cf-uaa-lib 3.6.0 → 3.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cbf0e4c510eb02fb7e828ffbe7f227c10fdc9e45
-  data.tar.gz: e5718846645aabe80e2ab0e4bb581e2146110ed4
+  metadata.gz: 41d1d29707fa6dd64486407764cfaa01dddf0b39
+  data.tar.gz: 41a335fbc12c82462b3ca18ffbdd73613f89a7e2
 SHA512:
-  metadata.gz: 08568f7f4c4763e269e39e52768c3d738a1c3df347b7d911e63fa48158ccfdc81c53d8c69cdc2b78f19a3fab3c82b5f7f12f42ab8a5f84c3c013e3e3270d5d10
-  data.tar.gz: 72cc5995de5569c12f5e8a0b3a88890bef8df65b424fbccd038ec0d9c673ffaa62291f0ba39cc064b7a43f52f2c21588fd74c2a5784640b7d7514529cbcfe81a
+  metadata.gz: 171ff7b4dabbfe88d3939204fe5ea7d6142a9f5912d191979c78920d56b697d43810df85d80a6798702f3684c3414f1b0c0637d41fd772e08ab83a1f4cd50b56
+  data.tar.gz: 076de82f0fc91e1cb8388a310324fb66c86a017d24dbab52313167742400941b4b4865ccdb09f91844750f88edcbc8d2b88991cea7fbdbd7c92a75d5c8c68733

data/cf-uaa-lib.gemspec

@@ -34,6 +34,7 @@ Gem::Specification.new do |s|
 
   # dependencies
   s.add_dependency "multi_json"
+  s.add_dependency "httpclient", "~> 2.8.2.4"
 
   s.add_development_dependency "bundler"
   s.add_development_dependency "rake", "~> 10.3.2"

data/lib/uaa/http.rb

@@ -12,9 +12,8 @@
 #++
 
 require 'base64'
-require 'net/http'
 require 'uaa/util'
-require 'uaa/proxy_options'
+require 'httpclient'
 
 module CF::UAA
 
@@ -46,11 +45,10 @@ class InvalidToken < TargetError; end
 
 # Utility accessors and methods for objects that want to access JSON web APIs.
 module Http
-  include ProxyOptions
 
   def self.included(base)
     base.class_eval do
-      attr_accessor :http_proxy, :https_proxy, :skip_ssl_validation, :ssl_ca_file, :ssl_cert_store, :zone
+      attr_accessor :skip_ssl_validation, :ssl_ca_file, :ssl_cert_store, :zone
     end
   end
 
@@ -78,30 +76,30 @@ module Http
   # @return [String]
   def self.basic_auth(name, password)
     str = "#{name}:#{password}"
-    "Basic " + (Base64.respond_to?(:strict_encode64)?
-        Base64.strict_encode64(str): [str].pack("m").gsub(/\n/, ''))
+    'Basic ' + (Base64.respond_to?(:strict_encode64)?
+        Base64.strict_encode64(str): [str].pack('m').gsub(/\n/, ''))
   end
 
-  JSON_UTF8 = "application/json;charset=utf-8"
-  FORM_UTF8 = "application/x-www-form-urlencoded;charset=utf-8"
+  JSON_UTF8 = 'application/json;charset=utf-8'
+  FORM_UTF8 = 'application/x-www-form-urlencoded;charset=utf-8'
 
   private
 
   def json_get(target, path = nil, style = nil, headers = {})
     raise ArgumentError unless style.nil? || style.is_a?(Symbol)
-    json_parse_reply(style, *http_get(target, path, headers.merge("accept" => JSON_UTF8)))
+    json_parse_reply(style, *http_get(target, path, headers.merge('accept' => JSON_UTF8)))
   end
 
   def json_post(target, path, body, headers = {})
-    http_post(target, path, Util.json(body), headers.merge("content-type" => JSON_UTF8))
+    http_post(target, path, Util.json(body), headers.merge('content-type' => JSON_UTF8))
   end
 
   def json_put(target, path, body, headers = {})
-    http_put(target, path, Util.json(body), headers.merge("content-type" => JSON_UTF8))
+    http_put(target, path, Util.json(body), headers.merge('content-type' => JSON_UTF8))
   end
 
   def json_patch(target, path, body, headers = {})
-    http_patch(target, path, Util.json(body), headers.merge("content-type" => JSON_UTF8))
+    http_patch(target, path, Util.json(body), headers.merge('content-type' => JSON_UTF8))
   end
 
   def json_parse_reply(style, status, body, headers)
@@ -110,17 +108,17 @@ module Http
       raise (status == 404 ? NotFound : BadResponse), "invalid status response: #{status}"
     end
     if body && !body.empty? && (status == 204 || headers.nil? ||
-          headers["content-type"] !~ /application\/json/i)
-      raise BadResponse, "received invalid response content or type"
+          headers['content-type'] !~ /application\/json/i)
+      raise BadResponse, 'received invalid response content or type'
     end
     parsed_reply = Util.json_parse(body, style)
     if status >= 400
-      raise parsed_reply && parsed_reply["error"] == "invalid_token" ?
-          InvalidToken.new(parsed_reply) : TargetError.new(parsed_reply), "error response"
+      raise parsed_reply && parsed_reply['error'] == 'invalid_token' ?
+          InvalidToken.new(parsed_reply) : TargetError.new(parsed_reply), 'error response'
     end
     parsed_reply
   rescue DecodeError
-    raise BadResponse, "invalid JSON response"
+    raise BadResponse, 'invalid JSON response'
   end
 
   def http_get(target, path = nil, headers = {}) request(target, :get, path, nil, headers) end
@@ -129,7 +127,7 @@ module Http
   def http_patch(target, path, body, headers = {}) request(target, :patch, path, body, headers) end
 
   def http_delete(target, path, authorization, zone = nil)
-    hdrs = { "authorization" => authorization }
+    hdrs = { 'authorization' => authorization }
     hdrs['X-Identity-Zone-Subdomain'] = zone if zone
     status = request(target, :delete, path, nil, hdrs)[0]
     unless [200, 204].include?(status)
@@ -138,7 +136,7 @@ module Http
   end
 
   def request(target, method, path, body = nil, headers = {})
-    headers["accept"] = headers["content-type"] if headers["content-type"] && !headers["accept"]
+    headers['accept'] = headers['content-type'] if headers['content-type'] && !headers['accept']
     url = "#{target}#{path}"
 
     logger.debug { "--->\nrequest: #{method} #{url}\n" +
@@ -156,44 +154,49 @@ module Http
   end
 
   def net_http_request(url, method, body, headers)
-    raise ArgumentError unless reqtype = {:delete => Net::HTTP::Delete,
-        :get => Net::HTTP::Get, :post => Net::HTTP::Post, :put => Net::HTTP::Put, :patch => Net::HTTP::Patch}[method]
-    headers["content-length"] = body.length if body
     uri = URI.parse(url)
-    req = reqtype.new(uri.request_uri)
-    headers.each { |k, v| req[k] = v }
     http = http_request(uri)
-    reply, outhdrs = http.request(req, body), {}
-    reply.each_header { |k, v| outhdrs[k] = v }
-    [reply.code.to_i, reply.body, outhdrs]
+    headers['content-length'] = body.length.to_s if body
+    case method
+      when :get, :delete
+        response = http.send(method, uri, nil, headers)
+      when :post, :put, :patch
+        response = http.send(method, uri, body, headers)
+      else
+        raise ArgumentError
+    end
 
+    unless response.status
+      raise HTTPException.new "Can't parse response from the server #{response.content}"
+    end
+    response_headers = {}
+    response.header.all.each { |k, v| response_headers[k.downcase] = v }
+    return [response.status.to_i, response.content, response_headers]
   rescue OpenSSL::SSL::SSLError => e
     raise SSLException, "Invalid SSL Cert for #{url}. Use '--skip-ssl-validation' to continue with an insecure target"
   rescue URI::Error, SocketError, SystemCallError => e
     raise BadTarget, "error: #{e.message}"
-  rescue Net::HTTPBadResponse => e
-    raise HTTPException, "HTTP exception: #{e.class}: #{e}"
   end
 
   def http_request(uri)
-    cache_key = URI.join(uri.to_s, "/")
+    cache_key = URI.join(uri.to_s, '/')
     @http_cache ||= {}
     return @http_cache[cache_key] if @http_cache[cache_key]
 
-    http = Net::HTTP.new(uri.host, uri.port, *proxy_options_for(uri))
-
     if uri.is_a?(URI::HTTPS)
-      http.use_ssl = true
-
-      if skip_ssl_validation
-        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-      elsif ssl_ca_file
-        http.ca_file = File.expand_path(ssl_ca_file)
-        http.verify_mode = OpenSSL::SSL::VERIFY_PEER
-      elsif ssl_cert_store
-        http.cert_store = ssl_cert_store
-        http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      http = HTTPClient.new.tap do |c|
+        if skip_ssl_validation
+          c.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        elsif ssl_ca_file
+          c.ssl_config.set_trust_ca File.expand_path(ssl_ca_file)
+          c.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_PEER
+        elsif ssl_cert_store
+          c.ssl_config.cert_store = ssl_cert_store
+          c.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_PEER
+        end
       end
+    else
+      http = HTTPClient.new
     end
 
     @http_cache[cache_key] = http

data/lib/uaa/info.rb

@@ -35,8 +35,6 @@ class Info
     self.ssl_ca_file = options[:ssl_ca_file]
     self.ssl_cert_store = options[:ssl_cert_store]
     self.symbolize_keys = options[:symbolize_keys]
-    self.http_proxy = options[:http_proxy]
-    self.https_proxy = options[:https_proxy]
   end
 
   # sets whether the keys in returned hashes should be symbols.

data/lib/uaa/scim.rb

@@ -109,8 +109,6 @@ class Scim
     self.skip_ssl_validation = options[:skip_ssl_validation]
     self.ssl_ca_file = options[:ssl_ca_file]
     self.ssl_cert_store = options[:ssl_cert_store]
-    self.http_proxy = options[:http_proxy]
-    self.https_proxy = options[:https_proxy]
     @zone = options[:zone]
   end
 

data/lib/uaa/token_coder.rb

@@ -113,7 +113,7 @@ class TokenCoder
     signature = Util.decode64(crypto_segment)
     if ["HS256", "HS384", "HS512"].include?(algo)
       raise InvalidSignature, "Signature verification failed" unless
-          options[:skey] && signature == OpenSSL::HMAC.digest(init_digest(algo), options[:skey], signing_input)
+          options[:skey] && constant_time_compare(signature, OpenSSL::HMAC.digest(init_digest(algo), options[:skey], signing_input))
     elsif ["RS256", "RS384", "RS512"].include?(algo)
       raise InvalidSignature, "Signature verification failed" unless
           options[:pkey] && options[:pkey].verify(init_digest(algo), signature, signing_input)
@@ -123,6 +123,24 @@ class TokenCoder
     payload
   end
 
+  # Takes constant time to compare 2 strings (HMAC digests in this case)
+  # to avoid timing attacks while comparing the HMAC digests
+  # @param [String] a: the first digest to compare
+  # @param [String] b: the second digest to compare
+  # @return [boolean] true if they are equal, false otherwise
+  def self.constant_time_compare(a, b)
+    if a.length != b.length
+      return false
+    end
+  
+    result = 0
+    a.chars.zip(b.chars).each do |x, y|
+      result |= x.ord ^ y.ord
+    end
+    
+    result == 0
+  end
+
   # Creates a new token en/decoder for a service that is associated with
   # the the audience_ids, the symmetrical token validation key, and the
   # public and/or private keys.

data/lib/uaa/token_issuer.rb

@@ -112,8 +112,6 @@ class TokenIssuer
     self.skip_ssl_validation = options[:skip_ssl_validation]
     self.ssl_ca_file = options[:ssl_ca_file]
     self.ssl_cert_store = options[:ssl_cert_store]
-    self.http_proxy = options[:http_proxy]
-    self.https_proxy = options[:https_proxy]
   end
 
   # Allows an app to discover what credentials are required for

data/lib/uaa/version.rb

@@ -14,6 +14,6 @@
 # Cloud Foundry namespace
 module CF
   module UAA
-    VERSION = "3.6.0"
+    VERSION = "3.7.0"
   end
 end

data/spec/http_spec.rb

@@ -15,83 +15,102 @@ require 'spec_helper'
 require 'uaa/http'
 require 'uaa/version'
 
-module CF::UAA
-
-describe Http do
+describe CF::UAA::Http do
 
   class HttpTest
-    include Http
+    include CF::UAA::Http
 
     public :http_get
   end
 
   let(:http_instance) { HttpTest.new }
 
-  it "sets a request handler" do
-    http_instance.set_request_handler do |url, method, body, headers|
-      [200, "body", {"content-type" => "text/plain"}]
+  let(:http_double) do
+    http_double = double('http').as_null_object
+    expect(HTTPClient).to receive(:new).and_return(http_double)
+    http_double
+  end
+
+  let(:cert_store) { double('OpenSSL::X509::Store') }
+
+  describe 'set_request_handler' do
+    it 'sets a request handler' do
+      http_instance.set_request_handler do |url, method, body, headers|
+        [200, 'body', {'content-type' => 'text/plain'}]
+      end
+      status, body, resp_headers = http_instance.http_get('http://example.com')
+      status.should == 200
+      body.should == 'body'
+      resp_headers['content-type'].should == 'text/plain'
     end
-    status, body, resp_headers = http_instance.http_get("http://example.com")
-    status.should == 200
-    body.should == "body"
-    resp_headers["content-type"].should == "text/plain"
   end
 
-  it "utilizes proxy settings if given" do
-    reply_double = double('http reply', each_header: {}).as_null_object
-    http_double = double('http', request: reply_double, new: nil)
-    Net::HTTP.stub(:new).and_return(http_double)
-    http_instance.http_proxy = 'user:password@http-proxy.example.com:1234'
-    http_instance.https_proxy = 'user:password@https-proxy.example.com:1234'
+  describe 'http_get' do
 
-    http_instance.http_get("http://example.com")
+    context 'when response has no status' do
+      let(:response) { double('http::message') }
+      it 'raises an HTTPException error' do
+        expect(response).to receive(:status)
+        expect(response).to receive(:content).and_return('TEST')
+        expect(http_double).to receive(:get).and_return(response)
+        expect { http_instance.http_get('https://example.com') }.to raise_error(CF::UAA::HTTPException, "Can't parse response from the server TEST")
+      end
+    end
 
-    expect(Net::HTTP).to have_received(:new).with(anything, anything, 'http-proxy.example.com', 1234, 'user', 'password')
-  end
+    context 'when certificate is not valid' do
+      it 'raises an SSLException' do
+        expect(http_double).to receive(:get).and_raise(OpenSSL::SSL::SSLError)
 
-  it "raises an SSLException when the certificate is not valid" do
-    http_double = double('http').as_null_object
-    Net::HTTP.stub(:new).and_return(http_double)
-    http_double.stub(:request).and_raise(OpenSSL::SSL::SSLError)
+        expect { http_instance.http_get('https://example.com') }.to raise_error(CF::UAA::SSLException)
+      end
+    end
 
-    expect { http_instance.http_get("https://example.com") }.to raise_error(CF::UAA::SSLException)
-  end
+    context 'when skipping ssl validation' do
+      let(:ssl_config) { double('ssl_config') }
 
-  it "skips ssl validation if requested" do
-    http_double = double('http').as_null_object
-    Net::HTTP.stub(:new).and_return(http_double)
-    http_double.stub(:verify_mode=)
+      it 'sets verify mode to VERIFY_NONE' do
+        http_instance.skip_ssl_validation = true
+
+        expect(http_double).to receive(:ssl_config).and_return(ssl_config)
+        expect(ssl_config).to receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_NONE)
+        http_instance.http_get('https://uncached.example.com')
+      end
+    end
 
-    http_instance.http_get("https://example.com")
-    expect(http_double).not_to have_received(:verify_mode=)
+    context 'when validating ssl' do
+      it 'does not set verify mode' do
+        expect(http_double).not_to receive(:ssl_config)
+        http_instance.http_get('https://example.com')
+      end
+    end
 
-    http_instance.skip_ssl_validation = true
-    http_instance.http_get("https://uncached.example.com")
-    expect(http_double).to have_received(:verify_mode=).with(OpenSSL::SSL::VERIFY_NONE)
-  end
+    context 'when ssl certificate is provided' do
 
-  it "passes ssl certificate file if provided" do
-    http_double = double('http').as_null_object
-    Net::HTTP.stub(:new).and_return(http_double)
+      let(:ssl_config) { double('ssl_config') }
 
-    http_instance.ssl_ca_file = "/fake-ca-file"
-    http_instance.http_get("https://uncached.example.com")
+      it 'passes it' do
+        http_instance.ssl_ca_file = '/fake-ca-file'
 
-    expect(http_double).to have_received(:ca_file=).with("/fake-ca-file")
-    expect(http_double).to have_received(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
-  end
+        expect(http_double).to receive(:ssl_config).and_return(ssl_config).twice
+        expect(ssl_config).to receive(:set_trust_ca).with('/fake-ca-file')
+        expect(ssl_config).to receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
 
-  it "passes ssl cert store if provided" do
-    http_double = double('http').as_null_object
-    cert_store = double('OpenSSL::X509::Store')
-    Net::HTTP.stub(:new).and_return(http_double)
+        http_instance.http_get('https://uncached.example.com')
+      end
+    end
 
-    http_instance.ssl_cert_store = cert_store
-    http_instance.http_get("https://uncached.example.com")
+    context 'when ssl cert store is provided' do
+      let(:ssl_config) { double('ssl_config') }
 
-    expect(http_double).to have_received(:cert_store=).with(cert_store)
-    expect(http_double).to have_received(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
-  end
-end
+      it 'passes it' do
+        http_instance.ssl_cert_store = cert_store
+
+        expect(http_double).to receive(:ssl_config).and_return(ssl_config).twice
+        expect(ssl_config).to receive(:cert_store=).with(cert_store)
+        expect(ssl_config).to receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
 
-end
+        http_instance.http_get('https://uncached.example.com')
+      end
+    end
+  end
+end

data/spec/info_spec.rb

@@ -19,44 +19,42 @@ module CF::UAA
   describe Info do
     let(:options) { {} }
     let(:uaa_info) { Info.new(target, options) }
-    let(:target) { "https://login.cloudfoundry.com" }
+    let(:target) { 'https://login.cloudfoundry.com' }
     let(:authorization) { nil }
 
     before do
       uaa_info.set_request_handler do |url, method, body, headers|
         url.should == target_url
         method.should == :get
-        headers["content-type"].should be_nil
-        headers["accept"].gsub(/\s/, '').should =~ /application\/json;charset=utf-8/i
-        headers["authorization"].should == authorization
-        [200, response_body, {"content-type" => "application/json"}]
+        headers['content-type'].should be_nil
+        headers['accept'].gsub(/\s/, '').should =~ /application\/json;charset=utf-8/i
+        headers['authorization'].should == authorization
+        [200, response_body, {'content-type' => 'application/json'}]
       end
     end
 
-    describe "initialize" do
-      let(:options) { {:http_proxy => 'http-proxy.com', :https_proxy => 'https-proxy.com', :skip_ssl_validation => true} }
+    describe 'initialize' do
+      let(:options) { {:skip_ssl_validation => true} }
 
-      it "sets proxy information" do
-        uaa_info.http_proxy.should == 'http-proxy.com'
-        uaa_info.https_proxy.should == 'https-proxy.com'
+      it 'sets proxy information' do
         uaa_info.skip_ssl_validation == true
       end
     end
 
-    describe "getting server info" do
-      let(:target_url) { "https://login.cloudfoundry.com/login" }
+    describe 'getting server info' do
+      let(:target_url) { 'https://login.cloudfoundry.com/login' }
       let(:response_body) { '{"commit_id":"12345","prompts":["one","two"]}' }
 
-      it "gets server info" do
+      it 'gets server info' do
         result = uaa_info.server
-        result["prompts"].should_not be_nil
-        result["commit_id"].should_not be_nil
+        result['prompts'].should_not be_nil
+        result['commit_id'].should_not be_nil
       end
 
-      context "with symbolize_keys keys true" do
+      context 'with symbolize_keys keys true' do
         let(:options) { {:symbolize_keys => true} }
 
-        it "gets server info" do
+        it 'gets server info' do
           result = uaa_info.server
           result[:prompts].should_not be_nil
           result[:commit_id].should_not be_nil
@@ -64,63 +62,63 @@ module CF::UAA
       end
     end
 
-    describe "getting UAA target" do
-      let(:target) { "https://login.cloudfoundry.com" }
-      let(:target_url) { "https://login.cloudfoundry.com/login" }
+    describe 'getting UAA target' do
+      let(:target) { 'https://login.cloudfoundry.com' }
+      let(:target_url) { 'https://login.cloudfoundry.com/login' }
       let(:response_body) { '{"links":{"uaa":"https://uaa.cloudfoundry.com"},"prompts":["one","two"]}' }
 
-      it "gets UAA target" do
+      it 'gets UAA target' do
         result = uaa_info.discover_uaa
-        result.should == "https://uaa.cloudfoundry.com"
+        result.should == 'https://uaa.cloudfoundry.com'
       end
 
       context "when there is no 'links' key present" do
-        let(:target) { "https://uaa.cloudfoundry.com" }
-        let(:target_url) { "https://uaa.cloudfoundry.com/login" }
+        let(:target) { 'https://uaa.cloudfoundry.com' }
+        let(:target_url) { 'https://uaa.cloudfoundry.com/login' }
         let(:response_body) { '{ "prompts" : ["one","two"]} ' }
 
-        it "returns the target url" do
+        it 'returns the target url' do
           result = uaa_info.discover_uaa
-          result.should == "https://uaa.cloudfoundry.com"
+          result.should == 'https://uaa.cloudfoundry.com'
         end
       end
 
-      context "with symbolize_keys keys true" do
+      context 'with symbolize_keys keys true' do
         let(:options) { {:symbolize_keys => true} }
 
-        it "gets UAA target" do
+        it 'gets UAA target' do
           result = uaa_info.discover_uaa
-          result.should == "https://uaa.cloudfoundry.com"
+          result.should == 'https://uaa.cloudfoundry.com'
         end
       end
     end
 
-    describe "whoami" do
-      let(:target_url) { "https://login.cloudfoundry.com/userinfo?schema=openid" }
+    describe 'whoami' do
+      let(:target_url) { 'https://login.cloudfoundry.com/userinfo?schema=openid' }
       let(:response_body) { '{"user_id":"1111-1111-1111-1111","user_name":"user","given_name":"first","family_name":"last","name":"first last","email":"email@example.com"}' }
       let(:authorization) { 'authentication_token' }
 
-      it "returns the user info" do
+      it 'returns the user info' do
         result = uaa_info.whoami(authorization)
         result['email'].should == 'email@example.com'
       end
     end
 
-    describe "validation_key" do
-      let(:target_url) { "https://login.cloudfoundry.com/token_key" }
+    describe 'validation_key' do
+      let(:target_url) { 'https://login.cloudfoundry.com/token_key' }
       let(:response_body) { '{"alg":"SHA256withRSA","value":"-----BEGIN PUBLIC KEY-----\nabc123\n-----END PUBLIC KEY-----\n"}' }
 
-      it "returns the key data" do
+      it 'returns the key data' do
         result = uaa_info.validation_key(authorization)
         result['alg'].should == 'SHA256withRSA'
       end
     end
 
-    describe "validation keys" do
-      let(:target_url) { "https://login.cloudfoundry.com/token_keys" }
+    describe 'validation keys' do
+      let(:target_url) { 'https://login.cloudfoundry.com/token_keys' }
       let(:response_body) { '{ "keys": [ { "kid": "the_key", "alg": "SHA256withRSA", "value": "-----BEGIN PUBLIC KEY-----\nabc123\n-----END PUBLIC KEY-----\n", "kty": "RSA", "use": "sig", "n": "Ufn7Qc", "e": "EEXZ" }, { "kid": "the_other_key", "alg": "SHA256withRSA", "value": "-----BEGIN PUBLIC KEY-----\ndef456\n-----END PUBLIC KEY-----\n", "kty": "RSA", "use": "sig", "n": "AMcW9/P", "e": "AQAB" } ] }' }
 
-      it "returns a hash of keys" do
+      it 'returns a hash of keys' do
         result = uaa_info.validation_keys_hash(authorization)
 
         the_key = result['the_key']