release registry url updated

ci fixes
typos
2025-04-23 22:19:27 +02:00 · 2025-04-23 22:02:04 +02:00 · 2025-04-23 21:55:45 +02:00 · 2025-04-23 21:54:43 +02:00 · 2025-04-23 10:35:07 +02:00 · 2025-04-22 20:42:11 +02:00
27 changed files with 1594 additions and 574 deletions
--- a/.DEBIAN/control
+++ b/.DEBIAN/control
@ -2,7 +2,7 @@ Package: fastapi-dls
 Version: 0.0
 Architecture: all
 Maintainer: Oscar Krause oscar.krause@collinwebdesigns.de
-Depends: python3, python3-fastapi, python3-uvicorn, python3-dotenv, python3-dateutil, python3-jose, python3-sqlalchemy, python3-pycryptodome, python3-markdown, uvicorn, openssl
+Depends: python3, python3-fastapi, python3-uvicorn, python3-dotenv, python3-dateutil, python3-josepy, python3-sqlalchemy, python3-cryptography, python3-markdown, uvicorn, openssl
 Recommends: curl
 Installed-Size: 10240
 Homepage: https://git.collinwebdesigns.de/oscar.krause/fastapi-dls
--- a/.DEBIAN/env.default
+++ b/.DEBIAN/env.default
@ -21,7 +21,3 @@ DATABASE=sqlite:////etc/fastapi-dls/db.sqlite
 #SITE_KEY_XID="00000000-0000-0000-0000-000000000000"
 #INSTANCE_REF="10000000-0000-0000-0000-000000000001"
 #ALLOTMENT_REF="20000000-0000-0000-0000-000000000001"
 # Site-wide signing keys
 INSTANCE_KEY_RSA=/etc/fastapi-dls/instance.private.pem
 INSTANCE_KEY_PUB=/etc/fastapi-dls/instance.public.pem
--- a/.DEBIAN/postinst
+++ b/.DEBIAN/postinst
@ -3,14 +3,6 @@
 WORKING_DIR=/usr/share/fastapi-dls
 CONFIG_DIR=/etc/fastapi-dls
 if [ ! -f $CONFIG_DIR/instance.private.pem ]; then
  echo "> Create dls-instance keypair ..."
  openssl genrsa -out $CONFIG_DIR/instance.private.pem 2048
  openssl rsa -in $CONFIG_DIR/instance.private.pem -outform PEM -pubout -out $CONFIG_DIR/instance.public.pem
 else
  echo "> Create dls-instance keypair skipped! (exists)"
 fi
 while true; do
  [ -f $CONFIG_DIR/webserver.key ] && default_answer="N" || default_answer="Y"
  [ $default_answer == "Y" ] && V="Y/n" || V="y/N"
--- a/.DEBIAN/requirements-bookworm-12.txt
+++ b/.DEBIAN/requirements-bookworm-12.txt
@ -1,8 +1,8 @@
 # https://packages.debian.org/hu/
 fastapi==0.92.0
 uvicorn[standard]==0.17.6
-python-jose[pycryptodome]==3.3.0
+python-jose[cryptography]==3.3.0
-pycryptodome==3.11.0
+cryptography==38.0.4
 python-dateutil==2.8.2
 sqlalchemy==1.4.46
 markdown==3.4.1
--- a/.DEBIAN/requirements-ubuntu-23.04.txt
+++ b/.DEBIAN/requirements-ubuntu-23.04.txt
@ -1,10 +0,0 @@
 # https://packages.ubuntu.com
 fastapi==0.91.0
 uvicorn[standard]==0.15.0
 python-jose[pycryptodome]==3.3.0
 pycryptodome==3.11.0
 python-dateutil==2.8.2
 sqlalchemy==1.4.46
 markdown==3.4.3
 python-dotenv==0.21.0
 jinja2==3.1.2
--- a/.DEBIAN/requirements-ubuntu-23.10.txt
+++ b/.DEBIAN/requirements-ubuntu-23.10.txt
@ -1,10 +0,0 @@
 # https://packages.ubuntu.com
 fastapi==0.101.0
 uvicorn[standard]==0.23.2
 python-jose[pycryptodome]==3.3.0
 pycryptodome==3.11.0
 python-dateutil==2.8.2
 sqlalchemy==1.4.47
 markdown==3.4.4
 python-dotenv==1.0.0
 jinja2==3.1.2
--- a/.DEBIAN/requirements-ubuntu-24.04.txt
+++ b/.DEBIAN/requirements-ubuntu-24.04.txt
@ -1,8 +1,8 @@
 # https://packages.ubuntu.com
 fastapi==0.101.0
 uvicorn[standard]==0.27.1
-python-jose[pycryptodome]==3.3.0
+python-jose[cryptography]==3.3.0
-pycryptodome==3.20.0
+cryptography==41.0.7
 python-dateutil==2.8.2
 sqlalchemy==1.4.50
 markdown==3.5.2
--- a/.DEBIAN/requirements-ubuntu-24.10.txt
+++ b/.DEBIAN/requirements-ubuntu-24.10.txt
@ -0,0 +1,10 @@
 # https://packages.ubuntu.com
 fastapi==0.110.3
 uvicorn[standard]==0.30.3
 python-jose[cryptography]==3.3.0
 cryptography==42.0.5
 python-dateutil==2.9.0
 sqlalchemy==2.0.32
 markdown==3.6
 python-dotenv==1.0.1
 jinja2==3.1.3
--- a/.PKGBUILD/PKGBUILD
+++ b/.PKGBUILD/PKGBUILD
@ -8,7 +8,7 @@ pkgdesc='NVIDIA DLS server implementation with FastAPI'
 arch=('any')
 url='https://git.collinwebdesigns.de/oscar.krause/fastapi-dls'
 license=('MIT')
-depends=('python' 'python-jose' 'python-starlette' 'python-httpx' 'python-fastapi' 'python-dotenv' 'python-dateutil' 'python-sqlalchemy' 'python-pycryptodome' 'uvicorn' 'python-markdown' 'openssl')
+depends=('python' 'python-jose' 'python-starlette' 'python-httpx' 'python-fastapi' 'python-dotenv' 'python-dateutil' 'python-sqlalchemy' 'python-cryptography' 'uvicorn' 'python-markdown' 'openssl')
 provider=("$pkgname")
 install="$pkgname.install"
 backup=('etc/default/fastapi-dls')
@ -17,7 +17,7 @@ source=("git+file://${CI_PROJECT_DIR}"
        "$pkgname.service"
        "$pkgname.tmpfiles")
 sha256sums=('SKIP'
-            'fbd015449a30c0ae82733289a56eb98151dcfab66c91b37fe8e202e39f7a5edb'
+            'a4776a0ae4671751065bf3e98aa707030b8b5ffe42dde942c51050dab5028c54'
            '2719338541104c537453a65261c012dda58e1dbee99154cf4f33b526ee6ca22e'
            '3dc60140c08122a8ec0e7fa7f0937eb8c1288058890ba09478420fc30ce9e30c')
@ -30,8 +30,6 @@ pkgver() {
 check() {
    cd "$srcdir/$pkgname/test"
    mkdir "$srcdir/$pkgname/app/cert"
    openssl genrsa -out "$srcdir/$pkgname/app/cert/instance.private.pem" 2048
    openssl rsa -in "$srcdir/$pkgname/app/cert/instance.private.pem" -outform PEM -pubout -out "$srcdir/$pkgname/app/cert/instance.public.pem"
    python "$srcdir/$pkgname/test/main.py"
    rm -rf "$srcdir/$pkgname/app/cert"
 }
@ -39,7 +37,7 @@ check() {
 package() {
    install -d "$pkgdir/usr/share/doc/$pkgname"
    install -d "$pkgdir/var/lib/$pkgname/cert"
-    cp -r "$srcdir/$pkgname/doc"/* "$pkgdir/usr/share/doc/$pkgname/"
+    #cp -r "$srcdir/$pkgname/doc"/* "$pkgdir/usr/share/doc/$pkgname/"
    install -Dm644 "$srcdir/$pkgname/README.md" "$pkgdir/usr/share/doc/$pkgname/README.md"
    install -Dm644 "$srcdir/$pkgname/version.env" "$pkgdir/usr/share/doc/$pkgname/version.env"
--- a/.PKGBUILD/fastapi-dls.default
+++ b/.PKGBUILD/fastapi-dls.default
@ -19,10 +19,6 @@ DATABASE="sqlite:////var/lib/fastapi-dls/db.sqlite"
 SITE_KEY_XID="<<sitekey>>"
 INSTANCE_REF="<<instanceref>>"
 # Site-wide signing keys
 INSTANCE_KEY_RSA="/var/lib/fastapi-dls/instance.private.pem"
 INSTANCE_KEY_PUB="/var/lib/fastapi-dls/instance.public.pem"
 # TLS certificate
 INSTANCE_SSL_CERT="/var/lib/fastapi-dls/cert/webserver.crt"
 INSTANCE_SSL_KEY="/var/lib/fastapi-dls/cert/webserver.key"
--- a/.PKGBUILD/fastapi-dls.install
+++ b/.PKGBUILD/fastapi-dls.install
@ -7,8 +7,4 @@ post_install() {
    echo
    echo 'A valid HTTPS certificate needs to be installed to /var/lib/fastapi-dls/cert/webserver.{crt,key}'
    echo 'A self-signed certificate can be generated with: openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /var/lib/fastapi-dls/cert/webserver.key -out /var/lib/fastapi-dls/cert/webserver.crt'
    echo
    echo 'The signing keys for your instance need to be generated as well. Generate them with these commands:'
    echo 'openssl genrsa -out /var/lib/fastapi-dls/instance.private.pem 2048'
    echo 'openssl rsa -in /var/lib/fastapi-dls/instance.private.pem -outform PEM -pubout -out /var/lib/fastapi-dls/instance.public.pem'
 }
--- a/.UNRAID/FastAPI-DLS.xml
+++ b/.UNRAID/FastAPI-DLS.xml
@ -18,9 +18,6 @@ Make sure you create these certificates before starting the container for the fi
 WORKING_DIR=/mnt/user/appdata/fastapi-dls/cert&#xD;
 mkdir -p $WORKING_DIR&#xD;
 cd $WORKING_DIR&#xD;
 # create instance private and public key for singing JWT's&#xD;
 openssl genrsa -out $WORKING_DIR/instance.private.pem 2048 &#xD;
 openssl rsa -in $WORKING_DIR/instance.private.pem -outform PEM -pubout -out $WORKING_DIR/instance.public.pem&#xD;
 # create ssl certificate for integrated webserver (uvicorn) - because clients rely on ssl&#xD;
 openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout  $WORKING_DIR/webserver.key -out $WORKING_DIR/webserver.crt&#xD;
 ```&#xD;
--- a/.gitignore
+++ b/.gitignore
@ -1,6 +1,6 @@
 .DS_Store
 venv/
 .idea/
-app/*.sqlite*
+*.sqlite
 app/cert/*.*
 .pytest_cache
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -16,11 +16,12 @@ build:docker:
  interruptible: true
  stage: build
  rules:
-    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+    # deployment is in "deploy:docker:"
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
      changes:
        - app/**/*
        - Dockerfile
-    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+        - requirements.txt
  tags: [ docker ]
  before_script:
    - docker buildx inspect
@ -43,16 +44,13 @@ build:apt:
    - if: $CI_COMMIT_TAG
      variables:
        VERSION: $CI_COMMIT_REF_NAME
-    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+    - if: ($CI_PIPELINE_SOURCE == 'merge_request_event') || ($CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH)
      changes:
        - app/**/*
        - .DEBIAN/**/*
        - .gitlab-ci.yml
      variables:
        VERSION: "0.0.1"
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
      variables:
        VERSION: "0.0.1"
  before_script:
    - echo -e "VERSION=$VERSION\nCOMMIT=$CI_COMMIT_SHA" > version.env
    # install build dependencies
@ -93,16 +91,13 @@ build:pacman:
    - if: $CI_COMMIT_TAG
      variables:
        VERSION: $CI_COMMIT_REF_NAME
-    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+    - if: ($CI_PIPELINE_SOURCE == 'merge_request_event') || ($CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH)
      changes:
        - app/**/*
        - .PKGBUILD/**/*
        - .gitlab-ci.yml
      variables:
        VERSION: "0.0.1"
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
      variables:
        VERSION: "0.0.1"
  before_script:
    #- echo -e "VERSION=$VERSION\nCOMMIT=$CI_COMMIT_SHA" > version.env
    # install build dependencies
@ -125,13 +120,12 @@ build:pacman:
    paths:
      - "*.pkg.tar.zst"
-test:
+test:python:
  image: $IMAGE
  stage: test
  interruptible: true
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
    - if: $CI_COMMIT_TAG
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
      changes:
@ -141,35 +135,49 @@ test:
    DATABASE: sqlite:///../app/db.sqlite
  parallel:
    matrix:
-      - IMAGE: [ 'python:3.11-slim-bookworm', 'python:3.12-slim-bullseye' ]
+      - IMAGE:
-        REQUIREMENTS:
+          # https://devguide.python.org/versions/#supported-versions
-          - requirements.txt
+#          - python:3.14-rc-alpine  # EOL 2030-10 =>  uvicorn does not support 3.14 yet
-          - .DEBIAN/requirements-bookworm-12.txt
+          - python:3.13-alpine  # EOL 2029-10
-          - .DEBIAN/requirements-ubuntu-23.10.txt
+          - python:3.12-alpine  # EOL 2028-10
-          - .DEBIAN/requirements-ubuntu-24.04.txt
+          - python:3.11-alpine  # EOL 2027-10
 #          - python:3.10-alpine  # EOL 2026-10 => ImportError: cannot import name 'UTC' from 'datetime'
 #          - python:3.9-alpine  # EOL 2025-10 => ImportError: cannot import name 'UTC' from 'datetime'
  before_script:
-    - apt-get update && apt-get install -y python3-dev gcc
+    - apk --no-cache add openssl
-    - pip install -r $REQUIREMENTS
+    - python3 -m venv venv
-    - pip install pytest httpx
+    - source venv/bin/activate
    - pip install --upgrade pip
    - pip install -r requirements.txt
    - pip install pytest pytest-cov pytest-custom_exit_code httpx
    - mkdir -p app/cert
    - openssl genrsa -out app/cert/instance.private.pem 2048
    - openssl rsa -in app/cert/instance.private.pem -outform PEM -pubout -out app/cert/instance.public.pem
    - cd test
  script:
    - python -m pytest main.py --junitxml=report.xml
  artifacts:
    reports:
      dotenv: version.env
      junit: ['**/report.xml']
-.test:linux:
+test:apt:
  image: $IMAGE
  stage: test
  rules:
-    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
    - if: ($CI_PIPELINE_SOURCE == 'merge_request_event') || ($CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH)
      changes:
        - app/**/*
        - .DEBIAN/**/*
-    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+        - .gitlab-ci.yml
      variables:
        VERSION: "0.0.1"
  parallel:
    matrix:
      - IMAGE:
          - debian:trixie-slim # EOL: t.b.a.
          - debian:bookworm-slim # EOL: June 06, 2026
          - debian:bookworm-slim # EOL: June 06, 2026
          - ubuntu:24.04 # EOL: April 2036
          - ubuntu:24.10
  needs:
    - job: build:apt
      artifacts: true
@ -201,22 +209,15 @@ test:
    - apt-get purge -qq -y fastapi-dls
    - apt-get autoremove -qq -y && apt-get clean -qq
-test:debian:
+test:pacman:archlinux:
  extends: .test:linux
  image: debian:bookworm-slim
 test:ubuntu:
  extends: .test:linux
  image: ubuntu:24.04
 test:archlinux:
  image: archlinux:base
  rules:
-    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
      changes:
        - app/**/*
        - .PKGBUILD/**/*
-    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+        - .gitlab-ci.yml
  needs:
    - job: build:pacman
      artifacts: true
@ -250,7 +251,7 @@ semgrep-sast:
 test_coverage:
 #  extends: test
-  image: python:3.11-slim-bookworm
+  image: python:3.12-slim-bookworm
  allow_failure: true
  stage: test
  rules:
@ -260,19 +261,17 @@ test_coverage:
  before_script:
    - apt-get update && apt-get install -y python3-dev gcc
    - pip install -r requirements.txt
-    - pip install pytest httpx
+    - pip install pytest pytest-cov pytest-custom_exit_code httpx
    - mkdir -p app/cert
    - openssl genrsa -out app/cert/instance.private.pem 2048
    - openssl rsa -in app/cert/instance.private.pem -outform PEM -pubout -out app/cert/instance.public.pem
    - cd test
  script:
-    - pip install pytest pytest-cov
+    - coverage run -m pytest main.py --junitxml=report.xml --suppress-no-test-exit-code
    - coverage run -m pytest main.py
    - coverage report
    - coverage xml
  coverage: '/(?i)total.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/'
  artifacts:
    reports:
      junit: [ '**/report.xml' ]
      coverage_report:
        coverage_format: cobertura
        path: '**/coverage.xml'
@ -291,15 +290,12 @@ gemnasium-python-dependency_scanning:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
 .deploy:
  rules:
    - if: $CI_COMMIT_TAG
 deploy:docker:
  extends: .deploy
  image: docker:dind
  stage: deploy
  tags: [ docker ]
  rules:
    - if: $CI_COMMIT_TAG
  before_script:
    - echo "Building docker image for commit $CI_COMMIT_SHA with version $CI_COMMIT_REF_NAME"
    - docker buildx inspect
@ -318,9 +314,10 @@ deploy:docker:
 deploy:apt:
  # doc: https://git.collinwebdesigns.de/help/user/packages/debian_repository/index.md#install-a-package
  extends: .deploy
  image: debian:bookworm-slim
  stage: deploy
  rules:
    - if: $CI_COMMIT_TAG
  needs:
    - job: build:apt
      artifacts: true
@ -357,9 +354,10 @@ deploy:apt:
    - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${EXPORT_NAME} "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${PACKAGE_NAME}/${PACKAGE_VERSION}/${EXPORT_NAME}"'
 deploy:pacman:
  extends: .deploy
  image: archlinux:base-devel
  stage: deploy
  rules:
    - if: $CI_COMMIT_TAG
  needs:
    - job: build:pacman
      artifacts: true
@ -380,7 +378,7 @@ deploy:pacman:
 release:
  image: registry.gitlab.com/gitlab-org/release-cli:latest
  stage: .post
-  needs: [ test ]
+  needs: [ deploy:docker, deploy:apt, deploy:pacman ]
  rules:
    - if: $CI_COMMIT_TAG
  script:
@ -395,4 +393,4 @@ release:
        - name: 'Package Registry'
          url: 'https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/-/packages'
        - name: 'Container Registry'
-          url: 'https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/container_registry/40'
+          url: 'https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/container_registry/70'
--- a/2
+++ b/2
@ -10,7 +10,7 @@ RUN apk update \
 && apk add --no-cache --virtual build-deps gcc g++ python3-dev musl-dev pkgconfig \
 && apk add --no-cache curl postgresql postgresql-dev mariadb-dev sqlite-dev \
 && pip install --no-cache-dir --upgrade uvicorn \
- && pip install --no-cache-dir psycopg2==2.9.9 mysqlclient==2.2.4 pysqlite3==0.5.2 \
+ && pip install --no-cache-dir psycopg2==2.9.10 mysqlclient==2.2.7 pysqlite3==0.5.4 \
 && pip install --no-cache-dir -r /tmp/requirements.txt \
 && apk del build-deps
--- a/FAQ.md
+++ b/FAQ.md
@ -1,17 +0,0 @@
 # FAQ
 ## `Failed to acquire license from <ip> (Info: <license> - Error: The allowed time to process response has expired)`
 - Did your timezone settings are correct on fastapi-dls **and your guest**?
 - Did you download the client-token more than an hour ago?
 Please download a new client-token. The guest have to register within an hour after client-token was created.
 ## `jose.exceptions.JWTError: Signature verification failed.`
 - Did you recreated `instance.public.pem` / `instance.private.pem`?
 Then you have to download a **new** client-token on each of your guests.
--- a/README.md
+++ b/README.md
@ -2,8 +2,15 @@
 Minimal Delegated License Service (DLS).
-Compatibility tested with official NLS 2.0.1, 2.1.0, 3.1.0, 3.3.1. For Driver compatibility
+> [!warning] Branch support
-see [compatibility matrix](#vgpu-software-compatibility-matrix).
+> FastAPI-DLS Version 1.x supports up to **`17.x`** releases. \
 > FastAPI-DLS Version 2.x is backwards compatible to `17.x` and supports **`18.x`** releases in combination
 > with [gridd-unlock-patcher](https://git.collinwebdesigns.de/oscar.krause/gridd-unlock-patcher).
 > Other combinations of FastAPI-DLS and Driver-Branches may work but are not tested.
 > [!note] Compatibility
 > Compatibility tested with official NLS 2.0.1, 2.1.0, 3.1.0, 3.3.1, 3.4.0. For Driver compatibility
 > see [compatibility matrix](#vgpu-software-compatibility-matrix).
 This service can be used without internet connection.
 Only the clients need a connection to this service on configured port.
@ -23,6 +30,7 @@ Only the clients need a connection to this service on configured port.
 * [NVIDIA vGPU Guide](https://gitlab.com/polloloco/vgpu-proxmox) - This document serves as a guide to install NVIDIA vGPU host drivers on the latest Proxmox VE version
 * [vgpu_unlock](https://github.com/DualCoder/vgpu_unlock) - Unlock vGPU functionality for consumer-grade Nvidia GPUs.
 * [vGPU_Unlock Wiki](https://docs.google.com/document/d/1pzrWJ9h-zANCtyqRgS7Vzla0Y8Ea2-5z2HEi4X75d2Q) - Guide for `vgpu_unlock`
 * [Proxmox 8 vGPU in VMs and LXC Containers](https://medium.com/@dionisievldulrincz/proxmox-8-vgpu-in-vms-and-lxc-containers-4146400207a3) - Install *Merged Drivers* for using in Proxmox VMs and LXCs
 * [Proxmox All-In-One Installer Script](https://wvthoog.nl/proxmox-vgpu-v3/) - Also known as `proxmox-installer.sh`
 ---
@ -61,9 +69,6 @@ The images include database drivers for `postgres`, `mariadb` and `sqlite`.
 WORKING_DIR=/opt/docker/fastapi-dls/cert
 mkdir -p $WORKING_DIR
 cd $WORKING_DIR
 # create instance private and public key for singing JWT's
 openssl genrsa -out $WORKING_DIR/instance.private.pem 2048 
 openssl rsa -in $WORKING_DIR/instance.private.pem -outform PEM -pubout -out $WORKING_DIR/instance.public.pem
 # create ssl certificate for integrated webserver (uvicorn) - because clients rely on ssl
 openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout  $WORKING_DIR/webserver.key -out $WORKING_DIR/webserver.crt
 ```
@ -81,7 +86,7 @@ docker run -e DLS_URL=`hostname -i` -e DLS_PORT=443 -p 443:443 -v $WORKING_DIR:/
 See [`examples`](examples) directory for more advanced examples (with reverse proxy usage).
-> Adjust *REQUIRED* variables as needed
+> Adjust `REQUIRED` variables as needed
 ```yaml
 version: '3.9'
@ -148,9 +153,6 @@ chown -R www-data:www-data $WORKING_DIR
 WORKING_DIR=/opt/fastapi-dls/app/cert
 mkdir -p $WORKING_DIR
 cd $WORKING_DIR
 # create instance private and public key for singing JWT's
 openssl genrsa -out $WORKING_DIR/instance.private.pem 2048 
 openssl rsa -in $WORKING_DIR/instance.private.pem -outform PEM -pubout -out $WORKING_DIR/instance.public.pem
 # create ssl certificate for integrated webserver (uvicorn) - because clients rely on ssl
 openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout  $WORKING_DIR/webserver.key -out $WORKING_DIR/webserver.crt
 chown -R www-data:www-data $WORKING_DIR
@ -250,9 +252,6 @@ CERT_DIR=${BASE_DIR}/app/cert
 SERVICE_USER=dls
 mkdir ${CERT_DIR}
 cd ${CERT_DIR}
 # create instance private and public key for singing JWT's
 openssl genrsa -out ${CERT_DIR}/instance.private.pem 2048 
 openssl rsa -in ${CERT_DIR}/instance.private.pem -outform PEM -pubout -out ${CERT_DIR}/instance.public.pem
 # create ssl certificate for integrated webserver (uvicorn) - because clients rely on ssl
 openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout  ${CERT_DIR}/webserver.key -out ${CERT_DIR}/webserver.crt
 chown -R ${SERVICE_USER} ${CERT_DIR}
@ -328,13 +327,14 @@ Packages are available here:
 - [GitLab-Registry](https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/-/packages)
-Successful tested with:
+Successful tested with (**LTS Version**):
- Debian 12 (Bookworm) (EOL: tba.)
+- **Debian 12 (Bookworm)** (EOL: June 06, 2026)
- Ubuntu 22.10 (Kinetic Kudu) (EOL: July 20, 2023)
+- *Ubuntu 22.10 (Kinetic Kudu)* (EOL: July 20, 2023)
- Ubuntu 23.04 (Lunar Lobster) (EOL: January 2024)
+- *Ubuntu 23.04 (Lunar Lobster)* (EOL: January 2024)
- Ubuntu 23.10 (Mantic Minotaur) (EOL: July 2024)
+- *Ubuntu 23.10 (Mantic Minotaur)* (EOL: July 2024)
- Ubuntu 24.04 (Noble Numbat) (EOL: April 2036)
+- **Ubuntu 24.04 (Noble Numbat)** (EOL: Apr 2029)
 - *Ubuntu 24.10 (Oracular Oriole)* (EOL: Jul 2025)
 Not working with:
@ -392,6 +392,13 @@ Now you have to edit `/etc/default/fastapi-dls` as needed.
 Continue [here](#unraid-guest) for docker guest setup.
 ## NixOS
 Tanks to [@mrzenc](https://github.com/mrzenc) for [fastapi-dls-nixos](https://github.com/mrzenc/fastapi-dls-nixos).
 > [!note] Native NixOS-Package
 > There is a [pull request](https://github.com/NixOS/nixpkgs/pull/358647) which adds fastapi-dls into nixpkgs.
 ## Let's Encrypt Certificate (optional)
 If you're using installation via docker, you can use `traefik`. Please refer to their documentation.
@ -415,6 +422,7 @@ After first success you have to replace `--issue` with `--renew`.
 | `DEBUG`                | `false`                                | Toggles `fastapi` debug mode                                                                         |
 | `DLS_URL`              | `localhost`                            | Used in client-token to tell guest driver where dls instance is reachable                            |
 | `DLS_PORT`             | `443`                                  | Used in client-token to tell guest driver where dls instance is reachable                            |
 | `CERT_PATH`            | `None`                                 | Path to a Directory where generated Certificates are stored. Defaults to `/<app-dir>/cert`.          |
 | `TOKEN_EXPIRE_DAYS`    | `1`                                    | Client auth-token validity (used for authenticate client against api, **not `.tok` file!**)          |
 | `LEASE_EXPIRE_DAYS`    | `90`                                   | Lease time in days                                                                                   |
 | `LEASE_RENEWAL_PERIOD` | `0.15`                                 | The percentage of the lease period that must elapse before a licensed client can renew a license \*1 |
@ -423,8 +431,6 @@ After first success you have to replace `--issue` with `--renew`.
 | `SITE_KEY_XID`         | `00000000-0000-0000-0000-000000000000` | Site identification uuid                                                                             |
 | `INSTANCE_REF`         | `10000000-0000-0000-0000-000000000001` | Instance identification uuid                                                                         |
 | `ALLOTMENT_REF`        | `20000000-0000-0000-0000-000000000001` | Allotment identification uuid                                                                        |
 | `INSTANCE_KEY_RSA`     | `<app-dir>/cert/instance.private.pem`  | Site-wide private RSA key for singing JWTs \*3                                                       |
 | `INSTANCE_KEY_PUB`     | `<app-dir>/cert/instance.public.pem`   | Site-wide public key \*3                                                                             |
 \*1 For example, if the lease period is one day and the renewal period is 20%, the client attempts to renew its license
 every 4.8 hours. If network connectivity is lost, the loss of connectivity is detected during license renewal and the
@ -432,8 +438,6 @@ client has 19.2 hours in which to re-establish connectivity before its license e
 \*2 Always use `https`, since guest-drivers only support secure connections!
 \*3 If you recreate your instance keys you need to **recreate client-token for each guest**!
 # Setup (Client)
 **The token file has to be copied! It's not enough to C&P file contents, because there can be special characters.**
@ -532,6 +536,10 @@ Status endpoint, used for *healthcheck*.
 Shows current runtime environment variables and their values.
 **`GET /-/config/root-certificate`**
 Returns the Root-Certificate Certificate which is used. This is required for patching `nvidia-gridd` on 18.x releases.
 **`GET /-/readme`**
 HTML rendered README.md.
@ -593,6 +601,21 @@ Logs are available in `C:\Users\Public\Documents\Nvidia\LoggingLog.NVDisplay.Con
 # Known Issues
 ## Generic
 ### `Failed to acquire license from <ip> (Info: <license> - Error: The allowed time to process response has expired)`
 - Did your timezone settings are correct on fastapi-dls **and your guest**?
 - Did you download the client-token more than an hour ago?
 Please download a new client-token. The guest have to register within an hour after client-token was created.
 ### `jose.exceptions.JWTError: Signature verification failed.`
 - Did you recreate any certificate or keypair?
 Then you have to download a **new** client-token on each of your guests.
 ## Linux
 ### Invalid HTTP request
@ -725,26 +748,27 @@ The error message can safely be ignored (since we have no license limitation :P)
 # vGPU Software Compatibility Matrix
 <details>
  <summary>Show Table</summary>
 Successfully tested with this package versions.
-| vGPU Suftware | Driver Branch | Linux vGPU Manager | Linux Driver | Windows Driver |  Release Date |      EOL Date |
+| FastAPI-DLS Version | vGPU Suftware | Driver Branch | Linux vGPU Manager | Linux Driver | Windows Driver |  Release Date |      EOL Date |
-|:-------------:|:-------------:|--------------------|--------------|----------------|--------------:|--------------:|
+|---------------------|:-------------:|:-------------:|--------------------|--------------|----------------|--------------:|--------------:|
-|    `17.4`     |     R550      | `550.127.06`       | `550.127.05` | `553.24`       |  October 2024 | February 2025 |
+| `2.x`               |    `18.1`     |   **R570**    | `570.133.08`       | `570.133.07` | `572.83`       |    April 2025 |    March 2026 |
-|    `17.3`     |     R550      | `550.90.05`        | `550.90.07`  | `552.74`       |     July 2024 |               |
+|                     |    `18.0`     |   **R570**    | `570.124.03`       | `570.124.06` | `572.60`       |    March 2025 |    March 2026 |
-|    `17.2`     |     R550      | `550.90.05`        | `550.90.07`  | `552.55`       |     June 2024 |               |
+| `1.x` & `2.x`       |    `17.6`     |   **R550**    | `550.163.02`       | `550.63.01`  | `553.74`       |    April 2025 |     June 2025 |
-|    `17.1`     |     R550      | `550.54.16`        | `550.54.15`  | `551.78`       |    March 2024 |               |
+|                     |    `17.5`     |               | `550.144.02`       | `550.144.03` | `553.62`       |  January 2025 |               |
-|    `17.0`     |     R550      | `550.54.10`        | `550.54.14`  | `551.61`       | February 2024 |               |
+|                     |    `17.4`     |               | `550.127.06`       | `550.127.05` | `553.24`       |  October 2024 |               |
-|    `16.8`     |     R535      | `535.216.01`       | `535.216.01` | `538.95`       |  October 2024 |     July 2026 |
+|                     |    `17.3`     |               | `550.90.05`        | `550.90.07`  | `552.74`       |     July 2024 |               |
-|    `16.7`     |     R535      | `535.183.04`       | `535.183.06` | `538.78`       |     July 2024 |               |
+|                     |    `17.2`     |               | `550.90.05`        | `550.90.07`  | `552.55`       |     June 2024 |               |
-|    `16.6`     |     R535      | `535.183.04`       | `535.183.01` | `538.67`       |     June 2024 |               |
+|                     |    `17.1`     |               | `550.54.16`        | `550.54.15`  | `551.78`       |    March 2024 |               |
-|    `16.5`     |     R535      | `535.161.05`       | `535.161.08` | `538.46`       | February 2024 |               |
+|                     |    `17.0`     |   **R550**    | `550.54.10`        | `550.54.14`  | `551.61`       | February 2024 |               |
-|    `16.4`     |     R535      | `535.161.05`       | `535.161.07` | `538.33`       | February 2024 |               |
+| `1.x`               |    `16.10`    |   **R535**    | `535.247.02`       | `535.247.01` | `539.28`       |    April 2025 |     July 2026 |
-|    `16.3`     |     R535      | `535.154.02`       | `535.154.05` | `538.15`       |  January 2024 |               |
+| `1.x`               |    `15.4`     |   **R525**    | `525.147.01`       | `525.147.05` | `529.19`       |     June 2023 | December 2023 |
-|    `16.2`     |     R535      | `535.129.03`       | `535.129.03` | `537.70`       |  October 2023 |               |
+| `1.x`               |    `14.4`     |   **R510**    | `510.108.03`       | `510.108.03` | `514.08`       | December 2022 | February 2023 |
-|    `16.1`     |     R535      | `535.104.06`       | `535.104.05` | `537.13`       |   August 2023 |               |
+
-|    `16.0`     |     R535      | `535.54.06`        | `535.54.03`  | `536.22`       |     July 2023 |               |
+</details>
 |    `15.4`     |     R525      | `525.147.01`       | `525.147.05` | `529.19`       |     June 2023 | December 2023 |
 |    `14.4`     |     R510      | `510.108.03`       | `510.108.03` | `514.08`       | December 2022 | February 2023 |
 - https://docs.nvidia.com/grid/index.html
 - https://docs.nvidia.com/grid/gpus-supported-by-vgpu.html
@ -758,12 +782,14 @@ Thanks to vGPU community and all who uses this project and report bugs.
 Special thanks to:
- @samicrusader who created build file for **ArchLinux**
+- `samicrusader` who created build file for **ArchLinux**
- @cyrus who wrote the section for **openSUSE**
+- `cyrus` who wrote the section for **openSUSE**
- @midi who wrote the section for **unRAID**
+- `midi` who wrote the section for **unRAID**
- @polloloco who wrote the *[NVIDIA vGPU Guide](https://gitlab.com/polloloco/vgpu-proxmox)*
+- `polloloco` who wrote the *[NVIDIA vGPU Guide](https://gitlab.com/polloloco/vgpu-proxmox)*
- @DualCoder who creates the `vgpu_unlock` functionality [vgpu_unlock](https://github.com/DualCoder/vgpu_unlock)
+- `DualCoder` who creates the `vgpu_unlock` functionality [vgpu_unlock](https://github.com/DualCoder/vgpu_unlock)
- Krutav Shah who wrote the [vGPU_Unlock Wiki](https://docs.google.com/document/d/1pzrWJ9h-zANCtyqRgS7Vzla0Y8Ea2-5z2HEi4X75d2Q/)
+- `Krutav Shah` who wrote the [vGPU_Unlock Wiki](https://docs.google.com/document/d/1pzrWJ9h-zANCtyqRgS7Vzla0Y8Ea2-5z2HEi4X75d2Q/)
- Wim van 't Hoog for the [Proxmox All-In-One Installer Script](https://wvthoog.nl/proxmox-vgpu-v3/)
+- `Wim van 't Hoog` for the [Proxmox All-In-One Installer Script](https://wvthoog.nl/proxmox-vgpu-v3/)
 - `mrzenc` who wrote [fastapi-dls-nixos](https://github.com/mrzenc/fastapi-dls-nixos)
 - `electricsheep49` who wrote [gridd-unlock-patcher](https://git.collinwebdesigns.de/oscar.krause/gridd-unlock-patcher)
 And thanks to all people who contributed to all these libraries!
--- a/app/main.py
+++ b/app/main.py
@ -2,26 +2,27 @@ import logging
 from base64 import b64encode as b64enc
 from calendar import timegm
 from contextlib import asynccontextmanager
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, UTC
 from hashlib import sha256
-from json import loads as json_loads
+from json import loads as json_loads, dumps as json_dumps
 from os import getenv as env
 from os.path import join, dirname
 from textwrap import wrap
 from uuid import uuid4
 from dateutil.relativedelta import relativedelta
 from dotenv import load_dotenv
 from fastapi import FastAPI
 from fastapi.requests import Request
 from fastapi.responses import Response, RedirectResponse, StreamingResponse
 from jose import jws, jwk, jwt, JWTError
 from jose.constants import ALGORITHMS
 from sqlalchemy import create_engine
 from sqlalchemy.orm import sessionmaker
 from starlette.middleware.cors import CORSMiddleware
 from starlette.responses import StreamingResponse, JSONResponse as JSONr, HTMLResponse as HTMLr, Response, RedirectResponse
 from orm import Origin, Lease, init as db_init, migrate
-from util import load_key, load_file
+from util import CASetup, PrivateKey, Cert, ProductMapping, load_file
 # Load variables
 load_dotenv('../version.env')
@ -39,20 +40,31 @@ db_init(db), migrate(db)
 # Load DLS variables (all prefixed with "INSTANCE_*" is used as "SERVICE_INSTANCE_*" or "SI_*" in official dls service)
 DLS_URL = str(env('DLS_URL', 'localhost'))
 DLS_PORT = int(env('DLS_PORT', '443'))
 CERT_PATH = str(env('CERT_PATH', None))
 SITE_KEY_XID = str(env('SITE_KEY_XID', '00000000-0000-0000-0000-000000000000'))
 INSTANCE_REF = str(env('INSTANCE_REF', '10000000-0000-0000-0000-000000000001'))
 ALLOTMENT_REF = str(env('ALLOTMENT_REF', '20000000-0000-0000-0000-000000000001'))
 INSTANCE_KEY_RSA = load_key(str(env('INSTANCE_KEY_RSA', join(dirname(__file__), 'cert/instance.private.pem'))))
 INSTANCE_KEY_PUB = load_key(str(env('INSTANCE_KEY_PUB', join(dirname(__file__), 'cert/instance.public.pem'))))
 TOKEN_EXPIRE_DELTA = relativedelta(days=int(env('TOKEN_EXPIRE_DAYS', 1)), hours=int(env('TOKEN_EXPIRE_HOURS', 0)))
 LEASE_EXPIRE_DELTA = relativedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0)))
 LEASE_RENEWAL_PERIOD = float(env('LEASE_RENEWAL_PERIOD', 0.15))
 LEASE_RENEWAL_DELTA = timedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0)))
 CLIENT_TOKEN_EXPIRE_DELTA = relativedelta(years=12)
 CORS_ORIGINS = str(env('CORS_ORIGINS', '')).split(',') if (env('CORS_ORIGINS')) else [f'https://{DLS_URL}']
 DT_FORMAT = '%Y-%m-%dT%H:%M:%S.%fZ'
 PRODUCT_MAPPING = ProductMapping(filename=join(dirname(__file__), 'static/product_mapping.json'))
-jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
+# Create certificate chain and signing keys
-jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
+ca_setup = CASetup(service_instance_ref=INSTANCE_REF, cert_path=CERT_PATH)
 my_root_private_key = PrivateKey.from_file(ca_setup.root_private_key_filename)
 my_root_public_key = my_root_private_key.public_key()
 my_root_certificate = Cert.from_file(ca_setup.root_certificate_filename)
 my_ca_certificate = Cert.from_file(ca_setup.ca_certificate_filename)
 my_si_certificate = Cert.from_file(ca_setup.si_certificate_filename)
 my_si_private_key = PrivateKey.from_file(ca_setup.si_private_key_filename)
 my_si_public_key = my_si_private_key.public_key()
 jwt_encode_key = jwk.construct(my_si_private_key.pem(), algorithm=ALGORITHMS.RS256)
 jwt_decode_key = jwk.construct(my_si_private_key.public_key().pem(), algorithm=ALGORITHMS.RS256)
 # Logging
 LOG_LEVEL = logging.DEBUG if DEBUG else logging.INFO
@ -119,12 +131,12 @@ async def _index():
@app.get('/-/health', summary='* Health')
 async def _health():
-    return JSONr({'status': 'up'})
+    return Response(content=json_dumps({'status': 'up'}), media_type='application/json', status_code=200)
@app.get('/-/config', summary='* Config', description='returns environment variables.')
 async def _config():
-    return JSONr({
+    response = {
        'VERSION': str(VERSION),
        'COMMIT': str(COMMIT),
        'DEBUG': str(DEBUG),
@ -138,14 +150,22 @@ async def _config():
        'LEASE_RENEWAL_PERIOD': str(LEASE_RENEWAL_PERIOD),
        'CORS_ORIGINS': str(CORS_ORIGINS),
        'TZ': str(TZ),
-    })
+    }
    return Response(content=json_dumps(response), media_type='application/json', status_code=200)
@app.get('/-/config/root-certificate', summary='* Root Certificate', description='returns Root--Certificate needed for patching nvidia-gridd')
 async def _config():
    return Response(content=my_root_certificate.pem().decode('utf-8').strip(), media_type='text/plain')
@app.get('/-/readme', summary='* Readme')
 async def _readme():
    from markdown import markdown
    content = load_file(join(dirname(__file__), '../README.md')).decode('utf-8')
-    return HTMLr(markdown(text=content, extensions=['tables', 'fenced_code', 'md_in_html', 'nl2br', 'toc']))
+    response = markdown(text=content, extensions=['tables', 'fenced_code', 'md_in_html', 'nl2br', 'toc'])
    return Response(response, media_type='text/html', status_code=200)
@app.get('/-/manage', summary='* Management UI')
@ -183,7 +203,7 @@ async def _manage(request: Request):
        </body>
    </html>
    '''
-    return HTMLr(response)
+    return Response(response, media_type='text/html', status_code=200)
@app.get('/-/origins', summary='* Origins')
@ -197,7 +217,7 @@ async def _origins(request: Request, leases: bool = False):
            x['leases'] = list(map(lambda _: _.serialize(**serialize), Lease.find_by_origin_ref(db, origin.origin_ref)))
        response.append(x)
    session.close()
-    return JSONr(response)
+    return Response(content=json_dumps(response), media_type='application/json', status_code=200)
@app.delete('/-/origins', summary='* Origins')
@ -219,7 +239,7 @@ async def _leases(request: Request, origin: bool = False):
                x['origin'] = lease_origin.serialize()
        response.append(x)
    session.close()
-    return JSONr(response)
+    return Response(content=json_dumps(response), media_type='application/json', status_code=200)
@app.delete('/-/leases/expired', summary='* Leases')
@ -232,13 +252,14 @@ async def _lease_delete_expired(request: Request):
 async def _lease_delete(request: Request, lease_ref: str):
    if Lease.delete(db, lease_ref) == 1:
        return Response(status_code=201)
-    return JSONr(status_code=404, content={'status': 404, 'detail': 'lease not found'})
+    response = {'status': 404, 'detail': 'lease not found'}
    return Response(content=json_dumps(response), media_type='application/json', status_code=404)
 # venv/lib/python3.9/site-packages/nls_core_service_instance/service_instance_token_manager.py
@app.get('/-/client-token', summary='* Client-Token', description='creates a new messenger token for this service instance')
 async def _client_token():
-    cur_time = datetime.utcnow()
+    cur_time = datetime.now(UTC)
    exp_time = cur_time + CLIENT_TOKEN_EXPIRE_DELTA
    payload = {
@ -248,6 +269,7 @@ async def _client_token():
        "iat": timegm(cur_time.timetuple()),
        "nbf": timegm(cur_time.timetuple()),
        "exp": timegm(exp_time.timetuple()),
        "protocol_version": "2.0",
        "update_mode": "ABSOLUTE",
        "scope_ref_list": [ALLOTMENT_REF],
        "fulfillment_class_ref_list": [],
@ -257,6 +279,7 @@ async def _client_token():
                {
                    "idx": 0,
                    "d_name": "DLS",
                    # todo: {"service": "quick_release", "port": 80} - see "shutdown for windows"
                    "svc_port_map": [{"service": "auth", "port": DLS_PORT}, {"service": "lease", "port": DLS_PORT}]
                }
            ],
@ -264,10 +287,10 @@ async def _client_token():
        },
        "service_instance_public_key_configuration": {
            "service_instance_public_key_me": {
-                "mod": hex(INSTANCE_KEY_PUB.public_key().n)[2:],
+                "mod": my_si_public_key.mod(),
-                "exp": int(INSTANCE_KEY_PUB.public_key().e),
+                "exp": my_si_public_key.exp(),
            },
-            "service_instance_public_key_pem": INSTANCE_KEY_PUB.export_key().decode('utf-8'),
+            "service_instance_public_key_pem": my_si_public_key.pem().decode('utf-8').strip(),
            "key_retention_mode": "LATEST_ONLY"
        },
    }
@ -284,10 +307,10 @@ async def _client_token():
 # venv/lib/python3.9/site-packages/nls_services_auth/test/test_origins_controller.py
@app.post('/auth/v1/origin', description='find or create an origin')
 async def auth_v1_origin(request: Request):
-    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
+    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.now(UTC)
    origin_ref = j.get('candidate_origin_ref')
-    logging.info(f'> [  origin  ]: {origin_ref}: {j}')
+    logger.info(f'> [  origin  ]: {origin_ref}: {j}')
    data = Origin(
        origin_ref=origin_ref,
@ -298,26 +321,31 @@ async def auth_v1_origin(request: Request):
    Origin.create_or_update(db, data)
    environment = {
        'raw_env': j.get('environment')
    }
    environment.update(j.get('environment'))
    response = {
        "origin_ref": origin_ref,
-        "environment": j.get('environment'),
+        "environment": environment,
        "svc_port_set_list": None,
        "node_url_list": None,
        "node_query_order": None,
        "prompts": None,
-        "sync_timestamp": cur_time.isoformat()
+        "sync_timestamp": cur_time.strftime(DT_FORMAT)
    }
-    return JSONr(response)
+    return Response(content=json_dumps(response, separators=(',', ':')), media_type='application/json', status_code=200)
 # venv/lib/python3.9/site-packages/nls_services_auth/test/test_origins_controller.py
@app.post('/auth/v1/origin/update', description='update an origin evidence')
 async def auth_v1_origin_update(request: Request):
-    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
+    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.now(UTC)
    origin_ref = j.get('origin_ref')
-    logging.info(f'> [  update  ]: {origin_ref}: {j}')
+    logger.info(f'> [  update  ]: {origin_ref}: {j}')
    data = Origin(
        origin_ref=origin_ref,
@ -331,20 +359,20 @@ async def auth_v1_origin_update(request: Request):
    response = {
        "environment": j.get('environment'),
        "prompts": None,
-        "sync_timestamp": cur_time.isoformat()
+        "sync_timestamp": cur_time.strftime(DT_FORMAT)
    }
-    return JSONr(response)
+    return Response(content=json_dumps(response, separators=(',', ':')), media_type='application/json', status_code=200)
 # venv/lib/python3.9/site-packages/nls_services_auth/test/test_auth_controller.py
 # venv/lib/python3.9/site-packages/nls_core_auth/auth.py - CodeResponse
@app.post('/auth/v1/code', description='get an authorization code')
 async def auth_v1_code(request: Request):
-    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
+    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.now(UTC)
    origin_ref = j.get('origin_ref')
-    logging.info(f'> [   code   ]: {origin_ref}: {j}')
+    logger.info(f'> [   code   ]: {origin_ref}: {j}')
    delta = relativedelta(minutes=15)
    expires = cur_time + delta
@ -362,31 +390,33 @@ async def auth_v1_code(request: Request):
    response = {
        "auth_code": auth_code,
-        "sync_timestamp": cur_time.isoformat(),
+        "prompts": None,
-        "prompts": None
+        "sync_timestamp": cur_time.strftime(DT_FORMAT),
    }
-    return JSONr(response)
+    return Response(content=json_dumps(response, separators=(',', ':')), media_type='application/json', status_code=200)
 # venv/lib/python3.9/site-packages/nls_services_auth/test/test_auth_controller.py
 # venv/lib/python3.9/site-packages/nls_core_auth/auth.py - TokenResponse
@app.post('/auth/v1/token', description='exchange auth code and verifier for token')
 async def auth_v1_token(request: Request):
-    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
+    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.now(UTC)
    try:
-        payload = jwt.decode(token=j.get('auth_code'), key=jwt_decode_key)
+        payload = jwt.decode(token=j.get('auth_code'), key=jwt_decode_key, algorithms=ALGORITHMS.RS256)
    except JWTError as e:
-        return JSONr(status_code=400, content={'status': 400, 'title': 'invalid token', 'detail': str(e)})
+        response = {'status': 400, 'title': 'invalid token', 'detail': str(e)}
        return Response(content=json_dumps(response), media_type='application/json', status_code=400)
    origin_ref = payload.get('origin_ref')
-    logging.info(f'> [   auth   ]: {origin_ref}: {j}')
+    logger.info(f'> [   auth   ]: {origin_ref}: {j}')
    # validate the code challenge
    challenge = b64enc(sha256(j.get('code_verifier').encode('utf-8')).digest()).rstrip(b'=').decode('utf-8')
    if payload.get('challenge') != challenge:
-        return JSONr(status_code=401, content={'status': 401, 'detail': 'expected challenge did not match verifier'})
+        response = {'status': 401, 'detail': 'expected challenge did not match verifier'}
        return Response(content=json_dumps(response), media_type='application/json', status_code=401)
    access_expires_on = cur_time + TOKEN_EXPIRE_DELTA
@ -396,167 +426,280 @@ async def auth_v1_token(request: Request):
        'iss': 'https://cls.nvidia.org',
        'aud': 'https://cls.nvidia.org',
        'exp': timegm(access_expires_on.timetuple()),
        'origin_ref': origin_ref,
        'key_ref': SITE_KEY_XID,
        'kid': SITE_KEY_XID,
        'origin_ref': origin_ref,
    }
    auth_token = jwt.encode(new_payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm=ALGORITHMS.RS256)
    response = {
        "expires": access_expires_on.isoformat(),
        "auth_token": auth_token,
-        "sync_timestamp": cur_time.isoformat(),
+        "expires": access_expires_on.strftime(DT_FORMAT),
        "prompts": None,
        "sync_timestamp": cur_time.strftime(DT_FORMAT),
    }
-    return JSONr(response)
+    return Response(content=json_dumps(response, separators=(',', ':')), media_type='application/json', status_code=200)
 # NLS 3.4.0 - venv/lib/python3.12/site-packages/nls_services_lease/test/test_lease_single_controller.py
@app.post('/leasing/v1/config-token', description='request to get config token for lease operations')
 async def leasing_v1_config_token(request: Request):
    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.now(UTC)
    cur_time = datetime.now(UTC)
    exp_time = cur_time + CLIENT_TOKEN_EXPIRE_DELTA
    payload = {
        "iss": "NLS Service Instance",
        "aud": "NLS Licensed Client",
        "iat": timegm(cur_time.timetuple()),
        "nbf": timegm(cur_time.timetuple()),
        "exp": timegm(exp_time.timetuple()),
        "protocol_version": "2.0",
        "d_name": "DLS",
        "service_instance_ref": j.get('service_instance_ref'),
        "service_instance_public_key_configuration": {
            "service_instance_public_key_me": {
                "mod": my_si_public_key.mod(),
                "exp": my_si_public_key.exp(),
            },
            "service_instance_public_key_pem": my_si_public_key.pem().decode('utf-8').strip(),
            "key_retention_mode": "LATEST_ONLY"
        },
    }
    my_jwt_encode_key = jwk.construct(my_si_private_key.pem().decode('utf-8'), algorithm=ALGORITHMS.RS256)
    config_token = jws.sign(payload, key=my_jwt_encode_key, headers=None, algorithm=ALGORITHMS.RS256)
    response_ca_chain = my_ca_certificate.pem().decode('utf-8').strip()
    # 76 chars per line on original response with "\r\n"
    """
    response_ca_chain = my_ca_certificate.pem().decode('utf-8').strip()
    response_ca_chain = response_ca_chain.replace('-----BEGIN CERTIFICATE-----', '')
    response_ca_chain = response_ca_chain.replace('-----END CERTIFICATE-----', '')
    response_ca_chain = response_ca_chain.replace('\n', '')
    response_ca_chain = wrap(response_ca_chain, 76)
    response_ca_chain = '\r\n'.join(response_ca_chain)
    response_ca_chain = f'-----BEGIN CERTIFICATE-----\r\n{response_ca_chain}\r\n-----END CERTIFICATE-----'
    """
    response_si_certificate = my_si_certificate.pem().decode('utf-8').strip()
    # 76 chars per line on original response with "\r\n"
    """
    response_si_certificate = my_si_certificate.pem().decode('utf-8').strip()
    response_si_certificate = response_si_certificate.replace('-----BEGIN CERTIFICATE-----', '')
    response_si_certificate = response_si_certificate.replace('-----END CERTIFICATE-----', '')
    response_si_certificate = response_si_certificate.replace('\n', '')
    response_si_certificate = wrap(response_si_certificate, 76)
    response_si_certificate = '\r\n'.join(response_si_certificate)
    """
    response = {
        "certificateConfiguration": {
            "caChain": [response_ca_chain],
            "publicCert": response_si_certificate,
            "publicKey": {
                "exp": my_si_certificate.public_key().exp(),
                "mod": [my_si_certificate.public_key().mod()],
            },
        },
        "configToken": config_token,
    }
    return Response(content=json_dumps(response, separators=(',', ':')), media_type='application/json', status_code=200)
 # venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py
@app.post('/leasing/v1/lessor', description='request multiple leases (borrow) for current origin')
 async def leasing_v1_lessor(request: Request):
-    j, token, cur_time = json_loads((await request.body()).decode('utf-8')), __get_token(request), datetime.utcnow()
+    j, token, cur_time = json_loads((await request.body()).decode('utf-8')), __get_token(request), datetime.now(UTC)
    try:
        token = __get_token(request)
    except JWTError:
-        return JSONr(status_code=401, content={'status': 401, 'detail': 'token is not valid'})
+        response = {'status': 401, 'detail': 'token is not valid'}
        return Response(content=json_dumps(response), media_type='application/json', status_code=401)
    origin_ref = token.get('origin_ref')
    scope_ref_list = j.get('scope_ref_list')
-    logging.info(f'> [  create  ]: {origin_ref}: create leases for scope_ref_list {scope_ref_list}')
+    lease_proposal_list = j.get('lease_proposal_list')
    logger.info(f'> [  create  ]: {origin_ref}: create leases for scope_ref_list {scope_ref_list}')
    lease_result_list = []
    for scope_ref in scope_ref_list:
        # if scope_ref not in [ALLOTMENT_REF]:
-        #     return JSONr(status_code=500, detail=f'no service instances found for scopes: ["{scope_ref}"]')
+        #     response = {'status': 400, 'detail': f'service instances not found for scopes: ["{scope_ref}"]')}
        #     return Response(content=json_dumps(response), media_type='application/json', status_code=400)
        pass
    lease_result_list = []
    for lease_proposal in lease_proposal_list:
        lease_ref = str(uuid4())
        expires = cur_time + LEASE_EXPIRE_DELTA
        product_name = lease_proposal.get('product').get('name')
        feature_name = PRODUCT_MAPPING.get_feature_name(product_name=product_name)
        lease_result_list.append({
-            "ordinal": 0,
+            "error": None,
            # https://docs.nvidia.com/license-system/latest/nvidia-license-system-user-guide/index.html
            "lease": {
-                "ref": lease_ref,
+                "created": cur_time.strftime(DT_FORMAT),
-                "created": cur_time.isoformat(),
+                "expires": expires.strftime(DT_FORMAT),  # todo: lease_proposal.get('duration') => "P0Y0M0DT12H0M0S
-                "expires": expires.isoformat(),
+                "feature_name": feature_name,
                "lease_intent_id": None,
                "license_type": "CONCURRENT_COUNTED_SINGLE",
                "metadata": None,
                "offline_lease": False,  # todo
                "product_name": product_name,
                "recommended_lease_renewal": LEASE_RENEWAL_PERIOD,
-                "offline_lease": "true",
+                "ref": lease_ref,
-                "license_type": "CONCURRENT_COUNTED_SINGLE"
+            },
-            }
+            "ordinal": None,
        })
        data = Lease(origin_ref=origin_ref, lease_ref=lease_ref, lease_created=cur_time, lease_expires=expires)
        Lease.create_or_update(db, data)
    response = {
        "client_challenge": j.get('client_challenge'),
        "lease_result_list": lease_result_list,
-        "result_code": "SUCCESS",
+        "prompts": None,
-        "sync_timestamp": cur_time.isoformat(),
+        "result_code": None,
-        "prompts": None
+        "sync_timestamp": cur_time.strftime(DT_FORMAT),
    }
-    return JSONr(response)
+    content = json_dumps(response, separators=(',', ':'))
    content = f'{content}\n'.encode('ascii')
    signature = my_si_private_key.generate_signature(content)
    headers = {
        'Content-Type': 'application/json',
        'access-control-expose-headers': 'X-NLS-Signature',
        'X-NLS-Signature': f'{signature.hex().encode()}'
    }
    return Response(content=content, media_type='application/json', headers=headers)
 # venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py
 # venv/lib/python3.9/site-packages/nls_dal_service_instance_dls/schema/service_instance/V1_0_21__product_mapping.sql
@app.get('/leasing/v1/lessor/leases', description='get active leases for current origin')
 async def leasing_v1_lessor_lease(request: Request):
-    token, cur_time = __get_token(request), datetime.utcnow()
+    token, cur_time = __get_token(request), datetime.now(UTC)
    origin_ref = token.get('origin_ref')
    active_lease_list = list(map(lambda x: x.lease_ref, Lease.find_by_origin_ref(db, origin_ref)))
-    logging.info(f'> [  leases  ]: {origin_ref}: found {len(active_lease_list)} active leases')
+    logger.info(f'> [  leases  ]: {origin_ref}: found {len(active_lease_list)} active leases')
    response = {
        "active_lease_list": active_lease_list,
-        "sync_timestamp": cur_time.isoformat(),
+        "prompts": None,
-        "prompts": None
+        "sync_timestamp": cur_time.strftime(DT_FORMAT),
    }
-    return JSONr(response)
+    return Response(content=json_dumps(response, separators=(',', ':')), media_type='application/json', status_code=200)
 # venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_single_controller.py
 # venv/lib/python3.9/site-packages/nls_core_lease/lease_single.py
@app.put('/leasing/v1/lease/{lease_ref}', description='renew a lease')
 async def leasing_v1_lease_renew(request: Request, lease_ref: str):
-    token, cur_time = __get_token(request), datetime.utcnow()
+    j, token, cur_time = json_loads((await request.body()).decode('utf-8')), __get_token(request), datetime.now(UTC)
    origin_ref = token.get('origin_ref')
-    logging.info(f'> [  renew   ]: {origin_ref}: renew {lease_ref}')
+    logger.info(f'> [  renew   ]: {origin_ref}: renew {lease_ref}')
    entity = Lease.find_by_origin_ref_and_lease_ref(db, origin_ref, lease_ref)
    if entity is None:
-        return JSONr(status_code=404, content={'status': 404, 'detail': 'requested lease not available'})
+        response = {'status': 404, 'detail': 'requested lease not available'}
        return Response(content=json_dumps(response), media_type='application/json', status_code=404)
    expires = cur_time + LEASE_EXPIRE_DELTA
    response = {
        "client_challenge": j.get('client_challenge'),
        "expires": expires.strftime('%Y-%m-%dT%H:%M:%S.%f'),  # DT_FORMAT => "trailing 'Z' missing in this response
        "feature_expired": False,
        "lease_ref": lease_ref,
-        "expires": expires.isoformat(),
+        "metadata": None,
-        "recommended_lease_renewal": LEASE_RENEWAL_PERIOD,
+        "offline_lease": False,  # todo
        "offline_lease": True,
        "prompts": None,
-        "sync_timestamp": cur_time.isoformat(),
+        "recommended_lease_renewal": LEASE_RENEWAL_PERIOD,
        "sync_timestamp": cur_time.strftime(DT_FORMAT),
    }
    Lease.renew(db, entity, expires, cur_time)
-    return JSONr(response)
+    content = json_dumps(response, separators=(',', ':'))
    content = f'{content}\n'.encode('ascii')
    signature = my_si_private_key.generate_signature(content)
    headers = {
        'Content-Type': 'application/json',
        'access-control-expose-headers': 'X-NLS-Signature',
        'X-NLS-Signature': f'{signature.hex().encode()}'
    }
    return Response(content=content, media_type='application/json', headers=headers)
 # venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_single_controller.py
@app.delete('/leasing/v1/lease/{lease_ref}', description='release (return) a lease')
 async def leasing_v1_lease_delete(request: Request, lease_ref: str):
-    token, cur_time = __get_token(request), datetime.utcnow()
+    token, cur_time = __get_token(request), datetime.now(UTC)
    origin_ref = token.get('origin_ref')
-    logging.info(f'> [  return  ]: {origin_ref}: return {lease_ref}')
+    logger.info(f'> [  return  ]: {origin_ref}: return {lease_ref}')
    entity = Lease.find_by_lease_ref(db, lease_ref)
    if entity.origin_ref != origin_ref:
-        return JSONr(status_code=403, content={'status': 403, 'detail': 'access or operation forbidden'})
+        response = {'status': 403, 'detail': 'access or operation forbidden'}
        return Response(content=json_dumps(response), media_type='application/json', status_code=403)
    if entity is None:
-        return JSONr(status_code=404, content={'status': 404, 'detail': 'requested lease not available'})
+        response = {'status': 404, 'detail': 'requested lease not available'}
        return Response(content=json_dumps(response), media_type='application/json', status_code=404)
    if Lease.delete(db, lease_ref) == 0:
-        return JSONr(status_code=404, content={'status': 404, 'detail': 'lease not found'})
+        response = {'status': 404, 'detail': 'lease not found'}
        return Response(content=json_dumps(response), media_type='application/json', status_code=404)
    response = {
        "client_challenge": None,
        "lease_ref": lease_ref,
        "prompts": None,
-        "sync_timestamp": cur_time.isoformat(),
+        "sync_timestamp": cur_time.strftime(DT_FORMAT),
    }
-    return JSONr(response)
+    return Response(content=json_dumps(response, separators=(',', ':')), media_type='application/json', status_code=200)
 # venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py
@app.delete('/leasing/v1/lessor/leases', description='release all leases')
 async def leasing_v1_lessor_lease_remove(request: Request):
-    token, cur_time = __get_token(request), datetime.utcnow()
+    token, cur_time = __get_token(request), datetime.now(UTC)
    origin_ref = token.get('origin_ref')
    released_lease_list = list(map(lambda x: x.lease_ref, Lease.find_by_origin_ref(db, origin_ref)))
    deletions = Lease.cleanup(db, origin_ref)
-    logging.info(f'> [  remove  ]: {origin_ref}: removed {deletions} leases')
+    logger.info(f'> [  remove  ]: {origin_ref}: removed {deletions} leases')
    response = {
        "released_lease_list": released_lease_list,
        "release_failure_list": None,
-        "sync_timestamp": cur_time.isoformat(),
+        "prompts": None,
-        "prompts": None
+        "sync_timestamp": cur_time.strftime(DT_FORMAT),
    }
-    return JSONr(response)
+    return Response(content=json_dumps(response, separators=(',', ':')), media_type='application/json', status_code=200)
@app.post('/leasing/v1/lessor/shutdown', description='shutdown all leases')
 async def leasing_v1_lessor_shutdown(request: Request):
-    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
+    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.now(UTC)
    token = j.get('token')
    token = jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False})
@ -564,16 +707,16 @@ async def leasing_v1_lessor_shutdown(request: Request):
    released_lease_list = list(map(lambda x: x.lease_ref, Lease.find_by_origin_ref(db, origin_ref)))
    deletions = Lease.cleanup(db, origin_ref)
-    logging.info(f'> [ shutdown ]: {origin_ref}: removed {deletions} leases')
+    logger.info(f'> [ shutdown ]: {origin_ref}: removed {deletions} leases')
    response = {
        "released_lease_list": released_lease_list,
        "release_failure_list": None,
-        "sync_timestamp": cur_time.isoformat(),
+        "prompts": None,
-        "prompts": None
+        "sync_timestamp": cur_time.strftime(DT_FORMAT),
    }
-    return JSONr(response)
+    return Response(content=json_dumps(response, separators=(',', ':')), media_type='application/json', status_code=200)
 if __name__ == '__main__':
@ -587,7 +730,7 @@ if __name__ == '__main__':
    #
    ###
-    logging.info(f'> Starting dev-server ...')
+    logger.info(f'> Starting dev-server ...')
    ssl_keyfile = join(dirname(__file__), 'cert/webserver.key')
    ssl_certfile = join(dirname(__file__), 'cert/webserver.crt')
--- a/app/orm.py
+++ b/app/orm.py
@ -1,11 +1,11 @@
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, timezone, UTC
 from dateutil.relativedelta import relativedelta
 from sqlalchemy import Column, VARCHAR, CHAR, ForeignKey, DATETIME, update, and_, inspect, text
 from sqlalchemy.engine import Engine
 from sqlalchemy.orm import sessionmaker, declarative_base
-from util import NV
+from util import DriverMatrix
 Base = declarative_base()
@ -25,7 +25,7 @@ class Origin(Base):
        return f'Origin(origin_ref={self.origin_ref}, hostname={self.hostname})'
    def serialize(self) -> dict:
-        _ = NV().find(self.guest_driver_version)
+        _ = DriverMatrix().find(self.guest_driver_version)
        return {
            'origin_ref': self.origin_ref,
@ -66,7 +66,17 @@ class Origin(Base):
        if origin_refs is None:
            deletions = session.query(Origin).delete()
        else:
-            deletions = session.query(Origin).filter(Origin.origin_ref in origin_refs).delete()
+            deletions = session.query(Origin).filter(Origin.origin_ref.in_(origin_refs)).delete()
        session.commit()
        session.close()
        return deletions
    @staticmethod
    def delete_expired(engine: Engine) -> int:
        session = sessionmaker(bind=engine)()
        origins = session.query(Origin).join(Lease, Origin.origin_ref == Lease.origin_ref, isouter=True).filter(Lease.lease_ref.is_(None)).all()
        origin_refs = [origin.origin_ref for origin in origins]
        deletions = session.query(Origin).filter(Origin.origin_ref.in_(origin_refs)).delete()
        session.commit()
        session.close()
        return deletions
@ -94,10 +104,10 @@ class Lease(Base):
            'lease_ref': self.lease_ref,
            'origin_ref': self.origin_ref,
            # 'scope_ref': self.scope_ref,
-            'lease_created': self.lease_created.isoformat(),
+            'lease_created': self.lease_created.replace(tzinfo=timezone.utc).isoformat(),
-            'lease_expires': self.lease_expires.isoformat(),
+            'lease_expires': self.lease_expires.replace(tzinfo=timezone.utc).isoformat(),
-            'lease_updated': self.lease_updated.isoformat(),
+            'lease_updated': self.lease_updated.replace(tzinfo=timezone.utc).isoformat(),
-            'lease_renewal': lease_renewal.isoformat(),
+            'lease_renewal': lease_renewal.replace(tzinfo=timezone.utc).isoformat(),
        }
    @staticmethod
@ -168,7 +178,7 @@ class Lease(Base):
    @staticmethod
    def delete_expired(engine: Engine) -> int:
        session = sessionmaker(bind=engine)()
-        deletions = session.query(Lease).filter(Lease.lease_expires <= datetime.utcnow()).delete()
+        deletions = session.query(Lease).filter(Lease.lease_expires <= datetime.now(UTC)).delete()
        session.commit()
        session.close()
        return deletions
--- a/app/static/product_mapping.json
+++ b/app/static/product_mapping.json
@ -0,0 +1,643 @@
 {
  "product": [
    {
      "xid": "c0ce7114-d8a5-40d4-b8b0-df204f4ff631",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "NVIDIA-vComputeServer-9.0",
      "name": "NVIDIA-vComputeServer-9.0",
      "description": null
    },
    {
      "xid": "2a99638e-493f-424b-bc3a-629935307490",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "vGaming_Flexera_License-0.1",
      "name": "vGaming_Flexera_License-0.1",
      "description": null
    },
    {
      "xid": "a013d60c-3cd6-4e61-ae51-018b5e342178",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "GRID-Virtual-Apps-3.0",
      "name": "GRID-Virtual-Apps-3.0",
      "description": null
    },
    {
      "xid": "bb99c6a3-81ce-4439-aef5-9648e75dd878",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "GRID-vGaming-NLS-Metered-8.0",
      "name": "GRID-vGaming-NLS-Metered-8.0",
      "description": null
    },
    {
      "xid": "c653e131-695c-4477-b77c-42ade3dcb02c",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "GRID-Virtual-WS-Ext-2.0",
      "name": "GRID-Virtual-WS-Ext-2.0",
      "description": null
    },
    {
      "xid": "6fc224ef-e0b5-467b-9bbb-d31c9eb7c6fc",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "GRID-vGaming-8.0",
      "name": "GRID-vGaming-8.0",
      "description": null
    },
    {
      "xid": "3c88888d-ebf3-4df7-9e86-c97d5b29b997",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "GRID-Virtual-PC-2.0",
      "name": "GRID-Virtual-PC-2.0",
      "description": null
    },
    {
      "xid": "66744b41-1fff-49be-a5a6-4cbd71b1117e",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "NVAIE_Licensing-1.0",
      "name": "NVAIE_Licensing-1.0",
      "description": null
    },
    {
      "xid": "1d4e9ebc-a78c-41f4-a11a-de38a467b2ba",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "NVIDIA-vComputeServer NLS Metered-9.0",
      "name": "NVIDIA-vComputeServer NLS Metered-9.0",
      "description": null
    },
    {
      "xid": "2152f8aa-d17b-46f5-8f5f-6f8c0760ce9c",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "vGaming_FB_License-0.1",
      "name": "vGaming_FB_License-0.1",
      "description": null
    },
    {
      "xid": "54cbe0e8-7b35-4068-b058-e11f5b367c66",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "Quadro-Virtual-DWS-5.0",
      "name": "Quadro-Virtual-DWS-5.0",
      "description": null
    },
    {
      "xid": "07a1d2b5-c147-48bc-bf44-9390339ca388",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "GRID-Virtual-WS-2.0",
      "name": "GRID-Virtual-WS-2.0",
      "description": null
    },
    {
      "xid": "82d7a5f0-0c26-11ef-b3b6-371045c70906",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "vGaming_Flexera_License-0.1",
      "name": "vGaming_Flexera_License-0.1",
      "description": null
    },
    {
      "xid": "bdfbde00-2cdb-11ec-9838-061a22468b59",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "NVIDIA Virtual Applications",
      "name": "NVIDIA Virtual Applications",
      "description": null
    },
    {
      "xid": "bdfbe16d-2cdb-11ec-9838-061a22468b59",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "NVIDIA Virtual PC",
      "name": "NVIDIA Virtual PC",
      "description": null
    },
    {
      "xid": "bdfbe308-2cdb-11ec-9838-061a22468b59",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "NVIDIA RTX Virtual Workstation",
      "name": "NVIDIA RTX Virtual Workstation",
      "description": null
    },
    {
      "xid": "bdfbe405-2cdb-11ec-9838-061a22468b59",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "NVIDIA vGaming",
      "name": "NVIDIA vGaming",
      "description": null
    },
    {
      "xid": "bdfbe509-2cdb-11ec-9838-061a22468b59",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "GRID Virtual Applications",
      "name": "GRID Virtual Applications",
      "description": null
    },
    {
      "xid": "bdfbe5c6-2cdb-11ec-9838-061a22468b59",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "GRID Virtual PC",
      "name": "GRID Virtual PC",
      "description": null
    },
    {
      "xid": "bdfbe6e8-2cdb-11ec-9838-061a22468b59",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "Quadro Virtual Data Center Workstation",
      "name": "Quadro Virtual Data Center Workstation",
      "description": null
    },
    {
      "xid": "bdfbe7c8-2cdb-11ec-9838-061a22468b59",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "GRID vGaming",
      "name": "GRID vGaming",
      "description": null
    },
    {
      "xid": "bdfbe884-2cdb-11ec-9838-061a22468b59",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "NVIDIA Virtual Compute Server",
      "name": "NVIDIA Virtual Compute Server",
      "description": null
    },
    {
      "xid": "f09b5c33-5c07-11ed-9fa6-061a22468b59",
      "product_family_xid": "bda4d909-2cdb-11ec-9838-061a22468b59",
      "identifier": "NVIDIA OVE Licensing",
      "name": "NVIDIA Omniverse Nucleus",
      "description": null
    }
  ],
  "product_fulfillment": [
    {
      "xid": "cf0a5330-b583-4d9f-84bb-cfc8ce0917bb",
      "product_xid": "07a1d2b5-c147-48bc-bf44-9390339ca388",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "90d0f05f-9431-4a15-86e7-740a4f08d457",
      "product_xid": "1d4e9ebc-a78c-41f4-a11a-de38a467b2ba",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "327385dd-4ba8-4b3c-bc56-30bcf58ae9a3",
      "product_xid": "2152f8aa-d17b-46f5-8f5f-6f8c0760ce9c",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "6733f2cc-0736-47ee-bcc8-20c4c624ce37",
      "product_xid": "2a99638e-493f-424b-bc3a-629935307490",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "f35396a9-24f8-44b6-aa6a-493b335f4d56",
      "product_xid": "3c88888d-ebf3-4df7-9e86-c97d5b29b997",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "6c7981d3-7192-4bfd-b7ec-ea2ad0b466dc",
      "product_xid": "54cbe0e8-7b35-4068-b058-e11f5b367c66",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "9bd09610-6190-4684-9be6-3d9503833e80",
      "product_xid": "66744b41-1fff-49be-a5a6-4cbd71b1117e",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "a4282e5b-ea08-4e0a-b724-7f4059ba99de",
      "product_xid": "6fc224ef-e0b5-467b-9bbb-d31c9eb7c6fc",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "5cf793fc-1fb3-45c0-a711-d3112c775cbe",
      "product_xid": "a013d60c-3cd6-4e61-ae51-018b5e342178",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "eb2d39a4-6370-4464-8a6a-ec3f42c69cb5",
      "product_xid": "bb99c6a3-81ce-4439-aef5-9648e75dd878",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "e9df1c70-7fac-4c84-b54c-66e922b9791a",
      "product_xid": "c0ce7114-d8a5-40d4-b8b0-df204f4ff631",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "6a4d5bcd-7b81-4e22-a289-ce3673e5cabf",
      "product_xid": "c653e131-695c-4477-b77c-42ade3dcb02c",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "9e162d3c-0c26-11ef-b3b6-371045c70906",
      "product_xid": "82d7a5f0-0c26-11ef-b3b6-371045c70906",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "be2769b9-2cdb-11ec-9838-061a22468b59",
      "product_xid": "bdfbde00-2cdb-11ec-9838-061a22468b59",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "be276d7b-2cdb-11ec-9838-061a22468b59",
      "product_xid": "bdfbe16d-2cdb-11ec-9838-061a22468b59",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "be276efe-2cdb-11ec-9838-061a22468b59",
      "product_xid": "bdfbe308-2cdb-11ec-9838-061a22468b59",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "be276ff0-2cdb-11ec-9838-061a22468b59",
      "product_xid": "bdfbe405-2cdb-11ec-9838-061a22468b59",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "be2770af-2cdb-11ec-9838-061a22468b59",
      "product_xid": "bdfbe509-2cdb-11ec-9838-061a22468b59",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "be277164-2cdb-11ec-9838-061a22468b59",
      "product_xid": "bdfbe5c6-2cdb-11ec-9838-061a22468b59",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "be277214-2cdb-11ec-9838-061a22468b59",
      "product_xid": "bdfbe6e8-2cdb-11ec-9838-061a22468b59",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "be2772c8-2cdb-11ec-9838-061a22468b59",
      "product_xid": "bdfbe7c8-2cdb-11ec-9838-061a22468b59",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "be277379-2cdb-11ec-9838-061a22468b59",
      "product_xid": "bdfbe884-2cdb-11ec-9838-061a22468b59",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    },
    {
      "xid": "c4284597-5c09-11ed-9fa6-061a22468b59",
      "product_xid": "f09b5c33-5c07-11ed-9fa6-061a22468b59",
      "qualifier_specification": null,
      "evaluation_order_index": 0
    }
  ],
  "product_fulfillment_feature": [
    {
      "xid": "9ca32d2b-736e-4e4f-8f5a-895a755b4c41",
      "product_fulfillment_xid": "5cf793fc-1fb3-45c0-a711-d3112c775cbe",
      "feature_identifier": "GRID-Virtual-Apps",
      "feature_version": "3.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "d8b25329-f47f-43dc-a278-f2d38f9e939b",
      "product_fulfillment_xid": "f35396a9-24f8-44b6-aa6a-493b335f4d56",
      "feature_identifier": "GRID-Virtual-PC",
      "feature_version": "2.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "e7102df8-d88a-4bd0-aa79-9a53d8b77888",
      "product_fulfillment_xid": "cf0a5330-b583-4d9f-84bb-cfc8ce0917bb",
      "feature_identifier": "GRID-Virtual-WS",
      "feature_version": "2.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "30761db3-0afe-454d-b284-efba6d9b13a3",
      "product_fulfillment_xid": "6a4d5bcd-7b81-4e22-a289-ce3673e5cabf",
      "feature_identifier": "GRID-Virtual-WS-Ext",
      "feature_version": "2.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "10fd7701-83ae-4caf-a27f-75880fab23f6",
      "product_fulfillment_xid": "a4282e5b-ea08-4e0a-b724-7f4059ba99de",
      "feature_identifier": "GRID-vGaming",
      "feature_version": "8.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "cbd61276-fb1e-42e1-b844-43e94465da8f",
      "product_fulfillment_xid": "9bd09610-6190-4684-9be6-3d9503833e80",
      "feature_identifier": "NVAIE_Licensing",
      "feature_version": "1.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "6b1c74b5-1511-46ee-9f12-8bc6d5636fef",
      "product_fulfillment_xid": "90d0f05f-9431-4a15-86e7-740a4f08d457",
      "feature_identifier": "NVIDIA-vComputeServer NLS Metered",
      "feature_version": "9.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "db53af09-7295-48b7-b927-24b23690c959",
      "product_fulfillment_xid": "e9df1c70-7fac-4c84-b54c-66e922b9791a",
      "feature_identifier": "NVIDIA-vComputeServer",
      "feature_version": "9.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "1f62be61-a887-4e54-a34e-61cfa7b2db30",
      "product_fulfillment_xid": "6c7981d3-7192-4bfd-b7ec-ea2ad0b466dc",
      "feature_identifier": "Quadro-Virtual-DWS",
      "feature_version": "5.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "8a4b5e98-f1ca-4c18-b0d4-8f4f9f0462e2",
      "product_fulfillment_xid": "327385dd-4ba8-4b3c-bc56-30bcf58ae9a3",
      "feature_identifier": "vGaming_FB_License",
      "feature_version": "0.1",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "be531e98-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be2769b9-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "GRID-Virtual-Apps",
      "feature_version": "3.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "be53219e-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be276d7b-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "GRID-Virtual-PC",
      "feature_version": "2.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "be5322f0-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be276d7b-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "Quadro-Virtual-DWS",
      "feature_version": "5.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 1
    },
    {
      "xid": "be5323d8-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be276d7b-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "GRID-Virtual-WS",
      "feature_version": "2.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 2
    },
    {
      "xid": "be5324a6-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be276d7b-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "GRID-Virtual-WS-Ext",
      "feature_version": "2.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 3
    },
    {
      "xid": "be532568-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be276efe-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "Quadro-Virtual-DWS",
      "feature_version": "5.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "be532630-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be276efe-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "GRID-Virtual-WS",
      "feature_version": "2.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 1
    },
    {
      "xid": "be5326e7-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be276efe-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "GRID-Virtual-WS-Ext",
      "feature_version": "2.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 2
    },
    {
      "xid": "be5327a7-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be276ff0-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "GRID-vGaming",
      "feature_version": "8.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "be532923-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be2770af-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "GRID-Virtual-Apps",
      "feature_version": "3.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "be5329e0-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be277164-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "GRID-Virtual-PC",
      "feature_version": "2.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "be532aa0-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be277164-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "Quadro-Virtual-DWS",
      "feature_version": "5.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 1
    },
    {
      "xid": "be532b5c-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be277164-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "GRID-Virtual-WS",
      "feature_version": "2.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 2
    },
    {
      "xid": "be532c19-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be277164-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "GRID-Virtual-WS-Ext",
      "feature_version": "2.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 3
    },
    {
      "xid": "be532ccb-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be277214-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "Quadro-Virtual-DWS",
      "feature_version": "5.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "be532d92-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be277214-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "GRID-Virtual-WS",
      "feature_version": "2.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 1
    },
    {
      "xid": "be532e45-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be277214-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "GRID-Virtual-WS-Ext",
      "feature_version": "2.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 2
    },
    {
      "xid": "be532efa-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be2772c8-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "GRID-vGaming",
      "feature_version": "8.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "be53306d-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be277379-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "NVIDIA-vComputeServer",
      "feature_version": "9.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "be533228-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be277379-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "NVIDIA-vComputeServer NLS Metered",
      "feature_version": "9.0",
      "license_type_identifier": "CONCURRENT_UNCOUNTED_SINGLE",
      "evaluation_order_index": 2
    },
    {
      "xid": "be5332f6-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be277379-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "NVAIE_Licensing",
      "feature_version": "1.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 3
    },
    {
      "xid": "15ff4f16-57a8-4593-93ec-58352a256f12",
      "product_fulfillment_xid": "eb2d39a4-6370-4464-8a6a-ec3f42c69cb5",
      "feature_identifier": "GRID-vGaming-NLS-Metered",
      "feature_version": "8.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 3
    },
    {
      "xid": "0c1552ca-3ef8-11ed-9fa6-061a22468b59",
      "product_fulfillment_xid": "be276ff0-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "vGaming_Flexera_License",
      "feature_version": "0.1",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 1
    },
    {
      "xid": "31c3be8c-5c0a-11ed-9fa6-061a22468b59",
      "product_fulfillment_xid": "c4284597-5c09-11ed-9fa6-061a22468b59",
      "feature_identifier": "OVE_Licensing",
      "feature_version": "1.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    },
    {
      "xid": "6caeb4cf-360f-11ee-b67d-02f279bf2bff",
      "product_fulfillment_xid": "be277379-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "NVAIE_Licensing",
      "feature_version": "2.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 4
    },
    {
      "xid": "7fb1d01d-3f0e-11ed-9fa6-061a22468b59",
      "product_fulfillment_xid": "be276ff0-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "vGaming_FB_License",
      "feature_version": "0.1",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 2
    },
    {
      "xid": "8eabcb08-3f0e-11ed-9fa6-061a22468b59",
      "product_fulfillment_xid": "be2772c8-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "vGaming_FB_License",
      "feature_version": "0.1",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 2
    },
    {
      "xid": "a1dfe741-3e49-11ed-9fa6-061a22468b59",
      "product_fulfillment_xid": "be2772c8-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "vGaming_Flexera_License",
      "feature_version": "0.1",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 1
    },
    {
      "xid": "be53286a-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be276ff0-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "GRID-vGaming-NLS-Metered",
      "feature_version": "8.0",
      "license_type_identifier": "CONCURRENT_UNCOUNTED_SINGLE",
      "evaluation_order_index": 3
    },
    {
      "xid": "be532fb2-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be2772c8-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "GRID-vGaming-NLS-Metered",
      "feature_version": "8.0",
      "license_type_identifier": "CONCURRENT_UNCOUNTED_SINGLE",
      "evaluation_order_index": 3
    },
    {
      "xid": "be533144-2cdb-11ec-9838-061a22468b59",
      "product_fulfillment_xid": "be277379-2cdb-11ec-9838-061a22468b59",
      "feature_identifier": "Quadro-Virtual-DWS",
      "feature_version": "0.0",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 1
    },
    {
      "xid": "bf105e18-0c26-11ef-b3b6-371045c70906",
      "product_fulfillment_xid": "9e162d3c-0c26-11ef-b3b6-371045c70906",
      "feature_identifier": "vGaming_Flexera_License",
      "feature_version": "0.1",
      "license_type_identifier": "CONCURRENT_COUNTED_SINGLE",
      "evaluation_order_index": 0
    }
  ]
 }
--- a/app/util.py
+++ b/app/util.py
@ -1,4 +1,17 @@
 import logging
 from datetime import datetime, UTC, timedelta
 from json import loads as json_loads
 from os.path import join, dirname, isfile, isdir
 from cryptography import x509
 from cryptography.hazmat._oid import NameOID
 from cryptography.hazmat.primitives import serialization, hashes
 from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
 from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey, RSAPublicKey, generate_private_key
 from cryptography.hazmat.primitives.hashes import SHA256
 from cryptography.hazmat.primitives.serialization import Encoding
 from cryptography.hazmat.primitives.serialization import load_pem_private_key, load_pem_public_key
 from cryptography.x509 import load_pem_x509_certificate, Certificate
 logging.basicConfig()
@ -11,56 +24,353 @@ def load_file(filename: str) -> bytes:
    return content
-def load_key(filename: str) -> "RsaKey":
+class CASetup:
-    try:
+    ###
-        # Crypto | Cryptodome on Debian
+    #
-        from Crypto.PublicKey import RSA
+    # https://git.collinwebdesigns.de/nvidia/nls/-/blob/main/src/test/test_config_token.py
-        from Crypto.PublicKey.RSA import RsaKey
+    #
-    except ModuleNotFoundError:
+    ###
        from Cryptodome.PublicKey import RSA
        from Cryptodome.PublicKey.RSA import RsaKey
-    log = logging.getLogger(__name__)
+    ROOT_PRIVATE_KEY_FILENAME = 'root_private_key.pem'
-    log.debug(f'Importing RSA-Key from "{filename}"')
+    ROOT_CERTIFICATE_FILENAME = 'root_certificate.pem'
-    return RSA.import_key(extern_key=load_file(filename), passphrase=None)
+    CA_PRIVATE_KEY_FILENAME = 'ca_private_key.pem'
    CA_CERTIFICATE_FILENAME = 'ca_certificate.pem'
    SI_PRIVATE_KEY_FILENAME = 'si_private_key.pem'
    SI_CERTIFICATE_FILENAME = 'si_certificate.pem'
    def __init__(self, service_instance_ref: str, cert_path: str = None):
        cert_path_prefix = join(dirname(__file__), 'cert')
        if cert_path is not None and len(cert_path) > 0 and isdir(cert_path):
            cert_path_prefix = cert_path
        self.service_instance_ref = service_instance_ref
        self.root_private_key_filename = join(cert_path_prefix, CASetup.ROOT_PRIVATE_KEY_FILENAME)
        self.root_certificate_filename = join(dirname(__file__), 'cert', CASetup.ROOT_CERTIFICATE_FILENAME)
        self.ca_private_key_filename = join(dirname(__file__), 'cert', CASetup.CA_PRIVATE_KEY_FILENAME)
        self.ca_certificate_filename = join(dirname(__file__), 'cert', CASetup.CA_CERTIFICATE_FILENAME)
        self.si_private_key_filename = join(dirname(__file__), 'cert', CASetup.SI_PRIVATE_KEY_FILENAME)
        self.si_certificate_filename = join(dirname(__file__), 'cert', CASetup.SI_CERTIFICATE_FILENAME)
        if not (isfile(self.root_private_key_filename)
                and isfile(self.root_certificate_filename)
                and isfile(self.ca_private_key_filename)
                and isfile(self.ca_certificate_filename)
                and isfile(self.si_private_key_filename)
                and isfile(self.si_certificate_filename)):
            self.init_config_token_demo()
    def init_config_token_demo(self):
        """ Create Root Key and Certificate """
        # create root keypair
        my_root_private_key = generate_private_key(public_exponent=65537, key_size=4096)
        my_root_public_key = my_root_private_key.public_key()
        # create root-certificate subject
        my_root_subject = x509.Name([
            x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
            x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'California'),
            x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Nvidia'),
            x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, u'Nvidia Licensing Service (NLS)'),
            x509.NameAttribute(NameOID.COMMON_NAME, u'NLS Root CA'),
        ])
        # create self-signed root-certificate
        my_root_certificate = (
            x509.CertificateBuilder()
            .subject_name(my_root_subject)
            .issuer_name(my_root_subject)
            .public_key(my_root_public_key)
            .serial_number(x509.random_serial_number())
            .not_valid_before(datetime.now(tz=UTC) - timedelta(days=1))
            .not_valid_after(datetime.now(tz=UTC) + timedelta(days=365 * 10))
            .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True)
            .add_extension(x509.KeyUsage(
                digital_signature=False,
                key_encipherment=False,
                key_cert_sign=True,
                key_agreement=False,
                content_commitment=False,
                data_encipherment=False,
                crl_sign=True,
                encipher_only=False,
                decipher_only=False),
                critical=True
            )
            .add_extension(x509.SubjectKeyIdentifier.from_public_key(my_root_public_key), critical=False)
            .add_extension(x509.AuthorityKeyIdentifier.from_issuer_public_key(my_root_public_key), critical=False)
            .sign(my_root_private_key, hashes.SHA256()))
        my_root_private_key_as_pem = my_root_private_key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.TraditionalOpenSSL,
            encryption_algorithm=serialization.NoEncryption(),
        )
        with open(self.root_private_key_filename, 'wb') as f:
            f.write(my_root_private_key_as_pem)
        with open(self.root_certificate_filename, 'wb') as f:
            f.write(my_root_certificate.public_bytes(encoding=Encoding.PEM))
        """ Create CA (Intermediate) Key and Certificate """
        # create ca keypair
        my_ca_private_key = generate_private_key(public_exponent=65537, key_size=4096)
        my_ca_public_key = my_ca_private_key.public_key()
        # create ca-certificate subject
        my_ca_subject = x509.Name([
            x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
            x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'California'),
            x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Nvidia'),
            x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, u'Nvidia Licensing Service (NLS)'),
            x509.NameAttribute(NameOID.COMMON_NAME, u'NLS Intermediate CA'),
        ])
        # create self-signed ca-certificate
        my_ca_certificate = (
            x509.CertificateBuilder()
            .subject_name(my_ca_subject)
            .issuer_name(my_root_subject)
            .public_key(my_ca_public_key)
            .serial_number(x509.random_serial_number())
            .not_valid_before(datetime.now(tz=UTC) - timedelta(days=1))
            .not_valid_after(datetime.now(tz=UTC) + timedelta(days=365 * 10))
            .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True)
            .add_extension(x509.KeyUsage(
                digital_signature=False,
                key_encipherment=False,
                key_cert_sign=True,
                key_agreement=False,
                content_commitment=False,
                data_encipherment=False,
                crl_sign=True,
                encipher_only=False,
                decipher_only=False),
                critical=True
            )
            .add_extension(x509.SubjectKeyIdentifier.from_public_key(my_ca_public_key), critical=False)
            .add_extension(x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
                my_root_certificate.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value
            ), critical=False)
            .sign(my_root_private_key, hashes.SHA256()))
        my_ca_private_key_as_pem = my_ca_private_key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.TraditionalOpenSSL,
            encryption_algorithm=serialization.NoEncryption(),
        )
        with open(self.ca_private_key_filename, 'wb') as f:
            f.write(my_ca_private_key_as_pem)
        with open(self.ca_certificate_filename, 'wb') as f:
            f.write(my_ca_certificate.public_bytes(encoding=Encoding.PEM))
        """ Create Service-Instance Key and Certificate """
        # create si keypair
        my_si_private_key = generate_private_key(public_exponent=65537, key_size=2048)
        my_si_public_key = my_si_private_key.public_key()
        my_si_private_key_as_pem = my_si_private_key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.TraditionalOpenSSL,
            encryption_algorithm=serialization.NoEncryption(),
        )
        my_si_public_key_as_pem = my_si_public_key.public_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PublicFormat.SubjectPublicKeyInfo,
        )
        with open(self.si_private_key_filename, 'wb') as f:
            f.write(my_si_private_key_as_pem)
        # with open(self.si_public_key_filename, 'wb') as f:
        #    f.write(my_si_public_key_as_pem)
        # create si-certificate subject
        my_si_subject = x509.Name([
            # x509.NameAttribute(NameOID.COMMON_NAME, INSTANCE_REF),
            x509.NameAttribute(NameOID.COMMON_NAME, self.service_instance_ref),
        ])
        # create self-signed si-certificate
        my_si_certificate = (
            x509.CertificateBuilder()
            .subject_name(my_si_subject)
            .issuer_name(my_ca_subject)
            .public_key(my_si_public_key)
            .serial_number(x509.random_serial_number())
            .not_valid_before(datetime.now(tz=UTC) - timedelta(days=1))
            .not_valid_after(datetime.now(tz=UTC) + timedelta(days=365 * 10))
            .add_extension(x509.KeyUsage(digital_signature=True, key_encipherment=True, key_cert_sign=False,
                                         key_agreement=True, content_commitment=False, data_encipherment=False,
                                         crl_sign=False, encipher_only=False, decipher_only=False), critical=True)
            .add_extension(x509.ExtendedKeyUsage([
                x509.oid.ExtendedKeyUsageOID.SERVER_AUTH,
                x509.oid.ExtendedKeyUsageOID.CLIENT_AUTH]
            ), critical=False)
            .add_extension(x509.SubjectKeyIdentifier.from_public_key(my_si_public_key), critical=False)
            # .add_extension(x509.AuthorityKeyIdentifier.from_issuer_public_key(my_ca_public_key), critical=False)
            .add_extension(x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
                my_ca_certificate.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value
            ), critical=False)
            .add_extension(x509.SubjectAlternativeName([
                # x509.DNSName(INSTANCE_REF)
                x509.DNSName(self.service_instance_ref)
            ]), critical=False)
            .sign(my_ca_private_key, hashes.SHA256()))
        with open(self.si_certificate_filename, 'wb') as f:
            f.write(my_si_certificate.public_bytes(encoding=Encoding.PEM))
-def generate_key() -> "RsaKey":
+class PrivateKey:
-    try:
+
-        # Crypto | Cryptodome on Debian
+    def __init__(self, data: bytes):
-        from Crypto.PublicKey import RSA
+        self.__key = load_pem_private_key(data, password=None)
-        from Crypto.PublicKey.RSA import RsaKey
+
-    except ModuleNotFoundError:
+    @staticmethod
-        from Cryptodome.PublicKey import RSA
+    def from_file(filename: str) -> "PrivateKey":
-        from Cryptodome.PublicKey.RSA import RsaKey
+        log = logging.getLogger(__name__)
-    log = logging.getLogger(__name__)
+        log.debug(f'Importing RSA-Private-Key from "{filename}"')
-    log.debug(f'Generating RSA-Key')
+
-    return RSA.generate(bits=2048)
+        with open(filename, 'rb') as f:
            data = f.read()
        return PrivateKey(data=data.strip())
    def raw(self) -> RSAPrivateKey:
        return self.__key
    def pem(self) -> bytes:
        return self.__key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.TraditionalOpenSSL,
            encryption_algorithm=serialization.NoEncryption()
        )
    def public_key(self) -> "PublicKey":
        data = self.__key.public_key().public_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PublicFormat.SubjectPublicKeyInfo
        )
        return PublicKey(data=data)
    def generate_signature(self, data: bytes) -> bytes:
        return self.__key.sign(data=data, padding=PKCS1v15(), algorithm=SHA256())
    @staticmethod
    def generate(public_exponent: int = 65537, key_size: int = 2048) -> "PrivateKey":
        log = logging.getLogger(__name__)
        log.debug(f'Generating RSA-Key')
        key = generate_private_key(public_exponent=public_exponent, key_size=key_size)
        data = key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.TraditionalOpenSSL,
            encryption_algorithm=serialization.NoEncryption()
        )
        return PrivateKey(data=data)
-class NV:
+class PublicKey:
    def __init__(self, data: bytes):
        self.__key = load_pem_public_key(data)
    @staticmethod
    def from_file(filename: str) -> "PublicKey":
        log = logging.getLogger(__name__)
        log.debug(f'Importing RSA-Public-Key from "{filename}"')
        with open(filename, 'rb') as f:
            data = f.read()
        return PublicKey(data=data.strip())
    def raw(self) -> RSAPublicKey:
        return self.__key
    def pem(self) -> bytes:
        return self.__key.public_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PublicFormat.SubjectPublicKeyInfo
        )
    def mod(self) -> str:
        return hex(self.__key.public_numbers().n)[2:]
    def exp(self):
        return int(self.__key.public_numbers().e)
    def verify_signature(self, signature: bytes, data: bytes) -> None:
        self.__key.verify(signature=signature, data=data, padding=PKCS1v15(), algorithm=SHA256())
 class Cert:
    def __init__(self, data: bytes):
        self.__cert = load_pem_x509_certificate(data)
    @staticmethod
    def from_file(filename: str) -> "Cert":
        log = logging.getLogger(__name__)
        log.debug(f'Importing Certificate from "{filename}"')
        with open(filename, 'rb') as f:
            data = f.read()
        return Cert(data=data.strip())
    def raw(self) -> Certificate:
        return self.__cert
    def pem(self) -> bytes:
        return self.__cert.public_bytes(encoding=serialization.Encoding.PEM)
    def public_key(self) -> "PublicKey":
        data = self.__cert.public_key().public_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PublicFormat.SubjectPublicKeyInfo
        )
        return PublicKey(data=data)
    def signature(self) -> bytes:
        return self.__cert.signature
    def subject_key_identifier(self):
        return self.__cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value.key_identifier
    def authority_key_identifier(self):
        return self.__cert.extensions.get_extension_for_class(x509.AuthorityKeyIdentifier).value.key_identifier
 class DriverMatrix:
    __DRIVER_MATRIX_FILENAME = 'static/driver_matrix.json'
    __DRIVER_MATRIX: None | dict = None  # https://docs.nvidia.com/grid/ => "Driver Versions"
    def __init__(self):
        self.log = logging.getLogger(self.__class__.__name__)
-        if NV.__DRIVER_MATRIX is None:
+        if DriverMatrix.__DRIVER_MATRIX is None:
-            from json import load as json_load
+            self.__load()
-            try:
+
-                file = open(NV.__DRIVER_MATRIX_FILENAME)
+    def __load(self):
-                NV.__DRIVER_MATRIX = json_load(file)
+        try:
-                file.close()
+            with open(DriverMatrix.__DRIVER_MATRIX_FILENAME, 'r') as f:
-                self.log.debug(f'Successfully loaded "{NV.__DRIVER_MATRIX_FILENAME}".')
+                DriverMatrix.__DRIVER_MATRIX = json_loads(f.read())
-            except Exception as e:
+            self.log.debug(f'Successfully loaded "{DriverMatrix.__DRIVER_MATRIX_FILENAME}".')
-                NV.__DRIVER_MATRIX = {}  # init empty dict to not try open file everytime, just when restarting app
+        except Exception as e:
-                # self.log.warning(f'Failed to load "{NV.__DRIVER_MATRIX_FILENAME}": {e}')
+            DriverMatrix.__DRIVER_MATRIX = {}  # init empty dict to not try open file everytime, just when restarting app
            # self.log.warning(f'Failed to load "{NV.__DRIVER_MATRIX_FILENAME}": {e}')
    @staticmethod
    def find(version: str) -> dict | None:
-        if NV.__DRIVER_MATRIX is None:
+        if DriverMatrix.__DRIVER_MATRIX is None:
            return None
-        for idx, (key, branch) in enumerate(NV.__DRIVER_MATRIX.items()):
+        for idx, (key, branch) in enumerate(DriverMatrix.__DRIVER_MATRIX.items()):
            for release in branch.get('$releases'):
                linux_driver = release.get('Linux Driver')
                windows_driver = release.get('Windows Driver')
@ -80,3 +390,34 @@ class NV:
                        'is_latest': is_latest,
                    }
        return None
 class ProductMapping:
    def __init__(self, filename: str):
        with open(filename, 'r') as file:
            self.data = json_loads(file.read())
    def get_feature_name(self, product_name: str) -> (str, str):
        product = self.__get_product(product_name)
        product_fulfillment = self.__get_product_fulfillment(product.get('xid'))
        feature = self.__get_product_fulfillment_feature(product_fulfillment.get('xid'))
        return feature.get('feature_identifier')
    def __get_product(self, product_name: str):
        product_list = self.data.get('product')
        return next(filter(lambda _: _.get('identifier') == product_name, product_list))
    def __get_product_fulfillment(self, product_xid: str):
        product_fulfillment_list = self.data.get('product_fulfillment')
        return next(filter(lambda _: _.get('product_xid') == product_xid, product_fulfillment_list))
    def __get_product_fulfillment_feature(self, product_fulfillment_xid: str):
        feature_list = self.data.get('product_fulfillment_feature')
        features = list(filter(lambda _: _.get('product_fulfillment_xid') == product_fulfillment_xid, feature_list))
        features.sort(key=lambda _: _.get('evaluation_order_index'))
        return features[0]
--- a/doc/Database.md
+++ b/doc/Database.md
@ -1,26 +0,0 @@
 # Database structure
 ## `request_routing.service_instance`
 | xid                                    | org_name                 |
 |----------------------------------------|--------------------------|
 | `10000000-0000-0000-0000-000000000000` | `lic-000000000000000000` |
 - `xid` is used as `SERVICE_INSTANCE_XID`
 ## `request_routing.license_allotment_service_instance`
 | xid                                    | service_instance_xid                   | license_allotment_xid                  |
 |----------------------------------------|----------------------------------------|----------------------------------------|
 | `90000000-0000-0000-0000-000000000001` | `10000000-0000-0000-0000-000000000000` | `80000000-0000-0000-0000-000000000001` |
 - `xid` is only a primary-key and never used as foreign-key or reference
 - `license_allotment_xid` must be used to fetch `xid`'s from `request_routing.license_allotment_reference`
 ## `request_routing.license_allotment_reference`
 | xid                                    | license_allotment_xid                  |
 |----------------------------------------|----------------------------------------|
 | `20000000-0000-0000-0000-000000000001` | `80000000-0000-0000-0000-000000000001` | 
 - `xid` is used as `scope_ref_list` on token request
--- a/doc/Reverse
+++ b/doc/Reverse
@ -1,177 +0,0 @@
 # Reverse Engineering Notes
 # Usefully commands
 ## Check licensing status
 - `nvidia-smi -q | grep "License"`
 **Output**
 ```
 vGPU Software Licensed Product
        License Status                    : Licensed (Expiry: 2023-1-14 12:59:52 GMT)
 ```
 ## Track licensing progress
 - NVIDIA Grid Log: `journalctl -u nvidia-gridd -f`
 ```
 systemd[1]: Started NVIDIA Grid Daemon.
 nvidia-gridd[2986]: Configuration parameter ( ServerAddress  ) not set
 nvidia-gridd[2986]: vGPU Software package (0)
 nvidia-gridd[2986]: Ignore service provider and node-locked licensing
 nvidia-gridd[2986]: NLS initialized
 nvidia-gridd[2986]: Acquiring license. (Info: license.nvidia.space; NVIDIA RTX Virtual Workstation)
 nvidia-gridd[2986]: License acquired successfully. (Info: license.nvidia.space, NVIDIA RTX Virtual Workstation; Expiry: 2023-1-29 22:3:0 GMT)
 ```
 # DLS-Container File-System (Docker)
 ## Configuration data
 Most variables and configs are stored in `/var/lib/docker/volumes/configurations/_data`.
 Files can be modified with `docker cp <container-id>:/venv/... /opt/localfile/...` and back.
 (May you need to fix permissions with `docker exec -u 0 <container-id> chown nonroot:nonroot /venv/...`)
 ## Dive / Docker image inspector
 - `dive dls:appliance`
 The source code is stored in `/venv/lib/python3.9/site-packages/nls_*`.
 Image-Reference:
 ```
 Tags:   (unavailable)
 Id:     d1c7976a5d2b3681ff6c5a30f8187e4015187a83f3f285ba4a37a45458bd6b98
 Digest: sha256:311223c5af7a298ec1104f5dc8c3019bfb0e1f77256dc3d995244ffb295a97
 1f
 Command:
 #(nop) ADD file:c1900d3e3a29c29a743a8da86c437006ec5d2aa873fb24e48033b6bf492bb37b in /
 ```
 ## Private Key (Site-Key)
 - `/etc/dls/config/decryptor/decryptor`
 ```shell
 docker exec -it <container-id> /etc/dls/config/decryptor/decryptor > /tmp/private-key.pem
 ```
 ```
 -----BEGIN RSA PRIVATE KEY-----
 ...
 -----END RSA PRIVATE KEY-----
 ``` 
 ## Site Key Uri - `/etc/dls/config/site_key_uri.bin`
 ```
 base64-content...
 ```
 ## DB Password - `/etc/dls/config/dls_db_password.bin`
 ```
 base64-content...
 ```
 **Decrypt database password**
 ```
 cd /var/lib/docker/volumes/configurations/_data
 cat dls_db_password.bin | base64 -d > dls_db_password.bin.raw
 openssl rsautl -decrypt -inkey /tmp/private-key.pem -in dls_db_password.bin.raw
 ```
 # Database
 - It's enough to manipulate database licenses. There must not be changed any line of code to bypass licensing
  validations.
 # Logging / Stack Trace
 - https://docs.nvidia.com/license-system/latest/nvidia-license-system-user-guide/index.html#troubleshooting-dls-instance
 **Failed licensing log**
 ```
 {
    "activity": 100,
    "context": {
        "SERVICE_INSTANCE_ID": "b43d6e46-d6d0-4943-8b8d-c66a5f6e0d38",
        "SERVICE_INSTANCE_NAME": "DEFAULT_2022-12-14_12:48:30",
        "description": "borrow failed: NotFoundError(no pool features found for: NVIDIA RTX Virtual Workstation)",
        "event_type": null,
        "function_name": "_evt",
        "lineno": 54,
        "module_name": "nls_dal_lease_dls.event",
        "operation_id": "e72a8ca7-34cc-4e11-b80c-273592085a24",
        "origin_ref": "3f7f5a50-a26b-425b-8d5e-157f63e72b1c",
        "service_name": "nls_services_lease"
    },
    "detail": {
        "oc": {
            "license_allotment_xid": "10c4317f-7c4c-11ed-a524-0e4252a7e5f1",
            "origin_ref": "3f7f5a50-a26b-425b-8d5e-157f63e72b1c",
            "service_instance_xid": "b43d6e46-d6d0-4943-8b8d-c66a5f6e0d38"
        },
        "operation_id": "e72a8ca7-34cc-4e11-b80c-273592085a24"
    },
    "id": "0cc9e092-3b92-4652-8d9e-7622ef85dc79",
    "metadata": {},
    "ts": "2022-12-15T10:25:36.827661Z"
 }
 {
    "activity": 400,
    "context": {
        "SERVICE_INSTANCE_ID": "b43d6e46-d6d0-4943-8b8d-c66a5f6e0d38",
        "SERVICE_INSTANCE_NAME": "DEFAULT_2022-12-14_12:48:30",
        "description": "lease_multi_create failed: no pool features found for: NVIDIA RTX Virtual Workstation",
        "event_by": "system",
        "function_name": "lease_multi_create",
        "level": "warning",
        "lineno": 157,
        "module_name": "nls_services_lease.controllers.lease_multi_controller",
        "operation_id": "e72a8ca7-34cc-4e11-b80c-273592085a24",
        "service_name": "nls_services_lease"
    },
    "detail": {
        "_msg": "lease_multi_create failed: no pool features found for: NVIDIA RTX Virtual Workstation",
        "exec_info": ["NotFoundError", "NotFoundError(no pool features found for: NVIDIA RTX Virtual Workstation)", "  File \"/venv/lib/python3.9/site-packages/nls_services_lease/controllers/lease_multi_controller.py\", line 127, in lease_multi_create\n    data = _leaseMulti.lease_multi_create(event_args)\n  File \"/venv/lib/python3.9/site-packages/nls_core_lease/lease_multi.py\", line 208, in lease_multi_create\n    raise e\n  File \"/venv/lib/python3.9/site-packages/nls_core_lease/lease_multi.py\", line 184, in lease_multi_create\n    self._try_proposals(oc, mlr, results, detail)\n  File \"/venv/lib/python3.9/site-packages/nls_core_lease/lease_multi.py\", line 219, in _try_proposals\n    lease = self._leases.create(creator)\n  File \"/venv/lib/python3.9/site-packages/nls_dal_lease_dls/leases.py\", line 230, in create\n    features = self._get_features(creator)\n  File \"/venv/lib/python3.9/site-packages/nls_dal_lease_dls/leases.py\", line 148, in _get_features\n    self._explain_not_available(cur, creator)\n  File \"/venv/lib/python3.9/site-packages/nls_dal_lease_dls/leases.py\", line 299, in _explain_not_available\n    raise NotFoundError(f'no pool features found for: {lcc.product_name}')\n"],
        "operation_id": "e72a8ca7-34cc-4e11-b80c-273592085a24"
    },
    "id": "282801b9-d612-40a5-9145-b56d8e420dac",
    "metadata": {},
    "ts": "2022-12-15T10:25:36.831673Z"
 }
 ```
 **Stack Trace**
 ```
 "NotFoundError", "NotFoundError(no pool features found for: NVIDIA RTX Virtual Workstation)", "  File \"/venv/lib/python3.9/site-packages/nls_services_lease/controllers/lease_multi_controller.py\", line 127, in lease_multi_create
    data = _leaseMulti.lease_multi_create(event_args)
  File \"/venv/lib/python3.9/site-packages/nls_core_lease/lease_multi.py\", line 208, in lease_multi_create
    raise e
  File \"/venv/lib/python3.9/site-packages/nls_core_lease/lease_multi.py\", line 184, in lease_multi_create
    self._try_proposals(oc, mlr, results, detail)
  File \"/venv/lib/python3.9/site-packages/nls_core_lease/lease_multi.py\", line 219, in _try_proposals
    lease = self._leases.create(creator)
  File \"/venv/lib/python3.9/site-packages/nls_dal_lease_dls/leases.py\", line 230, in create
    features = self._get_features(creator)
  File \"/venv/lib/python3.9/site-packages/nls_dal_lease_dls/leases.py\", line 148, in _get_features
    self._explain_not_available(cur, creator)
  File \"/venv/lib/python3.9/site-packages/nls_dal_lease_dls/leases.py\", line 299, in _explain_not_available
    raise NotFoundError(f'no pool features found for: {lcc.product_name}')
 "
 ```
 # Nginx
 - NGINX uses `/opt/certs/cert.pem` and `/opt/certs/key.pem`  
--- a/examples/docker-compose-http-and-https.yml
+++ b/examples/docker-compose-http-and-https.yml
@ -15,7 +15,7 @@ services:
      <<: *dls-variables
    volumes:
      - /etc/timezone:/etc/timezone:ro
-      - /opt/docker/fastapi-dls/cert:/app/cert  # instance.private.pem, instance.public.pem
+      - /opt/docker/fastapi-dls/cert:/app/cert
      - db:/app/database
    entrypoint: ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", "--app-dir", "/app", "--proxy-headers"]
    healthcheck:
--- a/requirements.txt
+++ b/requirements.txt
@ -1,8 +1,8 @@
-fastapi==0.115.3
+fastapi==0.115.12
-uvicorn[standard]==0.32.0
+uvicorn[standard]==0.34.1
-python-jose==3.3.0
+python-jose[cryptography]==3.4.0
-pycryptodome==3.21.0
+cryptography==44.0.2
-python-dateutil==2.8.2
+python-dateutil==2.9.0
-sqlalchemy==2.0.36
+sqlalchemy==2.0.40
-markdown==3.7
+markdown==3.8
-python-dotenv==1.0.1
+python-dotenv==1.1.0
--- a/test/create_driver_matrix_json.py
+++ b/test/create_driver_matrix_json.py
@ -6,7 +6,7 @@ logger.setLevel(logging.INFO)
 URL = 'https://docs.nvidia.com/vgpu/index.html'
-BRANCH_STATUS_KEY, SOFTWARE_BRANCH_KEY, = 'vGPU Branch Status', 'vGPU Software Branch'
+BRANCH_STATUS_KEY = 'vGPU Branch Status'
 VGPU_KEY, GRID_KEY, DRIVER_BRANCH_KEY = 'vGPU Software', 'vGPU Software', 'Driver Branch'
 LINUX_VGPU_MANAGER_KEY, LINUX_DRIVER_KEY = 'Linux vGPU Manager', 'Linux Driver'
 WINDOWS_VGPU_MANAGER_KEY, WINDOWS_DRIVER_KEY = 'Windows vGPU Manager', 'Windows Driver'
@ -26,12 +26,15 @@ def __driver_versions(html: 'BeautifulSoup'):
    # find wrapper for "DriverVersions" and find tables
    data = html.find('div', {'id': 'driver-versions'})
-    items = data.findAll('bsp-accordion', {'class': 'Accordion-items-item'})
+    items = data.find_all('bsp-accordion', {'class': 'Accordion-items-item'})
    for item in items:
        software_branch = item.find('div', {'class': 'Accordion-items-item-title'}).text.strip()
        software_branch = software_branch.replace(' Releases', '')
        matrix_key = software_branch.lower()
        branch_status = item.find('a', href=True, string='Branch status')
        branch_status = branch_status.next_sibling.replace(':', '').strip()
        # driver version info from table-heads (ths) and table-rows (trs)
        table = item.find('table')
        ths, trs = table.find_all('th'), table.find_all('tr')
@ -42,48 +45,20 @@ def __driver_versions(html: 'BeautifulSoup'):
                continue
            # create dict with table-heads as key and cell content as value
            x = {headers[i]: __strip(cell.text) for i, cell in enumerate(tds)}
            x.setdefault(BRANCH_STATUS_KEY, branch_status)
            releases.append(x)
        # add to matrix
        MATRIX.update({matrix_key: {JSON_RELEASES_KEY: releases}})
 def __release_branches(html: 'BeautifulSoup'):
    # find wrapper for "AllReleaseBranches" and find table
    data = html.find('div', {'id': 'all-release-branches'})
    table = data.find('table')
    # branch releases info from table-heads (ths) and table-rows (trs)
    ths, trs = table.find_all('th'), table.find_all('tr')
    headers = [header.text.strip() for header in ths]
    for trs in trs:
        tds = trs.find_all('td')
        if len(tds) == 0:  # skip empty
            continue
        # create dict with table-heads as key and cell content as value
        x = {headers[i]: cell.text.strip() for i, cell in enumerate(tds)}
        # get matrix_key
        software_branch = x.get(SOFTWARE_BRANCH_KEY)
        matrix_key = software_branch.lower()
        # add to matrix
        MATRIX.update({matrix_key: MATRIX.get(matrix_key) | x})
 def __debug():
    # print table head
-    s = f'{SOFTWARE_BRANCH_KEY:^21} | {BRANCH_STATUS_KEY:^21} | {VGPU_KEY:^13} | {LINUX_VGPU_MANAGER_KEY:^21} | {LINUX_DRIVER_KEY:^21} | {WINDOWS_VGPU_MANAGER_KEY:^21} | {WINDOWS_DRIVER_KEY:^21} | {RELEASE_DATE_KEY:>21} | {EOL_KEY:>21}'
+    s = f'{VGPU_KEY:^13} | {LINUX_VGPU_MANAGER_KEY:^21} | {LINUX_DRIVER_KEY:^21} | {WINDOWS_VGPU_MANAGER_KEY:^21} | {WINDOWS_DRIVER_KEY:^21} | {RELEASE_DATE_KEY:>21} | {BRANCH_STATUS_KEY:^21}'
    print(s)
    # iterate over dict & format some variables to not overload table
    for idx, (key, branch) in enumerate(MATRIX.items()):
        branch_status = branch.get(BRANCH_STATUS_KEY)
        branch_status = branch_status.replace('Branch ', '')
        branch_status = branch_status.replace('Long-Term Support', 'LTS')
        branch_status = branch_status.replace('Production', 'Prod.')
        software_branch = branch.get(SOFTWARE_BRANCH_KEY).replace('NVIDIA ', '')
        for release in branch.get(JSON_RELEASES_KEY):
            version = release.get(VGPU_KEY, release.get(GRID_KEY, ''))
            linux_manager = release.get(LINUX_VGPU_MANAGER_KEY, release.get(ALT_VGPU_MANAGER_KEY, ''))
@ -92,13 +67,25 @@ def __debug():
            windows_driver = release.get(WINDOWS_DRIVER_KEY)
            release_date = release.get(RELEASE_DATE_KEY)
            is_latest = release.get(VGPU_KEY) == branch.get(LATEST_KEY)
            branch_status = __parse_branch_status(release.get(BRANCH_STATUS_KEY, ''))
            version = f'{version} *' if is_latest else version
-            eol = branch.get(EOL_KEY) if is_latest else ''
+            s = f'{version:<13} | {linux_manager:<21} | {linux_driver:<21} | {windows_manager:<21} | {windows_driver:<21} | {release_date:>21} | {branch_status:^21}'
            s = f'{software_branch:^21} | {branch_status:^21} | {version:<13} | {linux_manager:<21} | {linux_driver:<21} | {windows_manager:<21} | {windows_driver:<21} | {release_date:>21} | {eol:>21}'
            print(s)
 def __parse_branch_status(string: str) -> str:
    string = string.replace('Production Branch', 'Prod. -')
    string = string.replace('Long-Term Support Branch', 'LTS -')
    string = string.replace('supported until', '')
    string = string.replace('EOL since', 'EOL - ')
    string = string.replace('EOL from', 'EOL -')
    return string
 def __dump(filename: str):
    import json
@ -128,7 +115,6 @@ if __name__ == '__main__':
    # build matrix
    __driver_versions(soup)
    __release_branches(soup)
    # debug output
    __debug()
--- a/test/main.py
+++ b/test/main.py
@ -1,35 +1,45 @@
 import json
 import sys
 from base64 import b64encode as b64enc
 from hashlib import sha256
 from calendar import timegm
-from datetime import datetime
+from datetime import datetime, UTC
-from os.path import dirname, join
+from hashlib import sha256
 from uuid import uuid4, UUID
 from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
 from cryptography.hazmat.primitives.hashes import SHA256
 from dateutil.relativedelta import relativedelta
-from jose import jwt, jwk
+from jose import jwt, jwk, jws
 from jose.constants import ALGORITHMS
 from starlette.testclient import TestClient
 import sys
 # add relative path to use packages as they were in the app/ dir
 sys.path.append('../')
 sys.path.append('../app')
 from app import main
-from app.util import load_key
+from util import CASetup, PrivateKey, PublicKey, Cert
 client = TestClient(main.app)
 # Instance
 INSTANCE_REF = '10000000-0000-0000-0000-000000000001'
 ORIGIN_REF, ALLOTMENT_REF, SECRET = str(uuid4()), '20000000-0000-0000-0000-000000000001', 'HelloWorld'
-# INSTANCE_KEY_RSA = generate_key()
+# CA & Signing
-# INSTANCE_KEY_PUB = INSTANCE_KEY_RSA.public_key()
+ca_setup = CASetup(service_instance_ref=INSTANCE_REF)
 my_root_private_key = PrivateKey.from_file(ca_setup.root_private_key_filename)
 my_root_certificate = Cert.from_file(ca_setup.root_certificate_filename)
 my_ca_certificate = Cert.from_file(ca_setup.ca_certificate_filename)
 my_ca_private_key = PrivateKey.from_file(ca_setup.ca_private_key_filename)
 my_si_private_key = PrivateKey.from_file(ca_setup.si_private_key_filename)
 my_si_private_key_as_pem = my_si_private_key.pem()
 my_si_public_key = my_si_private_key.public_key()
 my_si_public_key_as_pem = my_si_private_key.public_key().pem()
 my_si_certificate = Cert.from_file(ca_setup.si_certificate_filename)
-INSTANCE_KEY_RSA = load_key(str(join(dirname(__file__), '../app/cert/instance.private.pem')))
+jwt_encode_key = jwk.construct(my_si_private_key_as_pem, algorithm=ALGORITHMS.RS256)
-INSTANCE_KEY_PUB = load_key(str(join(dirname(__file__), '../app/cert/instance.public.pem')))
+jwt_decode_key = jwk.construct(my_si_public_key_as_pem, algorithm=ALGORITHMS.RS256)
 jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
 jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
 def __bearer_token(origin_ref: str) -> str:
@ -38,6 +48,48 @@ def __bearer_token(origin_ref: str) -> str:
    return token
 def test_signing():
    signature_set_header = my_si_private_key.generate_signature(b'Hello')
    # test plain
    my_si_public_key.verify_signature(signature_set_header, b'Hello')
    # test "X-NLS-Signature: b'....'
    x_nls_signature_header_value = f'{signature_set_header.hex().encode()}'
    assert f'{x_nls_signature_header_value}'.startswith('b\'')
    assert f'{x_nls_signature_header_value}'.endswith('\'')
    # test eval
    signature_get_header = eval(x_nls_signature_header_value)
    signature_get_header = bytes.fromhex(signature_get_header.decode('ascii'))
    my_si_public_key.verify_signature(signature_get_header, b'Hello')
 def test_keypair_and_certificates():
    assert my_root_certificate.public_key().mod() == my_root_private_key.public_key().mod()
    assert my_ca_certificate.public_key().mod() == my_ca_private_key.public_key().mod()
    assert my_si_certificate.public_key().mod() == my_si_public_key.mod()
    assert len(my_root_certificate.public_key().mod()) == 1024
    assert len(my_ca_certificate.public_key().mod()) == 1024
    assert len(my_si_certificate.public_key().mod()) == 512
    #assert my_si_certificate.public_key().mod() != my_si_public_key.mod()
    my_root_certificate.public_key().raw().verify(
        my_ca_certificate.raw().signature,
        my_ca_certificate.raw().tbs_certificate_bytes,
        PKCS1v15(),
        SHA256(),
    )
    my_ca_certificate.public_key().raw().verify(
        my_si_certificate.raw().signature,
        my_si_certificate.raw().tbs_certificate_bytes,
        PKCS1v15(),
        SHA256(),
    )
 def test_index():
    response = client.get('/')
    assert response.status_code == 200
@ -54,6 +106,12 @@ def test_config():
    assert response.status_code == 200
 def test_config_root_ca():
    response = client.get('/-/config/root-certificate')
    assert response.status_code == 200
    assert response.content.decode('utf-8').strip() == my_root_certificate.pem().decode('utf-8').strip()
 def test_readme():
    response = client.get('/-/readme')
    assert response.status_code == 200
@ -69,6 +127,41 @@ def test_client_token():
    assert response.status_code == 200
 def test_config_token():
    # https://git.collinwebdesigns.de/nvidia/nls/-/blob/main/src/test/test_config_token.py
    response = client.post('/leasing/v1/config-token', json={"service_instance_ref": INSTANCE_REF})
    assert response.status_code == 200
    nv_response_certificate_configuration = response.json().get('certificateConfiguration')
    nv_ca_chain = nv_response_certificate_configuration.get('caChain')[0].encode('utf-8')
    nv_ca_chain = Cert(nv_ca_chain)
    nv_response_public_cert = nv_response_certificate_configuration.get('publicCert').encode('utf-8')
    nv_response_public_key = nv_response_certificate_configuration.get('publicKey')
    nv_si_certificate = Cert(nv_response_public_cert)
    assert nv_si_certificate.public_key().mod() == nv_response_public_key.get('mod')[0]
    assert nv_si_certificate.authority_key_identifier() == nv_ca_chain.subject_key_identifier()
    nv_jwt_decode_key = jwk.construct(nv_response_public_cert, algorithm=ALGORITHMS.RS256)
    nv_response_config_token = response.json().get('configToken')
    payload = jws.verify(nv_response_config_token, key=nv_jwt_decode_key, algorithms=ALGORITHMS.RS256)
    payload = json.loads(payload)
    assert payload.get('iss') == 'NLS Service Instance'
    assert payload.get('aud') == 'NLS Licensed Client'
    assert payload.get('service_instance_ref') == INSTANCE_REF
    nv_si_public_key_configuration = payload.get('service_instance_public_key_configuration')
    nv_si_public_key_me = nv_si_public_key_configuration.get('service_instance_public_key_me')
    assert len(nv_si_public_key_me.get('mod')) == 512 # nv_si_public_key_mod
    assert nv_si_public_key_me.get('exp') == 65537  # nv_si_public_key_exp
 def test_origins():
    pass
@ -106,6 +199,7 @@ def test_auth_v1_origin():
    assert response.json().get('origin_ref') == ORIGIN_REF
 def auth_v1_origin_update():
    payload = {
        "registration_pending": False,
@ -141,7 +235,7 @@ def test_auth_v1_code():
 def test_auth_v1_token():
-    cur_time = datetime.utcnow()
+    cur_time = datetime.now(UTC)
    access_expires_on = cur_time + relativedelta(hours=1)
    payload = {
@ -153,8 +247,7 @@ def test_auth_v1_token():
        "kid": "00000000-0000-0000-0000-000000000000"
    }
    payload = {
-        "auth_code": jwt.encode(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')},
+        "auth_code": jwt.encode(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm=ALGORITHMS.RS256),
                                algorithm=ALGORITHMS.RS256),
        "code_verifier": SECRET,
    }
@ -168,12 +261,13 @@ def test_auth_v1_token():
 def test_leasing_v1_lessor():
    payload = {
        'client_challenge': 'my_unique_string',
        'fulfillment_context': {
            'fulfillment_class_ref_list': []
        },
        'lease_proposal_list': [{
            'license_type_qualifiers': {'count': 1},
-            'product': {'name': 'NVIDIA RTX Virtual Workstation'}
+            'product': {'name': 'NVIDIA Virtual Applications'}
        }],
        'proposal_evaluation_mode': 'ALL_OF',
        'scope_ref_list': [ALLOTMENT_REF]
@ -182,12 +276,21 @@ def test_leasing_v1_lessor():
    response = client.post('/leasing/v1/lessor', json=payload, headers={'authorization': __bearer_token(ORIGIN_REF)})
    assert response.status_code == 200
    client_challenge = response.json().get('client_challenge')
    assert client_challenge == payload.get('client_challenge')
    signature = eval(response.headers.get('X-NLS-Signature'))
    assert len(signature) == 512
    signature = bytes.fromhex(signature.decode('ascii'))
    assert len(signature) == 256
    my_si_public_key.verify_signature(signature, response.content)
    lease_result_list = response.json().get('lease_result_list')
    assert len(lease_result_list) == 1
    assert len(lease_result_list[0]['lease']['ref']) == 36
    assert str(UUID(lease_result_list[0]['lease']['ref'])) == lease_result_list[0]['lease']['ref']
    assert lease_result_list[0]['lease']['product_name'] == 'NVIDIA Virtual Applications'
    assert lease_result_list[0]['lease']['feature_name'] == 'GRID-Virtual-Apps'
    return lease_result_list[0]['lease']['ref']
 def test_leasing_v1_lessor_lease():
@ -207,9 +310,18 @@ def test_leasing_v1_lease_renew():
    ###
-    response = client.put(f'/leasing/v1/lease/{active_lease_ref}', headers={'authorization': __bearer_token(ORIGIN_REF)})
+    payload = {'client_challenge': 'my_unique_string'}
    response = client.put(f'/leasing/v1/lease/{active_lease_ref}', json=payload, headers={'authorization': __bearer_token(ORIGIN_REF)})
    assert response.status_code == 200
    client_challenge = response.json().get('client_challenge')
    assert client_challenge == payload.get('client_challenge')
    signature = eval(response.headers.get('X-NLS-Signature'))
    assert len(signature) == 512
    signature = bytes.fromhex(signature.decode('ascii'))
    assert len(signature) == 256
    my_si_public_key.verify_signature(signature, response.content)
    lease_ref = response.json().get('lease_ref')
    assert len(lease_ref) == 36
    assert lease_ref == active_lease_ref
@ -231,7 +343,23 @@ def test_leasing_v1_lease_delete():
 def test_leasing_v1_lessor_lease_remove():
-    lease_ref = test_leasing_v1_lessor()
+    # see "test_leasing_v1_lessor()"
    payload = {
        'fulfillment_context': {
            'fulfillment_class_ref_list': []
        },
        'lease_proposal_list': [{
            'license_type_qualifiers': {'count': 1},
            'product': {'name': 'NVIDIA Virtual Applications'}
        }],
        'proposal_evaluation_mode': 'ALL_OF',
        'scope_ref_list': [ALLOTMENT_REF]
    }
    response = client.post('/leasing/v1/lessor', json=payload, headers={'authorization': __bearer_token(ORIGIN_REF)})
    lease_result_list = response.json().get('lease_result_list')
    lease_ref = lease_result_list[0]['lease']['ref']
    #
    response = client.delete('/leasing/v1/lessor/leases', headers={'authorization': __bearer_token(ORIGIN_REF)})
    assert response.status_code == 200
Author	SHA1	Message	Date
Oscar Krause	b577edcf67	release registry url updated	2025-04-23 22:19:27 +02:00
Oscar Krause	8e3e49fc36	ci fixes	2025-04-23 22:02:04 +02:00
Oscar Krause	2638f67cd9	typos	2025-04-23 21:55:45 +02:00
Oscar Krause	60a6c83a3d	Merge branch 'v18.x-support' into 'main' v18.x support / NLS 3.4.x compatibility See merge request oscar.krause/fastapi-dls!46	2025-04-23 21:54:43 +02:00
Oscar Krause	ae03867502	updated compatibility matrix	2025-04-23 10:35:07 +02:00
Oscar Krause	295e3c9482	fixes	2025-04-22 20:42:11 +02:00
Oscar Krause	3961acf231	fixes	2025-04-22 15:07:29 +02:00
Oscar Krause	04914740a4	improved tests	2025-04-22 14:38:17 +02:00
Oscar Krause	6af9cd04c9	added variable for custom cert path	2025-04-22 14:38:05 +02:00
Oscar Krause	29268b1658	code styling and tests	2025-04-22 14:16:30 +02:00
Oscar Krause	938a112b8a	fixes	2025-04-22 14:00:56 +02:00
Oscar Krause	16870e9d67	code styling	2025-04-22 12:35:34 +02:00
Oscar Krause	55b7437fe7	fixes	2025-04-22 11:29:31 +02:00
Oscar Krause	e7e007a45f	fixes	2025-04-22 11:22:57 +02:00
Oscar Krause	161a1430cf	code styling	2025-04-22 11:06:54 +02:00
Oscar Krause	1ccb203b25	code styling	2025-04-22 11:05:03 +02:00
Oscar Krause	6c1a8d42dc	fixes	2025-04-22 11:04:32 +02:00
Oscar Krause	d248496f34	fixes	2025-04-22 10:45:41 +02:00
Oscar Krause	fd1babaca5	fixes	2025-04-22 10:10:32 +02:00
Oscar Krause	cd9c655d65	fixes	2025-04-22 09:45:58 +02:00
Oscar Krause	6ed4bdfe6f	fixes	2025-04-22 09:05:18 +02:00
Oscar Krause	e1ae757a50	updated tests	2025-04-22 08:53:30 +02:00
Oscar Krause	b0ca5d7ab5	fixes	2025-04-22 08:06:17 +02:00
Oscar Krause	14f8b54752	test with "76 chars per line"	2025-04-22 07:32:30 +02:00
Oscar Krause	dc783e6518	typos	2025-04-22 07:32:05 +02:00
Oscar Krause	3666e22707	fixes	2025-04-21 21:57:40 +02:00
Oscar Krause	6b54d4794b	.gitlab-ci.yml bearbeiten	2025-04-16 15:07:28 +02:00
Oscar Krause	f38378bbc8	updated credits	2025-04-16 15:05:45 +02:00
Oscar Krause	cd4c3d379a	code styling	2025-04-16 15:01:14 +02:00
Oscar Krause	59645d1daf	Merge branch 'main' into v18.x-support # Conflicts: # app/util.py	2025-04-16 15:00:33 +02:00
Oscar Krause	9605ba3eee	Merge branch 'dev' into 'main' Dev See merge request oscar.krause/fastapi-dls!51	2025-04-16 14:43:58 +02:00
Oscar Krause	cd5c2a6cb1	code styling	2025-04-16 14:18:04 +02:00
Oscar Krause	1d3255188e	code styling	2025-04-16 14:12:40 +02:00
Oscar Krause	cea7a01b54	code styling	2025-04-16 14:12:15 +02:00
Oscar Krause	ff2fbaf83f	code styling	2025-04-16 14:11:04 +02:00
Oscar Krause	9f417b61a9	fixes	2025-04-16 14:07:18 +02:00
Oscar Krause	4f77200628	code styling	2025-04-16 14:07:18 +02:00
Oscar Krause	20b03446dc	Merge branch 'main' into 'dev' # Conflicts: # .gitlab-ci.yml	2025-04-16 13:57:51 +02:00
Oscar Krause	df506e8591	removed unsupported python versions	2025-04-16 13:56:36 +02:00
Oscar Krause	3fe3429986	added some python versions and added EOL	2025-04-16 12:54:24 +02:00
Oscar Krause	a996504c50	test python3.13 and 3.11	2025-04-16 12:44:58 +02:00
Oscar Krause	5d2bff88d8	fixes	2025-04-16 12:35:24 +02:00
Oscar Krause	67f2d18a95	requirements.txt updated	2025-04-16 12:25:37 +02:00
Oscar Krause	52cd34cb5c	ci improvements	2025-04-16 12:24:19 +02:00
Oscar Krause	6fb03309a5	ci improvements	2025-04-16 12:23:21 +02:00
Oscar Krause	477e5abbca	refactored test pipeline to test different python versions	2025-04-16 12:12:23 +02:00
Oscar Krause	e00e7569eb	removed todo	2025-04-16 12:01:19 +02:00
Oscar Krause	4650e18821	added todo	2025-04-16 12:00:21 +02:00
Oscar Krause	383c7f8684	updated compatibility	2025-04-16 11:59:53 +02:00
Oscar Krause	9712a84a00	code styling	2025-04-16 09:30:04 +02:00
Oscar Krause	133b1e24e2	code styling	2025-04-16 09:29:10 +02:00
Oscar Krause	8f4d2e6086	updated versions matrix and infos	2025-04-16 09:26:52 +02:00
Oscar Krause	389b36fcb8	removed any 'instance.*.pem' reference	2025-04-16 09:19:17 +02:00
Oscar Krause	a767e73ca6	code styling	2025-04-16 09:03:27 +02:00
Oscar Krause	31957ec6d7	added '/-/config/root-ca' endpoint	2025-04-16 08:37:28 +02:00
Oscar Krause	da31c5f0a7	fixes	2025-04-16 08:10:49 +02:00
Oscar Krause	1265be5fbe	fixes	2025-04-16 08:05:58 +02:00
Oscar Krause	e23912c49a	code refactorings - removed INSTANCE_KEY_RSA and INSTANCE_KEY_PUB from configuration and implemented CASetup instead	2025-04-16 07:54:23 +02:00
Oscar Krause	b9e78dbeeb	response fixes	2025-04-15 07:58:55 +02:00
Oscar Krause	33a561793e	test case sensitive headers	2025-04-15 07:35:41 +02:00
Oscar Krause	445a303955	added signature tests	2025-04-14 21:38:20 +02:00
Oscar Krause	79f1015a86	code styling	2025-04-14 21:38:20 +02:00
Oscar Krause	e2c4e45764	Datei .gitlab-ci.yml aktualisieren	2025-04-14 20:45:12 +02:00
Oscar Krause	7b2d61b329	fixed signature	2025-04-14 20:29:50 +02:00
Oscar Krause	f9fccd5502	implemented product_mapping support	2025-04-14 20:29:50 +02:00
Oscar Krause	70cac5bbf3	test "X-NLS-Signature" upper/lowercase	2025-04-14 20:29:50 +02:00
Oscar Krause	fbb73c73ab	changed "feature_name"	2025-04-14 20:29:50 +02:00
Oscar Krause	94a7772c7b	updated attributes to match nvidia-nls response order	2025-04-14 20:29:50 +02:00
Oscar Krause	54d38953bf	x-nls-signature	2025-04-14 20:29:50 +02:00
Oscar Krause	3871dfe6a6	test "x-nls-signature"	2025-04-14 20:29:50 +02:00
Oscar Krause	e69e93bcb4	fixed missing code	2025-04-14 20:29:50 +02:00
Oscar Krause	d7c29f834c	test with "X-NLS-Signature"	2025-04-14 20:29:50 +02:00
Oscar Krause	685e1ce0bb	implemented client_challenge on lease apis	2025-04-14 20:29:50 +02:00
Oscar Krause	d8cddd4b29	set "offline_lease" to false	2025-04-14 20:29:50 +02:00
Oscar Krause	60f7e40ca4	added EMPTY (!!!) X-NLS-Signature response header	2025-04-14 20:29:50 +02:00
Oscar Krause	672ddb16c7	added debug headers	2025-04-14 20:29:50 +02:00
Oscar Krause	beebf9e812	code styling	2025-04-14 20:29:50 +02:00
Oscar Krause	743c702921	added new "protocol_version" to client-token	2025-04-14 20:29:50 +02:00
Oscar Krause	601d733add	fixes	2025-04-14 20:29:50 +02:00
Oscar Krause	2ffee4aee1	also debug response	2025-04-14 20:29:50 +02:00
Oscar Krause	5eb0c55f3f	fixed datetime format	2025-04-14 20:29:50 +02:00
Oscar Krause	c7e8414934	added missing lessor attributes	2025-04-14 20:29:50 +02:00
Oscar Krause	30ef56f956	fixes	2025-04-14 20:29:50 +02:00
Oscar Krause	1908b44bed	added debugging	2025-04-14 20:29:50 +02:00
Oscar Krause	0982106b4f	updated new responses for 18.x drivers	2025-04-14 20:29:50 +02:00
Oscar Krause	c15cdee610	created "init_config_token_demo"	2025-04-14 20:29:50 +02:00
Oscar Krause	7ce79ec95b	added test and code for /leasing/v1/config-token ref. https://git.collinwebdesigns.de/nvidia/nls/-/blob/main/src/test/test_config_token.py	2025-04-14 20:29:50 +02:00
Oscar Krause	88fbd08610	implemented initial endpoint for /leasing/v1/config-token	2025-04-14 20:29:50 +02:00
Oscar Krause	e438de6281	added logging	2025-04-14 20:29:50 +02:00
Oscar Krause	d71b66d192	added debugging	2025-04-14 20:29:50 +02:00
Oscar Krause	61c9e47237	added endpoint '/leasing/v1/config-token'	2025-04-14 20:29:50 +02:00
Oscar Krause	9e5b4f5a42	Datei .gitlab-ci.yml aktualisieren	2025-04-14 20:13:02 +02:00
Oscar Krause	f9c7475250	ci fixes	2025-04-14 13:37:27 +02:00
Oscar Krause	00dafdc63a	do not run duplicated pipeline on feature-branches	2025-04-14 11:17:25 +02:00
Oscar Krause	a8c1cdf095	updated create_driver_matrix_json.py	2025-04-11 14:10:26 +02:00
Oscar Krause	607cca7655	typos	2025-04-10 09:00:58 +02:00
Oscar Krause	6f9b6b9e5c	Merge branch 'dev' into 'main' added NixOS Pull-Request note for official "nixpkgs" See merge request oscar.krause/fastapi-dls!50	2025-04-10 08:58:36 +02:00
Oscar Krause	d22e93020c	added NixOS Pull-Request note for official "nixpkgs"	2025-04-10 07:55:20 +02:00
Oscar Krause	4522425bcc	Merge branch 'dev' into 'main' dev See merge request oscar.krause/fastapi-dls!48	2025-04-08 10:10:31 +02:00
Oscar Krause	4568881d1e	fixes	2025-04-08 09:56:51 +02:00
Oscar Krause	d4d49956fe	fixes	2025-04-08 09:38:49 +02:00
Oscar Krause	44a63efc4f	requirements.txt updated	2025-04-08 09:22:03 +02:00
Oscar Krause	ca0eedc1f2	.gitignore	2025-04-08 09:18:50 +02:00
Oscar Krause	6d5b389f2a	.gitlab-ci.yml	2025-04-08 09:17:44 +02:00
Oscar Krause	c3dbc043b3	updated EOLs	2025-03-21 08:47:28 +01:00
Oscar Krause	666a07507e	typos	2025-03-21 08:39:32 +01:00
Oscar Krause	76272af36f	added some glfm	2025-03-21 07:47:41 +01:00
Oscar Krause	cc2a11d07b	moved the only two FAQ entries to Known-Issues on README	2025-03-21 07:47:26 +01:00
Oscar Krause	b26704646d	fixes	2025-03-20 20:24:43 +01:00
Oscar Krause	e0c9bb46ee	requirements.txt updated	2025-03-20 20:09:20 +01:00
Oscar Krause	490720f2d6	code styling	2025-03-20 20:09:13 +01:00
Oscar Krause	9ed178098b	removed doc directory	2025-03-20 07:11:01 +01:00
Oscar Krause	951fc35203	moved Reverse Engineering Notes to separate project ref.: https://git.collinwebdesigns.de/nvidia/nls	2025-03-19 21:03:54 +01:00
Oscar Krause	26248a4ea5	fixed tests	2025-03-19 21:01:58 +01:00
Oscar Krause	85623d1a65	code styling	2025-03-18 14:47:33 +01:00
Oscar Krause	e6a2de40c9	fixed test deprecations	2025-03-18 10:33:52 +01:00
Oscar Krause	fd46eecfb3	created PrivateKey / PublicKey wrapper classes	2025-03-18 09:43:44 +01:00
Oscar Krause	958f23f79d	fixed "cryptography" dependency	2025-03-17 14:09:55 +01:00
Oscar Krause	0bdd3a6ac2	migrated from "pycryptodome" to "cryptography"	2025-03-17 14:05:26 +01:00
Oscar Krause	8a269b0393	Merge branch 'main' into 'dev' # Conflicts: # doc/Reverse Engineering Notes.md	2025-03-13 20:33:01 +01:00
Oscar Krause	6607756c08	updated Reverse Engineering Notes.md	2025-03-13 20:29:16 +01:00
Oscar Krause	584eee41ef	Merge branch 'dev' into 'main' fixed logging See merge request oscar.krause/fastapi-dls!47	2025-03-12 13:40:45 +01:00
Oscar Krause	25658cb1fb	code styling	2025-03-12 11:41:58 +01:00
Oscar Krause	43fdf1170c	Reverse Engineering Notes.md bearbeiten	2025-03-12 08:44:37 +01:00
Oscar Krause	a953e62bcb	Reverse Engineering Notes.md bearbeiten	2025-03-11 22:51:45 +01:00
Oscar Krause	9c0cd21e71	Reverse Engineering Notes.md bearbeiten	2025-03-11 22:32:13 +01:00
Oscar Krause	3f5fcbebb3	fixed logging	2025-03-11 22:04:35 +01:00
Oscar Krause	3fdd439035	Reverse Engineering Notes.md bearbeiten	2025-03-11 13:40:21 +01:00
Oscar Krause	d30dbced39	Reverse Engineering Notes.md bearbeiten	2025-03-10 23:47:55 +01:00
Oscar Krause	5b61d0a40e	Reverse Engineering Notes.md bearbeiten	2025-03-10 21:21:40 +01:00
Oscar Krause	83616c858b	Merge branch 'dev' into 'main' dev See merge request oscar.krause/fastapi-dls!44	2025-03-09 21:53:50 +01:00
Oscar Krause	ca25349a68	added notes about 18.x branch	2025-03-09 21:37:29 +01:00
Oscar Krause	262312b512	requirements.txt updated	2025-02-25 11:21:59 +01:00
Oscar Krause	aec6535391	Merge branch 'dev' into 'main' updated driver releases See merge request oscar.krause/fastapi-dls!43	2025-01-21 08:15:52 +01:00
Oscar Krause	0f4d0eea34	updated driver releases	2025-01-21 07:58:13 +01:00
Oscar Krause	35022d434b	Merge branch 'dev' into 'main' Dev See merge request oscar.krause/fastapi-dls!42	2025-01-21 07:55:10 +01:00
Oscar Krause	7db43cf61e	dependencies updated	2025-01-21 07:02:04 +01:00
Oscar Krause	d7598a37c6	added another further reading link	2025-01-21 07:00:13 +01:00
Oscar Krause	c57d76c74c	Merge branch 'dev' into 'main' Dev See merge request oscar.krause/fastapi-dls!41	2024-12-16 15:29:32 +01:00
Oscar Krause	dcc3654131	disabled matrix tests for python (covered by apt jobs)	2024-12-16 07:34:55 +01:00
Oscar Krause	32f1be9599	updated DLS	2024-12-14 12:02:48 +01:00
Oscar Krause	e5fc607638	added explicit "algorithms" argument applied patch from https://github.com/mrzenc/fastapi-dls-nixos/blob/main/add-algorithms-argument.patch from https://github.com/mrzenc/fastapi-dls-nixos	2024-12-13 07:18:14 +01:00
Oscar Krause	f72c64dcb3	renamed "python3-jose" dependency to alias of "python3-josepy" to match apt packages on debian/ubuntu	2024-12-12 12:54:39 +01:00
Oscar Krause	3659aec4b2	refactored gitlab-ci	2024-12-12 12:34:19 +01:00
Oscar Krause	4a501da27b	code styling	2024-12-02 10:03:35 +01:00
Oscar Krause	025b88926b	fixes	2024-12-02 10:02:54 +01:00
Oscar Krause	f5943cd636	removed return statement on tests	2024-12-02 09:42:56 +01:00
Oscar Krause	03b9b4a598	moved from deprecated "datetime.utcnow()" to "datetime.now(UTC)"	2024-12-02 09:42:41 +01:00
Oscar Krause	ea8a66d449	removed "PatchMalformedJsonMiddleware" because its not working on driver site ref. oscar.krause/fastapi-dls#1	2024-12-02 08:37:01 +01:00
Oscar Krause	991a35ef1a	implemented "fix_ip_address_list_length"	2024-11-29 13:04:10 +01:00
Oscar Krause	e20a9f4b32	added "NixOS" section from mrzenc ref. https://github.com/mrzenc/fastapi-dls-nixos	2024-11-25 07:21:57 +01:00
Oscar Krause	1b6f142cb5	marked regex with 'r'	2024-11-22 15:07:54 +01:00
Oscar Krause	1daa365df9	code styling	2024-11-22 15:00:16 +01:00
Oscar Krause	afb38d628b	typos	2024-11-22 14:19:51 +01:00
Oscar Krause	53c88a79ac	improved logging and implemented method to reduce response mac_address_length	2024-11-22 14:16:10 +01:00
Oscar Krause	a43ddf79c3	updated supported os	2024-11-21 11:13:30 +01:00
Oscar Krause	699dbf6fac	Merge branch '1-parsing-issue-in-mal-formatted-mac_address_list' into 'main' Resolve "Parsing issue in mal formatted "mac_address_list"" Closes #1 See merge request oscar.krause/fastapi-dls!40	2024-11-21 09:18:22 +01:00
Oscar Krause	317699ff58	code styling	2024-11-21 08:51:39 +01:00
Oscar Krause	55446f7d9c	fixes	2024-11-21 08:51:39 +01:00
Oscar Krause	88c78efcd9	fixes	2024-11-21 08:51:39 +01:00
Oscar Krause	fb3ac4291f	code styling	2024-11-21 08:51:39 +01:00
Oscar Krause	15f14cac11	implemented "SUPPORT_MALFORMED_JSON" variable	2024-11-21 08:51:39 +01:00
Oscar Krause	018d7c34fc	fixes	2024-11-21 08:51:39 +01:00
Oscar Krause	1aee423120	fixes	2024-11-21 08:51:39 +01:00
Oscar Krause	a6b2f2a942	fixed json payload	2024-11-21 08:51:39 +01:00
Oscar Krause	e33024db86	fixed variable names ref. oscar.krause/fastapi-dls#1	2024-11-21 08:51:39 +01:00
Oscar Krause	4ad15f0849	fix malformed json on auth ref. oscar.krause/fastapi-dls#1	2024-11-21 08:51:39 +01:00
Oscar Krause	7bad0359af	updated ci pipeline to match current eol supported systems	2024-11-21 08:44:14 +01:00
Oscar Krause	59a7c9f15a	Merge branch 'dev' into 'main' Dev See merge request oscar.krause/fastapi-dls!38	2024-11-13 16:11:40 +01:00
Oscar Krause	bc6d692f0a	added "delete_expired" method for leases	2024-11-13 15:03:37 +01:00
Oscar Krause	63c37c6334	fixed timezone in json response	2024-11-13 15:03:12 +01:00
Oscar Krause	fa2c06972e	sql query improvements	2024-11-13 15:01:33 +01:00
Oscar Krause	e4e6387b2a	ci improvements	2024-11-13 14:58:55 +01:00
Oscar Krause	f2be9dca8d	Merge branch 'dev' into 'main' requirements.txt updated See merge request oscar.krause/fastapi-dls!36	2024-11-13 14:09:54 +01:00
Oscar Krause	52dd425583	fixes	2024-11-13 13:41:07 +01:00
Oscar Krause	286399d79a	fixed test matrix	2024-11-13 10:48:11 +01:00
Oscar Krause	4ab1a2ed22	added requirements for ubuntu 24.10	2024-11-13 10:28:08 +01:00
Oscar Krause	459c0e21af	debugging	2024-11-13 10:27:52 +01:00
Oscar Krause	98ef64211b	typings	2024-11-13 09:09:00 +01:00
Oscar Krause	0b4bb65546	added python3-pip to test	2024-11-13 08:55:00 +01:00
Oscar Krause	47624f5019	Dockerfile - updated db dependencies	2024-11-13 08:37:07 +01:00
Oscar Krause	2b9d7821c0	improved gitlab test matrix	2024-11-13 08:33:28 +01:00
Oscar Krause	45f5108717	requirements.txt updated	2024-11-13 08:25:40 +01:00