output from --ansi and --no-ansi flags
- setUseAnsi($argv);
- if (in_array('--help', $argv)) {
- displayHelp();
- exit(0);
- }
- $check = in_array('--check', $argv);
- $help = in_array('--help', $argv);
- $force = in_array('--force', $argv);
- $quiet = in_array('--quiet', $argv);
- $channel = in_array('--snapshot', $argv) ? 'snapshot' : (in_array('--preview', $argv) ? 'preview' : 'stable');
- $disableTls = in_array('--disable-tls', $argv);
- $installDir = getOptValue('--install-dir', $argv, false);
- $version = getOptValue('--version', $argv, false);
- $filename = getOptValue('--filename', $argv, 'composer.phar');
- $cafile = getOptValue('--cafile', $argv, false);
- if (!checkParams($installDir, $version, $cafile)) {
- exit(1);
- }
- $ok = checkPlatform($warnings, $quiet, $disableTls);
- if ($check) {
- // Only show warnings if we haven't output any errors
- if ($ok) {
- showWarnings($warnings);
- showSecurityWarning($disableTls);
- }
- exit($ok ? 0 : 1);
- }
- if ($ok || $force) {
- installComposer($version, $installDir, $filename, $quiet, $disableTls, $cafile, $channel);
- showWarnings($warnings);
- showSecurityWarning($disableTls);
- exit(0);
- }
- exit(1);
- }
- /**
- * displays the help
- */
- function displayHelp()
- {
- echo <<<EOF
- Composer Installer
- ------------------
- Options
- --help this help
- --check for checking environment only
- --force forces the installation
- --ansi force ANSI color output
- --no-ansi disable ANSI color output
- --quiet do not output unimportant messages
- --install-dir="..." accepts a target installation directory
- --preview install the latest version from the preview (alpha/beta/rc) channel instead of stable
- --snapshot install the latest version from the snapshot (dev builds) channel instead of stable
- --version="..." accepts a specific version to install instead of the latest
- --filename="..." accepts a target filename (default: composer.phar)
- --disable-tls disable SSL/TLS security for file downloads
- --cafile="..." accepts a path to a Certificate Authority (CA) certificate file for SSL/TLS verification
- EOF;
- }
- /**
- * Sets the USE_ANSI define for colorizing output
- *
- * @param array $argv Command-line arguments
- */
- function setUseAnsi($argv)
- {
- // --no-ansi wins over --ansi
- if (in_array('--no-ansi', $argv)) {
- define('USE_ANSI', false);
- } elseif (in_array('--ansi', $argv)) {
- define('USE_ANSI', true);
- } else {
- // On Windows, default to no ANSI, except in ANSICON and ConEmu.
- // Everywhere else, default to ANSI if stdout is a terminal.
- define(
- 'USE_ANSI',
- (DIRECTORY_SEPARATOR == '\\')
- ? (false !== getenv('ANSICON') || 'ON' === getenv('ConEmuANSI'))
- : (function_exists('posix_isatty') && posix_isatty(1))
- );
- }
- }
- /**
- * Returns the value of a command-line option
- *
- * @param string $opt The command-line option to check
- * @param array $argv Command-line arguments
- * @param mixed $default Default value to be returned
- *
- * @return mixed The command-line value or the default
- */
- function getOptValue($opt, $argv, $default)
- {
- $optLength = strlen($opt);
- foreach ($argv as $key => $value) {
- $next = $key + 1;
- if (0 === strpos($value, $opt)) {
- if ($optLength === strlen($value) && isset($argv[$next])) {
- return trim($argv[$next]);
- } else {
- return trim(substr($value, $optLength + 1));
- }
- }
- }
- return $default;
- }
- /**
- * Checks that user-supplied params are valid
- *
- * @param mixed $installDir The required istallation directory
- * @param mixed $version The required composer version to install
- * @param mixed $cafile Certificate Authority file
- *
- * @return bool True if the supplied params are okay
- */
- function checkParams($installDir, $version, $cafile)
- {
- $result = true;
- if (false !== $installDir && !is_dir($installDir)) {
- out("The defined install dir ({$installDir}) does not exist.", 'info');
- $result = false;
- }
- if (false !== $version && 1 !== preg_match('/^\d+\.\d+\.\d+(\-(alpha|beta)\d+)*$/', $version)) {
- out("The defined install version ({$version}) does not match release pattern.", 'info');
- $result = false;
- }
- if (false !== $cafile && (!file_exists($cafile) || !is_readable($cafile))) {
- out("The defined Certificate Authority (CA) cert file ({$cafile}) does not exist or is not readable.", 'info');
- $result = false;
- }
- return $result;
- }
- /**
- * Checks the platform for possible issues running Composer
- *
- * Errors are written to the output, warnings are saved for later display.
- *
- * @param array $warnings Populated by method, to be shown later
- * @param bool $quiet Quiet mode
- * @param bool $disableTls Bypass tls
- *
- * @return bool True if there are no errors
- */
- function checkPlatform(&$warnings, $quiet, $disableTls)
- {
- getPlatformIssues($errors, $warnings);
- // Make openssl warning an error if tls has not been specifically disabled
- if (isset($warnings['openssl']) && !$disableTls) {
- $errors['openssl'] = $warnings['openssl'];
- unset($warnings['openssl']);
- }
- if (!empty($errors)) {
- out('Some settings on your machine make Composer unable to work properly.', 'error');
- out('Make sure that you fix the issues listed below and run this script again:', 'error');
- outputIssues($errors);
- return false;
- }
- if (empty($warnings) && !$quiet) {
- out('All settings correct for using Composer', 'success');
- }
- return true;
- }
- /**
- * Checks platform configuration for common incompatibility issues
- *
- * @param array $errors Populated by method
- * @param array $warnings Populated by method
- *
- * @return bool If any errors or warnings have been found
- */
- function getPlatformIssues(&$errors, &$warnings)
- {
- $errors = array();
- $warnings = array();
- if ($iniPath = php_ini_loaded_file()) {
- $iniMessage = PHP_EOL . 'The php.ini used by your command-line PHP is: ' . $iniPath;
- } else {
- $iniMessage = PHP_EOL . 'A php.ini file does not exist. You will have to create one.';
- }
- $iniMessage .= PHP_EOL . 'If you can not modify the ini file, you can also run `php -d option=value` to modify ini values on the fly. You can use -d multiple times.';
- if (ini_get('detect_unicode')) {
- $errors['unicode'] = array(
- 'The detect_unicode setting must be disabled.',
- 'Add the following to the end of your `php.ini`:',
- ' detect_unicode = Off',
- $iniMessage
- );
- }
- if (extension_loaded('suhosin')) {
- $suhosin = ini_get('suhosin.executor.include.whitelist');
- $suhosinBlacklist = ini_get('suhosin.executor.include.blacklist');
- if (false === stripos($suhosin, 'phar') && (!$suhosinBlacklist || false !== stripos($suhosinBlacklist, 'phar'))) {
- $errors['suhosin'] = array(
- 'The suhosin.executor.include.whitelist setting is incorrect.',
- 'Add the following to the end of your `php.ini` or suhosin.ini (Example path [for Debian]: /etc/php5/cli/conf.d/suhosin.ini):',
- ' suhosin.executor.include.whitelist = phar ' . $suhosin,
- $iniMessage
- );
- }
- }
- if (!function_exists('json_decode')) {
- $errors['json'] = array(
- 'The json extension is missing.',
- 'Install it or recompile php without --disable-json'
- );
- }
- if (!extension_loaded('Phar')) {
- $errors['phar'] = array(
- 'The phar extension is missing.',
- 'Install it or recompile php without --disable-phar'
- );
- }
- if (!extension_loaded('filter')) {
- $errors['filter'] = array(
- 'The filter extension is missing.',
- 'Install it or recompile php without --disable-filter'
- );
- }
- if (!extension_loaded('hash')) {
- $errors['hash'] = array(
- 'The hash extension is missing.',
- 'Install it or recompile php without --disable-hash'
- );
- }
- if (!extension_loaded('iconv') && !extension_loaded('mbstring')) {
- $errors['iconv_mbstring'] = array(
- 'The iconv OR mbstring extension is required and both are missing.',
- 'Install either of them or recompile php without --disable-iconv'
- );
- }
- if (!ini_get('allow_url_fopen')) {
- $errors['allow_url_fopen'] = array(
- 'The allow_url_fopen setting is incorrect.',
- 'Add the following to the end of your `php.ini`:',
- ' allow_url_fopen = On',
- $iniMessage
- );
- }
- if (extension_loaded('ionCube Loader') && ioncube_loader_iversion() < 40009) {
- $ioncube = ioncube_loader_version();
- $errors['ioncube'] = array(
- 'Your ionCube Loader extension (' . $ioncube . ') is incompatible with Phar files.',
- 'Upgrade to ionCube 4.0.9 or higher or remove this line (path may be different) from your `php.ini` to disable it:',
- ' zend_extension = /usr/lib/php5/20090626+lfs/ioncube_loader_lin_5.3.so',
- $iniMessage
- );
- }
- if (version_compare(PHP_VERSION, '5.3.2', '<')) {
- $errors['php'] = array(
- 'Your PHP (' . PHP_VERSION . ') is too old, you must upgrade to PHP 5.3.2 or higher.'
- );
- }
- if (version_compare(PHP_VERSION, '5.3.4', '<')) {
- $warnings['php'] = array(
- 'Your PHP (' . PHP_VERSION . ') is quite old, upgrading to PHP 5.3.4 or higher is recommended.',
- 'Composer works with 5.3.2+ for most people, but there might be edge case issues.'
- );
- }
- if (!extension_loaded('openssl')) {
- $warnings['openssl'] = array(
- 'The openssl extension is missing, which means that secure HTTPS transfers are impossible.',
- 'If possible you should enable it or recompile php with --with-openssl'
- );
- }
- if (extension_loaded('openssl') && OPENSSL_VERSION_NUMBER < 0x1000100f) {
- // Attempt to parse version number out, fallback to whole string value.
- $opensslVersion = trim(strstr(OPENSSL_VERSION_TEXT, ' '));
- $opensslVersion = substr($opensslVersion, 0, strpos($opensslVersion, ' '));
- $opensslVersion = $opensslVersion ? $opensslVersion : OPENSSL_VERSION_TEXT;
- $warnings['openssl_version'] = array(
- 'The OpenSSL library (' . $opensslVersion . ') used by PHP does not support TLSv1.2 or TLSv1.1.',
- 'If possible you should upgrade OpenSSL to version 1.0.1 or above.'
- );
- }
- if (!defined('HHVM_VERSION') && !extension_loaded('apcu') && ini_get('apc.enable_cli')) {
- $warnings['apc_cli'] = array(
- 'The apc.enable_cli setting is incorrect.',
- 'Add the following to the end of your `php.ini`:',
- ' apc.enable_cli = Off',
- $iniMessage
- );
- }
- if (extension_loaded('xdebug')) {
- $warnings['xdebug_loaded'] = array(
- 'The xdebug extension is loaded, this can slow down Composer a little.',
- 'Disabling it when using Composer is recommended.'
- );
- if (ini_get('xdebug.profiler_enabled')) {
- $warnings['xdebug_profile'] = array(
- 'The xdebug.profiler_enabled setting is enabled, this can slow down Composer a lot.',
- 'Add the following to the end of your `php.ini` to disable it:',
- ' xdebug.profiler_enabled = 0',
- $iniMessage
- );
- }
- }
- if (!extension_loaded('zlib')) {
- $warnings['zlib'] = array(
- 'The zlib extension is not loaded, this can slow down Composer a lot.',
- 'If possible, install it or recompile php with --with-zlib',
- $iniMessage
- );
- }
- ob_start();
- phpinfo(INFO_GENERAL);
- $phpinfo = ob_get_clean();
- if (preg_match('{Configure Command(?: *</td><td class="v">| *=> *)(.*?)(?:</td>|$)}m', $phpinfo, $match)) {
- $configure = $match[1];
- if (false !== strpos($configure, '--enable-sigchild')) {
- $warnings['sigchild'] = array(
- 'PHP was compiled with --enable-sigchild which can cause issues on some platforms.',
- 'Recompile it without this flag if possible, see also:',
- ' https://bugs.php.net/bug.php?id=22999'
- );
- }
- if (false !== strpos($configure, '--with-curlwrappers')) {
- $warnings['curlwrappers'] = array(
- 'PHP was compiled with --with-curlwrappers which will cause issues with HTTP authentication and GitHub.',
- 'Recompile it without this flag if possible'
- );
- }
- }
- // Stringify the message arrays
- foreach ($errors as $key => $value) {
- $errors[$key] = PHP_EOL . implode(PHP_EOL, $value);
- }
- foreach ($warnings as $key => $value) {
- $warnings[$key] = PHP_EOL . implode(PHP_EOL, $value);
- }
- return !empty($errors) || !empty($warnings);
- }
- /**
- * Outputs an array of issues
- *
- * @param array $issues
- */
- function outputIssues($issues)
- {
- foreach ($issues as $issue) {
- out($issue, 'info');
- }
- out('');
- }
- /**
- * Outputs any warnings found
- *
- * @param array $warnings
- */
- function showWarnings($warnings)
- {
- if (!empty($warnings)) {
- out('Some settings on your machine may cause stability issues with Composer.', 'error');
- out('If you encounter issues, try to change the following:', 'error');
- outputIssues($warnings);
- }
- }
- /**
- * Outputs an end of process warning if tls has been bypassed
- *
- * @param bool $disableTls Bypass tls
- */
- function showSecurityWarning($disableTls)
- {
- if ($disableTls) {
- out('You have instructed the Installer not to enforce SSL/TLS security on remote HTTPS requests.', 'info');
- out('This will leave all downloads during installation vulnerable to Man-In-The-Middle (MITM) attacks', 'info');
- }
- }
- /**
- * installs composer to the current working directory
- */
- function installComposer($version, $installDir, $filename, $quiet, $disableTls, $cafile, $channel)
- {
- $installPath = (is_dir($installDir) ? rtrim($installDir, '/') . '/' : '') . $filename;
- $installDir = realpath($installDir) ? realpath($installDir) : getcwd();
- $file = $installDir . DIRECTORY_SEPARATOR . $filename;
- if (is_readable($file)) {
- @unlink($file);
- }
- $home = getHomeDir();
- if (!is_dir($home)) {
- @mkdir($home, 0777, true);
- }
- file_put_contents($home . '/keys.dev.pub', <<<DEVPUBKEY
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnBDHjZS6e0ZMoK3xTD7f
- FNCzlXjX/Aie2dit8QXA03pSrOTbaMnxON3hUL47Lz3g1SC6YJEMVHr0zYq4elWi
- i3ecFEgzLcj+pZM5X6qWu2Ozz4vWx3JYo1/a/HYdOuW9e3lwS8VtS0AVJA+U8X0A
- hZnBmGpltHhO8hPKHgkJtkTUxCheTcbqn4wGHl8Z2SediDcPTLwqezWKUfrYzu1f
- o/j3WFwFs6GtK4wdYtiXr+yspBZHO3y1udf8eFFGcb2V3EaLOrtfur6XQVizjOuk
- 8lw5zzse1Qp/klHqbDRsjSzJ6iL6F4aynBc6Euqt/8ccNAIz0rLjLhOraeyj4eNn
- 8iokwMKiXpcrQLTKH+RH1JCuOVxQ436bJwbSsp1VwiqftPQieN+tzqy+EiHJJmGf
- TBAbWcncicCk9q2md+AmhNbvHO4PWbbz9TzC7HJb460jyWeuMEvw3gNIpEo2jYa9
- pMV6cVqnSa+wOc0D7pC9a6bne0bvLcm3S+w6I5iDB3lZsb3A9UtRiSP7aGSo7D72
- 8tC8+cIgZcI7k9vjvOqH+d7sdOU2yPCnRY6wFh62/g8bDnUpr56nZN1G89GwM4d4
- r/TU7BQQIzsZgAiqOGXvVklIgAMiV0iucgf3rNBLjjeNEwNSTTG9F0CtQ+7JLwaE
- wSEuAuRm+pRqi8BRnQ/GKUcCAwEAAQ==
- -----END PUBLIC KEY-----
- DEVPUBKEY
- );
- file_put_contents($home . '/keys.tags.pub', <<<TAGSPUBKEY
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0Vi/2K6apCVj76nCnCl2
- MQUPdK+A9eqkYBacXo2wQBYmyVlXm2/n/ZsX6pCLYPQTHyr5jXbkQzBw8SKqPdlh
- vA7NpbMeNCz7wP/AobvUXM8xQuXKbMDTY2uZ4O7sM+PfGbptKPBGLe8Z8d2sUnTO
- bXtX6Lrj13wkRto7st/w/Yp33RHe9SlqkiiS4MsH1jBkcIkEHsRaveZzedUaxY0M
- mba0uPhGUInpPzEHwrYqBBEtWvP97t2vtfx8I5qv28kh0Y6t+jnjL1Urid2iuQZf
- noCMFIOu4vksK5HxJxxrN0GOmGmwVQjOOtxkwikNiotZGPR4KsVj8NnBrLX7oGuM
- nQvGciiu+KoC2r3HDBrpDeBVdOWxDzT5R4iI0KoLzFh2pKqwbY+obNPS2bj+2dgJ
- rV3V5Jjry42QOCBN3c88wU1PKftOLj2ECpewY6vnE478IipiEu7EAdK8Zwj2LmTr
- RKQUSa9k7ggBkYZWAeO/2Ag0ey3g2bg7eqk+sHEq5ynIXd5lhv6tC5PBdHlWipDK
- tl2IxiEnejnOmAzGVivE1YGduYBjN+mjxDVy8KGBrjnz1JPgAvgdwJ2dYw4Rsc/e
- TzCFWGk/HM6a4f0IzBWbJ5ot0PIi4amk07IotBXDWwqDiQTwyuGCym5EqWQ2BD95
- RGv89BPD+2DLnJysngsvVaUCAwEAAQ==
- -----END PUBLIC KEY-----
- TAGSPUBKEY
- );
- if (false === $disableTls && empty($cafile) && !HttpClient::getSystemCaRootBundlePath()) {
- $errorHandler = new ErrorHandler();
- set_error_handler(array($errorHandler, 'handleError'));
- $target = $home . '/cacert.pem';
- $write = file_put_contents($target, HttpClient::getPackagedCaFile(), LOCK_EX);
- @chmod($target, 0644);
- restore_error_handler();
- if (!$write) {
- throw new RuntimeException('Unable to write bundled cacert.pem to: ' . $target);
- }
- $cafile = $target;
- }
- $httpClient = new HttpClient($disableTls, $cafile);
- $uriScheme = false === $disableTls ? 'https' : 'http';
- if (!$version) {
- $versions = json_decode($httpClient->get($uriScheme . '://getcomposer.org/versions'), true);
- foreach ($versions[$channel] as $candidate) {
- if ($candidate['min-php'] <= PHP_VERSION_ID) {
- $version = $candidate['version'];
- $downloadUrl = $candidate['path'];
- break;
- }
- }
- if (!$version) {
- out('None of the ' . count($versions[$channel]) . ' ' . $channel . ' version(s) of Composer matches your PHP version (' . PHP_VERSION . ' / ID: ' . PHP_VERSION_ID . ')', 'error');
- exit(1);
- }
- } else {
- $downloadUrl = "/download/{$version}/composer.phar";
- }
- $retries = 3;
- while ($retries--) {
- if (!$quiet) {
- out("Downloading $version...", 'info');
- }
- $url = "{$uriScheme}://getcomposer.org{$downloadUrl}";
- $errorHandler = new ErrorHandler();
- set_error_handler(array($errorHandler, 'handleError'));
- // download signature file
- if (false === $disableTls) {
- $signature = $httpClient->get($url . '.sig');
- if (!$signature) {
- out('Download failed: ' . $errorHandler->message, 'error');
- } else {
- $signature = json_decode($signature, true);
- $signature = base64_decode($signature['sha384']);
- }
- }
- $fh = fopen($file, 'w');
- if (!$fh) {
- out('Could not create file ' . $file . ': ' . $errorHandler->message, 'error');
- }
- if (!fwrite($fh, $httpClient->get($url))) {
- out('Download failed: ' . $errorHandler->message, 'error');
- }
- fclose($fh);
- restore_error_handler();
- if ($errorHandler->message) {
- continue;
- }
- try {
- // create a temp file ending in .phar since the Phar class only accepts that
- if ('.phar' !== substr($file, -5)) {
- copy($file, $file . '.tmp.phar');
- $pharFile = $file . '.tmp.phar';
- } else {
- $pharFile = $file;
- }
- // verify signature
- if (false === $disableTls) {
- $pubkeyid = openssl_pkey_get_public('file://' . $home . '/' . (preg_match('{^[0-9a-f]{40}$}', $version) ? 'keys.dev.pub' : 'keys.tags.pub'));
- $algo = defined('OPENSSL_ALGO_SHA384') ? OPENSSL_ALGO_SHA384 : 'SHA384';
- if (!in_array('SHA384', openssl_get_md_methods())) {
- out('SHA384 is not supported by your openssl extension, could not verify the phar file integrity', 'error');
- exit(1);
- }
- $verified = 1 === openssl_verify(file_get_contents($file), $signature, $pubkeyid, $algo);
- openssl_free_key($pubkeyid);
- if (!$verified) {
- out('Signature mismatch, could not verify the phar file integrity', 'error');
- exit(1);
- }
- }
- // test the phar validity
- if (!ini_get('phar.readonly')) {
- $phar = new Phar($pharFile);
- // free the variable to unlock the file
- unset($phar);
- }
- // clean up temp file if needed
- if ($file !== $pharFile) {
- unlink($pharFile);
- }
- break;
- } catch (Exception $e) {
- if (!$e instanceof UnexpectedValueException && !$e instanceof PharException) {
- throw $e;
- }
- // clean up temp file if needed
- if ($file !== $pharFile) {
- unlink($pharFile);
- }
- unlink($file);
- if ($retries) {
- if (!$quiet) {
- out('The download is corrupt, retrying...', 'error');
- }
- } else {
- out('The download is corrupt (' . $e->getMessage() . '), aborting.', 'error');
- exit(1);
- }
- }
- }
- if ($errorHandler->message) {
- out('The download failed repeatedly, aborting.', 'error');
- exit(1);
- }
- chmod($file, 0755);
- if (!$quiet) {
- out(PHP_EOL . "Composer successfully installed to: " . $file, 'success', false);
- out(PHP_EOL . "Use it: php $installPath", 'info');
- }
- }
- /**
- * colorize output
- */
- function out($text, $color = null, $newLine = true)
- {
- $styles = array(
- 'success' => "\033[0;32m%s\033[0m",
- 'error' => "\033[31;31m%s\033[0m",
- 'info' => "\033[33;33m%s\033[0m"
- );
- $format = '%s';
- if (isset($styles[$color]) && USE_ANSI) {
- $format = $styles[$color];
- }
- if ($newLine) {
- $format .= PHP_EOL;
- }
- printf($format, $text);
- }
- /**
- * Returns the system-dependent Composer home location, which may not exist
- *
- * @return string
- */
- function getHomeDir()
- {
- $home = getenv('COMPOSER_HOME');
- if (!$home) {
- $userDir = getUserDir();
- if (defined('PHP_WINDOWS_VERSION_MAJOR')) {
- $home = $userDir . '/Composer';
- } else {
- $home = $userDir . '/.composer';
- if (!is_dir($home) && useXdg()) {
- // XDG Base Directory Specifications
- if (!($xdgConfig = getenv('XDG_CONFIG_HOME'))) {
- $xdgConfig = $userDir . '/.config';
- }
- $home = $xdgConfig . '/composer';
- }
- }
- }
- return $home;
- }
- /**
- * Returns the location of the user directory from the environment
- * @throws Runtime Exception If the environment value does not exists
- *
- * @return string
- */
- function getUserDir()
- {
- $userEnv = defined('PHP_WINDOWS_VERSION_MAJOR') ? 'APPDATA' : 'HOME';
- $userDir = getenv($userEnv);
- if (!$userDir) {
- throw new RuntimeException('The ' . $userEnv . ' or COMPOSER_HOME environment variable must be set for composer to run correctly');
- }
- return rtrim(strtr($userDir, '\\', '/'), '/');
- }
- /**
- * @return bool
- */
- function useXdg()
- {
- foreach (array_keys($_SERVER) as $key) {
- if (substr($key, 0, 4) === 'XDG_') {
- return true;
- }
- }
- return false;
- }
- function validateCaFile($contents)
- {
- // assume the CA is valid if php is vulnerable to
- // https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html
- if (
- PHP_VERSION_ID <= 50327
- || (PHP_VERSION_ID >= 50400 && PHP_VERSION_ID < 50422)
- || (PHP_VERSION_ID >= 50500 && PHP_VERSION_ID < 50506)
- ) {
- return !empty($contents);
- }
- return (bool)openssl_x509_parse($contents);
- }
- class ErrorHandler
- {
- public $message = '';
- public function handleError($code, $msg)
- {
- if ($this->message) {
- $this->message .= "\n";
- }
- $this->message .= preg_replace('{^copy\(.*?\): }', '', $msg);
- }
- }
- class HttpClient
- {
- private $options = array('http' => array());
- private $disableTls = false;
- public function __construct($disableTls = false, $cafile = false)
- {
- $this->disableTls = $disableTls;
- if ($this->disableTls === false) {
- if (!empty($cafile) && !is_dir($cafile)) {
- if (!is_readable($cafile) || !validateCaFile(file_get_contents($cafile))) {
- throw new RuntimeException('The configured cafile (' . $cafile . ') was not valid or could not be read.');
- }
- }
- $options = $this->getTlsStreamContextDefaults($cafile);
- $this->options = array_replace_recursive($this->options, $options);
- }
- }
- protected function getTlsStreamContextDefaults($cafile)
- {
- $ciphers = implode(':', array(
- 'ECDHE-RSA-AES128-GCM-SHA256',
- 'ECDHE-ECDSA-AES128-GCM-SHA256',
- 'ECDHE-RSA-AES256-GCM-SHA384',
- 'ECDHE-ECDSA-AES256-GCM-SHA384',
- 'DHE-RSA-AES128-GCM-SHA256',
- 'DHE-DSS-AES128-GCM-SHA256',
- 'kEDH+AESGCM',
- 'ECDHE-RSA-AES128-SHA256',
- 'ECDHE-ECDSA-AES128-SHA256',
- 'ECDHE-RSA-AES128-SHA',
- 'ECDHE-ECDSA-AES128-SHA',
- 'ECDHE-RSA-AES256-SHA384',
- 'ECDHE-ECDSA-AES256-SHA384',
- 'ECDHE-RSA-AES256-SHA',
- 'ECDHE-ECDSA-AES256-SHA',
- 'DHE-RSA-AES128-SHA256',
- 'DHE-RSA-AES128-SHA',
- 'DHE-DSS-AES128-SHA256',
- 'DHE-RSA-AES256-SHA256',
- 'DHE-DSS-AES256-SHA',
- 'DHE-RSA-AES256-SHA',
- 'AES128-GCM-SHA256',
- 'AES256-GCM-SHA384',
- 'ECDHE-RSA-RC4-SHA',
- 'ECDHE-ECDSA-RC4-SHA',
- 'AES128',
- 'AES256',
- 'RC4-SHA',
- 'HIGH',
- '!aNULL',
- '!eNULL',
- '!EXPORT',
- '!DES',
- '!3DES',
- '!MD5',
- '!PSK'
- ));
- /**
- * CN_match and SNI_server_name are only known once a URL is passed.
- * They will be set in the getOptionsForUrl() method which receives a URL.
- *
- * cafile or capath can be overridden by passing in those options to constructor.
- */
- $options = array(
- 'ssl' => array(
- 'ciphers' => $ciphers,
- 'verify_peer' => true,
- 'verify_depth' => 7,
- 'SNI_enabled' => true,
- )
- );
- /**
- * Attempt to find a local cafile or throw an exception.
- * The user may go download one if this occurs.
- */
- if (!$cafile) {
- $cafile = self::getSystemCaRootBundlePath();
- }
- if (is_dir($cafile)) {
- $options['ssl']['capath'] = $cafile;
- } elseif ($cafile) {
- $options['ssl']['cafile'] = $cafile;
- } else {
- throw new RuntimeException('A valid cafile could not be located automatically.');
- }
- /**
- * Disable TLS compression to prevent CRIME attacks where supported.
- */
- if (version_compare(PHP_VERSION, '5.4.13') >= 0) {
- $options['ssl']['disable_compression'] = true;
- }
- return $options;
- }
- /**
- * This method was adapted from Sslurp.
- * https://github.com/EvanDotPro/Sslurp
- *
- * (c) Evan Coury <me@evancoury.com>
- *
- * For the full copyright and license information, please see below:
- *
- * Copyright (c) 2013, Evan Coury
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without modification,
- * are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
- public static function getSystemCaRootBundlePath()
- {
- static $caPath = null;
- if ($caPath !== null) {
- return $caPath;
- }
- // If SSL_CERT_FILE env variable points to a valid certificate/bundle, use that.
- // This mimics how OpenSSL uses the SSL_CERT_FILE env variable.
- $envCertFile = getenv('SSL_CERT_FILE');
- if ($envCertFile && is_readable($envCertFile) && validateCaFile(file_get_contents($envCertFile))) {
- return $caPath = $envCertFile;
- }
- // If SSL_CERT_DIR env variable points to a valid certificate/bundle, use that.
- // This mimics how OpenSSL uses the SSL_CERT_FILE env variable.
- $envCertDir = getenv('SSL_CERT_DIR');
- if ($envCertDir && is_dir($envCertDir) && is_readable($envCertDir)) {
- return $caPath = $envCertDir;
- }
- $configured = ini_get('openssl.cafile');
- if ($configured && strlen($configured) > 0 && is_readable($configured) && validateCaFile(file_get_contents($configured))) {
- return $caPath = $configured;
- }
- $configured = ini_get('openssl.capath');
- if ($configured && is_dir($configured) && is_readable($configured)) {
- return $caPath = $configured;
- }
- $caBundlePaths = array(
- '/etc/pki/tls/certs/ca-bundle.crt', // Fedora, RHEL, CentOS (ca-certificates package)
- '/etc/ssl/certs/ca-certificates.crt', // Debian, Ubuntu, Gentoo, Arch Linux (ca-certificates package)
- '/etc/ssl/ca-bundle.pem', // SUSE, openSUSE (ca-certificates package)
- '/usr/local/share/certs/ca-root-nss.crt', // FreeBSD (ca_root_nss_package)
- '/usr/ssl/certs/ca-bundle.crt', // Cygwin
- '/opt/local/share/curl/curl-ca-bundle.crt', // OS X macports, curl-ca-bundle package
- '/usr/local/share/curl/curl-ca-bundle.crt', // Default cURL CA bunde path (without --with-ca-bundle option)
- '/usr/share/ssl/certs/ca-bundle.crt', // Really old RedHat?
- '/etc/ssl/cert.pem', // OpenBSD
- '/usr/local/etc/ssl/cert.pem', // FreeBSD 10.x
- );
- foreach ($caBundlePaths as $caBundle) {
- if (@is_readable($caBundle) && validateCaFile(file_get_contents($caBundle))) {
- return $caPath = $caBundle;
- }
- }
- foreach ($caBundlePaths as $caBundle) {
- $caBundle = dirname($caBundle);
- if (is_dir($caBundle) && glob($caBundle . '/*')) {
- return $caPath = $caBundle;
- }
- }
- return $caPath = false;
- }
- public static function getPackagedCaFile()
- {
- return <<<CACERT
- ##
- ## Bundle of CA Root Certificates
- ##
- ## Certificate data from Mozilla as of: Wed Oct 28 22:42:42 2015
- ##
- ## This is a bundle of X.509 certificates of public Certificate Authorities
- ## (CA). These were automatically extracted from Mozilla's root certificates
- ## file (certdata.txt). This file can be found at
- ## https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt
- ##
- ## It contains the certificates in PEM format and therefore
- ## can be directly used with curl / libcurl / php_curl, or with
- ## an Apache+mod_ssl webserver for SSL client authentication.
- ## Just configure this file as the SSLCACertificateFile.
- ##
- ## Conversion done with mk-ca-bundle.pl version 1.25.
- ## SHA1: 6d7d2f0a4fae587e7431be191a081ac1257d300a
- ##
- Equifax Secure CA
- =================
- -----BEGIN CERTIFICATE-----
- MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UE
- ChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
- MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoT
- B0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCB
- nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPR
- fM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+AcJkVV5MW
- 8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAG
- A1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UE
- CxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoG
- A1UdEAQTMBGBDzIwMTgwODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvS
- spXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMB
- Af8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GBAFjOKer89961
- zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y7qj/WsjTVbJmcVfewCHrPSqnI0kB
- BIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee95
- 70+sB3c4
- -----END CERTIFICATE-----
- GlobalSign Root CA
- ==================
- -----BEGIN CERTIFICATE-----
- MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx
- GTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkds
- b2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNV
- BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYD
- VQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa
- DuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6sc
- THAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb
- Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNP
- c1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrX
- gzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
- HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUF
- AAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6Dj
- Y1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyG
- j/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhH
- hm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC
- X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
- -----END CERTIFICATE-----
- GlobalSign Root CA - R2
- =======================
- -----BEGIN CERTIFICATE-----
- MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4GA1UECxMXR2xv
- YmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh
- bFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT
- aWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln
- bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6
- ErPLv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8eoLrvozp
- s6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklqtTleiDTsvHgMCJiEbKjN
- S7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzdC9XZzPnqJworc5HGnRusyMvo4KD0L5CL
- TfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pazq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6C
- ygPCm48CAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
- FgQUm+IHV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9i
- YWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjAN
- BgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4GsJ0/WwbgcQ3izDJr86iw8bmEbTUsp
- 9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu
- 01yiPqFbQfXf5WRDLenVOavSot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG7
- 9G+dwfCMNYxdAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
- TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
- -----END CERTIFICATE-----
- Verisign Class 3 Public Primary Certification Authority - G3
- ============================================================
- -----BEGIN CERTIFICATE-----
- MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJV
- UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
- cmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
- IG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNh
- dGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQsw
- CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
- dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhv
- cml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkg
- Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
- ggEBAMu6nFL8eB8aHm8bN3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1
- EUGO+i2tKmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGukxUc
- cLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBmCC+Vk7+qRy+oRpfw
- EuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJXwzw3sJ2zq/3avL6QaaiMxTJ5Xpj
- 055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWuimi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
- ERSWwauSCPc/L8my/uRan2Te2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5f
- j267Cz3qWhMeDGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC
- /Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565pF4ErWjfJXir0
- xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGtTxzhT5yvDwyd93gN2PQ1VoDa
- t20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
- -----END CERTIFICATE-----
- Verisign Class 4 Public Primary Certification Authority - G3
- ============================================================
- -----BEGIN CERTIFICATE-----
- MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJV
- UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
- cmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
- IG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNh
- dGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQsw
- CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
- dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhv
- cml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDQgUHVibGljIFByaW1hcnkg
- Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
- ggEBAK3LpRFpxlmr8Y+1GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaS
- tBO3IFsJ+mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0GbdU6LM
- 8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLmNxdLMEYH5IBtptiW
- Lugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XYufTsgsbSPZUd5cBPhMnZo0QoBmrX
- Razwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
- j/ola09b5KROJ1WrIhVZPMq1CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXtt
- mhwwjIDLk5Mqg6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm
- fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c2NU8Qh0XwRJd
- RTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/bLvSHgCwIe34QWKCudiyxLtG
- UPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg==
- -----END CERTIFICATE-----
- Entrust.net Premium 2048 Secure Server CA
- =========================================
- -----BEGIN CERTIFICATE-----
- MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5u
- ZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxp
- bWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV
- BAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQx
- NzUwNTFaFw0yOTA3MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3
- d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTEl
- MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5u
- ZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
- MIIBCgKCAQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOL
- Gp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr
- hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVTXTzW
- nLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoVve8AjhUi
- VBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAOBgNVHQ8BAf8E
- BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJ
- KoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPy
- T/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf
- zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5bu/8j72gZyxKT
- J1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+bYQLCIt+jerXmCHG8+c8eS9e
- nNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/ErfF6adulZkMV8gzURZVE=
- -----END CERTIFICATE-----
- Baltimore CyberTrust Root
- =========================
- -----BEGIN CERTIFICATE-----
- MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UE
- ChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3li
- ZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMC
- SUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFs
- dGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKME
- uyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjrIZ3AQSsB
- UnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeKmpYcqWe4PwzV9/lSEy/C
- G9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSuXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9
- XbIGevOF6uvUA65ehD5f/xXtabz5OTZydc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjpr
- l3RjM71oGDHweI12v/yejl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoI
- VDaGezq1BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB
- BQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT929hkTI7gQCvlYpNRh
- cL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3WgxjkzSswF07r51XgdIGn9w/xZchMB5
- hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsa
- Y71k5h+3zvDyny67G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9H
- RCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
- -----END CERTIFICATE-----
- AddTrust Low-Value Services Root
- ================================
- -----BEGIN CERTIFICATE-----
- MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
- QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRU
- cnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMwMTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQsw
- CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBO
- ZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEB
- AQUAA4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ulCDtbKRY6
- 54eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6ntGO0/7Gcrjyvd7ZWxbWr
- oulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyldI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1
- Zmne3yzxbrww2ywkEtvrNTVokMsAsJchPXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJui
- GMx1I4S+6+JNM3GOGvDC+Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8w
- HQYDVR0OBBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8EBTAD
- AQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBlMQswCQYDVQQGEwJT
- RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEw
- HwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxt
- ZBsfzQ3duQH6lmM0MkhHma6X7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0Ph
- iVYrqW9yTkkz43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY
- eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJlpz/+0WatC7xr
- mYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOAWiFeIc9TVPC6b4nbqKqVz4vj
- ccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk=
- -----END CERTIFICATE-----
- AddTrust External Root
- ======================
- -----BEGIN CERTIFICATE-----
- MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
- QWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYD
- VQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEw
- NDgzOFowbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRU
- cnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0Eg
- Um9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvtH7xsD821
- +iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9uMq/NzgtHj6RQa1wVsfw
- Tz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504B4YCqOmo
- aSYYkKtMsE8jqzpPhNjfzp/haW+710LXa0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy
- 2xSoRcRdKn23tNbE7qzNE0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv7
- 7+ldU9U0WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYDVR0P
- BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0Jvf6xCZU7wO94CTL
- VBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRk
- VHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENB
- IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZl
- j7DYd7usQWxHYINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
- 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvCNr4TDea9Y355
- e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0cQ+azcgOno4u
- G+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5amnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
- -----END CERTIFICATE-----
- AddTrust Public Services Root
- =============================
- -----BEGIN CERTIFICATE-----
- MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
- QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSAwHgYDVQQDExdBZGRU
- cnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAxMDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJ
- BgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5l
- dHdvcmsxIDAeBgNVBAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEF
- AAOCAQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV6tsfSlbu
- nyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nXGCwwfQ56HmIexkvA/X1i
- d9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnPdzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSG
- Aa2Il+tmzV7R/9x98oTaunet3IAIx6eH1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAw
- HM+A+WD+eeSI8t0A65RF62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0G
- A1UdDgQWBBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
- /zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDELMAkGA1UEBhMCU0Ux
- FDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRUcnVzdCBUVFAgTmV0d29yazEgMB4G
- A1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4
- JNojVhaTdt02KLmuG7jD8WS6IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL
- +YPoRNWyQSW/iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao
- GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh4SINhwBk/ox9
- Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQmXiLsks3/QppEIW1cxeMiHV9H
- EufOX1362KqxMy3ZdvJOOjMMK7MtkAY=
- -----END CERTIFICATE-----
- AddTrust Qualified Certificates Root
- ====================================
- -----BEGIN CERTIFICATE-----
- MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
- QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSMwIQYDVQQDExpBZGRU
- cnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcx
- CzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQ
- IE5ldHdvcmsxIzAhBgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG
- 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwqxBb/4Oxx
- 64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G87B4pfYOQnrjfxvM0PC3
- KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i2O+tCBGaKZnhqkRFmhJePp1tUvznoD1o
- L/BLcHwTOK28FSXx1s6rosAx1i+f4P8UWfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GR
- wVY18BTcZTYJbqukB8c10cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HU
- MIHRMB0GA1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/
- BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6FrpGkwZzELMAkGA1UE
- BhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRUcnVzdCBUVFAgTmV0d29y
- azEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlmaWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQAD
- ggEBABmrder4i2VhlRO6aQTvhsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxG
- GuoYQ992zPlmhpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X
- dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3P6CxB9bpT9ze
- RXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9YiQBCYz95OdBEsIJuQRno3eDB
- iFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5noxqE=
- -----END CERTIFICATE-----
- Entrust Root Certification Authority
- ====================================
- -----BEGIN CERTIFICATE-----
- MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNV
- BAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jw
- b3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsG
- A1UEAxMkRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0
- MloXDTI2MTEyNzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu
- MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVu
- Y2UxHzAdBgNVBAsT…
Large files files are truncated, but you can click here to view the full file