changeset 1118:fd85a02d771d

(issue54) Implement a privilege drop to execute the program after installation. This commit is extremly ugly as I accidentally worked in a working tree that was partially merged with default. To review the real change please check the commit that will merge this branch into default.
author Andre Heinecke <andre.heinecke@intevation.de>
date Tue, 16 Sep 2014 19:45:19 +0200
parents 5b6203f78b4e (diff) 1c1964c27b39 (current diff)
children 5349e2354c48
files CMakeLists.txt cinst/nssstore_win.c common/util.c common/util.h packaging/CMakeLists.txt packaging/desktopshellrun.cpp packaging/exdll.h packaging/trustbridge.nsi packaging/win-createpackage.sh.in
diffstat 98 files changed, 6661 insertions(+), 1309 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Tue Sep 02 14:25:40 2014 +0200
+++ b/.hgtags	Tue Sep 16 19:45:19 2014 +0200
@@ -10,3 +10,21 @@
 0000000000000000000000000000000000000000 0.85
 0000000000000000000000000000000000000000 0.85
 c4ba93dbf680e9507290fa7058d660486cc0be2e 0.85
+b4094dc552171376ac9481657ba509abfaecf1bc 0.9
+b4094dc552171376ac9481657ba509abfaecf1bc 0.9
+0000000000000000000000000000000000000000 0.9
+0000000000000000000000000000000000000000 0.9
+4f999c7821ce65f5482b44e12d18da44d6994dd8 0.9
+b1c8ac65f782470dfe400f710513c166a51360f5 0.91
+0000000000000000000000000000000000000000 0.91
+0000000000000000000000000000000000000000 0.91
+96a0e5bdf6a4851fc29d145497fc1a4802f23701 0.9.1
+96a0e5bdf6a4851fc29d145497fc1a4802f23701 0.9.1
+0000000000000000000000000000000000000000 0.9.1
+0000000000000000000000000000000000000000 0.9.1
+b5dc84ea5dacc228b59d2be7ea25a754ec7ed3f8 0.9.1
+0000000000000000000000000000000000000000 0.9.1
+0000000000000000000000000000000000000000 0.9.1
+0000000000000000000000000000000000000000 0.9.1
+e10bc7372545e90823673cd53432f3fce63d2c86 0.9.1
+0ae3c99b82ee75ee26801a879dfc3d047b6da547 0.9.2
--- a/CMakeLists.txt	Tue Sep 02 14:25:40 2014 +0200
+++ b/CMakeLists.txt	Tue Sep 16 19:45:19 2014 +0200
@@ -9,10 +9,11 @@
 project(trustbridge)
 
 option(DO_RELEASE_BUILD "Build for a public release." OFF)
+option(USE_REAL_RESOURCES "Use real resource names on the download server. Autmatically ON if DO_RELEASE_BUILD is set" OFF )
 option(ENABLE_PROFILING "Set to enable profiling." OFF)
 option(USE_CURL "Use libcurl to download updates and certificate lists." ON)
 
-set(DOWNLOAD_SERVER "https://files.intevation.de:443" CACHE STRING "Used as download server" )
+set(DOWNLOAD_SERVER "https://tb-devel.intevation.de:443" CACHE STRING "Used as download server" )
 set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/")
 
 #Old qtmain linking behavior to be compatible with cmake versions < 2.8.11
@@ -38,6 +39,12 @@
 
 find_package(Qt5Widgets)
 
+find_program(OSSLSIGNCODE_EXECUTABLE osslsigncode)
+
+if (WIN32 AND NOT OSSLSIGNCODE_EXECUTABLE)
+   message (STATUS "WARNING: osslsigncode not found. Code verification and code verification tests will fail.")
+endif()
+
 if (NOT WIN32)
    find_package(NSS)
 else ()
@@ -59,6 +66,7 @@
       set (CMAKE_BUILD_TYPE RELEASE)
    endif (NOT CMAKE_BUILD_TYPE)
    add_definitions (-DRELEASE_BUILD)
+   set(USE_REAL_RESOURCES ON)
 else()
 # Default to debug build
    if (NOT CMAKE_BUILD_TYPE)
@@ -68,6 +76,10 @@
    endif (NOT CMAKE_BUILD_TYPE)
 endif()
 
+if(USE_REAL_RESOURCES)
+   add_definitions (-DUSE_REAL_RESOURCES)
+endif()
+
 # Warn level to be used for privileged parts
 set(WARN_HARDENING_FLAGS " -Wextra -Wconversion -Wformat-security")
 
--- a/INSTALL	Tue Sep 02 14:25:40 2014 +0200
+++ b/INSTALL	Tue Sep 16 19:45:19 2014 +0200
@@ -70,11 +70,11 @@
 
 Libcurl:
 
-    wget http://curl.haxx.se/download/curl-7.37.1.tar.gz
-    a32492a38c10a097344892f5fd2041e54698cb909696852311b1161e4aa979f3 curl-7.37.1.tar.gz
+    wget http://curl.haxx.se/download/curl-7.38.0.tar.gz
+    5661028aa6532882fa228cd23c99ddbb8b87643dbb1a7ea55c068d34a943dff1 curl-7.38.0.tar.gz
 
-    tar -xf curl-7.37.1.tar.gz
-    cd curl-7.37.1/
+    tar -xf curl-7.38.0.tar.gz
+    cd curl-7.38.0/
     patch -p1 < ../trustbridge/patches/*.patch
     mkdir build
     cd build
@@ -141,7 +141,7 @@
     make install
 
 Change to the curl directory
-    cd ../../curl-7.37.1/
+    cd ../../curl-7.38.0/
     mkdir build-i386
     cd build-i386
     CFLAGS="-fpic -m32" CPPFLAGS="-fpic -m32" ../configure --prefix=$YOURPREFIX/i386 \
@@ -170,24 +170,19 @@
 for the ssl connection. To build it you may need libxslt-dev as additional
 dependency.
 
-    wget https://www.hiawatha-webserver.org/files/hiawatha-9.5.tar.gz
-    sha256sum hiawatha-9.5.tar.gz
-
-c181011db1af187006190fc186689a0707a6f1e7b524c2a4347840e8fdf68b4f  hiawatha-9.5.tar.gz
+    wget https://www.hiawatha-webserver.org/files/hiawatha-9.7.tar.gz
+    sha256sum hiawatha-9.7.tar.gz
 
-    tar -xf hiawatha-9.5.tar.gz
-    cp polarssl-1.3.7-gpl.tgz hiawatha-9.5/polarssl/polarssl.tgz
-    cd hiawatha-9.5/polarssl
-    sed -i 's/wget.*//' upgrade
-    ./upgrade 1.3.8
-    cd ..
+e8581336883b7b963f38572f6396f8c47b43e5bedd3147d052fa3652e6c0ed86 hiawatha-9.7.tar.gz
+
+    tar -xf hiawatha-9.7.tar.gz
+    cd hiawatha-9.7
     mkdir build
     cd build
     cmake .. -DCMAKE_INSTALL_PREFIX=$YOURPREFIX
     make && make install
 
 
-
 Osslsigncode (for binverify unit test)
 ======================================
 Osslsigncode is used to create PKCS#7 embedded signatures for Windows Authenticode
@@ -228,6 +223,10 @@
     make qtbase
 (optional) make curl
 
+Add CMAKE_STRIP to the toolchain file:
+    echo "set(CMAKE_STRIP $MXEPATH/usr/bin/i686-w64-mingw32.static-strip)" >> \
+        "$MXEPATH/usr/i686-w64-mingw32.static/share/cmake/mxe-conf.cmake"
+
 Workaround Qt CMake Bugs:
     find $MXEPATH/usr/i686-w64-mingw32.static/qt5/lib/cmake -name \*.cmake | \
         xargs sed -i 's/\/\([a-z]*\)\.lib/\/lib\1\.a/g'
@@ -242,7 +241,7 @@
     cmake .. \
         -DCMAKE_PREFIX_PATH="$MXETARGET/qt5;$MXETARGET;" \
         -DCMAKE_TOOLCHAIN_FILE="$MXETARGET/share/cmake/mxe-conf.cmake" \
-        -DCMAKE_VERBOSE_MAKEFILE=True -DUSE_CURL=OFF
+        -DCMAKE_VERBOSE_MAKEFILE=True
 
 Runtime Depdendencies
 =====================
--- a/cinst/CMakeLists.txt	Tue Sep 02 14:25:40 2014 +0200
+++ b/cinst/CMakeLists.txt	Tue Sep 16 19:45:19 2014 +0200
@@ -30,6 +30,30 @@
    ${WIN_EXTRA_LIBS})
 
 install(TARGETS cinst DESTINATION bin)
+if (WIN32)
+   add_custom_command(
+      TARGET cinst
+      POST_BUILD
+      COMMAND ${CMAKE_STRIP} cinst.exe
+   )
+   if (NOT RELEASE_BUILD)
+      add_custom_command(
+         TARGET cinst
+         POST_BUILD
+         COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_SOURCE_DIR}/ui/tests/data/codesign/codesigning.pem
+         -key ${CMAKE_SOURCE_DIR}/ui/tests/data/codesign/codesigning.key
+         -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/cinst.exe
+         -out ${CMAKE_CURRENT_BINARY_DIR}/cinst-signed.exe &&
+         mv ${CMAKE_CURRENT_BINARY_DIR}/cinst-signed.exe ${CMAKE_CURRENT_BINARY_DIR}/cinst.exe
+         )
+    endif()
+else()
+   add_custom_command(
+      TARGET cinst
+      POST_BUILD
+      COMMAND strip cinst
+   )
+endif()
 
 # ----------------------------------------------------------------------
 # Mozilla nss store specific certificate installer:
@@ -48,6 +72,31 @@
       ${PROFILING_LIBS})
    set_target_properties(mozilla PROPERTIES COMPILE_FLAGS "-std=c99")
    install(TARGETS mozilla DESTINATION bin)
+
+   if (WIN32)
+      add_custom_command(
+         TARGET mozilla
+         POST_BUILD
+         COMMAND ${CMAKE_STRIP} mozilla.exe
+      )
+      if (NOT RELEASE_BUILD)
+         add_custom_command(
+            TARGET mozilla
+            POST_BUILD
+            COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_SOURCE_DIR}/ui/tests/data/codesign/codesigning.pem
+            -key ${CMAKE_SOURCE_DIR}/ui/tests/data/codesign/codesigning.key
+            -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/mozilla.exe
+            -out ${CMAKE_CURRENT_BINARY_DIR}/mozilla-signed.exe &&
+            mv ${CMAKE_CURRENT_BINARY_DIR}/mozilla-signed.exe ${CMAKE_CURRENT_BINARY_DIR}/mozilla.exe
+            )
+       endif()
+   else()
+      add_custom_command(
+         TARGET mozilla
+         POST_BUILD
+         COMMAND strip mozilla
+      )
+   endif()
 else()
    message(STATUS "WARNING: Could not find nss. Mozilla cert installer will not be build!")
 endif()
--- a/cinst/main.c	Tue Sep 02 14:25:40 2014 +0200
+++ b/cinst/main.c	Tue Sep 16 19:45:19 2014 +0200
@@ -14,15 +14,15 @@
  *  process will modify system wide certificate stores.
  *  Otherwise only the users certificate stores are modified.
  *
- *  The first parameter to this process should be list=<file_name>
+ *  The first parameter to this process should be list=\<file_name\>
  *  of the certificate list to work on. The second parameter should
- *  be choices=<choices_file_name>|uninstall
+ *  be choices=\<choices_file_name\>|uninstall
  *
  *  choices_file_name should be the absolute path to an
  *  choices file formatted as:
  *
- *  I:<certificate>
- *  R:<certificate>
+ *  I:\<certificate\><BR>
+ *  R:\<certificate\>
  *
  *  Line breaks can be system dependent in the Choices file.
  *
@@ -35,6 +35,8 @@
  *  to remove all certificates (Even those marked with I) that
  *  are part of the list.
  *
+ *  For more verbose debug output add --debug to the call.
+ *
  **/
 #include <stdio.h>
 #include <stdlib.h>
@@ -199,6 +201,11 @@
   return 0;
 }
 
+#ifdef DO_RELEASE_BUILD
+bool g_debug = false;
+#else
+bool g_debug = true;
+#endif
 
 int
 main (int argc, char **argv)
@@ -219,18 +226,24 @@
   /* Some very static argument parsing. list= and choices= is only
      added to make it more transparent how this programm is called if
      a user looks at the detailed uac dialog. */
-  if (argc != 3 || strncmp(argv[1], "list=", 5) != 0 ||
+  if ((argc != 3 && argc != 4) || strncmp(argv[1], "list=", 5) != 0 ||
       strncmp(argv[2], "choices=", 8) != 0)
     {
       ERRORPRINTF ("Invalid arguments.\n"
                    "Expected arguments: list=<certificate_list> \n"
-                   "                    choices=<choices_file>|uninstall\n");
+                   "                    choices=<choices_file>|uninstall\n"
+                   "Optional: --debug\n");
       return ERR_INVALID_PARAMS;
     }
 
   certificate_file_name = strchr(argv[1], '=') + 1;
   choices_file_name = strchr(argv[2], '=') + 1;
 
+  if (argc == 4 && strncmp(argv[3], "--debug", 7) == 0)
+    {
+      g_debug = true;
+    }
+
   if (!certificate_file_name || !choices_file_name)
     {
       ERRORPRINTF ("Invalid arguments.\n"
--- a/cinst/mozilla.c	Tue Sep 02 14:25:40 2014 +0200
+++ b/cinst/mozilla.c	Tue Sep 16 19:45:19 2014 +0200
@@ -12,12 +12,12 @@
  * Reads from a file given on command line or stdin a list of
  * instructions in the form:
  *
- * I:<base64 DER econded certificate>
- * R:<base64 DER econded certificate>
+ * I:\<base64 DER econded certificate\> <BR>
+ * R:\<base64 DER econded certificate\>
  * ...
  *
  * With one instruction per line. the maximum size of an input
- * line is 9999 characters (including the \r\n) at the end of the line.
+ * line is 9999 characters (including the \\r\\n) at the end of the line.
  *
  * Certificates marked with I: will be installed and the ones
  * marked with R: will be searched and if available removed from
@@ -45,6 +45,9 @@
  * purposes each installation / removal of a certificate will be reported
  * with the profile name that it modified.
  *
+ * To get more verbose output add the --debug parameter
+ * as the last parameter on the command line.
+ *
  */
 
 /**
@@ -61,6 +64,7 @@
 #include <dirent.h>
 #include <nss.h>
 #include <pk11pub.h>
+#include <secerr.h>
 #include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -141,7 +145,7 @@
     return cdir;
   else
     {
-      DEBUGPRINTF("FATAL!  No %s in environment.\n", envvar);
+      ERRORPRINTF("FATAL!  No %s in environment.\n", envvar);
       exit(ERR_MOZ_HOMELESS);
     }
 }
@@ -152,14 +156,14 @@
  * Parse the profiles.ini and extract all profile paths from that.
  * The expected data is in the form:
  *
- * [Profile99]
- * IsRelative=1
- * Path=Example/fooo.bar
+ * [Profile99]<BR>
+ * IsRelative=1<BR>
+ * Path=Example/foo.bar
  *
- * or
- * [Profile0]
- * IsRelative=0
- * Path=c:\foo\bar\baz
+ * or<BR>
+ * [Profile0]<BR>
+ * IsRelative=0<BR>
+ * Path=c:\\foo\\bar\\baz
  *
  * Mozilla also accepts the ini file on Windows even if it is UTF-16
  * encoded but never writes UTF-16 on its own.  So currently we ignore
@@ -416,7 +420,7 @@
           else
             {
               /* Lets create it */
-              if (!port_mkdir_p(profile_dir))
+              if (!port_mkdir_p(profile_dir, true))
                 {
                   ERRORPRINTF ("Failed to create directory: '%s'\n", profile_dir);
                   xfree(profile_dir);
@@ -451,7 +455,7 @@
     {
 #ifndef _WIN32
       /* NSS Shared db does not exist under windows. */
-      if (!port_mkdir_p(NSSSHARED_GLOBAL))
+      if (!port_mkdir_p(NSSSHARED_GLOBAL, false))
         {
           ERRORPRINTF("Failed to create nssshared skeleton directory. \n");
         }
@@ -548,7 +552,7 @@
  *
  * Should be freed by caller.
  * @param[in] secitemp ponts to an SECItem holding the DER certificate.
- * @retruns a string of the from "CN of Subject - O of Subject"
+ * @returns a string of the from "CN of Subject - O of Subject"
  */
 static char *
 nss_cert_name(SECItem *secitemp)
@@ -559,7 +563,7 @@
   o_str = x509_parse_subject(secitemp->data, secitemp->len, CERT_OID_O);
   if (!cn_str || !o_str)
     {
-      DEBUGPRINTF("FATAL: Could not parse certificate!");
+      ERRORPRINTF("FATAL: Could not parse certificate!");
       exit(ERR_INVALID_CERT);
     }
   name_len = strlen(cn_str) + strlen(o_str) + 4;
@@ -622,16 +626,39 @@
                                     (int)dercert->len);
   trust = (CERTCertTrust *)xmalloc(sizeof(CERTCertTrust));
   CERT_DecodeTrustString(trust, "C,C,C");
-  if ((PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE,
-                       cert_name, PR_FALSE)
-       == SECSuccess) &&
-      (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust)
-       == SECSuccess))
+  if (PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE,
+                       cert_name, PR_FALSE) == SECSuccess)
     {
-      log_certificate_der (pdir, dercert->data, dercert->len, true);
-      success = true;
+      if(CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust) == SECSuccess)
+        {
+          log_certificate_der (pdir, dercert->data, dercert->len, true);
+          success = true;
+        }
     }
-  else
+  /* This could have happened on either the import cert or
+     the cert change trust. If Import Cert fails with that
+     error the certificate has in fact been added but with
+     random trist bits. See NSS Bug 595861.
+     Reference code can be found in gnome evolution under
+     smime/lib/e-cert-db.c */
+  if(PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN)
+    {
+      if (PK11_NeedUserInit (pk11slot))
+        {
+          PK11_InitPin (pk11slot, "", "");
+        }
+      if (PK11_Authenticate (pk11slot, PR_TRUE, NULL) != SECSuccess)
+        {
+          DEBUGPRINTF("Failed to authenticate.\n");
+        }
+      else if(CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust) == SECSuccess)
+        {
+          log_certificate_der (pdir, dercert->data, dercert->len, true);
+          success = true;
+        }
+    }
+
+  if (!success)
     {
       DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir);
       ERRORPRINTF("Error installing certificate err: %i\n", PORT_GetError());
@@ -750,6 +777,7 @@
  * Reads command lines (R: and I:) from standard input and puts the
  * certificates to process in two SECItem lists holding the
  * certificates in DER format.
+ * @param[inout] stream from standard input
  * @param[inout] install_list list of SECItems with certifiactes to install
  * @param[inout] remove_list list of SECItems with certifiactes to remove
  */
@@ -801,12 +829,18 @@
 
       if (parserr)
         {
-          DEBUGPRINTF("FATAL: Invalid input: %s\n", inpl);
+          ERRORPRINTF("FATAL: Invalid input: %s\n", inpl);
           exit(ERR_MOZ_INVALID_INPUT);
         }
     }
 }
 
+#ifdef DO_RELEASE_BUILD
+bool g_debug = false;
+#else
+bool g_debug = true;
+#endif
+
 int
 main (int argc, char **argv)
 {
@@ -822,17 +856,29 @@
       input_stream = stdin;
       break;
     case 2:
+      if (strcmp(argv[1], "--debug") == 0)
+        {
+          g_debug = true;
+          DEBUGPRINTF("Opening STDIN for input...\n");
+          input_stream = stdin;
+          break;
+        }
+    case 3:
       DEBUGPRINTF("Opening %s for input...\n", argv[1]);
       if ((input_stream = fopen(argv[1], "r")) == NULL)
         {
-          DEBUGPRINTF("FATAL: Could not open %s for reading!\n",
-                      argv[1]);
+          ERRORPRINTF ("FATAL: Could not open %s for reading!\n",
+                       argv[1]);
           exit_code = ERR_MOZ_FAILED_TO_OPEN_INPUT;
           goto exit;
         }
+      if (argc == 3 && strcmp(argv[2], "--debug") == 0)
+        {
+          g_debug = true;
+        }
       break;
     default:
-      DEBUGPRINTF("FATAL: Wrong number of arguments!\n");
+      ERRORPRINTF("FATAL: Wrong number of arguments!\n");
       exit_code = ERR_MOZ_WRONG_ARGC;
       goto exit;
     }
--- a/cinst/nss-secitemlist.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/cinst/nss-secitemlist.h	Tue Sep 16 19:45:19 2014 +0200
@@ -39,7 +39,7 @@
  * @brief Remove and return first SECItem from list
  *
  * @param[inout] list pointer to the list to which the item will be added.
- * @retruns the removed item, or NULL if list is empty.
+ * @returns the removed item, or NULL if list is empty.
  * The caller shoud free this item after use.
  */
 SECItem *seciteml_pop (seciteml_t **list);
--- a/cinst/nssstore_linux.c	Tue Sep 02 14:25:40 2014 +0200
+++ b/cinst/nssstore_linux.c	Tue Sep 16 19:45:19 2014 +0200
@@ -37,8 +37,8 @@
  *
  * @param [in] to_install strv of DER encoded certificates to be added.
  * @param [in] to_remove strv of DER encoded certificates to be remvoed.
- * @param [in] uid_t uid of the user to install certificates for.
- * @param [in] gid_t the gid of the user to install certificates for.
+ * @param [in] uid uid of the user to install certificates for.
+ * @param [in] gid the gid of the user to install certificates for.
  * @param [in] homedir the homedir of the user.
  *
  * @returns childs pid on success. -1 on failure
@@ -49,7 +49,7 @@
 {
   int pipe_fd[2];
   pid_t pid = 0;
-  char *argv[2] = {NULL, NULL},
+  char *argv[3] = {NULL, NULL, NULL},
                   *envp[2] = {NULL, NULL},
                              *inst_dir = NULL;
   size_t homedir_len = 0,
@@ -92,6 +92,11 @@
   exe_path_len = strlen(inst_dir) + strlen(NSS_PROCESS_NAME);
   argv[0] = xmalloc (exe_path_len + 1);
 
+  if (g_debug)
+    {
+      argv[1] = "--debug";
+    }
+
   ret = snprintf(argv[0], exe_path_len + 1, "%s%s", inst_dir, NSS_PROCESS_NAME);
   xfree (inst_dir);
   if (ret < 0 || (size_t) ret != exe_path_len)
--- a/cinst/nssstore_win.c	Tue Sep 02 14:25:40 2014 +0200
+++ b/cinst/nssstore_win.c	Tue Sep 16 19:45:19 2014 +0200
@@ -50,6 +50,7 @@
 #include "logging.h"
 #include "util.h"
 #include "strhelp.h"
+#include "binverify.h"
 
 #ifndef APPNAME
 #define APPNAME L"cinst"
@@ -97,7 +98,6 @@
   xfree (item);
 }
 
-
 /**@brief Write strv of instructions to a handle
 *
 * Writes the null terminated list of instructions to
@@ -348,6 +348,11 @@
      + NULL */
   cmd_line_len = wcslen (w_inst_dir) + 1 + 2 + wcslen (NSS_APP_NAME) +
                  + 1 + 2 + wcslen(selection_file) + 1;
+  if (g_debug)
+    {
+      /* Add space for whitespace and --debug*/
+      cmd_line_len += 8;
+    }
   retval = xmalloc (cmd_line_len * sizeof(wchar_t));
 
   wcscpy_s (retval, cmd_line_len, L"\"");
@@ -358,6 +363,11 @@
   wcscat_s (retval, cmd_line_len, selection_file);
   wcscat_s (retval, cmd_line_len, L"\"");
 
+  if (g_debug)
+    {
+      wcscat_s (retval, cmd_line_len, L" --debug");
+    }
+
   return retval;
 }
 
@@ -616,6 +626,7 @@
   char *install_dir = get_install_dir();
   wchar_t *w_inst_dir;
   size_t w_path_len = 0;
+  bin_verify_result v_res;
 
   if (!selection_file)
     {
@@ -670,6 +681,22 @@
       return false;
     }
 
+  /* Verify the binary */
+    {
+      char *utf8_name = wchar_to_utf8 (lpApplicationPath, wcslen(lpApplicationPath));
+      v_res = verify_binary (utf8_name, strlen(utf8_name));
+      xfree(utf8_name);
+    }
+
+  if (v_res.result != VerifyValid)
+    {
+      ERRORPRINTF ("Failed to verify the NSS installer.\n");
+      syslog_error_printf ("Integrity check of the certificate installation subprocess for NSS failed.\n");
+      xfree (lpApplicationPath);
+      xfree (lpCommandLine);
+      return false;
+    }
+
   DEBUGPRINTF ("Starting %S with command line %S\n", lpApplicationPath, lpCommandLine);
 
   success = CreateProcessAsUserW (hToken,
@@ -683,6 +710,7 @@
                                   NULL, /* Current working directory */
                                   &siStartInfo,
                                   &piProcInfo);
+  fclose (v_res.fptr);
   xfree (lpApplicationPath);
   xfree (lpCommandLine);
   if (!success)
@@ -777,7 +805,7 @@
      it might be a symlink to another place that a users
      wants us to grant read access to or makes us overwrite
      something */
-  if(!create_restricted_directory (path))
+  if(!create_restricted_directory (path, true))
     {
       ERRORPRINTF ("Failed to create directory\n");
       xfree(path);
--- a/common/binverify.c	Tue Sep 02 14:25:40 2014 +0200
+++ b/common/binverify.c	Tue Sep 16 19:45:19 2014 +0200
@@ -10,6 +10,7 @@
 
 #include "strhelp.h"
 #include "logging.h"
+#include "listutil.h"
 #ifdef RELEASE_BUILD
 #include "pubkey-release.h"
 #else
@@ -19,8 +20,13 @@
 bin_verify_result
 verify_binary(const char *filename, size_t name_len)
 {
-  if (!filename || !name_len)
-    return VerifyUnknownError;
+  if (!filename || !name_len) {
+    bin_verify_result retval;
+    retval.fptr = NULL;
+    retval.result = VerifyUnknownError;
+    return retval;
+  }
+
 #ifdef WIN32
   return verify_binary_win(filename, name_len);
 #else
@@ -101,7 +107,7 @@
 bin_verify_result
 verify_binary_win(const char *filename, size_t name_len)
 {
-  bin_verify_result retval = VerifyUnknownError;
+  bin_verify_result retval;
   WCHAR *filenameW = NULL;
   BOOL result = FALSE;
   DWORD dwEncoding = 0,
@@ -112,17 +118,34 @@
   HCRYPTMSG hMsg = NULL;
   PCERT_INFO pSignerCert = NULL;
   PCCERT_CONTEXT pSignerCertContext = NULL;
+  FILE *fptr = NULL;
+  size_t data_size = 0;
+  char *data = NULL;
+  int ret = -1;
+  CRYPT_INTEGER_BLOB blob;
+
+  retval.result = VerifyUnknownError;
+  retval.fptr = NULL;
 
   if (!filename || name_len > MAX_PATH || strlen(filename) != name_len)
     {
       ERRORPRINTF ("Invalid parameters\n");
-      return VerifyUnknownError;
+      return retval;
     }
 
-  filenameW = utf8_to_wchar(filename, name_len);
+  ret = read_file(filename, &data, &data_size, MAX_VALID_BIN_SIZE, &fptr);
 
-  result = CryptQueryObject (CERT_QUERY_OBJECT_FILE,
-                             filenameW,
+  if (ret != 0)
+    {
+      ERRORPRINTF ("Read file failed with error: %i\n", ret);
+      retval.result = VerifyReadFailed;
+      return retval;
+    }
+  blob.cbData = (DWORD) data_size;
+  blob.pbData = (PBYTE) data;
+
+  result = CryptQueryObject (CERT_QUERY_OBJECT_BLOB,
+                             &blob,
                              CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED,
                              CERT_QUERY_FORMAT_FLAG_BINARY,
                              0,
@@ -136,7 +159,7 @@
   if (!result || !hMsg)
     {
       PRINTLASTERROR ("Failed to query crypto object");
-      retval = VerifyReadFailed;
+      retval.result = VerifyReadFailed;
       goto done;
     }
 
@@ -152,7 +175,7 @@
   else
     {
       ERRORPRINTF ("Failed to get signer cert size.");
-      retval = VerifyUnknownError;
+      retval.result = VerifyUnknownError;
       goto done;
     }
 
@@ -163,7 +186,7 @@
                          &dwSignerInfoSize)))
     {
       ERRORPRINTF ("Failed to get signer cert.");
-      retval = VerifyUnknownError;
+      retval.result = VerifyUnknownError;
       goto done;
     }
 
@@ -175,7 +198,7 @@
   if (!pSignerCertContext)
     {
       ERRORPRINTF ("Failed to find signer cert in store.");
-      retval = VerifyUnknownError;
+      retval.result = VerifyUnknownError;
       goto done;
     }
 
@@ -186,7 +209,7 @@
                       pSignerCertContext->pCertInfo))
     {
       ERRORPRINTF ("The signature is invalid. \n");
-      retval = VerifyInvalidSignature;
+      retval.result = VerifyInvalidSignature;
       syslog_error_printf ("Software update embedded signature is invalid.");
       goto done;
     }
@@ -194,22 +217,29 @@
   if(check_certificate(pSignerCertContext))
     {
       DEBUGPRINTF ("Valid signature with pinned certificate.");
-      retval = VerifyValid;
+      retval.result = VerifyValid;
+      retval.fptr = fptr;
       goto done;
     }
   else
     {
       ERRORPRINTF ("Certificate mismatch. \n");
-      retval = VerifyInvalidCertificate;
+      retval.result = VerifyInvalidCertificate;
       syslog_error_printf ("Software update embedded signature "
                            "created with wrong certificate.");
       goto done;
     }
 
 done:
+  xfree(data);
   xfree(filenameW);
   xfree(pSignerCert);
 
+  if (retval.result != VerifyValid)
+    {
+      fclose(fptr);
+    }
+
   if(pSignerCertContext)
     {
       CertFreeCertificateContext(pSignerCertContext);
@@ -226,8 +256,6 @@
 }
 #else /* WIN32 */
 
-#include "listutil.h"
-
 #pragma GCC diagnostic ignored "-Wconversion"
 /* Polarssl mh.h contains a conversion which gcc warns about */
 #include <polarssl/pk.h>
@@ -248,29 +276,34 @@
          sig_size = TRUSTBRIDGE_RSA_KEY_SIZE / 8;
   unsigned char signature[sig_size],
            hash[32];
+  FILE *fptr = NULL;
 
-  bin_verify_result retval = VerifyUnknownError;
+  bin_verify_result retval;
+  retval.result = VerifyUnknownError;
+  retval.fptr = NULL;
   x509_crt codesign_cert;
 
   if (strnlen(filename, name_len + 1) != name_len || name_len == 0)
     {
       ERRORPRINTF ("Invalid call to verify_binary_linux\n");
-      return VerifyUnknownError;
+      retval.result = VerifyUnknownError;
+      return retval;
     }
 
-  ret = read_file(filename, &data, &data_size, MAX_VALID_BIN_SIZE);
+  ret = read_file(filename, &data, &data_size, MAX_VALID_BIN_SIZE, &fptr);
 
   if (ret != 0)
     {
       ERRORPRINTF ("Read file failed with error: %i\n", ret);
-      return VerifyReadFailed;
+      retval.result = VerifyReadFailed;
+      return retval;
     }
 
   /* Fetch the signature from the end of data */
   if (data_size < sig_b64_size + 5)
     {
       ERRORPRINTF ("File to small to contain a signature.\n");
-      retval = VerifyInvalidSignature;
+      retval.result = VerifyInvalidSignature;
       goto done;
     }
 
@@ -280,7 +313,7 @@
       data[data_size - sig_b64_size - 5] != '\r')
     {
       ERRORPRINTF ("Failed to find valid signature line.\n");
-      retval = VerifyInvalidSignature;
+      retval.result = VerifyInvalidSignature;
       goto done;
     }
 
@@ -312,7 +345,8 @@
       errbuf[1019] = '\0'; /* Just to be sure */
       ERRORPRINTF ("x509_crt_parse failed with -0x%04x\n%s\n", -ret, errbuf);
       x509_crt_free(&codesign_cert);
-      return VerifyUnknownError;
+      retval.result = VerifyUnknownError;
+      goto done;
     }
 
   ret = pk_verify(&codesign_cert.pk, POLARSSL_MD_SHA256, hash, 0,
@@ -325,14 +359,22 @@
       errbuf[1019] = '\0'; /* Just to be sure */
       ERRORPRINTF ("pk_verify failed with -0x%04x\n %s\n", -ret, errbuf);
       x509_crt_free(&codesign_cert);
-      retval = VerifyInvalidSignature;
+      retval.result = VerifyInvalidSignature;
       goto done;
     }
   x509_crt_free(&codesign_cert);
 
-  retval = VerifyValid;
+  retval.result = VerifyValid;
+  retval.fptr = fptr;
 
 done:
+  if (retval.result != VerifyValid)
+    {
+      if (fptr)
+        {
+          fclose(fptr);
+        }
+    }
   xfree (data);
   return retval;
 }
--- a/common/binverify.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/common/binverify.h	Tue Sep 16 19:45:19 2014 +0200
@@ -13,13 +13,14 @@
  */
 #include <stdbool.h>
 #include <stddef.h>
+#include <stdio.h>
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
 /**
- * @enum bin_verify_result
+ * @enum verify_result
  * @brief Result of a verification
  */
 typedef enum {
@@ -28,6 +29,19 @@
     VerifyInvalidSignature = 4, /*! Signature was invalid */
     VerifyInvalidCertificate = 5, /*! Certificate mismatch */
     VerifyReadFailed = 6, /*! File exists but could not read the file */
+} verify_result;
+
+/**
+ * A structure containing a verify_result and a reference to the
+ * verified file.
+ */
+typedef struct {
+    /*@{*/
+    verify_result result; /**< the result of the verification */
+    FILE *fptr; /**< Pointer to the open file struct of the verified file
+                    The ptr is only valid if verify_result is VerifyValid
+                    and needs to be closed by the caller in that case.*/
+    /*@}*/
 } bin_verify_result;
 
 /**
@@ -44,7 +58,7 @@
  * file.
  *
  * On Linux the file is epxected to and with the pattern of
- * \r\nS: (0x0d0a533A) followed by a 3072 Bit Base64 encoded RSA
+ * \\r\\nS: (0x0d0a533A) followed by a 3072 Bit Base64 encoded RSA
  * signature.
  * The signature is verified against the built in codesigning key in
  * the same certificate that is used for windows verification.
@@ -57,14 +71,15 @@
  */
 bin_verify_result verify_binary(const char *filename, size_t name_len);
 
+/**@def Max size of a valid binary in byte */
+#define MAX_VALID_BIN_SIZE (32 * 1024 * 1024)
+
 #ifdef WIN32
 /**
  * @brief windows implementation of verify_binary
  */
 bin_verify_result verify_binary_win(const char *filename, size_t name_len);
 #else /* WIN32 */
-/**@def Max size of a valid binary in byte */
-#define MAX_VALID_BIN_SIZE (32 * 1024 * 1024)
 
 /**
  * @brief linux implementation of verify_binary
--- a/common/linuxlockfile.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/common/linuxlockfile.h	Tue Sep 16 19:45:19 2014 +0200
@@ -26,7 +26,7 @@
 /**
  * @brief close a lockfile
  * @details unlock and close a lockfile for the given file descriptor.
- * @param[in] path to the lockfile
+ * @param[in] fd TODO
  * @returns the file descriptor of the lockfile or -1 on error
  */
 void close_lockfile(int fd);
--- a/common/listutil.c	Tue Sep 02 14:25:40 2014 +0200
+++ b/common/listutil.c	Tue Sep 16 19:45:19 2014 +0200
@@ -16,6 +16,10 @@
 #include <sys/stat.h>
 #include <string.h>
 
+#ifdef WIN32
+#include <share.h>
+#endif
+
 #include "strhelp.h"
 #include "logging.h"
 
@@ -41,7 +45,7 @@
 #define READ_FILE_INVALID_CALL -5
 int
 read_file(const char *file_name, char **data, size_t *size,
-          const size_t max_size)
+          const size_t max_size, FILE **fptr)
 {
   FILE *f;
   long file_size;
@@ -50,8 +54,23 @@
     {
       return READ_FILE_INVALID_CALL;
     }
-
+#ifdef WIN32
+    {
+      wchar_t *wFilename = utf8_to_wchar(file_name, strlen(file_name));
+      if (!wFilename)
+        {
+          return READ_FILE_UNREADABLE;
+        }
+      /* We open and write protect the file here so that
+         as long as the file is open we can be sure that
+         it was not modified and can use it in subsequent
+         calls based on the filename. */
+      f = _wfsopen(wFilename, L"rb", _SH_DENYWR);
+      xfree(wFilename);
+    }
+#else
   f = fopen(file_name, "rb");
+#endif
   if (f == NULL)
     return READ_FILE_UNREADABLE;
 
@@ -92,7 +111,14 @@
       return READ_FILE_READ_FAILED;
     }
 
-  fclose(f);
+  if (fptr)
+    {
+      *fptr = f;
+    }
+  else
+    {
+      fclose(f);
+    }
 
   (*data)[*size] = '\0';
 
@@ -180,7 +206,7 @@
   *size = 0;
   int ret = 0;
 
-  ret = read_file(file_name, data, size, MAX_FILESIZE);
+  ret = read_file(file_name, data, size, MAX_FILESIZE, NULL);
 
   /* printf ("Ret: %i \n", ret); */
   if (ret != 0)
--- a/common/listutil.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/common/listutil.h	Tue Sep 16 19:45:19 2014 +0200
@@ -13,6 +13,7 @@
 #endif
 
 #include <stddef.h>
+#include <stdio.h>
 
 /**
  * @file listutil.h
@@ -84,17 +85,22 @@
 /**
  *  @brief Read a file into memory.
  *
- * The caller needs to free data
+ * The caller needs to free data. If fptr is not NULL it will
+ * recieve the pointer to the read file structure. The caller
+ * is responsible for closing this.
+ * fptr only needs to be closed and is only valid if the
+ * return value is 0.
  *
- * @param[in] fileName Name of the file.
+ * @param[in] file_name Name of the file.
  * @param[out] data the file content
  * @param[out] size size in bytes of the file content.
  * @param[in] max_size the maximum amount of bytes to read.
+ * @param[out] fptr pointer to recieve the FILE ptr or NULL
  *
  * @return 0 on success an error code otherwise.
  */
 int read_file(const char *file_name, char **data, size_t *size,
-              const size_t max_size);
+              const size_t max_size, FILE **fptr);
 #ifdef __cplusplus
 }
 #endif
--- a/common/logging.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/common/logging.h	Tue Sep 16 19:45:19 2014 +0200
@@ -26,6 +26,8 @@
 /** @def The name used for logging */
 #define LOG_NAME "TrustBridge"
 
+extern bool g_debug;
+
 #ifdef WIN32
 
 #include <windows.h>
@@ -68,9 +70,10 @@
  */
 #ifdef DEBUGOUTPUT
 # ifndef WIN32
-#  define DEBUGPRINTF(fmt, ...) fprintf(stderr, DEBUGPREFIX "DEBUG: " fmt, ##__VA_ARGS__);
+#  define DEBUGPRINTF(fmt, ...) if (g_debug) fprintf(stderr, DEBUGPREFIX "DEBUG: " fmt, ##__VA_ARGS__);
 # else /* WIN32 */
 #  define DEBUGPRINTF(fmt, ...) \
+ if (g_debug) \
   { \
     char buf[512]; \
     snprintf(buf, 511, "DEBUG: " fmt, ##__VA_ARGS__); \
@@ -111,8 +114,8 @@
       if (my_error) { \
         ERRORPRINTF(msg" : %s\n", my_error); \
         free (my_error); \
-      } \
-  ERRORPRINTF ("Failed to get error information\n");
+      } else \
+    ERRORPRINTF ("Failed to get error information\n");
 
 
 /**
--- a/common/portpath.c	Tue Sep 02 14:25:40 2014 +0200
+++ b/common/portpath.c	Tue Sep 16 19:45:19 2014 +0200
@@ -8,6 +8,7 @@
 #include "portpath.h"
 #include "strhelp.h"
 #include "util.h"
+#include "logging.h"
 
 #include <libgen.h>
 #include <limits.h>
@@ -39,9 +40,13 @@
 }
 
 bool
-port_mkdir(const char *path)
+port_mkdir(const char *path, bool propagate_acl)
 {
 #ifndef _WIN32
+  if (propagate_acl)
+    {
+      DEBUGPRINTF("WARNING: ACL propagation only has an effect on Windows.\n");
+    }
   return mkdir(path, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) == 0;
 #else
   wchar_t *wchar_path = utf8_to_wchar(path, strlen(path));
@@ -51,7 +56,7 @@
     {
       return false;
     }
-  ret = create_restricted_directory (wchar_path);
+  ret = create_restricted_directory (wchar_path, propagate_acl);
   xfree (wchar_path);
   return ret;
 #endif
@@ -90,7 +95,7 @@
 }
 
 bool
-port_mkdir_p(const char *path)
+port_mkdir_p(const char *path, bool propagate_acl)
 {
   char *parent_path,
        *p;
@@ -113,9 +118,9 @@
   *p = '\0';
   if (!port_isdir(parent_path))
     {
-      port_mkdir_p(parent_path);
+      port_mkdir_p(parent_path, false);
     }
-  return port_mkdir(path);
+  return port_mkdir(path, propagate_acl);
 }
 
 bool
--- a/common/portpath.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/common/portpath.h	Tue Sep 16 19:45:19 2014 +0200
@@ -61,15 +61,25 @@
  * to create a directory that is world readable and
  * writable by the current user / group
  * @param[in] path the path to the directory
+ * @param[in] propagate_acl weather or not objects should inherit
+ * the ACL of this directory. Only has an effect on Windows.
  * @returns true if the directory was created
  */
-bool port_mkdir(const char *path);
+bool port_mkdir(const char *path, bool propagate_acl);
 
 /**
  * @brief create a directory and its parent directores
+ *
+ * On Windows the last directory will propagate it's ACL
+ * to objects and subdirectories. The parent directories
+ * will not.
+ *
+ * @param[in] propagate_acl weather or not the
+ * last created directory should propagate it's acl.
+ * Only has an effect on Windows.
  * @param[in] path the path to the directory
  * @returns true if the directory was created
  */
-bool port_mkdir_p(const char *path);
+bool port_mkdir_p(const char *path, bool propagate_acl);
 
 #endif
--- a/common/selftest.c	Tue Sep 02 14:25:40 2014 +0200
+++ b/common/selftest.c	Tue Sep 16 19:45:19 2014 +0200
@@ -6,6 +6,7 @@
 bool
 selftest()
 {
+  bin_verify_result res;
 #ifdef WIN32
   wchar_t wPath[MAX_PATH];
   char *utf8path = NULL;
@@ -27,7 +28,8 @@
       return false;
     }
 
-  if (!verify_binary (utf8path, strlen(utf8path)) != VerifyValid)
+  res = verify_binary (utf8path, strlen(utf8path));
+  if (res.result != VerifyValid)
     {
       ERRORPRINTF ("Verification of the binary failed");
       syslog_error_printf ("Integrity check failed.");
@@ -35,12 +37,17 @@
       return false;
     }
 
+  fclose(res.fptr);
   xfree(utf8path);
+  return true;
 #else
-  if (!verify_binary ("/proc/self/exe", 14) != VerifyValid)
+  res = verify_binary ("/proc/self/exe", 14);
+  if (res.result != VerifyValid)
     {
       syslog_error_printf ("Integrity check failed.");
       return false;
     }
+  fclose(res.fptr);
+  return true;
 #endif
 }
--- a/common/selftest.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/common/selftest.h	Tue Sep 16 19:45:19 2014 +0200
@@ -8,7 +8,9 @@
  * See LICENSE.txt for details.
  */
 
-/** @file self test against manipulation
+/** 
+ * @file selftest.h 
+ * @brief self test against manipulation
  *
  * The selftest is intended to detect untargeted manipulation or
  * corruption of the executable. Circumvention of the selftest
--- a/common/util.c	Tue Sep 02 14:25:40 2014 +0200
+++ b/common/util.c	Tue Sep 16 19:45:19 2014 +0200
@@ -406,6 +406,53 @@
 }
 #endif
 
+#ifdef WIN32
+bool
+has_high_integrity(HANDLE hToken)
+{
+  PTOKEN_MANDATORY_LABEL integrity_label = NULL;
+  DWORD integrity_level = 0,
+        size = 0;
+
+  if (hToken == NULL || hToken == INVALID_HANDLE_VALUE)
+    {
+      DEBUGPRINTF ("Invalid parameters.");
+      return false;
+    }
+
+  /* Get the required size */
+  if (!GetTokenInformation(hToken, TokenIntegrityLevel,
+                           NULL, 0, &size) == ERROR_INSUFFICIENT_BUFFER)
+    {
+      PRINTLASTERROR ("Failed to get required size.\n");
+      return false;
+    }
+  integrity_label = (PTOKEN_MANDATORY_LABEL) LocalAlloc(0, size);
+  if (integrity_label == NULL)
+    {
+      ERRORPRINTF ("Failed to allocate label. \n");
+      return false;
+    }
+
+  if (!GetTokenInformation(hToken, TokenIntegrityLevel,
+                           integrity_label, size, &size))
+    {
+      PRINTLASTERROR ("Failed to get integrity level.\n");
+      LocalFree(integrity_label);
+      return false;
+    }
+
+  /* Get the last integrity level */
+  integrity_level = *GetSidSubAuthority(integrity_label->Label.Sid,
+                     (DWORD)(UCHAR)(*GetSidSubAuthorityCount(
+                        integrity_label->Label.Sid) - 1));
+
+  LocalFree (integrity_label);
+
+  return integrity_level >= SECURITY_MANDATORY_HIGH_RID;
+}
+#endif
+
 bool
 is_elevated()
 {
@@ -424,6 +471,13 @@
           ret = elevation;
         }
     }
+  /* Elevation will be true and ElevationType TokenElevationTypeFull even
+     if the token is a user token created by SAFER so we additionally
+     check the integrity level of the token which will only be high in
+     the real elevated process and medium otherwise. */
+
+  ret = ret && has_high_integrity (hToken);
+
   if (hToken)
     CloseHandle (hToken);
 #endif
@@ -602,7 +656,7 @@
 
 #ifdef WIN32
 bool
-create_restricted_directory (LPWSTR path)
+create_restricted_directory (LPWSTR path, bool objects_should_inherit)
 {
   bool retval = false;
   PSID everyone_SID = NULL,
@@ -632,7 +686,9 @@
      to allow everyone read access */
   explicit_access[0].grfAccessPermissions = GENERIC_READ; /* Give read access */
   explicit_access[0].grfAccessMode = SET_ACCESS; /* Overwrite other access for all users */
-  explicit_access[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; /* make it stick */
+  explicit_access[0].grfInheritance = objects_should_inherit ?
+                                      SUB_CONTAINERS_AND_OBJECTS_INHERIT : /* make it stick */
+                                      NO_PROPAGATE_INHERIT_ACE; /* Don't inherit */
   explicit_access[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
   explicit_access[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
   explicit_access[0].Trustee.ptstrName  = (LPTSTR) everyone_SID;
@@ -653,7 +709,9 @@
      it to the children */
   explicit_access[1].grfAccessPermissions = GENERIC_ALL;
   explicit_access[1].grfAccessMode = SET_ACCESS;
-  explicit_access[1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
+  explicit_access[1].grfInheritance = objects_should_inherit ?
+                                      SUB_CONTAINERS_AND_OBJECTS_INHERIT : /* make it stick */
+                                      NO_PROPAGATE_INHERIT_ACE; /* Don't inherit */
   explicit_access[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
   explicit_access[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
   explicit_access[1].Trustee.ptstrName = (LPTSTR) admin_SID;
@@ -739,6 +797,12 @@
 {
   SAFER_LEVEL_HANDLE user_level = NULL;
   HANDLE retval = NULL;
+  SID_IDENTIFIER_AUTHORITY medium_identifier = {SECURITY_MANDATORY_LABEL_AUTHORITY};
+  PSID medium_sid = NULL;
+  TOKEN_MANDATORY_LABEL integrity_label;
+
+  memset (&integrity_label, 0, sizeof (integrity_label));
+
   if (!SaferCreateLevel(SAFER_SCOPEID_USER,
                         SAFER_LEVELID_NORMALUSER,
                         SAFER_LEVEL_OPEN, &user_level, NULL))
@@ -753,25 +817,35 @@
       return NULL;
     }
 
-  return retval;
-}
+  SaferCloseLevel(user_level);
 
-HANDLE
-get_normal_token()
-{
-  SAFER_LEVEL_HANDLE user_level = NULL;
-  HANDLE retval = NULL;
-  if (!SaferCreateLevel(SAFER_SCOPEID_USER,
-                        SAFER_LEVELID_NORMALUSER,
-                        SAFER_LEVEL_OPEN, &user_level, NULL))
+  /* Set the SID to medium it will still be high otherwise. Even if
+  there is no high access allowed. */
+  if (!AllocateAndInitializeSid(&medium_identifier,
+                               1,
+                               SECURITY_MANDATORY_MEDIUM_RID,
+                               0,
+                               0,
+                               0,
+                               0,
+                               0,
+                               0,
+                               0,
+                               &medium_sid))
     {
-      PRINTLASTERROR ("Failed to create user level.\n");
+      PRINTLASTERROR ("Failed to initialize sid.\n");
       return NULL;
     }
 
-  if (!SaferComputeTokenFromLevel(user_level, NULL, &retval, 0, NULL))
+  integrity_label.Label.Attributes = SE_GROUP_INTEGRITY;
+  integrity_label.Label.Sid        = medium_sid;
+
+  if (!SetTokenInformation(retval,
+                           TokenIntegrityLevel,
+                           &integrity_label,
+                           sizeof(TOKEN_MANDATORY_LABEL)))
     {
-      SaferCloseLevel(user_level);
+      PRINTLASTERROR ("Failed to set token integrity.\n");
       return NULL;
     }
 
--- a/common/util.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/common/util.h	Tue Sep 16 19:45:19 2014 +0200
@@ -43,7 +43,7 @@
  * On linux this looks for the installation configuration in /etc
  * and checks if the current process is inside the installation prefix.
  *
- * The checked path is limited to MAX_PATH on Windows and @MAX_PATH_LINUX on
+ * The checked path is limited to MAX_PATH on Windows and \@MAX_PATH_LINUX on
  * Linux.
  */
 bool is_system_install();
@@ -131,10 +131,24 @@
   * http://msdn.microsoft.com/en-us/library/windows/desktop/aa446595%28v=vs.85%29.aspx
   *
   * @param[in] path Path of the directory to create
+  * @param[in] propagate_acl weather or not objects should inherit
+  * the ACL of this directory.
   *
   * @returns true on success of if the directory exists, false on error
   */
-bool create_restricted_directory (LPWSTR path);
+bool create_restricted_directory (LPWSTR path, bool propagate_acl);
+
+/**@briefu Check the integrity level of the token
+  *
+  * Returns true if the token has at least SECURITY_MANADTORY_HIGH_RID or
+  * higher.
+  *
+  * @param[in] hToken the Token to check
+  *
+  * @returns true if the token has at least high integrity. False on error
+  * or otherwise.
+  */
+bool has_high_integrity(HANDLE hToken);
 
 /** @brief get a restricted access token to execute nss process
   *
--- a/extras/testplan/testplan.xml	Tue Sep 02 14:25:40 2014 +0200
+++ b/extras/testplan/testplan.xml	Tue Sep 16 19:45:19 2014 +0200
@@ -7,22 +7,446 @@
         <tester/>
         <test-date/>
         <test-system/>
-        <test-version>0.2</test-version>
+        <test-version>0.9.1</test-version>
         <test-duration/>
         <comment/>
     </meta>
-    <testsuite id="ts1" description="Verwaltungsanwendung">
+
+<!-- ## TrustBridge: Windows MIT Adminrechten ## -->
+    <testsuite id="ts1" description="TrustBridge (Windows, systemweite Intallation)">
+        <general-precondition>Nutzer besitzt Administratorrechte bzw. kann welche erlangen. Der TrustBridge-Windows-Installer liegt vor. Ein weiteres Nutzerkonto (Standardbenutzer) ist angelegt und Firefox oder Thunderbird wurden einmal gestartet (erstellt NSS-Datenbank).</general-precondition>
+        <test id="t1.1" description="Erstinstallation der Software">
+            <steps>
+                <step>NSIS-Installer ausführen (mit Administratorrechten) und TrustBridge systemweit installieren.</step>
+                <step>Abmelden und neu anmelden.</step>
+                <step>Zertifikatsaktualisierungen ansehen (nicht einspielen).</step>
+                <step>Button [Aktualisieren] klicken.</step>
+            </steps>
+            <results>
+                <result>TrustBridge wurde systemweit installiert.</result>
+                <result>TrustBridge startet nach Abschluss der Installation automatisch.</result>
+                <result>Eintrag im Startmenü ist vorhanden.</result>
+                <result>TrustBridge meldet nach Login, dass neue Zertifikatsaktualisierungen verfügbar sind.</result>
+                <result>GUI öffnet sich mit neuen Zertifikatsaktualisierungen.</result>
+                <result>Zeitstempel "Zuletzt nach neuen Empfehlungen gesucht" ändert sich.</result>
+            </results>
+        </test>
+        <test id="t1.2" description="Erstinstallation der Zertifikate">
+            <steps>
+                <step>Unter "Neue, empfohlene Wurzelzertifikate installieren" die [Details] einblenden und ein Zertifikat abwählen ("Ignorieren").</step>
+                <step>Unter "Abgeratene Wurzelzertifikate entfernen" die [Details] einblenden und ein Zertifikat abwählen ("Behalten").</step>
+                <step>Firefox starten und offen lassen.</step>
+                <step>[Änderungen schreiben] klicken.</step>
+                <step>Nach Aufforderung: Firefox schließen.</step>
+            </steps>
+            <results>
+                <result>Zertifikats-Details werden angezeigt.</result>
+                <result>Abwahl eines Zertifikats unter "empfohlene" bzw. "abgeratene" Wurzelzertifikate" reduziert die Gesamtanzahl jeweils um 1.</result>
+                <result>Meldung erscheint, dass Firefox geschlossen werden muss.</result>
+                <result>Installierte Zertifikate erscheinen unten "Empfohlene Wurzelzertifikate". Abwahlentscheidung ist korrekt.</result>
+                <result>Entfernte Zertifikate erscheinen unten "Abgeratene Wurzelzertifikate". Abwahlentscheidung ist korrekt.</result>
+                <result>Mozilla-NSS-Zertifikatsspeicher prüfen: neue Zertifikate sind vorhanden.</result>
+                <result>Windows-Zertifikatsspeicher prüfen: neue Zertifikate sind vorhanden.</result>
+            </results>
+        </test>
+        <test id="t1.3" description="Manuelle Zertifikatsänderungen">
+            <steps>
+                <step>Seite "Empfohlene Wurzelzertifikate" aufrufen und das abgewählte Zertifikat zum Installieren auswählen.</step>
+                <step>Seite "Abgeratene Wurzelzertifikate" aufrufen und das abgewählte Zertifikate zum Entfernen auswählen.</step>
+                <step>Auf Seite "Neue Empfehlungen" wechseln.</step>
+                <step>[Änderungen schreiben] klicken.</step>
+            </steps>
+            <results>
+                <result>Auf dem Button "Neue Empfehlungen" wird die Anzahl der geänderten Zertifikate (2) im roten Kreis dargestellt.</result>
+                <result>Abschnitt "Abweichend zu behandelnde Wurzelzertifikate" werden eingeblendet. Anzahl und Details sind korrekt.</result>
+                <result>Geänderte Zertifikate erscheinen nach [Änderungen schreiben] korrekt in den beiden Seiten ("Empfohlene Wurzelzertifikate" und "Abgeratene Wurzelzertifikate".</result>
+                <result>Mozilla-NSS-Zertifikatsspeicher prüfen: geänderte Zertifikate sind korrekt.</result>
+                <result>Windows-Zertifikatsspeicher prüfen: geänderte Zertifikate sind korrekt.</result>
+            </results>
+        </test>
+        <test id="t1.4" description="Vorhandenes Standardbenutzerkonto prüfen">
+            <steps>
+                <step>Mit dem vorhandenen Standardbenutzerkonto einloggen.</step>
+            </steps>
+            <results>
+                <result>Mozilla-NSS-Zertifikatsspeicher prüfen: neue Zertifikate sind vorhanden.</result>
+                <result>Windows-Zertifikatsspeicher prüfen: neue Zertifikate sind vorhanden.</result>
+            </results>
+        </test>
+        <test id="t1.5" description="Neues Standardbenutzerkonto prüfen">
+            <steps>
+                <step>Als Administrator neues Windows-Standardbenutzerkonto mit Umlauten, z.B. "testüser" anlegen.</step>
+                <step>Als "testüser" einloggen.</step>
+            </steps>
+            <results>
+                <result>Mozilla-NSS-Zertifikatsspeicher prüfen: neue Zertifikate sind vorhanden.</result>
+                <result>Windows-Zertifikatsspeicher prüfen: neue Zertifikate sind vorhanden.</result>
+            </results>
+        </test>
+        <test id="t1.6" description="Aktualisierung der Zertifikatsliste">
+        <precondition>Aktualisierte und signierte Zertifikatsliste liegt vor (wurde mit der Verwaltungsanwendung erstellt). Zum Verfügbarmachen in einem Testverzeichnis: %APPDATA%\BSI\TrustBridge.ini anpassen und unter "[List]" neue "resource" ergänzen, z.B. "resource=/users/aheinecke/zertifikatsliste_2.txt". (Domain des Download-Servers kann nicht geändert werden, nur der Pfad.)</precondition>
+            <steps>
+                <step>Aktualisierte Zertifikatsliste (mit einem neuen und einem zurückgezogenen Zertifikat) hochladen.</step>
+                <step>Als Adminnutzer einloggen, der TrustBridge installiert hat. Dann TrustBridge starten.</step>
+                <step>[Änderungen schreiben] klicken.</step>
+            </steps>
+            <results>
+                <result>"Zuletzt nach neuen Empfehlungen gesucht" ändert sich auf aktuellen Zeitpunkt (des Anwendungsstarts).</result>
+                <result>Anzahl der Änderungen wird angezeigt: "2" (1 neues und 1 zurückgezogenes Zertifikat)</result>
+                <result>Aktualisierte Zertifikate erscheinen nach Schritt 3 korrekt unten "Empfohlene Wurzelzertifikate" bzw. "Abgeratene Wurzelzertifikate".</result>
+                <result>Aktualisierte Zertifikate erscheinen korrekt im Mozilla-NSS-Zertifikatsspeicher.</result>
+                <result>Aktualisierte Zertifikate erscheinen korrekt im Windows-Zertifikatsspeicher.</result>
+                <result>"Empfehlungen bereits berücksichtigt bis" aktualisiert sich nach Installation auf Datum der neuen Zertifikatsliste.</result>
+            </results>
+        </test>
+        <test id="t1.7" description="Aktualisierung der Softwareversion">
+        <precondition>Aktualisierter Windows-Installer liegt vor (wurde mit der Verwaltungsanwendung signiert). Zum Verfügbarmachen in einem Testverzeichnis: %APPDATA%\BSI\TrustBridge.ini anpassen und unter "[Software]" neue "resource" ergänzen, z.B. "resource=/users/aheinecke/TrustBridge_2.exe". (Domain des Download-Servers kann nicht geändert werden, nur der Pfad.)</precondition>
+            <steps>
+                <step>Aktualisiertes Softwarepaket hochladen.</step>
+                <step>Button [Aktualisieren] klicken.</step>
+                <step>System-Tray-Benachrichtigung zum Download und Installation der Software bestätigen.</step>
+            </steps>
+            <results>
+                <result>"Zuletzt nach neuen Empfehlungen gesucht" ändert sich nach Schritt 2 auf aktuellen Zeitpunkt.</result>
+                <result>Software wird, nach Schritt 3, automatisch im Hintergrund aktualisiert.</result>
+                <result>Nach Neustart der Anwendung wird die neue Versionsnummer auf der Startseite angezeigt.</result>
+            </results>
+        </test>
+        <test id="t1.8" description="Deinstallation der Software">
+            <steps>
+                <step>Software über die Windows-Softwareverwaltung deinstallieren.</step>
+            </steps>
+            <results>
+                <result>Programmverzeichnis wurde entfernt.</result>
+                <result>Startmenüeintrag wurde entfernt.</result>
+                <result>Verwaltete Zertifikate wurden aus dem Windows-Zertifikatsspeicher entfernt.</result>
+                <result>Verwaltete Zertifikate wurden aus dem NSS-Zertifikatsspeicher entfernt.</result>
+                <result>Datenverzeichnis %APPDATA%\Local\BSI wurde entfernt.</result>
+                <result>Konfigurationsverzeichnis %APPDATA%\Roaming\BSI wurde entfernt.</result>
+            </results>
+        </test>
+    </testsuite>
+    
+
+<!-- ## TrustBridge: Windows, lokale Installation, OHNE Adminrechte ## -->
+    <testsuite id="ts2" description="TrustBridge (Windows, lokale Installation)">
+        <general-precondition>Nutzer besitzt keine Administratorrechte. Der TrustBridge-Windows-Installer liegt vor.</general-precondition>
+        <test id="t2.1" description="Erstinstallation der Software">
+            <steps>
+                <step>NSIS-Installer ausführen (mit Vorbelegung) und lokal im Nutzerverzeichnis installieren.</step>
+                <step>Abmelden und neu anmelden.</step>
+                <step>Zertifikatsaktualisierungen ansehen (nicht einspielen).</step>
+                <step>Button [Aktualisieren] klicken.</step>
+            </steps>
+            <results>
+                <result>TrustBridge wurde lokal installiert.</result>
+                <result>TrustBridge startet nach Abschluss der Installation automatisch.</result>
+                <result>Eintrag im Startmenü ist vorhanden</result>
+                <result>TrustBridge meldet nach Login, dass neue Zertifikatsaktualisierungen verfügbar sind.</result>
+                <result>GUI öffnet sich mit neuen Zertifikatsaktualisierungen.</result>
+                <result>Zeitstempel "Zuletzt nach neuen Empfehlungen gesucht" ändert sich.</result>
+            </results>
+        </test>
+        <test id="t2.2" description="Erstinstallation der Zertifikate">
+            <steps>
+                <step>Unter "Neue, empfohlene Wurzelzertifikate installieren" die [Details] einblenden und ein Zertifikat abwählen ("Ignorieren").</step>
+                <step>Unter "Abgeratene Wurzelzertifikate entfernen" die [Details] einblenden und ein Zertifikat abwählen ("Behalten").</step>
+                <step>[Änderungen schreiben] klicken.</step>
+            </steps>
+            <results>
+                <result>Zertifikats-Details werden angezeigt.</result>
+                <result>Abwahl eines Zertifikats unter "empfohlene" bzw. "abgeratene" Wurzelzertifikate" reduziert die Gesamtanzahl jeweils um 1.</result>
+                <result>Windows-Zertifikats-Bestätigungs-Dialog erscheint für jedes Zertifikat.</result>
+                <result>Installierte Zertifikate erscheinen unten "Empfohlene Wurzelzertifikate". Abwahlentscheidung ist korrekt.</result>
+                <result>Entfernte Zertifikate erscheinen unten "Abgeratene Wurzelzertifikate". Abwahlentscheidung ist korrekt.</result>
+                <result>Mozilla-NSS-Zertifikatsspeicher prüfen: neue Zertifikate sind vorhanden.</result>
+                <result>Windows-Zertifikatsspeicher prüfen: neue Zertifikate sind vorhanden.</result>
+            </results>
+        </test>
+        <test id="t2.3" description="Manuelle Zertifikatsänderungen">
+            <steps>
+                <step>Seite "Empfohlene Wurzelzertifikate" aufrufen und das abgewählte Zertifikat zum Installieren auswählen.</step>
+                <step>Seite "Abgeratene Wurzelzertifikate" aufrufen und das abgewählte Zertifikate zum Entfernen auswählen.</step>
+                <step>Auf Seite "Neue Empfehlungen" wechseln.</step>
+                <step>[Änderungen schreiben] klicken.</step>
+            </steps>
+            <results>
+                <result>Auf dem Button "Neue Empfehlungen" wird die Anzahl der geänderten Zertifikate (2) im roten Kreis dargestellt.</result>
+                <result>Abschnitt "Abweichend zu behandelnde Wurzelzertifikate" werden eingeblendet. Anzahl und Details sind korrekt.</result>
+                <result>Windows-Zertifikats-Bestätigungs-Dialog erscheint für jedes Zertifikat.</result>
+                <result>Geänderte Zertifikate erscheinen nach [Änderungen schreiben] korrekt in den beiden Seiten ("Empfohlene Wurzelzertifikate" und "Abgeratene Wurzelzertifikate".</result>
+                <result>Mozilla-NSS-Zertifikatsspeicher prüfen: geänderte Zertifikate sind korrekt.</result>
+                <result>Windows-Zertifikatsspeicher prüfen: geänderte Zertifikate sind korrekt.</result>
+            </results>
+        </test>
+        <test id="t2.6" description="Aktualisierung der Zertifikatsliste">
+        <precondition>Aktualisierte und signierte Zertifikatsliste liegt vor (wurde mit der Verwaltungsanwendung erstellt). Zum Verfügbarmachen in einem Testverzeichnis: %APPDATA%\BSI\TrustBridge.ini anpassen und unter "[List]" neue "resource" ergänzen, z.B. "resource=/users/aheinecke/zertifikatsliste_2.txt". (Domain des Download-Servers kann nicht geändert werden, nur der Pfad.)</precondition>
+            <steps>
+                <step>Aktualisierte Zertifikatsliste (mit einem neuen und einem zurückgezogenen Zertifikat) hochladen.</step>
+                <step>Als Nutzer einloggen, der TrustBridge installiert hat. Dann TrustBridge starten.</step>
+                <step>[Änderungen schreiben] klicken.</step>
+            </steps>
+            <results>
+                <result>"Zuletzt nach neuen Empfehlungen gesucht" ändert sich auf aktuellen Zeitpunkt (des Anwendungsstarts).</result>
+                <result>Anzahl der Änderungen wird angezeigt: "2" (1 neues und 1 zurückgezogenes Zertifikat)</result>
+                <result>Aktualisierte Zertifikate erscheinen nach Schritt 3 korrekt unten "Empfohlene Wurzelzertifikate" bzw. "Abgeratene Wurzelzertifikate".</result>
+                <result>Aktualisierte Zertifikate erscheinen korrekt im Mozilla-NSS-Zertifikatsspeicher.</result>
+                <result>Aktualisierte Zertifikate erscheinen korrekt im Windows-Zertifikatsspeicher.</result>
+                <result>"Empfehlungen bereits berücksichtigt bis" aktualisiert sich nach Installation auf Datum der neuen Zertifikatsliste.</result>
+            </results>
+        </test>
+        <test id="t2.7" description="Aktualisierung der Softwareversion">
+        <precondition>Aktualisierter Windows-Installer liegt vor (wurde mit der Verwaltungsanwendung signiert). Zum Verfügbarmachen in einem Testverzeichnis: %APPDATA%\BSI\TrustBridge.ini anpassen und unter "[Software]" neue "resource" ergänzen, z.B. "resource=/users/aheinecke/TrustBridge_2.exe". (Domain des Download-Servers kann nicht geändert werden, nur der Pfad.)</precondition>
+            <steps>
+                <step>Aktualisiertes Softwarepaket hochladen.</step>
+                <step>Button [Aktualisieren] klicken.</step>
+                <step>System-Tray-Benachrichtigung zum Download und Installation der Software bestätigen.</step>
+            </steps>
+            <results>
+                <result>"Zuletzt nach neuen Empfehlungen gesucht" ändert sich nach Schritt 2 auf aktuellen Zeitpunkt.</result>
+                <result>Software wird, nach Schritt 3, automatisch im Hintergrund aktualisiert.</result>
+                <result>Nach Neustart der Anwendung wird die neue Versionsnummer auf der Startseite angezeigt.</result>
+            </results>
+        </test>
+        <test id="t2.8" description="Deinstallation der Software">
+            <steps>
+                <step>Software über die Windows-Softwareverwaltung deinstallieren.</step>
+            </steps>
+            <results>
+                <result>Programmverzeichnis wurde entfernt.</result>
+                <result>Startmenüeintrag wurde entfernt.</result>
+                <result>Verwaltete Zertifikate wurden aus dem Windows-Zertifikatsspeicher entfernt.</result>
+                <result>Verwaltete Zertifikate wurden aus dem NSS-Zertifikatsspeicher entfernt.</result>
+                <result>Datenverzeichnis %APPDATA%\Local\BSI wurde entfernt.</result>
+                <result>Konfigurationsverzeichnis %APPDATA%\Roaming\BSI wurde entfernt.</result>
+            </results>
+        </test>
+
+    </testsuite>
+    
+<!-- ## TrustBridge: Ubuntu systemweit ## -->
+    <testsuite id="ts3" description="TrustBridge (Ubuntu, systemweite Intallation)">
+        <general-precondition>Nutzer besitzt sudo-Rechte. Der TrustBridge-Linux-Installationsscript liegt vor. Ein weiteres Nutzerkonto ist angelegt und Firefox oder Thunderbird wurden einmal gestartet (erstellt NSS-Datenbank).</general-precondition>
+        <test id="t3.1" description="Erstinstallation der Software">
+            <steps>
+                <step>Linux-Installationsscript (mit sudo und Option -s) ausführen und TrustBridge systemweit installieren.</step>
+                <step>Abmelden und neu anmelden.</step>
+                <step>Zertifikatsaktualisierungen ansehen (nicht einspielen).</step>
+                <step>Button [Aktualisieren] klicken.</step>
+            </steps>
+            <results>
+                <result>TrustBridge wurde lokal installiert.</result>
+                <result>TrustBridge startet nach Abschluss der Installation automatisch.</result>
+                <result>Eintrag im Menü der Anwendungen ist vorhanden.</result>
+                <result>TrustBridge meldet nach Login, dass neue Zertifikatsaktualisierungen verfügbar sind.</result>
+                <result>GUI öffnet sich mit neuen Zertifikatsaktualisierungen.</result>
+                <result>Zeitstempel "Zuletzt nach neuen Empfehlungen gesucht" ändert sich.</result>
+            </results>
+        </test>
+        <test id="t3.2" description="Erstinstallation der Zertifikate">
+            <steps>
+                <step>Unter "Neue, empfohlene Wurzelzertifikate installieren" die [Details] einblenden und ein Zertifikat abwählen ("Ignorieren").</step>
+                <step>Unter "Abgeratene Wurzelzertifikate entfernen" die [Details] einblenden und ein Zertifikat abwählen ("Behalten").</step>
+                <step>Firefox starten und offen lassen</step>
+                <step>[Änderungen schreiben] klicken.</step>
+                <step>Nach Installation: Firefox schließen.</step>
+            </steps>
+            <results>
+                <result>Zertifikats-Details werden angezeigt.</result>
+                <result>Abwahl eines Zertifikats unter "empfohlene" bzw. "abgeratene" Wurzelzertifikate" reduziert die Gesamtanzahl jeweils um 1.</result>
+                <result>Es erfolgt eine sudo-Passort-Abfrage.</result>
+                <result>Installierte Zertifikate erscheinen unten "Empfohlene Wurzelzertifikate". Abwahlentscheidung ist korrekt.</result>
+                <result>Entfernte Zertifikate erscheinen unten "Abgeratene Wurzelzertifikate". Abwahlentscheidung ist korrekt.</result>
+                <result>Mozilla-NSS-Zertifikatsspeicher prüfen: neue Zertifikate sind vorhanden.</result>
+                <result>Chromium prüfen: neue Zertifikate sind vorhanden und vertrauenswürdig.</result>
+            </results>
+        </test>
+        <test id="t3.3" description="Manuelle Zertifikatsänderungen">
+            <steps>
+                <step>Seite "Empfohlene Wurzelzertifikate" aufrufen und das abgewählte Zertifikat zum Installieren auswählen.</step>
+                <step>Seite "Abgeratene Wurzelzertifikate" aufrufen und das abgewählte Zertifikate zum Entfernen auswählen.</step>
+                <step>Auf Seite "Neue Empfehlungen" wechseln.</step>
+                <step>[Änderungen schreiben] klicken.</step>
+            </steps>
+            <results>
+                <result>Auf dem Button "Neue Empfehlungen" wird die Anzahl der geänderten Zertifikate (2) im roten Kreis dargestellt.</result>
+                <result>Abschnitt "Abweichend zu behandelnde Wurzelzertifikate" werden eingeblendet. Anzahl und Details sind korrekt.</result>
+                <result>Es erfolgt eine sudo-Passort-Abfrage.</result>
+                <result>Geänderte Zertifikate erscheinen nach [Änderungen schreiben] korrekt in den beiden Seiten ("Empfohlene Wurzelzertifikate" und "Abgeratene Wurzelzertifikate".</result>
+                <result>Mozilla-NSS-Zertifikatsspeicher prüfen: geänderte Zertifikate sind korrekt.</result>
+                <result>Chromium prüfen: geänderte Zertifikate sind korrekt.</result>
+            </results>
+        </test>
+        <test id="t3.4" description="Vorhandenes Standardbenutzerkonto prüfen">
+            <steps>
+                <step>Mit dem  vorhandenen Standardbenutzerkonto einloggen.</step>
+            </steps>
+            <results>
+                <result>Mozilla-NSS-Zertifikatsspeicher prüfen: neue Zertifikate sind vorhanden.</result>
+                <result>Chromium prüfen: neue Zertifikate sind vorhanden und vertrauenswürdig.</result>
+            </results>
+        </test>
+        <test id="t3.5" description="Neues Standardbenutzerkonto prüfen">
+            <steps>
+                <step>Mit sudo neues Benutzerkonto, z.B. "testuser" anlegen.</step>
+                <step>Als "testuser" einloggen.</step>
+            </steps>
+            <results>
+                <result>Mozilla-NSS-Zertifikatsspeicher prüfen: neue Zertifikate sind vorhanden.</result>
+                <result>Chromium prüfen: neue Zertifikate sind vorhanden und vertrauenswürdig.</result>
+            </results>
+        </test>
+        <test id="t3.6" description="Aktualisierung der Zertifikatsliste">
+        <precondition>Aktualisierte und signierte Zertifikatsliste liegt vor (wurde mit der Verwaltungsanwendung erstellt). Zum Verfügbarmachen in einem Testverzeichnis: ~/.config/BSI/TrustBridge.ini anpassen und unter "[List]" neue "resource" ergänzen, z.B. "resource=/users/aheinecke/zertifikatsliste_2.txt". (Domain des Download-Servers kann nicht geändert werden, nur der Pfad.)</precondition>
+            <steps>
+                <step>Aktualisierte Zertifikatsliste (mit einem neuen und einem zurückgezogenen Zertifikat) hochladen.</step>
+                <step>Als Nutzer einloggen, der TrustBridge installiert hat. Dann TrustBridge starten.</step>
+                <step>[Änderungen schreiben] klicken.</step>
+            </steps>
+            <results>
+                <result>"Zuletzt nach neuen Empfehlungen gesucht" ändert sich auf aktuellen Zeitpunkt (des Anwendungsstarts).</result>
+                <result>Anzahl der Änderungen wird angezeigt: "2" (1 neues und 1 zurückgezogenes Zertifikat)</result>
+                <result>Aktualisierte Zertifikate erscheinen nach Schritt 3 korrekt unten "Empfohlene Wurzelzertifikate" bzw. "Abgeratene Wurzelzertifikate".</result>
+                <result>Aktualisierte Zertifikate erscheinen korrekt im Mozilla-NSS-Zertifikatsspeicher.</result>
+                <result>Aktualisierte Zertifikate erscheinen korrekt in Chromium.</result>
+                <result>"Empfehlungen bereits berücksichtigt bis" aktualisiert sich nach Installation auf Datum der neuen Zertifikatsliste.</result>
+            </results>
+        </test>
+        <test id="t3.7" description="Aktualisierung der Softwareversion">
+        <precondition>Aktualisiertes Ubuntu-Installationsskript liegt vor (wurde mit der Verwaltungsanwendung signiert). Zum Verfügbarmachen in einem Testverzeichnis: ~/.config/BSI/TrustBridge.ini anpassen und unter "[Software]" neue "resource" ergänzen, z.B. "resource=/users/aheinecke/TrustBridge_2.sh". (Domain des Download-Servers kann nicht geändert werden, nur der Pfad.)</precondition>
+            <steps>
+                <step>Aktualisiertes Softwarepaket hochladen.</step>
+                <step>Button [Aktualisieren] klicken.</step>
+                <step>System-Tray-Benachrichtigung zum Download und Installation der Software bestätigen.</step>
+            </steps>
+            <results>
+                <result>"Zuletzt nach neuen Empfehlungen gesucht" ändert sich nach Schritt 2 auf aktuellen Zeitpunkt.</result>
+                <result>Software wird, nach Schritt 3, automatisch im Hintergrund aktualisiert.</result>
+                <result>Nach Neustart der Anwendung wird die neue Versionsnummer auf der Startseite angezeigt.</result>
+            </results>
+        </test>
+        <test id="t3.8" description="Deinstallation der Software">
+            <steps>
+                <step>Software über das Linux-Installationsscript (Option -d) deinstallieren.</step>
+            </steps>
+            <results>
+                <result>Programmdatei (unter /usr/local/bin/) wurde entfernt.</result>
+                <result>Eintrag aus Anwendungsmenü wurde entfernt.</result>
+                <result>Verwaltete Zertifikate wurden aus dem NSS-Zertifikatsspeicher entfernt.</result>
+                <result>Datenverzeichnis ~/.local/share/BSI wurde entfernt.</result>
+                <result>Konfigurationsverzeichnis ~/.config/BSI wurde entfernt.</result>
+            </results>
+        </test>
+    </testsuite>
+
+
+<!-- ## TrustBridge: Ubuntu, lokale Installation ## -->
+    <testsuite id="ts4" description="TrustBridge (Ubuntu, lokale Installation)">
+        <general-precondition>Nutzer besitzt keine sudo-Rechte. Das TrustBridge-Linux-Installationsscript liegt vor.</general-precondition>
+        <test id="t4.1" description="Erstinstallation der Software">
+            <steps>
+                <step>Linux-Installationsscript (ohne Optionen) ausführen und lokal im Nutzerverzeichnis installieren.</step>
+                <step>Abmelden und neu anmelden.</step>
+                <step>Zertifikatsaktualisierungen ansehen (nicht einspielen).</step>
+                <step>Button [Aktualisieren] klicken.</step>
+            </steps>
+            <results>
+                <result>TrustBridge wurde lokal installiert.</result>
+                <result>TrustBridge startet nach Abschluss der Installation automatisch.</result>
+                <result>Eintrag im Startmenü ist vorhanden</result>
+                <result>TrustBridge meldet nach Login, dass neue Zertifikatsaktualisierungen verfügbar sind.</result>
+                <result>GUI öffnet sich mit neuen Zertifikatsaktualisierungen.</result>
+                <result>Zeitstempel "Zuletzt nach neuen Empfehlungen gesucht" ändert sich.</result>
+            </results>
+        </test>
+        <test id="t4.2" description="Erstinstallation der Zertifikate">
+            <steps>
+                <step>Unter "Neue, empfohlene Wurzelzertifikate installieren" die [Details] einblenden und ein Zertifikat abwählen ("Ignorieren").</step>
+                <step>Unter "Abgeratene Wurzelzertifikate entfernen" die [Details] einblenden und ein Zertifikat abwählen ("Behalten").</step>
+                <step>[Änderungen schreiben] klicken.</step>
+            </steps>
+            <results>
+                <result>Zertifikats-Details werden angezeigt.</result>
+                <result>Abwahl eines Zertifikats unter "empfohlene" bzw. "abgeratene" Wurzelzertifikate" reduziert die Gesamtanzahl jeweils um 1.</result>
+                <result>Installierte Zertifikate erscheinen unten "Empfohlene Wurzelzertifikate". Abwahlentscheidung ist korrekt.</result>
+                <result>Entfernte Zertifikate erscheinen unten "Abgeratene Wurzelzertifikate". Abwahlentscheidung ist korrekt.</result>
+                <result>Mozilla-NSS-Zertifikatsspeicher prüfen: neue Zertifikate sind vorhanden.</result>
+                <result>Chromium prüfen: neue Zertifikate sind vorhanden und vertrauenswürdig.</result>
+            </results>
+        </test>
+        <test id="t4.3" description="Manuelle Zertifikatsänderungen">
+            <steps>
+                <step>Seite "Empfohlene Wurzelzertifikate" aufrufen und das abgewählte Zertifikat zum Installieren auswählen.</step>
+                <step>Seite "Abgeratene Wurzelzertifikate" aufrufen und das abgewählte Zertifikate zum Entfernen auswählen.</step>
+                <step>Auf Seite "Neue Empfehlungen" wechseln.</step>
+                <step>[Änderungen schreiben] klicken.</step>
+            </steps>
+            <results>
+                <result>Auf dem Button "Neue Empfehlungen" wird die Anzahl der geänderten Zertifikate (2) im roten Kreis dargestellt.</result>
+                <result>Abschnitt "Abweichend zu behandelnde Wurzelzertifikate" werden eingeblendet. Anzahl und Details sind korrekt.</result>
+                <result>Geänderte Zertifikate erscheinen nach [Änderungen schreiben] korrekt in den beiden Seiten ("Empfohlene Wurzelzertifikate" und "Abgeratene Wurzelzertifikate".</result>
+                <result>Mozilla-NSS-Zertifikatsspeicher prüfen: geänderte Zertifikate sind korrekt.</result>
+                <result>Chromium prüfen: geänderte Zertifikate sind korrekt.</result>
+            </results>
+        </test>
+        <test id="t4.6" description="Aktualisierung der Zertifikatsliste">
+        <precondition>Aktualisierte und signierte Zertifikatsliste liegt vor (wurde mit der Verwaltungsanwendung erstellt). Zum Verfügbarmachen in einem Testverzeichnis: ~/.config/BSI/TrustBridge.ini anpassen und unter "[List]" neue "resource" ergänzen, z.B. "resource=/users/aheinecke/zertifikatsliste_2.txt". (Domain des Download-Servers kann nicht geändert werden, nur der Pfad.)</precondition>
+            <steps>
+                <step>Aktualisierte Zertifikatsliste (mit einem neuen und einem zurückgezogenen Zertifikat) hochladen.</step>
+                <step>Als Nutzer einloggen, der TrustBridge installiert hat. Dann TrustBridge starten.</step>
+                <step>[Änderungen schreiben] klicken.</step>
+            </steps>
+            <results>
+                <result>"Zuletzt nach neuen Empfehlungen gesucht" ändert sich auf aktuellen Zeitpunkt (des Anwendungsstarts).</result>
+                <result>Anzahl der Änderungen wird angezeigt: "2" (1 neues und 1 zurückgezogenes Zertifikat)</result>
+                <result>Aktualisierte Zertifikate erscheinen nach Schritt 3 korrekt unten "Empfohlene Wurzelzertifikate" bzw. "Abgeratene Wurzelzertifikate".</result>
+                <result>Aktualisierte Zertifikate erscheinen korrekt im Mozilla-NSS-Zertifikatsspeicher.</result>
+                <result>Aktualisierte Zertifikate erscheinen korrekt in Chromium.</result>
+                <result>"Empfehlungen bereits berücksichtigt bis" aktualisiert sich nach Installation auf Datum der neuen Zertifikatsliste.</result>
+            </results>
+        </test>
+        <test id="t4.7" description="Aktualisierung der Softwareversion">
+        <precondition>Aktualisierter Windows-Installer liegt vor (wurde mit der Verwaltungsanwendung signiert). Zum Verfügbarmachen in einem Testverzeichnis: ~/.config/BSI/TrustBridge.ini anpassen und unter "[Software]" neue "resource" ergänzen, z.B. "resource=/users/aheinecke/TrustBridge_2.exe". (Domain des Download-Servers kann nicht geändert werden, nur der Pfad.)</precondition>
+            <steps>
+                <step>Aktualisiertes Softwarepaket hochladen.</step>
+                <step>Button [Aktualisieren] klicken.</step>
+                <step>System-Tray-Benachrichtigung zum Download und Installation der Software bestätigen.</step>
+            </steps>
+            <results>
+                <result>"Zuletzt nach neuen Empfehlungen gesucht" ändert sich nach Schritt 2 auf aktuellen Zeitpunkt.</result>
+                <result>Software wird, nach Schritt 3, automatisch im Hintergrund aktualisiert.</result>
+                <result>Nach Neustart der Anwendung wird die neue Versionsnummer auf der Startseite angezeigt.</result>
+            </results>
+        </test>
+        <test id="t4.8" description="Deinstallation der Software">
+            <steps>
+                <step>Software über die Windows-Softwareverwaltung deinstallieren.</step>
+            </steps>
+            <results>
+                <result>Programmdatei (unter ~/TrustBridge/) wurde entfernt.</result>
+                <result>Eintrag aus Anwendungsmenü wurde entfernt.</result>
+                <result>Verwaltete Zertifikate wurden aus dem NSS-Zertifikatsspeicher entfernt.</result>
+                <result>Datenverzeichnis ~/.local/share/BSI wurde entfernt.</result>
+                <result>Konfigurationsverzeichnis ~/.config/BSI wurde entfernt.</result>
+            </results>
+        </test>
+
+    </testsuite>
+
+
+<!-- ## TrustBridge-Verwaltungsanwendung: Windows ## -->
+    <testsuite id="tsA1" description="TrustBridge-Verwaltungsanwendung (Windows)">
         <general-precondition/>
-        <test id="t1.1" description="Anwendung starten">
+        <test id="tA1.1" description="Anwendung starten">
             <precondition/>
             <steps>
-                <step>Verwaltungsanwendung (trustbridge-admin) starten.</step>
+                <step>Verwaltungsanwendung nach Anleitung installieren und starten.</step>
             </steps>
             <results>
-                <result value="">Die Anwendung startet</result>
+                <result value="">Die Anwendung startet.</result>
             </results>
         </test>
-        <test id="t1.2" description="Zertifikatsliste erstellen">
+        <test id="tA1.2" description="Zertifikatsliste erstellen">
             <precondition/>
             <steps>
                 <step>Mehrere Zertifikate hinzufügen (z.B. aus ui/tests/data)</step>
@@ -32,11 +456,91 @@
                 <step>Liste erstellen</step>
             </steps>
             <results>
-                <result value="">Liste wurde erfolgreich im Ausgabeverzeichnis gespeichert</result>
-                <result value="">Liste wurde erfolgreich im Archivverzeichnis (~/.local share/BSI/trustbridge-admin/) gespeichert</result>
+                <result>Liste wurde erfolgreich im Ausgabeverzeichnis gespeichert</result>
+                <result>Liste wurde erfolgreich im Archivverzeichnis (%APPDATA%\Local\BSI\trustbridge-admin\) gespeichert</result>
             </results>
         </test>
-        <test id="t1.3" description="Zertifikatsliste aktualisieren">
+        <test id="tA1.3" description="Zertifikatsliste aktualisieren">
+            <precondition/>
+            <steps>
+                <step>Ein Zertifikat aus der Liste entfernen</step>
+                <step>Ein weiteres Zertifikate hinzufügen (z.B. aus ui/tests/data)</step>
+                <step>Liste erstellen (Signaturzertifikat und Ausgabeverzeichnis unverändert lassen)</step>
+            </steps>
+            <results>
+                <result>Liste wurde erfolgreich im Ausgabeverzeichnis gespeichert</result>
+                <result>Liste wurde erfolgreich im Archivverzeichnis (%APPDATA%\Local\BSI\trustbridge-admin\) gespeichert</result>
+            </results>
+        </test>
+        <test id="tA1.4" description="Letzte Zertifikatsliste automatisch laden">
+            <precondition/>
+            <steps>
+                <step>Verwaltungsanwendung neustarten</step>
+            </steps>
+            <results>
+                <result>Die zuletzt erstellte Zertifikatsliste wird angezeigt</result>
+            </results>
+        </test>
+        <test id="tA1.5" description="Installationspaket erzeugen">
+            <precondition/>
+            <steps>
+                <step>Installationspaket erstellen...</step>
+                <step>Verzeichnis des Binärpakets angeben (enthält meta.ini)</step>
+                <step>Code-Signing-Zertifikat angeben (z.B. ui/tests/data/codesign/codesigning-combined.pem)</step>
+                <step>Ausgabeverzeichnis angeben</step>
+                <step>Installationspaket erzeugen</step>
+            </steps>
+            <results>
+                <result>Installationspakete für Windows und Ubuntu (2x) wurde im Ausgabeverzeichnis erstellt.</result>
+            </results>
+        </test>
+        <test id="tA1.6" description="Hilfe aufrufen">
+            <precondition/>
+            <steps>
+                <step>Verwaltungsanwendungs-Hilfe über das Menü aufrufen.</step>
+            </steps>
+            <results>
+                <result>Die Hilfe öffnet sich im Standardbrowser.</result>
+            </results>
+        </test>
+        <test id="tA1.7" description="Anwendung beenden">
+            <precondition/>
+            <steps>
+                <step>Verwaltungsanwendung beenden.</step>
+            </steps>
+            <results>
+                <result>Die Anwendung schließt sich.</result>
+            </results>
+        </test>
+    </testsuite>
+
+<!-- ## TrustBridge-Verwaltungsanwendung: Ubuntu ## -->
+    <testsuite id="tsA2" description="TrustBridge-Verwaltungsanwendung (Ubuntu)">
+        <general-precondition/>
+        <test id="tA2.1" description="Anwendung starten">
+            <precondition/>
+            <steps>
+                <step>Verwaltungsanwendung nach Anleitung installieren und starten.</step>
+            </steps>
+            <results>
+                <result value="">Die Anwendung startet.</result>
+            </results>
+        </test>
+        <test id="tA2.2" description="Zertifikatsliste erstellen">
+            <precondition/>
+            <steps>
+                <step>Mehrere Zertifikate hinzufügen (z.B. aus ui/tests/data)</step>
+                <step>Liste erstellen</step>
+                <step>Signaturzertifikat angeben (z.B. ui/tests/data/testkey-priv.pem)</step>
+                <step>Ausgabeverzeichnis angeben</step>
+                <step>Liste erstellen</step>
+            </steps>
+            <results>
+                <result>Liste wurde erfolgreich im Ausgabeverzeichnis gespeichert</result>
+                <result>Liste wurde erfolgreich im Archivverzeichnis (~/.local/share/BSI/trustbridge-admin/) gespeichert</result>
+            </results>
+        </test>
+        <test id="tA2.3" description="Zertifikatsliste aktualisieren">
             <precondition/>
             <steps>
                 <step>Ein Zertifikat aus der Liste entfernen</step>
@@ -45,133 +549,49 @@
                 <step>Liste erstellen</step>
             </steps>
             <results>
-                <result value="">Liste wurde erfolgreich im Ausgabeverzeichnis gespeichert</result>
-                <result value="">Liste wurde erfolgreich im Archivverzeichnis (~/.local share/BSI/trustbridge-admin/) gespeichert</result>
+                <result>Liste wurde erfolgreich im Ausgabeverzeichnis gespeichert</result>
+                <result>Liste wurde erfolgreich im Archivverzeichnis (~/.local/share/BSI/trustbridge-admin/) gespeichert</result>
             </results>
         </test>
-        <test id="t1.4" description="Letzte Zertifikatsliste automatisch laden">
+        <test id="tA2.4" description="Letzte Zertifikatsliste automatisch laden">
             <precondition/>
             <steps>
                 <step>Verwaltungsanwendung neustarten</step>
             </steps>
             <results>
-                <result value="">Die zuletzt erstellte Zertifikatsliste wird angezeigt</result>
+                <result>Die zuletzt erstellte Zertifikatsliste wird angezeigt</result>
             </results>
         </test>
-        <test id="t1.5" description="Installationspaket erzeugen">
+        <test id="tA2.5" description="Installationspaket erzeugen">
             <precondition/>
             <steps>
                 <step>Installationspaket erstellen...</step>
                 <step>Verzeichnis des Binärpakets angeben (enthält meta.ini)</step>
-                <step>Code-Signing-Zertifikat angeben (z.B. ui/tests/data/codesign/codesigning.pem)</step>
+                <step>Code-Signing-Zertifikat angeben (z.B. ui/tests/data/codesign/codesigning-combined.pem)</step>
                 <step>Ausgabeverzeichnis angeben</step>
                 <step>Installationspaket erzeugen</step>
             </steps>
             <results>
-                <result>Installationspaket für Windows (NSIS-Installer) wurde im Ausgabeverzeichnis erstellt.</result>
-                <result>Installationspaket für Ubuntu wurde im Ausgabeverzeichnis erstellt.</result>
+                <result>Installationspakete für Windows und Ubuntu (2x) wurden im Ausgabeverzeichnis erstellt.</result>
             </results>
         </test>
-        <test id="t1.6" description="Anwendung beenden">
+        <test id="tA2.6" description="Hilfe aufrufen">
+            <precondition/>
+            <steps>
+                <step>Verwaltungsanwendungs-Hilfe über das Menü aufrufen.</step>
+            </steps>
+            <results>
+                <result>Die Hilfe öffnet sich im Standardbrowser.</result>
+            </results>
+        </test>
+        <test id="tA2.7" description="Anwendung beenden">
             <precondition/>
             <steps>
                 <step>Verwaltungsanwendung beenden.</step>
             </steps>
             <results>
-                <result value="">Die Anwendung schließt sich</result>
+                <result>Die Anwendung schließt sich</result>
             </results>
         </test>
     </testsuite>
-
-
-<!-- Clientanwendung (MIT Adminrechte) -->
-
-    <testsuite id="ts2" description="Clientanwendung (mit Administratorrechten)">
-        <general-precondition>Nutzer besitzt Adminstratorrechte. Der TrustBridge Client Installer liegt vor.</general-precondition>
-        <test id="t2.1" description="Erstinstallation der Software (unter Windows)">
-            <steps>
-                <step>NSIS-Installer ausführen (mit Vorbelegung)</step>
-            </steps>
-            <results>
-                <result>Eintrag im Startmenü ist vorhanden</result>
-            </results>
-        </test>
-        <test id="t2.2" description="Anwendung starten">
-            <precondition/>
-            <steps>
-                <step>Anwendung (trustbridge) starten.</step>
-            </steps>
-            <results>
-                <result value="">Die Anwendung startet</result>
-            </results>
-        </test>
-        <test id="t2.3" description="Erstinstallation der Zertifikate">
-            <steps>
-                <step>Unter "neue, vertrauenswürdige Zertifikate instalieren" die [Details einblenden]</step>
-                <step>Ein Zertifikat abwählen (nicht installieren).</step>
-                <step>[Aktualisierung einspielen] klicken.</step>
-            </steps>
-            <results>
-                <result>Nach Programmstart: neue Zertifikate werden zur Aktualisierung angezeigt.</result>
-                <result>Zertifikatsliste im Detail wird angezeigt.</result>
-                <result>Abwahl eines Zertifikats reduziert die Gesamtanzahl um 1.</result>
-                <result>Installierte Zertifikate erscheinen unten "Vertrauenswürdige Zertifikate"</result>
-                <result>Installierte Zertifikate erscheinen im Mozilla-NSS-Zertifikatsstore?</result>
-                <result>Installierte Zertifikate erscheinen im Windows-Zertifikatsstore (nur Windows)?</result>
-                <result>Installierte Zertifikate erscheinen im Chrome-Zertifikatsstore (nur Linux)?</result>
-            </results>
-        </test>
-        <test id="t2.4" description="Aktualisierung der Zertifikate">
-            <steps>
-                <step>Aktualisierte Zertifikatsliste (mit einem neuen und einem zurückgezogenen Zertifikat) hochladen.</step>
-                <step>Button [Nach Aktualisierung suchen] klicken.</step>
-                <step>[Aktualisierung einspielen] klicken.</step>
-            </steps>
-            <results>
-                <result>"Letzte Aktualisierung der Zertifikate" ändert sich nach Schritt 2 auf Zeitpunkt der Bereitstellung.</result>
-                <result>"2/2" (1 neues und 1 zurückgezogenes Zertifikat) wird angezeigt.</result>
-                <result>Aktualisierte Zertifikate erscheinen korrekt unten "Vertrauenswürdige Zertifikate" bzw. Zurückgezogene Zertifikate.</result>
-                <result>Aktualisierte Zertifikate erscheinen korrekt im Mozilla-NSS-Zertifikatsstore?</result>
-                <result>Aktualisierte Zertifikate erscheinen im Windwos-Zertifikatsstore (nur Windows)?</result>
-                <result>Aktualisierte Zertifikate erscheinen im Chrome-Zertifikatsstore (nur Linux)</result>
-            </results>
-        </test>
-        <test id="t2.5" description="Aktualisierung der Software">
-            <steps>
-                <step>Aktualisiertes Softwarepaket hochladen.</step>
-                <step>Button [Nach Aktualisierung suchen] klicken.</step>
-                <step>System-Tray-Benachrichtigung zum Download und Installation der Software bestätigen.</step>
-            </steps>
-            <results>
-                <result>"Letzte Aktualisierung von TrustBridge" ändert sich nach Schritt 2 auf Zeitpunkt der Bereitstellung.</result>
-                <result>Software wird, nach Schritt 3, automatisch im Hintergrund aktualisiert.</result>
-                <result>Nach Neustart der Anwendung zeigt der Hilfe-Dialog die neue Versionsnummer an.</result>
-            </results>
-        </test>
-    </testsuite>
-    
-
-<!-- Clientanwendung (OHNE Adminrechte) -->
-
-    <testsuite id="ts3" description="Clientanwendung (ohne Administratorrechten)">
-        <general-precondition>Nutzer besitzt keine Adminstratorrechte. Der TrustBridge Client Installer liegt vor.</general-precondition>
-        <test id="t3.1" description="Installation unter Windows">
-            <steps>
-                <step>NSIS-Installer ausführen (mit Vorbelegung)</step>
-            </steps>
-            <results>
-                <result>Eintrag im Startmenü ist vorhanden</result>
-            </results>
-        </test>
-        <test id="t3.2" description="Anwendung starten">
-            <precondition/>
-            <steps>
-                <step>Anwendung (trustbridge) starten.</step>
-            </steps>
-            <results>
-                <result value="">Die Anwendung startet</result>
-            </results>
-        </test>
-
-    </testsuite>
 </testplan>
--- a/manuals/admin-manual/index.rst	Tue Sep 02 14:25:40 2014 +0200
+++ b/manuals/admin-manual/index.rst	Tue Sep 16 19:45:19 2014 +0200
@@ -1,26 +1,31 @@
 Was ist TrustBridge?
 ====================
 
-TrustBridge ist eine Anwendung vom `Bundesamt für Sicherheit in der Informationstechnik (BSI) <https://bsi.bund.de>`_ für die Verbreitung von empfohlenen Wurzelzertifikaten.
+TrustBridge ist eine Anwendung vom `Bundesamt für Sicherheit in der
+Informationstechnik (BSI) <https://bsi.bund.de>`_ für die Verbreitung
+von empfohlenen Wurzelzertifikaten.
 
 TrustBridge macht es Nutzern einfacher, Wurzelzertifikate für eine
 X.509-basierende, öffentliche Zertifikatsinfrastruktur (PKI)
 einzuspielen und aktuell zu halten. TrustBridge verteilt
 Wurzelzertifikate, welche von den Betriebssystemen und Webbrowsern
-nicht mitgeliefert werden. Existierende Zertifikate, die korrumpiert oder missbraucht wurden, können über eine Deinstallations-Empfehlung von TrustBridge entfernt werden.
-Dabei ist unerheblich, ob die Zertifikate auf der Anwenderebene
-vorher bereits installiert waren.
+nicht mitgeliefert werden. Existierende Zertifikate, die korrumpiert
+oder missbraucht wurden, können von TrustBridge über eine
+Deinstallations-Empfehlung entfernt werden.  Dabei ist unerheblich, ob
+die Zertifikate auf der Anwenderebene vorher bereits installiert
+waren.
 
-**Wurzelzertifikate** sind die Basis einer PKI zur Feststellung der
-Authentizität des Kommunikationspartners und der Integrität seiner
-Nachrichten für verschiedene Anwendungen -- insbesondere bei der
-Übertragung über unsichere Kommunikationskanäle, wie dem Internet.
+**Wurzelzertifikate** (auch Rootzertifikate genannt) sind die Basis
+einer PKI zur Feststellung der Authentizität des
+Kommunikationspartners und der Integrität seiner Nachrichten für
+verschiedene Anwendungen -- insbesondere bei der Übertragung über
+unsichere Kommunikationskanäle, wie dem Internet.
 
-Ein Wurzel- oder auch "Root"-Zertifikat dient als Vertrauensanker
-("Trust Anchor") für alle darunter hängenden Zertifikate. Unterhalb
-der Wurzel folgt eine Sicherheitskette ("Trust Chain") von ein oder
-mehreren Zwischenzertifikaten der Zertifizierungsstellen, gefolgt von
-den ausgestellten Zertifikaten für die Anwendungen. Die Zertifikate
+Ein Wurzelzertifikat dient als Vertrauensanker ("Trust Anchor") für
+alle darunter hängenden Zertifikate. Unterhalb der Wurzel folgt eine
+Sicherheitskette ("Trust Chain") von ein oder mehreren
+Zwischenzertifikaten der Zertifizierungsstellen, gefolgt von den
+ausgestellten Zertifikaten für die Anwendungen. Die Zertifikate
 sichern per Public-Key-Kryptoverfahren nach dem X.509-v3 Standard
 beispielsweise TLS-Verbindungen von Webbrowser zu Webserver (HTTPS)
 oder E-Mail-Klient zu E-Mail-Server (IMAPS). Ein weiteres Beispiel ist
@@ -29,8 +34,9 @@
 
 Ãœber diese Hilfe
 ================
-Diese Hilfe unterstützt Sie bei der Bedienung der TrustBridge-Verwaltungsanwendung.
-Die Hilfeseiten im Ãœberblick:
+Diese Hilfe unterstützt Sie bei der Bedienung der
+TrustBridge-Verwaltungsanwendung und gibt Hinweise zum Betrieb des
+Download-Servers. Die Hilfeseiten im Ãœberblick:
 
 .. toctree::
    :maxdepth: 2
@@ -42,7 +48,8 @@
 Impressum
 =========
 
-Copyright 2014 Die Rechte liegen beim `Bundesamt für Sicherheit in der Informationstechnik (BSI) <https://bsi.bund.de>`_.
+Copyright 2014 Die Rechte liegen beim `Bundesamt für Sicherheit in der
+Informationstechnik (BSI) <https://bsi.bund.de>`_.
 
 TrustBridge wurde von den Unternehmen `Intevation GmbH
 <http://www.intevation.de>`_ und `DN-Systems GmbH
Binary file manuals/help-manual/_static/bsi-logo.png has changed
--- a/manuals/help-manual/_static/extra-style.css	Tue Sep 02 14:25:40 2014 +0200
+++ b/manuals/help-manual/_static/extra-style.css	Tue Sep 16 19:45:19 2014 +0200
@@ -11,4 +11,20 @@
     font-size: 1.1em;
     background-color: transparent;
 }
-
+#pageheader img {
+    float: left;
+    margin-right: 10px;
+}
+#pageheader h1 {
+    margin: 5px;
+    padding: 15px;
+}
+#breadcrumbs {
+    display: none;
+}
+.related.top #rellinks {
+    margin-top: -25px;
+}
+#pagefooter {
+    padding-bottom: 0 !important;
+}
Binary file manuals/help-manual/_static/nsis-installer.png has changed
Binary file manuals/help-manual/_static/trustbridge-logo.png has changed
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/manuals/help-manual/_templates/layout.html	Tue Sep 16 19:45:19 2014 +0200
@@ -0,0 +1,17 @@
+{% extends '!layout.html' %}
+
+{%- block header %}
+  {%- if theme_showheader|tobool %}
+    <header id="pageheader">
+        <a href="{{ pathto(master_doc) }} "><img src="_static/trustbridge-logo.png"><h1>{{ docstitle }}</h1></a>
+    </header>
+  {%- endif %}
+{%- endblock %}
+
+
+{% block footer %}
+  <footer id="pagefooter">
+    &copy; 2014, BSI | TrustBridge {{version}}<br>
+    <img src="_static/bsi-logo.png">
+  </footer>
+{% endblock %}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/manuals/help-manual/arbeitsweise.rst	Tue Sep 16 19:45:19 2014 +0200
@@ -0,0 +1,29 @@
+============
+Arbeitsweise
+============
+
+TrustBridge holt sich regelmäßig über das Internet 
+neue Vorschlagslisten per HTTPS. Die anzufragenden URLs sind 
+fest in der Anwendung eingebrannt, wie auch Zertifikate, um
+zu prüfen, dass es sich wirklich um den echten Server handelt.
+
+ZUTUN
+
+
+Wurzelzertifikate
+=================
+(auch Rootzertifikate genannt) sind die Basis
+einer PKI zur Feststellung der Authentizität des
+Kommunikationspartners und der Integrität seiner Nachrichten für
+verschiedene Anwendungen -- insbesondere bei der Übertragung über
+unsichere Kommunikationskanäle, wie dem Internet.
+
+Ein Wurzelzertifikat dient als Vertrauensanker ("Trust Anchor") für
+alle darunter hängenden Zertifikate. Unterhalb der Wurzel folgt eine
+Sicherheitskette ("Trust Chain") von ein oder mehreren
+Zwischenzertifikaten der Zertifizierungsstellen, gefolgt von den
+ausgestellten Zertifikaten für die Anwendungen. Die Zertifikate
+sichern per Public-Key-Kryptoverfahren nach dem X.509-v3 Standard
+beispielsweise TLS-Verbindungen von Webbrowser zu Webserver (HTTPS)
+oder E-Mail-Klient zu E-Mail-Server (IMAPS). Ein weiteres Beispiel ist
+die Ende-zu-Ende Absicherung von E-Mail per S/MIME-Standard.
--- a/manuals/help-manual/bedienung.rst	Tue Sep 02 14:25:40 2014 +0200
+++ b/manuals/help-manual/bedienung.rst	Tue Sep 16 19:45:19 2014 +0200
@@ -13,3 +13,91 @@
    :alt: Die TrustBridge-Oberfläche unter Windows bei verfügbaren Zertifikatsänderungen
    :width: 100%
 
+
+Seite "Neue Empfehlungen"
+-------------------------
+
+Neue Zertifikatsänderungen schreiben:
+.....................................
+Sind neue Zertifikatsaktualisierungen vom BSI verfügbar, werden Sie
+über die empfohlenen Änderungen auf dieser Seite informiert. Im Titel
+finden Sie die Gesamtanzahl der vorgeschlagenen Zertifikatsänderungen.
+Über den Button *[Änderungen schreiben]* können Sie diese Änderungen
+vollständig übernehmen.
+
+Details zu den empfohlenen Zertifikaten (wie z.B. Zertifikatsinhaber,
+Gültigkeit, Fingerabdruck) lassen sich im unteren Teil der Seite über
+die beiden Gruppierungen mittels der *[Details]* Button einblenden:
+
+* Neue, empfohlene Wurzelzertifikate installieren (n/n)
+* Abgeratene Wurzelzertifikate entfernen (n/n)
+
+An dieser Stelle haben Sie die Möglichkeit (*vor* dem Schreiben der
+Änderungen) ausgewählte Zertifikate "abzuwählen". Dadurch werden diese
+Zertifikate *nicht* installiert bzw. entfernt.  Solche
+Abwahlentscheidungen können Sie später jederzeit wieder auf den Seiten
+"Empfohlene Wurzelzertifikate" und "Abgeratene Wurzelzertifikate"
+korrigieren.
+
+Suche nach Aktualisierungen:
+............................
+Beim Start der Anwendung wird automatisch nach neuen Aktualisierungen
+(Software und Zertifikaten) gesucht. Ãœber den Button *[Aktualisieren]*
+kann diese Suche auch manuell angestoßen werden. Der letzte
+Suchzeitpunkt wird daneben angezeigt.
+
+Wurzelzertifikate erneut schreiben:
+...................................
+Sind alle Zertifikatsänderungen eingespielt und liegen keine
+Änderungen vor, können alle von TrustBridge verwalteten Zertifikate
+noch einmal installiert werden. Dafür muss auf den Button
+*[Wurzelzertifikate erneut schreiben]* geklickt werden.  Hilfreich
+könnte diese Funktion sein, wenn seit der letzten Aktualisierung durch
+TrustBridge im Zertifikatsspeicher *manuell* Zertifikate geändert
+wurden. Um den durch TrustBridge empfohlenen Stand wiederherzustellen,
+klickt man einmal auf o.g. Schaltfläche.
+
+
+Seite "Empfohlene Wurzelzertifikate"
+------------------------------------
+Alle Wurzelzertifikate, die TrustBridge aktuell zur Installation
+vorgeschlagen hat, sind auf dieser Seite einsehbar. Jedes Zertifikat
+kann einzeln "abgewählt" werden, d.h. es wird mit der nächsten
+*[Änderungen schreiben]*-Aktion entfernt.  Bereits "abgewählte"
+Zertifikate können analog so zur Installation markiert werden.
+
+Jede manuelle Änderung, die Sie hier vornehmen, wird auf der Seite
+"Neue Empfehlungen" aufgelistet. Die Anzahl der "abweichend zu
+behandelnden Wurzelzertifikate" wird auch auf der Schaltfläche "Neue
+Empfehlungen" im roten Kreis angezeigt.
+
+**Achtung:** TrustBridge zeigt *nicht* den tatsächlichen
+Installationszustand eines Zertifikats im Zertifikatsspeicher an.
+TrustBridge selbst kann nur ausgewählte Zertifikate in alle
+Zertifikatsspeicher "einspielen".  Eine Kontrolle, dass in der
+Zwischenzeit diese Zertifikate nicht verändert wurden, kann
+TrustBridge nicht geben.
+
+
+Seite "Abgeratene Wurzelzertifikate"
+------------------------------------
+Alle Wurzelzertifikate, die TrustBridge zur Deinstallation
+vorgeschlagen hat, werden auf dieser Seite aufgelistet.  Bereits
+deinstallierte Zertifikate lassen sich mit TrustBridge nicht mehr
+installieren.
+
+Sollten Sie Zertifikate bei der Aktualisierung "zurückgehalten" haben,
+d.h. noch nicht zur Deinstallation freigegeben haben, können Sie das
+Zertifikat über das Auswahlfeld zur Deinstallation markieren.  Damit
+das Zertifikat endgültig aus allen Zertifikatsspeichern gelöscht wird
+müssen Sie anschließend den *[Änderungen schreiben]*-Button auf der
+Seite "Neue Empfehlungen" bestätigen.
+
+
+Seite "Information und Hilfe"
+-----------------------------
+Neben der Erwähnung von Herstellers und Lizenz von TrustBridge finden
+Sie hier die Möglichkeit:
+
+* diese TrustBridge-Hilfe zu starten und
+* die Proxy-Server-Einstellungen vorzunehmen.
--- a/manuals/help-manual/conf.py	Tue Sep 02 14:25:40 2014 +0200
+++ b/manuals/help-manual/conf.py	Tue Sep 16 19:45:19 2014 +0200
@@ -41,7 +41,7 @@
 
 # General information about the project.
 project = u'TrustBridge-Hilfe'
-copyright = u'2014, BSI'
+#copyright = u''
 
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
@@ -111,7 +111,7 @@
 html_title = 'TrustBridge-Hilfe'
 
 # A shorter title for the navigation bar.  Default is the same as html_title.
-html_short_title = 'Home'
+#html_short_title = 'Home'
 
 # The name of an image file (relative to this directory) to place at the top
 # of the sidebar.
--- a/manuals/help-manual/faq.rst	Tue Sep 02 14:25:40 2014 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,170 +0,0 @@
-================================
-Frequently Asked Questions (FAQ)
-================================
-
-
-Welche Zertifikatsspeicher werden verwendet?
-============================================
-
-Damit Zertifikaten in Anwendungen (wie z.B. Browser oder E-Mail-Klient)
-vertraut werden kann, müssen die zugehörigen Wurzelzertifikate in den passenden
-Zertifikatsspeichern des Systems installiert werden.
-TrustBridge übernimmt diese Zugriff auf die Zertifikatsspeicher.
-
-Es gibt zwei gängige Zertifikatsspeicher, die von TrustBridge und den meisten
-Anwendungen unterstützt werden:
-
-* der Mozilla NSS-Zertifikatsspeicher ("Network Security Services") und 
-* der Windows-System-Zertifikatsspeicher.
-
-
-Chrome bzw. Chromium verwendet unter Windows den Windows-System-Speicher und unter
-Ubuntu den NSS-Zertifikatsspeicher. Die nachfolgende Abbildung veranschaulicht 
-die verwendeten Zertifikatsspeicher unter Windows und GNU/Linux.
-
-.. figure:: _static/stores.png
-   :width: 100%
-   :alt: Ãœbersicht der Zertifikatsspeicher
-
-   *Abbildung 1: Ãœbersicht der Zertifikatsspeicher*
-
-Windows-Zertifikatsspeicher
----------------------------
-
-Der Windows 7 und 8 Zertifikatsspeicher kann in drei große Gruppen aufgeteilt werden:
-
-#. Zertifikate des aktuellen Benutzers
-#. Zertifikate für alle Benutzer (Lokaler Computer)
-#. Zertifikate für Systemdienste
-
-Diese Gruppen unterteilen sich wieder in eine Reihe von logischen Speichern.
-
-Für die Installation von vertrauenswürdigen Wurzelzertifikaten ist der
-logische *Root*-Speicher relevant. Nur dort eingetragene Zertifikate
-werden als *Trust Anchor* (Vertrauensanker) angesehen und zur
-Validierung des Vertrauenspfads zu den weiteren Zertifikaten
-verwendet.
-
-Der logische *Disallowed*-Speicher hat immer Vorrang. Befindet sich ein Zertifikat
-sowohl im *Root* als auch im *Disallowed*-Speicher, gilt es als nicht vertrauenswürdig.
-
-
-**Einschränkungen:** 
-Um unbefugte Manipulationen am Zertifikatsspeicher zu verhindern, werden von Microsoft
-seit Windows XP SP2 folgende Schutzmaßnahmen vorgesehen:
-
-#. Um Zertifikate für alle Benutzer des lokalen Computers zu
-   bearbeiten, sind erhöhte Privilegien (Administrationsrechte)
-   erforderlich.
-#. Änderungen (Löschen / Hinzufügen von Zertifikaten) am
-   *Root*-Speicher des aktuellen Nutzers erfordern die explizite
-   Einwilligung des Nutzers (siehe nachfolgende Abbildung), sofern der
-   Prozess keine erhöhten Privilegien besitzt.
-
-
-.. figure:: _static/sicherheitswarnung.png
-   :alt: Windows-Sicherheitswarnung 
-
-   *Abbildung 2: Sicherheitswarnung beim Hinzufügen eines Wurzelzertifikats ohne Administrator-Rechte*
-
-
-
-Mozilla NSS-Zertifikatsspeicher
--------------------------------
-Die Mozilla-Anwendungen Thunderbird und Firefox, sowie Chromium unter
-Ubuntu, verwenden die Mozilla "Network Security
-Services" (NSS) Zertifikatsspeicher. 
-
-Mozilla liefert den NSS-Zertifikatsspeicher mit einer Auswahl von
-voreingesetllten vertrauenswürdigen bzw. nicht
-vertrauenswürdigen Zertifikaten aus.
-
-**Einschränkungen:**
-
-* Anwendungen, die den NSS-Zertifikatsspeicher verwenden, sollten vor dem Zugriff geschlossen
-  werden.
-* Um den NSS-Speicher anderer Nutzer zu manipulieren, sind erhöhte Rechte nötig.
-* Um den NSS-Standard für neue Profile vorzugeben, sind abhängig vom Installationsort 
-  ggf. erhöhte Rechte nötig.
-
-
-
-Wie wird der Transport abgesichert?
-===================================
-TrustBridge sucht regelmäßig (alle 24 Stunden) auf dem offiziellen TrustBridge-Update-Server
-nach aktualisierten Zertifikatslisten und neuen Softwareversionen. 
-
-Sämtliche Transportprozesse sind kryptografisch nach aktuellem Stand
-der Technik gegen unbefugte Manipulationen (Authentizität und
-Integrität) gesichert. Es gibt drei Transportwege, die abgesichert
-werden müssen:
-
-#. Verfügbarkeit von Aktualisierungen prüfen:
-   Die regelmäßige Übertragung der Information, ob neue Aktualisierungen
-   von Zertifiaktsliste oder Software verfügbar sind, wird über eine
-   HTTPS-Verbindung per TLS 1.2 (mit ECDSA brainpoolP256r1) durchgeführt.
-#. Zertifikatslisten-Update durchführen:
-   Ist eine neue Zertifikatsliste verfügbar, wird die ganze Liste
-   gebündelt übertragen. Die Zertifikatslistendatei ist signiert (RSA 3076). 
-   Vor einem Zertifikatslisten-Update wird sichergestellt, dass TrustBridge bereits in der
-   neusten Version installiert ist.
-#. Software-Update durchführen:
-   Ist eine neue TrustBridge-Version verfügbar, kann diese mit einem
-   Klick auf eine entsprechende Meldung heruntergeladen und installiert
-   werden. Es wird eine vollständige TrustBridge-Installationsdatei übertragen 
-   und im Hintergrund ausgeführt. Jede Software-Installationsdatei ist signiert.
-   Bei Fehlschlagen der Signaturprüfung (z.B. durch fehlerhaftes
-   Herunterladen) wird TrustBridge nicht aktualisiert. 
-
-
-
-Wie sieht das Datenformat einer Zertifikatsliste aus?
-=====================================================
-
-Die Zertifikatsliste ist eine einzelne Text-Datei, welche von der
-TrustBridge-Verwaltungsanwendung erzeugt wird. Diese Datei enthält
-alle benötigten Informationen und basiert auf einer zeilenbasierten
-Textformat. Dabei bleibt die Struktur für Menschen lesbar und die
-meisten Inhalte können mit Standardwerkzeugen sowohl de- als auch
-enkodiert werden.
-
-In der ersten Zeile der Datei ist die Base64-kodierte, kryptografische
-Signatur über alle folgenden Zeilen (inklusive der Zeilenenden)
-angegeben. So wird die Integrität und Authentizität dieser Daten vor
-der Verarbeitung gesichert.
-
-Einzelne Zeilen haben das Format ``<Buchstabe>:<Wert><CR><LF>``, wobei
-der Buchstabe angibt, welche Art von Wert folgt. Die Länge der Zeilen
-ist (für Version 1) auf 9999 Zeichen begrenzt, inklusive der beiden
-Zeichen für Zeilenenden.  Die Anzahl der Zeilen ist auf 1000
-beschränkt, was einer Dateigröße von maximal 10 Megabyte entspricht.
-(In der Praxis wird die Dateigröße aber deutlich unter 100 Kilobyte
-liegen.) Der Text wird in 7Bit-ASCII kodiert.
-
-Die Zertifikate selbst werden als Base64- und DER-kodierte Daten
-aufgeführt. Dies entspricht dem Inhalt gängiger .pem-Dateien - jedoch
-ohne den umschließenden BEGIN CERTIFICATE und END CERTIFICATE sowie
-ohne den Zeilenumbrüchen.
-
-Jede Zeile muss mit einem der folgenden gültigen Buchstaben beginnen:
-
-* ``S:`` Die Signatur der Zertifikatsliste.
-* ``F:`` Format-Version
-* ``D:`` Zeitpunkt der Listenerstellen (UTC)
-* ``I:`` Zu installierendes Zertifikat
-* ``R:`` Zu entfernendes Zertifikat
-
-
-Im Folgenden ein Beispiel für den Aufbau der Zertifikatslisten-Datei
-mit zwei zu installierenden Zertifikaten und einem zu löschenden
-Zertifikat. Die Signatur- und Zertifikatszeilen sind, aus Gründen der
-Übersichtlichkeit, in diesem Beispiel gekürzt:
-
-.. parsed-literal::
-    S:EjzX0sTkstnnGbPIC7n1a5WlYCFsthPl8OYplLyihR1RdqcUsSnikrVowFo8QgpMutcz0...
-    F:1
-    D:2014-01-03T12:30Z
-    I:MIIEiTCCA3GgAwIBAgIDAWn+MA0GCSqGSIb3DQBQUAMEAxCzAJBVBAYTAlVTMRcwFQYDV...
-    I:MIIHojCCBoqgAwIBAgIDAW96MA0GCSqGSIb3DQEBBQUAGMMQswCDVQQGEwJJTDEWMBQGA...
-    R:MIIGUjCCBTqgAwIBAgIODocAAQACqS54FrSbGvYwDQKoZIhvcNAQBQAwfDELMAkGA1UEB...
-
--- a/manuals/help-manual/index.rst	Tue Sep 02 14:25:40 2014 +0200
+++ b/manuals/help-manual/index.rst	Tue Sep 16 19:45:19 2014 +0200
@@ -1,55 +1,60 @@
-Was ist TrustBridge?
-====================
-
-TrustBridge ist eine Anwendung vom `Bundesamt für Sicherheit in der Informationstechnik (BSI) <https://bsi.bund.de>`_ für die Verbreitung von empfohlenen Wurzelzertifikaten.
-
-TrustBridge macht es Nutzern einfacher, Wurzelzertifikate für eine
-X.509-basierende, öffentliche Zertifikatsinfrastruktur (PKI)
-einzuspielen und aktuell zu halten. TrustBridge verteilt
-Wurzelzertifikate, welche von den Betriebssystemen und Webbrowsern
-nicht mitgeliefert werden. Existierende Zertifikate, die korrumpiert
-oder missbraucht wurden, können von TrustBridge über eine Deinstallations-Empfehlung
-entfernt werden.  Dabei ist unerheblich, ob die
-Zertifikate auf der Anwenderebene vorher bereits installiert waren.
-
-**Wurzelzertifikate** (auch Rootzertifikate genannt) sind die Basis einer PKI zur Feststellung der
-Authentizität des Kommunikationspartners und der Integrität seiner
-Nachrichten für verschiedene Anwendungen -- insbesondere bei der
-Übertragung über unsichere Kommunikationskanäle, wie dem Internet.
-
-Ein Wurzelzertifikat dient als Vertrauensanker
-("Trust Anchor") für alle darunter hängenden Zertifikate. Unterhalb
-der Wurzel folgt eine Sicherheitskette ("Trust Chain") von ein oder
-mehreren Zwischenzertifikaten der Zertifizierungsstellen, gefolgt von
-den ausgestellten Zertifikaten für die Anwendungen. Die Zertifikate
-sichern per Public-Key-Kryptoverfahren nach dem X.509-v3 Standard
-beispielsweise TLS-Verbindungen von Webbrowser zu Webserver (HTTPS)
-oder E-Mail-Klient zu E-Mail-Server (IMAPS). Ein weiteres Beispiel ist
-die Ende-zu-Ende Absicherung von E-Mail per S/MIME-Standard.
-
-
-Ãœber diese Hilfe
-================
-Diese Hilfe unterstützt Sie bei der Bedienung von TrustBridge |version| sowie
-vermittelt Ihnen ein beseres Verständnis was die Anwendung macht und
-wofür das gut ist. Die Hilfeseiten im Überblick:
+Inhaltsverzeichnis
+==================
 
 .. toctree::
    :maxdepth: 2
 
    installation
    bedienung
-   faq
+   arbeitsweise
+   techn-referenz
+
+
+Was ist TrustBridge?
+====================
+TrustBridge erleichtert Ihnen das Einpflegen von Wurzelzertifikaten
+zur Absicherung von Kommunikation durch Verschlüsselung und Signaturen. 
+Dazu holt sich TrustBridge regelmäßig die Wurzelzertifikate, 
+welche von einer zentralen Stelle vorgeschlagen werden und bietet
+Sie Ihnen zum Einfügen in den Zertifikatspeicher Ihres Rechners an.
+
+Über TrustBridge werden üblicherweise nur Zertifikate verteilt,
+welche von Ihrem Betriebssystem nicht mitgeliefert werden. Sie können sich
+dafür entscheiden nur einen Teil der Wurzelzertifikate zu übernehmen.
+TrustBridge respektiert Ihre bisherigen Wurzelzertifikatsentscheidungen.
+
+Wenn ein früher vorschlagenes Wurzelzertifikat lange in Benutzung war 
+oder ein Problem damit bekannt wurde, empfiehlt TrustBridge 
+es wieder zu entfernen. Auch für diese Änderung holt sich TrustBridge
+erst Ihre Erlaubnis. 
+
+Wurzelzertifikate verwalten den Zugang zu Ihren Daten.
+Verwenden Sie TrustBridge deshalb nur, wenn Sie der Organisation 
+vertrauen von der Sie die Software erhalten 
+und welche die Wurzelzertifikatsvorschläge pflegt. 
+
+TrustBridge arbeitet im Hintergrund und meldet sich
+bei Ihnen, wenn es etwas Neues gibt.
+
+TrustBridge ist eine Anwendung vom `Bundesamt für Sicherheit in der
+Informationstechnik (BSI) <https://bsi.bund.de>`_ für die Verbreitung
+von empfohlenen Wurzelzertifikaten.
+
+TrustBridge macht es Nutzern einfacher, Wurzelzertifikate für eine
+X.509-basierende, öffentliche Zertifikatsinfrastruktur (PKI)
+einzuspielen und aktuell zu halten. 
+
 
 
 Impressum
 =========
 
-Copyright 2014 Die Rechte liegen beim `Bundesamt für Sicherheit in der Informationstechnik (BSI) <https://bsi.bund.de>`_.
+Ausgabe 2014, Die Rechte liegen beim `Bundesamt für Sicherheit in der
+Informationstechnik (BSI) <https://bsi.bund.de>`_.
 
 TrustBridge wurde von den Unternehmen `Intevation GmbH
 <http://www.intevation.de>`_ und `DN-Systems GmbH
-<http://www.dn-systems.com>`_ entwickelt, im Auftrag vom BSI.
+<http://www.dn-systems.com>`_ entwickelt, im Auftrag des BSIs.
 
 Diese TrustBridge-Hilfe ist unter der `Creative Commons CC BY-SA 3.0
 <http://creativecommons.org/licenses/by-sa/3.0/>`_ lizensiert.
--- a/manuals/help-manual/installation.rst	Tue Sep 02 14:25:40 2014 +0200
+++ b/manuals/help-manual/installation.rst	Tue Sep 16 19:45:19 2014 +0200
@@ -48,8 +48,8 @@
 Für die Installation von TrustBridge unter Ubuntu wird ein interaktives Installationsskript
 für die Kommandozeile angeboten - jeweils ein Script für 32 und 64 Bit-Systeme.
 
-Führen Sie das Skript ohne Option aus, um Trustbridge **lokal** in Ihrem Home-Verzeichnis zu installieren
-(standardmäßg unter ``/home/TrustBridge/``).
+Führen Sie das Skript ohne Option aus, um TrustBridge **lokal** in Ihrem Home-Verzeichnis zu installieren
+(standardmäßig unter ``/home/TrustBridge/``).
 
 Für 64-Bit-Systeme:
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/manuals/help-manual/techn-referenz.rst	Tue Sep 16 19:45:19 2014 +0200
@@ -0,0 +1,170 @@
+===================
+Technische Referenz
+===================
+
+
+Welche Zertifikatsspeicher werden verwendet?
+============================================
+
+Damit Zertifikaten in Anwendungen (wie z.B. Browser oder E-Mail-Klient)
+vertraut werden kann, müssen die zugehörigen Wurzelzertifikate in den passenden
+Zertifikatsspeichern des Systems installiert werden.
+TrustBridge übernimmt diesen Zugriff auf die Zertifikatsspeicher.
+
+Es gibt zwei gängige Zertifikatsspeicher, die von TrustBridge und den meisten
+Anwendungen unterstützt werden:
+
+* der Mozilla NSS-Zertifikatsspeicher ("Network Security Services") und 
+* der Windows-System-Zertifikatsspeicher.
+
+
+Chrome bzw. Chromium verwendet unter Windows den Windows-System-Speicher und unter
+Ubuntu den NSS-Zertifikatsspeicher. Die nachfolgende Abbildung veranschaulicht 
+die verwendeten Zertifikatsspeicher unter Windows und GNU/Linux.
+
+.. figure:: _static/stores.png
+   :width: 100%
+   :alt: Ãœbersicht der Zertifikatsspeicher
+
+   *Abbildung 1: Ãœbersicht der Zertifikatsspeicher*
+
+Windows-Zertifikatsspeicher
+---------------------------
+
+Der Windows 7 und 8 Zertifikatsspeicher kann in drei große Gruppen aufgeteilt werden:
+
+#. Zertifikate des aktuellen Benutzers
+#. Zertifikate für alle Benutzer (Lokaler Computer)
+#. Zertifikate für Systemdienste
+
+Diese Gruppen unterteilen sich wieder in eine Reihe von logischen Speichern.
+
+Für die Installation von vertrauenswürdigen Wurzelzertifikaten ist der
+logische *Root*-Speicher relevant. Nur dort eingetragene Zertifikate
+werden als *Trust Anchor* (Vertrauensanker) angesehen und zur
+Validierung des Vertrauenspfads zu den weiteren Zertifikaten
+verwendet.
+
+Der logische *Disallowed*-Speicher hat immer Vorrang. Befindet sich ein Zertifikat
+sowohl im *Root* als auch im *Disallowed*-Speicher, gilt es als nicht vertrauenswürdig.
+
+
+**Einschränkungen:** 
+Um unbefugte Manipulationen am Zertifikatsspeicher zu verhindern, werden von Microsoft
+seit Windows XP SP2 folgende Schutzmaßnahmen vorgesehen:
+
+#. Um Zertifikate für alle Benutzer des lokalen Computers zu
+   bearbeiten, sind erhöhte Privilegien (Administrationsrechte)
+   erforderlich.
+#. Änderungen (Löschen / Hinzufügen von Zertifikaten) am
+   *Root*-Speicher des aktuellen Nutzers erfordern die explizite
+   Einwilligung des Nutzers (siehe nachfolgende Abbildung), sofern der
+   Prozess keine erhöhten Privilegien besitzt.
+
+
+.. figure:: _static/sicherheitswarnung.png
+   :alt: Windows-Sicherheitswarnung 
+
+   *Abbildung 2: Sicherheitswarnung beim Hinzufügen eines Wurzelzertifikats ohne Administrator-Rechte*
+
+
+
+Mozilla NSS-Zertifikatsspeicher
+-------------------------------
+Die Mozilla-Anwendungen Thunderbird und Firefox, sowie Chromium unter
+Ubuntu, verwenden die Mozilla "Network Security
+Services" (NSS) Zertifikatsspeicher. 
+
+Mozilla liefert den NSS-Zertifikatsspeicher mit einer Auswahl von
+voreingesetllten vertrauenswürdigen bzw. nicht
+vertrauenswürdigen Zertifikaten aus.
+
+**Einschränkungen:**
+
+* Anwendungen, die den NSS-Zertifikatsspeicher verwenden, sollten vor dem Zugriff geschlossen
+  werden.
+* Um den NSS-Speicher anderer Nutzer zu manipulieren, sind erhöhte Rechte nötig.
+* Um den NSS-Standard für neue Profile vorzugeben, sind abhängig vom Installationsort 
+  ggf. erhöhte Rechte nötig.
+
+
+
+Wie wird der Transport abgesichert?
+===================================
+TrustBridge sucht regelmäßig (alle 24 Stunden) auf dem offiziellen TrustBridge-Update-Server
+nach aktualisierten Zertifikatslisten und neuen Softwareversionen. 
+
+Sämtliche Transportprozesse sind kryptografisch nach aktuellem Stand
+der Technik gegen unbefugte Manipulationen (Authentizität und
+Integrität) gesichert. Es gibt drei Transportwege, die abgesichert
+werden müssen:
+
+#. Verfügbarkeit von Aktualisierungen prüfen:
+   Die regelmäßige Übertragung der Information, ob neue Aktualisierungen
+   von Zertifikatsliste oder Software verfügbar sind, wird über eine
+   HTTPS-Verbindung per TLS 1.2 (mit ECDSA brainpoolP256r1) durchgeführt.
+#. Zertifikatslisten-Update durchführen:
+   Ist eine neue Zertifikatsliste verfügbar, wird die ganze Liste
+   gebündelt übertragen. Die Zertifikatslistendatei ist signiert (RSA 3076). 
+   Vor einem Zertifikatslisten-Update wird sichergestellt, dass TrustBridge bereits in der
+   neusten Version installiert ist.
+#. Software-Update durchführen:
+   Ist eine neue TrustBridge-Version verfügbar, kann diese mit einem
+   Klick auf eine entsprechende Meldung heruntergeladen und installiert
+   werden. Es wird eine vollständige TrustBridge-Installationsdatei übertragen 
+   und im Hintergrund ausgeführt. Jede Software-Installationsdatei ist signiert.
+   Bei Fehlschlagen der Signaturprüfung (z.B. durch fehlerhaftes
+   Herunterladen) wird TrustBridge nicht aktualisiert. 
+
+
+
+Wie sieht das Datenformat einer Zertifikatsliste aus?
+=====================================================
+
+Die Zertifikatsliste ist eine einzelne Text-Datei, welche von der
+TrustBridge-Verwaltungsanwendung erzeugt wird. Diese Datei enthält
+alle benötigten Informationen und basiert auf einer zeilenbasierten
+Textformat. Dabei bleibt die Struktur für Menschen lesbar und die
+meisten Inhalte können mit Standardwerkzeugen sowohl de- als auch
+enkodiert werden.
+
+In der ersten Zeile der Datei ist die Base64-kodierte, kryptografische
+Signatur über alle folgenden Zeilen (inklusive der Zeilenenden)
+angegeben. So wird die Integrität und Authentizität dieser Daten vor
+der Verarbeitung gesichert.
+
+Einzelne Zeilen haben das Format ``<Buchstabe>:<Wert><CR><LF>``, wobei
+der Buchstabe angibt, welche Art von Wert folgt. Die Länge der Zeilen
+ist (für Version 1) auf 9999 Zeichen begrenzt, inklusive der beiden
+Zeichen für Zeilenenden.  Die Anzahl der Zeilen ist auf 1000
+beschränkt, was einer Dateigröße von maximal 10 Megabyte entspricht.
+(In der Praxis wird die Dateigröße aber deutlich unter 100 Kilobyte
+liegen.) Der Text wird in 7Bit-ASCII kodiert.
+
+Die Zertifikate selbst werden als Base64- und DER-kodierte Daten
+aufgeführt. Dies entspricht dem Inhalt gängiger .pem-Dateien - jedoch
+ohne den umschließenden BEGIN CERTIFICATE und END CERTIFICATE sowie
+ohne den Zeilenumbrüchen.
+
+Jede Zeile muss mit einem der folgenden gültigen Buchstaben beginnen:
+
+* ``S:`` Die Signatur der Zertifikatsliste.
+* ``F:`` Format-Version
+* ``D:`` Zeitpunkt der Listenerstellen (UTC)
+* ``I:`` Zu installierendes Zertifikat
+* ``R:`` Zu entfernendes Zertifikat
+
+
+Im Folgenden ein Beispiel für den Aufbau der Zertifikatslisten-Datei
+mit zwei zu installierenden Zertifikaten und einem zu löschenden
+Zertifikat. Die Signatur- und Zertifikatszeilen sind, aus Gründen der
+Übersichtlichkeit, in diesem Beispiel gekürzt:
+
+.. parsed-literal::
+    S:EjzX0sTkstnnGbPIC7n1a5WlYCFsthPl8OYplLyihR1RdqcUsSnikrVowFo8QgpMutcz0...
+    F:1
+    D:2014-01-03T12:30Z
+    I:MIIEiTCCA3GgAwIBAgIDAWn+MA0GCSqGSIb3DQBQUAMEAxCzAJBVBAYTAlVTMRcwFQYDV...
+    I:MIIHojCCBoqgAwIBAgIDAW96MA0GCSqGSIb3DQEBBQUAGMMQswCDVQQGEwJJTDEWMBQGA...
+    R:MIIGUjCCBTqgAwIBAgIODocAAQACqS54FrSbGvYwDQKoZIhvcNAQBQAwfDELMAkGA1UEB...
+
--- a/packaging/CMakeLists.txt	Tue Sep 02 14:25:40 2014 +0200
+++ b/packaging/CMakeLists.txt	Tue Sep 16 19:45:19 2014 +0200
@@ -9,14 +9,15 @@
    # Build the nss safer plugin.
    include_directories(${CMAKE_SOURCE_DIR}/common)
 
-   add_library(saferrunas SHARED safer_run_as.c)
-   target_link_libraries(saferrunas
+   add_library(desktopshellrun SHARED desktopshellrun.cpp)
+   target_link_libraries(desktopshellrun
       trustbridge_common
       -luserenv
       -lshell32
       -lcrypt32
       -lssp
+      -lshlwapi
       ${POLARSSL_LIBRARIES}) # trustbridge_common pulls it in.
-   set_target_properties(saferrunas PROPERTIES PREFIX "")
-   set_target_properties(saferrunas PROPERTIES OUTPUT_NAME "SaferRunAs")
+   set_target_properties(desktopshellrun PROPERTIES PREFIX "")
+   set_target_properties(desktopshellrun PROPERTIES OUTPUT_NAME "DesktopShellRun")
 endif()
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/packaging/desktopshellrun.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -0,0 +1,326 @@
+/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
+ * Software engineering by Intevation GmbH
+ *
+ * This file is Free Software under the GNU GPL (v>=2)
+ * and comes with ABSOLUTELY NO WARRANTY!
+ * See LICENSE.txt for details.
+ */
+
+/**
+ * @file tasksched_run_as.cpp
+ * @brief Run a command with the Task Scheduler API
+ *
+ * This effectively starts a program as the user regardles of the current
+ * process token.
+ */
+#include <windows.h>
+#include "logging.h"
+#include "strhelp.h"
+
+#ifndef INITGUID
+#define INITGUID
+#endif
+
+#include <initguid.h>
+#include <mstask.h>
+#include <wchar.h>
+#include <ole2.h>
+#include <shldisp.h>
+#include <shobjidl.h>
+#include <exdisp.h>
+#include <shlguid.h>
+
+/* Some declarations missing in mingw-w64 3.1.0 taken from msdn */
+
+__CRT_UUID_DECL(IShellWindows, 0x85CB6900, 0x4D95, 0x11CF,
+                0x96, 0x0C, 0x00, 0x80, 0xC7, 0xF4, 0xEE, 0x85);
+
+DEFINE_GUID(IID_IShellWindows,
+            0x85CB6900, 0x4D95, 0x11CF,
+            0x96, 0x0C, 0x00, 0x80, 0xC7, 0xF4, 0xEE, 0x85);
+DEFINE_GUID(CLSID_ShellWindows,
+            0x9BA05972, 0xF6A8, 0x11CF,
+            0xA4, 0x42, 0x00, 0xA0, 0xC9, 0x0A, 0x8F, 0x39);
+
+
+__CRT_UUID_DECL(IShellDispatch2, 0xA4C6892C, 0x3BA9, 0x11d2,
+                0x9D, 0xEA, 0x00, 0xC0, 0x4F, 0xB1, 0x61, 0x62);
+__CRT_UUID_DECL(IShellFolderViewDual,  0xe7a1af80, 0x4d96,
+                0x11cf, 0x96, 0x0c, 0x00, 0x80, 0xc7, 0xf4, 0xee, 0x85);
+
+#ifndef SWC_DESKTOP /* Will probably be addedd in future mingw */
+#define SWC_DESKTOP 0x00000008
+/* from http://msdn.microsoft.com/en-us/library/windows/desktop/cc836581%28v=vs.85%29.aspx */
+#endif
+
+#undef INITGUID
+
+#ifdef DO_RELEASE_BUILD
+bool g_debug = false;
+#else
+bool g_debug = true;
+#endif
+
+typedef struct _stack_t
+{
+  struct _stack_t *next;
+  char text[1];          /* This should be the length of string_size. */
+} stack_t;
+
+static HINSTANCE g_hInstance; /* Our Instance. */
+
+#define UNUSED(x) (void)(x)
+
+/** @brief the actual execuation call on the shell dispatcher
+ *
+ * @param[in] disp The shell dispatcher to use for shell execute.
+ * @param[in] fName The file that should be exectued.
+ *
+ * @returns true on success.
+ */
+static bool
+shellexecute(IShellDispatch2 *disp, wchar_t *fName)
+{
+  BSTR bName = NULL,
+       bParam = NULL,
+       bDir = NULL,
+       bOp = NULL;
+  VARIANT vParams[4];
+  HRESULT hr;
+
+  if (!fName || !disp)
+    {
+      ERRORPRINTF ("Invalid call to shellexecute.");
+      return false;
+    }
+
+  bName = SysAllocString(fName);
+  bParam = SysAllocString(L"");
+  bDir = SysAllocString(L"");
+  bOp = SysAllocString(L"");
+
+  if (!bName || !bParam || !bDir || !bOp)
+    {
+      /* Out of memory */
+      ERRORPRINTF ("Failed to allocate bstr values ");
+      return false;
+    }
+
+  vParams[0].vt = VT_BSTR;
+  vParams[0].bstrVal = bParam;
+  vParams[1].vt = VT_BSTR;
+  vParams[1].bstrVal = bDir;
+  vParams[2].vt = VT_BSTR;
+  vParams[2].bstrVal = bOp;
+  vParams[3].vt = VT_INT;
+  vParams[3].intVal = SW_SHOWNORMAL;
+
+  hr = disp->ShellExecute(bName, vParams[0], vParams[1], vParams[2], vParams[3]);
+
+  SysFreeString(bName);
+  SysFreeString(bParam);
+  SysFreeString(bOp);
+  SysFreeString(bDir);
+
+  if (FAILED(hr))
+    {
+      ERRORPRINTF ("Failed to execute.");
+      return false;
+    }
+  return true;
+}
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Standard entry point for DLLs. */
+int WINAPI
+DllMain (HANDLE hinst, DWORD reason, LPVOID reserved)
+{
+  UNUSED(reserved);
+  if (reason == DLL_PROCESS_ATTACH)
+    g_hInstance = (HINSTANCE)hinst;
+  return TRUE;
+}
+
+/** @brief Execute a command with the current running shell.
+ *
+ * This function is intended to be called when you want to
+ * make sure that your application is not executed with higher
+ * privileges then the normal desktop session.
+ *
+ * The code is based on the idea:
+ * http://blogs.msdn.com/b/oldnewthing/archive/2013/11/18/10468726.aspx
+ *
+ * The function signature is explained by NSIS.
+ */
+void __declspec(dllexport) __cdecl Exec(HWND hwndParent,
+                                        int string_size,
+                                        char *variables,
+                                        stack_t **stacktop)
+{
+  UNUSED(hwndParent);
+  UNUSED(string_size);
+  HRESULT hr;
+  wchar_t *wbuf = NULL;
+  IShellWindows *shellWindows = NULL;
+  IShellBrowser *shellBrowser = NULL;
+  IShellView *shellView = NULL;
+  IShellFolderViewDual *folderView = NULL;
+  IShellDispatch2 *shellDispatch = NULL;
+  IServiceProvider *serviceProv = NULL;
+  HWND hwnd;
+  IDispatch *disp = NULL,
+             *bgDisp = NULL,
+              *sDisp = NULL;
+  VARIANT vEmpty = {};
+
+
+  if (!stacktop || !*stacktop || !(*stacktop)->text)
+    {
+      ERRORPRINTF ("Invalid call to exec :");
+      return;
+    }
+
+  /* Initialize com ctx */
+  hr = CoInitialize(NULL);
+  if(FAILED(hr))
+    {
+      ERRORPRINTF ("CoInitializeEx failed. error = 0x%lx.", hr);
+      return;
+    }
+
+  /* Get the shell interface */
+  hr = CoCreateInstance(CLSID_ShellWindows,
+                        NULL, CLSCTX_LOCAL_SERVER,
+                        IID_PPV_ARGS(&shellWindows));
+  if (FAILED(hr))
+    {
+      ERRORPRINTF ("Failed to get shell interface.");
+      goto done;
+    }
+
+  /* Get the desktop shell window */
+  hr = shellWindows->FindWindowSW(&vEmpty,
+                                  &vEmpty,
+                                  SWC_DESKTOP,
+                                  (long*)&hwnd,
+                                  SWFO_NEEDDISPATCH,
+                                  &disp);
+  if (FAILED(hr))
+    {
+      ERRORPRINTF ("Failed to find the desktop dispatcher.");
+      goto done;
+    }
+
+  hr = disp->QueryInterface(IID_PPV_ARGS(&serviceProv));
+
+  if (FAILED(hr))
+    {
+      ERRORPRINTF ("Failed to get the service provider.");
+      goto done;
+    }
+
+  /* Get the shell browser */
+  hr = serviceProv->QueryService(SID_STopLevelBrowser, IID_PPV_ARGS(&shellBrowser));
+  if (FAILED(hr))
+    {
+      ERRORPRINTF ("Failed to find the top level browser.");
+      goto done;
+    }
+
+  hr = shellBrowser->QueryActiveShellView(&shellView);
+
+  if (FAILED(hr))
+    {
+      ERRORPRINTF ("Failed to find the active view.");
+      goto done;
+    }
+
+  hr = shellView->GetItemObject(SVGIO_BACKGROUND, IID_PPV_ARGS(&bgDisp));
+
+  if (FAILED(hr))
+    {
+      ERRORPRINTF ("Failed to get the views background.");
+      goto done;
+    }
+
+  hr = bgDisp->QueryInterface(IID_PPV_ARGS(&folderView));
+
+  if (FAILED(hr))
+    {
+      ERRORPRINTF ("Failed to get the folder view.");
+      goto done;
+    }
+
+
+  hr = folderView->get_Application(&sDisp);
+
+  if (FAILED(hr))
+    {
+      ERRORPRINTF ("Failed to get the shell dispatch.");
+      goto done;
+    }
+
+  hr = sDisp->QueryInterface(IID_PPV_ARGS(&shellDispatch));
+
+  if (FAILED(hr))
+    {
+      ERRORPRINTF ("Failed to get the shell dispatch interface.");
+      goto done;
+    }
+
+  wbuf = utf8_to_wchar((*stacktop)->text, strlen((*stacktop)->text));
+  if (!wbuf)
+    {
+      ERRORPRINTF ("Failed to convert argument to wchar. error = 0x%lx.", hr);
+      goto done;
+    }
+
+  if (!shellexecute(shellDispatch, wbuf))
+    {
+      ERRORPRINTF ("Failed to execute.");
+    }
+  xfree (wbuf);
+done:
+  if (folderView)
+    {
+      folderView->Release();
+    }
+  if (disp)
+    {
+      disp->Release();
+    }
+  if (shellBrowser)
+    {
+      shellBrowser->Release();
+    }
+  if (shellWindows)
+    {
+      shellWindows->Release();
+    }
+  if (shellView)
+    {
+      shellView->Release();
+    }
+  if (sDisp)
+    {
+      sDisp->Release();
+    }
+  if (shellDispatch)
+    {
+      shellDispatch->Release();
+    }
+  if (serviceProv)
+    {
+      serviceProv->Release();
+    }
+  CoUninitialize();
+  return;
+}
+#ifdef __cplusplus
+}
+#endif
+
+
--- a/packaging/exdll.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/packaging/exdll.h	Tue Sep 16 19:45:19 2014 +0200
@@ -1,4 +1,4 @@
-/* exdll.h for use with gpg4win
+/* exdll.h for use with TrustBrdige
  * Copyright (C) 1999-2005 Nullsoft, Inc.
  * 
  * This license applies to everything in the NSIS package, except
@@ -25,6 +25,7 @@
  ************************************************************
  * 2005-11-14 wk  Applied license text to orginal exdll.h file from
  *                NSIS 2.0.4 and did some formatting changes.
+ * 2014-09-16 ah  Stripped out uneccesary stuff for TrustBridge plugin
  */
 
 #ifndef _EXDLL_H_
@@ -33,74 +34,6 @@
 /* only include this file from one place in your DLL.  (it is all
    static, if you use it in two places it will fail) */
 
-#define EXDLL_INIT()           {  \
-        g_stringsize=(unsigned int)string_size; \
-        g_stacktop=stacktop;      \
-        g_variables=variables; }
-
 /* For page showing plug-ins */
-#define WM_NOTIFY_OUTER_NEXT (WM_USER+0x8)
-#define WM_NOTIFY_CUSTOM_READY (WM_USER+0xd)
-#define NOTIFY_BYE_BYE 'x'
-
-typedef struct _stack_t {
-  struct _stack_t *next;
-  char text[1];          /* This should be the length of string_size. */
-} stack_t;
-
-
-static unsigned int g_stringsize;
-static stack_t **g_stacktop;
-static char *g_variables;
-
-enum
-  {
-    INST_0,         // $0
-    INST_1,         // $1
-    INST_2,         // $2
-    INST_3,         // $3
-    INST_4,         // $4
-    INST_5,         // $5
-    INST_6,         // $6
-    INST_7,         // $7
-    INST_8,         // $8
-    INST_9,         // $9
-    INST_R0,        // $R0
-    INST_R1,        // $R1
-    INST_R2,        // $R2
-    INST_R3,        // $R3
-    INST_R4,        // $R4
-    INST_R5,        // $R5
-    INST_R6,        // $R6
-    INST_R7,        // $R7
-    INST_R8,        // $R8
-    INST_R9,        // $R9
-    INST_CMDLINE,   // $CMDLINE
-    INST_INSTDIR,   // $INSTDIR
-    INST_OUTDIR,    // $OUTDIR
-    INST_EXEDIR,    // $EXEDIR
-    INST_LANG,      // $LANGUAGE
-    __INST_LAST
-};
-
-typedef struct {
-  int autoclose;
-  int all_user_var;
-  int exec_error;
-  int abort;
-  int exec_reboot;
-  int reboot_called;
-  int XXX_cur_insttype; /* deprecated */
-  int XXX_insttype_changed; /* deprecated */
-  int silent;
-  int instdir_error;
-  int rtl;
-  int errlvl;
-} exec_flags_t;
-
-typedef struct {
-  exec_flags_t *exec_flags;
-  int (__stdcall *ExecuteCodeSegment)(int, HWND);
-} extra_parameters_t;
 
 #endif//_EXDLL_H_
--- a/packaging/getxt-gen-l10n-array.sh	Tue Sep 02 14:25:40 2014 +0200
+++ b/packaging/getxt-gen-l10n-array.sh	Tue Sep 16 19:45:19 2014 +0200
@@ -1,12 +1,13 @@
-# -------------------------------------------------------------------
-# Copyright (C) 2014 by Intevation GmbH
+# Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
+# Software engineering by Intevation GmbH
+#
+# This file is Free Software under the GNU GPL (v>=2)
+# and comes with ABSOLUTELY NO WARRANTY!
+# See LICENSE.txt for details.
+#
 # Author(s):
 # Sascha Wilde <wilde@intevation.de>
 
-# This program is free software under the GNU GPL (>=v2)
-# Read the file COPYING coming with the software for details.
-# -------------------------------------------------------------------
-
 # Extract getxt strings from source and generate an array for usage in
 # the script using our getxt function.
 
@@ -20,7 +21,7 @@
 #        If ARRAYFILE exists, values already defined will be preserved,
 #        if the MSGID still exists.
 
-# FIXME: we can't handle quoted quotes: "\"" -- don't use them for
+# NOTE: we can't handle quoted quotes: "\"" -- don't use them for
 #        now...
 
 declare -a MSGIDS
--- a/packaging/linux-createpackage.sh.in	Tue Sep 02 14:25:40 2014 +0200
+++ b/packaging/linux-createpackage.sh.in	Tue Sep 16 19:45:19 2014 +0200
@@ -14,6 +14,8 @@
 if [ "$ARCH" != "i386" -a "$ARCH" != "x86_64" ]; then
     echo "Usage $0 <architecture>"
     echo "with archtiecture either i386 or x86_64"
+    echo "defaulting to x86_64"
+    ARCH=x86_64
 fi
 
 INSTALLER="@CMAKE_BINARY_DIR@/TrustBridge-@PROJECT_VERSION@.sh"
--- a/packaging/linux-installer.inc.in	Tue Sep 02 14:25:40 2014 +0200
+++ b/packaging/linux-installer.inc.in	Tue Sep 16 19:45:19 2014 +0200
@@ -1,4 +1,35 @@
 #!/bin/bash
+# Um TrustBridge zu installieren:
+# 1. Prüfen Sie ob Sie dieser Datei genügend vertrauen, um ihr die Kontrolle
+#    über diesen Rechner zu übergeben. Beispielsweise durch Vergleich mit 
+#    einer starken Prüfsumme aus einer zweiten, unabhängigen Quelle.
+# 2. Öffnen Sie eine Kommandozeile, z.B. klicken Sie auf das "Terminal"-Symbol.
+# 3. Wechseln Sie in das Verzeichnis, in welchem diese Datei gespeichert ist.
+#    Geben Sie Z.B. in die Kommandozeile ein: cd ~/Schreibtisch
+# 4. Starten Sie die Anwendung auf der Kommandozeile, beispielsweise
+#    als Installation nur für den aktuellen Nutzer, indem Sie eingeben:
+#    	bash TrustBridge-1.0.0-i386.sh
+#    Tipp: Die Tab-Taste nach dem "Tr" ergänzt oft den ganzen Namen.
+#
+# NB: Wir konnten kein übliches .deb Paket verwenden, da wir Ihnen
+# auch die Installation als reiner Nutzer ohne Admin-Rechte ermöglichen.
+#
+# To install TrustBridge:
+# 1. Verify that you trust this specific file far enough, that you are willing
+#    to hand over the control of your computer to it. For example compare
+#    a strong checksum of the file to one from a second, independent source.
+# 2. Open a command line, e.g. click on the "Terminal"-Symbol.
+# 3. Change your working directory to where this file is stored.
+#    For example type "cd ~/Desktop" on your command line.
+# 4. Start the installation on the command line, e.g. for the current user
+#    only by typing something like "bash TrustBridge-1.0.0-i386.sh". 
+#    Hint: If you press the tab-key after "Tr" it may complete the filename.
+#
+# N.B. We could not have used a .deb package, because the installation must 
+# also work without without adminstrator priviledges.
+#
+#
+# Search the file for 'version()' to find the license information.
 set -u
 
 ME=`basename "$0"`
@@ -14,6 +45,8 @@
 FORCE=0
 SYSINST=0
 DEINSTALL=0
+UPDATE=0
+SHOWAFTERUPDATE=0
 BINNAMES="###BINNAMES###"
 ICONNAME="###ICONNAME###"
 HELPNAMES="###HELPNAMES###"
@@ -68,9 +101,9 @@
 Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 Software engineering by Intevation GmbH
 
-This is free software.  You may redistribute copies of it under the terms of
-the GNU GPL (v>=2).   See LICENSE.txt for details.
-There is NO WARRANTY, to the extent permitted by law.
+This file is Free Software under the GNU GPL (v>=2)
+and comes with ABSOLUTELY NO WARRANTY!
+See LICENSE.txt for details.
 EOF
   exit 0
 }
@@ -123,7 +156,7 @@
 parse_args()
 {
   OPTS=`getopt \
-      -l deinstall,force,help,prefix:,system,version \
+      -l deinstall,update,show-after-update,force,help,prefix:,system,version \
       -o d,f,p:,s -n "$ME" -- "$@"`
   [ $? -eq 0 ] || usage 23
 
@@ -147,6 +180,14 @@
         DEINSTALL=1
         shift 1
         ;;
+      --update)
+        UPDATE=1
+        shift 1
+        ;;
+      --show-after-update)
+        SHOWAFTERUPDATE=1
+        shift 1
+        ;;
       --help)
         usage 0
         ;;
@@ -163,6 +204,11 @@
 
 init_vars()
 {
+  if [ -n "${SUDO_USER-}" ] ; then
+    # Default to system wide installation when running with sudo
+    SYSINST=1
+  fi
+
   if [ $SYSINST -eq 1 ] ; then
       inst_default_prefix="$SYSDEFAULT_PREFIX"
       instcfg_path="${SYSCFGPATH}"
@@ -175,12 +221,53 @@
     instdata_path="${DATAPATH}"
     autostart_path=${XDG_CONFIG_HOME:-~/.config/autostart}
     startmenu_path=${XDG_DATA_HOME:-~/.local/share/applications}
+    if [ $DEINSTALL -eq 1 ] ; then
+        if [ ! -r ${instcfg_path}/${INSTCFGNAME} ]; then
+            if [ -r ${SYSCFGPATH}/${INSTCFGNAME} ]; then
+                # Fall back to system uninstallation if no user config found
+                SYSINST=1
+                init_vars
+                check_priv
+            fi
+        fi
+    fi
   fi
   instcfg_file="${instcfg_path}/${INSTCFGNAME}"
   extra_bin_path=`mktemp --tmpdir -d tmpbin.XXXXXXXXXX`
   HOST_ARCH=$(uname -m)
 }
 
+finished()
+{
+  echo
+  echo "#################################################################################"
+  if [ $SYSINST -eq 1 ]; then
+    getxt "System wide installation successful.\n"
+    RUNCMD="su -l $SUDO_USER -c "
+  else
+    getxt "Single user installation successful.\n"
+    RUNCMD=""
+  fi
+  getxt "TrustBridge has been installed to: '%s'\n\n" "${instcfg[PREFIX]}"
+
+  getxt "To remove the application and the root certificates it has inserted,\n"
+  getxt "call the deinstall command:\n"
+  echo "  $RUNCMD ${instcfg[PREFIX]}/bin/trustbridge-deinstall-TODO.sh"
+
+  echo "#################################################################################"
+  getxt "Press enter to launch '%s'\n" "${instcfg[PREFIX]}/bin/trustbridge"
+  if [ $UPDATE -eq 0 ]; then
+    read
+    $RUNCMD "${instcfg[PREFIX]}/bin/trustbridge" &
+  else
+    if [ $SHOWAFTERUPDATE -eq 0 ]; then
+      $RUNCMD "${instcfg[PREFIX]}/bin/trustbridge" --tray &
+    else
+      $RUNCMD "${instcfg[PREFIX]}/bin/trustbridge" &
+    fi
+  fi
+}
+
 cleanup()
 {
   getxt "Cleaning up temporary stuff ...\n"
@@ -217,7 +304,7 @@
 check_priv()
 {
   if [ $SYSINST -eq 1 -a "$UID" -ne 0 ] ; then
-      fatal "System wide installation requires root privileges!\n"
+      fatal "System wide installation or deinstallation requires root privileges!\n"
   fi
 }
 
@@ -495,8 +582,8 @@
 trap cleanup EXIT
 
 parse_args "$@"
+check_priv
 init_vars
-check_priv
 read_oldinstcfg
 
 cat <<EOF
@@ -588,6 +675,8 @@
 getxt "Writing installation configuration to: %s ...\n" "$instcfg_file"
 write_instcfg
 
+finished
+
 # cleanup
 # is called implicitly at exit via trap...
 exit 0
--- a/packaging/linux-installer.l10n-de	Tue Sep 02 14:25:40 2014 +0200
+++ b/packaging/linux-installer.l10n-de	Tue Sep 16 19:45:19 2014 +0200
@@ -1,59 +1,65 @@
 L10N_DE=(
-  ["                     installation with different prefix exists.\n"]="                     bereits eine Installation in einem andern Pfad existiert.\n"
-  ["      --help         display this help and exit\n"]="      --help         diese Hilfe anzeigen und beenden\n"
-  ["      --version      output version information and exit\n"]="      --version      Versions-Information ausgeben und beenden\n"
-  ["  -d, --deinstall    deinstall files from current installation\n"]="  -d, --deinstall    vorhandene Installation deinstallieren\n"
-  ["  -f, --force        install to given prefix, even when a current\n"]="  -f, --force        installiere in den angegebenen Installations-Pfad auch wenn\n"
-  ["  -p, --prefix=PATH  install files in PATH\n"]="  -p, --prefix=PATH  den Installations-Pfad PATH verwenden\n"
-  ["  -s, --system       create a system wide (de)installation\n"]="  -s, --system       eine systemweite (De)Installation durchführen\n"
   ["An existing installation (v%s) was detected!\n"]="Es wurde eine vorhandene Installation (v%s) gefunden!\n"
   ["Answer [Y]es or [N]o:\n"]="Bitte [J]a oder [N]ein eingeben:\n"
+  ["call the deinstall command:\n"]="rufen Sie den De-Installationsbefehl auf:\n"
+  ["checking for uudecode ...\n"]="Prüfe uudecode ...\n"
   ["Cleaning up temporary stuff ...\n"]="Räume temporäre Dateien auf ...\n"
   ["Could not create '%s'!\n"]="Konnte '%s' nicht erstellen!\n"
+  ["creating installation directory ...\n"]="lege das Installations-Verzeichnis an ...\n"
+  ["  -d, --deinstall    deinstall files from current installation\n"]="  -d, --deinstall    vorhandene Installation deinstallieren\n"
   ["Deinstallation failed.\n"]="Deinstallation fehlgeschlagen.\n"
   ["Deinstallation finished.\n"]="Deinstallation abgeschlossen.\n"
   ["Deinstalling from '%s'.\n"]="Deinstalliere aus '%s'.\n"
+  ["Deleting empty directory '%s' ...\n"]="Lösche das leere Verzeichnis '%s' ...\n"
   ["Deleting '%s' ...\n"]="Lösche '%s' ...\n"
-  ["Deleting empty directory '%s' ...\n"]="Lösche das leere Verzeichnis '%s' ...\n"
   ["Failed to create autostart directory: '%s'\n"]="Konnte das autostart-Verzeichnis '%s' nicht erstellen\n"
   ["Failed to create startmenu directory: '%s'\n"]="Konnte das Startmenü-Verzeichnis '%s' nicht erstellen\n"
+  ["  -f, --force        install to given prefix, even when a current\n"]="  -f, --force        installiere in den angegebenen Installations-Pfad auch wenn\n"
   ["For a new prefix you should deinstall first!\n"]="Um einen neuen Installations-Pfad zu verwenden bitte erst deinstallieren!\n"
   ["Found system uudecode.\n"]="System uudecode gefunden.\n"
+  ["      --help         display this help and exit\n"]="      --help         diese Hilfe anzeigen und beenden\n"
+  ["Installation failed.\n"]="Installation fehlgeschlagen.\n"
+  ["                     installation with different prefix exists.\n"]="                     bereits eine Installation in einem andern Pfad existiert.\n"
+  ["Installing to '%s':\n"]="Installiere in '%s':\n"
   ["Install TrustBridge.\n\n"]="Installiere TrustBridge.\n\n"
-  ["Installation failed.\n"]="Installation fehlgeschlagen.\n"
-  ["Installing to '%s':\n"]="Installiere in '%s':\n"
+  ["It appears your system architecture is %s.\n"]="Dieses System scheint eine %s Architektur zu besitzen.\n"
   ["It is HIGHLY RECOMMENDED to accept the default prefix\n"]="Es wird DRINGEND EMPFOHLEN die Vorgabe zu akzeptieren\n"
   ["No certificate list found.  Nothing to do.\n"]="Keine Zertifikatsliste gefunden.  Es muss nichts getan werden.\n"
   ["No current installation found!  No harm done.\n"]="Keine vorhandene Installation gefunden!\n"
   ["Options:\n"]="Optionen:\n"
+  ["  -p, --prefix=PATH  install files in PATH\n"]="  -p, --prefix=PATH  den Installations-Pfad PATH verwenden\n"
   ["Prefix differs from current installation (%s).  Aborting!\n"]="Installations-Pfad weicht von vorhandener Installation (%s) ab.\nVorgang abgebrochen!\n"
   ["Preparing trustbridge-tray-starter ...\n"]="Bereite trustbridge-tray-starter vor ...\n"
+  ["Press enter to launch '%s'\n"]="Drücken Sie die Eingabetaste um '%s' auszuführen\n"
   ["Reading '%s' ...\n"]="Lese '%s' ...\n"
   ["Really deinstall TrustBridge from '%s'? [y/n]\n"]="Soll TrustBridge wirklich aus '%s' deinstalliert werden? [j/n]\n"
+  ["Really install TrustBridge for '%s' systems? [y/n]\n"]="Soll TrustBridge für '%s' wirklich installiert werden? [j/n]\n"
+  ["Removing certificate lists from: %s:\n"]="Entferne Zertifikatsliste aus: %s\n"
+  ["Removing configuration files:\n"]="Entferne Konfigurationsdateien:\n"
+  ["Removing cron job ...\n"]="Entferne den Cron-Job ...\n"
   ["Removing PID file from: %s:\n"]="Entferne PID-File aus: %s\n"
   ["Removing TrustBridge from autostart\n"]="Entferne TrustBridge aus autostart\n"
   ["Removing TrustBridge from start menu\n"]="Entferne TrustBridge aus dem Startmenü\n"
-  ["Removing certificate lists from: %s:\n"]="Entferne Zertifikatsliste aus: %s\n"
-  ["Removing configuration files:\n"]="Entferne Konfigurationsdateien:\n"
-  ["Removing cron job ...\n"]="Entferne den Cron-Job ...\n"
   ["Select installation prefix for TrustBridge [%s]: "]="Installations-Pfad für TrustBridge [%s]: "
   ["Setting up autostart ...\n"]="Konfiguriere autostart ...\n"
   ["Setting up cronjob ...\n"]="Konfiguriere den Cron-Job ...\n"
   ["Setting up start menu entries ...\n"]="Konfiguriere Startmenü-Einträge...\n"
-  ["System wide installation requires root privileges!\n"]="Für die systemweite Installation werden root-Rechte benötigt!\n"
+  ["Single user installation successful.\n"]="Einzelnutzer Installation erfolgreich.\n"
+  ["  -s, --system       create a system wide (de)installation\n"]="  -s, --system       eine systemweite (De)Installation durchführen\n"
+  ["System wide installation or deinstallation requires root privileges!\n"]="Für die systemweite Installation werden root-Rechte benötigt!\n"
+  ["System wide installation successful.\n"]="Systemweite Installation erfolgreich.\n"
+  ["This installer is for 32 bit systems.\n"]="Dieses Installationspaket ist für 32 bit Systeme.\n"
+  ["This installer is for 64 bit systems.\n"]="Dieses Installationspaket ist für 64 bit Systeme.\n"
+  ["To remove the application and the root certificates it has inserted,\n"]="Um die Anwendung und die eingefügten Wurzelzertifikate zu entfernen,\n"
+  ["to update the current installation.\n"]="um die vorhandene Installation zu aktualisieren.\n"
+  ["TrustBridge has been installed to: '%s'\n\n"]="TrustBridge wurde nach '%s' installiert\n\n"
   ["Uninstalling certificates ...\n"]="Deinstalliere Zertifikate ...\n"
+  ["unpacking files ...\n"]="Entpacke Dateien ...\n"
   ["Usage: %s [OPTION]...\n"]="Aufruf:  %s [OPTION]...\n"
   ["Using certificate list '%s'.\n"]="Die Zertifikatsliste '%s' wird verwendet.\n"
   ["Using python uudecode provided by installer.\n"]="Verwende vom Installer bereitgestelltes python uudecode.\n"
+  ["      --version      output version information and exit\n"]="      --version      Versions-Information ausgeben und beenden\n"
+  ["WARNING: can't execute %s for certificate deinstallation.\n"]="WARNUNG: '%s' kann nicht zum deinstallieren der Zertifikate ausgeführt werden.\n"
   ["WARNING: Could not delete: '%s'!\n"]="WARNUNG: Konnte '%s' nicht löschen!\n"
-  ["WARNING: can't execute %s for certificate deinstallation.\n"]="WARNUNG: '%s' kann nicht zum deinstallieren der Zertifikate ausgeführt werden.\n"
   ["Writing installation configuration to: %s ...\n"]="Schreibe Installationskonfiguration nach: %s ...\n"
-  ["checking for uudecode ...\n"]="Prüfe uudecode ...\n"
-  ["creating installation directory ...\n"]="lege das Installations-Verzeichnis an ...\n"
-  ["to update the current installation.\n"]="um die vorhandene Installation zu aktualisieren.\n"
-  ["unpacking files ...\n"]="Entpacke Dateien ...\n"
-  ["It appears your system architecture is %s.\n"]="Dieses System scheint eine %s Architektur zu besitzen.\n"
-  ["This installer is for 64 bit systems.\n"]="Dieses Installationspaket ist für 64 bit Systeme.\n"
-  ["This installer is for 32 bit systems.\n"]="Dieses Installationspaket ist für 32 bit Systeme.\n"
-  ["Really install TrustBridge for '%s' systems? [y/n]\n"]="Soll TrustBridge für '%s' wirklich installiert werden? [j/n]\n"
 )
--- a/packaging/safer_run_as.c	Tue Sep 02 14:25:40 2014 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,67 +0,0 @@
-#include <windows.h>
-#include "exdll.h"
-#include "util.h"
-#include "logging.h"
-
-static HINSTANCE g_hInstance; /* Our Instance. */
-static HWND g_hwndParent;     /* Handle of parent window or NULL. */
-
-#define UNUSED(x) (void)(x)
-
-/* Standard entry point for DLLs. */
-int WINAPI
-DllMain (HANDLE hinst, DWORD reason, LPVOID reserved)
-{
-  UNUSED(reserved);
-  if (reason == DLL_PROCESS_ATTACH)
-    g_hInstance = hinst;
-  return TRUE;
-}
-
-void __declspec(dllexport) __cdecl Exec(HWND hwndParent,
-                                        int string_size,
-                                        char *variables,
-                                        stack_t **stacktop)
-{
-  HANDLE restricted_token = NULL;
-  STARTUPINFO si;
-  PROCESS_INFORMATION pi;
-
-  EXDLL_INIT();
-
-  UNUSED(hwndParent);
-  UNUSED(g_hwndParent);
-
-  memset(&si, 0, sizeof(STARTUPINFO));
-
-  if (!stacktop || !*stacktop || !(*stacktop)->text)
-    {
-      ERRORPRINTF ("Invalid call to exec\n");
-      return;
-    }
-
-  restricted_token = get_normal_token();
-
-  if (restricted_token == NULL || restricted_token == INVALID_HANDLE_VALUE)
-    {
-      ERRORPRINTF ("Failed to obtain restricted token.\n");
-      return;
-    }
-
-  if (CreateProcessAsUser(restricted_token,
-                          0,
-                          (*stacktop)->text,
-                          0,
-                          0,
-                          FALSE,
-                          CREATE_NEW_CONSOLE,
-                          0,
-                          0,
-                          &si,
-                          &pi))
-    {
-      CloseHandle(pi.hProcess);
-      CloseHandle(pi.hThread);
-    }
-}
-
--- a/packaging/trustbridge.nsi	Tue Sep 02 14:25:40 2014 +0200
+++ b/packaging/trustbridge.nsi	Tue Sep 16 19:45:19 2014 +0200
@@ -188,8 +188,7 @@
 ; the UI elevated as this could be a security
 ; problem.
 Function RunAsUser
-  SaferRunAs::Exec "cmd.exe"
-  ;$INSTDIR\trustbridge.exe"
+  DesktopShellRun::Exec "$INSTDIR\trustbridge.exe"
 FunctionEnd
 
 ;--------------------------------
--- a/packaging/win-createpackage.sh.in	Tue Sep 02 14:25:40 2014 +0200
+++ b/packaging/win-createpackage.sh.in	Tue Sep 16 19:45:19 2014 +0200
@@ -30,6 +30,7 @@
     -Dversion_number=@PROJECT_VERSION@ \
     -Dsetupname="$TMPINST" \
     -Dproductname="TrustBridge" \
+    -Ddescription="TrustBridge" \
     -Dpath_sep="/" \
     -Dinfo_url="http://wald.intevation.org/projects/trustbridge/" \
     -Dsize=$EST_SIZE \
@@ -46,6 +47,7 @@
     -Dversion_number=@PROJECT_VERSION@ \
     -Dsetupname="@CMAKE_BINARY_DIR@/TrustBridge-@PROJECT_VERSION@.exe" \
     -Dproductname="TrustBridge" \
+    -Ddescription="TrustBridge" \
     -Dpath_sep="/" \
     -Dinfo_url="http://wald.intevation.org/projects/trustbridge/" \
     -Dsize=$EST_SIZE \
@@ -55,6 +57,6 @@
    -key @CMAKE_SOURCE_DIR@/ui/tests/data/codesign/codesigning.key \
    -h sha256 -in @CMAKE_BINARY_DIR@/TrustBridge-@PROJECT_VERSION@.exe \
    -out @CMAKE_BINARY_DIR@/TrustBridge-@PROJECT_VERSION@-signed.exe
-mv @CMAKE_BINARY_DIR@/TrustBridge-@PROJECT_VERSION@-signed.exe CMAKE_BINARY_DIR@/TrustBridge-@PROJECT_VERSION@.exe
+mv @CMAKE_BINARY_DIR@/TrustBridge-@PROJECT_VERSION@-signed.exe @CMAKE_BINARY_DIR@/TrustBridge-@PROJECT_VERSION@.exe
 
 rm -r $TMPDIR
--- a/patches/0001-Implement-CURLOPT_SSLVERSION-for-polarssl.patch	Tue Sep 02 14:25:40 2014 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,47 +0,0 @@
-From bebf7d617091042828fc5838170b35c42ab60396 Mon Sep 17 00:00:00 2001
-From: Andre Heinecke <aheinecke@intevation.de>
-Date: Mon, 1 Sep 2014 16:06:03 +0200
-Subject: [PATCH 1/3] Implement CURLOPT_SSLVERSION for polarssl
-
-    Forwards the setting as minimum ssl version to polarssl.
-    If the server does not support the requested version the
-    SSL Handshake will fail.
----
- lib/vtls/polarssl.c | 21 +++++++++++++++++++++
- 1 file changed, 21 insertions(+)
-
-diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
-index f948486..e18cadf 100644
---- a/lib/vtls/polarssl.c
-+++ b/lib/vtls/polarssl.c
-@@ -270,6 +270,27 @@ polarssl_connect_step1(struct connectdata *conn,
-     return CURLE_SSL_CONNECT_ERROR;
-   }
- 
-+  if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) {
-+    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
-+                        SSL_MINOR_VERSION_0);
-+    infof(data, "PolarSSL: Forced min. SSL Version to be SSLv3\n");
-+  }
-+  else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_0) {
-+    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
-+                        SSL_MINOR_VERSION_1);
-+    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.0\n");
-+  }
-+  else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_1) {
-+    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
-+                        SSL_MINOR_VERSION_2);
-+    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.1\n");
-+  }
-+  else if(data->set.ssl.version == CURL_SSLVERSION_TLSv1_2) {
-+    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
-+                        SSL_MINOR_VERSION_3);
-+    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.2\n");
-+  }
-+
-   ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT);
-   ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL);
- 
--- 
-1.9.1
-
--- a/patches/0002-Add-CURLOPT_PEERCERT-option-to-pin-a-peer-cert.patch	Tue Sep 02 14:25:40 2014 +0200
+++ b/patches/0002-Add-CURLOPT_PEERCERT-option-to-pin-a-peer-cert.patch	Tue Sep 16 19:45:19 2014 +0200
@@ -1,16 +1,16 @@
-From c57d951c3bda8b1ca66cac45dfd6270fa34b01d3 Mon Sep 17 00:00:00 2001
+From e5c7feec5151299975fe03184cc322ea51fb45c2 Mon Sep 17 00:00:00 2001
 From: Andre Heinecke <aheinecke@intevation.de>
-Date: Mon, 1 Sep 2014 16:55:40 +0200
-Subject: [PATCH 2/3] Add CURLOPT_PEERCERT option to pin a peer cert
+Date: Fri, 12 Sep 2014 13:01:07 +0200
+Subject: [PATCH 2/2] Add CURLOPT_PEERCERT option to pin a peer cert
 
-    Only implemented for a specific usecase with polarssl
+    This is only implemented for a specific usecase with polarssl
 ---
  include/curl/curl.h          |  3 +++
  include/curl/typecheck-gcc.h |  1 +
  lib/url.c                    |  8 ++++++++
  lib/urldata.h                |  1 +
- lib/vtls/polarssl.c          | 42 ++++++++++++++++++++++++++++++++++++++++--
- 5 files changed, 53 insertions(+), 2 deletions(-)
+ lib/vtls/polarssl.c          | 41 +++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 54 insertions(+)
 
 diff --git a/include/curl/curl.h b/include/curl/curl.h
 index d40b2db..20a9d82 100644
@@ -39,7 +39,7 @@
     (option) == CURLOPT_SSH_KNOWNHOSTS ||                                      \
     (option) == CURLOPT_MAIL_FROM ||                                           \
 diff --git a/lib/url.c b/lib/url.c
-index 89c3fd5..b089cdf 100644
+index 67126ab3..5721ee2 100644
 --- a/lib/url.c
 +++ b/lib/url.c
 @@ -2015,6 +2015,14 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
@@ -70,69 +70,64 @@
    STRING_PASSWORD,        /* <password>, if used */
    STRING_OPTIONS,         /* <options>, if used */
 diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
-index e18cadf..2c40e36 100644
+index 08dc4c6..8f34901 100644
 --- a/lib/vtls/polarssl.c
 +++ b/lib/vtls/polarssl.c
-@@ -360,6 +360,7 @@ polarssl_connect_step2(struct connectdata *conn,
- #ifdef HAS_ALPN
-   const char* next_protocol;
- #endif
-+  const x509_crt *peer_cert = NULL;
+@@ -403,6 +403,44 @@ polarssl_connect_step1(struct connectdata *conn,
+   return CURLE_OK;
+ }
  
-   char errorbuf[128];
-   memset(errorbuf, 0, sizeof(errorbuf));
-@@ -419,12 +420,49 @@ polarssl_connect_step2(struct connectdata *conn,
-     return CURLE_PEER_FAILED_VERIFICATION;
-   }
- 
--  if(ssl_get_peer_cert(&(connssl->ssl))) {
-+  peer_cert = ssl_get_peer_cert(&(connssl->ssl));
-+  if(peer_cert) {
-+    if(data->set.str[STRING_SSL_PEERCERT]) {
-+      x509_crt pinned_cert;
-+      unsigned int i;
-+
-+      /* Handle pinned certificate */
-+      x509_crt_init(&pinned_cert);
-+      ret = x509_crt_parse_file(&pinned_cert,
-+                                data->set.str[STRING_SSL_PEERCERT]);
++static int
++pinned_verify(void *pinned_cert_file_name, x509_crt *crt,
++              int depth, int *flags)
++{
++  x509_crt pinned_cert;
++  x509_crt *leaf = crt;
++  unsigned int i;
++  int ret;
 +
-+      if(ret) {
-+#ifdef POLARSSL_ERROR_C
-+        error_strerror(ret, errorbuf, sizeof(errorbuf));
-+#endif /* POLARSSL_ERROR_C */
-+        failf(data, "Error reading peer cert file %s - PolarSSL: (-0x%04X) %s",
-+              data->set.str[STRING_SSL_PEERCERT], -ret, errorbuf);
-+
-+        x509_crt_free(&pinned_cert);
-+        return CURLE_PEER_FAILED_VERIFICATION;
-+      }
++  if (pinned_cert_file_name == NULL || crt == NULL) {
++    *flags |= BADCERT_NOT_TRUSTED;
++    return *flags;
++  }
 +
-+      if (peer_cert->raw.len == 0 ||
-+        peer_cert->raw.len != pinned_cert.raw.len) {
-+        failf(data, "Error validating peer certificate. Size does "
-+              "not match the certificate set with PEERCERT option.\n");
-+        x509_crt_free(&pinned_cert);
-+        return CURLE_PEER_FAILED_VERIFICATION;
-+      }
-+      for (i = 0; i < peer_cert->raw.len; i++) {
-+        if (peer_cert->raw.p[i] != pinned_cert.raw.p[i]) {
-+            failf(data, "Error validating peer certificate. Does "
-+                  "not match the certificate set with PEERCERT option.\n");
-+            return CURLE_PEER_FAILED_VERIFICATION;
-+        }
-+      }
-+    }
++  x509_crt_init(&pinned_cert);
++  ret = x509_crt_parse_file(&pinned_cert, pinned_cert_file_name);
 +
-     /* If the session was resumed, there will be no peer certs */
-     memset(buffer, 0, sizeof(buffer));
++  if(ret) {
++    x509_crt_free(&pinned_cert);
++    *flags |= BADCERT_NOT_TRUSTED;
++    return *flags;
++  }
++
++  while (leaf->next) {
++    leaf = leaf->next;
++  }
++
++  ret = memcmp(pinned_cert.raw.p, leaf->raw.p, pinned_cert.raw.len);
++  x509_crt_free(&pinned_cert);
++  if (ret == 0) {
++    *flags = 0;
++    return 0;
++  }
++
++  *flags |= BADCERT_NOT_TRUSTED;
++  return *flags;
++}
++
+ static CURLcode
+ polarssl_connect_step2(struct connectdata *conn,
+                      int sockindex)
+@@ -422,6 +460,9 @@ polarssl_connect_step2(struct connectdata *conn,
+   conn->recv[sockindex] = polarssl_recv;
+   conn->send[sockindex] = polarssl_send;
  
-     if(x509_crt_info(buffer, sizeof(buffer), (char *)"* ",
--                     ssl_get_peer_cert(&(connssl->ssl))) != -1)
-+                     peer_cert) != -1)
-       infof(data, "Dumping cert info:\n%s\n", buffer);
-   }
- 
++  if(data->set.str[STRING_SSL_PEERCERT])
++    ssl_set_verify (&connssl->ssl, pinned_verify, data->set.str[STRING_SSL_PEERCERT]);
++
+   for(;;) {
+     if(!(ret = ssl_handshake(&connssl->ssl)))
+       break;
 -- 
 1.9.1
 
--- a/patches/0003-Add-possibility-to-force-polarssl-ciphersuites.patch	Tue Sep 02 14:25:40 2014 +0200
+++ b/patches/0003-Add-possibility-to-force-polarssl-ciphersuites.patch	Tue Sep 16 19:45:19 2014 +0200
@@ -1,14 +1,14 @@
-From a36ec2b65e81109c151759b282c221daf91b83ee Mon Sep 17 00:00:00 2001
+From 6389827510dbeed12dfcc4a50d885fd70de6ac65 Mon Sep 17 00:00:00 2001
 From: Andre Heinecke <aheinecke@intevation.de>
 Date: Tue, 2 Sep 2014 09:58:44 +0200
-Subject: [PATCH] Add possibility to force polarssl ciphersuites.
+Subject: [PATCH 1/2] Add possibility to force polarssl ciphersuites.
 
 ---
  lib/vtls/polarssl.c | 41 +++++++++++++++++++++++++++++++++++++++--
  1 file changed, 39 insertions(+), 2 deletions(-)
 
 diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
-index 2c40e36..c3f1b8e 100644
+index 5332b92..08dc4c6 100644
 --- a/lib/vtls/polarssl.c
 +++ b/lib/vtls/polarssl.c
 @@ -55,6 +55,7 @@
@@ -37,7 +37,7 @@
  
  static CURLcode
  polarssl_connect_step1(struct connectdata *conn,
-@@ -300,7 +303,41 @@ polarssl_connect_step1(struct connectdata *conn,
+@@ -318,7 +321,41 @@ polarssl_connect_step1(struct connectdata *conn,
                net_recv, &conn->sock[sockindex],
                net_send, &conn->sock[sockindex]);
  
--- a/ui/CMakeLists.txt	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/CMakeLists.txt	Tue Sep 16 19:45:19 2014 +0200
@@ -223,3 +223,49 @@
   configure_file(trustbridge-tray-starter.sh trustbridge-tray-starter.sh COPYONLY)
   install(FILES trustbridge-tray-starter.sh DESTINATION bin)
 endif()
+
+# Strip the binaries
+if (WIN32)
+   add_custom_command(
+      TARGET trustbridge
+      POST_BUILD
+      COMMAND ${CMAKE_STRIP} trustbridge.exe
+   )
+   add_custom_command(
+      TARGET trustbridge-admin
+      POST_BUILD
+      COMMAND ${CMAKE_STRIP} trustbridge-admin.exe
+   )
+   if (NOT RELEASE_BUILD)
+      message("Status will sign.")
+      add_custom_command(
+         TARGET trustbridge
+         POST_BUILD
+         COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_SOURCE_DIR}/ui/tests/data/codesign/codesigning.pem
+         -key ${CMAKE_SOURCE_DIR}/ui/tests/data/codesign/codesigning.key
+         -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/trustbridge.exe
+         -out ${CMAKE_CURRENT_BINARY_DIR}/trustbridge-signed.exe &&
+         mv ${CMAKE_CURRENT_BINARY_DIR}/trustbridge-signed.exe ${CMAKE_CURRENT_BINARY_DIR}/trustbridge.exe
+         )
+      add_custom_command(
+         TARGET trustbridge-admin
+         POST_BUILD
+         COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_SOURCE_DIR}/ui/tests/data/codesign/codesigning.pem
+         -key ${CMAKE_SOURCE_DIR}/ui/tests/data/codesign/codesigning.key
+         -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/trustbridge-admin.exe
+         -out ${CMAKE_CURRENT_BINARY_DIR}/trustbridge-admin-signed.exe &&
+         mv ${CMAKE_CURRENT_BINARY_DIR}/trustbridge-admin-signed.exe ${CMAKE_CURRENT_BINARY_DIR}/trustbridge-admin.exe
+         )
+    endif()
+else()
+   add_custom_command(
+      TARGET trustbridge
+      POST_BUILD
+      COMMAND strip trustbridge
+   )
+   add_custom_command(
+      TARGET trustbridge-admin
+      POST_BUILD
+      COMMAND strip trustbridge-admin
+   )
+endif()
--- a/ui/administrator.cpp	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/administrator.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -40,6 +40,25 @@
  Q_IMPORT_PLUGIN(QXcbIntegrationPlugin)
 #endif
 
+#ifdef DO_RELEASE_BUILD
+bool g_debug = false;
+#else
+bool g_debug = true;
+#endif
+
+QtMessageHandler g_default_msg_handler = NULL;
+
+void filterDebugOutput(QtMsgType type, const QMessageLogContext &context, const QString &msg)
+{
+    if (!g_debug && type == QtDebugMsg) {
+        return;
+    }
+
+    if (g_default_msg_handler) {
+        (*g_default_msg_handler)(type, context, msg);
+    }
+}
+
 int main(int argc, char **argv)
 {
     QApplication app (argc, argv);
@@ -58,6 +77,11 @@
         return 0;
     }
 
+    if (arguments.contains("--debug")) {
+        g_debug = true;
+    }
+    g_default_msg_handler = qInstallMessageHandler(filterDebugOutput);
+
     QTranslator translator;
     if (QLocale::system().name() == "C") {
         /* Useful for testing / development as the primary target is german */
--- a/ui/administratorwindow.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/administratorwindow.h	Tue Sep 16 19:45:19 2014 +0200
@@ -48,7 +48,7 @@
      * saved as current.
      *
      * @param currentCerts  Path to the current certificate list file.
-     * @param certFingerprint The fingerprint of the signing key used.
+     * @param keyFingerprint The fingerprint of the signing key used.
      */
     void logChanges(const QString &currentCerts, const QString &keyFingerprint);
 
--- a/ui/certificateitemwidget.cpp	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/certificateitemwidget.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -10,40 +10,31 @@
 #include <QHBoxLayout>
 #include <QDebug>
 #include <QStyleFactory>
+#include <QToolButton>
 
 CertificateItemWidget::CertificateItemWidget(QWidget *parent,
                                              const Certificate &cert,
                                              bool state,
-                                             bool editable,
-                                             const QString &installLabel,
-                                             const QString &removeLabel) :
+                                             QToolButton *btn) :
     QWidget(parent),
-    mInstallLabel (installLabel),
-    mRemoveLabel (removeLabel)
+    mButton(btn)
 {
     mCertificate = cert;
-    mState = state;
-    mEditable = editable;
+    mOriginalState = state;
+    btn->setCheckable(true);
+    btn->setStyleSheet("QToolButton:Checked{"
+         "border: 1px solid #8f8f91;"
+         "background-color: qlineargradient(x1: 0, y1: 0, x2: 0, y2: 1,"
+                                           "stop: 0 #f6f7fa, stop: 1 #dadbde);"
+    "}"
+    );
+    setState(state);
     setupGUI();
 }
 
-
-/* We use the label as data to hide it in the normal dropdown menu and only
- * show it when the popup is shown.*/
-
 void CertificateItemWidget::setupGUI()
 {
     mLabel = new QLabel;
-    mComboBox = new IconOnlyTextPopupBox;
-    QStyle *fusionStyle = QStyleFactory::create("Fusion");
-    if (!fusionStyle) {
-        qDebug() << "Failed to create fusion style";
-    } else {
-        mComboBox->setStyle(fusionStyle);
-    }
-
-    mComboBox->setIconSize(QSize(32, 32));
-    mComboBox->setFixedWidth(64);
 
     setSizePolicy(QSizePolicy::Preferred, QSizePolicy::Minimum);
 
@@ -61,76 +52,40 @@
     mLabel->setTextInteractionFlags(
         Qt::TextSelectableByMouse |
         Qt::TextSelectableByKeyboard);
-    mComboBox->setSizePolicy(QSizePolicy::Minimum, QSizePolicy::Minimum);
-    connect(mComboBox, SIGNAL(currentIndexChanged(int)),
-        this, SLOT(currentStateChanged(int)));
+    mButton->setSizePolicy(QSizePolicy::Minimum, QSizePolicy::Minimum);
+    connect(mButton, SIGNAL(toggled (bool)),
+        this, SLOT(currentStateChanged(bool)));
 
     QHBoxLayout *layout = new QHBoxLayout;
-    if (mCertificate.isInstallCert()) {
-        mComboBox->addItem(QIcon(":/img/security-high.png"), QString(), mInstallLabel);
-        mComboBox->addItem(QIcon(":/img/security-low.png"), QString(), mRemoveLabel);
-        if (mState) {
-            mComboBox->setCurrentIndex(0);
-            mComboBox->setToolTip(tr("This certificate is currently installed."));
-	}
-        else {
-            mComboBox->setCurrentIndex(1);
-            mComboBox->setToolTip(tr("This certificate is currently not installed."));
-        }
-        layout->addWidget(mComboBox);
-    }
-    else if (!mCertificate.isInstallCert() && !mEditable){
-        QImage *img = new QImage(":/img/trash-empty.png");
-        QLabel *imgLabel = new QLabel;
-        imgLabel->setPixmap(QPixmap::fromImage(*img));
-        imgLabel->setFixedSize(64, 64);
-        imgLabel->setMargin(8);
-        imgLabel->setToolTip(tr("This certificate was uninstalled."));
-        layout->addWidget(imgLabel);
-    }
-    else {
-        mComboBox->addItem(QIcon(":/img/trash-empty.png"), QString(), tr("uninstall"));
-        mComboBox->addItem(QIcon(":/img/security-medium.png"), QString(), tr("keep"));
-        mComboBox->setToolTip(tr("This certificate is currently installed."));
-        if (mState)
-            mComboBox->setCurrentIndex(0);
-        else {
-            mComboBox->setCurrentIndex(1);
-        }
-        layout->addWidget(mComboBox);
-    }
+    layout->addWidget(mButton);
+    mButton->setFixedSize(64, 64);
+    mButton->setIconSize(QSize(48, 48));
     layout->addWidget(mLabel);
     this->setLayout(layout);
 }
 
 bool CertificateItemWidget::state()
 {
-    if (!mEditable) {
+    if (!mButton->isEnabled()) {
         return true;
     }
 
-    const QString currentString = mComboBox->currentData().toString();
-
-    if (!mCertificate.isInstallCert()) {
-        return currentString == tr("uninstall");
-    }
-
-    return currentString == mInstallLabel;
+    return !mButton->isChecked();
 }
 
 void CertificateItemWidget::setState(bool state)
 {
-    disconnect(mComboBox, SIGNAL(currentIndexChanged(int)),
-        this, SLOT(currentStateChanged(int)));
-
-    if (state) {
-        mComboBox->setCurrentIndex(0);
+    /* The internal state we get here is inverted for Ui reasons the logic
+     * is if a certificate is selected for installation the button
+     * is disabled (as this is the default) Only those that are
+     * unselected have the enabled button. */
+    mButton->blockSignals(true); // code did this and not the user
+    mButton->setChecked(!state);
+    mButton->blockSignals(false);
+    if (mButton->isEnabled()) {
+        mButton->setToolTip(mButton->property(!state ? "ToolTip_On" :
+                    "ToolTip_Off").toString());
     }
-    else {
-        mComboBox->setCurrentIndex(1);
-    }
-    connect(mComboBox, SIGNAL(currentIndexChanged(int)),
-        this, SLOT(currentStateChanged(int)));
 }
 
 Certificate CertificateItemWidget::certificate()
@@ -138,22 +93,9 @@
     return mCertificate;
 }
 
-void CertificateItemWidget::currentStateChanged(int)
+void CertificateItemWidget::currentStateChanged(bool state)
 {
-    bool state = !mComboBox->currentIndex();
+    mButton->setToolTip(mButton->property(state ? "ToolTip_On" :
+                "ToolTip_Off").toString());
     emit stateChanged(state, mCertificate);
 }
-
-void IconOnlyTextPopupBox::showPopup() {
-    for (int i = 0; i < count(); i++) {
-        setItemText(i, itemData(i).toString());
-    }
-    QComboBox::showPopup();
-}
-
-void IconOnlyTextPopupBox::hidePopup() {
-    for (int i = 0; i < count(); i++) {
-        setItemText(i, QString());
-    }
-    QComboBox::hidePopup();
-}
--- a/ui/certificateitemwidget.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/certificateitemwidget.h	Tue Sep 16 19:45:19 2014 +0200
@@ -8,26 +8,16 @@
 #ifndef CERTIFICATELISTITEM_H
 #define CERTIFICATELISTITEM_H
 /**
- * @file certificateitemdelegate.h
+ * @file certificateitemwidget.h
  * @brief Item delegate drawing custom certificate items in list views.
  *
  */
 #include <QWidget>
 #include <QLabel>
-#include <QComboBox>
 
 #include "certificate.h"
-/** @brief A combo box that shows the text only in the popup
- *
- * The text shown is the data set as Qt::UserRole
- */
-class IconOnlyTextPopupBox : public QComboBox
-{
-protected:
-    virtual void showPopup();
-    virtual void hidePopup();
-};
 
+class QToolButton;
 
 class CertificateItemWidget : public QWidget
 {
@@ -37,9 +27,7 @@
         QWidget *parent = 0,
         const Certificate &cert = Certificate(),
         bool state = false,
-        bool editable = true,
-        const QString& installLabel = tr("install"),
-        const QString& removeLabel = tr("remove"));
+        QToolButton * btn = NULL);
 
     bool state();
     void setState(bool state);
@@ -49,15 +37,12 @@
     void setupGUI();
 
     Certificate mCertificate;
-    bool mState;
-    bool mEditable;
+    bool mOriginalState;
     QLabel *mLabel;
-    IconOnlyTextPopupBox *mComboBox;
-    QString mInstallLabel;
-    QString mRemoveLabel;
+    QToolButton *mButton;
 
 private slots:
-    void currentStateChanged(int ndx);
+    void currentStateChanged(bool state);
 
 signals:
     void stateChanged(bool state, const Certificate &cert);
--- a/ui/certificatelistwidget.cpp	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/certificatelistwidget.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -25,13 +25,10 @@
 void CertificateListWidget::addCertificate(
     const Certificate &certificate,
     bool state,
-    bool editable,
-    const QString &installLabel,
-    const QString &removeLabel)
+    QToolButton *button)
 {
     CertificateItemWidget *widget =
-        new CertificateItemWidget(this, certificate, state, editable,
-                installLabel, removeLabel);
+        new CertificateItemWidget(this, certificate, state, button);
     connect(widget, SIGNAL(stateChanged(bool, const Certificate&)),
         this, SLOT(certStateChanged(bool, const Certificate&)));
 
--- a/ui/certificatelistwidget.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/certificatelistwidget.h	Tue Sep 16 19:45:19 2014 +0200
@@ -22,6 +22,7 @@
  */
 
 class CertificateItemWidget;
+class QToolButton;
 
 Q_DECLARE_METATYPE(Certificate);
 class CertificateListWidget : public QWidget
@@ -31,9 +32,7 @@
     CertificateListWidget(QWidget *parent, Qt::WindowFlags flags = 0);
 
     void addCertificate(const Certificate &certificate, bool state,
-                        bool editable = true,
-                        const QString& installLabel = tr("install"),
-                        const QString& removeLabel = tr("remove"));
+                        QToolButton *btn);
     void removeCertificate(const Certificate &cert);
     void setCertState(bool state, const Certificate &cert);
     void clear();
Binary file ui/certificates/geotrust.der has changed
Binary file ui/certificates/intevation.de.der has changed
Binary file ui/certificates/ssl-test.der has changed
--- a/ui/certificatetabledelegate.cpp	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/certificatetabledelegate.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -48,6 +48,7 @@
     bool editable = index.data(Qt::UserRole).toBool();
     // Create a combobox and add two items for install/remove.
     QComboBox *comboBox = new QComboBox(parent);
+    comboBox->setFixedWidth(110);
     comboBox->addItem(QIcon(":/img/list-add.png"), tr("add"), QVariant("true"));
     if (editable) {
         comboBox->addItem(QIcon(":/img/list-remove.png"),
--- a/ui/certificatetabledelegate.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/certificatetabledelegate.h	Tue Sep 16 19:45:19 2014 +0200
@@ -45,11 +45,9 @@
     /**
      * @brief Draw the item using the given parameters.
      *
-     * @param painter   The painter to draw the item.
+     * @param parent    The parent widget.
      * @param option    The style options.
      * @param index     The model index of the item to draw.
-     * @param icon      The icon to display.
-     * @param font      The font used to draw text.
      */
     QWidget *drawComboBox(QWidget *parent, const QStyleOptionViewItem &option,
         const QModelIndex &index) const;
--- a/ui/certs.qrc	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/certs.qrc	Tue Sep 16 19:45:19 2014 +0200
@@ -1,6 +1,5 @@
 <!DOCTYPE RCC><RCC version="1.0">
 <qresource prefix="/certs">
-    <file alias="intevation.de">certificates/intevation.de.der</file>
-    <file alias="geotrust">certificates/geotrust.der</file>
+    <file alias="ssl-test">certificates/ssl-test.der</file>
 </qresource>
 </RCC>
--- a/ui/createcertlistdialog.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/createcertlistdialog.h	Tue Sep 16 19:45:19 2014 +0200
@@ -66,7 +66,7 @@
      * If the file is not a valid key or an error
      * occurs mPk will be NULL after a call to this function.
      *
-     * @param [in] the file to load
+     * @param [in] fileName the file to load
      */
     void loadKeyFile(const QString& fileName);
 
--- a/ui/createinstallerdialog.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/createinstallerdialog.h	Tue Sep 16 19:45:19 2014 +0200
@@ -98,8 +98,8 @@
 public slots:
     /**@brief Append a base64 encoded sha256 RSA signature to a file.
      *
-     * The format of the added signature line will be:
-     * S:<signature>\r\n
+     * The format of the added signature line will be:<BR>
+     * S:\<signature\>\\r\\n<BR>
      * For the signature the key in mCertFile is used.
      *
      * @param[in] input The absolute path of the file to sign
--- a/ui/downloader.cpp	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/downloader.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -8,7 +8,7 @@
 #include "downloader.h"
 
 #ifndef DOWNLOAD_SERVER
-#define DOWNLOAD_SERVER "https://www.intevation.de"
+#define DOWNLOAD_SERVER "https://tb-devel.intevation.de"
 #endif
 
 #include <QFile>
@@ -36,24 +36,12 @@
 #include "sslconnection_bare.h"
 #endif
 
-#ifdef RELEASE_BUILD
 static int accept_ciphers[] = {
     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
     TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
     0
 };
-#else
-static int accept_ciphers[] = {
-    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
-    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-    TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
-    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
-    TLS_RSA_WITH_AES_256_CBC_SHA,
-    0
-};
-#endif
 
 Downloader::Downloader(QObject* parent, const QString& url,
                        const QByteArray& certificate,
@@ -74,13 +62,14 @@
 /* Set up Proxy support. */
     QSettings settings;
     QString settingsProxy = settings.value("ProxyURL").toString();
-    if (settingsProxy.isEmpty()) {
+    bool useProxy = settings.value("UseProxy", false).toBool();
+    if (useProxy && settingsProxy.isEmpty()) {
         QByteArray envProxy = qgetenv("http_proxy");
         if (envProxy.size()) {
             settingsProxy = QString::fromLocal8Bit(envProxy);
         }
     }
-    if (!settingsProxy.isEmpty()) {
+    if (useProxy && !settingsProxy.isEmpty()) {
         mSSLConnection->setProxy(QUrl(settingsProxy));
     }
 #else
--- a/ui/downloader.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/downloader.h	Tue Sep 16 19:45:19 2014 +0200
@@ -43,6 +43,7 @@
      * @param[in] newestList datetime after which the list should be downloaded
      * @param[in] resourceSW the path where the software is to be found
      * @param[in] resourceList the path where the list is to be found
+     * @param[in] downloadSW TODO
      */
     Downloader(QObject* parent, const QString& url,
                const QByteArray& certificate = QByteArray(),
@@ -118,7 +119,7 @@
      * @brief An error happened
      *
      * @param[out] message: A message to show. Can be empty.
-     * @param[out] errorCode: ErrorCode of this error.
+     * @param[out] error: ErrorCode of this error.
      */
     void error(const QString &message, SSLConnection::ErrorCode error);
 
--- a/ui/icons.qrc	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/icons.qrc	Tue Sep 16 19:45:19 2014 +0200
@@ -26,5 +26,7 @@
     <file>img/preferences-network_16.png</file>
     <file>img/preferences-network_64.png</file>
     <file>img/show-help_16.png</file>
+    <file>img/write-into-48.png</file>
+    <file>img/write-remove-48.png</file>
 </qresource>
 </RCC>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ui/img/README.txt	Tue Sep 16 19:45:19 2014 +0200
@@ -0,0 +1,27 @@
+= How to create the pixel icons.
+
+== update-list.png
+
+Was taken from the Oxygen Icon set (where rendering is done by inkscape).
+prerendered in green.
+
+The color was adapted on the pixel version with gimp
+by visial matching shades of blue in the other icons.
+
+Gimp tools used: 
+Menu -> Color -> colorize.. :
+  with parameters approx 210, 65, 15
+Menu -> Color -> Curves:
+  Adding more billiance by dragging the ligher blue color shades more apart.
+  So from the default curve make it go a little bit steeper for 4/5 
+  of the way and then less steep.
+
+== write-into / write-remove
+
+Original files: oxygen-icons_4.13.0.orig.tar.xz
+./svn-commit.svgz -> write-remove
+./svn-update.svgz -> write-into:
+	Using inkscape to move the arrow up.
+
+Rendered with inkscape to 48pixel height.
+
Binary file ui/img/update-list.png has changed
Binary file ui/img/write-into-48.png has changed
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ui/img/write-into.svg	Tue Sep 16 19:45:19 2014 +0200
@@ -0,0 +1,3472 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="128"
+   height="128"
+   id="svg37105"
+   sodipodi:version="0.32"
+   inkscape:version="0.48.3.1 r9886"
+   version="1.0"
+   sodipodi:docname="svn-update.svgz"
+   inkscape:output_extension="org.inkscape.output.svgz.inkscape"
+   inkscape:export-filename="/home/pinheiro/pics/oxygen-icons/scalable/actions/svn-update.png"
+   inkscape:export-xdpi="180"
+   inkscape:export-ydpi="180">
+  <defs
+     id="defs37107">
+    <inkscape:perspective
+       sodipodi:type="inkscape:persp3d"
+       inkscape:vp_x="0 : 64 : 1"
+       inkscape:vp_y="0 : 1000 : 0"
+       inkscape:vp_z="128 : 64 : 1"
+       inkscape:persp3d-origin="64 : 42.666667 : 1"
+       id="perspective1801" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient10730">
+      <stop
+         style="stop-color:#000000;stop-opacity:1;"
+         offset="0"
+         id="stop10732" />
+      <stop
+         style="stop-color:#000000;stop-opacity:0;"
+         offset="1"
+         id="stop10734" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient10714">
+      <stop
+         style="stop-color:#ffffff;stop-opacity:1;"
+         offset="0"
+         id="stop10716" />
+      <stop
+         style="stop-color:#ffffff;stop-opacity:0;"
+         offset="1"
+         id="stop10718" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient10662">
+      <stop
+         style="stop-color:#ffffff;stop-opacity:1;"
+         offset="0"
+         id="stop10664" />
+      <stop
+         style="stop-color:#ffffff;stop-opacity:0;"
+         offset="1"
+         id="stop10666" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3452">
+      <stop
+         style="stop-color:#ffffff;stop-opacity:1;"
+         offset="0"
+         id="stop3454" />
+      <stop
+         style="stop-color:#ffffff;stop-opacity:0;"
+         offset="1"
+         id="stop3456" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient3285">
+      <stop
+         style="stop-color:#000000;stop-opacity:1;"
+         offset="0"
+         id="stop3287" />
+      <stop
+         style="stop-color:#474747;stop-opacity:0;"
+         offset="1"
+         id="stop3289" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient3220">
+      <stop
+         style="stop-color:#ffffff;stop-opacity:1;"
+         offset="0"
+         id="stop3222" />
+      <stop
+         style="stop-color:#ffffff;stop-opacity:0;"
+         offset="1"
+         id="stop3224" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient3184">
+      <stop
+         style="stop-color:#fcfcfc;stop-opacity:1;"
+         offset="0"
+         id="stop3186" />
+      <stop
+         style="stop-color:#c0c0c0;stop-opacity:1;"
+         offset="1"
+         id="stop3188" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient3152">
+      <stop
+         style="stop-color:#ffffff;stop-opacity:1;"
+         offset="0"
+         id="stop3154" />
+      <stop
+         id="stop3678"
+         offset="0.13883302"
+         style="stop-color:#bcbcbc;stop-opacity:1;" />
+      <stop
+         id="stop3166"
+         offset="0.27766603"
+         style="stop-color:#8f8f8f;stop-opacity:1;" />
+      <stop
+         id="stop3160"
+         offset="0.34831479"
+         style="stop-color:#f2f2f2;stop-opacity:1;" />
+      <stop
+         style="stop-color:#bbbbbb;stop-opacity:1;"
+         offset="0.51983202"
+         id="stop3505" />
+      <stop
+         style="stop-color:#3f3f3f;stop-opacity:1;"
+         offset="0.69134921"
+         id="stop3162" />
+      <stop
+         id="stop3164"
+         offset="0.71995538"
+         style="stop-color:#8f8f8f;stop-opacity:1;" />
+      <stop
+         style="stop-color:#a4a4a4;stop-opacity:1;"
+         offset="0.82474411"
+         id="stop3182" />
+      <stop
+         style="stop-color:#5e5e5e;stop-opacity:1;"
+         offset="0.91127253"
+         id="stop3178" />
+      <stop
+         style="stop-color:#acacac;stop-opacity:1;"
+         offset="1"
+         id="stop3156" />
+    </linearGradient>
+    <filter
+       inkscape:collect="always"
+       id="filter3275">
+      <feGaussianBlur
+         inkscape:collect="always"
+         stdDeviation="5.6853481"
+         id="feGaussianBlur3277" />
+    </filter>
+    <filter
+       inkscape:collect="always"
+       id="filter3480">
+      <feGaussianBlur
+         inkscape:collect="always"
+         stdDeviation="4.7167893"
+         id="feGaussianBlur3482" />
+    </filter>
+    <filter
+       inkscape:collect="always"
+       id="filter3514">
+      <feGaussianBlur
+         inkscape:collect="always"
+         stdDeviation="4.19576"
+         id="feGaussianBlur3516" />
+    </filter>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3184"
+       id="linearGradient3257"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       x1="341.5318"
+       y1="528.58008"
+       x2="341.5318"
+       y2="700.07751" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3152"
+       id="radialGradient3259"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.0000001,0,0,0.7898656,-515.84706,106.14197)"
+       cx="902.44019"
+       cy="573.33636"
+       fx="902.44019"
+       fy="777.67505"
+       r="252.67185" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3220"
+       id="radialGradient3261"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.7097296,0.06452833,-0.05216787,0.9870304,-1209.4918,-86.255073)"
+       cx="949.625"
+       cy="517.85107"
+       fx="942.22406"
+       fy="440.14154"
+       r="119.39729" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3452"
+       id="radialGradient3263"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.4615497,0,0,0.7922186,-1517.0981,316.29645)"
+       cx="1302.5156"
+       cy="396.677"
+       fx="1302.5156"
+       fy="396.677"
+       r="252.67185" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3285"
+       id="linearGradient3265"
+       gradientUnits="userSpaceOnUse"
+       x1="1228.4824"
+       y1="349.26135"
+       x2="1228.4824"
+       y2="687.31006" />
+    <linearGradient
+       id="linearGradient6614">
+      <stop
+         style="stop-color:#ffffff;stop-opacity:1;"
+         offset="0"
+         id="stop6616" />
+      <stop
+         id="stop6622"
+         offset="0.5"
+         style="stop-color:#ffffff;stop-opacity:0.49803922;" />
+      <stop
+         style="stop-color:#000000;stop-opacity:0.6570397;"
+         offset="1"
+         id="stop6618" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient3820">
+      <stop
+         style="stop-color:#002651;stop-opacity:1;"
+         offset="0"
+         id="stop3822" />
+      <stop
+         id="stop5402"
+         offset="0.5"
+         style="stop-color:#004ca3;stop-opacity:0.49803922;" />
+      <stop
+         style="stop-color:#0061cf;stop-opacity:0;"
+         offset="1"
+         id="stop3824" />
+    </linearGradient>
+    <radialGradient
+       id="XMLID_2_"
+       cx="299.44821"
+       cy="-290.5918"
+       r="17.1528"
+       fx="297.44989"
+       fy="-289.9133"
+       gradientTransform="matrix(0.8232,0.2312,0.2703,-0.9626,-96.2274,-315.3433)"
+       gradientUnits="userSpaceOnUse">
+      <stop
+         offset="0"
+         style="stop-color:#e1f3fe;stop-opacity:0.66545457;"
+         id="stop228" />
+      <stop
+         offset="1"
+         style="stop-color:#91d3ff;stop-opacity:0;"
+         id="stop230" />
+    </radialGradient>
+    <linearGradient
+       id="linearGradient3142">
+      <stop
+         id="stop3144"
+         offset="0"
+         style="stop-color:#3cc1ee;stop-opacity:1;" />
+      <stop
+         id="stop3146"
+         offset="1"
+         style="stop-color:#141b7c;stop-opacity:1;" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6614"
+       id="linearGradient7262"
+       gradientUnits="userSpaceOnUse"
+       x1="2.2864555"
+       y1="278.93"
+       x2="556.73454"
+       y2="278.93" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6614"
+       id="linearGradient10656"
+       gradientUnits="userSpaceOnUse"
+       x1="2.2864555"
+       y1="278.93"
+       x2="556.73454"
+       y2="278.93" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10662"
+       id="radialGradient10696"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.317348,0,0,0.5584827,-100.62997,-51.046658)"
+       cx="237.70399"
+       cy="11.083107"
+       fx="237.70399"
+       fy="11.083107"
+       r="61.341515" />
+    <mask
+       maskUnits="userSpaceOnUse"
+       id="mask10692">
+      <rect
+         style="opacity:0.69801983;fill:url(#radialGradient10696);fill-opacity:1;stroke:none"
+         id="rect10694"
+         width="161.61624"
+         height="161.61624"
+         x="130.38344"
+         y="-42.672131"
+         transform="scale(1,-1)" />
+    </mask>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10714"
+       id="linearGradient10726"
+       gradientUnits="userSpaceOnUse"
+       x1="128.69344"
+       y1="43.147186"
+       x2="128.69344"
+       y2="78.509598"
+       gradientTransform="matrix(4.3182416,0,0,4.3566157,110.22576,170.7826)" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10730"
+       id="linearGradient10736"
+       x1="11.863568"
+       y1="97.683235"
+       x2="113.55743"
+       y2="38.211857"
+       gradientUnits="userSpaceOnUse" />
+    <filter
+       inkscape:collect="always"
+       id="filter10758">
+      <feGaussianBlur
+         inkscape:collect="always"
+         stdDeviation="0.028050696"
+         id="feGaussianBlur10760" />
+    </filter>
+    <filter
+       inkscape:collect="always"
+       id="filter10762">
+      <feGaussianBlur
+         inkscape:collect="always"
+         stdDeviation="0.027522262"
+         id="feGaussianBlur10764" />
+    </filter>
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3452"
+       id="radialGradient10788"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.4615497,0,0,0.7922186,-1517.0981,321.08871)"
+       cx="1302.5156"
+       cy="396.677"
+       fx="1302.5156"
+       fy="396.677"
+       r="252.67185" />
+    <filter
+       inkscape:collect="always"
+       id="filter10806"
+       x="-0.035506275"
+       width="1.0710125"
+       y="-0.10097992"
+       height="1.2019598">
+      <feGaussianBlur
+         inkscape:collect="always"
+         stdDeviation="7.4761967"
+         id="feGaussianBlur10808" />
+    </filter>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath10810">
+      <path
+         style="fill:url(#radialGradient10814);fill-opacity:1;stroke:none"
+         d="m 639.26508,834.0681 c 0,69.7391 -113.2092,126.34375 -252.6874,126.34375 -138.7519,-2e-5 -251.4856,-56.01143 -252.6563,-125.25 l 1,50.25 c 0,69.73913 112.2092,126.34395 251.6876,126.34395 139.4782,0 251.6561,-56.60482 251.6561,-126.34395 l 1,-51.34375 z"
+         id="path10812"
+         sodipodi:nodetypes="csccscc" />
+    </clipPath>
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3152"
+       id="radialGradient10814"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.0000001,0,0,0.7898656,-515.84706,416.55081)"
+       cx="902.44019"
+       cy="573.33636"
+       fx="902.44019"
+       fy="777.67505"
+       r="252.67185" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3285"
+       id="linearGradient10836"
+       gradientUnits="userSpaceOnUse"
+       x1="1228.4824"
+       y1="349.26135"
+       x2="1228.4824"
+       y2="687.31006" />
+    <filter
+       inkscape:collect="always"
+       id="filter10866">
+      <feGaussianBlur
+         inkscape:collect="always"
+         stdDeviation="2.8438098"
+         id="feGaussianBlur10868" />
+    </filter>
+    <linearGradient
+       y2="66.039818"
+       x2="21.271065"
+       y1="55.799999"
+       x1="21.271065"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3192"
+       xlink:href="#linearGradient3520"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="58.871792"
+       x2="21.977039"
+       y1="77.295662"
+       x1="20.866562"
+       gradientTransform="matrix(2,0,0,-1.4999998,27.484145,209.27172)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3190"
+       xlink:href="#linearGradient3260-778"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="58.871792"
+       x2="21.977039"
+       y1="77.295662"
+       x1="20.866562"
+       gradientTransform="matrix(2.0000001,0,0,-1.4999997,27.484145,209.27171)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3188"
+       xlink:href="#linearGradient3260-778"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="69.454735"
+       x2="14.140306"
+       y1="54.388279"
+       x1="21.7708"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3186"
+       xlink:href="#XMLID_4_-137"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="63.999199"
+       x2="21.795919"
+       y1="73.846161"
+       x1="21.795919"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3184-9"
+       xlink:href="#linearGradient3449-929"
+       inkscape:collect="always" />
+    <radialGradient
+       r="6"
+       fy="57.248905"
+       fx="17.6639"
+       cy="59.026684"
+       cx="17.6639"
+       gradientTransform="matrix(0.3723975,0,0,0.3956041,11.422008,34.017713)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient3182"
+       xlink:href="#linearGradient3459"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="77.474594"
+       x2="17.350079"
+       y1="58.17033"
+       x1="17.350079"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3180"
+       xlink:href="#XMLID_4_-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="65.448112"
+       x2="173.98071"
+       y1="123.75864"
+       x1="179.17224"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3099"
+       xlink:href="#linearGradient3295-543"
+       inkscape:collect="always" />
+    <radialGradient
+       r="56"
+       fy="76"
+       fx="172"
+       cy="76"
+       cx="172"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient3095"
+       xlink:href="#XMLID_4_-907"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="65.448112"
+       x2="173.98071"
+       y1="123.75864"
+       x1="179.17224"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3071"
+       xlink:href="#linearGradient3295-543"
+       inkscape:collect="always" />
+    <radialGradient
+       r="56"
+       fy="76"
+       fx="172"
+       cy="76"
+       cx="172"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient3066"
+       xlink:href="#XMLID_4_-907"
+       inkscape:collect="always" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3520">
+      <stop
+         style="stop-color:#bbbbbb;stop-opacity:1;"
+         offset="0"
+         id="stop3522" />
+      <stop
+         style="stop-color:#bbbbbb;stop-opacity:0;"
+         offset="1"
+         id="stop3524" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3459">
+      <stop
+         style="stop-color:#ffffff;stop-opacity:1;"
+         offset="0"
+         id="stop3461" />
+      <stop
+         style="stop-color:#ffffff;stop-opacity:0;"
+         offset="1"
+         id="stop3463" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient2728">
+      <stop
+         offset="0"
+         id="stop2730"
+         style="stop-color:#baff63;stop-opacity:1;" />
+      <stop
+         offset="1"
+         id="stop2732"
+         style="stop-color:#ffffff;stop-opacity:0;" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient2740">
+      <stop
+         offset="0"
+         id="stop2742"
+         style="stop-color:#cbff9c;stop-opacity:1;" />
+      <stop
+         offset="1"
+         id="stop2744"
+         style="stop-color:#65c171;stop-opacity:0" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient3647">
+      <stop
+         offset="0"
+         id="stop3649"
+         style="stop-color:#c2ebab;stop-opacity:1;" />
+      <stop
+         offset="1"
+         id="stop3651"
+         style="stop-color:#71d03c;stop-opacity:0;" />
+    </linearGradient>
+    <radialGradient
+       id="radialGradient2749"
+       r="55.148"
+       gradientTransform="matrix(0.9792,0,0,0.9725,133.0002,20.8762)"
+       cx="48"
+       cy="-0.2148"
+       gradientUnits="userSpaceOnUse">
+      <stop
+         offset="0"
+         id="stop2751"
+         style="stop-color:#72D13D" />
+      <stop
+         offset="0.3553"
+         id="stop2753"
+         style="stop-color:#35AC1C" />
+      <stop
+         offset="0.6194"
+         id="stop2755"
+         style="stop-color:#0F9508" />
+      <stop
+         offset="0.7574"
+         id="stop2757"
+         style="stop-color:#008C00" />
+      <stop
+         offset="1"
+         id="stop2759"
+         style="stop-color:#007A00" />
+    </radialGradient>
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3470"
+       x1="123.5"
+       y1="76"
+       x2="220.5"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       y2="76" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3482"
+       r="56"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="172"
+       cy="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       fy="76"
+       fx="172" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3575"
+       r="56"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="172"
+       cy="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       fy="76"
+       fx="172" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3592"
+       r="56"
+       gradientTransform="matrix(1,0,0,1.1383929,-108,-22.517857)"
+       cx="172"
+       cy="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       fy="103.23137"
+       fx="175" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient2765"
+       r="56"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="172"
+       cy="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       fy="76"
+       fx="172" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3633"
+       x1="123.5"
+       y1="76"
+       x2="220.5"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       y2="76" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3653"
+       x1="174.5"
+       y1="36.566975"
+       x2="174.5"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3647"
+       y2="93.199982" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3953"
+       x1="174.5"
+       y1="36.566975"
+       x2="174.5"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3647"
+       y2="93.199982" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3184"
+       r="56"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="172"
+       cy="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       fy="76"
+       fx="172" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient2771"
+       r="56"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="172"
+       cy="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       fy="121.44213"
+       fx="188.88173" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3286"
+       x1="123.5"
+       y1="76"
+       x2="220.5"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       y2="76" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient2774"
+       x1="73.742638"
+       y1="15.336544"
+       x2="78.939339"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       xlink:href="#linearGradient3260"
+       y2="16.750759" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient2780"
+       x1="74.75"
+       y1="14.275884"
+       x2="78.939339"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       xlink:href="#linearGradient3295"
+       y2="16.750759" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient2782"
+       x1="108"
+       y1="76"
+       gradientTransform="matrix(-0.9999485,0,0,0.8716855,235.99134,-4.6416432)"
+       x2="212"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       y2="108.51858" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient2788"
+       r="60"
+       gradientTransform="matrix(-0.5815985,1.7896097e-2,2.6984858e-2,0.8988692,96.076707,2.8276175)"
+       cx="72.020813"
+       cy="66.344505"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3449"
+       fy="66.344505"
+       fx="72.020813" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3465"
+       r="56"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="172"
+       cy="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       fy="76"
+       fx="172" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3467"
+       r="56"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="172"
+       cy="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       fy="125.04931"
+       fx="180.75" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3517"
+       x1="179.17224"
+       y1="123.75864"
+       x2="173.98071"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3295"
+       y2="65.448112" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient2795"
+       x1="223.32712"
+       y1="53.784153"
+       gradientTransform="matrix(1,0,0,0.8610463,-108.16138,-1.4361867)"
+       x2="226.659"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       xlink:href="#linearGradient3202"
+       y2="57.279232" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient2220"
+       x1="179.17224"
+       y1="123.75864"
+       x2="173.98071"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3295"
+       y2="65.448112" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient2798"
+       x1="179.17224"
+       y1="123.75864"
+       x2="173.98071"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3295"
+       y2="65.448112" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient2800"
+       x1="179.17224"
+       y1="123.75864"
+       gradientTransform="translate(98,0)"
+       x2="173.98071"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3295"
+       y2="65.448112" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient2236"
+       r="56"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="172"
+       cy="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       fy="76"
+       fx="172" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient2238"
+       r="56"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="172"
+       cy="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       fy="125.04931"
+       fx="180.75" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient2804"
+       x1="47.968472"
+       y1="16.138517"
+       gradientTransform="matrix(0.9999485,0,0,1.0123561,-0.4964696,-3.1877108)"
+       x2="47.968472"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3202"
+       y2="86.177559" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3418"
+       x1="223.32712"
+       x2="226.659"
+       gradientTransform="matrix(1,0,0,0.8610463,-108.16138,-1.4361867)"
+       y1="53.784153"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       xlink:href="#linearGradient3202"
+       y2="57.279232" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3415"
+       x1="179.17224"
+       x2="173.98071"
+       y1="123.75864"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3295"
+       y2="65.448112" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3409"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       r="56"
+       cy="76"
+       cx="172"
+       xlink:href="#XMLID_4_"
+       fy="125.04931"
+       fx="180.75"
+       gradientUnits="userSpaceOnUse" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3407"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       r="56"
+       cy="76"
+       cx="172"
+       xlink:href="#XMLID_4_"
+       fy="76"
+       fx="172"
+       gradientUnits="userSpaceOnUse" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3405"
+       gradientTransform="matrix(0.5816285,1.767767e-2,-2.6986249e-2,0.8878982,31.921846,5.9419094)"
+       r="60"
+       cy="66.344505"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3449"
+       cx="72.020813"
+       fy="66.344505"
+       fx="72.020813" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3399"
+       x1="223.32712"
+       x2="226.659"
+       gradientTransform="matrix(1,0,0,0.8610463,-108.16138,-1.4361867)"
+       y1="53.784153"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       xlink:href="#linearGradient3260"
+       y2="57.279232" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3397"
+       x1="108"
+       x2="212"
+       gradientTransform="matrix(1,0,0,0.8610463,-108,-1.4361867)"
+       y1="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       y2="108.51858" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3395"
+       x1="74.75"
+       x2="78.939339"
+       y1="14.275884"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       xlink:href="#linearGradient3295"
+       y2="16.750759" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3389"
+       y2="16.750759"
+       x2="78.939339"
+       y1="15.336544"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       xlink:href="#linearGradient3260"
+       x1="73.742638" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3387"
+       x1="123.5"
+       x2="220.5"
+       y1="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       y2="76" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3385"
+       x1="79.589897"
+       x2="67.73996"
+       y1="13.043323"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3260"
+       y2="76.455902" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3383"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       r="56"
+       cy="76"
+       cx="172"
+       xlink:href="#XMLID_4_"
+       fy="125.04931"
+       fx="180.75"
+       gradientUnits="userSpaceOnUse" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3381"
+       x1="74.03466"
+       x2="75.957108"
+       y1="16.154284"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3202"
+       y2="83.235832" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3379"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       r="56"
+       cy="76"
+       cx="172"
+       xlink:href="#XMLID_4_"
+       fy="76"
+       fx="172"
+       gradientUnits="userSpaceOnUse" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3377"
+       x1="174.5"
+       x2="174.5"
+       y1="36.566975"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3647"
+       y2="93.199982" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3375"
+       x1="174.5"
+       x2="174.5"
+       y1="36.566975"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3647"
+       y2="93.199982" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3373"
+       x1="123.5"
+       x2="220.5"
+       y1="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       y2="76" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3371"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       r="56"
+       cy="76"
+       cx="172"
+       xlink:href="#XMLID_4_"
+       fy="76"
+       fx="172"
+       gradientUnits="userSpaceOnUse" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3369"
+       gradientTransform="matrix(1,0,0,1.1383929,-108,-22.517857)"
+       r="56"
+       cy="76"
+       cx="172"
+       xlink:href="#XMLID_4_"
+       fy="103.23137"
+       fx="175"
+       gradientUnits="userSpaceOnUse" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3367"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       r="56"
+       cy="76"
+       cx="172"
+       xlink:href="#XMLID_4_"
+       fy="76"
+       fx="172"
+       gradientUnits="userSpaceOnUse" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3365"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       r="56"
+       cy="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       cx="172"
+       fy="76"
+       fx="172" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3363"
+       x1="123.5"
+       x2="220.5"
+       y1="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       y2="76" />
+    <radialGradient
+       id="radialGradient3351"
+       r="55.148"
+       gradientTransform="matrix(0.9792,0,0,0.9725,133.0002,20.8762)"
+       cx="48"
+       cy="-0.2148"
+       gradientUnits="userSpaceOnUse">
+      <stop
+         offset="0"
+         id="stop3353"
+         style="stop-color:#72D13D" />
+      <stop
+         offset="0.3553"
+         id="stop3355"
+         style="stop-color:#35AC1C" />
+      <stop
+         offset="0.6194"
+         id="stop3357"
+         style="stop-color:#0F9508" />
+      <stop
+         offset="0.7574"
+         id="stop3359"
+         style="stop-color:#008C00" />
+      <stop
+         offset="1"
+         id="stop3361"
+         style="stop-color:#007A00" />
+    </radialGradient>
+    <linearGradient
+       id="linearGradient3345">
+      <stop
+         offset="0"
+         id="stop3347"
+         style="stop-color:#c2ebab;stop-opacity:1;" />
+      <stop
+         offset="1"
+         id="stop3349"
+         style="stop-color:#71d03c;stop-opacity:0;" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient3339">
+      <stop
+         offset="0"
+         id="stop3341"
+         style="stop-color:#cbff9c;stop-opacity:1;" />
+      <stop
+         offset="1"
+         id="stop3343"
+         style="stop-color:#65c171;stop-opacity:0" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient3327">
+      <stop
+         offset="0"
+         id="stop3329"
+         style="stop-color:#baff63;stop-opacity:1;" />
+      <stop
+         offset="1"
+         id="stop3331"
+         style="stop-color:#ffffff;stop-opacity:0;" />
+    </linearGradient>
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3453"
+       r="56"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="172"
+       cy="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_"
+       fy="76"
+       fx="172" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3458"
+       x1="179.17224"
+       y1="123.75864"
+       x2="173.98071"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3295"
+       y2="65.448112" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3504"
+       x1="87.468468"
+       y1="-0.36148256"
+       gradientTransform="matrix(0.9999485,0,0,1.0123561,-0.20901,-3.3279403)"
+       x2="116.71847"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3260"
+       y2="106.42756" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3526"
+       x1="196.46846"
+       y1="63.138515"
+       gradientTransform="matrix(0.9999485,0,0,1.0123561,-0.20901,-3.3279403)"
+       x2="52.218468"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3260"
+       y2="66.224457" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient2847"
+       x1="223.32712"
+       y1="53.784153"
+       gradientTransform="matrix(1,0,0,0.8610463,-108.16138,-1.4361867)"
+       x2="226.659"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       xlink:href="#linearGradient3260"
+       y2="57.279232" />
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient2849"
+       r="60"
+       gradientTransform="matrix(-0.2586474,-0.527688,-0.8273918,0.4156745,163.53453,47.486377)"
+       cx="-16.668488"
+       cy="86.826965"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3449"
+       fy="86.826965"
+       fx="-16.668488" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3409-470"
+       y2="108.51858"
+       y1="76"
+       gradientTransform="matrix(-0.9999485,0,0,0.8716855,235.99134,-4.6416432)"
+       x2="212"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_-137"
+       x1="108" />
+    <radialGradient
+       id="XMLID_4_-137"
+       r="55.148"
+       gradientTransform="matrix(0.9792,0,0,0.9725,133.0002,20.8762)"
+       cx="48"
+       cy="-0.2148"
+       gradientUnits="userSpaceOnUse">
+      <stop
+         offset="0"
+         id="stop2399"
+         style="stop-color:#878787" />
+      <stop
+         offset="0.3553"
+         id="stop2401"
+         style="stop-color:#646464" />
+      <stop
+         offset="0.6194"
+         id="stop2403"
+         style="stop-color:#4e4e4e" />
+      <stop
+         offset="0.7574"
+         id="stop2405"
+         style="stop-color:#464646" />
+      <stop
+         offset="1"
+         id="stop2407"
+         style="stop-color:#3d3d3d" />
+    </radialGradient>
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3534-587"
+       r="60"
+       gradientTransform="matrix(-0.2586474,-0.527688,-0.8273918,0.4156745,163.53453,47.486377)"
+       cx="-16.668488"
+       cy="86.826965"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3449-541"
+       fy="86.826965"
+       fx="-16.668488" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3449-541">
+      <stop
+         offset="0"
+         id="stop2411"
+         style="stop-color:#000000;stop-opacity:1;" />
+      <stop
+         offset="1"
+         id="stop2413"
+         style="stop-color:#000000;stop-opacity:0;" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3301-212"
+       y2="16.750759"
+       y1="15.336544"
+       x2="78.939339"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       xlink:href="#linearGradient3260-779"
+       x1="73.742638" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3260-779">
+      <stop
+         offset="0"
+         id="stop2417"
+         style="stop-color:#ffffff;stop-opacity:1;" />
+      <stop
+         offset="1"
+         id="stop2419"
+         style="stop-color:#ffffff;stop-opacity:0;" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3521-671"
+       y2="57.279232"
+       x2="226.659"
+       gradientTransform="matrix(1,0,0,0.8610463,-108.16138,-1.4361867)"
+       y1="53.784153"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       xlink:href="#linearGradient3202-927"
+       x1="223.32712" />
+    <linearGradient
+       id="linearGradient3202-927">
+      <stop
+         offset="0"
+         id="stop2423"
+         style="stop-color:#cdcdcd;stop-opacity:1;" />
+      <stop
+         offset="1"
+         id="stop2425"
+         style="stop-color:#939393;stop-opacity:0" />
+    </linearGradient>
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3455-789"
+       r="60"
+       gradientTransform="matrix(-0.5815985,1.7896097e-2,2.6984858e-2,0.8988692,96.076707,2.8276175)"
+       cx="72.020813"
+       cy="66.344505"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3449-929"
+       fy="66.344505"
+       fx="72.020813" />
+    <linearGradient
+       id="linearGradient3449-929">
+      <stop
+         offset="0"
+         id="stop2429"
+         style="stop-color:#000000;stop-opacity:1;" />
+      <stop
+         offset="1"
+         id="stop2431"
+         style="stop-color:#000000;stop-opacity:0;" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3393-904"
+       y2="16.750759"
+       y1="14.275884"
+       x2="78.939339"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       xlink:href="#linearGradient3295-298"
+       x1="74.75" />
+    <linearGradient
+       id="linearGradient3295-298">
+      <stop
+         offset="0"
+         id="stop2435"
+         style="stop-color:#b1b1b1;stop-opacity:1;" />
+      <stop
+         offset="1"
+         id="stop2437"
+         style="stop-color:#ffffff;stop-opacity:0;" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3530-83"
+       y2="57.279232"
+       x2="226.659"
+       gradientTransform="matrix(1,0,0,0.8610463,-108.16138,-1.4361867)"
+       y1="53.784153"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       xlink:href="#linearGradient3260-710"
+       x1="223.32712" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3260-710">
+      <stop
+         offset="0"
+         id="stop2441"
+         style="stop-color:#ffffff;stop-opacity:1;" />
+      <stop
+         offset="1"
+         id="stop2443"
+         style="stop-color:#ffffff;stop-opacity:0;" />
+    </linearGradient>
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3629-889"
+       r="56"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="172"
+       cy="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_-907"
+       fy="76"
+       fx="172" />
+    <radialGradient
+       id="XMLID_4_-907"
+       r="55.148"
+       gradientTransform="matrix(0.9792,0,0,0.9725,133.0002,20.8762)"
+       cx="48"
+       cy="-0.2148"
+       gradientUnits="userSpaceOnUse">
+      <stop
+         offset="0"
+         id="stop2447"
+         style="stop-color:#878787" />
+      <stop
+         offset="0.3553"
+         id="stop2449"
+         style="stop-color:#646464" />
+      <stop
+         offset="0.6194"
+         id="stop2451"
+         style="stop-color:#4e4e4e" />
+      <stop
+         offset="0.7574"
+         id="stop2453"
+         style="stop-color:#464646" />
+      <stop
+         offset="1"
+         id="stop2455"
+         style="stop-color:#3d3d3d" />
+    </radialGradient>
+    <radialGradient
+       inkscape:collect="always"
+       id="radialGradient3213-688"
+       r="56"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="172"
+       cy="76"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#XMLID_4_-3"
+       fy="121.44213"
+       fx="188.88173" />
+    <radialGradient
+       id="XMLID_4_-3"
+       r="55.148"
+       gradientTransform="matrix(0.9792,0,0,0.9725,133.0002,20.8762)"
+       cx="48"
+       cy="-0.2148"
+       gradientUnits="userSpaceOnUse">
+      <stop
+         offset="0"
+         id="stop2459"
+         style="stop-color:#878787" />
+      <stop
+         offset="0.3553"
+         id="stop2461"
+         style="stop-color:#646464" />
+      <stop
+         offset="0.6194"
+         id="stop2463"
+         style="stop-color:#4e4e4e" />
+      <stop
+         offset="0.7574"
+         id="stop2465"
+         style="stop-color:#464646" />
+      <stop
+         offset="1"
+         id="stop2467"
+         style="stop-color:#3d3d3d" />
+    </radialGradient>
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient2226-668"
+       y2="65.448112"
+       y1="123.75864"
+       x2="173.98071"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3295-543"
+       x1="179.17224" />
+    <linearGradient
+       id="linearGradient3295-543">
+      <stop
+         offset="0"
+         id="stop2471"
+         style="stop-color:#b1b1b1;stop-opacity:1;" />
+      <stop
+         offset="1"
+         id="stop2473"
+         style="stop-color:#ffffff;stop-opacity:0;" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient2228-541"
+       y2="65.448112"
+       y1="123.75864"
+       gradientTransform="translate(98,0)"
+       x2="173.98071"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3295-938"
+       x1="179.17224" />
+    <linearGradient
+       id="linearGradient3295-938">
+      <stop
+         offset="0"
+         id="stop2477"
+         style="stop-color:#b1b1b1;stop-opacity:1;" />
+      <stop
+         offset="1"
+         id="stop2479"
+         style="stop-color:#ffffff;stop-opacity:0;" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3253-331"
+       y2="86.177559"
+       y1="16.138517"
+       gradientTransform="matrix(0.9999485,0,0,1.0123561,-0.4964696,-3.1877108)"
+       x2="47.968472"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3202-152"
+       x1="47.968472" />
+    <linearGradient
+       id="linearGradient3202-152">
+      <stop
+         offset="0"
+         id="stop2483"
+         style="stop-color:#cdcdcd;stop-opacity:1;" />
+      <stop
+         offset="1"
+         id="stop2485"
+         style="stop-color:#939393;stop-opacity:0" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3504-549"
+       y2="106.42756"
+       y1="-0.36148256"
+       gradientTransform="matrix(0.9999485,0,0,1.0123561,-0.20901,-3.3279403)"
+       x2="116.71847"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3260-778"
+       x1="87.468468" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3260-778">
+      <stop
+         offset="0"
+         id="stop2489"
+         style="stop-color:#ffffff;stop-opacity:1;" />
+      <stop
+         offset="1"
+         id="stop2491"
+         style="stop-color:#ffffff;stop-opacity:0;" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3526-547"
+       y2="66.224457"
+       y1="63.138515"
+       gradientTransform="matrix(0.9999485,0,0,1.0123561,-0.20901,-3.3279403)"
+       x2="52.218468"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient3260-234"
+       x1="196.46846" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3260-234">
+      <stop
+         offset="0"
+         id="stop2495"
+         style="stop-color:#ffffff;stop-opacity:1;" />
+      <stop
+         offset="1"
+         id="stop2497"
+         style="stop-color:#ffffff;stop-opacity:0;" />
+    </linearGradient>
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3449-929"
+       id="radialGradient2374"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(-0.5815985,1.7896097e-2,2.6984858e-2,0.8988692,96.076707,2.8276175)"
+       cx="72.020813"
+       cy="66.344505"
+       fx="72.020813"
+       fy="66.344505"
+       r="60" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#XMLID_4_-907"
+       id="radialGradient2382"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="172"
+       cy="76"
+       fx="172"
+       fy="76"
+       r="56" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3295-543"
+       id="linearGradient2386"
+       gradientUnits="userSpaceOnUse"
+       x1="179.17224"
+       y1="123.75864"
+       x2="173.98071"
+       y2="65.448112" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3260-778"
+       id="linearGradient2390"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.9999485,0,0,1.0123561,-0.20901,-3.3279403)"
+       x1="87.468468"
+       y1="-0.36148256"
+       x2="116.71847"
+       y2="106.42756" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#XMLID_4_-907"
+       id="radialGradient3325"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="172"
+       cy="76"
+       fx="172"
+       fy="76"
+       r="56" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#XMLID_4_-907"
+       id="radialGradient3418"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="172"
+       cy="76"
+       fx="172"
+       fy="76"
+       r="56" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3295-543"
+       id="linearGradient3422"
+       gradientUnits="userSpaceOnUse"
+       x1="179.17224"
+       y1="123.75864"
+       x2="173.98071"
+       y2="65.448112" />
+    <linearGradient
+       y2="75.104279"
+       x2="112"
+       y1="2.803019"
+       x1="111.812"
+       gradientTransform="translate(-141.92469,0)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3072"
+       xlink:href="#linearGradient3260"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="22.886703"
+       x2="50.945606"
+       y1="82.06662"
+       x1="82.088142"
+       gradientTransform="translate(-141.92552,0)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3070"
+       xlink:href="#linearGradient6446"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="75.104279"
+       x2="112"
+       y1="2.803019"
+       x1="111.812"
+       gradientTransform="matrix(1,-2.2329803e-2,0,1,-248.03097,0.4256102)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3067"
+       xlink:href="#linearGradient3202"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="75.104279"
+       x2="112"
+       y1="2.803019"
+       x1="111.812"
+       gradientTransform="translate(-141.92469,1)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3061"
+       xlink:href="#linearGradient3202"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="75.104279"
+       x2="112"
+       y1="2.803019"
+       x1="111.812"
+       gradientTransform="translate(-247.43097,0)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3057"
+       xlink:href="#linearGradient3202"
+       inkscape:collect="always" />
+    <linearGradient
+       gradientTransform="translate(-141.92469,0)"
+       y2="75.104279"
+       x2="112"
+       y1="2.803019"
+       x1="111.812"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3053"
+       xlink:href="#linearGradient3202"
+       inkscape:collect="always" />
+    <radialGradient
+       r="56"
+       fy="76.109528"
+       fx="136.61409"
+       cy="76.109528"
+       cx="136.61409"
+       gradientTransform="matrix(0,-1,-0.9801409,0,138.45379,236.01574)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient3040"
+       xlink:href="#linearGradient6666"
+       inkscape:collect="always" />
+    <radialGradient
+       r="56"
+       fy="95.705101"
+       fx="180.33144"
+       cy="95.705101"
+       cx="180.33144"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient3037"
+       xlink:href="#linearGradient6666"
+       inkscape:collect="always" />
+    <radialGradient
+       r="56"
+       fy="76.109528"
+       fx="136.61409"
+       cy="76.109528"
+       cx="136.61409"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient3035"
+       xlink:href="#linearGradient6666"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="48.984192"
+       x2="87.094666"
+       y1="85.514641"
+       x1="103.76151"
+       gradientTransform="matrix(1,0,0,-1,-0.1976871,127.93148)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3148"
+       xlink:href="#linearGradient3260"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.122269"
+       x2="86.023537"
+       y1="2.0102248"
+       x1="84.481171"
+       gradientTransform="matrix(1,0,0,-1,-0.2010371,127.93148)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3146"
+       xlink:href="#linearGradient6446"
+       inkscape:collect="always" />
+    <linearGradient
+       gradientTransform="matrix(1,0,0,-1,0,128.03148)"
+       gradientUnits="userSpaceOnUse"
+       y2="88.883774"
+       x2="85.487968"
+       y1="2.0102248"
+       x1="84.481171"
+       id="linearGradient3125"
+       xlink:href="#linearGradient3202"
+       inkscape:collect="always" />
+    <radialGradient
+       r="56"
+       fy="95.705101"
+       fx="180.33144"
+       cy="95.705101"
+       cx="180.33144"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient3096"
+       xlink:href="#linearGradient6666"
+       inkscape:collect="always" />
+    <filter
+       height="1.1536309"
+       y="-0.076815473"
+       width="1.2011111"
+       x="-0.10055555"
+       id="filter3084"
+       inkscape:collect="always">
+      <feGaussianBlur
+         id="feGaussianBlur3086"
+         stdDeviation="0.1991477"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       y2="85.671814"
+       x2="88.73349"
+       y1="16.154284"
+       x1="86.54718"
+       gradientTransform="translate(0,-71.953293)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3073"
+       xlink:href="#linearGradient3202"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="85.671814"
+       x2="88.73349"
+       y1="16.154284"
+       x1="86.54718"
+       gradientTransform="translate(-110.95955,-70.953293)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3068"
+       xlink:href="#linearGradient3202"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="85.671814"
+       x2="88.73349"
+       y1="16.154284"
+       x1="86.54718"
+       gradientTransform="translate(-112.95955,-71.753293)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3066"
+       xlink:href="#linearGradient3202"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="85.671814"
+       x2="88.73349"
+       y1="16.154284"
+       x1="86.54718"
+       gradientTransform="translate(-111.95955,-71.953293)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3060"
+       xlink:href="#linearGradient3202"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="85.671814"
+       x2="88.73349"
+       y1="16.154284"
+       x1="86.54718"
+       gradientTransform="translate(-110.95955,-70.953293)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3056"
+       xlink:href="#linearGradient3202"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="85.671814"
+       x2="88.73349"
+       y1="16.154284"
+       x1="86.54718"
+       gradientTransform="translate(0,-70.953293)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3052"
+       xlink:href="#linearGradient3202"
+       inkscape:collect="always" />
+    <linearGradient
+       gradientTransform="translate(0,-71.953293)"
+       y2="85.671814"
+       x2="88.73349"
+       y1="16.154284"
+       x1="86.54718"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3048"
+       xlink:href="#linearGradient3202"
+       inkscape:collect="always" />
+    <linearGradient
+       gradientUnits="userSpaceOnUse"
+       y2="77.340378"
+       x2="84.946472"
+       y1="16.154284"
+       x1="86.54718"
+       id="linearGradient3040"
+       xlink:href="#linearGradient3202"
+       inkscape:collect="always" />
+    <radialGradient
+       r="56"
+       fy="95.705101"
+       fx="180.33144"
+       cy="95.705101"
+       cx="180.33144"
+       gradientTransform="matrix(1,0,0,0.9801409,-108,-10.49071)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient3022"
+       xlink:href="#linearGradient6666"
+       inkscape:collect="always" />
+    <radialGradient
+       r="56"
+       fy="95.705101"
+       fx="180.33144"
+       cy="95.705101"
+       cx="180.33144"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient3019"
+       xlink:href="#linearGradient6666"
+       inkscape:collect="always" />
+    <radialGradient
+       r="56"
+       fy="95.705101"
+       fx="180.33144"
+       cy="95.705101"
+       cx="180.33144"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient3017"
+       xlink:href="#linearGradient6666"
+       inkscape:collect="always" />
+    <radialGradient
+       r="56"
+       fy="95.705101"
+       fx="180.33144"
+       cy="95.705101"
+       cx="180.33144"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient3011"
+       xlink:href="#linearGradient6666"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.224457"
+       x2="52.218468"
+       y1="63.138515"
+       x1="196.46846"
+       gradientTransform="translate(138.78748,-0.1385179)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3246"
+       xlink:href="#linearGradient3260"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="106.42756"
+       x2="116.71847"
+       y1="-0.36148256"
+       x1="87.468468"
+       gradientTransform="translate(138.78748,-0.1385179)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3244"
+       xlink:href="#linearGradient3260"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="85.427559"
+       x2="49.218472"
+       y1="16.138517"
+       x1="47.968472"
+       gradientTransform="translate(138.5,0)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3242"
+       xlink:href="#linearGradient3202"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="65.448112"
+       x2="173.98071"
+       y1="123.75864"
+       x1="179.17224"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3240"
+       xlink:href="#linearGradient3295"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="65.448112"
+       x2="173.98071"
+       y1="123.75864"
+       x1="179.17224"
+       gradientTransform="translate(97,0)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3238"
+       xlink:href="#linearGradient3295"
+       inkscape:collect="always" />
+    <radialGradient
+       r="56"
+       fy="76"
+       fx="172"
+       cy="76"
+       cx="172"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient3236"
+       xlink:href="#XMLID_4_"
+       inkscape:collect="always" />
+    <radialGradient
+       r="56"
+       fy="121.44213"
+       fx="188.88173"
+       cy="76"
+       cx="172"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient3234"
+       xlink:href="#linearGradient6666"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.279232"
+       x2="226.659"
+       y1="53.784153"
+       x1="223.32712"
+       spreadMethod="reflect"
+       gradientTransform="matrix(1,0,0,0.8610463,-108.16138,-1.4361867)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3232"
+       xlink:href="#linearGradient3260"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="16.750759"
+       x2="78.939339"
+       y1="14.275884"
+       x1="74.75"
+       spreadMethod="reflect"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3229"
+       xlink:href="#linearGradient3295"
+       inkscape:collect="always" />
+    <radialGradient
+       r="60"
+       fy="66.344505"
+       fx="72.020813"
+       cy="66.344505"
+       cx="72.020813"
+       gradientTransform="matrix(-0.5816285,1.767767e-2,2.6986249e-2,0.8878982,235.07816,5.9419094)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient3227"
+       xlink:href="#linearGradient3449"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.279232"
+       x2="226.659"
+       y1="53.784153"
+       x1="223.32712"
+       spreadMethod="reflect"
+       gradientTransform="matrix(1,0,0,0.8610463,-108.16138,-1.4361867)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3225"
+       xlink:href="#linearGradient3202"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="16.750759"
+       x2="78.939339"
+       y1="15.336544"
+       x1="73.742638"
+       spreadMethod="reflect"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3223"
+       xlink:href="#linearGradient3260"
+       inkscape:collect="always" />
+    <radialGradient
+       r="60"
+       fy="86.826965"
+       fx="-16.668488"
+       cy="86.826965"
+       cx="-16.668488"
+       gradientTransform="matrix(-0.2586607,-0.5212474,-0.8274344,0.4106011,302.53945,50.055595)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient3221"
+       xlink:href="#linearGradient3449"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="5.1559582"
+       x2="104.25"
+       y1="123.90683"
+       x1="194.5"
+       gradientTransform="matrix(-1,0,0,0.8610463,375,-1.4361867)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3219"
+       xlink:href="#linearGradient6404"
+       inkscape:collect="always" />
+    <filter
+       id="filter3187"
+       inkscape:collect="always">
+      <feGaussianBlur
+         id="feGaussianBlur3189"
+         stdDeviation="0.56525828"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient2990">
+      <stop
+         style="stop-color:#d7d7d7;stop-opacity:1;"
+         offset="0"
+         id="stop2992" />
+      <stop
+         style="stop-color:#ffffff;stop-opacity:1;"
+         offset="1"
+         id="stop2994" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient3237">
+      <stop
+         style="stop-color:#d5e6ff;stop-opacity:1;"
+         offset="0"
+         id="stop3239" />
+      <stop
+         style="stop-color:#ffffff;stop-opacity:0;"
+         offset="1"
+         id="stop3241" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6674">
+      <stop
+         style="stop-color:#001648;stop-opacity:1;"
+         offset="0"
+         id="stop6676" />
+      <stop
+         style="stop-color:#11a9ff;stop-opacity:0;"
+         offset="1"
+         id="stop6678" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6666">
+      <stop
+         id="stop6668"
+         offset="0"
+         style="stop-color:#9fc1f2;stop-opacity:1;" />
+      <stop
+         style="stop-color:#587eb5;stop-opacity:1;"
+         offset="0.5"
+         id="stop3183" />
+      <stop
+         id="stop6670"
+         offset="1"
+         style="stop-color:#0c2a58;stop-opacity:1;" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6643">
+      <stop
+         style="stop-color:#fffddc;stop-opacity:1;"
+         offset="0"
+         id="stop6645" />
+      <stop
+         style="stop-color:#ffdfbf;stop-opacity:0;"
+         offset="1"
+         id="stop6647" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6631">
+      <stop
+         style="stop-color:#703700;stop-opacity:1;"
+         offset="0"
+         id="stop6633" />
+      <stop
+         style="stop-color:#bf5e00;stop-opacity:0;"
+         offset="1"
+         id="stop6635" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6446">
+      <stop
+         style="stop-color:#ffffff;stop-opacity:1;"
+         offset="0"
+         id="stop6448" />
+      <stop
+         style="stop-color:#ffffff;stop-opacity:0;"
+         offset="1"
+         id="stop6450" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6404">
+      <stop
+         style="stop-color:#081e3e;stop-opacity:1;"
+         offset="0"
+         id="stop6406" />
+      <stop
+         style="stop-color:#387de4;stop-opacity:1;"
+         offset="1"
+         id="stop6408" />
+    </linearGradient>
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6666"
+       id="radialGradient9692"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.3965253,6.9831451e-3,-7.781496e-3,1.5561835,-122.82611,-69.698616)"
+       spreadMethod="pad"
+       cx="42.700352"
+       cy="103.5803"
+       fx="42.700352"
+       fy="103.5803"
+       r="42.559486" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6404"
+       id="linearGradient6410"
+       x1="32"
+       y1="88"
+       x2="24"
+       y2="-24"
+       gradientUnits="userSpaceOnUse" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6446"
+       id="linearGradient6452"
+       x1="21.094994"
+       y1="21.101994"
+       x2="15.189133"
+       y2="27.007854"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       gradientTransform="translate(-7.5870968,-7.3806452)" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6446"
+       id="linearGradient6464"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="translate(0.4129032,0.6193548)"
+       spreadMethod="reflect"
+       x1="21.094994"
+       y1="21.101994"
+       x2="15.126888"
+       y2="27.070099" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6446"
+       id="linearGradient6470"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="translate(0.4129032,0.6193548)"
+       spreadMethod="reflect"
+       x1="21.094994"
+       y1="21.101994"
+       x2="13.96104"
+       y2="28.235947" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6446"
+       id="linearGradient6472"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="translate(0.4129032,0.6193548)"
+       spreadMethod="reflect"
+       x1="21.094994"
+       y1="21.101994"
+       x2="13.96104"
+       y2="28.235947" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6631"
+       id="linearGradient6637"
+       x1="55.329033"
+       y1="112"
+       x2="55.329033"
+       y2="74.913147"
+       gradientUnits="userSpaceOnUse" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6643"
+       id="linearGradient6649"
+       x1="62.038712"
+       y1="15.91371"
+       x2="62.038712"
+       y2="50.728985"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="translate(0,3)" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6674"
+       id="linearGradient6680"
+       x1="19.096775"
+       y1="50.580647"
+       x2="19.934336"
+       y2="88.633484"
+       gradientUnits="userSpaceOnUse" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6446"
+       id="linearGradient2816"
+       gradientUnits="userSpaceOnUse"
+       x1="64"
+       y1="-26.936626"
+       x2="74.447762"
+       y2="82.029854" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6446"
+       id="linearGradient3231"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="translate(0.2623629,1)"
+       x1="59.225807"
+       y1="7.8973217"
+       x2="59.225807"
+       y2="46.228859" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6446"
+       id="linearGradient3233"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="translate(0.2332229,1.9150941)"
+       x1="115.76678"
+       y1="71.084908"
+       x2="31.376678"
+       y2="21.03125" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3237"
+       id="linearGradient3243"
+       x1="-60.945251"
+       y1="105.83054"
+       x2="-60"
+       y2="8"
+       gradientUnits="userSpaceOnUse" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6674"
+       id="linearGradient3289"
+       gradientUnits="userSpaceOnUse"
+       x1="60.402065"
+       y1="64.076149"
+       x2="60.402065"
+       y2="-20.962214" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient2990"
+       id="radialGradient2409"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(-1.1040885,0.8280667,-0.6647496,-0.8863327,191.44623,62.253906)"
+       spreadMethod="reflect"
+       cx="63.041775"
+       cy="74.979408"
+       fx="73.551216"
+       fy="51.592991"
+       r="43.474762" />
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath3129">
+      <path
+         style="fill:url(#radialGradient3133);fill-opacity:1;stroke:none;stroke-width:16.49500084;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:4.15;stroke-opacity:1"
+         d="M -184.73645,27.94375 C -194.97576,27.943751 -205.20567,31.818176 -212.97026,39.582762 C -220.97748,47.589993 -224.8595,58.222613 -224.60927,68.779409 L -224.60927,96.822041 C -224.60927,100.87378 -221.35477,104.12828 -217.30303,104.12828 L -152.16987,104.12828 C -148.11813,104.12828 -144.86363,100.87378 -144.86363,96.822041 L -144.86363,68.779409 C -144.6134,58.222612 -148.49541,47.589993 -156.50264,39.582762 C -164.26722,31.818171 -174.49713,27.943749 -184.73645,27.94375 z M -184.73645,43.481014 C -178.39709,43.481015 -172.04817,45.9179 -167.17881,50.787256 C -162.36739,55.59868 -159.92981,61.833382 -159.87257,68.090021 L -209.57201,68.090021 C -209.51476,61.833381 -207.1055,55.598679 -202.29408,50.787256 C -197.42472,45.917895 -191.0758,43.481013 -184.73645,43.481014 z"
+         id="path3131"
+         sodipodi:nodetypes="csccccccsccsccsc" />
+    </clipPath>
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient2990"
+       id="radialGradient3133"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(-0.4961056,0.4409829,-0.7360594,-0.8280666,-99.14147,87.897058)"
+       spreadMethod="reflect"
+       cx="77.533371"
+       cy="74.979416"
+       fx="88.042809"
+       fy="51.592991"
+       r="43.474762" />
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath3135">
+      <path
+         sodipodi:nodetypes="csccccccsccsccsc"
+         id="path3137"
+         d="M -97.32181,27.94375 C -107.56112,27.943751 -117.79103,31.818176 -125.55562,39.582762 C -133.56284,47.589993 -137.44486,58.222613 -137.19463,68.779409 L -137.19463,96.822041 C -137.19463,100.87378 -133.94013,104.12828 -129.88839,104.12828 L -64.755235,104.12828 C -60.703495,104.12828 -57.448995,100.87378 -57.448995,96.822041 L -57.448995,68.779409 C -57.198765,58.222612 -61.080775,47.589993 -69.088001,39.582762 C -76.852581,31.818171 -87.082497,27.943749 -97.32181,27.94375 z M -97.32181,43.481014 C -90.982458,43.481015 -84.633535,45.9179 -79.764176,50.787256 C -74.95275,55.59868 -72.515179,61.833382 -72.457934,68.090021 L -122.15737,68.090021 C -122.10012,61.833381 -119.69086,55.598679 -114.87944,50.787256 C -110.01008,45.917895 -103.66116,43.481013 -97.32181,43.481014 z"
+         style="fill:url(#radialGradient3139);fill-opacity:1;stroke:none;stroke-width:16.49500084;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:4.15;stroke-opacity:1" />
+    </clipPath>
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient2990"
+       id="radialGradient3139"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(-0.4961056,0.4409829,-0.7360594,-0.8280666,-11.726835,87.897058)"
+       spreadMethod="reflect"
+       cx="77.533371"
+       cy="74.979416"
+       fx="88.042809"
+       fy="51.592991"
+       r="43.474762" />
+    <linearGradient
+       gradientTransform="translate(-0.5,-87.681242)"
+       gradientUnits="userSpaceOnUse"
+       y2="85.427559"
+       x2="49.218472"
+       y1="16.138517"
+       x1="47.968472"
+       id="linearGradient3253"
+       xlink:href="#linearGradient3202"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="62.959969"
+       x2="180.40749"
+       y1="32.270653"
+       x1="262.48657"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient2226"
+       xlink:href="#linearGradient3295"
+       inkscape:collect="always" />
+    <filter
+       id="filter3443"
+       height="1.2550791"
+       y="-0.12753956"
+       width="1.2314607"
+       x="-0.11573034"
+       inkscape:collect="always">
+      <feGaussianBlur
+         id="feGaussianBlur3445"
+         stdDeviation="0.32549158"
+         inkscape:collect="always" />
+    </filter>
+    <filter
+       id="filter3387"
+       height="1.249912"
+       y="-0.12495601"
+       width="1.2041403"
+       x="-0.10207015"
+       inkscape:collect="always">
+      <feGaussianBlur
+         id="feGaussianBlur3389"
+         stdDeviation="0.44655691"
+         inkscape:collect="always" />
+    </filter>
+    <radialGradient
+       r="56"
+       fy="121.44213"
+       fx="188.88173"
+       cy="76"
+       cx="172"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient3213"
+       xlink:href="#linearGradient6666"
+       inkscape:collect="always" />
+    <radialGradient
+       r="56"
+       fy="76"
+       fx="172"
+       cy="76"
+       cx="172"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient3629"
+       xlink:href="#XMLID_4_"
+       inkscape:collect="always" />
+    <radialGradient
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.9792,0,0,0.9725,133.0002,20.8762)"
+       r="55.148"
+       cy="-0.2148"
+       cx="48"
+       id="XMLID_4_">
+      <stop
+         id="stop3082"
+         style="stop-color:#72D13D"
+         offset="0" />
+      <stop
+         id="stop3084"
+         style="stop-color:#35AC1C"
+         offset="0.3553" />
+      <stop
+         id="stop3086"
+         style="stop-color:#0F9508"
+         offset="0.6194" />
+      <stop
+         id="stop3088"
+         style="stop-color:#008C00"
+         offset="0.7574" />
+      <stop
+         id="stop3090"
+         style="stop-color:#007A00"
+         offset="1" />
+    </radialGradient>
+    <linearGradient
+       id="linearGradient3202">
+      <stop
+         id="stop3204"
+         offset="0"
+         style="stop-color:#cdeeff;stop-opacity:1;" />
+      <stop
+         id="stop3206"
+         offset="1"
+         style="stop-color:#d2e8ed;stop-opacity:0;" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient3260"
+       inkscape:collect="always">
+      <stop
+         id="stop3262"
+         offset="0"
+         style="stop-color:#ffffff;stop-opacity:1;" />
+      <stop
+         id="stop3264"
+         offset="1"
+         style="stop-color:#ffffff;stop-opacity:0;" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient3295">
+      <stop
+         id="stop3297"
+         offset="0"
+         style="stop-color:#63e9ff;stop-opacity:1;" />
+      <stop
+         id="stop3299"
+         offset="1"
+         style="stop-color:#ffffff;stop-opacity:0;" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient3449"
+       inkscape:collect="always">
+      <stop
+         id="stop3451"
+         offset="0"
+         style="stop-color:#000000;stop-opacity:1;" />
+      <stop
+         id="stop3453"
+         offset="1"
+         style="stop-color:#000000;stop-opacity:0;" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient3022">
+      <stop
+         id="stop3024"
+         offset="0"
+         style="stop-color:#ffffff;stop-opacity:1;" />
+      <stop
+         id="stop3026"
+         offset="1"
+         style="stop-color:#ffffff;stop-opacity:0" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient3021"
+       inkscape:collect="always">
+      <stop
+         id="stop3023"
+         offset="0"
+         style="stop-color:#2e6ac4;stop-opacity:1;" />
+      <stop
+         id="stop3025"
+         offset="1"
+         style="stop-color:#2e6ac4;stop-opacity:0;" />
+    </linearGradient>
+    <inkscape:perspective
+       id="perspective6395"
+       inkscape:persp3d-origin="64 : 42.666667 : 1"
+       inkscape:vp_z="128 : 64 : 1"
+       inkscape:vp_y="0 : 1000 : 0"
+       inkscape:vp_x="0 : 64 : 1"
+       sodipodi:type="inkscape:persp3d" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6666"
+       id="radialGradient6754"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="180.33144"
+       cy="95.705101"
+       fx="180.33144"
+       fy="95.705101"
+       r="56" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3295"
+       id="linearGradient6756"
+       gradientUnits="userSpaceOnUse"
+       x1="262.48657"
+       y1="32.270653"
+       x2="180.40749"
+       y2="62.959969" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6666"
+       id="radialGradient6807"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="180.33144"
+       cy="95.705101"
+       fx="180.33144"
+       fy="95.705101"
+       r="56" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3295"
+       id="linearGradient6811"
+       gradientUnits="userSpaceOnUse"
+       x1="262.48657"
+       y1="32.270653"
+       x2="180.40749"
+       y2="62.959969" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6666"
+       id="radialGradient6884"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="180.33144"
+       cy="95.705101"
+       fx="180.33144"
+       fy="95.705101"
+       r="56" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3295"
+       id="linearGradient6888"
+       gradientUnits="userSpaceOnUse"
+       x1="262.48657"
+       y1="32.270653"
+       x2="180.40749"
+       y2="62.959969" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3202"
+       id="linearGradient6931"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.63179691,0,0,0.63179691,53.71142,48.280222)"
+       x1="111.812"
+       y1="2.803019"
+       x2="112"
+       y2="75.104279" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3021"
+       id="radialGradient6938"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.5249295,0.0155626,-0.00188594,0.18479731,-3.361311,66.995903)"
+       cx="64"
+       cy="46.527523"
+       fx="64"
+       fy="46.527523"
+       r="53.298493" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3449"
+       id="radialGradient6944"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(-0.0111687,-0.36747109,-0.56097134,0.01704983,130.80404,108.99204)"
+       cx="-23.234318"
+       cy="61.877266"
+       fx="-23.234318"
+       fy="61.877266"
+       r="60" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3449"
+       id="radialGradient6949"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.03037963,-0.36638344,-0.72597831,-0.06019639,164.45135,124.58737)"
+       cx="68.020187"
+       cy="88.271393"
+       fx="68.020187"
+       fy="88.271393"
+       r="60" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6404"
+       id="linearGradient6952"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0,-0.63179691,-0.54400639,0,135.46549,197.39423)"
+       x1="186.92596"
+       y1="89.889786"
+       x2="242.85478"
+       y2="91.35981" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3260"
+       id="linearGradient6954"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="translate(-141.92469,0)"
+       x1="111.812"
+       y1="2.803019"
+       x2="112"
+       y2="75.104279" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6446"
+       id="linearGradient6956"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="translate(-141.92552,0)"
+       x1="79.738411"
+       y1="82.602188"
+       x2="50.945606"
+       y2="22.886703" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3295"
+       id="linearGradient6958"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="translate(97,0)"
+       x1="119.33739"
+       y1="59.541107"
+       x2="178.90384"
+       y2="61.049652" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3295"
+       id="linearGradient6960"
+       gradientUnits="userSpaceOnUse"
+       x1="262.48657"
+       y1="32.270653"
+       x2="180.40749"
+       y2="62.959969" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6666"
+       id="radialGradient6962"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="136.61409"
+       cy="76.109528"
+       fx="136.61409"
+       fy="76.109528"
+       r="56" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6666"
+       id="radialGradient6964"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="180.33144"
+       cy="95.705101"
+       fx="180.33144"
+       fy="95.705101"
+       r="56" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3295"
+       id="linearGradient6966"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       x1="63.933056"
+       y1="7.5667677"
+       x2="66.207115"
+       y2="7.5667677" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3260"
+       id="linearGradient6970"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       x1="74.75"
+       y1="14.275884"
+       x2="78.939339"
+       y2="16.750759" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3260"
+       id="linearGradient6974"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="translate(4,0)"
+       spreadMethod="reflect"
+       x1="73.742638"
+       y1="15.336544"
+       x2="78.939339"
+       y2="16.750759" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6614"
+       id="linearGradient6976"
+       gradientUnits="userSpaceOnUse"
+       x1="2.2864555"
+       y1="278.93"
+       x2="556.73454"
+       y2="278.93" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3184"
+       id="linearGradient7021"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       x1="341.5318"
+       y1="528.58008"
+       x2="341.5318"
+       y2="700.07751" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3152"
+       id="radialGradient7023"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.0000001,0,0,0.7898656,-515.84706,106.14197)"
+       cx="902.44019"
+       cy="573.33636"
+       fx="902.44019"
+       fy="777.67505"
+       r="252.67185" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3220"
+       id="radialGradient7025"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.7097296,0.06452833,-0.05216787,0.9870304,-1209.4918,-86.255073)"
+       cx="949.625"
+       cy="517.85107"
+       fx="942.22406"
+       fy="440.14154"
+       r="119.39729" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3452"
+       id="radialGradient7027"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.4615497,0,0,0.7922186,-1517.0981,316.29645)"
+       cx="1302.5156"
+       cy="396.677"
+       fx="1302.5156"
+       fy="396.677"
+       r="252.67185" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3285"
+       id="linearGradient7029"
+       gradientUnits="userSpaceOnUse"
+       x1="1228.4824"
+       y1="349.26135"
+       x2="1228.4824"
+       y2="687.31006" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3452"
+       id="radialGradient7031"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.4615497,0,0,0.7922186,-1517.0981,321.08871)"
+       cx="1302.5156"
+       cy="396.677"
+       fx="1302.5156"
+       fy="396.677"
+       r="252.67185" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3285"
+       id="linearGradient7033"
+       gradientUnits="userSpaceOnUse"
+       x1="1228.4824"
+       y1="349.26135"
+       x2="1228.4824"
+       y2="687.31006" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10730"
+       id="linearGradient7035"
+       gradientUnits="userSpaceOnUse"
+       x1="11.863568"
+       y1="97.683235"
+       x2="113.55743"
+       y2="38.211857" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3184"
+       id="linearGradient7061"
+       gradientUnits="userSpaceOnUse"
+       spreadMethod="reflect"
+       x1="341.5318"
+       y1="528.58008"
+       x2="341.5318"
+       y2="700.07751" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3152"
+       id="radialGradient7063"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.0000001,0,0,0.7898656,-515.84706,106.14197)"
+       cx="902.44019"
+       cy="573.33636"
+       fx="902.44019"
+       fy="777.67505"
+       r="252.67185" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3220"
+       id="radialGradient7065"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.7097296,0.06452833,-0.05216787,0.9870304,-1209.4918,-86.255073)"
+       cx="949.625"
+       cy="517.85107"
+       fx="942.22406"
+       fy="440.14154"
+       r="119.39729" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3452"
+       id="radialGradient7067"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.4615497,0,0,0.7922186,-1517.0981,316.29645)"
+       cx="1302.5156"
+       cy="396.677"
+       fx="1302.5156"
+       fy="396.677"
+       r="252.67185" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3285"
+       id="linearGradient7069"
+       gradientUnits="userSpaceOnUse"
+       x1="1228.4824"
+       y1="349.26135"
+       x2="1228.4824"
+       y2="687.31006" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3452"
+       id="radialGradient7071"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.4615497,0,0,0.7922186,-1517.0981,321.08871)"
+       cx="1302.5156"
+       cy="396.677"
+       fx="1302.5156"
+       fy="396.677"
+       r="252.67185" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3285"
+       id="linearGradient7073"
+       gradientUnits="userSpaceOnUse"
+       x1="1228.4824"
+       y1="349.26135"
+       x2="1228.4824"
+       y2="687.31006" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10730"
+       id="linearGradient7075"
+       gradientUnits="userSpaceOnUse"
+       x1="11.863568"
+       y1="97.683235"
+       x2="113.55743"
+       y2="38.211857" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6446"
+       id="linearGradient7077"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1,0,0,0.8610463,-108.16138,-1.4361867)"
+       spreadMethod="reflect"
+       x1="223.32712"
+       y1="53.784153"
+       x2="226.659"
+       y2="57.279232" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6446"
+       id="linearGradient7079"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1,0,0,0.8610463,-108.16138,-1.4361867)"
+       spreadMethod="reflect"
+       x1="223.32712"
+       y1="53.784153"
+       x2="226.659"
+       y2="57.279232" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6666"
+       id="radialGradient7113"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1,0,0,1.1383929,0,-10.517857)"
+       cx="180.33144"
+       cy="95.705101"
+       fx="180.33144"
+       fy="95.705101"
+       r="56" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3295"
+       id="linearGradient7115"
+       gradientUnits="userSpaceOnUse"
+       x1="262.48657"
+       y1="32.270653"
+       x2="180.40749"
+       y2="62.959969" />
+  </defs>
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="2.8284271"
+     inkscape:cx="27.833054"
+     inkscape:cy="69.006084"
+     inkscape:document-units="px"
+     inkscape:current-layer="layer1"
+     height="128px"
+     width="128px"
+     inkscape:window-width="847"
+     inkscape:window-height="696"
+     inkscape:window-x="115"
+     inkscape:window-y="0"
+     showgrid="true"
+     objecttolerance="5"
+     gridtolerance="6"
+     guidetolerance="6"
+     showguides="true"
+     inkscape:guide-bbox="true"
+     inkscape:window-maximized="0">
+    <inkscape:grid
+       id="GridFromPre046Settings"
+       type="xygrid"
+       originx="0px"
+       originy="0px"
+       spacingx="4px"
+       spacingy="4px"
+       color="#0000ff"
+       empcolor="#0000ff"
+       opacity="0.2"
+       empopacity="0.4"
+       empspacing="2"
+       visible="true"
+       enabled="true" />
+    <sodipodi:guide
+       orientation="1,0"
+       position="249.25514,129.75409"
+       id="guide3839" />
+    <sodipodi:guide
+       orientation="0,1"
+       position="226,155"
+       id="guide3460" />
+  </sodipodi:namedview>
+  <metadata
+     id="metadata37110">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Livello 1"
+     inkscape:groupmode="layer"
+     id="layer1">
+    <g
+       transform="matrix(0.21102925,0,0,0.20917176,-15.875634,-21.690407)"
+       id="g3518">
+      <path
+         sodipodi:type="arc"
+         style="fill:#3d3d3d;fill-opacity:1;stroke:none;filter:url(#filter3514)"
+         id="path3490"
+         sodipodi:cx="341.5318"
+         sodipodi:cy="637.24835"
+         sodipodi:rx="252.67799"
+         sodipodi:ry="126.339"
+         d="m 594.20979,637.24835 c 0,69.7751 -113.12779,126.339 -252.67799,126.339 -139.5502,0 -252.677994,-56.5639 -252.677994,-126.339 0,-69.7751 113.127794,-126.33899 252.677994,-126.33899 139.5502,0 252.67799,56.56389 252.67799,126.33899 z"
+         transform="translate(45.061429,-54.602901)" />
+      <path
+         transform="translate(45.061429,-113.57703)"
+         d="m 594.20979,637.24835 c 0,69.7751 -113.12779,126.339 -252.67799,126.339 -139.5502,0 -252.677994,-56.5639 -252.677994,-126.339 0,-69.7751 113.127794,-126.33899 252.677994,-126.33899 139.5502,0 252.67799,56.56389 252.67799,126.33899 z"
+         sodipodi:ry="126.339"
+         sodipodi:rx="252.67799"
+         sodipodi:cy="637.24835"
+         sodipodi:cx="341.5318"
+         id="path2161"
+         style="fill:url(#linearGradient3257);fill-opacity:1;stroke:none"
+         sodipodi:type="arc" />
+      <path
+         style="fill:url(#radialGradient3259);fill-opacity:1;stroke:none"
+         d="m 639.26508,523.65926 c 0,69.7391 -113.2092,126.34375 -252.6874,126.34375 -138.7519,-2e-5 -251.4856,-56.01143 -252.6563,-125.25 l 1,50.25 c 0,69.73913 112.2092,126.34376 251.6876,126.34375 139.4782,0 251.6561,-56.60462 251.6561,-126.34375 l 1,-51.34375 z"
+         id="path2168"
+         sodipodi:nodetypes="csccscc"
+         inkscape:connector-curvature="0" />
+      <path
+         style="fill:url(#radialGradient3261);fill-opacity:1;stroke:none;filter:url(#filter3275)"
+         d="m 566.27727,486.15744 c 12.7997,40.36672 -63.6135,75.70779 -179.1824,75.70779 -121.1539,0 -196.2125,-36.47311 -179.1823,-75.70779 22.2134,-51.17628 102.4871,-75.70779 179.1823,-75.70779 73.9186,0 164.7584,30.21836 179.1824,75.70779 z"
+         id="path3210"
+         sodipodi:nodetypes="csszs"
+         inkscape:connector-curvature="0" />
+      <path
+         style="fill:url(#radialGradient3263);fill-opacity:1;stroke:none;filter:url(#filter3480)"
+         d="m 134.39008,519.23381 c -0.2863,2.46133 -0.4688,4.94049 -0.4687,7.4375 0,69.73913 113.2092,126.34374 252.6874,126.34375 139.4783,0 252.6563,-56.60463 252.6563,-126.34375 0,-2.49701 -0.1512,-4.97617 -0.4375,-7.4375 -7.7085,66.28118 -117.7345,118.90625 -252.2188,118.90625 -134.4842,0 -244.5102,-52.62507 -252.2187,-118.90625 z"
+         id="path3443"
+         inkscape:connector-curvature="0" />
+      <path
+         id="path3484"
+         d="m 1050.3125,441.16063 c -0.2863,2.46133 -0.4688,4.94049 -0.4687,7.4375 0,69.73913 113.2092,126.34374 252.6874,126.34375 139.4783,0 252.6563,-56.60463 252.6563,-126.34375 0,-2.49701 -0.1512,-4.97617 -0.4375,-7.4375 -7.7085,66.28118 -117.7345,124.90625 -252.2188,124.90625 -134.4842,0 -244.5102,-58.62507 -252.2187,-124.90625 z"
+         style="opacity:0.50553505;fill:url(#linearGradient3265);fill-opacity:1;stroke:none;filter:url(#filter3480)"
+         sodipodi:nodetypes="cssscsc"
+         transform="matrix(0.9792446,0,0,0.9792446,-888.88819,80.200032)"
+         inkscape:connector-curvature="0" />
+      <path
+         sodipodi:type="inkscape:offset"
+         inkscape:radius="-4.6332698"
+         inkscape:original="M 134.375 524.03125 C 134.0887 526.49258 133.90615 528.97174 133.90625 531.46875 C 133.90625 601.20788 247.11555 657.81249 386.59375 657.8125 C 526.07205 657.8125 639.25 601.20787 639.25 531.46875 C 639.25 528.97174 639.0988 526.49258 638.8125 524.03125 C 631.104 590.31243 521.07805 642.9375 386.59375 642.9375 C 252.10955 642.9375 142.0835 590.31243 134.375 524.03125 z "
+         style="fill:url(#radialGradient10788);fill-opacity:1;stroke:none;filter:url(#filter3480)"
+         id="path10786"
+         d="m 152.9375,571.65625 c 12.16324,16.81774 31.53901,32.22263 57.09375,45 44.89458,22.44729 107.45018,36.53125 176.5625,36.53125 69.11238,0 131.67587,-14.0841 176.5625,-36.53125 25.37647,-12.6904 44.63421,-27.97284 56.8125,-44.65625 -14.13538,15.50174 -33.86123,29.21936 -57.75,40.53125 -46.07574,21.81794 -107.7785,35.03125 -175.625,35.03125 -67.84645,0 -129.54925,-13.21331 -175.625,-35.03125 -24.06082,-11.39335 -43.87678,-25.23522 -58.03125,-40.875 z" />
+      <path
+         sodipodi:nodetypes="csccscc"
+         id="path10790"
+         d="m 639.26508,873.27767 c 0,69.7391 -113.2092,126.34375 -252.6874,126.34375 -138.7519,-2e-5 -251.4856,-56.01143 -252.6563,-125.25 l 1,50.25 c 0,69.73913 112.2092,126.34378 251.6876,126.34378 139.4782,0 251.6561,-56.60465 251.6561,-126.34378 l 1,-51.34375 z"
+         style="opacity:0.62871291;fill:#000000;fill-opacity:0.29946522;stroke:none;filter:url(#filter10806)"
+         clip-path="url(#clipPath10810)"
+         transform="translate(0,-309.31973)"
+         inkscape:connector-curvature="0" />
+      <path
+         sodipodi:type="inkscape:offset"
+         inkscape:radius="-3.430052"
+         inkscape:original="M 1050.3125 441.15625 C 1050.0262 443.61758 1049.8436 446.09674 1049.8438 448.59375 C 1049.8438 518.33288 1163.053 574.93749 1302.5312 574.9375 C 1442.0095 574.9375 1555.1875 518.33287 1555.1875 448.59375 C 1555.1875 446.09674 1555.0363 443.61758 1554.75 441.15625 C 1547.0415 507.43743 1437.0156 566.0625 1302.5312 566.0625 C 1168.0471 566.0625 1058.021 507.43743 1050.3125 441.15625 z "
+         style="opacity:0.50553505;fill:url(#linearGradient10836);fill-opacity:1;stroke:none;filter:url(#filter10866)"
+         id="path10834"
+         d="m 1058.9375,474.46875 c 10.1249,22.96419 33.4256,43.85342 66.4687,60.375 45.1134,22.55668 107.85,36.65625 177.125,36.65625 69.2752,0 131.9883,-14.09967 177.0938,-36.65625 32.9585,-16.48205 56.2139,-37.31923 66.375,-60.21875 -13.5772,21.72364 -37.4334,41.27719 -68.2812,56.90625 -45.8654,23.23771 -107.4469,37.96875 -175.1876,37.96875 -67.7404,0 -129.322,-14.73104 -175.1874,-37.96875 -30.9273,-15.6693 -54.8474,-35.27158 -68.4063,-57.0625 z"
+         transform="matrix(0.99604613,0,0,0.99604613,-910.77245,72.383549)" />
+    </g>
+    <path
+       sodipodi:type="arc"
+       style="opacity:0.27227723;fill:none;stroke:url(#linearGradient10736);stroke-width:0.49323508;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10762)"
+       id="path10728"
+       sodipodi:cx="50.204582"
+       sodipodi:cy="85.220039"
+       sodipodi:rx="36.062447"
+       sodipodi:ry="18.031223"
+       d="m 86.267029,85.220039 a 36.062447,18.031223 0 1 1 -72.124893,0 36.062447,18.031223 0 1 1 72.124893,0 z"
+       transform="matrix(0.962813,0,0,0.87276863,17.362376,-18.873504)" />
+    <path
+       transform="matrix(0.94467507,0,0,0.85632692,18.272983,-17.472344)"
+       d="m 86.267029,85.220039 a 36.062447,18.031223 0 1 1 -72.124893,0 36.062447,18.031223 0 1 1 72.124893,0 z"
+       sodipodi:ry="18.031223"
+       sodipodi:rx="36.062447"
+       sodipodi:cy="85.220039"
+       sodipodi:cx="50.204582"
+       id="path10738"
+       style="opacity:0.27227723;fill:none;stroke:#ffffff;stroke-width:0.49323508;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;filter:url(#filter10758)"
+       sodipodi:type="arc" />
+    <g
+       id="g6997"
+       transform="matrix(0.21102925,0,0,0.20917176,-15.875634,-36.690407)">
+      <path
+         transform="translate(45.061429,-54.602901)"
+         d="m 594.20979,637.24835 c 0,69.7751 -113.12779,126.339 -252.67799,126.339 -139.5502,0 -252.677994,-56.5639 -252.677994,-126.339 0,-69.7751 113.127794,-126.33899 252.677994,-126.33899 139.5502,0 252.67799,56.56389 252.67799,126.33899 z"
+         sodipodi:ry="126.339"
+         sodipodi:rx="252.67799"
+         sodipodi:cy="637.24835"
+         sodipodi:cx="341.5318"
+         id="path6999"
+         style="fill:#3d3d3d;fill-opacity:1;stroke:none;filter:url(#filter3514)"
+         sodipodi:type="arc" />
+      <path
+         sodipodi:type="arc"
+         style="fill:url(#linearGradient7021);fill-opacity:1;stroke:none"
+         id="path7001"
+         sodipodi:cx="341.5318"
+         sodipodi:cy="637.24835"
+         sodipodi:rx="252.67799"
+         sodipodi:ry="126.339"
+         d="m 594.20979,637.24835 c 0,69.7751 -113.12779,126.339 -252.67799,126.339 -139.5502,0 -252.677994,-56.5639 -252.677994,-126.339 0,-69.7751 113.127794,-126.33899 252.677994,-126.33899 139.5502,0 252.67799,56.56389 252.67799,126.33899 z"
+         transform="translate(45.061429,-113.57703)" />
+      <path
+         sodipodi:nodetypes="csccscc"
+         id="path7003"
+         d="m 639.26508,523.65926 c 0,69.7391 -113.2092,126.34375 -252.6874,126.34375 -138.7519,-2e-5 -251.4856,-56.01143 -252.6563,-125.25 l 1,50.25 c 0,69.73913 112.2092,126.34376 251.6876,126.34375 139.4782,0 251.6561,-56.60462 251.6561,-126.34375 l 1,-51.34375 z"
+         style="fill:url(#radialGradient7023);fill-opacity:1;stroke:none"
+         inkscape:connector-curvature="0" />
+      <path
+         sodipodi:nodetypes="csszs"
+         id="path7005"
+         d="m 566.27727,486.15744 c 12.7997,40.36672 -63.6135,75.70779 -179.1824,75.70779 -121.1539,0 -196.2125,-36.47311 -179.1823,-75.70779 22.2134,-51.17628 102.4871,-75.70779 179.1823,-75.70779 73.9186,0 164.7584,30.21836 179.1824,75.70779 z"
+         style="fill:url(#radialGradient7025);fill-opacity:1;stroke:none;filter:url(#filter3275)"
+         inkscape:connector-curvature="0" />
+      <path
+         id="path7007"
+         d="m 134.39008,519.23381 c -0.2863,2.46133 -0.4688,4.94049 -0.4687,7.4375 0,69.73913 113.2092,126.34374 252.6874,126.34375 139.4783,0 252.6563,-56.60463 252.6563,-126.34375 0,-2.49701 -0.1512,-4.97617 -0.4375,-7.4375 -7.7085,66.28118 -117.7345,118.90625 -252.2188,118.90625 -134.4842,0 -244.5102,-52.62507 -252.2187,-118.90625 z"
+         style="fill:url(#radialGradient7027);fill-opacity:1;stroke:none;filter:url(#filter3480)"
+         inkscape:connector-curvature="0" />
+      <path
+         transform="matrix(0.9792446,0,0,0.9792446,-888.88819,80.200032)"
+         sodipodi:nodetypes="cssscsc"
+         style="opacity:0.50553505;fill:url(#linearGradient7029);fill-opacity:1;stroke:none;filter:url(#filter3480)"
+         d="m 1050.3125,441.16063 c -0.2863,2.46133 -0.4688,4.94049 -0.4687,7.4375 0,69.73913 113.2092,126.34374 252.6874,126.34375 139.4783,0 252.6563,-56.60463 252.6563,-126.34375 0,-2.49701 -0.1512,-4.97617 -0.4375,-7.4375 -7.7085,66.28118 -117.7345,124.90625 -252.2188,124.90625 -134.4842,0 -244.5102,-58.62507 -252.2187,-124.90625 z"
+         id="path7009"
+         inkscape:connector-curvature="0" />
+      <path
+         d="m 152.9375,571.65625 c 12.16324,16.81774 31.53901,32.22263 57.09375,45 44.89458,22.44729 107.45018,36.53125 176.5625,36.53125 69.11238,0 131.67587,-14.0841 176.5625,-36.53125 25.37647,-12.6904 44.63421,-27.97284 56.8125,-44.65625 -14.13538,15.50174 -33.86123,29.21936 -57.75,40.53125 -46.07574,21.81794 -107.7785,35.03125 -175.625,35.03125 -67.84645,0 -129.54925,-13.21331 -175.625,-35.03125 -24.06082,-11.39335 -43.87678,-25.23522 -58.03125,-40.875 z"
+         id="path7011"
+         style="fill:url(#radialGradient7031);fill-opacity:1;stroke:none;filter:url(#filter3480)"
+         inkscape:original="M 134.375 524.03125 C 134.0887 526.49258 133.90615 528.97174 133.90625 531.46875 C 133.90625 601.20788 247.11555 657.81249 386.59375 657.8125 C 526.07205 657.8125 639.25 601.20787 639.25 531.46875 C 639.25 528.97174 639.0988 526.49258 638.8125 524.03125 C 631.104 590.31243 521.07805 642.9375 386.59375 642.9375 C 252.10955 642.9375 142.0835 590.31243 134.375 524.03125 z "
+         inkscape:radius="-4.6332698"
+         sodipodi:type="inkscape:offset" />
+      <path
+         transform="translate(0,-309.31973)"
+         clip-path="url(#clipPath10810)"
+         style="opacity:0.62871291;fill:#000000;fill-opacity:0.29946522;stroke:none;filter:url(#filter10806)"
+         d="m 639.26508,873.27767 c 0,69.7391 -113.2092,126.34375 -252.6874,126.34375 -138.7519,-2e-5 -251.4856,-56.01143 -252.6563,-125.25 l 1,50.25 c 0,69.73913 112.2092,126.34378 251.6876,126.34378 139.4782,0 251.6561,-56.60465 251.6561,-126.34378 l 1,-51.34375 z"
+         id="path7013"
+         sodipodi:nodetypes="csccscc"
+         inkscape:connector-curvature="0" />
+      <path
+         transform="matrix(0.99604613,0,0,0.99604613,-910.77245,72.383549)"
+         d="m 1058.9375,474.46875 c 10.1249,22.96419 33.4256,43.85342 66.4687,60.375 45.1134,22.55668 107.85,36.65625 177.125,36.65625 69.2752,0 131.9883,-14.09967 177.0938,-36.65625 32.9585,-16.48205 56.2139,-37.31923 66.375,-60.21875 -13.5772,21.72364 -37.4334,41.27719 -68.2812,56.90625 -45.8654,23.23771 -107.4469,37.96875 -175.1876,37.96875 -67.7404,0 -129.322,-14.73104 -175.1874,-37.96875 -30.9273,-15.6693 -54.8474,-35.27158 -68.4063,-57.0625 z"
+         id="path7015"
+         style="opacity:0.50553505;fill:url(#linearGradient7033);fill-opacity:1;stroke:none;filter:url(#filter10866)"
+         inkscape:original="M 1050.3125 441.15625 C 1050.0262 443.61758 1049.8436 446.09674 1049.8438 448.59375 C 1049.8438 518.33288 1163.053 574.93749 1302.5312 574.9375 C 1442.0095 574.9375 1555.1875 518.33287 1555.1875 448.59375 C 1555.1875 446.09674 1555.0363 443.61758 1554.75 441.15625 C 1547.0415 507.43743 1437.0156 566.0625 1302.5312 566.0625 C 1168.0471 566.0625 1058.021 507.43743 1050.3125 441.15625 z "
+         inkscape:radius="-3.430052"
+         sodipodi:type="inkscape:offset" />
+    </g>
+    <path
+       transform="matrix(0.962813,0,0,0.87276863,17.362376,-33.873504)"
+       d="m 86.267029,85.220039 a 36.062447,18.031223 0 1 1 -72.124893,0 36.062447,18.031223 0 1 1 72.124893,0 z"
+       sodipodi:ry="18.031223"
+       sodipodi:rx="36.062447"
+       sodipodi:cy="85.220039"
+       sodipodi:cx="50.204582"
+       id="path7017"
+       style="opacity:0.27227723;fill:none;stroke:url(#linearGradient7035);stroke-width:0.49323508;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10762)"
+       sodipodi:type="arc" />
+    <path
+       sodipodi:type="arc"
+       style="opacity:0.27227723;fill:none;stroke:#ffffff;stroke-width:0.49323508;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;filter:url(#filter10758)"
+       id="path7019"
+       sodipodi:cx="50.204582"
+       sodipodi:cy="85.220039"
+       sodipodi:rx="36.062447"
+       sodipodi:ry="18.031223"
+       d="m 86.267029,85.220039 a 36.062447,18.031223 0 1 1 -72.124893,0 36.062447,18.031223 0 1 1 72.124893,0 z"
+       transform="matrix(0.94467507,0,0,0.85632692,18.272983,-32.472344)" />
+    <g
+       transform="matrix(0.21102925,0,0,0.20917176,-15.875634,-51.690407)"
+       id="g7037">
+      <path
+         sodipodi:type="arc"
+         style="fill:#3d3d3d;fill-opacity:1;stroke:none;filter:url(#filter3514)"
+         id="path7039"
+         sodipodi:cx="341.5318"
+         sodipodi:cy="637.24835"
+         sodipodi:rx="252.67799"
+         sodipodi:ry="126.339"
+         d="m 594.20979,637.24835 c 0,69.7751 -113.12779,126.339 -252.67799,126.339 -139.5502,0 -252.677994,-56.5639 -252.677994,-126.339 0,-69.7751 113.127794,-126.33899 252.677994,-126.33899 139.5502,0 252.67799,56.56389 252.67799,126.33899 z"
+         transform="translate(45.061429,-54.602901)" />
+      <path
+         transform="translate(45.061429,-113.57703)"
+         d="m 594.20979,637.24835 c 0,69.7751 -113.12779,126.339 -252.67799,126.339 -139.5502,0 -252.677994,-56.5639 -252.677994,-126.339 0,-69.7751 113.127794,-126.33899 252.677994,-126.33899 139.5502,0 252.67799,56.56389 252.67799,126.33899 z"
+         sodipodi:ry="126.339"
+         sodipodi:rx="252.67799"
+         sodipodi:cy="637.24835"
+         sodipodi:cx="341.5318"
+         id="path7041"
+         style="fill:url(#linearGradient7061);fill-opacity:1;stroke:none"
+         sodipodi:type="arc" />
+      <path
+         style="fill:url(#radialGradient7063);fill-opacity:1;stroke:none"
+         d="m 639.26508,523.65926 c 0,69.7391 -113.2092,126.34375 -252.6874,126.34375 -138.7519,-2e-5 -251.4856,-56.01143 -252.6563,-125.25 l 1,50.25 c 0,69.73913 112.2092,126.34376 251.6876,126.34375 139.4782,0 251.6561,-56.60462 251.6561,-126.34375 l 1,-51.34375 z"
+         id="path7043"
+         sodipodi:nodetypes="csccscc"
+         inkscape:connector-curvature="0" />
+      <path
+         style="fill:url(#radialGradient7065);fill-opacity:1;stroke:none;filter:url(#filter3275)"
+         d="m 566.27727,486.15744 c 12.7997,40.36672 -63.6135,75.70779 -179.1824,75.70779 -121.1539,0 -196.2125,-36.47311 -179.1823,-75.70779 22.2134,-51.17628 102.4871,-75.70779 179.1823,-75.70779 73.9186,0 164.7584,30.21836 179.1824,75.70779 z"
+         id="path7045"
+         sodipodi:nodetypes="csszs"
+         inkscape:connector-curvature="0" />
+      <path
+         style="fill:url(#radialGradient7067);fill-opacity:1;stroke:none;filter:url(#filter3480)"
+         d="m 134.39008,519.23381 c -0.2863,2.46133 -0.4688,4.94049 -0.4687,7.4375 0,69.73913 113.2092,126.34374 252.6874,126.34375 139.4783,0 252.6563,-56.60463 252.6563,-126.34375 0,-2.49701 -0.1512,-4.97617 -0.4375,-7.4375 -7.7085,66.28118 -117.7345,118.90625 -252.2188,118.90625 -134.4842,0 -244.5102,-52.62507 -252.2187,-118.90625 z"
+         id="path7047"
+         inkscape:connector-curvature="0" />
+      <path
+         id="path7049"
+         d="m 1050.3125,441.16063 c -0.2863,2.46133 -0.4688,4.94049 -0.4687,7.4375 0,69.73913 113.2092,126.34374 252.6874,126.34375 139.4783,0 252.6563,-56.60463 252.6563,-126.34375 0,-2.49701 -0.1512,-4.97617 -0.4375,-7.4375 -7.7085,66.28118 -117.7345,124.90625 -252.2188,124.90625 -134.4842,0 -244.5102,-58.62507 -252.2187,-124.90625 z"
+         style="opacity:0.50553505;fill:url(#linearGradient7069);fill-opacity:1;stroke:none;filter:url(#filter3480)"
+         sodipodi:nodetypes="cssscsc"
+         transform="matrix(0.9792446,0,0,0.9792446,-888.88819,80.200032)"
+         inkscape:connector-curvature="0" />
+      <path
+         sodipodi:type="inkscape:offset"
+         inkscape:radius="-4.6332698"
+         inkscape:original="M 134.375 524.03125 C 134.0887 526.49258 133.90615 528.97174 133.90625 531.46875 C 133.90625 601.20788 247.11555 657.81249 386.59375 657.8125 C 526.07205 657.8125 639.25 601.20787 639.25 531.46875 C 639.25 528.97174 639.0988 526.49258 638.8125 524.03125 C 631.104 590.31243 521.07805 642.9375 386.59375 642.9375 C 252.10955 642.9375 142.0835 590.31243 134.375 524.03125 z "
+         style="fill:url(#radialGradient7071);fill-opacity:1;stroke:none;filter:url(#filter3480)"
+         id="path7051"
+         d="m 152.9375,571.65625 c 12.16324,16.81774 31.53901,32.22263 57.09375,45 44.89458,22.44729 107.45018,36.53125 176.5625,36.53125 69.11238,0 131.67587,-14.0841 176.5625,-36.53125 25.37647,-12.6904 44.63421,-27.97284 56.8125,-44.65625 -14.13538,15.50174 -33.86123,29.21936 -57.75,40.53125 -46.07574,21.81794 -107.7785,35.03125 -175.625,35.03125 -67.84645,0 -129.54925,-13.21331 -175.625,-35.03125 -24.06082,-11.39335 -43.87678,-25.23522 -58.03125,-40.875 z" />
+      <path
+         sodipodi:nodetypes="csccscc"
+         id="path7053"
+         d="m 639.26508,873.27767 c 0,69.7391 -113.2092,126.34375 -252.6874,126.34375 -138.7519,-2e-5 -251.4856,-56.01143 -252.6563,-125.25 l 1,50.25 c 0,69.73913 112.2092,126.34378 251.6876,126.34378 139.4782,0 251.6561,-56.60465 251.6561,-126.34378 l 1,-51.34375 z"
+         style="opacity:0.62871291;fill:#000000;fill-opacity:0.29946522;stroke:none;filter:url(#filter10806)"
+         clip-path="url(#clipPath10810)"
+         transform="translate(0,-309.31973)"
+         inkscape:connector-curvature="0" />
+      <path
+         sodipodi:type="inkscape:offset"
+         inkscape:radius="-3.430052"
+         inkscape:original="M 1050.3125 441.15625 C 1050.0262 443.61758 1049.8436 446.09674 1049.8438 448.59375 C 1049.8438 518.33288 1163.053 574.93749 1302.5312 574.9375 C 1442.0095 574.9375 1555.1875 518.33287 1555.1875 448.59375 C 1555.1875 446.09674 1555.0363 443.61758 1554.75 441.15625 C 1547.0415 507.43743 1437.0156 566.0625 1302.5312 566.0625 C 1168.0471 566.0625 1058.021 507.43743 1050.3125 441.15625 z "
+         style="opacity:0.50553505;fill:url(#linearGradient7073);fill-opacity:1;stroke:none;filter:url(#filter10866)"
+         id="path7055"
+         d="m 1058.9375,474.46875 c 10.1249,22.96419 33.4256,43.85342 66.4687,60.375 45.1134,22.55668 107.85,36.65625 177.125,36.65625 69.2752,0 131.9883,-14.09967 177.0938,-36.65625 32.9585,-16.48205 56.2139,-37.31923 66.375,-60.21875 -13.5772,21.72364 -37.4334,41.27719 -68.2812,56.90625 -45.8654,23.23771 -107.4469,37.96875 -175.1876,37.96875 -67.7404,0 -129.322,-14.73104 -175.1874,-37.96875 -30.9273,-15.6693 -54.8474,-35.27158 -68.4063,-57.0625 z"
+         transform="matrix(0.99604613,0,0,0.99604613,-910.77245,72.383549)" />
+    </g>
+    <path
+       sodipodi:type="arc"
+       style="opacity:0.27227723;fill:none;stroke:url(#linearGradient7075);stroke-width:0.49323508;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10762)"
+       id="path7057"
+       sodipodi:cx="50.204582"
+       sodipodi:cy="85.220039"
+       sodipodi:rx="36.062447"
+       sodipodi:ry="18.031223"
+       d="m 86.267029,85.220039 a 36.062447,18.031223 0 1 1 -72.124893,0 36.062447,18.031223 0 1 1 72.124893,0 z"
+       transform="matrix(0.962813,0,0,0.87276863,17.362376,-48.873504)" />
+    <path
+       transform="matrix(0.94467507,0,0,0.85632692,18.272983,-47.472344)"
+       d="m 86.267029,85.220039 a 36.062447,18.031223 0 1 1 -72.124893,0 36.062447,18.031223 0 1 1 72.124893,0 z"
+       sodipodi:ry="18.031223"
+       sodipodi:rx="36.062447"
+       sodipodi:cy="85.220039"
+       sodipodi:cx="50.204582"
+       id="path7059"
+       style="opacity:0.27227723;fill:none;stroke:#ffffff;stroke-width:0.49323508;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;filter:url(#filter10758)"
+       sodipodi:type="arc" />
+    <g
+       id="layer4"
+       inkscape:label="box"
+       style="display:inline"
+       transform="matrix(0.6433923,0,0,0.6433923,122.76455,84.170545)" />
+    <g
+       id="layer5"
+       inkscape:label="zip_app"
+       style="display:inline"
+       transform="matrix(0.6433923,0,0,0.6433923,122.76455,84.170545)" />
+    <rect
+       style="opacity:0.57786889;fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:3.63199997;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:4;stroke-opacity:1"
+       id="rect1327"
+       width="0.64339232"
+       height="0"
+       x="123.35661"
+       y="94.546997" />
+    <g
+       id="g4139"
+       transform="matrix(0.48572138,0,0,0.41509456,66.846161,67.711896)"
+       style="opacity:0.501845" />
+    <path
+       style="fill:#000000"
+       d=""
+       id="path2197" />
+    <g
+       style="display:none"
+       id="Frame_copy"
+       display="none"
+       transform="translate(919.21744,-373)">
+      <g
+         style="display:inline"
+         display="inline"
+         id="g3978">
+        <image
+           style="opacity:0.75"
+           width="571"
+           height="571"
+           xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAjsAAAI7CAYAAAAK1lpbAAAACXBIWXMAAAsSAAALEgHS3X78AAAA BGdBTUEAANbY1E9YMgAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAFS4SURB VHja7J0JdxrbkmaDFBpsX9fr//8rq969tqwJul2tfA6CiDhxkgQS2HstlgbbEsISufXFcFYCAJfK 6oC/syq8r/ftU7E98O3ofdn7q38OABf6ZAkAy/457RWX1uvV953jOWTbeL36vuz1XkFCggCQHQCY 4WeyJTS90qJfrg74O6d8HslEZhu8r/fvVP+sIjoIEACyA8DPX/H9VWnJxGQ109urQHiO+XwSpS5b 5yYzvj1FkBAgAGQHgJ+3othUZaYlJXPfhkSqjo0nIJtAeo51i+SoIkEIEACyA3BzctMrNBURqbw9 TPg33p+tOiTu0DQnS3Q2weuttzeNf5993DlEqPV1AgCyA3AVcpNJTUU8vJfR+6K/0/q4QyJL0dc4 d5rjyc7GeblpiIz9u623Wx9305CvQ5Ig5AcA2QG4KLmpJDUtgfHenvO2anwee59ETlPOyspXnqxs GnKT3T6Kf5Z9zkrCVOkJqiZBAIDsABz1Z2aK3NgkJZOYu+Tt1uut900VIZs4neK5xEtJNhOFxhMY 7+VH4e9UP08rDdpKfwkM+QFAdgCOnt5kU089YhNJyV3xbfu+6O+3RKiaHLVKWYc+v1T6daqCsw2S mUhuPhzRqdwiQcqkyKZP1X4gUh8AZAfgpOlNqxyVpTWRuKw7327dhuR1fZ+qJbLqKPoxU51tR5qz dYSjKjTvhdez9300UqJWCpT1AGWpD+IDgOwAlAWnld54vS6tpCaSm7Xz+jr5O5H4rJPPWS1prYqp zrnLWNtCalIpXUXiUnlZeV9VhqoCVCl7IT4AyA5ASXCy9CZKbVpCY2Umu90HEuR9zEq6E8lOZWqr d/z8FOlOayIrK2f1JDvvjdd7bpkQefLzIX39P4gPALIDfM93C06lgfjOSVyqEnPfeOndeiUnanRu SU0mOecePW9JTyZBUf9Or/Bktzfn9bfgzyvyk5XAEB8AZAegtO8mGwG/S9IbLSCRxFRfz4SnVcYa giTHK1lFkrNqyI0nO6dMdiLZyXbdtJKflvi8S17eiiTHe/nmvB3JUFQia8kP4gOA7AApTld6YyUi K0PdN24PieB4AlRNdHpHyyubkaMEZ6lnY1UkaCP1aa6etOejkOr03loC9C7t8hfiA4DsAIJTkhuv T+a+ITcPSmweAtmpJDlrJ8nJenGm9txkYiNymaee9wpQJD829bGJik19oqTHS3deG29777Mfb3w7 Kn8dIj5IDyA7AAv+Xo7KVPaC75WmouQmEpwHIzgPzvuqotNKcVoJTvX8q0pa0yM355Cdivz0pkAt 8akkP9Xylic0r8n7XpO/+yZx+atXfEh7ANkBuOAUpzU1VRGb+0Bmopv9+1XB0ZKTCU6W2AzJ4zFF alYLe+6oiE+vBE0VoOoIeyY8meRktzfz+hTxqY60Iz2A7AAsIMVpSU40Cm7l5qGR2lRu9t97pSpv fDxrMu4tR/WITY/QLOV5YztBhCriI1JrePYEyBtrj0pdFfHRQvOi3vfivO+1Q3zenfsZbXS2jw3i A8gOwJlTHG+CyktwtHhkUvPYeDuTHJvmVJuMexqKRdr9Na2UpvVccCnPE9vOP6smQJEEVRqes3JX pcyVyc5L8HpLfN4OTHxIewDZAThTimP7cLIS1b0jN4/Oy8fgz3oE517a/TfecQ2t9OaQxOaQn/+l PWdsZ/w3WSmsp/zVU/JqTXNFJS1Pdl6K4vM6k/hUUjQAZAfgQMmJUpxWierBCE1265GcdSPFaaU3 1eV91YmoFc8Dky7EUxuhe+Un2+nTkp4X5+VLQXxeAvHJ+nxIewDZATix5Nixaq/RuFdwnoLXM8mJ SlRTBGf8eqRTcKo/w/yczyNDVQmqTnxl8uMlPl4/z2uH9FSTn0h89H2sjLEjPYDsADQkR1/cvYV/ UR+OJzgPgdw8mdejVMcrU1X24FQO0azusmn9vPKzfB4JaglQK/mppD5e2uOJT5b2/HKE51ciP95Y e1Tm8sQH6QFkB6AgOba0U+nD8XpwbGrTIzpZihM1GU8VHJHaoj5+ZpcvQZXpr6r8ZD0+WV9PlvT8 Cl566U802VXZ32OFD+kBZAeQHCM5U1KcLL3J3o5KVtEkVUVwKlNTJDa3KUBV+cnEp9rb44mPlhx9 ezGvW+mJylxR2jPed6QHkB1AcgqSk6U4Xv9N65ZJjt6LE0lONb2pJDj8PCI/LfnJSl2Z+GRTXC+B 8PwKJGiOtAfpAWQHkBwjOfYU8ajRWMvLFyU0XwLJ8cpV3uK/VorTk94gN9ASoKzZ2ZOfSHyqTc1e WevZSM6zk/pk4tOa5EJ6ANkBJKczxXlyxOZLQXQejOS0SlXZBFV2CviKnzeYQX683pdNUXy8/h6v xGVLW8+B8DwH4mPLXN7hpEgPIDuA5DiSE6U4nuB8CURHJz9eP45XqhqSFKey+4afL5hbfloTXq1x 9krak5W1noOXlTKXN76O9ACyA0hOIjhWbqzwRCUruwDQS3G8c6i8AzURHLhE8fHKXJn0vCTC81wQ Hy/tQXoA2QEkJ5CcL4VbS3LuG5JTTXG8nxl+hmCJ4hOVukbRsCWuHunxxOdZ4sZmpAeQHUBylORk Cc7XJNWJylW6uTnaatzag4PgwLWIj3750Uh7qtKT3aZKz0ZYTgjIDixUcrTsDDNJzlclOV+DNOex IDlew7EnOQgOXKv4ZBNdFel5FX9yywrOz0B89L/NpCc6jkIkPnwUANmBo37feJKjD+acIjlfjeh4 iU4ryckajqOzqBAcuGbx8cbZvaWFVnyysXUv5fmpXv6UuMwVNTNnCwopbQGyA2dJc1bSPtLhvkNy WqKT9eRk/TiVUhU/E3BL4hOVuVpTXFnSY6Xnp5EfKz52iqvS04P0ALIDZ5WcrFxl9+N8KUjOV/H7 cnSSo5cAelNVpDgANfFplbi80XWvpycSnkx6tPiMHzeSHu/sLYQHkB2Y7XskO4XcSs6YuGSTVZHg fJW8L0dPV9mm42yqCsEB2BeDqMxlm5mt+OglhePN6+f5mdxazczRURTRKetIDyA7MFuaM4pEdDhn a3z8a3LzRsmznpyoH6d3szEAaU9+NpdNe0YBeQuSHtvP48nOD5P42C3Nr4n0UNoCZAeOIjleX07W eDxKi05wvnVKzqPs78mJzqmyy/9IcQAOT3si8dH7eqKeHjuqrsXmh3nppT26RPaWSA+lLUB2YNL3 Q1Sy8iRHl6sekxTnm3mpS1k9kpPtxyHFAZg/7elpZtZJz4uRHtvP8yMRH6+8NUqUPnsra2Im5QEu BlBKcwYnzRnlw5uuspLzLREdm+ZUJafSj8P3NcDx055oSaEnPbaJeRQaLTpR2vPLJD3RuHpW2kJ4 bpw1DwGi40hOVLLSY+Q6yXlKUhz9uk1zdCKE5AAs87lh6/ycbdVL/VzxYZ4v3iSeynyW/UN9f8j+ YMLPz3///PmxRum5k7yfR5z7j/QgO0CaU+rL8UbIvxq5+eakObZkpRcCIjkAlys9W+e540PiXVue +DzJfklb334o8fn1+fF+yZ/S1vApPCvZ7SmyKc8K4UF2gDRHTzd5zcf6yWeUl2+B6FjJsWnOFMmh 6Rjg8qXnviE9nvjohOen+ji/Pj+2Jz2kPIDskOaUSlZRX87XQHL+krg359FJc6ZIDoIDsDzpWTkJ iic9rc3qFenR5S29jmL8+GM/zyD7U1ukPMgO3HiaoxuQvb6crFz1l/i9OVHJKjvWAckBuLxfnrbq ZzaTnmii00t7npzU5zH4xelZfUzbz0PKA8gOaU46Sv6USM5f4petWiUrb+sxkgNwXWmPJz36uedD 4l1dWXnr0Xlu8X6R+iX7e7hIeZAdIM3ZSXOs5HxVcvOXIztZA3JlISCSA3D90jM+92ySpKclPp7s 2OeaZyU8pDyA7Nyg6GQ7c7ySlU1y/nISHS/NiUpWSA7AbUqPyO7IerTHKyptedLzmCQ8+rnnhZQH kJ3rlhyR+GRym+bofTmR5FjRiRqQo74cu/XYu78AcF3PR970ViQ+d5I3MlekZ/z7a/M8RMqD7MAN pTnezhyb5vwV3FppTrVkJaQ5ADed8owMzi9ktpcwkp7W7Z6UB5Cd63wyEYlPJ9dPGl4D8rdO0bGn kmdnWFGyAoBqE7Pe91WZ3noQv5ylb17KM+7keSukPAgPsgMLTHNWHWlOJDnfJS5beWnO+HnoywGA 3qTHK2utJkjPg8Q9PDbl+f3xxkWEWnhWRnooayE7sEDRiUbKK2nO90B0dNnKnmW1VpJzJ/TlAED9 +Svq59mYlz17elrSo2XHlrbGc7a03FDWQnbgzJIjEk82eEc96N6cUWa+O6KjtyF/baQ5UQOykOYA wISURz6fR1qTW5H0VHp7WstN3z/vB2UtZAcWlObouNc7uNNLc7TcfJf9/pxRdFq9OZSsAGBu6bH7 eXqlp9q8bFdj3AUpj1fWQniQHTih6EQj5VFvjic6UdnK7s2p7MxBcgBgzqTHPt9FSbb9RS8Sn3vx +3iiX+DeTbKzMfcZ6UF24Iiio3/YvTTnUfzenO+O5GjR0U3IXuTr9eaI0JcDAPM+32WlrY20z91a N1KeqIcn2gv2YdIdUh5kB44kOWJ+CPUPtm7Ki/bmZKJjm5C9NCcaJyfNAYBTpTxb9frg3Lz9PLaf 574hPVGJ/sNJeBAeZAdmTnNaZSvdhGzHySPRyZqQ18lvOqQ5ALCElKe1hXmdyM59Q3Zsyf7NSA/C g+zAkUQn2p1TTXNsf042Uk6aAwCXnPJEm5ij3TvrJOEZnwffkpRH1PsA2YFO0fEO8BxFZ5yW0qeT R5LzXfaXBEZNyPTmAMASnxsPTXnWSnDuzetWdKKS1pv6/PTxIDtwgOSI7G8RjcpWUZrzX1IvW40f m0krALiE58melCeTHk92KiUt28fDPh5kByakOVF/jt2d401a/Zd6qRcFRrtzspFy0hwAWOpzZk/K Y6XHkx9PdrKmZdvHwz4eZAcmiI7Xn6PLVnpvjhYdm+i0dudk0wekOQCw9OfOLOXJkh6b4FRlJytr CcKD7EBbdKL9Od7unL8cyfFExzvAMxopH0hzAOACn0ejlMf7RVJLj5Wfu0SGhob00LiM7ECH6OhG ZHu2lS1bWckZS1c60dFlK12jHsSfthJEBwAu9Pk02r4cpTxeecvr27kLpMf7HCI0LiM70BSdVn+O l+boRMcbK882IdsfUiQHAC75udVLeaaKj5Ugb0rL+4WRxmVkhx9G9VJPXGX7c7KyVSQ63pJAmpAB 4FaeY3ulJ5OcdUN2sudUGpeRnZsXHf1DFu3PicpW/5L9HTrRWLkVHdIcALiF51vvJHX95z2TW73l LHuQKMKD7NzMD57eoWMbkW1/zig63ztFR29D9o58QHQA4NZ+wdzK/g6zbOVHr/S09pMhPMjOzfyw RaPl3qJArz/nX7JfusoakXV/zuD8gCM6AHBLz8NeWct7bh5fv2tIzyBxKcu72UkthAfZuSnR8RqR o7LV+Lo3ceX150TTVkgOANy68FSmtjLpGSQfSY9Sno16ifAgO1ctOrp0Fe3PsZKjS1f66Af6cwAA pgnPIH19PIPEu3pa6c748W0fD8KD7FyN6EQ7dPTElT7bSgvO+LoVnVYjMksCAQDi5+dqH8/KPKfe FWSn1b+D8CA7Vy063g4dfVr5fxnJ8UpXWnS808rpzwEAqD1XV/p4rOzYdoTKZmXvufgD4UF2rl10 ngLR+ZcjO94Onex8K8pWAADThCfr41k5MjMUbl5i5IHwIDsXJzrZssBotPxf4ic63mi5FR36cwAA 5hGewZGN6gbmylRWBsKD7FyU6GTLAkfRyUpXNtGxomMnrujPAQA4/Dk86uNpTW6tGtLT85yM8CA7 FyU69tRyKzrfJe7RqYoO/TkAAPM+n0d9PCLtdGcl01MdhAfZuVjRyXbofDeCY5uRI9G5Q3QAAM4i PKvCrbVFGeFBdq5GdPRWZO8wT68ZOduKPH686MRyJAcA4HjCEz3PVmQnep6uPGcjPMjOokXHjpaP ovNfgeh8D0Qn26GD6AAAnE54dONyq5ende3oAeFBdhYvOt8C0fEmrrytyGOiw2g5AMD5hEeM9Ni/ 02piPvR5GuFBds4mOjqy9JqR9WGe3rSVHS0fd+jYZYGIDgDA+Z/3vUkt73n4WM/LCA+ycxbR0Rs0 bTOyJzr/R/zRcm8rsndqOaIDAHDea4BtXL6T/T6cVfFjITzIzkWIjt2jYw/0tKKjZSc7/iEbLUd0 AACWJTzDEaQG4UF2zvpNHh0B4Y2XW9H5P+p9VnQeP2+6EZllgQAAlyc8p3iORniQnaNJji1feUdA ZKJjx8tZFggAcJ3CcwoQHmTn7KLTmrr6Jn926LAsEAAA4bFsC+9HeJCdWb6R9eu6ITk66yqavPqX ER0v0WFZIADA7QpPj6y8IzzIzpyiE/Xo9IiObkaORIfRcgAAhKciRFslPPrzIjzIziyi442Ya9H5 LvvnXH2X3WbkJ0QHAADh6ZCa6H22nIXwIDsHiY4eMc+OgfAO9Gzt0UF0AAAQnor4tHp4EB5kp1t0 7HZkLTpe6cprSK5OXSE6AAAIj5UX72V0E0d4ANlpio4tXdkTzP+S+ATzsaT1DdEBAEB4OoWnR3Ky 0hbSg+w0RScrXY2iEzUj26krfagnW5EBABAeSaTEk5yNeenJjv27+n4gOxCKTmVpYKt0NfboeJuR ER0AAIQnEp9MdiL50TCSjuzsSU7P0kCvT2d8e0x0vgrNyAAAXGP6hSeSHXvLkh5G0pGdnW9C/bpX vvJEp7UwMBOdAdEBAEB4GnITCU4kPdG0FhNaNy47laWBdsQ8SnRsQ7LepaNLV4gOAADC4wmPyH7f Tq/4RL08Nz+htb7hbzqRuHxlR8wj0dGyY0VnTHTWQukKAADqJa1DEh4v6bn5Ca1bT3aiEXNbvvou +0dBeImOXRqoS1cDogMAgPBILeGJmpN/3z7MrSI7Nz2htb7RbzSb6OjFgY+SNyTrm7dLR/fo3BnJ AQAAiIRnK396RkX6k52spDVykxNa6xv8BtOvR306nuhkzcgsDQQAgEOF5069vv28rlSTnUrKc7MT Wusb+8bSkqPLV17pyvbp6DTHLg1EdAAAYA7hGZSMiPjlLC01WoBafTwjN9ewvL6hbygRvyH5XnbL V7ohOZKd6LwrtiMDAMAhwjPKzp0jO9tAcqKbLWlpwdmo+3D10nNryU525pU9xdxOX40LA1sHe7Id GQAA5hCeSHZ0utMSnaikpUtYV1/OWt/IN5GVHXuSeWtDsi5d2akrvUuHRAcAAOYQHv3L+dRkx5Oe m2xYXt/AN0+P6Hh9OrZH52siOiwNBACAOYSnsn/HS3feP29eD8/NHimxvvJvGis6Y+lqrUSn1afD dmQAADjXdUw3LN9LO915l76UR+QGGpZvIdnxjoN4ULIT9elURYfSFQAAzHnd8ia0vIZlPYXVkp1N Ijv65VWmO+sr/maxstNzknlFdLzyFaIDAADHEh5PdrYS9+68y25Zy5vQ0h9rda3Cs77SbxJPdHSq M4qOPffqu7SPgdDnXbEdGQAATiE8eiS9le58OJLTGku/6v6d9RV+c2jRWcn+4kA9Zv6XEhstOmMz MksDAQBgKcLjTWhF6c671NMdvXPnKvt3rjXZ6d2nYxMdvR3ZnmLO5BUAAJxDeLIDQ22zciQ7nvRE h4deTbqzvrJvCCs7ekuyPvdqTHX+SkTnayI6JDoAAHBq4RF1fdt+XpfsdFbWt+OVtjzZubr+nfUV fSN4orMuiM73hujQkAwAAEu61onEDcu6f+e9cIukR/fvXDzXluxk01e6IdlOX32X+CiIrCEZ0QEA gFNd46oNy17/ztvnLROdqy1nra/kG0AS0Rn7dLJUp3LmlVe+AgAAOJfwRA3L0WTWeyA+WePyVZSz 1lfwH++JTtSn860gOjQkAwDAJQhP1LCskxorOG9Gdt4c4dFTXldRzrqWZMfKzr3spzqe6ERnXo3/ noZkAABYqvCI+A3LD7Lbt/PhiM6rtEtbV1POWl/4f7ZIvjzwUXYP+bSy803aR0HQkAwAAEu+Dors Nyx7o+jvSnReZT/l8UTnKspZ6wv/D64cB2HLV/rlX0p0dKpj+3QE0QEAgIVdB7OGZU92snTH9vDY puWLLmdderJTaUr+JvtNybp09SURHdunAwAAsFThsddDLTxesvNq3rayczXlrPWF/ueKxE3JdvrK pjr2KAgWBwIAwDUIT7Rw8FH8dOfVER+b8FxFOWt9gf+pnuiMiU6W6mjhGUXnixKdUXaYvAIAgEsV HjHCE6U7Vdm5inLWpSY7veUrKzrRPh1EBwAALll6tOxo4fF6d14D4bm6ctb6Av8TK+Wrb7Lfq9Pq 0xmEPh0AALhc0fEalkfhefiUlifxe3dsD89VlbPWF/Sf6IlOpXxlRUfv09Fj5ndCqgMAAJcvPPp6 qaezRuFp9e5ECc/FlrMuLdmplq+ipuTsgE+b5iA6AABwqdIjsjuOXpnOeglk510uvJy1vqD/tOxI iKh81TN9RfkKAACuQXRa4+iPSmJeG7ds4eDFlLPWF/CflonOvfxZCOgd9On16TBmDgAAtyA8+vqp y1n3SnhsOcumO9GG5UEuqJx1KcmOlp1BdstX+kiIv8RPdb46okP5CgAArl16RNrlrKx3J+rf2Zqb lSxkp/M/SSQ+EsI70bw31aF8BQAA1yg6PeUsr3fnRfb37+h0x+vfWSSXUMbSiY495PNJiY5Nduz0 FeUrAAC4ReHR19NWOcuTHS/hsbKjp7QWJz3rBf8HSSA6rVRHNyRTvgIAAKTn/+OVs+yyQS03L+rm lbN0wrOSBTcrrxf8nxKNmlvRiWSHQz4BAADRyctZetmg7d3RouMdKWHLWYttVl5yshPt1NGj5l+l PWZulwdSvgIAgFsUHn19zZYNesmOt4PHG0dfZLPyeoH/IeLYp92pE/XqaNHRZ19RvgIAAKTn/zOo l7qc9f557XwLZGe8ZenOIpuVl1rGsr063pEQXwPRaR3ySfkKAABuUXRsOWtMd/Q6l3dHdn593rKE ZxSeQRbYrLxe2H+Elp3xP6I1gfXNER1v+upOKF8BAADCY4OFMVT4+Lx2ZqWsSjlrcc3KSyxjReWr SqpjRede/AM+ER0AALhl6RH5swX5Tv6Moutm5dfPa6tOd3TKE6U7i2tWXi/sge/dq/NN4j6de9k9 zZzyFQAAIDq7MqKFxw4C6XTHik62cHBxzcrrhTzwWnRsrPagHvivgez0bklGeAAA4NaFR8w1d5zO 0s3KWnY86XkNZGcjC0p3lpTseKPma9mdwPriyI4VHW+nDuUrAACAOGwYnKDh0QjP79uzIzteOWtM jBaR7qwX8kBbu4zKV1+V4GjR0Tt1okQHyQEAANiVDzsUZI+S0JNZvwXnL9kvZ+mEx9u9I0IZKz3V 3DYm20THGzPXvTpMXwEAALSFZ0xivOksfQ3+pV5WmpV1Kets6c76zA+yfl2Lzlr8Cayv0i5fadEZ EB0AAIDS9bjVrPziiI5OeGzvzti/8yGUsZrTV18cyfkq/U3JAAAAsH8d9pqVN+p6/C5/2kl0k/Kz /Onh8fp3xrLY2U9FX5/xwdWys5LdpmRvW3KW6tjyFU3JAAAA067L3pmU9pr8LH3lLJEbL2NFqY4+ 2bzSq+P16SA5AAAA7etxtFlZBxBvn9feLN0ZhUeXs8by2NnSnfWZHlRtj3YC616JTlTC8spX+vwr Uh0AAIDDrs9eujPKjk53vHLWmO68ywLSnfUCH1CvV+erkR1vpw6j5gAAANOvy3oUPWpW1sLzywiP V876/W/Pnu4MZ5ac1qj5V0d09E4db3kgo+YAAACHXaOjEw30NfqLCSS8Y5u8Bb8nvzYvoYzVSnWi 8pX3QDJqDgAAMM91Wqc7nvD8vi6Pe3ee1du/X19UujOc4cHzUp11YIzeBFYmOkgOAADA4ddqe71u Xat1KNGqwJz8Wn3uMlZrtM178OwEFuUrAACA+a/Xq+L12rtm6+u1HSI6ufQMJ3zQrCW2tiXbBYLR pmQWCAIAAMx/zbbX7ahZOQonFpPunLOMFdUAI0PMLJFRcwAAgPmv26sJ123ddrKIdGc40YNlHzjd 3a3P3vhizFC/zqg5AADA6QOKbNHgkyM8X2Rhk1mnLGN5UVir2Sl7sDgWAgAA4HTCY9MdL6zIem3P lu4MJ3qgRPJGp8wMHyXu1SHVAQAAOE1g0ZPuROtivLDiaspYnhXac7B0slNtcGICCwAA4PihRSXd iUILfR33Jqnl2NfxU5axsm5uT3SiOf3oQQIAAIDTBRfeZFZ0LbelrJNOUw9HfmCyB+hBdmt92YMT pTpHt0EAAABEZ+d6Hk1m2UO8KycfnOR6foqencgE7yUuYekHxk5grYReHQAAgHNIT7X/1mtJ0enO SftvhyM+IJEFeudgVVIdr3tbBOEBAAA4hei0rutZOat6ruVFyY59YKLTzaNU56wGCAAAAOn1Pevd eZRprSlHGzgajvQgiCM6U+xv3bA/hAcAAOD0oqOFxxs6ejpQeBYvO9b6VrK7RLDVqxONqJHqAAAA nFd0vDDDDh95wvMkfaWsWa/zxy5jZSWsHuu7EyawAAAAliI92fCRrd48OcITXeOPEmgMR3gAJHgQ 7BLBLwXr0w/CgOQAAACcXXQkuda3+nIfpT6GvljZ8YzPHvpp460nqcVbVqYAAADgfNKTlbK8UfTs Wu8Jz2zX+mHmL1wkPvQz69XRJSzdq8MEFgAAwPJEx5Oe6IQET3psFeeovbnHLGPZXp2sU9suEdQn o3IGFgAAwHKlx17zdbqjAw6d7LQalWe95h+zjNWyvOgLt1/00ZcNAQAAwGTRaS0ZjK77evJ67Vzz F1fGqpSwIsPz6ncnm70HAACAg67/1UblTHiO2qg8nOAL9vp1rOhER0Mwbg4AALBc0akKz5MjPCcr ZQ0zfrEitVSn8sXqcXNSHQAAgOWLj77+eyeiR2HH0as6c5axqiUs74s9+TZFAAAAOLkD9Kycmc0B jlXG0k1KUc0u6sa+kyM1KAEAAMDsomM9YM7AY5Z0Z5jpi4xEx0ZYj+qLO+sJqAAAADC79LQms/QJ CtoN9DT2nSywjOXN2euNyZHR6b06dokg4+YAAACXJzqVdOcxcYFMeCZ7wdw9O95ZWC3ZOWp0BQAA ACcVH69RuRJ+ZH07Z+vZ6dmt8yhxqpOdi3HwFwgAAAAnE53evTuPkld6FtOz41lcFlt5jcm2XwfJ AQAAuCzRsX6RpTteCKKdwJ6icJAbDDN8UT0Gl9XnaEwGAAC4fOnJFgzboaXHwAvWMuNywWHGL6jS jOR1XmcbkwEAAOByRCfyg+xQ8KOXsuYqY+mR80pUxcZkAACA6xafaPdelO5E25QPTniGiV+AZ252 CitrQoq+GO/zAAAAwGWJjohf+cmEp9XiMtkNhpm+kGx5kFfGynp1kBwAAIDLF52op/de9lfTVE5V OGvPTrRI0BOeB/V3sogKAAAALl98BmmvpsmalGcpZQ0T7nhmbOuGrXmd1uzWAQAAuD7R8Vwh6u09 ainr0J4dz9aiMhaHfgIAANyG6Ni39VSWDkYi4Zm1lHVIz060EjqbodclrOhoCIQHAADgesTHK2WN Acmj8YajlLKGzjsssh9NebGUd8crh3wBAADA9YhO6/iIk5SyDunZ0abmbUd8MK9njcnddxwAAAAW LTrWN4ZO4ZmtlDW1Z8dbFBTd8cjQKGEBAADchvhEO3dOUso6pGcnO+TL3u6FEhYAAMCtik40lVUp ZUXJzuw9O63zLnpSHUpYAAAAtyE61jkyd4j84eCzsg5pUPZSHS/Z8Xp1vI3JCA8AAMD1ik9WyvL6 faNe3+6EZzjCnfVkJ0p1EBwAAIDbEJ3WgsFq385RenayElZ01oWX6sx6qBcAAABchOjYt7NJ7soI endgMqVnxzYmZ6lOdCcRHgAAgNsTn0HOMODU27OTNSffS1+qg+AAAADcjuh4wUnmEeNtLf6ZmiLF 0GRKz85c/TrNOwcAAABXITpWerIKUXTMVNT7e3CDcmvkPIufsmVAiA4AAMBtik8mPFWfmL2M5QlP a+T8XvLjIVaB8QEAAMD1io5IfOTU2jiE9Yk7ySe7V4fIjgQW1mpOzs60QHAAAABuU3SiY6cqfTuT jo3olR17auna2Bcj5wAAAFBxCu9wUOsVlUrRQT07XqdztF+nIjqMnAMAACA6Vnis6HheoZ3C6wOe LDsi8SLBqIRlbYwSFgAAAHii02pU9pKdSUdPTe3Z6dmvMwiTWAAAALDvFlGjclTKOkqDspfsjMJz 7wiPNw9/h+gAAABA4hdRslNZZ9OsGg3JnfDMS9+ZtXNHKqecC9IDAABw06Ij0j5cPCpleS0yMkV2 RPajoVXxzlQakwEAAADRqSwYtH7RSndWPbIjgXnZzcneHdIlrFLzEAAAANyk/GR9O61kp9S3U+3Z ycpYWnSq1gUAAACITrVvJ9q3M7lB2duvUxkNW0u9nob0AAAA3LboWMdotcrYQKXctzN03onojkSi Q78OAAAAZI7RKzzdnlFpUB7Eb072hKd1FhbCAwAAANY3osXFFeHxPGNVlR0rPN4BoF6qwyJBAAAA qIpO66QGL1jxXKN7Gsv+Iy9aij5564gIpAcAAABWgfBEw1BZb3BayhqCT2ylJ/rka4knsJjCAgAA gKrw2BF0byDKBiulJuXWNJbXnOylO5O6owEAAOCmJUf7xipxDS9k8U4/d92jVcaqNCdHx66X598B AADgpsWnNf09JWBZtWRHpDZ27pWxuo9eBwAAAKRH6q0zXQHL0DAsrzv6rlN0AAAAACLBEam1zmS9 wmmT8uB8QnsnKvWzO4nPqkB4AAAAoCU6vX075cWCwwGGlU1iMW4OAAAAvfJTFZ4oZBFPerIy1tD4 hNkIGNNYAAAAMFV0omXGWd9O2KRcmcY6JNmhORkAAABaohP5R+YdWni8np10Gis67bz1iWhOBgAA gEOkpydoyXqF3TLWKhGd6idkczIAAAD0Co5IvUm5UsraozV63hKdO+lc2QwAAACQyE92CHlLdFwP iUbPo1TH+4T06gAAAMDcomP7du7M660m5f+8HJJPNN4yybmrfiL+DwEAAGCi9NwZ//A8pNmzUzWr ilFRygIAAIBewclE584RntaREf/5uNlSwYrolJuDAAAAABqiI+IHLi3pSRcLDhOsqmJTJDsAAABw iPhk6U7XMVU2ifF6dqJ0p7I1GeEBAACAXuGJJrJawUs6jeWtVx46P8lK2K8DAAAA84hORXoG8Zca h2WsyKiGxieJGpOZxAIAAIBDpGfocJFSg3KlhFWNjRAcAAAA6BUc6XSRTHhKyc7QYVSUsAAAAGBu +amkO60G5dVQsKpB8kQnO1odAAAAoCI2nocMEqc7mYs0j4vITGoomBTSAwAAAHOIjyc61XTnPz4y BB+4FR0N0o6OEB4AAACYKjyVgalSpSk7Gyv7oNmYF5IDAAAAcwnPkNyi/mER06Ac1ckym/IsCgAA AGAuyRGphzDpdPjQYVGVZiB27AAAAMCc0qMble8kD2BcJxmcDyiBRXkv09gIAAAAoFNwrEtkjcot 0flfevfseKKTHr4FAAAAMFF8vHRnaNz2psOrG5QrJgUAAABwiNxEwhOJTqWMFY6eV/p1mMQCAACA Y0lPFMCsekRHpD2NFS0VbB66BQAAAHCg8FSkJwtg/vfW2rMTCU/LohAeAAAAOFR4WsuOo/ftMDQ+ cKsBiDIWAAAAnFJ8ur3Ejp5LxwejORkAAABOLTmep6TT4a1kp8egvDsIAAAAMFVy5AAv2VsqKBI3 KK8kTnTYmgwAAADHlB6RWnuN17MTHhdRER5EBwAAAI4pOOI4yaSqUzQ6vko+OE3JAAAAcArpscFK JDilBmWRfHw8qp1lJgYAAAAwt/i0RtD3fCY7G0ukXrZCdAAAAGAOqamITiQ87rT4ULSoSIQQHQAA ADiW9KwawuP1Fu/9+6FgViwPBAAAgKUJTzZEteMy0annkrweSREAAADAscQnu4kkR1gNgbSsijeE BwAAAJYgPtHfLW1QRngAAADgnGIjjm9kLTc7f97aoNyzW4deHgAAADim+IjU2mx2GAJLysa7aFYG AACAc4hO9L5095899TxbybwqCg/yAwAAAKeSnuafZUsFq6uYAQAAABZLlOxE2wm9U0URHwAAAFgC q0h2bAnKS3KaJ4oCAAAALEFuPNnR/8BrUK6UsyZ9cgAAAIBjY5cKtkbOI9Fh3w4AAAAsWnYi4alM YCE6AAAAsGjZiTYQitQ3KAMAAAAsVnZEahuRSXAAAADgYmUnk5jKGVgIEAAAACxedgAAAACuWna2 wd/Zqj/L/g4AAADAYmVn25AcKQgPAAAAwCJlZ+sIztZ5O7oBAAAALFp2tOh4grP5vEWiQ+IDAAAA i5cdT3Q2gfggPAAAAHBxsiPil6825pYJj5iPBQAAALAI2bE9O57UWOGhZwcAAAAuRnZE4nLVJrl5 pS8AAACAU1FyjyH4h16akzUpAwAAACxSfqJkJ5rGak1mlS0LAAAA4BQMEi8O3BYlB7kBAACAU7Cd 8mfVPTve694nQXwAAADgFJKTVZW2kex4olPdoIzkAAAAwCmEZxu8HjIkRlQ9JgLRAQAAgGMJTuQc 28Rbdv58CP5i9EGk8T4AAACAUwhQpX94a2VHHFvaSn5QKAAAAMC5BCc7vPw//3YofGCRONkBAAAA OJbgSCIz0akPaRkrkhh6dgAAAGBJorNJhGfv32dlrJbYdHdDAwAAABQkJ3OS6EircE1OdOp59kkQ GwAAADi1BHmnO2SnPPzn3w6SNyFvG8KD+AAAAMCxBUckPqA8O7/TLWN5cuNFRFETEOIDAAAAh0pO JD3bRHo2gaM0j4vYSHwoKMIDAAAApxCfluRY4dn595XjIlo1sazXBwAAAGCK5GSTWJVU5z//fkg+ aOuDZYeCAgAAAMwlPdvAQ7K+nf/QSnZaMRHNygAAAHAO6Sl7ydD4YPaDfkihEQjpAQAAgBkFpzJy 7vXsyCg72ZZCT3Qi4UF0AAAAYC7RiaSn0ke8cxsC0dlInuhQxgIAAIBjik5LcqrVJneDcpbsZNID AAAAcKjkiOMmUcmqJDxD4wNvpD/lAQAAAJhDfipnYkU9O3sNytHxEDbVsX072XJBAAAAgF7BsS4R OUlpe7KWnegDeklOJdlBfAAAAOBQ8bGpzkdDesKlgtE0ltev8+F8AhqUAQAAYG7J8YTHc5Ksl7j7 uIjsg5PqAAAAwDGkJ+vPsV7ittVEo+fZjh3vAzOVBQAAAHOLjnaSD+e2qfhI5dTzj8InYd8OAAAA zCU6Ivnuvy4faR0XkX3g7BMAAAAATBEcKzrbouiUDwKVmT44wgMAAABTxafVO9wKX3Y+nrdBWZwP vpH+ZAfxAQAAgB7JsW8fXML6zeB8gpZNvYu/YJBSFgAAABwqPJXm5HfpCF56e3beC0aVWRoAAABA VXoqqY7XWrPjINlSwWzU6132Ex4WDAIAAMDcohM5yHvVQbxkRySvk0XREbt2AAAAYIrciLQXG7+L X2FqCk926rmX7rzLtHIWAAAAQEV8Wo3JUXUpmsZqHheRNShXylhMZAEAAEBFciLpiUTHBi+hfwwd ZpV9ouysLAAAAICK8GSBSyQ6Uaqzc+r53jtl/zh1L9XxeneYyAIAAIA5pCdrUP5IHCRsUPbKTa3x cyayAAAAYG7J8RYbvwc3LTphZam3Qbmyb2eD5AAAAEBRcOzLVnNyNI1VHj23wrMxwpOZVcmuAAAA AALh8cKWinukYcvUZKdn/JyJLAAAAKiKT1ZVymQnnAQfGp8wm8byambp6BcAAABAIjlV92gtNm6e jRV90pbsRJ8U0QEAAIBe4cm8w2tQDgOWaPRcAsOyn+QtkB4kBwAAAFpyYyWnKjpdJzi0GpTHm62b vSWikyU7CBAAAABEwpOVsDzv0M7RNXquqfbseJ/YPWYdAAAAIBCfbVF0spBlzzuqyY43/vUmuwlP Nu+O8AAAAEDLOWzI4nlHS3TEekc0ei4dn/i98MkRHQAAANgTEZnWmOyVsUSKZaysSVl/8jfZT3Yy 4QEAAACQxDvsQJTnHD1nc4ayI45pRX07b8kdyM7JQn4AAAAgWnfj9etkwUrz5IahcEeyWKlHeBAd AAAA8Dwj2uv35gjPeGstFCzJTlTKspLzKnGzMn07AAAA0BKeiui0PENkwjSWFGwrSnY84wIAAADI lgnaYaiW6DQXCkay0zoywitjvUot2aGcBQAAAFmo0mqVyZKdsux4d6gykUXfDgAAAPQIT8UxonaZ sl8MnXfEs65XqdfTEB0AAADQnpFVj1p9wSXh6W1Q1uYVWRd9OwAAAFBxiyhQmVI96p7Gap1E6tXT 6NsBAACAXuFp9QS/ir9QsNSvk8mOd8eyU0hfJW8iom8HAAAAxBGdKNXJ2mS6jqXqaVBuxUyv4qc7 5dEwAAAAuGrBidzCNie/Sp7sdA1ADcU7VmlSfjV3sNKkjPgAAADcpvT0TmG9yf6ZWEdvUP5w7kRl mzKSAwAAgOjYgz+9Xh1vAKqrX6clO94dzJqUszvmTWUhPAAAALcpPF4JywYn1iuysfOj9ezY2ppX ynoT9u0AAAAgOLtO4TUmR1NYWXOyyMw9OyLTmpRbjcqIDwAAwG0KT0t0oubkrvBkShkruoOvReFB dAAAAG5XeFpTWPZmS1gn7dmZcgcpZQEAANye4HiiE+3W8XqAtU90LykeDrijWRmrtXOHbcoAAAC3 KzytVOdF/OBkkkcME+5gZGTeHWylO4gOAADA7QhPJdV5kdoUVplh4p1tTWXZO5pZGQAAAFyv4HgO YY+eepW4HcYKT3c7zDDhTusyVqvWNt6iw7uyBwQAAACuQ3i86pAWndEhXqRdwure2dfboCySH9z1 6tzZNyM8Xr0N0QEAALhu4bHuYBcJZqmO15x8kgZl3aT8XrzDH4mdAQAAwHUJTiQ83vmaL+bWak4u M7VnJ2tS9u6sXQoUiQ7iAwAAcF3C0zoe4k35QuQNBw04TenZEWkvF3w1d9w7sZRSFgAAwG0IT9T+ MorOS+ANs5zCMLVnp3LHbcrTuuMAAABwPYITCY8XkETNyVFI0sVwwBeRnVbq3WlKWQAAALclPJUT zrP2l1l29E3t2cmEp9VoRCkLAADgdoQnm+Cu9PlGzckn7dlp9e1UOqspZQEAAFyP4GhX2Ep7Y/Kv xBUOKmFNkR37xWTnW7yYLyDbqMxZWQAAANcpPF4wkoUir4knTHKEYYYvwjO21hcRRVOIDgAAwPUI j3fqQuQIeqBpthLWVNmplrKiL0ILz+RzLgAAAGCRgmNFR09h2cbkX7Jfwmo1J3czzPBFVZqU9Rdj S1mTjmsHAACAxQpPax9fFobYye2D3eDQnh0rPJUm5Rdpb0ZEdAAAAC5PcjTZOVg2DBkDEW9FzaJ6 drxlQd4Xko2hbxoPHAAAACxbeLIprKjqc7QS1iGy431hPaWsaAydnTsAAACXLzytVOeX7Ich2cGf Imfu2fG+sPeOL8pLdxAdAACAyxKc8WUr1fklfj+vt19nln7eYeYvzNu343VcZxZHozIAAMBlC09r B9+z7FZ7Ric4yqT2MOMXGM3S6y/k1+cXWNmSiOgAAABcjuRoH7Dj5lGlp1LCWlTPTm8pq5LuCNID AABwEcJTcYGp/ToHucBcPTvSKTvPp7I5AAAAOJnwRB6Q9fBGW5MXXcbKtilHX6Q3akajMgAAwPIF J/MAL9V5lr4SlshCylgi9VLWs/SVsujfAQAAuAzhyRqTW5PZWTvLQQxH+IJb42ae1VWFBwAAAJYl OVp0pl7/j3o4+HCEL7p66FcrxprlWHcAAAA4qvBs1fW6muqcrIQ1p+z0lLI84bGnob8fy+4AAABg tuu+d+2v9uocvTF5btmxX7AVHq9vp7d3R5AeAACARQlP73BSzzT2bNf8Y5Wxqk1KVnp0uqO/8Nmb lQAAAOCg671IfA7WeD3X1/rKFNZRrvXDER+I1viZ/eJfhHQHAADgUoTHS3bGPl2vT8dLdcbr/VFb V4YTPAA23fF6dkbpqYyhIToAAADLEZ7KBFbWr3PUEtYxZGfqGJoXbUWlLDmG9QEAAED5Ol9tWXkW v5IzhhonOTnh2GWslvF5D4JXy7MPAqIDAABwPuHJrvG/itf4aApr9kDjWGWsQ4Snp3cHAAAATic5 In6qE/Xl/vy8taawjnp9H07wwFSOj/CEhyWDAAAAyxOeVpDxHNy8VOckU9fDiR+Q8UGJ+na8UXQa lQEAAM4vOSJxquOVsHSq82yu629ywonr4cgPiki9lGUflOxEdNIdAACA0wtPdE1/CUQnKmHZa/pR r+fDiR4YW8p6l3YpKypnke4AAACcVnK88MJLdTzRqZawjiY8wwkeHO8B8h4cr5HJi7xIdwAAAE4v PL2pjic6Xnhx9Ov4cKIHSCTv3M5iLz2TT7oDAABwWsnxQotWqvMsfgnr5KnOKWTHio4+ETUqZXnC Q7oDAABwPuE5pFcnGzg6yfV7OOEDJVLfuUO6AwAAcH7JEbnwVOdUstOb7vwU0h0AAIClCM9Fpzqn kp1IelrrpaemOwgPAADAfNfsi051Tik7c6U7rb07iA4AAMB81+6LT3VOKTuR9FTTnfHBi0bXOBEd AABg/mv1xac6p5adQ9Kd6qw+6Q4AAMB8onPxqc5v1md6IFeSpztesvPl832P/+/28P9u95/3/+5T 2jafH3dlPg8AAAD0XadbJ5tX207OnuqcQ3as6Kyklu78+JSdp8+bFZ6PT+HRsoPoAAAA9F2j9esb yU82jyowi0p1ziE7kfRED+STEp3xZZTujAnPVskO6Q4AAEDf9bl6gHfrwM9FpDrnkp0p6Y4WnjHZ icpZKyU9CA8AAEDt2qxfn3Ligd2Lt4hU51yyE0mP1/w0pjtaeL6IX8rSsrOS3YQHAAAA2tdlW77y enV0i8niU51zyk6W7ngP6pPsJjs63bl3hEcnOyKkOwAAANk1WdQ1eSt5U/KzEp0f6n1nPdl8ibIT SY+X7jwq4RmlRzcrP3zerOyQ7gAAANRFZ2tEx5uU/mlEZ/Gpzrllx0t3PhzheVbC46U7Wna8chbp DgAAQH499kpY3sLfn47oaNlZXKpzbtmx0qOFZ2yG+n3/7pXwPDk33btzL/vpDqPoAAAA/vVXv66b kqOdOj/UbRQfb+HvYlKdJciOTnfGt0fZuZPdMXSvnOVNZt3J7ij6RnbLWkgPAADAn+tuNmo+pjqR 6Cw+1VmC7Fi7tOnOmyM8XsJjJ7PWsj+ZxSg6AADA7nW3coTTT0d2RuHJDummjGUe8JXzoNt0Z3zA tex8kd1kx1s0uBGalQEAADzR0U3JWnS8pmQrOlmqs1mC5CxJdiLLtI3K958yo0tZT0p+Wnt3aFYG AADYF52oKTkSnR/iT2CNqY49mJsyliMfdjrLTmY9fD7Qj+KXsjzh8ZqVER4AALhFyRFzvc323I1y 88/nLUp1xhKWLl9tl/JFrxf6n9A6M8s2K2dHSNiEZ1DCAwAAcGuisxX/SAgv1fGSHW+JoO7V2QZy hezIbgOxriEOsj+K/vNTah6dW5busFkZAABuXXiyIyH09NXv2z/ipzovEk9gLSrVWZrsWOGxpayo WVmXs6rpDiejAwDArUmOJzyj6LzJfvlqFJxqU/LienWWKjv2P0ULz9untIzNyvfiJzt2yaBNd8YO ccpZAABwS6KTHQkRLQ9s9erYCazFic5SZcdrVh7LWaPw/JK8nBWNodt0h3IWAADcivB4O3VsT2wm Oj8LorNd4he/Xvh/jBUe20B1r8TmIZCdqHeHchYAANyC5FjhsTt1RtF5DkQnWiD4LvuJjixReJZc xrLNylp4xmbltRIeL9mJ0p1BiQ3lLAAAuGbRya6levrKis54y8pX3l6dxbH0ZCdqVh6U8DzLfrqj X+p0x1s2SDkLAACuWXjs9FU0Zm5Fx56BZRcIeqUrylgHmql3Kvqd/El37gPZeQhkh3IWAABcs+RY 4dHlK2/6KpIdu1Mn6tUh2TngP8trVh6XA97JfjnLu7V6d0QoZwEAwHWJTnaiuXfIpxUdr1fnYpqS L0l2vP8420X+In/KWfdGemwpi+ksAAC4FeGJylfemPlvwflb+lKdxZevLkl2bLOyTnf0KHor3cnK WfrMLBHKWQAAcLmSY4XHm76yywPt7Yf4m5IvpnR1abJjhUdkf/fOoIQnk54o3eHsLAAAuBbRseGA N31ly1c61dHTV79k96BPrzGZMtYR/yN1LDfIn3KWbViOZCc6FV2fjk66AwAAl3adzJYHVspXP5Ts vF666Fya7GTlrJX8OUqiIjs23bH9OyK7k1oIDwAAXEoYsJXalmQrOv8Y0bmYgz6vSXas8Ij45Sw9 oaUlp9W7Y5MdxtEBAOAaROdN9rckV0Unkh25JOFZX8F/bKWc5cmOFR5PekQJDwAAwNJFJxsz97Yk /y35QZ8XXb66ZNlplbMGJS9eSeu+ITu2WZn+HQAAWPp1sXdL8t+y36tzdeWrS5YdKzwiu+Use3aW TXjupXaMBOPoAACw9Guhfj0SnXH6yqY5UarzKldSvrp02bH/0fo/eezdeRE/3clkJ5rOGhAeAABY 8PXPpjrePp0f8ifR0aKjd+roLclXITqXLjutZYO2nGV38ETlrEH2j5OgfwcAAJYoOlvnF36d6nil Kys7XlPyVZSvrkF2rPCI7J+d5Z2fdR+ITiXdoX8HAACWJDqV4yD+cWQnOxLiqlKda5Ad7z/fm87y 0p2q9FipYf8OAACc+5oXTV7ZfTqR6NhNyVlT8kWLzrXIjlfOWslu3VIvD1wXRCfaqsz+HQAAOPcv 9vqX+3GfzntDdP79efNSnawheXsND9w1JTtROcsraXmiU21WFqFhGQAAziM6XukqO+DT69PRqY49 0dwe9CnXIDzrK/1m0OmO3b1jS1pr6ZvMEqFhGQAAziM6rcWBnuj8uyA6H9cqOtcmO166M8rIaL06 3bGNy1aA7oSGZQAAWJbotBqSI9Gx5SuvT8fr1bkKrjHZWZlvjGi7spfwVEVHQ8MyAACcQnRaDck/ jOxo0RllR4uOnb6yfTpXIzzrK/7mEPmT7thxdLuD586RHW8qiwNDAQDgXNc2ryHZHgVhE53xpbcl +eqWB96S7HhGbMfRbcPynSM6Vnai09FFaFgGAIDjXsMqDcladLzpq6s9DuJWZScaR3+X/ZJWtGn5 TvbLWV66I7LfsIzwAADAHKLjla+miM5PJTqvRnSusk/nFmTHCo/IbsNyq6TlvR2lOyK752chPAAA MJfojJIzRXT+NqKjy1c3k+pcu+zYb5ysf8c2Lkfyk/XuCMIDAAAzi45NdLIzr6zs6EM+bfnqasfM b1F2bLpjD0vzSlr2PC1vMqsynQUAADBVdLaJ6OgNyaPo/I/U+3RuSnRuQXas8GzU+1dKeFoJT0V4 rPgwkg4AAFNFR5eusjOv/p2Izs3t07ll2RHJ9++8yW55KpOeQdrpzloYSQcAgOmio8tXkejYslXU pzOKzpvE515dvfCsb/AbSmS3f0fEP0MrkxwrO5H4MJIOAAC9opMtDYx6dFp9OjrR2dyS6Nya7Nhv LlvS8tIdL+mxstM6PwvhAQCAyrVJT155iY6Wnf9RN69Pxx7w+WEk52ZE5xZlp9Kw3JIeT3ZWieyw gwcAAKJfvHXZSl+PosM9/y1+omMbknWfjm1IvplenVuVHSs8UcNyr/QMifT85g7hAQAAR3R0+aq1 HXmUG5vo/C35huSba0hGdnaFR1u17d/plR5PcuzHQXgAABAdkXxpYLRLx4qOd+7VWL7ylgbeVJ8O suP/Z28OlJ1WuiMIDwAAoiPx0sA3R3Ss5ESiY08y946DuEnRuXXZsd98dkJLHOnpFR1PZBAeAABE Z1sQHTtiXl0c6EnOzYoOshOfnyWy32zsiU9ryaD+WAgPAACi4y0NfJd4O7Lt0/kfJTo/pXaS+c32 6iA7sfBo214lotMqcWUTWggPAMDtio6dvHpRohP16HgNyT8T0bnphmRkpy08m+DveKLTalJuyQvC AwBwe6KTHQOhTzHPdul4fTqR6Ny88CA7vvB4Y+lZ4/JqouwgPAAAiI5XurLNyFp2es68ItlBdlLh kc9vmtXnN1JVeiLZWSE8AACIjtR7dPTLSqJz8yPmyE7/N6ko4ZFEdqrbk1sgPAAA1y06epeOtx35 b0d0xpKWTnTGPh2b6Nz8iDmyM/0btio7cqDsIDwAANcrOl6ikzUj2z4dPXk1HifBLh1k5+BvWG8k /SP4+9lenV4QHgCA6xedbGlgJjreKebs0kF2ZhceEf9ICGm8D+EBALgd0RlFpKcZOTvFnF06yM7J hEcf1jaH1CA8AACXLzladPQOnQ/Z3Yz861NexkRnlJv//rzppYGtwz0RHWTnaMKj0533jo+xmvjD g/AAAFym6ExJdHSq0xIdlgYiOycTno8Z5EYa36wIDwDAMkVHtzl4R0C8iL8wcBSd/zYv7Yi5PsWc pYHIzlmFZy6psb8h6LfvEB4AgMWJTuX0cp3o/CO7iY4uXUVLA70Rc0QH2Vm88PQK0Sg645EUWngE 6QEAWITovDdExzsCIpu80tuR34WlgcjOBQvPNrjpP7s3/2YwkkPKAwBwPtGxywLtHh1duoomr/5x REf36WyEXTrIzgUKz7ZDgPT77pTo2JQH4QEAOI/ojEv+9Fbk6AiI7ATzrEcH0UF2LkJ4to0fHP0D 1IoqbbqD8AAAnF509LLA6PiHv43gRKLjnXfFdmRk5yKFJ/s4kex4t7WRHoQHAOA0omOXBb7Jnx06 0TlXnujohYG6RwfRQXauSngikdkUxOc3dwgPAMBRJUekvSzQjpaPE1f2QE97qKfeo6OnrujRQXau SnjsVuboViltITwAAKcRnfdEdEaZ8fpzsrOuEB1k5yqFJ0t1WtLj7Vi4E0bTAQDmEp1sWWBLdP4n EJ1/JD7Uk2ZkZOfqhMebsoqkJpIefbOj6UxqAQAcJjpRovOaiE40Wu5NXHlHQHzIbpKP6CA7Fyk8 3jfvNvnBakmOd7sTJrUAAOYSnY9EdPQOHZvo6H4dnej8kvpZV4gOsnOxwvPu/D0rOq1kpyVANC4D APRJjkjciOwtC7THP0Q9OlZ0XhAdZOeWhKe1Z6f3Fi0ipI8HACAXHdufk+3Q8Y5/8MbL/1aio0fL sx06iA6yc1XCUylj9aY7nvTo/1v6eAAAfNHJJq7GrcijsHjHP+iSld2hY7cijwL1IZx1hexcufCs AtHxduzY20fyeiQ99PEAAMS/bFYmrkbR8RKdfweiY3fo2EQH0UF2rlp4RPxJrUo560N2a8kfgfRY caKPBwB4Ht59actWrYmrLNHRE1dWdN4QHWQH4dkVHU96toH0fCTSs0l+oOjjAYBbFp2obDUmOmN/ TnT8g71lo+XRskD7vA/IztULj/2Gb21W/ijcIuGxfTz6RsoDANcqOSLtspUWHW9Z4N+B6Oj+HDta zrJAZAfhUe/zUp5sB8+H+W3kvSA+Xh+PV9YSpAcArkh0WmWrUXK8iSsv0Rnf/kf8wzxZFojsQEF4 WhuWrexUE57ftwcjPNtEehAeALgG0amUraKJq78D2flH/P4cduggOxD8MIqRi9ZoetSk3Ep6rPis P29bJT12WkuQHgC44OdV75fFrGzl7dDRL72xct2fww4dZAeSH87KaHprMsuTnHfzg+fVjtdGbEh5 AOCSRSf6JbFVtvrREJ2obDVOXEWnliM6yA44wiOyP5pemcx6l/105z2RIZvy6BH1lZDyAMBlSU70 XFktW0Wi84/sHvuQHf3AaDmyAxOEp7J0sCU7WWnrMRCesaRFygMAl5LmiORlK+98K1u2+jtJc3TZ Su/PifpzEB1kB4rCM0pP9BtLVs7Sv8m8mx9MT34elPTcCSkPAFxumrMxz4He+VY/HNGxvTk2zfH2 5+g0ZxNIGCA70BCebfGHO2pW9mQnkh4tPKQ8AHBJac7WPAe+KdH5pUQnK1t5TchR2Yr+HGQHZvyt RaTeuBylO1p27G388yfxe3lIeQBgyWlO1IScbUOOEh2vCVmLjtf7SNkK2YEZfri9xuXektab+S1H v7TSM/by3AspDwBcRprTU7b6p5Hm/DBpTnS+FaKD7MCRhaeV8kSy85rIjpWeR1IeAFhomuM1IXuH eOptyHZRYFS2am1D9spWiA6yA0cQnmyfxNY8AWTSY29eL4+X8gyf0kPKAwCnlJzolzqd5rTGyq3k ULZCdmChP/w24ZHik4G9ebLz5ojPo/gNzIOwfRkAjvNc55Ws9KSVbUL2ylY/lNR4kuPtzqFshezA AlOejdR6eKrpjhWfbGJrLGtp4bEnqSM9ADBHmuP15nhLAr3+nH+CNOen5GdbWdERRAfZgfMJjzg/ jK0enqrsaOl5Uh/rXvzyFqUtAJhTcqppji1b/dOQnFF0XoSyFbIDFyE8W9ltGM6a+Fopz0tDfGxp SwvP2MsjQgMzAPRJjohfsop+UdO7c34moqMlJ2tCpmyF7MDCnywqx0y0RtJ7pOdLIDy6pDUIpS0A yJ+7vDTaGye3k1Z6d44nOp7k2CZkO5hB2QrZgQtKeSSRnuxoiaic9eKIjxak36WtByflsb08XmkL 6QG47TSnp2SVpTk20YlKVlkTMmUrZAcuTHi2JknZmt9WNs5vTdmUVquv5+nzYzwo8VnLbmnLTm1p 6UF4AG5XcuwGZO/wTq83R+/P+SdIcmzJKjry4cO5T4gOsgMLf0JppTzZWVrvsrt48CW5/f7zr4H0 6NLWRvypLVIegNuSHJH2UTdeA7JNczzRGV//GaQ5dsrUHo/DkkBkB2405fHKWVZ2xte/OsIzlrbW Snjo5wG4LdGJ+nKySdEX2d+b45Wtfsh+87FXsqpsQibNQXbghlKeqKz10kh6tBg9OSnP/afsrCXf zYP0AFxXmlM55iErWXlNyJnkeCWrVm8OooPswA2mPNlOnhfzW9eL+Q1qTHm09Dwo6fmQ3YWEA9ID cHOSUy1Z2TQnkpyf6t/qX76qaQ6ig+wAKc9eWaslO1p4Rul5NNKjhQfpAbh8wfEkx/slylsM6KU5 tjfH3nSSE5WsdAMyaQ6yA6Q84W9flZTnl/mtTD/xfDHC8yi7pa0p0oP4ACwrxRHp2+8V7czRk1Y/ xJ+usvtyfgWSQ5oDyA5PUqWUx5a03oPfyF4c2RlvX5X0PAUpT4/0CGkPwEVJTjRKrs+zaqU5VnKe zXOPnbKKJIc0B9kBUp6dt4dAerx9PJHo/FK/fX35FJ8vJuV5VMJTlR5BegAuSnJaJSuvN8dKju3L sZKTjZOT5iA7wBNYmvL0lrV+mSeyb+rlKD1fTNLzgPQAXKTkeGPknuS0GpB/BqJT7cvR2+H1/RLS HEB2oJryRP08bxKXtfSTmhaer07K0ys9K9lfToj0AMwvOCL75Z+N1Cas3pznhGfxe3N+GPHRE1bR KHm1ZIXoABcECL8n9MtRLEbZGPflrD+FZJSURyUuX4zYjKJjb18mSI9dTDiY+7vi+xxg9hTHS3u9 haTeAEPUm+NJTtR8/Ko+h5Wcjfg9OUgOcBGA0veFbRAelPDcKeHJpOeLkp6vndJjx9XtmVvZ9Jb3 tQBAnuKI5HtyojFyry/Hpjk/kxSn0nxs0xxKVoDswFFSnpVJVkbpuS8kPV+cxKclPd64ut3GPEh+ DIWQ9gCUUhyRuB/HK1e9y27f3pjEjMmMlhx9+2H+TA8zeEsBKVkBsgNnkR5dQrorJD2PSdLzJZCe 8e8/OknPWvzyVtbXQ9oDCE47xcn6cVorKLySlXfTf8dOWEWSY5uPkRxAduCo3yut0pYnPQ8m6Xkq SI+d3HqUeDHhWvK+HtIeQHJqKU5LcrwJTLsz59mRm5bkjB/7XfxRckpWgOzA2aXHS3q0hFSlJxMe nfI8St7T09vMjPgAKc5uihKNkEd9Oc+y35/z05Ege7yMTXJa+3JIcwDZgZN/72T9PMNE6fHSHm8/ z2MgPd7I+l0gPa0yFz8ncC2CI4UUJzsTz0tyfgWJznNDcnRPjh0jpy8HkB1YfMojRigOlZ4vQcLz VEh67p2kp1Liynp6+JmBSxEckXgBoG06fpf2wb92U/pz4fYrkRyb5HgTVpSsANmBq5Sex0R6vgTS Y5Oex6L0eM3M2c4exAeWLDgifpmqJ8XpkZxfidz0SI4da4/OsEJ0ANmBq5aeSH6eJkiPLnF5+3p0 2oP4wCUJjjgJjneUQ6VUFUnOL0dunhuCU+3J2ThfD5IDyA5cvfRE4vPFkZ+nidKTlbiyEXbEB04p NyJxSceWfWyKs1GCEaU4tun4xUjMc/DSCk7Uj4PkALIDSE8gPV7ak4mPJzxRM7MnPetEemziI1Jr bubnDOYWnFaZamqpKkty7PteCinOm+xuWkZyANkBpMdIj7eV2Ut7Hh3J8V5/TKTHW1JYFZ8pR1Tw cwctuZkiOK0FgG9JiuNJjn39ZUKKg+QAsgNIT0N6etOex0B4vMmtbGzdlrgy8VlJ+4gK5AemyI3I /iRVVKbSCYo9ymGK5ESNxp7gRNuOkRxAdoDvu07puXOkp1Lmim6PDemxaY8VH+8g0mriUzmugp/N 6xObTG4kSW8qZapqP07Uk1MVnFaK4+3IQXIA2QG+/xLpWTWkx0t7IvF5DITHlra8Ete9tMtcPeKD /NyG2EyRm6rgVEpVrZ6cluAcmuJskRxAdgDa0rOaMe3xyl2PQcoTiU+rzOWNsR8qPwjQZYuNvdj3 CI530rhtOPZKVa9KVKKSlX3fi/k3VnC8LcfRuVXsyQFkB6BDekTi87es9Nw50mPFx2tufkzeZ4Wn MsnVEp+ektch4+38bB9PalpiUxGcLL3JBMdLcd4cwfHKVlGTsT2jytuL827uWyQ4SA4gOwAzSY93 8Kg3vh6VuTz5yW4PzsuoxOWVuQ6RH5H5J734ua9fhFvL/CSQGnFEoFWe2pj0xCY4UakqKllF0mMT nKhMFU1UbQKBQ3IA2QE4kvREh4+2xCdKfR4awhM1M3vSM0V+ppa8KsnP6oaeG7YH/t2ekpQEUhON h09JcFqS8+qkNFH/zZRm400xxUFyANkBmOn7NEt7ot4e29+zDsQnSn482fFSnntHfO7N5281OB9S 8ooEsfJzv1rIc8vcF8tt8f3bwsvoaIaW3HgNxlZuIsl5DUTnpfjyVfZLVFGZihQHkB2AK0h7MvGJ Sl5e+uPJjtfIHPX3eFub50h9MgHq7QFaShK0neHvV8tRlZ6bjfT33rQSnKwXJxOd6H3ex3iXeJqq JTn2MUFyANkBOFPaEzU1j4JgRWItebnLSsxD4xZJz4MjVV7J607iJmdvtH0Qv48peizmkqDqn095 ftlO/LNeqWkJTaWpeFuQmx7BaSU5URnLS21aPTikOIDsAFxp2tOT+HjiY8telZf3xcSn1eCcHV1h U59K+hNJz6rxuFakc+pzzLbz7ZbUSHDB3so0uan03kRy05Kc10ai89YhNja98SapPhxxI8UBZAfg QtMeSaRnVRCfOyMi9xKXvu6T97XkJ2pubvX43AXSM6cAVURmakrUk8REF9wpi/sysdkWxCZb8vfh SMdbQXTeApmpik2U3lQTHFIcQHYAriTtkYnicydxz43XkHzfkJ+sqblXeu7M/a4mPz39P9JIfaZM ifU0CLf22vQIzqYoOC25qaQ4Wbmq92bToQ/npb3P2dI/JqoA2QG4gbSnR3yGIPXJ+n4qAtRqZr6X 9hj7IfIzx7h7pU+oRTbxtE1EqCo5Wb9Nb3oTJTnvTuLSEp73JK2JUhtvPDxKb1rj4qQ4gOwAID5h n0+U/kQCFMnPWvKRdfvv7Qh7dqvKT1V8vMdKpF4ay5KdSqkpS3mmCs6H+Mv9MsGJkpyq8LwHSU1F bD6c+xwlVRXBQXIA2QFAfFzxiZKfoUN+Ipm5T/7OuiA8UZmr1eszZaNz1gu1KiY8FVlplV6mNBdX SlSe4HwEQhKJS/b2R1FsrNxspb88heAAT/gA/Bx0iU8r+WklQJ6wrIs3r4R2V0x6MuGpjLZXG75X yb+VQHgqPTVZyuMt9tsmCU5FdLJE5yMRnvdEiFpS8xHc55bYIDgAyA7A7OIjQZpREaBW+esuEZsp gjNFeLyvKROdVjmsmuxkpadWP090TMMU0cmEJ2oMzpqGI6n5kHy0vTe5QXAAkB2AWcRHpL+sU0l/ WjLUIzKt/p1KWas6sRV9jatCuhOVoHov+D0bjT3ZqYjPh7T7aFpSkzUSRweHRkmWIDgAyA7AsX9W KtNJ1SQk6wEaOoWlV25a/TtTv55WutNKdTIRaB3nkPXpTJGfTeP1TeN1T9xaJanK6D2CA4DsAJwt 9emVn1VDGIainHh/ftf571uy0kp1op6fluxkk1NZ0uEdzLkp3D4KMhRJS1R+at3vav+RSFyaQm4A kB2ARaU+mfxk8tBq/B0ar7d260zZvSNSK2PZ99mv2V60bc9N1LdTbVKu7tSp/nlFZFpC09tvQ2kK ANkBuDr5kYJYDAfKUesoibnGzudqUJ5z/HxblKlN4X5UZKaa2gjpDQCyA3AL8lMRIJH5dt4Mxb9X WSq4lD07IvVjIloff06Z6dlUjNwAIDsAV/9z1zpxvFeIpCAuU87Gan3eIfk7LdmRQDgiqZgiPZW/ JzK9r4bUBgDZAYCJAjS3ELVeF8kPAe1Jn1pEAtKSDCkkKr2vV15WpQa5AUB2AGDiz+fqSFLUel+P XLU+RiQPh4rGdsLHrr6O2AAgOwCwgJ/Znh6hXnGqyk9FdKqSUU1Qth1vz1FqQmoAkB0AuBARav3b VefHXE24X9vOt3vl45CmYKQG4ML5vwIMADa9e26qZ/20AAAAAElFTkSuQmCC"
+           id="image3980" />
+        <g
+           id="g3982">
+          <circle
+             d="m 555.42401,278.93399 c 0,152.38033 -123.52866,275.909 -275.909,275.909 -152.38033,0 -275.9089919,-123.52867 -275.9089919,-275.909 0,-152.38033 123.5286619,-275.9089961 275.9089919,-275.9089961 152.38034,0 275.909,123.5286661 275.909,275.9089961 z"
+             sodipodi:ry="275.909"
+             sodipodi:rx="275.909"
+             sodipodi:cy="278.93399"
+             sodipodi:cx="279.51501"
+             cx="279.51501"
+             cy="278.93399"
+             r="275.909"
+             id="circle3984" />
+        </g>
+      </g>
+      <g
+         style="display:inline"
+         id="Frame_copy_1_"
+         display="inline" />
+    </g>
+    <g
+       style="display:none"
+       id="Frame_copy_2"
+       display="none"
+       transform="translate(919.21744,-373)">
+      <circle
+         d="m 555.42401,278.93399 c 0,152.38033 -123.52866,275.909 -275.909,275.909 -152.38033,0 -275.9089919,-123.52867 -275.9089919,-275.909 0,-152.38033 123.5286619,-275.9089961 275.9089919,-275.9089961 152.38034,0 275.909,123.5286661 275.909,275.9089961 z"
+         style="fill:#ffffff;display:inline"
+         sodipodi:ry="275.909"
+         sodipodi:rx="275.909"
+         sodipodi:cy="278.93399"
+         sodipodi:cx="279.51501"
+         display="inline"
+         cx="279.51501"
+         cy="278.93399"
+         r="275.909"
+         id="circle3988" />
+      <g
+         style="display:inline"
+         id="Frame_copy_2_1_"
+         display="inline" />
+    </g>
+    <g
+       id="Foreground_Grid_1_"
+       transform="matrix(0.333692,0,0,0.333692,-733.63839,-244.40249)" />
+    <g
+       id="g6978"
+       transform="translate(-28.565994,-59.93344)">
+      <path
+         style="fill:url(#linearGradient6952);fill-opacity:1;fill-rule:evenodd;stroke:none"
+         d="M 126.87202,82.900791 95.925125,125.65247 c -0.44559,0.62127 -1.105806,0.98051 -1.80202,0.98051 -0.696214,0 -1.35644,-0.35924 -1.80202,-0.98051 L 61.380028,82.466431 c -1.661872,-2.617612 -1.897355,-6.377202 1.785025,-6.377202 l 16.794925,0 0,-13.554376 c -4.25e-4,-1.504969 1.231335,-2.527665 2.527183,-2.527192 l 23.018049,-0.08923 c 1.29585,-4.73e-4 2.52761,1.022223 2.52718,2.527192 l 0,13.554376 16.41697,0.08923 c 2.4584,0 4.14035,4.435536 2.42266,6.811562 z"
+         id="path2488"
+         sodipodi:nodetypes="ccsccccccccccc"
+         inkscape:connector-curvature="0" />
+      <path
+         style="opacity:0.25468164;fill:url(#radialGradient6949);fill-opacity:1;fill-rule:evenodd;stroke:none"
+         d="M 126.87202,82.900791 95.925125,125.65247 c -0.44559,0.62127 -1.105806,0.98051 -1.80202,0.98051 -0.696214,0 -1.35644,-0.35924 -1.80202,-0.98051 L 61.380028,82.466431 c -1.661872,-2.617612 -1.897355,-6.377202 1.785025,-6.377202 l 16.794925,0 0,-13.554376 c -4.25e-4,-1.504969 1.231335,-2.527665 2.527183,-2.527192 l 22.971879,0 c 1.29585,-4.73e-4 2.52761,1.022223 2.52718,2.527192 l 0,13.554376 16.46314,0 c 2.4584,0 4.14035,4.435536 2.42266,6.811562 z"
+         id="path3532"
+         sodipodi:nodetypes="ccsccccccccccc"
+         inkscape:connector-curvature="0" />
+      <path
+         transform="matrix(0,-0.63179691,-0.63179691,0,134.55811,129.16017)"
+         id="path3272"
+         d="M 76.5,11.0625 C 75.422912,11.12778 74.386099,11.439286 73.5,12 L 75.875,19.625 84,16.46875 84,16 c 0,-2.918352 -3.938921,-5.15334 -7.5,-4.9375 z"
+         style="fill:url(#linearGradient6974);fill-opacity:1;fill-rule:evenodd;stroke:none;filter:url(#filter3387)"
+         inkscape:connector-curvature="0" />
+      <path
+         transform="matrix(0,-0.63179691,0.63179691,0,55.209123,136.12329)"
+         style="fill:url(#linearGradient7077);fill-opacity:1;fill-rule:evenodd;stroke:none;filter:url(#filter3443)"
+         d="m 115.65112,40 c -0.33944,1.154561 -2.5625,6.125 -2.5625,6.125 l 6.75,-0.03125 0,-2.09375 c 7.6e-4,-2.05105 -1.61796,-4.000656 -4,-4 l -0.1875,0 z"
+         id="path3519"
+         inkscape:connector-curvature="0" />
+      <path
+         sodipodi:nodetypes="ccsccccccccccc"
+         id="path3447"
+         d="M 126.87202,82.900791 95.925125,125.65247 c -0.44559,0.62127 -1.105806,0.98051 -1.80202,0.98051 -0.696214,0 -1.35644,-0.35924 -1.80202,-0.98051 L 61.380028,82.466431 c -1.661872,-2.617612 -1.897355,-6.377202 1.785025,-6.377202 l 16.794925,0 0,-13.554376 c -4.25e-4,-1.504969 1.231335,-2.527665 2.527183,-2.527192 l 22.971879,0 c 1.29585,-4.73e-4 2.52761,1.022223 2.52718,2.527192 l 0,13.554376 16.46314,0 c 2.4584,0 4.14035,4.435536 2.42266,6.811562 z"
+         style="fill:url(#radialGradient6944);fill-opacity:1;fill-rule:evenodd;stroke:none"
+         inkscape:connector-curvature="0" />
+      <path
+         sodipodi:nodetypes="cccccc"
+         transform="matrix(0,-0.52542834,0.63179691,0,53.192675,118.1235)"
+         style="opacity:0.70411987;fill:url(#linearGradient6970);fill-opacity:1;fill-rule:evenodd;stroke:none;filter:url(#filter3387)"
+         d="M 72.5,11.0625 C 71.422912,11.12778 70.386099,11.439286 69.5,12 L 71.875,19.625 80,16.46875 80,16 c 0,-2.918352 -3.938921,-5.15334 -7.5,-4.9375 z"
+         id="path3391"
+         inkscape:connector-curvature="0" />
+      <path
+         sodipodi:nodetypes="cccccc"
+         inkscape:export-ydpi="90"
+         inkscape:export-xdpi="90"
+         id="path3528"
+         d="m 115.65112,40 c -0.33944,1.154561 -2.5625,6.125 -2.5625,6.125 l 6.75,-0.03125 0,-2.09375 c 7.6e-4,-2.05105 -1.61796,-4.000656 -4,-4 l -0.1875,0 z"
+         style="fill:url(#linearGradient7079);fill-opacity:1;fill-rule:evenodd;stroke:none;filter:url(#filter3443)"
+         transform="matrix(0.63154242,0.01793175,-0.01793175,0.63154242,32.526802,33.165815)"
+         inkscape:connector-curvature="0" />
+      <path
+         transform="matrix(0.63179691,0,0,-0.63179691,53.71142,129.17011)"
+         sodipodi:nodetypes="cccc"
+         id="path3012"
+         d="m 61.556485,5.2217571 c 1.68914,-1.4588975 3.241258,-1.0679895 4.753139,-0.1338913 L 64.066946,18.984468 61.556485,5.2217571 z"
+         style="fill:url(#linearGradient6966);fill-opacity:1;fill-rule:evenodd;stroke:none;filter:url(#filter3084)"
+         inkscape:connector-curvature="0" />
+      <path
+         sodipodi:nodetypes="ccsccccccccccc"
+         id="path3019"
+         d="M 126.87202,82.900791 95.925125,125.65247 c -0.44559,0.62127 -1.105806,0.98051 -1.80202,0.98051 -0.696214,0 -1.35644,-0.35924 -1.80202,-0.98051 L 61.380028,82.466431 c -1.661872,-2.617612 -1.897355,-6.377202 1.785025,-6.377202 l 16.794925,0 0,-13.554376 c -4.25e-4,-1.504969 1.231335,-2.527665 2.527183,-2.527192 l 22.971879,0 c 1.29585,-4.73e-4 2.52761,1.022223 2.52718,2.527192 l 0,13.554376 16.46314,0 c 2.4584,0 4.14035,4.435536 2.42266,6.811562 z"
+         style="fill:url(#radialGradient6938);fill-opacity:1;fill-rule:evenodd;stroke:none"
+         inkscape:connector-curvature="0" />
+      <g
+         id="g3472"
+         transform="matrix(0,-0.63179691,-0.54396861,0,135.46472,197.39423)"
+         style="fill:url(#radialGradient7113);fill-opacity:1;stroke:none">
+        <path
+           style="fill:url(#radialGradient6962);fill-opacity:1;fill-rule:evenodd;stroke:none"
+           d="m 179.33454,26.979964 -55.68071,46.594703 c -1.3858,1.609542 -1.16397,3.021178 -0.10244,4.254102 l 54.23271,45.734871 c 4,3.58214 8,3.77323 8,0 l 0.026,-28.953916 25.3246,0 4e-5,-36.766828 -25.3246,0 -0.026,-28.39864 c 0,-3.190873 -3.15287,-4.674949 -6.44956,-2.464292 l -10e-6,0 -3e-5,0 z"
+           id="path3474"
+           sodipodi:nodetypes="ccccccccccccc"
+           inkscape:connector-curvature="0" />
+      </g>
+      <g
+         id="g3469"
+         transform="matrix(0,-0.63179691,-0.54396861,0,135.59108,258.80681)"
+         style="fill:none;stroke:url(#linearGradient7115);stroke-width:1.70578527;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;filter:url(#filter3187)">
+        <path
+           style="fill:none;stroke:url(#linearGradient6958);stroke-width:1.70578527;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
+           d="m 276.49282,26.97996 -55.63899,46.826999 c -1.3858,1.609542 -1.16397,3.021178 -0.10244,4.254102 l 54.19099,45.502579 c 4,3.58214 8,3.77323 8,0 l 0.0707,-28.721623 25.3246,-4e-6 0,-36.766828 -25.3246,-0.02684 -8.9e-4,-0.332823 -0.0698,-28.271273 c 0,-3.190873 -3.15287,-4.674949 -6.44956,-2.464292 l -4e-5,3e-6 3e-5,0 z"
+           id="path3471"
+           sodipodi:nodetypes="cccccccccccccc"
+           inkscape:connector-curvature="0" />
+      </g>
+      <path
+         sodipodi:nodetypes="cccccsccccccc"
+         id="path3029"
+         d="m 84,64 0,16 -15.758281,0.02621 c -2.052519,0 -1.948571,2.527192 0,5.054375 l 5.084887,6.85285 c 3.193183,0.214906 4.14718,0.335636 7.453359,0.335636 14.981061,0 25.929855,-0.881387 37.632445,-4.799501 l 2.36924,-3.376166 c 1.20252,-2.082838 0.39317,-4.067194 -1.34256,-4.067194 L 104,80 l 0,-16 -20,0 0,0 z"
+         style="fill:url(#linearGradient6931);fill-opacity:1;stroke:none"
+         inkscape:connector-curvature="0" />
+      <g
+         transform="matrix(0.63179691,0,0,0.63179691,143.54481,48.280222)"
+         id="g3074">
+        <path
+           sodipodi:nodetypes="ccccccccccccccccc"
+           style="fill:url(#linearGradient6954);fill-opacity:1;stroke:none"
+           d="m -94.246757,24.881062 0,0.999998 30.929918,0.07068 0.725824,-1.070678 -31.655742,0 z m -24.692383,25.36609 c -1.76286,0 -2.5121,1.189739 -2.34375,2.90625 0.17363,-1.161858 0.94633,-1.90625 2.34375,-1.90625 l 20.97039,0 3.742323,-1.041497 -24.712713,0.0415 z m 56.348125,-0.0415 -0.759212,1.0415 25.445616,0 c 1.684017,10e-7 2.813539,1.171003 3,2.84375 0.222299,-2.182902 -0.996584,-3.843749 -3,-3.84375 l -24.686404,-0.0415 z"
+           id="path3051"
+           inkscape:connector-curvature="0" />
+        <path
+           style="fill:url(#linearGradient6956);fill-opacity:1;stroke:none"
+           d="m -63.311589,25.944497 -0.04628,25.299863 0.766868,-1.038705 -5e-6,-25.324593 -0.720581,1.063435 z m 27.533364,27.135442 c 0.0051,0.948303 0.22341,0.637545 -0.40625,1.742213 l -4.05,5.6375 c -18.52272,6.61516 -35.735742,8.104617 -59.447582,8.634098 -5.071953,0.113255 -10.064393,0.05499 -14.968743,-0.15625 l 0.125,0.15625 c 5.05413,0.340151 10.20452,0.53125 15.437493,0.53125 23.71183,0 40.724862,-1.395047 59.247582,-7.596598 l 3.75,-5.34375 c 1.16151,-2.011794 1.13227,-2.387363 0.3125,-3.604713 z"
+           id="path3055"
+           sodipodi:nodetypes="ccccccccsccsccc"
+           inkscape:connector-curvature="0" />
+      </g>
+    </g>
+  </g>
+</svg>
Binary file ui/img/write-remove-48.png has changed
--- a/ui/installwrapper.cpp	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/installwrapper.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -16,6 +16,7 @@
 
 #include "logging.h"
 #include "util.h"
+#include "binverify.h"
 
 #define INSTALL_TIMEOUT 3600000 /* Wait up to an hour */
 
@@ -44,12 +45,13 @@
     }
 
     foreach (const QString &b64data, mChoices) {
-       if (choicesFile->write(b64data.toLatin1()) == -1) {
-           return false;
-       }
-       if (choicesFile->write("\n") == -1) {
-           return false;
-       }
+        syslog_info_printf ("Selected certificate: %s\n", b64data.toLatin1().constData());
+        if (choicesFile->write(b64data.toLatin1()) == -1) {
+            return false;
+        }
+        if (choicesFile->write("\n") == -1) {
+            return false;
+        }
     }
 
     choicesFile->close();
@@ -78,6 +80,15 @@
     }
 
 #ifdef WIN32
+    bin_verify_result vres = verify_binary(cinstFileName.toUtf8().constData(),
+            cinstFileName.toUtf8().size());
+
+    if (vres.result != VerifyValid) {
+        emit error(tr("Integrity check of the certificate installation process failed. ") 
+                + "\n" + tr("Please reinstall the software."));
+        return;
+    }
+
     /* QProcess on Windows uses CreateProcess but we have to
      * use the runas shell command to get the UAC prompt if necessary.
      * So we have to handle the process ourself. Starting with
@@ -94,6 +105,10 @@
     QString parameters = "\"list=" + mCertListFile +
         "\" \"choices=" + choicesFile.fileName() + "\"";
 
+    if (g_debug) {
+        parameters += " --debug";
+    }
+
     shExecInfo.cbSize = sizeof(SHELLEXECUTEINFOW);
     shExecInfo.fMask = SEE_MASK_NOCLOSEPROCESS;
     if (!is_system_install()) {
@@ -111,6 +126,7 @@
         QString qerrmsg = QString::fromUtf8(errmsg);
         free(errmsg);
         emit error(tr("Error executing process: %1").arg(qerrmsg));
+        fclose(vres.fptr);
         return;
     }
 
@@ -122,9 +138,11 @@
             QString qerrmsg = QString::fromUtf8(errmsg);
             free(errmsg);
             emit error (tr("Error monitoring process: %1").arg(qerrmsg));
+            fclose(vres.fptr);
             return;
         } else {
             emit error (tr("Certificate installation timed out."));
+            fclose(vres.fptr);
             return;
         }
     }
@@ -139,9 +157,11 @@
         free(errmsg);
         emit error (tr("Failed to check process status: %1").arg(qerrmsg));
         CloseHandle(shExecInfo.hProcess);
+        fclose(vres.fptr);
         return;
     }
     CloseHandle(shExecInfo.hProcess);
+    fclose(vres.fptr);
 
     if (retval != 0) {
         /* TODO make this nicer */
@@ -155,6 +175,10 @@
     choicesFile.setAutoRemove(false);
     parameters << "list=" + mCertListFile << "choices=" + choicesFile.fileName();
 
+    if (g_debug) {
+        parameters << "--debug";
+    }
+
     bool sudo_started = false;
     bool use_sudo = is_admin() && is_system_install();
     if (use_sudo) {
--- a/ui/installwrapper.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/installwrapper.h	Tue Sep 16 19:45:19 2014 +0200
@@ -52,8 +52,8 @@
      * as the current application.
      *
      * @param[in] parent the parent object.
-     * @param[in] listFileName the absolute path to the certificatelist.
-     * @param[in] choices a list of R: / I: <cert> lines to execute.
+     * @param[in] path the absolute path to the certificatelist.
+     * @param[in] instructions a list of R: / I: \<cert\> lines to execute.
      */
     InstallWrapper(QObject* parent, const QString& path,
                    const QStringList& instructions);
--- a/ui/l10n/administrator_de_DE.ts	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/l10n/administrator_de_DE.ts	Tue Sep 16 19:45:19 2014 +0200
@@ -70,95 +70,101 @@
 <context>
     <name>AdministratorWindow</name>
     <message>
-        <location filename="../administratorwindow.cpp" line="34"/>
-        <location filename="../administratorwindow.cpp" line="102"/>
+        <location filename="../administratorwindow.cpp" line="39"/>
+        <location filename="../administratorwindow.cpp" line="110"/>
         <source>TrustBridge Administration</source>
         <translation>TrustBridge Verwaltung</translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="52"/>
+        <location filename="../administratorwindow.cpp" line="57"/>
         <source>Menu</source>
         <translation>Menü</translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="54"/>
+        <location filename="../administratorwindow.cpp" line="59"/>
         <source>Create installer ...</source>
         <translation>Installationspaket erstellen ...</translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="55"/>
+        <location filename="../administratorwindow.cpp" line="60"/>
         <source>About TrustBridge</source>
         <translation>Ãœber TrustBridge</translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="57"/>
+        <location filename="../administratorwindow.cpp" line="61"/>
+        <source>Help</source>
+        <translation>Hilfe</translation>
+    </message>
+    <message>
+        <location filename="../administratorwindow.cpp" line="64"/>
         <source>Quit</source>
         <translation>Beenden</translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="78"/>
+        <location filename="../administratorwindow.cpp" line="86"/>
         <source>All managed root certificates of the certificate list: </source>
         <translatorcomment>The english original should be improved</translatorcomment>
         <translation>In der Liste enthaltene Zertifikate:</translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="144"/>
+        <location filename="../administratorwindow.cpp" line="152"/>
         <source>Select certificate list file</source>
         <translation>Zertifikatsliste auswählen</translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="150"/>
-        <location filename="../administratorwindow.cpp" line="234"/>
-        <location filename="../administratorwindow.cpp" line="244"/>
+        <location filename="../administratorwindow.cpp" line="158"/>
+        <location filename="../administratorwindow.cpp" line="242"/>
+        <location filename="../administratorwindow.cpp" line="252"/>
+        <location filename="../administratorwindow.cpp" line="322"/>
         <source>Error!</source>
         <translation>Fehler!</translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="150"/>
+        <location filename="../administratorwindow.cpp" line="158"/>
         <source>Failed to load the certificate list.</source>
         <translation>Fehler beim Laden der Zertifikatsliste.</translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="234"/>
+        <location filename="../administratorwindow.cpp" line="242"/>
         <source>Failed to open log file: </source>
         <translation>Fehler beim Öffnen der Log-Datei:</translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="235"/>
-        <location filename="../administratorwindow.cpp" line="245"/>
+        <location filename="../administratorwindow.cpp" line="243"/>
+        <location filename="../administratorwindow.cpp" line="253"/>
         <source> Changes are not logged!</source>
         <translation> Änderungen wurden nicht geloggt!</translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="244"/>
+        <location filename="../administratorwindow.cpp" line="252"/>
         <source>Failed to write log file: </source>
         <translation>Fehler beim Schreiben der Log-Datei: </translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="262"/>
+        <location filename="../administratorwindow.cpp" line="270"/>
         <source> new certificatelist </source>
         <translation> neue Zertifikatsliste </translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="264"/>
+        <location filename="../administratorwindow.cpp" line="272"/>
         <source> based on list from </source>
         <translation> basiert auf der Liste vom </translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="267"/>
+        <location filename="../administratorwindow.cpp" line="275"/>
         <source>signing certificate: 
 </source>
         <translation type="unfinished"></translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="270"/>
+        <location filename="../administratorwindow.cpp" line="278"/>
         <source>
 new certificates:
 </source>
         <translation type="unfinished"></translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="284"/>
+        <location filename="../administratorwindow.cpp" line="292"/>
         <source>certificates marked to remove:
 </source>
         <translation type="unfinished"></translation>
@@ -166,23 +172,28 @@
     <message>
         <source>signing certificate: 
 </source>
-        <translation type="vanished">Signaturzertifikat: 
+        <translation type="obsolete">Signaturzertifikat: 
 </translation>
     </message>
     <message>
         <source>
 new certificates:
 </source>
-        <translation type="vanished">Neue Zertifikate:
+        <translation type="obsolete">Neue Zertifikate:
 </translation>
     </message>
     <message>
         <source>certificates marked to remove:
 </source>
-        <translation type="vanished">Zertifikate zum löschen markiert:
+        <translation type="obsolete">Zertifikate zum löschen markiert:
 </translation>
     </message>
     <message>
+        <location filename="../administratorwindow.cpp" line="322"/>
+        <source>Failed to find the manual</source>
+        <translation>Handbuch konnte nicht gefunden werden</translation>
+    </message>
+    <message>
         <source>new certificates:
 </source>
         <translation type="vanished">Neues Zertifikat:</translation>
@@ -192,27 +203,27 @@
         <translation type="vanished">Alle verwalteten Wurzelzertifikate der Zertifikatsliste:</translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="104"/>
+        <location filename="../administratorwindow.cpp" line="112"/>
         <source>Management application of the BSI certificate installer</source>
         <translation>Verwaltungsanwendung des BSI-Zertifikatsinstallers</translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="114"/>
+        <location filename="../administratorwindow.cpp" line="122"/>
         <source>Save list</source>
         <translation>Liste speichern</translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="116"/>
+        <location filename="../administratorwindow.cpp" line="124"/>
         <source>Load list</source>
         <translation>Liste laden</translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="118"/>
+        <location filename="../administratorwindow.cpp" line="126"/>
         <source>Add certificate</source>
         <translation>Zertifikat hinzufügen</translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="120"/>
+        <location filename="../administratorwindow.cpp" line="128"/>
         <source>Remove certificate</source>
         <translation>Zertifikat entfernen</translation>
     </message>
@@ -221,7 +232,7 @@
         <translation type="vanished">Zertifikatslistendatei auswählen</translation>
     </message>
     <message>
-        <location filename="../administratorwindow.cpp" line="171"/>
+        <location filename="../administratorwindow.cpp" line="179"/>
         <source>Select certificate</source>
         <translation>Zertifikat auswählen</translation>
     </message>
@@ -302,12 +313,12 @@
 <context>
     <name>CertificateTableDelegate</name>
     <message>
-        <location filename="../certificatetabledelegate.cpp" line="51"/>
+        <location filename="../certificatetabledelegate.cpp" line="52"/>
         <source>add</source>
         <translation>hinzufügen</translation>
     </message>
     <message>
-        <location filename="../certificatetabledelegate.cpp" line="54"/>
+        <location filename="../certificatetabledelegate.cpp" line="55"/>
         <source>remove</source>
         <translation>entfernen</translation>
     </message>
@@ -568,7 +579,7 @@
     <message>
         <location filename="../createinstallerdialog.cpp" line="272"/>
         <source>Failed to sign linux package: %1</source>
-        <translation type="unfinished"></translation>
+        <translation>Fehler beim signieren des Linux Paketes: %1</translation>
     </message>
     <message>
         <location filename="../createinstallerdialog.cpp" line="288"/>
--- a/ui/l10n/trustbridge_de_DE.ts	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/l10n/trustbridge_de_DE.ts	Tue Sep 16 19:45:19 2014 +0200
@@ -51,41 +51,50 @@
         <translation type="vanished">Fingerabdruck (SHA1): &amp;lt;%1&amp;gt; </translation>
     </message>
     <message>
-        <location filename="../certificateitemwidget.cpp" line="50"/>
+        <source>install</source>
+        <translation type="vanished">Installieren</translation>
+    </message>
+    <message>
+        <source>remove</source>
+        <translation type="vanished">Entfernen</translation>
+    </message>
+    <message>
+        <source>Install</source>
+        <translation type="vanished">Installieren</translation>
+    </message>
+    <message>
+        <source>Remove</source>
+        <translation type="vanished">Entfernen</translation>
+    </message>
+    <message>
+        <location filename="../certificateitemwidget.cpp" line="41"/>
         <source>Validity: %1 until %2</source>
         <translation>Gültigkeit: %1 bis %2</translation>
     </message>
     <message>
-        <location filename="../certificateitemwidget.cpp" line="53"/>
+        <location filename="../certificateitemwidget.cpp" line="44"/>
         <source>Fingerprint (SHA1): &lt;code&gt;%1&lt;/code&gt;</source>
         <translation>Fingerabdruck (SHA1): &lt;code&gt;%1&lt;/code&gt;</translation>
     </message>
     <message>
-        <location filename="../certificateitemwidget.cpp" line="74"/>
-        <location filename="../certificateitemwidget.cpp" line="94"/>
         <source>This certificate is currently installed.</source>
-        <translation>Dieses Zertifikat ist aktuell installiert.</translation>
-    </message>
-    <message>
-        <location filename="../certificateitemwidget.cpp" line="78"/>
-        <source>This certificate is currently not installed.</source>
-        <translation>Dieses Zertifikat ist aktuell nicht installiert.</translation>
+        <translation type="vanished">Dieses Zertifikat ist aktuell installiert.</translation>
     </message>
     <message>
-        <location filename="../certificateitemwidget.cpp" line="88"/>
-        <source>This certificate was uninstalled.</source>
-        <translation>Dieses Zertifikat wurde deinstalliert.</translation>
+        <source>This certificate is currently not installed.</source>
+        <translation type="vanished">Dieses Zertifikat ist aktuell nicht installiert.</translation>
     </message>
     <message>
-        <location filename="../certificateitemwidget.cpp" line="92"/>
-        <location filename="../certificateitemwidget.cpp" line="115"/>
-        <source>uninstall</source>
-        <translation>Deinstallieren</translation>
+        <source>This certificate was uninstalled.</source>
+        <translation type="vanished">Dieses Zertifikat wurde deinstalliert.</translation>
     </message>
     <message>
-        <location filename="../certificateitemwidget.cpp" line="93"/>
+        <source>uninstall</source>
+        <translation type="vanished">Deinstallieren</translation>
+    </message>
+    <message>
         <source>keep</source>
-        <translation>Behalten</translation>
+        <translation type="vanished">Behalten</translation>
     </message>
 </context>
 <context>
@@ -131,48 +140,58 @@
 <context>
     <name>InstallWrapper</name>
     <message>
-        <location filename="../installwrapper.cpp" line="71"/>
+        <location filename="../installwrapper.cpp" line="73"/>
         <source>Could not find certificate installation process.</source>
         <translation>Der Zertifikatsinstallations-Prozess konnte nicht gefunden werden.</translation>
     </message>
     <message>
-        <location filename="../installwrapper.cpp" line="76"/>
+        <location filename="../installwrapper.cpp" line="78"/>
         <source>Failed to write temporary file.</source>
         <translation>Fehler beim Schreiben der temporären Datei.</translation>
     </message>
     <message>
-        <location filename="../installwrapper.cpp" line="113"/>
+        <location filename="../installwrapper.cpp" line="87"/>
+        <source>Integrity check of the certificate installation process failed. </source>
+        <translation>Integritätsprüfung des Zertifikatsinstallationsprozesses fehlgeschlagen.</translation>
+    </message>
+    <message>
+        <location filename="../installwrapper.cpp" line="88"/>
+        <source>Please reinstall the software.</source>
+        <translation>Bitte installieren Sie die Software neu.</translation>
+    </message>
+    <message>
+        <location filename="../installwrapper.cpp" line="128"/>
         <source>Error executing process: %1</source>
         <translation>Auführungsfehler: %1</translation>
     </message>
     <message>
-        <location filename="../installwrapper.cpp" line="124"/>
+        <location filename="../installwrapper.cpp" line="140"/>
         <source>Error monitoring process: %1</source>
         <translation>Fehlerüberwachung: %1</translation>
     </message>
     <message>
-        <location filename="../installwrapper.cpp" line="127"/>
+        <location filename="../installwrapper.cpp" line="144"/>
         <source>Certificate installation timed out.</source>
         <translation>Zeitüberschreitung bei der Zertifikatsinstallation.</translation>
     </message>
     <message>
-        <location filename="../installwrapper.cpp" line="140"/>
+        <location filename="../installwrapper.cpp" line="158"/>
         <source>Failed to check process status: %1</source>
         <translation>Fehler in der Prozess-Statusprüfung: %1</translation>
     </message>
     <message>
-        <location filename="../installwrapper.cpp" line="148"/>
+        <location filename="../installwrapper.cpp" line="168"/>
         <source>The process failed with return code. %1</source>
         <translation>Der Prozess ist fehlgeschlagen. Fehlercode: %1</translation>
     </message>
     <message>
-        <location filename="../installwrapper.cpp" line="190"/>
+        <location filename="../installwrapper.cpp" line="214"/>
         <source>Failed to start installer process.</source>
         <translation>Fehler beim Starten des Installer-Prozess.</translation>
     </message>
     <message>
-        <location filename="../installwrapper.cpp" line="199"/>
-        <location filename="../installwrapper.cpp" line="204"/>
+        <location filename="../installwrapper.cpp" line="223"/>
+        <location filename="../installwrapper.cpp" line="228"/>
         <source>Failed to complete installation.</source>
         <translation>Fehler beim Abschließen der Installation.</translation>
     </message>
@@ -184,50 +203,45 @@
         <translation type="vanished">Neue Vorschläge für Wurzelzertifikate sind verfügbar. Klicken Sie hier zum Installieren.</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="462"/>
-        <location filename="../mainwindow.cpp" line="591"/>
+        <location filename="../mainwindow.cpp" line="555"/>
+        <location filename="../mainwindow.cpp" line="718"/>
         <source>Check for Updates</source>
         <translation>Neue Empfehlungen suchen</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="464"/>
-        <location filename="../mainwindow.cpp" line="974"/>
+        <location filename="../mainwindow.cpp" line="557"/>
+        <location filename="../mainwindow.cpp" line="1082"/>
         <source>Quit</source>
         <translation>Beenden</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="482"/>
+        <location filename="../mainwindow.cpp" line="575"/>
         <source>TrustBridge</source>
         <translation>TrustBridge</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="571"/>
         <source>Installed certificates from:</source>
-        <translation>Empfehlungen bereits berücksichtigt bis:</translation>
+        <translation type="vanished">Empfehlungen bereits berücksichtigt bis:</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="576"/>
         <source>TrustBridge Version:</source>
-        <translation>TrustBridge Version:</translation>
+        <translation type="vanished">TrustBridge Version:</translation>
     </message>
     <message>
         <source>Last sucessful update check:</source>
         <translation type="vanished">Zuletzt nach Aktualisierungen gesucht:</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="583"/>
-        <location filename="../mainwindow.cpp" line="586"/>
         <source>Last successful update check:</source>
-        <translation>Zuletzt nach neuen Empfehlungen gesucht:</translation>
+        <translation type="vanished">Zuletzt nach neuen Empfehlungen gesucht:</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="861"/>
         <source>Updates</source>
-        <translation>Neue
+        <translation type="vanished">Neue
 Empfehlungen</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="883"/>
+        <location filename="../mainwindow.cpp" line="991"/>
         <source>Revoked
 certificates</source>
         <translation>Abgeratene
@@ -242,41 +256,41 @@
         <translation type="vanished">Aktualisierungen (%1/%2)</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="617"/>
-        <location filename="../mainwindow.cpp" line="979"/>
+        <location filename="../mainwindow.cpp" line="667"/>
+        <location filename="../mainwindow.cpp" line="1087"/>
         <source>Quit without saving</source>
         <translation>Beenden ohne Schreiben</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="671"/>
-        <location filename="../mainwindow.cpp" line="1015"/>
+        <location filename="../mainwindow.cpp" line="771"/>
+        <location filename="../mainwindow.cpp" line="1128"/>
         <source>Remove revoked certificates (%1/%2)</source>
         <translation>Abgeratene Wurzelzertifikate entfernen (%1/%2)</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="752"/>
+        <location filename="../mainwindow.cpp" line="848"/>
         <source>Trusted certificates</source>
         <translation>Empfohlene Wurzelzertifikate</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="753"/>
+        <location filename="../mainwindow.cpp" line="849"/>
         <source>The following list of trusted root certificates is managed by the BSI. The BSI validates independently the authenticity, security and actuality of these certificates.</source>
         <translation>Die folgenden Wurzelzertifikate wurden bisher vom BSI zur Installation vorgeschlagen. Sie können erkennen, welche Sie bereits geschrieben haben.</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="760"/>
+        <location filename="../mainwindow.cpp" line="856"/>
         <source>Please choose the certificates you want to trust or untrust. TrustBridge will install these certificates for your secure communication for email and internet.</source>
         <translation>Legen Sie fest, ob Sie der Empfehlung ganz oder teilweise folgen möchten. TrustBridge wird die Änderungen an den Wurzelzertifikaten vornehmen.</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="874"/>
+        <location filename="../mainwindow.cpp" line="982"/>
         <source>Trusted
 certificates</source>
         <translation>Empfohlene
 Wurzelzertifikate</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="892"/>
+        <location filename="../mainwindow.cpp" line="1000"/>
         <source>Information
 and help</source>
         <translation>Informationen
@@ -303,31 +317,27 @@
         <translation type="vanished">Aktualisierungen einspielen</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="649"/>
-        <location filename="../mainwindow.cpp" line="999"/>
+        <location filename="../mainwindow.cpp" line="749"/>
+        <location filename="../mainwindow.cpp" line="1112"/>
         <source>Install new trusted certificates (%1/%2)</source>
         <translation>Neue, empfohlene Wurzelzertifikate installieren (%1/%2)</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="653"/>
-        <location filename="../mainwindow.cpp" line="675"/>
-        <location filename="../mainwindow.cpp" line="697"/>
-        <location filename="../mainwindow.cpp" line="989"/>
-        <location filename="../mainwindow.cpp" line="1005"/>
-        <location filename="../mainwindow.cpp" line="1021"/>
-        <location filename="../mainwindow.cpp" line="1345"/>
-        <location filename="../mainwindow.cpp" line="1358"/>
-        <location filename="../mainwindow.cpp" line="1370"/>
+        <location filename="../mainwindow.cpp" line="753"/>
+        <location filename="../mainwindow.cpp" line="775"/>
+        <location filename="../mainwindow.cpp" line="794"/>
+        <location filename="../mainwindow.cpp" line="1118"/>
+        <location filename="../mainwindow.cpp" line="1134"/>
         <source>Show details</source>
         <translation>Details einblenden</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="793"/>
+        <location filename="../mainwindow.cpp" line="889"/>
         <source>Revoked certificates</source>
         <translation>Abgeratene Wurzelzertifikate</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="794"/>
+        <location filename="../mainwindow.cpp" line="890"/>
         <source>Certificates can be corrupted or stolen and misused in many ways. Therefore the BSI recommends to remove all revoked certificates from your system.</source>
         <translation>Wurzelzertifikate können veraltet sein, korrumpiert, gestohlen oder missbraucht werden. Die Wurzelzertifikate , von denen das BSI abrät, sollten umgehend entfernt werden.</translation>
     </message>
@@ -336,15 +346,11 @@
         <translation type="obsolete">Von den folgenden, ehemals empfohlenen Wurzelzerts, rät das BSI nun ab. Über diese Anwendung können sie auch nicht mehr installiert werden. Markieren Sie verbleibende Wurzelzerts zur Löschung, sobald Sie können.</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="693"/>
-        <location filename="../mainwindow.cpp" line="1100"/>
-        <location filename="../mainwindow.cpp" line="1270"/>
-        <location filename="../mainwindow.cpp" line="1280"/>
         <source>Manually changed certificates (%1)</source>
-        <translation>Abweichend zu behandelnde Wurzelzertifikate (%1)</translation>
+        <translation type="vanished">Abweichend zu behandelnde Wurzelzertifikate (%1)</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="843"/>
+        <location filename="../mainwindow.cpp" line="940"/>
         <source>Trust in your digital communication</source>
         <translation>Vertrauen in Ihre digitale Kommunikation</translation>
     </message>
@@ -353,8 +359,8 @@
         <translation type="vanished">Änderungen</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="569"/>
-        <location filename="../mainwindow.cpp" line="975"/>
+        <location filename="../mainwindow.cpp" line="663"/>
+        <location filename="../mainwindow.cpp" line="1083"/>
         <source>Certificates unchanged</source>
         <translation>Wurzelzertifikate unverändert</translation>
     </message>
@@ -371,46 +377,70 @@
         <translation type="vanished">Es wird empfohlen, die nachfolgenden Änderungen an Ihren Wurzelzertifikaten zu übernehmen.</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="983"/>
+        <location filename="../mainwindow.cpp" line="1091"/>
         <source>Apply changes</source>
         <translation>Änderungen schreiben</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="495"/>
+        <location filename="../mainwindow.cpp" line="588"/>
         <source>Version: </source>
         <translation>Version:</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="260"/>
-        <location filename="../mainwindow.cpp" line="262"/>
+        <location filename="../mainwindow.cpp" line="268"/>
+        <location filename="../mainwindow.cpp" line="270"/>
         <source>An updated certificate list is available.</source>
         <translation>Neue Vorschläge für Wurzelzertifikate sind verfügbar.</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="262"/>
+        <location filename="../mainwindow.cpp" line="270"/>
         <source>Click here to install.</source>
         <translation>Klicken Sie hier zum Installieren.</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="272"/>
-        <location filename="../mainwindow.cpp" line="275"/>
+        <location filename="../mainwindow.cpp" line="280"/>
+        <location filename="../mainwindow.cpp" line="283"/>
         <source>An update for %1 is available.</source>
         <translation>Eine Aktualisierung für %1 ist verfügbar.</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="276"/>
+        <location filename="../mainwindow.cpp" line="284"/>
         <source>Click here to download and install the update.</source>
         <translation>Hier klicken, um Download und Installation zu starten.</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="614"/>
-        <location filename="../mainwindow.cpp" line="969"/>
-        <source>There are currently no changes for your certificate stores.</source>
-        <translation>Es liegem keine neuen Empfehlungen vor.</translation>
+        <location filename="../mainwindow.cpp" line="323"/>
+        <source>Failed to create update process.</source>
+        <translation type="unfinished"></translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="621"/>
-        <location filename="../mainwindow.cpp" line="977"/>
+        <location filename="../mainwindow.cpp" line="324"/>
+        <source>This could be caused by not enough disk space or invalid permissions.</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="548"/>
+        <source>Failed to check for updates:</source>
+        <translation>Fehler bei Updateprüfung:</translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1071"/>
+        <source>You should apply the following, recommended changes to your certificate stores:</source>
+        <translation>Es wird empfohlen, die nachfolgenden Änderungen an Ihren Zertifikatsspeichern vorzunehmen:</translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1074"/>
+        <source>You can apply the following, changes to your certificate stores:</source>
+        <translation>Sie können die nachfolgenden Änderungen an Ihren Zertifikatsspeichern vornehmen:</translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1077"/>
+        <source>There are currently no changes for your certificate stores.</source>
+        <translation>Es liegen keine neuen Empfehlungen vor.</translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="671"/>
+        <location filename="../mainwindow.cpp" line="1085"/>
         <source>Install certificates again</source>
         <translation>Wurzelzertifikate erneut schreiben</translation>
     </message>
@@ -443,32 +473,27 @@
         <translation type="vanished">Änderungen (%1)</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="1072"/>
         <source>install</source>
-        <translation>Installieren</translation>
+        <translation type="vanished">Installieren</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="1072"/>
         <source>ignore</source>
-        <translation>Ignorieren</translation>
+        <translation type="vanished">Ignorieren</translation>
     </message>
     <message>
         <source>Installed certificates from: %1</source>
         <translation type="vanished">Installierte Zertifikate vom: %1</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="1339"/>
-        <location filename="../mainwindow.cpp" line="1352"/>
-        <location filename="../mainwindow.cpp" line="1365"/>
         <source>Hide details</source>
-        <translation>Details ausblenden</translation>
+        <translation type="vanished">Details ausblenden</translation>
     </message>
     <message>
         <source>Last successful update check: %1</source>
         <translation type="vanished">Letzte erfolgreiche Prüfung nach Aktualisierungen: %1</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="1395"/>
+        <location filename="../mainwindow.cpp" line="1594"/>
         <source>Sucessfully checked for updates.</source>
         <translation>Suche nach neuen Empfehlungen erfolgreich.</translation>
     </message>
@@ -479,102 +504,219 @@
 Hier klicken, um Download und Installation zu starten.</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="510"/>
+        <location filename="../mainwindow.cpp" line="603"/>
         <source>TrustBridge is a root certificate installer for Windows and GNU/Linux.&lt;br/&gt;</source>
-        <translation>TrustBridge ist eine Wurzelzertifikatsinstaller für Windows und GNU/Linux.&lt;br/&gt;</translation>
+        <translation>TrustBridge ist ein Wurzelzertifikatsinstaller für Windows und GNU/Linux.&lt;br/&gt;</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="512"/>
+        <location filename="../mainwindow.cpp" line="605"/>
         <source>The root certificate lists are managed by the German &lt;a href=&quot;https://www.bsi.bund.de&quot;&gt;Federal Office for Information Security (BSI)&lt;/a&gt;.&lt;br/&gt;&lt;br/&gt;</source>
         <translation>Die Wurzelzertifikate werden vom &lt;a href=&quot;https://www.bsi.bund.de&quot;&gt;Bundesamt für Sicherheit in der Informationstechnik (BSI)&lt;/a&gt; vorgeschlagen.&lt;br/&gt;&lt;br/&gt;</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="515"/>
+        <location filename="../mainwindow.cpp" line="608"/>
         <source>The software was developed by the companies &lt;a href=&quot;http://www.intevation.de&quot;&gt;Intevation GmbH&lt;/a&gt; and  &lt;a href=&quot;http://www.dn-systems.de&quot;&gt;DN-Systems GmbH&lt;/a&gt;, &lt;br&gt; contracted by the German Federal Office for Information Security (BSI).&lt;br/&gt;&lt;br/&gt;</source>
         <translation>Die Software wurde von den Unternehmen &lt;a href=&quot;http://www.intevation.de&quot;&gt;Intevation GmbH&lt;/a&gt; und  &lt;a href=&quot;http://www.dn-systems.de&quot;&gt;DN-Systems GmbH&lt;/a&gt; entwickelt, &lt;br&gt; beauftragt vom Bundesamt für Sicherheit in der Informationstechnik (BSI).&lt;br/&gt;&lt;br/&gt;</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="519"/>
+        <location filename="../mainwindow.cpp" line="612"/>
         <source>TrustBridge is Free Software licensed under GNU GPL v2+.&lt;br/&gt;&lt;br/&gt;Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik</source>
         <translation>TrustBridge ist Freie Software, lizensiert unter der GNU GPL v2+.&lt;br/&gt;&lt;br/&gt;(C) 2014. Die Rechte liegen beim Bundesamt für Sicherheit in der Informationstechnik.</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="536"/>
+        <location filename="../mainwindow.cpp" line="629"/>
         <source>Show Help</source>
-        <translation type="unfinished"></translation>
+        <translation>Hilfe anzeigen</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="541"/>
+        <location filename="../mainwindow.cpp" line="634"/>
         <source>Proxy settings</source>
-        <translation type="unfinished"></translation>
+        <translation>Proxy-Einstellungen</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="587"/>
+        <location filename="../mainwindow.cpp" line="709"/>
+        <source>Last update check:</source>
+        <translation>Letzte Suche:</translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="714"/>
         <source>No connection with the updateserver.</source>
         <translation>Keine Verbindung zum Updateserver.</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="589"/>
+        <location filename="../mainwindow.cpp" line="716"/>
         <source>Update</source>
         <translation>Aktualisieren</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="652"/>
-        <location filename="../mainwindow.cpp" line="674"/>
-        <location filename="../mainwindow.cpp" line="696"/>
+        <location filename="../mainwindow.cpp" line="752"/>
+        <location filename="../mainwindow.cpp" line="774"/>
+        <location filename="../mainwindow.cpp" line="793"/>
         <source>Details</source>
         <translation>Details</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="801"/>
+        <location filename="../mainwindow.cpp" line="897"/>
         <source>The following unsecure certificates were revoked by the BSI. Already uninstalled certificates cannot be reinstalled. It is recommended that you select all certificates to uninstall if you still have revoked certificates installed.</source>
         <translation>Von den folgenden, ehemals empfohlenen Wurzelzertifikaten, rät das BSI ab. Über diese Anwendung können sie auch nicht mehr installiert werden. Markieren Sie verbleibende Wurzelzertifikate zur Löschung, sobald Sie können.</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="963"/>
-        <source>You should apply the following, recommended changes to your certificate stores.</source>
-        <translation>Es wird empfohlen, die nachfolgenden Änderungen an Ihren Zertifikatsspeichern vorzunehmen.</translation>
+        <location filename="../mainwindow.cpp" line="942"/>
+        <source>Version</source>
+        <translation>Version</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="966"/>
+        <location filename="../mainwindow.cpp" line="969"/>
+        <source>Pending
+changes</source>
+        <translation>Ausstehende
+Änderungen</translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1107"/>
+        <source>Manual changes (%1)</source>
+        <translation>Manuelle Änderungen (%1)</translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1158"/>
+        <source>Certificate list from:</source>
+        <translation>Zertifikatsliste vom:</translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1163"/>
+        <source>Currently installed certificate list:</source>
+        <translation>Aktuell installierte Zertifikatsliste:</translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1167"/>
+        <source>No certificate list installed.</source>
+        <translation>Keine Zertifikatsliste installiert.</translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1197"/>
+        <location filename="../mainwindow.cpp" line="1249"/>
+        <location filename="../mainwindow.cpp" line="1461"/>
+        <source>Certificate will be installed.</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1198"/>
+        <location filename="../mainwindow.cpp" line="1238"/>
+        <source>Certifcate is not installed.</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1200"/>
+        <location filename="../mainwindow.cpp" line="1237"/>
+        <source>Certificate is installed.</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1201"/>
+        <location filename="../mainwindow.cpp" line="1212"/>
+        <location filename="../mainwindow.cpp" line="1265"/>
+        <location filename="../mainwindow.cpp" line="1283"/>
+        <location filename="../mainwindow.cpp" line="1462"/>
+        <source>Certificate will be removed.</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1213"/>
+        <location filename="../mainwindow.cpp" line="1266"/>
+        <source>Certificate has not been removed.</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1220"/>
+        <location filename="../mainwindow.cpp" line="1273"/>
+        <source>Certificate has been removed.</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1250"/>
+        <source>Certificate will not be installed.</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1284"/>
+        <source>Certificate will not be removed.</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>You should apply the following, recommended changes to your certificate stores.</source>
+        <translation type="vanished">Es wird empfohlen, die nachfolgenden Änderungen an Ihren Zertifikatsspeichern vorzunehmen.</translation>
+    </message>
+    <message>
         <source>You can apply the following, changes to your certificate stores.</source>
         <translatorcomment>Der Unterschied &quot;can&quot;, &quot;should&quot; könnte nicht signifikant genug sein.</translatorcomment>
-        <translation>Sie können die nachfolgenden Änderungen an Ihren Zertifikatsspeichern vornehmen.</translation>
+        <translation type="vanished">Sie können die nachfolgenden Änderungen an Ihren Zertifikatsspeichern vornehmen.</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="980"/>
-        <source>Changes to certificate stores (%1)</source>
-        <translation>Neue empfohlene Änderungen (%1)</translation>
+        <location filename="../mainwindow.cpp" line="1088"/>
+        <source>Pending changes (%1)</source>
+        <translation>Ausstehende
+Änderungen (%1)</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="1106"/>
+        <location filename="../mainwindow.cpp" line="1146"/>
+        <source>New, recommended changes (%1/%2)</source>
+        <translation>Neue, empfohlene Änderungen (%1/%2)</translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1154"/>
+        <source>No new recommendations</source>
+        <translation>Keine neuen Empfehlungen</translation>
+    </message>
+    <message>
+        <source>Certificatelist from:</source>
+        <translation type="vanished">Zertifikatsliste vom:</translation>
+    </message>
+    <message>
+        <source>Currently installed Certificatelist:</source>
+        <translation type="vanished">Aktuell installierte Zertifikatsliste:</translation>
+    </message>
+    <message>
+        <source>No Certificatelist installed.</source>
+        <translation type="vanished">Keine Zertifikatsliste installiert.</translation>
+    </message>
+    <message>
+        <source>Changes to certificate stores (%1)</source>
+        <translation type="vanished">Neue empfohlene Änderungen (%1)</translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1298"/>
         <source>Error executing update</source>
         <translation>Fehler bei der Aktualisierung</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="1197"/>
+        <location filename="../mainwindow.cpp" line="1385"/>
         <source>Installation with standard user account</source>
-        <translation type="unfinished"></translation>
+        <translation>Installation mit Standardbenutzerkonto</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="1198"/>
-        <source>Windows will now ask you to confirm qeach root certificate modification because TrustBridge does not have the necessary privileges to install root certificates into the Windows certificate store silently.</source>
-        <translation type="unfinished"></translation>
+        <location filename="../mainwindow.cpp" line="1386"/>
+        <source>Windows will now ask you to confirm each root certificate modification because TrustBridge does not have the necessary privileges to install root certificates into the Windows certificate store silently.</source>
+        <translation>Windows wird Sie nun bitten, jede Wurzelzertifikatsänderung zu bestätigen. Grund dafür: TrustBridge besitzt nicht die nötigen Privilegien, um Wurzelzertifikate ohne Nachfrage in den Windows-Zertifikatsspeicher zu installieren.</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="1206"/>
+        <location filename="../mainwindow.cpp" line="1394"/>
         <source>Installing certificates...</source>
         <translation>Wurzelzertifikate werden geändert...</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="1436"/>
+        <location filename="../mainwindow.cpp" line="1636"/>
         <source>Error!</source>
-        <translation type="unfinished"></translation>
+        <translation>Fehler!</translation>
     </message>
     <message>
-        <location filename="../mainwindow.cpp" line="1436"/>
+        <location filename="../mainwindow.cpp" line="1636"/>
         <source>Failed to find the manual</source>
-        <translation type="unfinished"></translation>
+        <translation>Fehler beim Finden des Handbuchs</translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1650"/>
+        <source>TrustBridge error</source>
+        <translation>TrustBridge Fehler</translation>
     </message>
 </context>
 <context>
@@ -593,39 +735,48 @@
 <context>
     <name>ProxySettingsDlg</name>
     <message>
-        <location filename="../proxysettingsdlg.cpp" line="25"/>
+        <location filename="../proxysettingsdlg.cpp" line="26"/>
         <source>Proxy server settings</source>
-        <translation type="unfinished"></translation>
-    </message>
-    <message>
-        <location filename="../proxysettingsdlg.cpp" line="37"/>
-        <source>Please enter the proxy server to use in the field below.</source>
-        <translation type="unfinished"></translation>
+        <translation>Proxy-Server-Einstellungen</translation>
     </message>
     <message>
         <location filename="../proxysettingsdlg.cpp" line="38"/>
-        <source>The URL can follow the scheme:</source>
-        <translation type="unfinished"></translation>
+        <source>Please enter the proxy server to use in the field below.</source>
+        <translation>Bitte geben Sie den zu verwendenden Proxy-Server ein.</translation>
     </message>
     <message>
         <location filename="../proxysettingsdlg.cpp" line="39"/>
-        <source>&amp;lt;username&amp;gt;:&amp;lt;password&amp;gt;@&amp;lt;hostname&amp;gt;:&amp;lt;port&amp;gt;</source>
-        <translation type="unfinished"></translation>
+        <source>The URL can follow the scheme:</source>
+        <translation>Die URL folgt diesem Schema:</translation>
     </message>
     <message>
-        <location filename="../proxysettingsdlg.cpp" line="48"/>
-        <source>Proxy Server:</source>
-        <translation type="unfinished"></translation>
+        <location filename="../proxysettingsdlg.cpp" line="40"/>
+        <source>[&amp;lt;username&amp;gt;:&amp;lt;password&amp;gt;@]&amp;lt;hostname&amp;gt;[:&amp;lt;port&amp;gt;]</source>
+        <translation>[&amp;lt;Benutzername&amp;gt;:&amp;lt;Passwort&amp;gt;@]&amp;lt;Hostname&amp;gt;[:&amp;lt;Port&amp;gt;]</translation>
     </message>
     <message>
-        <location filename="../proxysettingsdlg.cpp" line="54"/>
-        <source>&amp;Save</source>
-        <translation type="unfinished"></translation>
+        <location filename="../proxysettingsdlg.cpp" line="49"/>
+        <source>Use Proxy Server</source>
+        <translation>Proxy-Server verwenden</translation>
     </message>
     <message>
-        <location filename="../proxysettingsdlg.cpp" line="55"/>
+        <source>&amp;lt;username&amp;gt;:&amp;lt;password&amp;gt;@&amp;lt;hostname&amp;gt;:&amp;lt;port&amp;gt;</source>
+        <translation type="vanished">&amp;lt;Benutzername&amp;gt;:&amp;lt;Passwort&amp;gt;@&amp;lt;Hostname&amp;gt;:&amp;lt;Port&amp;gt;</translation>
+    </message>
+    <message>
+        <location filename="../proxysettingsdlg.cpp" line="56"/>
+        <source>Proxy Server:</source>
+        <translation>Proxy-Server:</translation>
+    </message>
+    <message>
+        <location filename="../proxysettingsdlg.cpp" line="64"/>
+        <source>&amp;Save</source>
+        <translation>&amp;Speichern</translation>
+    </message>
+    <message>
+        <location filename="../proxysettingsdlg.cpp" line="65"/>
         <source>&amp;Cancel</source>
-        <translation type="unfinished"></translation>
+        <translation>&amp;Abbrechen</translation>
     </message>
 </context>
 <context>
@@ -635,6 +786,32 @@
         <source>TrustBridge automatic update check.</source>
         <translation>Automatische Aktualisierungsprüfung von TrustBridge.</translation>
     </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="301"/>
+        <source>TrustBridge-Updater</source>
+        <comment>Used as filename for the updater. Only use ASCII please.</comment>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1529"/>
+        <source>Hide details</source>
+        <translation>Details ausblenden</translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1530"/>
+        <source>Less</source>
+        <translation>Weniger</translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1535"/>
+        <source>Show details</source>
+        <translation>Details einblenden</translation>
+    </message>
+    <message>
+        <location filename="../mainwindow.cpp" line="1536"/>
+        <source>Details</source>
+        <translation>Details</translation>
+    </message>
 </context>
 <context>
     <name>TrayIcon</name>
--- a/ui/main.cpp	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/main.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -52,6 +52,26 @@
  Q_IMPORT_PLUGIN(QXcbIntegrationPlugin)
 #endif
 
+#ifdef DO_RELEASE_BUILD
+bool g_debug = false;
+#else
+bool g_debug = true;
+#endif
+
+QtMessageHandler g_default_msg_handler = NULL;
+
+void filterDebugOutput(QtMsgType type, const QMessageLogContext &context, const QString &msg)
+{
+    if (!g_debug && type == QtDebugMsg) {
+        return;
+    }
+
+    if (g_default_msg_handler) {
+        (*g_default_msg_handler)(type, context, msg);
+    }
+}
+
+
 int main(int argc, char **argv)
 {
 #ifdef WIN32
@@ -63,10 +83,17 @@
      * monitor executable corruptions.
      */
     if (!selftest()) {
-        syslog_error_printf ("Integrity check failed.");
-#ifdef RELEASE_BUILD
+        syslog_error_printf("Integrity check failed.");
+        MessageBoxW(NULL,
+                L"TrustBridge wurde nach der Installation modifizert.\n"
+                L"Um ihr System zu schützen wurde das Starten der Anwendung abgebrochen.\n"
+                L"Bitte installieren Sie TrustBridge erneut.\n\n"
+                L"TrustBridge has been modified after installation.\n"
+                L"To protect your system the application launch has been aborted.\n"
+                L"Please reinstall TrustBridge.",
+                L"Integritätsprüfung fehlgeschlagen / Integrity check failed.",
+                MB_ICONERROR | MB_OK);
         return -1;
-#endif
     }
 #endif
 
@@ -77,12 +104,17 @@
     QApplication::setApplicationName(QString::fromLatin1(APPNAME));
     QApplication::setApplicationVersion(QString::fromLatin1(VERSION));
     QSettings::setDefaultFormat(QSettings::IniFormat);
+    QStringList arguments = QApplication::arguments();
+
+    if (arguments.contains("--debug")) {
+        g_debug = true;
+    }
+    g_default_msg_handler = qInstallMessageHandler(filterDebugOutput);
 
     qDebug() << "Application style is: " << app.style()->metaObject()->className();
     qDebug() << "Available styles: " << QStyleFactory::keys().join(", ");
     qDebug() << "Font is: " << app.font();
 
-    QStringList arguments = QApplication::arguments();
     bool trayMode = arguments.contains("--tray");
 
     if (arguments.contains("--version")) {
--- a/ui/mainwindow.cpp	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/mainwindow.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -17,6 +17,7 @@
 #include <QMenu>
 #include <QApplication>
 #include <QFile>
+#include <QTemporaryDir>
 #include <QTimer>
 #include <QHBoxLayout>
 #include <QVBoxLayout>
@@ -49,7 +50,7 @@
 // something to say
 #define NAG_INTERVAL_MINUTES 70
 
-#define DATETIME_FORMAT "dddd, d. MMMM yyyy HH:mm:ss"
+#define DATETIME_FORMAT "d. MMM yyyy HH:mm"
 
 #ifndef APPNAME
 #define APPNAME "TrustBridge"
@@ -65,23 +66,23 @@
 #define TB_ARCH_STRING "-amd64"
 #endif
 
-#ifdef RELEASE_BUILD
-# define LIST_RESOURCE "/users/aheinecke/zertifikatsliste.txt"
+#ifdef USE_REAL_RESOURCES
+# define LIST_RESOURCE "/zertifikatsliste.txt"
 # ifdef Q_OS_WIN
-#  define SW_RESOURCE_VERSION "/users/aheinecke/TrustBridge-%1.exe"
-#  define SW_RESOURCE "/users/aheinecke/TrustBridge.exe"
+#  define SW_RESOURCE_VERSION "/TrustBridge-%1.exe"
+#  define SW_RESOURCE "/TrustBridge.exe"
 # else
-#  define SW_RESOURCE_VERSION "/users/aheinecke/TrustBridge-%1" TB_ARCH_STRING ".sh"
-#  define SW_RESOURCE "/users/aheinecke/TrustBridge" TB_ARCH_STRING ".sh"
+#  define SW_RESOURCE_VERSION "/TrustBridge-%1" TB_ARCH_STRING ".sh"
+#  define SW_RESOURCE "/TrustBridge" TB_ARCH_STRING ".sh"
 # endif
 #else // RELEASE_BUILD
-# define LIST_RESOURCE "/users/aheinecke/development/zertifikatsliste.txt"
+# define LIST_RESOURCE "/zertifikatsliste.txt"
 # ifdef Q_OS_WIN
-#  define SW_RESOURCE_VERSION "/users/aheinecke/development/TrustBridge-development.exe"
-#  define SW_RESOURCE "/users/aheinecke/development/TrustBridge.exe"
+#  define SW_RESOURCE_VERSION "/development/TrustBridge-development.exe"
+#  define SW_RESOURCE "/development/TrustBridge.exe"
 # else
-#  define SW_RESOURCE_VERSION "/users/aheinecke/development/TrustBridge-development" TB_ARCH_STRING ".sh"
-#  define SW_RESOURCE "/users/aheinecke/development/TrustBridge" TB_ARCH_STRING ".sh"
+#  define SW_RESOURCE_VERSION "/development/TrustBridge-development" TB_ARCH_STRING ".sh"
+#  define SW_RESOURCE "/development/TrustBridge" TB_ARCH_STRING ".sh"
 # endif
 #endif
 
@@ -93,8 +94,12 @@
 #define HELP_PATH "/../share/doc/trustbridge/index.html"
 #endif
 
+static void activateDetailsButton(QPushButton *);
+static void deactivateDetailsButton(QPushButton *);
+
 MainWindow::MainWindow(bool trayMode):
-    mTrayMode(trayMode)
+    mTrayMode(trayMode),
+    mManualDetailsShown(false)
 {
     createActions();
     createTrayIcon();
@@ -234,14 +239,15 @@
     }
     bin_verify_result verifyResult = verify_binary(swFileName.toUtf8().constData(),
             swFileName.toUtf8().size());
-    qDebug() << "Binary verify result: " << verifyResult;
-    if (verifyResult != VerifyValid) {
+    qDebug() << "Binary verify result: " << verifyResult.result;
+    if (verifyResult.result != VerifyValid) {
         qDebug() << "Failed to verify downloaded data.";
         QFile::remove(swFileName);
         mSettings.remove("Software/available");
         mSettings.remove("Software/availableDate");
         return;
     }
+    fclose(verifyResult.fptr);
 }
 
 void MainWindow::handleNewList(const QString& fileName, const QDateTime& modDate) {
@@ -286,12 +292,46 @@
     showMessage();
 }
 
+QString getPrettyInstallerName(QString realFileName) {
+    QTemporaryDir tDir;
+    if (!tDir.isValid()) {
+        qDebug () << "Failed to create temporary directory.";
+        return QString();
+    }
+    QString targetPath = tDir.path() + QObject::tr("TrustBridge-Updater",
+            "Used as filename for the updater. Only use ASCII please.");
+
+    tDir.setAutoRemove(false);
+#ifdef WIN32
+    targetPath += ".exe";
+#endif
+    if (!QFile::copy(realFileName, targetPath)) {
+        qDebug() << "Failed to create temporary copy of installer.";
+    }
+    return targetPath;
+}
+
 void MainWindow::installNewSW(const QString& fileName, const QDateTime& modDate) {
     QFileInfo instProcInfo = QFileInfo(fileName);
     QString filePath = QDir::toNativeSeparators(instProcInfo.absoluteFilePath());
 
-    if (verify_binary(filePath.toUtf8().constData(),
-            filePath.toUtf8().size()) != VerifyValid) {
+    /* Copy the file to a temporary name for installation */
+    filePath = getPrettyInstallerName(filePath);
+
+    if (filePath.isEmpty()) {
+        qDebug() << "Failed to copy updater to temporary location.";
+        showErrorMessage(tr("Failed to create update process.") + "\n" +
+                tr("This could be caused by not enough disk space or invalid permissions."));
+        return;
+    }
+    mSettings.setValue("Software/Updater", filePath); /* So it can be deleted
+                                                         on next start */
+    mSettings.sync();
+
+    bin_verify_result vres = verify_binary(filePath.toUtf8().constData(),
+            filePath.toUtf8().size());
+
+    if (vres.result != VerifyValid) {
         qDebug() << "Invalid software. Not installing";
         return;
       }
@@ -328,6 +368,7 @@
         free(errmsg);
         qDebug() << "Failed to start process: " << qerrmsg;
         setState(NewSoftwareAvailable);
+        fclose(vres.fptr);
         return;
     }
 #else /* WIN32 */
@@ -335,6 +376,10 @@
     QStringList parameters;
     installDir.cdUp();
     parameters << "--prefix" << installDir.path();
+    parameters << "--update";
+    if (isVisible()) {
+        parameters << "--show-after-update";
+    }
     bool sudo_started = false;
     bool use_sudo = is_admin() && is_system_install();
     if (use_sudo) {
@@ -356,12 +401,15 @@
     qDebug() << "Starting process " << filePath <<" params: " << parameters;
     if (!sudo_started && !QProcess::startDetached(filePath, parameters)) {
         qDebug() << "Failed to start process.";
+        fclose(vres.fptr);
         return;
     }
 
 #endif
+
+    syslog_info_printf ("Installing update: %s\n", fileName.toUtf8().constData());
     /* Installer process should now be running. We exit */
-
+    fclose(vres.fptr);
     closeApp();
 }
 
@@ -369,6 +417,22 @@
 {
     verifyListData();
 
+    /* Delete old temporary installers if they exist */
+    QString oldUpdater = mSettings.value("Software/Updater").toString();
+
+    if (!oldUpdater.isEmpty()) {
+        qDebug() << "Removing old updater: " << oldUpdater;
+        QFileInfo fiUpdater(oldUpdater);
+        if (!QFile::remove(fiUpdater.absoluteFilePath())) {
+            qDebug() << "Failed to remove file";
+        } else {
+            if (!fiUpdater.absoluteDir().rmdir(fiUpdater.absoluteDir().absolutePath())) {
+                qDebug() << "Failed to remove temporary directory.";
+            }
+        }
+        mSettings.remove("Software/Updater");
+    }
+
     if (!mSettings.contains("Software/installedDate") ||
           mSettings.value("Software/installedVersion").toString() != QApplication::applicationVersion()) {
         /* This should only happen on initial startup and after an update has
@@ -379,6 +443,30 @@
     QDateTime listInstalledLastMod = mSettings.value("List/installedDate").toDateTime();
     QDateTime swInstalledLastMod = mSettings.value("Software/installedDate").toDateTime();
 
+    QDateTime swAvailableLastMod = mSettings.value("Software/availableDate").toDateTime();
+
+    if (swAvailableLastMod.isValid()) {
+        qDebug() << "Installed an update: " << swInstalledLastMod <<
+            " available " << swAvailableLastMod;
+        syslog_info_printf ("Software has been updated to version: %s\n",
+                QApplication::applicationVersion().toUtf8().constData());
+        if (swInstalledLastMod == swAvailableLastMod) {
+            QString fileName = mSettings.value("Software/available").toString();
+            if (fileName.isEmpty()) {
+                qDebug() << "Software marked as available but no filename set.";
+            } else {
+                if (QFile::remove(fileName)) {
+                    qDebug() << "Removed: " << fileName;
+                } else {
+                    qDebug() << "Failed to remove: " << fileName;
+                }
+            }
+            /* Clear out available data. */
+            mSettings.remove("Software/available");
+            mSettings.remove("Software/availableDate");
+        }
+    }
+
     QString listResource = QString::fromLatin1(LIST_RESOURCE);
     QString swResource = QString::fromLatin1(SW_RESOURCE);
 
@@ -388,7 +476,6 @@
     swResource = mSettings.value("Software/resource", swResource).toString();
 #endif
 
-
     Downloader* downloader = new Downloader(this,
                                             QString::fromLatin1(SERVER_URL),
                                             QByteArray(),
@@ -453,9 +540,13 @@
 {
     /* TODO logging and handle error according to a plan */
     syslog_error_printf ("Failed to check for updates: %s", message.toUtf8().constData());
-    mCurMessage = message;
-    mTrayIcon->show();
-    showMessage();
+    if (!isVisible()) {
+        mCurMessage = message;
+        mTrayIcon->show();
+        showMessage();
+    } else {
+        showErrorMessage(tr("Failed to check for updates:") + "\n"  + message);
+    }
     setState(TransferError);
 }
 
@@ -563,58 +654,15 @@
     QVBoxLayout *updatesMainLayout = new QVBoxLayout;
 
     /* The header */
-    QGridLayout *updatesHeaderLayout = new QGridLayout;
+    QVBoxLayout *updatesHeaderLayout = new QVBoxLayout;
 
-    /* Header 1: Update date and search button */
-    QHBoxLayout *updateDateAndSearchButton = new QHBoxLayout;
+    QGridLayout *detailsLayout = new QGridLayout;
+
+    /* Header 1: Action buttons and summary*/
     mUpdatesHeader =
         new QLabel("<h2>" + tr("Certificates unchanged")+ "</h2>");
-    mLastCertUpdate =
-        new QLabel(tr("Installed certificates from:"));
-    mLastCertUpdateContents = new QLabel(QString());
-    mLastCertUpdate->hide();
-    mLastCertUpdateContents->hide();
-    mSoftwareVersionLabel =
-        new QLabel(tr("TrustBridge Version:"));
-    mSoftwareVersionContents = new QLabel(QApplication::applicationVersion());
+    updatesHeaderLayout->addWidget(mUpdatesHeader);
 
-    const QDateTime lastCheck = mSettings.value("lastUpdateCheck").toDateTime().toLocalTime();
-    if (lastCheck.isValid()) {
-        const QString lastUpdateCheck = QLocale::system().toString(lastCheck, DATETIME_FORMAT);
-        mLastUpdateCheck =
-            new QLabel(tr("Last successful update check:"));
-        mLastUpdateCheckContents = new QLabel(lastUpdateCheck);
-    } else {
-        mLastUpdateCheck = new QLabel(tr("Last successful update check:"));
-        mLastUpdateCheckContents = new QLabel(tr("No connection with the updateserver."));
-    }
-    QPushButton *searchUpdates = new QPushButton(" " + tr("Update"));
-    searchUpdates->setFixedHeight(22);
-    searchUpdates->setToolTip(tr("Check for Updates"));
-    searchUpdates->setStyleSheet("font-size: 10px;");
-    searchUpdates->setIcon(QIcon(":/img/update-list.png"));
-    connect(searchUpdates, SIGNAL(clicked()), this, SLOT(checkUpdates()));
-    updateDateAndSearchButton->addWidget(mLastUpdateCheckContents);
-    updateDateAndSearchButton->addWidget(searchUpdates);
-
-    // addWidget(*Widget, row, column, rowspan, colspan, [Qt::Alignment])
-    updatesHeaderLayout->addWidget(mUpdatesHeader, 0, 0, 1, 2);
-    updatesHeaderLayout->addWidget(mSoftwareVersionLabel, 1, 0, 1, 1);
-    updatesHeaderLayout->addWidget(mSoftwareVersionContents, 1, 1, 1, 1);
-    updatesHeaderLayout->addWidget(mLastUpdateCheck, 2, 0, 1, 1);
-    updatesHeaderLayout->addLayout(updateDateAndSearchButton, 2, 1, 1, 1);
-//    updatesHeaderLayout->addWidget(mLastUpdateCheckContents, 2, 1, 1, 1);
-    updatesHeaderLayout->addWidget(mLastCertUpdate, 3, 0, 1, 1);
-    updatesHeaderLayout->addWidget(mLastCertUpdateContents, 3, 1, 1, 1);
-    updatesHeaderLayout->setColumnStretch(3, 1);
-
-//    updatesHeaderLayout->addWidget(searchUpdates, 1, 4, 1, 2, Qt::AlignRight);
-    updatesHeaderLayout->setRowMinimumHeight(4, 15);
-
-    /* Header 2: Action text and buttons */
-    mUpdatesTip =
-        new QLabel(tr("There are currently no changes for your certificate stores."));
-    mUpdatesTip->setWordWrap(true);
     QHBoxLayout *updatesHeaderActionButtonLayout = new QHBoxLayout;
     mQuitButton = new QPushButton(" " + tr("Quit without saving"));
     mQuitButton->setIcon(QIcon(":/img/application-exit.png"));
@@ -633,16 +681,66 @@
     connect(mQuitButton, SIGNAL(clicked()), this, SLOT(closeApp()));
     connect(mInstallButton, SIGNAL(clicked()), this, SLOT(checkAndInstallCerts()));
 
-    // addWidget(*Widget, row, column, rowspan, colspan)
-    updatesHeaderLayout->addWidget(mUpdatesTip, 5, 0, 1, 4);
     updatesHeaderActionButtonLayout->addWidget(mInstallButton);
     updatesHeaderActionButtonLayout->addWidget(mQuitButton);
-    updatesHeaderLayout->addLayout(updatesHeaderActionButtonLayout, 6, 0, 1, -1, Qt::AlignRight);
-    updatesHeaderLayout->setRowMinimumHeight(7, 10);
+    updatesHeaderActionButtonLayout->addStretch(-1);
+
+    updatesHeaderLayout->addLayout(updatesHeaderActionButtonLayout);
+    updatesHeaderLayout->addSpacing(20);
+
+    /* The splitter line */
+    QFrame *line = new QFrame();
+    line->setFrameShape(QFrame::HLine);
+    line->setFrameShadow(QFrame::Sunken);
+    updatesHeaderLayout->addWidget(line);
+
+    updatesMainLayout->addLayout(updatesHeaderLayout);
+
+    /* Central Header Details and update button. Part of the scroll area */
+    QScrollArea *centralScrollArea = new QScrollArea;
+    QVBoxLayout *updatesCenterLayout = new QVBoxLayout;
+    mUpdatesDetailsHeader = new QLabel(QString());
+
+    QHBoxLayout *updateDateAndSearchButton = new QHBoxLayout;
+    mCertListVersion =
+        new QLabel(QString());
+    mCertListVersionContents = new QLabel(QString());
+    const QDateTime lastCheck = mSettings.value("lastUpdateCheck").toDateTime().toLocalTime();
+    mLastUpdateCheck = new QLabel(tr("Last update check:"));
+    if (lastCheck.isValid()) {
+        const QString lastUpdateCheck = QLocale::system().toString(lastCheck, DATETIME_FORMAT);
+        mLastUpdateCheckContents = new QLabel(lastUpdateCheck);
+    } else {
+        mLastUpdateCheckContents = new QLabel(tr("No connection with the updateserver."));
+    }
+    QPushButton *searchUpdates = new QPushButton(" " + tr("Update"));
+    searchUpdates->setFixedHeight(22);
+    searchUpdates->setToolTip(tr("Check for Updates"));
+    searchUpdates->setStyleSheet("font-size: 10px;");
+    searchUpdates->setIcon(QIcon(":/img/update-list.png"));
+    connect(searchUpdates, SIGNAL(clicked()), this, SLOT(checkUpdates()));
+    updateDateAndSearchButton->addWidget(mLastUpdateCheckContents);
+    updateDateAndSearchButton->addWidget(searchUpdates);
+
+    mUpdatesTip =
+        new QLabel(QString());
+    mUpdatesTip->setWordWrap(true);
+
+    // addWidget(*Widget, row, column, rowspan, colspan)
+    updatesCenterLayout->addWidget(mUpdatesDetailsHeader);
+    detailsLayout->addWidget(mLastUpdateCheck, 0, 0, 1, 1);
+    detailsLayout->addLayout(updateDateAndSearchButton, 0, 1, 1, 1);
+    detailsLayout->addWidget(mCertListVersion, 1, 0, 1, 1);
+    detailsLayout->addWidget(mCertListVersionContents, 1, 1, 1, 1);
+    detailsLayout->addItem(new QSpacerItem(1, 1, QSizePolicy::Expanding, QSizePolicy::Minimum), 2, 2, 1, 1);
+    detailsLayout->setColumnStretch(2, 1);
+
+    updatesCenterLayout->addLayout(detailsLayout);
+
+    updatesCenterLayout->addItem(new QSpacerItem(100, 10));
+    updatesCenterLayout->addWidget(mUpdatesTip);
 
     /* The central panels. */
-    QScrollArea *centralScrollArea = new QScrollArea;
-    QVBoxLayout *updatesCenterLayout = new QVBoxLayout;
     QHBoxLayout *updatesNewLayout = new QHBoxLayout;
     QHBoxLayout *updatesRemoveLayout = new QHBoxLayout;
     QHBoxLayout *updatesManualLayout = new QHBoxLayout;
@@ -690,10 +788,7 @@
         this, SLOT(listChanged(int)));
     mUpdatesRemove->hide();
 
-    mUpdatesManualCertificates =
-        new QLabel("<h3>" +
-            tr("Manually changed certificates (%1)").arg(0) +
-            "</h3>");
+    mUpdatesManualCertificates = new QLabel(QString());
     mUpdatesDetailsManual = new QPushButton();
     mUpdatesDetailsManual->setText(" " + tr("Details"));
     mUpdatesDetailsManual->setToolTip(tr("Show details"));
@@ -705,7 +800,6 @@
         this,
         SLOT(toggleUpdatesManual()));
     mUpdatesDetailsManual->hide();
-    mUpdatesManualCertificates->hide();
     updatesManualLayout->addWidget(mUpdatesManualCertificates);
     updatesManualLayout->addWidget(mUpdatesDetailsManual);
     updatesManualLayout->addStretch(1);
@@ -723,6 +817,7 @@
     updatesCenterLayout->addWidget(mUpdatesNew);
     updatesCenterLayout->addLayout(updatesRemoveLayout);
     updatesCenterLayout->addWidget(mUpdatesRemove);
+    updatesCenterLayout->addSpacing(10);
     updatesCenterLayout->addLayout(updatesManualLayout);
     updatesCenterLayout->addWidget(mUpdatesManual);
 
@@ -733,7 +828,6 @@
     centralScrollArea->setFrameShape(QFrame::NoFrame);
     centralScrollArea->setSizePolicy(QSizePolicy::Expanding, QSizePolicy::Expanding);
 
-    updatesMainLayout->addLayout(updatesHeaderLayout);
     updatesMainLayout->addWidget(centralScrollArea);
     updatesCenterLayout->addSpacerItem(new QSpacerItem(0, 0,
                 QSizePolicy::MinimumExpanding, QSizePolicy::MinimumExpanding));
@@ -831,6 +925,7 @@
     QVBoxLayout *mainLayout = new QVBoxLayout;
     QHBoxLayout *headerLayout = new QHBoxLayout;
     QVBoxLayout *headerTextLayout = new QVBoxLayout;
+    QHBoxLayout *headerSubtitleLayout = new QHBoxLayout;
     QHBoxLayout *centerLayout = new QHBoxLayout;
     QVBoxLayout *buttonBarLayout = new QVBoxLayout;
     QHBoxLayout *bottomLayout = new QHBoxLayout;
@@ -843,8 +938,19 @@
     logo->setPixmap(QPixmap::fromImage(*logoImage));
     QLabel *title = new QLabel("<h1>" + QString::fromLatin1(APPNAME) + "</h1>");
     QLabel *subTitle = new QLabel(tr("Trust in your digital communication"));
+    QLabel *swVersion = new QLabel(QString::fromLatin1("<i>") +
+            tr("Version") + " " + QApplication::applicationVersion() +
+            QString::fromLatin1(" </i>"));
+
+    swVersion->setTextInteractionFlags(Qt::TextSelectableByKeyboard | Qt::TextSelectableByMouse);
+    swVersion->setTextFormat(Qt::RichText);
+
+    headerSubtitleLayout->addWidget(subTitle);
+    headerSubtitleLayout->addStretch(-1);
+    headerSubtitleLayout->addWidget(swVersion);
+
     headerTextLayout->addWidget(title);
-    headerTextLayout->addWidget(subTitle);
+    headerTextLayout->addLayout(headerSubtitleLayout);
     headerLayout->addWidget(logo);
     headerLayout->addLayout(headerTextLayout);
     headerLayout->setStretch(0, 0);
@@ -860,7 +966,7 @@
     updatesButton->setBackgroundIcon(":/img/red-circle.png");
     updatesButton->setIcon(QIcon(":/img/view-refresh.png"));
     updatesButton->setIconSize(QSize(48, 48));
-    updatesButton->setText(tr("Updates"));
+    updatesButton->setText(tr("Pending\nchanges"));
     updatesButton->setFixedWidth(120);
     updatesButton->setFixedHeight(90);
     updatesButton->setCheckable(true);
@@ -962,10 +1068,10 @@
      * changes available */
     if (changeCount() && !mUpdatesManual->certificates().size()) {
         mUpdatesTip->setText(
-                tr("You should apply the following, recommended changes to your certificate stores."));
+                tr("You should apply the following, recommended changes to your certificate stores:"));
     } else if (changeCount()) {
         mUpdatesTip->setText(
-                tr("You can apply the following, changes to your certificate stores."));
+                tr("You can apply the following, changes to your certificate stores:"));
     } else {
         mUpdatesTip->setText(
                 tr("There are currently no changes for your certificate stores."));
@@ -979,7 +1085,7 @@
         mInstallButton->setText(" " + tr("Install certificates again"));
     } else {
         mQuitButton->setText(" " + tr("Quit without saving"));
-        mUpdatesHeader->setText("<h2>" + tr("Changes to certificate stores (%1)")
+        mUpdatesHeader->setText("<h2>" + tr("Pending changes (%1)")
                 .arg(changeCount()) +
                 "</h2>");
         mInstallButton->setText(" " + tr("Apply changes"));
@@ -987,14 +1093,19 @@
 
     if (mUpdatesManual->certificates().size()) {
         mUpdatesDetailsManual->show();
-        mUpdatesDetailsManual->setIcon(QIcon(":/img/dialog-information_16px.png"));
-        mUpdatesDetailsManual->setToolTip(tr("Show details"));
-        mUpdatesManualCertificates->show();
+        if (mManualDetailsShown) {
+            mUpdatesManual->show();
+            deactivateDetailsButton(mUpdatesDetailsManual);
+        } else {
+            activateDetailsButton(mUpdatesDetailsManual);
+        }
     } else {
         mUpdatesDetailsManual->hide();
-        mUpdatesManualCertificates->hide();
         mUpdatesManual->hide();
     }
+    mUpdatesManualCertificates->setText("<h2>" +
+            tr("Manual changes (%1)").arg(mUpdatesManual->certificates().size()) +
+            "</h2>");
 
     if (mUpdatesNew->certificates().size()) {
         mUpdatesNewCertificates->setText("<h3>" +
@@ -1027,6 +1138,36 @@
         mUpdatesDetailsRemove->hide();
         mUpdatesRemove->hide();
     }
+
+    /* Update the details header */
+    if (mUpdatesRemove->certificates().size() ||
+        mUpdatesNew->certificates().size()) {
+        mUpdatesDetailsHeader->setText("<h2>" +
+                tr("New, recommended changes (%1/%2)")
+                .arg(mUpdatesRemove->selectedCertCount() +
+                     mUpdatesNew->selectedCertCount())
+                .arg(mUpdatesRemove->certificates().size() +
+                     mUpdatesNew->certificates().size()) +
+                "</h2>");
+    } else {
+        mUpdatesDetailsHeader->setText(QString::fromLatin1("<h2>") +
+            tr("No new recommendations") + QString::fromLatin1("</h2>"));
+    }
+
+    if (mListToInstall.isValid()) {
+        mCertListVersion->setText(tr("Certificate list from:"));
+        mCertListVersionContents->setText(QLocale::system().toString(
+                mListToInstall.date().toLocalTime(), DATETIME_FORMAT));
+    } else {
+        if (mInstalledList.isValid()) {
+            mCertListVersion->setText(tr("Currently installed certificate list:"));
+            mCertListVersionContents->setText(QLocale::system().toString(
+                    mInstalledList.date().toLocalTime(), DATETIME_FORMAT));
+        } else {
+            mCertListVersion->setText(tr("No certificate list installed."));
+            mCertListVersionContents->setText("");
+        }
+    }
 }
 
 void MainWindow::loadCertificateList()
@@ -1048,11 +1189,37 @@
             bool state = !mPreviouslyUnselected.contains(cert.base64Line());
             if (cert.isInstallCert()) {
                 oldInstallCerts.append(cert);
-                mInstallList->addCertificate(cert, state);
+                QToolButton* actionBtn = new QToolButton();
+                QIcon btnIcon;
+                if (!state) {
+                    btnIcon.addFile(":/img/write-into-48.png", QSize(48, 48), QIcon::Normal, QIcon::Off);
+                    btnIcon.addFile(":/img/security-low.png", QSize(48, 48), QIcon::Normal, QIcon::On);
+                    actionBtn->setProperty("ToolTip_Off", tr("Certificate will be installed."));
+                    actionBtn->setProperty("ToolTip_On", tr("Certifcate is not installed."));
+                } else {
+                    actionBtn->setProperty("ToolTip_Off", tr("Certificate is installed."));
+                    actionBtn->setProperty("ToolTip_On", tr("Certificate will be removed."));
+                    btnIcon.addFile(":/img/security-high.png", QSize(48, 48), QIcon::Normal, QIcon::Off);
+                    btnIcon.addFile(":/img/write-remove-48.png", QSize(48, 48), QIcon::Normal, QIcon::On);
+                }
+                actionBtn->setIcon(btnIcon);
+                mInstallList->addCertificate(cert, state, actionBtn);
             }
             else {
                 oldRemoveCerts.append(cert);
-                mRemoveList->addCertificate(cert, state, !state);
+                QToolButton* actionBtn = new QToolButton();
+                QIcon btnIcon;
+                actionBtn->setProperty("ToolTip_Off", tr("Certificate will be removed."));
+                actionBtn->setProperty("ToolTip_On", tr("Certificate has not been removed."));
+                btnIcon.addFile(":/img/write-remove-48.png", QSize(48, 48), QIcon::Normal, QIcon::Off);
+                btnIcon.addFile(":/img/security-medium.png", QSize(48, 48), QIcon::Normal, QIcon::On);
+                btnIcon.addFile(":/img/trash-empty.png", QSize(48, 48), QIcon::Disabled, QIcon::Off);
+                actionBtn->setIcon(btnIcon);
+                if (state) {
+                    actionBtn->setEnabled(false);
+                    actionBtn->setToolTip(tr("Certificate has been removed."));
+                }
+                mRemoveList->addCertificate(cert, state, actionBtn);
             }
         }
     }
@@ -1065,13 +1232,26 @@
                 if (mInstalledList.getCertificates().contains(cert)) {
                     // Was in the old list.
                     oldInstallCerts.append(cert);
-                    mInstallList->addCertificate(cert, state);
+                    QToolButton* actionBtn = new QToolButton();
+                    QIcon btnIcon;
+                    actionBtn->setProperty("ToolTip_Off", tr("Certificate is installed."));
+                    actionBtn->setProperty("ToolTip_On", tr("Certifcate is not installed."));
+                    btnIcon.addFile(":/img/security-high.png", QSize(48, 48), QIcon::Normal, QIcon::Off);
+                    btnIcon.addFile(":/img/security-low.png", QSize(48, 48), QIcon::Normal, QIcon::On);
+                    actionBtn->setIcon(btnIcon);
+                    mInstallList->addCertificate(cert, state, actionBtn);
                 }
                 else {
                     // Is a brand new certificate
                     newInstallCerts.append(cert);
-                    mUpdatesNew->addCertificate(cert, state, true,
-                            tr("install"), tr("ignore"));
+                    QToolButton* actionBtn = new QToolButton();
+                    QIcon btnIcon;
+                    actionBtn->setProperty("ToolTip_Off", tr("Certificate will be installed."));
+                    actionBtn->setProperty("ToolTip_On", tr("Certificate will not be installed."));
+                    btnIcon.addFile(":/img/write-into-48.png", QSize(48, 48), QIcon::Normal, QIcon::Off);
+                    btnIcon.addFile(":/img/security-low.png", QSize(48, 48), QIcon::Normal, QIcon::On);
+                    actionBtn->setIcon(btnIcon);
+                    mUpdatesNew->addCertificate(cert, state, actionBtn);
                 }
             }
             else {
@@ -1080,27 +1260,37 @@
                     // Was in the old list.
                     oldRemoveCerts.append(cert);
                     // Is removed, so set editable to false.
-                    mRemoveList->addCertificate(cert, state, !state);
+                    QToolButton* actionBtn = new QToolButton();
+                    QIcon btnIcon;
+                    actionBtn->setProperty("ToolTip_Off", tr("Certificate will be removed."));
+                    actionBtn->setProperty("ToolTip_On", tr("Certificate has not been removed."));
+                    btnIcon.addFile(":/img/write-remove-48.png", QSize(48, 48), QIcon::Normal, QIcon::Off);
+                    btnIcon.addFile(":/img/security-medium.png", QSize(48, 48), QIcon::Normal, QIcon::On);
+                    btnIcon.addFile(":/img/trash-empty.png", QSize(48, 48), QIcon::Disabled, QIcon::Off);
+                    actionBtn->setIcon(btnIcon);
+                    if (state) {
+                        actionBtn->setEnabled(false);
+                        actionBtn->setToolTip(tr("Certificate has been removed."));
+                    }
+                    mRemoveList->addCertificate(cert, state, actionBtn);
                 }
                 else {
                     // Was in the old list with status "install" and now has the
                     // status "remove".
                     newRemoveCerts.append(cert);
-                    mUpdatesRemove->addCertificate(cert, state);
+                    QToolButton* actionBtn = new QToolButton();
+                    QIcon btnIcon;
+                    actionBtn->setProperty("ToolTip_Off", tr("Certificate will be removed."));
+                    actionBtn->setProperty("ToolTip_On", tr("Certificate will not be removed."));
+                    btnIcon.addFile(":/img/write-remove-48.png", QSize(48, 48), QIcon::Normal, QIcon::Off);
+                    btnIcon.addFile(":/img/security-medium.png", QSize(48, 48), QIcon::Normal, QIcon::On);
+                    actionBtn->setIcon(btnIcon);
+                    mUpdatesRemove->addCertificate(cert, state, actionBtn);
                 }
             }
         }
     }
 
-    if (mInstalledList.date().isValid()) {
-        mLastCertUpdateContents->setText(QLocale::system().toString(mInstalledList.date().toLocalTime(),
-                        DATETIME_FORMAT));
-        mLastCertUpdate->show();
-        mLastCertUpdateContents->show();
-    }
-    mUpdatesManualCertificates->setText("<h3>" +
-            tr("Manually changed certificates (%1)").arg(0) +
-            "</h3>");
     listChanged(0);
 }
 
@@ -1193,7 +1383,7 @@
     if (!is_system_install()) {
         QMessageBox::warning(this,
                 tr("Installation with standard user account"),
-	        tr("Windows will now ask you to confirm qeach root certificate modification "
+	        tr("Windows will now ask you to confirm each root certificate modification "
 		   "because TrustBridge does not have the necessary privileges to install "
 		   "root certificates into the Windows certificate store silently."));
     }
@@ -1207,11 +1397,17 @@
     progress->setMinimumDuration(0);
     progress->show();
 
+    CertificateList *instList = mListToInstall.isValid() ?
+                                &mListToInstall :
+                                &mInstalledList;
+
     InstallWrapper *instWrap = new InstallWrapper(this,
-                                                  mListToInstall.isValid() ?
-                                                  mListToInstall.fileName() :
-                                                  mInstalledList.fileName(),
+                                                  instList->fileName(),
                                                   choices);
+
+    syslog_info_printf ("Installing certificate list: '%s' Version '%s'\n",
+            instList->fileName().toUtf8().constData(),
+            instList->date().toString().toUtf8().constData());
     /* Clean up object and progress dialog */
     connect(instWrap, SIGNAL(finished()), instWrap, SLOT(deleteLater()));
     connect(instWrap, SIGNAL(finished()), progress, SLOT(deleteLater()));
@@ -1258,27 +1454,24 @@
 void MainWindow::toggleInManual(bool state, const Certificate &cert)
 {
     if (!mUpdatesManual->contains(cert)) {
-        mUpdatesManual->addCertificate(cert, state);
+        QToolButton* actionBtn = new QToolButton();
+        QIcon btnIcon;
+        btnIcon.addFile(":/img/write-into-48.png", QSize(48, 48), QIcon::Normal, QIcon::On);
+        btnIcon.addFile(":/img/write-remove-48.png", QSize(48, 48), QIcon::Normal, QIcon::Off);
+        actionBtn->setProperty("ToolTip_On", tr("Certificate will be installed."));
+        actionBtn->setProperty("ToolTip_Off", tr("Certificate will be removed."));
+        actionBtn->setIcon(btnIcon);
+        mUpdatesManual->addCertificate(cert, state, actionBtn);
     }
     else {
         mUpdatesManual->removeCertificate(cert);
     }
-
-    mUpdatesManualCertificates->setText("<h3>" +
-            tr("Manually changed certificates (%1)")
-                .arg(mUpdatesManual->certificates().size()) +
-            "</h3>");
 }
 
 void MainWindow::removeFromManual(bool state, const Certificate &cert)
 {
     mUpdatesManual->removeCertificate(cert);
 
-    mUpdatesManualCertificates->setText("<h3>" +
-            tr("Manually changed certificates (%1)")
-                .arg(mUpdatesManual->certificates().size()) +
-            "</h3>");
-
     if (cert.isInstallCert()) {
         mInstallList->setCertState(state, cert);
     }
@@ -1332,42 +1525,50 @@
     return;
 }
 
+static void deactivateDetailsButton(QPushButton *btn) {
+    btn->setToolTip(QObject::tr("Hide details"));
+    btn->setText(" " + QObject::tr("Less"));
+    btn->setIcon(QIcon(":/img/dialog-information_grey_16px.png"));
+}
+
+static void activateDetailsButton(QPushButton *btn) {
+    btn->setToolTip(QObject::tr("Show details"));
+    btn->setText(" " + QObject::tr("Details"));
+    btn->setIcon(QIcon(":/img/dialog-information_16px.png"));
+}
+
 void MainWindow::toggleUpdatesNew() {
     if (!mUpdatesNew->isVisible()) {
-        mUpdatesDetailsNew->setToolTip(tr("Hide details"));
-        mUpdatesDetailsNew->setIcon(QIcon(":/img/dialog-information_grey_16px.png"));
         mUpdatesNew->show();
+        deactivateDetailsButton(mUpdatesDetailsNew);
     }
     else {
         mUpdatesNew->hide();
-        mUpdatesDetailsNew->setToolTip(tr("Show details"));
-        mUpdatesDetailsNew->setIcon(QIcon(":/img/dialog-information_16px.png"));
+        activateDetailsButton(mUpdatesDetailsNew);
     }
 }
 
 void MainWindow::toggleUpdatesRemove() {
     if (!mUpdatesRemove->isVisible()) {
-        mUpdatesDetailsRemove->setToolTip(tr("Hide details"));
-        mUpdatesDetailsRemove->setIcon(QIcon(":/img/dialog-information_grey_16px.png"));
         mUpdatesRemove->show();
+        deactivateDetailsButton(mUpdatesDetailsRemove);
     }
     else {
         mUpdatesRemove->hide();
-        mUpdatesDetailsRemove->setToolTip(tr("Show details"));
-        mUpdatesDetailsRemove->setIcon(QIcon(":/img/dialog-information_16px.png"));
+        activateDetailsButton(mUpdatesDetailsRemove);
     }
 }
 
 void MainWindow::toggleUpdatesManual() {
     if (!mUpdatesManual->isVisible()) {
-        mUpdatesDetailsManual->setToolTip(tr("Hide details"));
-        mUpdatesDetailsManual->setIcon(QIcon(":/img/dialog-information_grey_16px.png"));
         mUpdatesManual->show();
+        mManualDetailsShown = true;
+        deactivateDetailsButton(mUpdatesDetailsManual);
     }
     else {
-        mUpdatesDetailsManual->setToolTip(tr("Show details"));
-        mUpdatesDetailsManual->setIcon(QIcon(":/img/dialog-information_16px.png"));
         mUpdatesManual->hide();
+        mManualDetailsShown = false;
+        activateDetailsButton(mUpdatesDetailsManual);
     }
 }
 
@@ -1392,7 +1593,8 @@
         mLastUpdateCheck->show();
         syslog_info_printf(tr("Sucessfully checked for updates.").toUtf8().constData());
     }
-    if (getState() != NewSoftwareAvailable && getState() != NewListAvailable && mTrayMode) {
+    if ((getState() != NewSoftwareAvailable && getState() != NewListAvailable && mTrayMode)
+            && !isVisible()) {
         qDebug() << "Shutting down as no list or Software is available.";
         closeApp();
     } else {
@@ -1442,3 +1644,8 @@
     free (inst_dir);
     return;
 }
+
+void MainWindow::showErrorMessage(const QString &msg)
+{
+    QMessageBox::warning(this, tr("TrustBridge error"), msg);
+}
--- a/ui/mainwindow.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/mainwindow.h	Tue Sep 16 19:45:19 2014 +0200
@@ -169,6 +169,13 @@
      * the application. */
     void installNewSW(const QString& fileName, const QDateTime& modDate);
 
+    /** @brief show an error message
+     *
+     * This is a wrapper around QMessageBox to allow for central
+     * styling of error messages.
+     */
+    void showErrorMessage(const QString &msg);
+
 signals:
     /** @brief emits the changecount as a string when it changes */
     void changesChanged(const QString& cnt);
@@ -217,11 +224,14 @@
      * (accessible via button panel) */
     QWidget *createRemoveWidget();
 
-    /* Are we running in tray mode ?*/
+    /** @brief true if the software is running in tray mode*/
     const bool mTrayMode;
-    /* The message currently shown at intervals */
+
+    /** @brief The currently shown message */
     QString mCurMessage;
+    /** @brief The version the Software thinks is installed */
     QString mInstalledSWVersion;
+    /** @brief The certificate list the Software thinks is installed */
     QString mInstalledListVersion;
 
     QSettings mSettings;
@@ -253,10 +263,9 @@
     QWidget *mInfoWidget;
 
     QLabel *mUpdatesHeader;
-    QLabel *mLastCertUpdate;
-    QLabel *mLastCertUpdateContents;
-    QLabel *mSoftwareVersionLabel;
-    QLabel *mSoftwareVersionContents;
+    QLabel *mUpdatesDetailsHeader;
+    QLabel *mCertListVersion;
+    QLabel *mCertListVersionContents;
     QLabel *mLastUpdateCheck;
     QLabel *mLastUpdateCheckContents;
     QLabel *mUpdatesNewCertificates;
@@ -280,6 +289,7 @@
 
     QPushButton *mInstallButton;
     int mChangeCount;
+    bool mManualDetailsShown;
 };
 
 #endif // MAINWINDOW_H
--- a/ui/processhelp.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/processhelp.h	Tue Sep 16 19:45:19 2014 +0200
@@ -15,8 +15,8 @@
 #include <QString>
 
 /**
- * @file Static helper functions for process handling
- * @brief process handling functions
+ * @file processhelp.h 
+ * @brief Static helper functions for process handling
  */
 
 namespace ProcessHelp
--- a/ui/processwaitdialog.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/processwaitdialog.h	Tue Sep 16 19:45:19 2014 +0200
@@ -10,7 +10,9 @@
 #include <QDialog>
 #include <QStringList>
 
-/** @file Dialog to show that some processes need to be closed
+/** 
+ * @file processwaitdialog.h
+ * @brief Dialog to show that some processes need to be closed
  *
  * This dialog informs about processes that are still running and
  * need to be closed.
--- a/ui/proxysettingsdlg.cpp	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/proxysettingsdlg.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -16,6 +16,7 @@
 #include <QDebug>
 #include <QIcon>
 #include <QPixmap>
+#include <QCheckBox>
 
 #include "proxysettingsdlg.h"
 
@@ -35,18 +36,27 @@
     iconTextLayout->addWidget(iconLabel);
 
     QLabel *explanation = new QLabel(tr("Please enter the proxy server to use in the field below.") +
-        "</br>" + tr("The URL can follow the scheme:") + " " + 
-        tr("&lt;username&gt;:&lt;password&gt;@&lt;hostname&gt;:&lt;port&gt;") +
-        "</br></br>");
+        " " + tr("The URL can follow the scheme:") + "<br/>" + 
+        tr("[&lt;username&gt;:&lt;password&gt;@]&lt;hostname&gt;[:&lt;port&gt;]") +
+        "<br/></br/>");
     explanation->setTextFormat(Qt::RichText);
     explanation->setWordWrap(true);
 
     iconTextLayout->addWidget(explanation);
     mainLayout->addLayout(iconTextLayout);
 
+    bool useProxy = settings.value("UseProxy", false).toBool();
+    mCheckBox = new QCheckBox(tr("Use Proxy Server"));
+    mCheckBox->setTristate(false);
+    mCheckBox->setCheckState(useProxy ? Qt::Checked : Qt::Unchecked);
+
+    mainLayout->addWidget(mCheckBox);
+
     mProxyURL = new QLineEdit(settings.value("ProxyURL").toString());
     QLabel *proxyLabel = new QLabel(tr("Proxy Server:"));
     proxyLabel->setBuddy(mProxyURL);
+    mProxyURL->setReadOnly(!useProxy);
+    mProxyURL->setEnabled(useProxy);
 
     labelLineLayout->addWidget(proxyLabel);
     labelLineLayout->addWidget(mProxyURL);
@@ -61,6 +71,7 @@
     connect(mSaveButton, SIGNAL(clicked()), this, SLOT(save()));
     connect(mProxyURL, SIGNAL(textChanged(const QString &)),
             this, SLOT(checkCanSave(const QString&)));
+    connect(mCheckBox, SIGNAL(stateChanged(int)), this, SLOT(checkCanEdit(int)));
 
     mainLayout->addLayout(labelLineLayout);
     mainLayout->addLayout(okCancelLayout);
@@ -69,12 +80,19 @@
 }
 
 void ProxySettingsDlg::checkCanSave(const QString &val) {
-    mSaveButton->setEnabled(val.isEmpty() || QUrl(val).isValid());
+    mSaveButton->setEnabled(mCheckBox->checkState() == Qt::Unchecked ||
+        QUrl(val).isValid());
+}
+
+void ProxySettingsDlg::checkCanEdit(int state) {
+    mProxyURL->setReadOnly(state != Qt::Checked);
+    mProxyURL->setEnabled(state == Qt::Checked);
 }
 
 void ProxySettingsDlg::save() {
     QSettings settings;
     settings.setValue("ProxyURL", mProxyURL->text());
+    settings.setValue("UseProxy", mCheckBox->checkState() == Qt::Checked);
     settings.sync();
     accept();
 }
--- a/ui/proxysettingsdlg.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/proxysettingsdlg.h	Tue Sep 16 19:45:19 2014 +0200
@@ -12,8 +12,12 @@
 
 class QLineEdit;
 class QPushButton;
+class QCheckBox;
 
-/** @file Small dialog for proxy settings. */
+/** 
+ * @file proxysettingsdlg.h
+ * @brief Small dialog for proxy settings. 
+ */
 
 class ProxySettingsDlg : public QDialog {
 
@@ -29,9 +33,13 @@
     /** @brief save the contents of mProxyURL in the settings. */
     void save();
 
+    /** @brief make the URL editiable depending on UseProxy setting. */
+    void checkCanEdit(int state);
+
 private:
     QLineEdit *mProxyURL;
     QPushButton *mSaveButton;
+    QCheckBox *mCheckBox;
 };
 
 #endif // PROXYSETTINGSDLG_H
--- a/ui/sslconnection.cpp	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/sslconnection.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -6,7 +6,10 @@
  * See LICENSE.txt for details.
  */
 
-/**@file base implemetation of sslconnection. */
+/**
+  * @file sslconnection.cpp
+  * @brief Base implemetation of sslconnection. 
+  */
 
 #include "sslconnection.h"
 
@@ -25,9 +28,9 @@
     if (certificate.isEmpty()) {
 #ifdef RELEASE_BUILD
         /* TODO Change certificate here in case of release build */
-        QFile certResource(":certs/intevation.de");
+        QFile certResource(":certs/ssl-test");
 #else
-        QFile certResource(":certs/intevation.de");
+        QFile certResource(":certs/ssl-test");
 #endif
         certResource.open(QFile::ReadOnly);
         mPinnedCert = certResource.readAll();
--- a/ui/sslconnection.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/sslconnection.h	Tue Sep 16 19:45:19 2014 +0200
@@ -88,7 +88,7 @@
 
     /** @brief Set acceptable ciphersuites.
      *
-     * @param [in] cipers a zero terminated list of ciphers as defined in 
+     * @param [in] ciphers a zero terminated list of ciphers as defined in 
      * polarssl/ssl_ciphersuites.h
      */
     virtual void setCiphersuites(int ciphers[]) = 0;
--- a/ui/sslconnection_curl.cpp	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/sslconnection_curl.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -7,12 +7,11 @@
  */
 
 #include "sslconnection_curl.h"
+#include "logging.h"
 
 #include <polarssl/ssl.h>
 #include <QSaveFile>
 
-#undef CONNECTION_DEBUG
-
 SSLConnectionCurl::SSLConnectionCurl(const QString& url,
                              const QByteArray& certificate):
     SSLConnection (url, certificate),
@@ -26,25 +25,7 @@
         return;
     }
 
-#ifdef RELEASE_BUILD
     if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYPEER, 1L) != CURLE_OK) {
-#else
-    /* For testing we do not have to trust the issuer. This should not
-     * be dangerous as we pin the peer certificate directly. */
-    if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYPEER, 0L) != CURLE_OK) {
-#endif
-        /* Should be default anyway */
-        qDebug() << "Setting verifypeer failed";
-        return;
-    }
-
-#ifdef RELEASE_BUILD
-    if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYHOST, 1L) != CURLE_OK) {
-#else
-    /* For testing we do not have to trust host. This should not
-     * be dangerous as we pin the peer certificate directly. */
-    if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYHOST, 0L) != CURLE_OK) {
-#endif
         /* Should be default anyway */
         qDebug() << "Setting verifypeer failed";
         return;
@@ -55,12 +36,10 @@
         return;
     }
 
-#ifdef RELEASE_BUILD
     if (curl_easy_setopt(mCurl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2) != CURLE_OK) {
         qDebug() << "Setting ssl version failed.";
         return;
     }
-#endif
 
     mCertFile.open();
     if (mCertFile.write(mPinnedCert) != mPinnedCert.size()) {
@@ -83,10 +62,9 @@
         return;
     }
     mInitialized = true;
-
-#ifdef CONNECTION_DEBUG
-    curl_easy_setopt(mCurl, CURLOPT_VERBOSE, 1L);
-#endif
+    if (g_debug) {
+        curl_easy_setopt(mCurl, CURLOPT_VERBOSE, 1L);
+    }
 }
 
 SSLConnectionCurl::~SSLConnectionCurl() {
@@ -151,6 +129,15 @@
     return written;
 }
 
+size_t debug_write(void *ptr, size_t size, size_t nmemb,
+        void *unused)
+{
+    Q_UNUSED(unused);
+
+    qDebug() << QString::fromUtf8((const char *)ptr, size * nmemb);
+    return size *nmemb;
+}
+
 bool SSLConnectionCurl::downloadFile(const QString &resource,
                                      const QString &fileName,
                                      size_t maxSize)
@@ -213,6 +200,11 @@
     QUrl urlCopy = mUrl;
     urlCopy.setPath(resource);
 
+    if (curl_easy_setopt(mCurl, CURLOPT_WRITEFUNCTION, debug_write) != CURLE_OK) {
+        qDebug() << "Failed to set write function";
+        return QDateTime();
+    }
+
     if (curl_easy_setopt(mCurl, CURLOPT_URL, urlCopy.toEncoded().constData()) != CURLE_OK) {
         qDebug() << "Failed to set URL";
         return QDateTime();
--- a/ui/taskscheduler.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/taskscheduler.h	Tue Sep 16 19:45:19 2014 +0200
@@ -9,8 +9,10 @@
 #define TASKSCHEDULER_H
 
 /**
- * @file Interface to the Task Scheduler API
- * @brief Provides a Qt / C++ API to work with the windows task scheduler
+ * @file taskscheduler.h
+ * @brief Interface to the Task Scheduler API
+ * 
+ * Provides a Qt / C++ API to work with the windows task scheduler.
  */
 
 #include <QString>
--- a/ui/tests/CMakeLists.txt	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/tests/CMakeLists.txt	Tue Sep 16 19:45:19 2014 +0200
@@ -15,7 +15,6 @@
 find_package(Qt5Test)
 include_directories(${Qt5Test_INCLUDE_DIRS})
 find_program(HIAWATHA_EXECUTABLE hiawatha)
-find_program(OSSLSIGNCODE_EXECUTABLE osslsigncode)
 find_program(OPENSSL_EXECUTABLE openssl)
 
 if (NOT HIAWATHA_EXECUTABLE)
@@ -24,10 +23,6 @@
   add_definitions(-DHIAWATHA_EXECUTABLE="${HIAWATHA_EXECUTABLE}")
 endif()
 
-if (WIN32 AND NOT OSSLSIGNCODE_EXECUTABLE)
-   message (STATUS "WARNING: osslsigncode not found. Authenticode tests will not be run.")
-endif()
-
 if (UNIX AND NOT OPENSSL_EXECUTABLE)
    message (STATUS "WARNING: openssl (the tool) not found. Binary verification tests will not be run.")
 endif()
@@ -69,7 +64,9 @@
 add_custom_test(commontest.cpp "")
 
 add_custom_test(createcertlisttest.cpp "")
-add_custom_test(mainwindowtest.cpp "")
+
+# Disabled for now at it executes too much and brings up the mainwindow
+# add_custom_test(mainwindowtest.cpp "")
 
 # Using fakeinstaller here would cause windows UAC heuristics to trigger
 add_executable(fakeinst fakeinstaller.c)
@@ -77,7 +74,7 @@
 if (WIN32)
    add_custom_test(windowsstoretest.cpp "${CMAKE_SOURCE_DIR}/cinst/windowsstore.c")
 
-   if (NOT "${CMAKE_STRIP}")
+   if (NOT CMAKE_STRIP)
       message(STATUS "WARNING CMAKE_STRIP not set. Please set this in your toolchain file. Falling back to: i686-w64-mingw32-strip")
       set (CMAKE_STRIP "i686-w64-mingw32-strip")
    endif()
--- a/ui/tests/binverifytest.cpp	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/tests/binverifytest.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -30,17 +30,17 @@
 /* Some general robustness checks */
 void BinVerifyTest::testMiscErrors()
 {
-  QVERIFY (verify_binary (NULL, 10) != VerifyValid);
-  QVERIFY (verify_binary ("foo", 10) != VerifyValid);
-  QVERIFY (verify_binary ("bar", -1) != VerifyValid);
+  QVERIFY (verify_binary (NULL, 10).result != VerifyValid);
+  QVERIFY (verify_binary ("foo", 10).result != VerifyValid);
+  QVERIFY (verify_binary ("bar", -1).result!= VerifyValid);
   /* On windows the next line will check that a valid microsoft
    * signed executable is not valid for us (pinning). On linux
    * it will just fail with a read error which we tested above */
 #ifdef Q_OS_WIN
   QVERIFY (verify_binary ("c:\\Windows\\System32\\mmc.exe",
-                          strlen("c:\\Windows\\System32\\mmc.exe")) != VerifyInvalidCertificate);
+                          strlen("c:\\Windows\\System32\\mmc.exe")).result != VerifyInvalidCertificate);
 #endif
-  QVERIFY (verify_binary ("/dev/null", strlen("/dev/null")) != VerifyValid);
+  QVERIFY (verify_binary ("/dev/null", strlen("/dev/null")).result != VerifyValid);
 }
 
 /* Check that a signature with only a different key (of the same size)
@@ -48,14 +48,16 @@
 void BinVerifyTest::testOtherKey()
 {
     QVERIFY(VerifyInvalidSignature == verify_binary ("fakeinst-other-key" EXE_SUFFIX,
-                strlen("fakeinst-other-key" EXE_SUFFIX)));
+                strlen("fakeinst-other-key" EXE_SUFFIX)).result);
 }
 
 /* Check that an invalid signature is not validated */
 void BinVerifyTest::testInvalidSig()
 {
-    QVERIFY(VerifyValid != verify_binary ("fakeinst-invalid" EXE_SUFFIX,
-                strlen("fakeinst-invalid" EXE_SUFFIX)));
+    bin_verify_result res = verify_binary ("fakeinst-invalid" EXE_SUFFIX,
+                strlen("fakeinst-invalid" EXE_SUFFIX));
+    QVERIFY(VerifyValid != res.result);
+    QVERIFY(res.fptr == NULL);
 }
 
 #ifdef Q_OS_WIN
@@ -64,22 +66,34 @@
 void BinVerifyTest::testOtherCert()
 {
     QVERIFY(VerifyInvalidCertificate == verify_binary ("fakeinst-other-cert" EXE_SUFFIX,
-                strlen("fakeinst-other-cert" EXE_SUFFIX)));
+                strlen("fakeinst-other-cert" EXE_SUFFIX)).result);
 }
 #endif
 
 /* Check that no signature is not validated */
 void BinVerifyTest::testNoSignature()
 {
-    QVERIFY(VerifyValid != verify_binary ("fakeinst" EXE_SUFFIX,
-                strlen("fakeinst" EXE_SUFFIX)));
+    bin_verify_result res = verify_binary ("fakeinst" EXE_SUFFIX,
+                strlen("fakeinst" EXE_SUFFIX));
+    QVERIFY(VerifyValid != res.result);
+    QVERIFY(res.fptr == NULL);
 }
 
 /* Check that a valid signed executable is verified */
 void BinVerifyTest::testValidBinary()
 {
-  QVERIFY (VerifyValid == verify_binary ("fakeinst-signed" EXE_SUFFIX,
-                                         strlen("fakeinst-signed" EXE_SUFFIX)));
+    bin_verify_result res = verify_binary ("fakeinst-signed" EXE_SUFFIX,
+                                          strlen("fakeinst-signed" EXE_SUFFIX));
+    QVERIFY (VerifyValid == res.result);
+    QFile thefile ("fakeinst-signed" EXE_SUFFIX);
+#ifdef WIN32
+    /* Verifies the deny write open mode. But on linuy we dont have it. */
+    QVERIFY (!thefile.open(QIODevice::ReadWrite));
+#endif
+    QVERIFY (res.fptr != NULL);
+    fclose(res.fptr);
+    QVERIFY (thefile.open(QIODevice::ReadWrite));
+    thefile.close();
 }
 
 void BinVerifyTest::testSignatureCreation()
@@ -95,8 +109,10 @@
   bool ret = theDialog->appendTextSignatureToFile (garbage, outfile.fileName());
   QVERIFY(QFile::remove(garbage));
   QVERIFY(ret == true);
-  QVERIFY(VerifyValid == verify_binary (outfile.fileName().toUtf8().constData(),
-                                        outfile.fileName().toUtf8().size()));
+  bin_verify_result res = verify_binary (outfile.fileName().toUtf8().constData(),
+                                        outfile.fileName().toUtf8().size());
+  QVERIFY(VerifyValid == res.result);
 }
+bool g_debug = true;
 
 QTEST_MAIN (BinVerifyTest);
--- a/ui/tests/cinstprocesstest.cpp	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/tests/cinstprocesstest.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -32,8 +32,11 @@
         }
     }
 
+    QStringList newArgs = args;
+    newArgs << "--debug";
+
     QProcess *installerProcess = new QProcess();
-    installerProcess->setArguments(args);
+    installerProcess->setArguments(newArgs);
     installerProcess->setProgram(processPath);
     installerProcess->start();
     installerProcess->waitForStarted();
--- a/ui/tests/createcertlisttest.cpp	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/tests/createcertlisttest.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -84,4 +84,6 @@
     QVERIFY(signature.toBase64() == QByteArray("KMOni98NWbt6SWd13H0JlGA1B7hBlXWH84e883s7gMrWeCCj0fUyHmdsNCyY0rmosu+o9mo2K847S3CdnxFPPJcjbfcmILZWRw0hHMtUYta1i9jypHJbz4oznuDctgXz59L4SQzzliCNUzItNoe6UpUznkS5gja4ZHbzqIj3qDVX3H86Z+qOdLICw+LXKlTs5ghsq+SdhZRAFFpHnt+URICWHjEIQKRlmIGEUIh1NgEHInHB/teFLqNGJMu1khi0MTsWDzesAEF5LQTM7Fo3fKmVxEUSbHKupluZrX1XSfnp5w3MaxBQK/t5nFvkVVdFrdEWvb68FIkMt21XqCvjyCPG2oWNh9jjfx3/R+eQ8kFbXzgUIhlZNxbB7bOCVDe2fYNxlXhy+HAqfHsIDP8qegHU+ngLck7tJHScC5dZwTCBDL6sxAvaeGyb3m6FraqaipNI+SGLii63ou9H7PlH5xWOTY9JvJDXGpfjN9U0UrZ6X5hPutOa/llT7s0pmoQb"));
 }
 
+bool g_debug = true;
+
 QTEST_GUILESS_MAIN (CreateCertListTest);
--- a/ui/tests/data/NOTES	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/tests/data/NOTES	Tue Sep 16 19:45:19 2014 +0200
@@ -130,3 +130,57 @@
 not_before=20130101000000 not_after=20151231235959 \
 key_usage=digital_signature \
 ns_cert_type=object_signing
+
+# Testserver mit hiawatha
+apt-get install build-essential cmake libxslt-dev libxml2-dev libz-dev
+
+    wget https://www.hiawatha-webserver.org/files/hiawatha-9.7.tar.gz
+    sha256sum hiawatha-9.7.tar.gz
+
+e8581336883b7b963f38572f6396f8c47b43e5bedd3147d052fa3652e6c0ed86 hiawatha-9.7.tar.gz
+
+    mkdir hiawatha-prefix
+    tar -xf hiawatha-9.7.tar.gz
+    cd hiawatha-9.7
+    mkdir build
+    cd build
+    cmake .. -DCMAKE_INSTALL_PREFIX=/home/intevation/hiawatha-prefix
+    make && make install
+
+# Root CA
+    gen_key filename=ssl_root.key
+    cert_write issuer_name="CN=TrustBridge SSL Test CA,O=Public secret do not trust this,C=DE" \
+    selfsign=1 issuer_key=ssl_root.key \
+    not_before=20130101000000 not_after=20151231235959 \
+    is_ca=1 max_pathlen=0 output_file=ssl_root.pem
+
+# SSL cert
+    gen_key type=ec ec_curve=brainpoolP256r1 filename=ssl-test.key
+    cert_req filename=ssl-test.key output_file=ssl-test.csr \
+    subject_name="CN=tb-devel.intevation.de,O=Public secret do not trust this,C=DE" \
+    ns_cert_type=ssl_server
+
+# Sign it
+    cert_write request_file=ssl-test.csr issuer_crt=ssl_root.pem \
+    issuer_key=ssl_root.key output_file=ssl-test.pem \
+    not_before=20130101000000 not_after=20151231235959 \
+    ns_cert_type=ssl_server
+
+    cat ssl-test.pem ssl-test.key > ssl-test-combined.pem
+
+# Kopieren des Zertifikats nach /home/intevation auf dem testserver
+# Editieren von /home/intevation/hiawatha-prefix/etc/hiawatha
+
+# Binding settings:
+    Port = 44413
+    SSLcertFile = /home/intevation/ssl-test-combined.pem
+
+# Default website settings
+    Hostname = thetis.intevation.de:44413
+    WebsiteRoot = /home/intevation/m13-files
+    StartFile = index.html
+
+# Trustbridge download ordner nach /home/intevation/m13-files kopieren.
+
+    screen -R server
+    /home/intevation/hiawatha-prefix/sbin/hiawatha -d
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ui/tests/data/ssl-test.pem	Tue Sep 16 19:45:19 2014 +0200
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwjCCAaqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMSAwHgYDVQQDExdUcnVz
+dEJyaWRnZSBTU0wgVGVzdCBDQTEoMCYGA1UEChMfUHVibGljIHNlY3JldCBkbyBu
+b3QgdHJ1c3QgdGhpczELMAkGA1UEBhMCREUwHhcNMTMwMTAxMDAwMDAwWhcNMTUx
+MjMxMjM1OTU5WjBYMR8wHQYDVQQDExZ0Yi1kZXZlbC5pbnRldmF0aW9uLmRlMSgw
+JgYDVQQKEx9QdWJsaWMgc2VjcmV0IGRvIG5vdCB0cnVzdCB0aGlzMQswCQYDVQQG
+EwJERTBaMBQGByqGSM49AgEGCSskAwMCCAEBBwNCAARDyErp7HHK72FWzjC/S3Tf
+FnU6UuUAt9A46KOQpdxDYnRTg0bsdXnu2Pdh0g/Hj8vVe1rvyVrEMux4LLnL8q/1
+o2AwXjAJBgNVHRMEAjAAMB0GA1UdDgQWBBSeaZrzvOqRFK/HS2+ipUxQ4WE8kzAf
+BgNVHSMEGDAWgBRrgmr4LKgEyDNB0FdDpty3dHHZ3zARBglghkgBhvhCAQEEBAMC
+AEAwDQYJKoZIhvcNAQEFBQADggIBAEgWk/jA7wH4+5xr18WoA7v+VgNGnmJom3bA
+kMA6y/iXaqIjbP+KRNvM32so4a3V2Q453DVdj2aaUW4RlcrSq+4G7XmSS8i5FvY3
+L/OMMvMao26ZMKmSDTpgTAI/fLq7q56T+WSUbUex6r0K5ECPDw1fmfDwCcxjkWoI
+YGGmEPkRUvAnaD9PeuUd0ldL85wRxZ02PlOKAQcGWG7BvTj3tP8CeXfR9vTDO4t1
+5DgTHz/ug3DtF8oJE+CVT0QsfbTYyHiUbLlpZz6wJNYkWlb7iYb1dO4yVx3k8xhW
+zvm3id6+8nPsTbt6I5P428t3+rlr05lrNdiaATTOzvRgp25jSBJHY1uIYyYBcCAP
+vrtb5xkSw21uzRy2I6aZZYrYuN9GLMzBS3C5IqkiQ8gFw4Q6iFNMJIgAo8oFHtr2
+Ry3Vqrw9xqLuSYdAwje1gU8nX5oWOYd1WedLBemVQoxkwBJi/9V2O+oytOr47XnZ
+Ngyvcvn3SkdO77sLQweJsDnIEac4ON/ZCajBHd0lKkGJ3xqx6e4cxORZ22rjz0Pf
+EZm0ZzqlHe2zw223FMghRLDHUhABVPstaXKH57mRivwNex2JTPpC5RrwPwRCC9B4
+X6xY6TzZfc976UCCPof5Pn4kHBEmgycyRdA4fsqO3v5pm10GJ2hHiI/meghP0lE1
+ab374f0o
+-----END CERTIFICATE-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ui/tests/data/ssl_root.key	Tue Sep 16 19:45:19 2014 +0200
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEAtMBUHwHawNLTouyz0d1cmjdvtZTI6eHSyxozmwNBF8bKagq9
+zsi1Tmb2nZDy5oqEajArIvJia92d+L1c+8KooSoBNIEVIE8igO/UiVdbhDK73atm
+RuHG6RzWvSJW2TWQ7ZQXuZUXsihF8xxr/7cQMjql+D/jGzj+IlbrQZsjPnn4kH3j
+XdQUHBHCJJ3Blauii/AVo/iUpx40WtmYyoGgH+Uxmp7OQBjCZxDKrRvr43cYSNqT
+s4XIbQskMw2ftHl3w0DEAfAneZj2Hta1sNGKrSeUn8CISfv3lkBKHt8ZUg8t1Lmv
+YAswsjzKzNTWH5pMbKJzUVXdTjgcl1c+QpxZBWi5EX3L1tuYFdv+6oYs+61Sv3SM
+9hPM9tNvIEzj6kJqJLJS1v2r8aRS3iqlksF45dtQvI2QnRnP1bzLhBunUm5Ur4WN
+TshDJnQvaOOD2e34h+9Lfhyas8GnrkkqXx4RJNCZ9mdd09PoM9JVJexs9/b3oz9/
+rdg4l6yt9GknSrbAgwbzRI5RaoC6KCvNWbcD6MaTx5uqS4gzw9d0AV228OFNkec9
+yTYSDuGEhqWREuU0+z4WJSHZhiGwNUYXEW2zdMZOq1v4fU0rybLlxV8iQleeA1Ib
+S3i7OmEzrFeMqfBslsCl5ZWSCRTjm/wLb1OKCwjq9co0C4rm9nImnzdteBsCAwEA
+AQKCAgEAnywzqC6o5l+CshpCbJDEiKZDAKPqnlQYnnUPdvXRr8+G1wVoix4i081G
+ZhGMZksbOqv6gMb0t0qtX6vao3aTq4FjGEqIQTCPEP6iquO8GtnWqOnUop0W3phf
+3qTL2HIck6tzjSFngaOHngSscr9SSvlsyQXxyDpTSghDGj41NkKRCyVhQXKO1v0o
+e7hVDqnb9eHSHNi+h8DImCzBKawnR489NI2e0cE8CSk3YmSRQXnSb+3UXiZ1Dtnd
+4fugZX0GY3K4aYCEMsfqDdREolaVCdEuR9Rz8LssGCu7Wh5bnPDzCj8O2sRf+MYi
+TWksux3VKWGRrdGwlr5BJ2FT2bL3jJniX/d0KFe7spDjbUCv+HKlf+T3EFGbXHya
+fjx2TyHF1RfIN/Tkp+93n3P8hv8oR8xzkV0BdBiQQTUO/oT4MtjJFj3KCC/sGVa6
+RT1vECjuK7TDGZ0RwI3xhtImVZZ500lnc1tbuRR3HAn2pA5S76Gel8/xUOxz10e7
+YrVNhAOumx/AOOs3AGQfFxn5txk2e04DmMjDSIxJlEtIptU0H8OmlyLQdTs9vDOh
+M6bXzWejzK6P3NQ/vBGqByZSFumc4PNPri1A6Y50u4BM9Gpc++tp+M0UKamjNZl6
+EjBJdICYaDO2To90oHWnSTDbDlWFilYvgMn7mcqqFPMKLarESfECggEBANzWaBnC
+juXk3dClNWqacveHHguTAJxU/5HqboQZm1YBo9BS1zzZSThgBzu+zmBsoLwUN1RN
+t8kn/wioCsUUlmbUrWlM74dXBf/p1hf7UGKU/vjn6IghDjxA6Af2sRFuyFf1NBEN
+mnXRnJ/sKF6mlrxTnqssBI4fHVJecZgNymEW9ZEgBfNGXWkJp+8Vm1ll9AytZMnr
+qeOomPLoXfA5snrGF7SAvjGd/s9aBXbfBx9nSqJx9acgO7VaxXkPKo0SoNome4uT
+lGOYBiF3RVdBW/kYBP0WB3u2OkMN+nwkWmU9hUgpWxwwrTJmWb060TGYcjTHci/x
+zNDghngymhvxLjkCggEBANGH9dUqNWEBQ7UuhTtzepIYyI2tjCi/uPFZ69t2WtQh
+rbUrxssZCB4qVePsTZCP96cow7GybFWk7y2/fD+JAfoBvYMcVO+vVpRzTBTuI8eb
+YxYA3p9irzSnIRUXmAtizXG1Dp6Vpn/P9mWAnptdttdC5ls3TwFgZvdOadYJHUCo
+BMe3YFHc1j55NDeWHs/2pFN+DcaSGqNt//2pLzGzNqyoHvQDsN8C7DqB38rKrBCs
+aDXrIiiKUJZLoU+lCXkfASO9DFHMNdFTYj5KXimXwxlQIRqKNvzy+hvVT8yIFJeq
+m+e7juybVHwS1St6eYj/+U6p3AkrGIwLeCD0xDZzWPMCggEBANjOsnMf3JT9JXwS
+xid7rIUxJSEt2DqjBCnoI0oTrbo5b+81dVSq6kSrmk5gnFJ0MzWTD2L3zghx+OMx
+vykPdj1MbVdlDgAsQpqlouf2dkvihZQucc87zLMA8gvneJ1pysz30X8wgMVM3dzv
+yA5stK391lespmg1Sd81E4a5e0fod3xcGRtmqIxXy4RhDRwuiPPtQ3cto6P7QPWx
+hZAzxPLeCiXPA2rI94Hwmk7C1UZSbSaghRDoB1ab4CVi616GvF6Py1kTsWo5tUMj
+ynLImxgpKbSi7QPausZcMd+w/QJJ7NEUsPszGsbRTycFWJ29UdpZONSzKmajF8Fn
+xH7MQJkCggEARVsIr2eKRbLCc62TYktmLgfQEr14YGCd2h3WqU0y4XbIZei4o6+E
+dV+0EH6+afSNmCIxLJeProWquezhNrKmGdgLn+N35eKW+Qp1C5SL+V1g3f6psf5b
+WkVb+PxXUqWAtXul/C4y76mpuI1rcqgBhp1ZXKYhG6aKTqAA/l0D9svm0SjM1CwS
+Kpm6BBBH4LSWTiCydKEV+jTGAHPI8F2O4nW/0SuLlzYDdZZZuml9rQM0d2x+YQbv
+h+A+4/sP+KyflvHTqxu6ULCWG2JIauIWLUHNw1guvWm8CgyAnoYIsu9BLeJye7Uq
+sOsW7o5avlNkdXpaIBrIxEpjmB0M+a0SqwKCAQEAv2LRIzq4OylBSceryZG077li
+Fqr3jXlRUjfpjjMSnJEyJE+Iji2e8NplYwIfCRm/wCGNjummgHhi+7wZyU3C5dCc
+wQhwZ0kIc4i1IUBSfILedVvMQe1/J32tRUGHuDw+LSjLNaXnDNyhq7Qqjrk+WWl0
+kO3Lxlm0UpO4nsnpn3gyGN9cGnhhKsatYKn3Dp9r7aqBRsTo2BTRBn9rH0vPtTTe
+0r8sDTkFJSnpZzXXlEJWhLWd0xiD73eJnDjHFQSGnqy2wST3QiQHsImG6j9o7y5w
+hi6sqGTBLqasrlO7togs+3wsE4Kfp1i83CoIbFvCX8+yBsIG7ah3oIlsYBArZQ==
+-----END RSA PRIVATE KEY-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ui/tests/data/ssl_root.pem	Tue Sep 16 19:45:19 2014 +0200
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFgDCCA2igAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMSAwHgYDVQQDExdUcnVz
+dEJyaWRnZSBTU0wgVGVzdCBDQTEoMCYGA1UEChMfUHVibGljIHNlY3JldCBkbyBu
+b3QgdHJ1c3QgdGhpczELMAkGA1UEBhMCREUwHhcNMTMwMTAxMDAwMDAwWhcNMTUx
+MjMxMjM1OTU5WjBZMSAwHgYDVQQDExdUcnVzdEJyaWRnZSBTU0wgVGVzdCBDQTEo
+MCYGA1UEChMfUHVibGljIHNlY3JldCBkbyBub3QgdHJ1c3QgdGhpczELMAkGA1UE
+BhMCREUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC0wFQfAdrA0tOi
+7LPR3VyaN2+1lMjp4dLLGjObA0EXxspqCr3OyLVOZvadkPLmioRqMCsi8mJr3Z34
+vVz7wqihKgE0gRUgTyKA79SJV1uEMrvdq2ZG4cbpHNa9IlbZNZDtlBe5lReyKEXz
+HGv/txAyOqX4P+MbOP4iVutBmyM+efiQfeNd1BQcEcIkncGVq6KL8BWj+JSnHjRa
+2ZjKgaAf5TGans5AGMJnEMqtG+vjdxhI2pOzhchtCyQzDZ+0eXfDQMQB8Cd5mPYe
+1rWw0YqtJ5SfwIhJ+/eWQEoe3xlSDy3Uua9gCzCyPMrM1NYfmkxsonNRVd1OOByX
+Vz5CnFkFaLkRfcvW25gV2/7qhiz7rVK/dIz2E8z2028gTOPqQmokslLW/avxpFLe
+KqWSwXjl21C8jZCdGc/VvMuEG6dSblSvhY1OyEMmdC9o44PZ7fiH70t+HJqzwaeu
+SSpfHhEk0Jn2Z13T0+gz0lUl7Gz39vejP3+t2DiXrK30aSdKtsCDBvNEjlFqgLoo
+K81ZtwPoxpPHm6pLiDPD13QBXbbw4U2R5z3JNhIO4YSGpZES5TT7PhYlIdmGIbA1
+RhcRbbN0xk6rW/h9TSvJsuXFXyJCV54DUhtLeLs6YTOsV4yp8GyWwKXllZIJFOOb
+/AtvU4oLCOr1yjQLiub2ciafN214GwIDAQABo1MwUTAPBgNVHRMECDAGAQEBAgEA
+MB0GA1UdDgQWBBRrgmr4LKgEyDNB0FdDpty3dHHZ3zAfBgNVHSMEGDAWgBRrgmr4
+LKgEyDNB0FdDpty3dHHZ3zANBgkqhkiG9w0BAQUFAAOCAgEAiVqKrj6+HMFGkLTB
+345ZhbjqYMpr9Ze65qV2bzUS3B9tUKJQeb42aWfpEXT8VNlLYX1GCZiJrgZTr0vw
+rVGLo7Z6SXYfKbkApS5bAsYwc8/822rhJuAXZ5Aq9pennhnRrmAsxd85eRcgP9v2
+w/4fFkjjuCQpIsj6DEx2hIHkZS3jqILzNwmBUGiTxmTIaSnXduYVmWliZ2x7Fbxh
+BcqN7AsYPjxdXxRfWC5lO2LtaRh3fRTcdqRsYMkdZxu+05JILVbZ/i+r+0dIolh1
+QhSExsC2mzDi+CMsJxV0wXwpXg1GUEkRHCssDjH7ggeqgs1LPsuLRL//WsyDbwCS
+zmHJlTAf0fdf99h99UD5WVqbbMMk43w9z4aDDBK0u6uZBdFZWsZmtSGbY6Mr8CMa
+S+QbKYyLwik7ime7a2Yh4BIvxAyV+halazmCZyye0z9ZxF9zo8F3AB0K3hHNsozA
+sLV3Uit/9KNIaTAjtZG9GHNVn1HR+2uEfn/Nri38JQhpC91cU9QDt9GJJBlfOtyU
++KY3HPXfTXm7JYpVP5afbsnmNs40OPB4gw/BhNQ6mr9MoSf5Uf/uyU8kxQAM2Sxk
+IyCXDlYhC1QOY/1ou2Bj2Ghyc6R1revnc370f7+3tLfK60LUj8AsgGycU9aaw7oa
+JO2qAkbI1BEnPlIL5YBlGiw70kE=
+-----END CERTIFICATE-----
--- a/ui/tests/downloadertest.cpp	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/tests/downloadertest.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -149,9 +149,7 @@
     QVERIFY(error == SSLConnection::NoConnection);
 }
 static int accept_ciphers[] = {
-    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
-    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-    TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
     0
 };
 
@@ -162,8 +160,8 @@
             QByteArray(), /* Use default testing certificate */
             QDateTime::currentDateTime(),
             QDateTime::fromString("2010", "YYYY"),
-            "/users/aheinecke/development/TrustBridge-development.exe",
-            "/users/aheinecke/development/zertifikatsliste.txt");
+            "/development/TrustBridge-development.exe",
+            "/development/zertifikatsliste.txt");
 
     downloader->setCiphersuites(accept_ciphers);
 
@@ -238,8 +236,8 @@
             QByteArray(),
             QDateTime::currentDateTime(), // Last installed SW
             QDateTime::fromString("2010", "YYYY"),
-            QString("/users/aheinecke/zertifikatsliste.txt"),
-            QString("/users/aheinecke/zertifikatsliste.txt"));
+            QString("/zertifikatsliste.txt"),
+            QString("/zertifikatsliste.txt"));
 
     SETUP_SPY
 
@@ -309,5 +307,7 @@
     }
 }
 
+bool g_debug = true;
+
 QTEST_GUILESS_MAIN (DownloaderTest);
 
--- a/ui/tests/nsstest.cpp	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/tests/nsstest.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -266,4 +266,7 @@
         write_stores_nss(to_install, to_remove);
     }
 }
+
+bool g_debug = true;
+
 QTEST_GUILESS_MAIN (NSSTest);
--- a/ui/tests/windowsstoretest.cpp	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/tests/windowsstoretest.cpp	Tue Sep 16 19:45:19 2014 +0200
@@ -158,4 +158,7 @@
 void WindowsStoreTest::cleanupTestCase() {
     CertCloseStore(testStore, 0);
 }
+
+bool g_debug = true;
+
 QTEST_GUILESS_MAIN (WindowsStoreTest);
--- a/ui/textoverlaybutton.h	Tue Sep 02 14:25:40 2014 +0200
+++ b/ui/textoverlaybutton.h	Tue Sep 16 19:45:19 2014 +0200
@@ -8,7 +8,10 @@
  * See LICENSE.txt for details.
  */
 
-/** @file A tool button that overlays a text over the icon */
+/** 
+  * @file textoverlaybutton.h
+  * @brief A tool button that overlays a text over the icon.
+  */
 
 #include <QToolButton>
 #include <QString>

http://wald.intevation.org/projects/trustbridge/