conjur-api 5.3.0 → 5.3.5

data/lib/conjur/role_grant.rb

@@ -1,23 +1,19 @@
+# frozen_string_literal: true
+
+# Copyright 2013-2018 CyberArk Ltd.
 #
-# Copyright 2013-2017 Conjur Inc
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy of
-# this software and associated documentation files (the "Software"), to deal in
-# the Software without restriction, including without limitation the rights to
-# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-# the Software, and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
 #
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#   http://www.apache.org/licenses/LICENSE-2.0
 #
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 module Conjur
   # Represents the membership of a role. `RoleGrant`s are returned
   # by {ActsAsRole#members} and represent members of the role on which the method was invoked.
@@ -28,7 +24,6 @@ module Conjur
   #
   class RoleGrant
     extend BuildObject::ClassMethods
-    extend Cast
 
     # The role which was granted.
     # @return [Conjur::Role]

data/spec/api/host_factories_spec.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'conjur/api/host_factories'
+
+describe "Conjur::API.host_factory_create_host", api: :dummy do
+  it "returns a Host instance correctly on v4" do
+    token = "host factory token"
+    id = "test-host"
+
+    allow(Conjur::API).to receive(:url_for)
+      .with(:host_factory_create_host, token).and_return(
+        resource = instance_double(RestClient::Resource, "hosts")
+      )
+
+    allow(resource).to receive(:post).with(id: id).and_return(
+      instance_double(RestClient::Response, "host response", body: '
+        {
+          "id": "test-host",
+          "userid": "hosts",
+          "created_at": "2015-11-13T22:57:14Z",
+          "ownerid": "cucumber:group:ops",
+          "roleid": "cucumber:host:test-host",
+          "resource_identifier": "cucumber:host:test-host",
+          "api_key": "14x82x72syhnnd1h8jj24zj1kqd2j09sjy3tddwxc35cmy5nx33ph7"
+        }
+      ')
+    )
+
+    host = Conjur::API.host_factory_create_host token, id
+
+    expect(host).to be_a Conjur::Host
+  end
+end

data/spec/api_spec.rb

@@ -60,11 +60,11 @@ describe Conjur::API do
       context "after expiration" do
         it 'it reads a new token' do
           expect(Time.parse(api.token['timestamp'])).to be_within(5.seconds).of(Time.now)
-          
+
           time_travel 6.minutes
           new_token = token.merge "timestamp" => Time.now.to_s
           write_token new_token
-          
+
           expect(api.token).to eq(new_token)
         end
       end
@@ -85,10 +85,10 @@ describe Conjur::API do
           it 'by refreshing' do
             allow(Conjur::API).to receive(:authenticate).with(login, api_key, account: account).and_return token
             expect(Time.parse(api.token['timestamp'])).to be_within(5.seconds).of(Time.now)
-            
+
             time_travel 6.minutes
             new_token = token.merge "timestamp" => Time.now.to_s
-            
+
             expect(Conjur::API).to receive(:authenticate).with(login, api_key, account: account).and_return new_token
             expect(api.token).to eq(new_token)
           end
@@ -118,7 +118,7 @@ describe Conjur::API do
         subject { super().credentials }
         it { is_expected.to eq({ headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login }) }
       end
-      
+
       context "with remote_ip" do
         let(:remote_ip) { "66.0.0.1" }
         describe '#credentials' do
@@ -153,7 +153,7 @@ describe Conjur::API do
       context 'basic functioning' do
         it_behaves_like 'it can clone itself'
       end
-      
+
       context "forwarded for" do
         let(:forwarded_for_header) { "66.0.0.1" }
         let(:headers) { base_headers.merge(x_forwarded_for: forwarded_for_header) }
@@ -172,6 +172,55 @@ describe Conjur::API do
     end
   end
 
+  describe "#username" do
+    let(:jwt_payload) do
+      'eyJzdWIiOiJ1c2VyLTlhYjBiYmZiOWJlNjA5Yzk2ZjUyN2Y1YiIsImlhdCI6MTYwMzQ5MDA4MH0='
+    end
+
+    let(:jwt_header) do
+      'eyJhbGciOiJjb25qdXIub3JnL3Nsb3NpbG8vdjIiLCJraWQiOiI2MWZjOGRiZDM4MjA4NDll' \
+      'ZDI4YTZhYTAwMzFjNjM5MjkxZjJmMDQzNDVjYTU0MWI5NzUxMGQ5NjkyM2I3NDlmIn0='
+    end
+
+    let(:conjur_token) do
+      {
+        'data' => 'conjur-user-1234',
+        'timestamp' => Time.now.to_s
+      }
+    end
+
+    let(:jwt_token) do
+      {
+        'protected' => jwt_header,
+        'payload' => jwt_payload,
+      }
+    end
+
+    it "can correctly extract the username from old Conjur token" do
+      expect(Conjur::API.new_from_token(conjur_token).username).to(
+        eq('conjur-user-1234')
+      )
+    end
+
+    context 'when using JWT token' do
+      it "can correctly extract username" do
+        expect(Conjur::API.new_from_token(jwt_token).username).to(
+          eq('user-9ab0bbfb9be609c96f527f5b')
+        )
+      end
+
+      it "returns nil when JWT token has no payload field" do
+        no_payload_jwt_token = { 'protected' => jwt_header }
+        expect(Conjur::API.new_from_token(no_payload_jwt_token).username).to be_nil
+      end
+
+      it "returns nil when JWT token has no 'sub' field in payload" do
+        no_sub_token = { 'payload' => 'eyJpYXQiOjE2MDM0OTAwODB9' }
+        expect(Conjur::API.new_from_token(no_sub_token).username).to be_nil
+      end
+    end
+  end
+
   describe "#current_role", logged_in: true do
     context "when logged in as user" do
       let(:login) { 'joerandom' }

data/spec/base_object_spec.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Conjur::BaseObject do
+
+  it "returns custom string for #inspect" do
+    id_str = 'foo:bar:baz'
+    base_obj = Conjur::BaseObject.new(Conjur::Id.new(id_str), { username: 'foo' })
+    expect(base_obj.inspect).to include("id='#{id_str}'")
+    expect(base_obj.inspect).to include(Conjur::BaseObject.name)
+  end
+end

data/spec/cert_utils_spec.rb

@@ -78,4 +78,96 @@ RjvSxre4Xg2qlI9Laybb4oZ4g6DI8hRbL0VdFAsveg6SXg2RxgJcXeJUFw==
       end
     end
   end
+
+  describe '.add_chained_cert' do
+    let(:one_certificate_chain) do
+        """-----BEGIN CERTIFICATE-----
+MIIDPjCCAiagAwIBAgIVAKW1gdmOFrXt6xB0iQmYQ4z8Pf+kMA0GCSqGSIb3DQEB
+CwUAMD0xETAPBgNVBAoTCGN1Y3VtYmVyMRIwEAYDVQQLEwlDb25qdXIgQ0ExFDAS
+BgNVBAMTC2N1a2UtbWFzdGVyMB4XDTE1MTAwNzE2MzAwNloXDTI1MTAwNDE2MzAw
+NlowFjEUMBIGA1UEAwwLY3VrZS1tYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC9e8bGIHOLOypKA4lsLcAOcDLAq+ICuVxn9Vg0No0m32Ok/K7G
+uEGtlC8RidObntblUwqdX2uP7mqAQm19j78UTl1KT97vMmmFrpVZ7oQvEm1FUq3t
+FBmJglthJrSbpdZjLf7a7eL1NnunkfBdI1DK9QL9ndMjNwZNFbXhld4fC5zuSr/L
+PxawSzTEsoTaB0Nw0DdRowaZgrPxc0hQsrj9OF20gTIJIYO7ctZzE/JJchmBzgI4
+CdfAYg7zNS+0oc0ylV0CWMerQtLICI6BtiQ482bCuGYJ00NlDcdjd3w+A2cj7PrH
+wH5UhtORL5Q6i9EfGGUCDbmfpiVD9Bd3ukbXAgMBAAGjXDBaMA4GA1UdDwEB/wQE
+AwIFoDAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwKQYDVR0RBCIwIIIL
+Y3VrZS1tYXN0ZXKCCWxvY2FsaG9zdIIGY29uanVyMA0GCSqGSIb3DQEBCwUAA4IB
+AQBCepy6If67+sjuVnT9NGBmjnVaLa11kgGNEB1BZQnvCy0IN7gpLpshoZevxYDR
+3DnPAetQiZ70CSmCwjL4x6AVxQy59rRj0Awl9E1dgFTYI3JxxgLsI9ePdIRVEPnH
+dhXqPY5ZIZhvdHlLStjsXX7laaclEtMeWfSzxe4AmP/Sm/er4ks0gvLQU6/XJNIu
+RnRH59ZB1mZMsIv9Ii790nnioYFR54JmQu1JsIib77ZdSXIJmxAtraJSTLcZbU1E
++SM3XCE423Xols7onyluMYDy3MCUTFwoVMRBcRWCAk5gcv6XvZDfLi6Zwdne6x3Y
+bGenr4vsPuSFsycM03/EcQDT
+-----END CERTIFICATE-----
+"""
+    end
+
+    let(:two_certificates_chain) do
+      """-----BEGIN CERTIFICATE-----
+MIIDPjCCAiagAwIBAgIVAKW1gdmOFrXt6xB0iQmYQ4z8Pf+kMA0GCSqGSIb3DQEB
+CwUAMD0xETAPBgNVBAoTCGN1Y3VtYmVyMRIwEAYDVQQLEwlDb25qdXIgQ0ExFDAS
+BgNVBAMTC2N1a2UtbWFzdGVyMB4XDTE1MTAwNzE2MzAwNloXDTI1MTAwNDE2MzAw
+NlowFjEUMBIGA1UEAwwLY3VrZS1tYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC9e8bGIHOLOypKA4lsLcAOcDLAq+ICuVxn9Vg0No0m32Ok/K7G
+uEGtlC8RidObntblUwqdX2uP7mqAQm19j78UTl1KT97vMmmFrpVZ7oQvEm1FUq3t
+FBmJglthJrSbpdZjLf7a7eL1NnunkfBdI1DK9QL9ndMjNwZNFbXhld4fC5zuSr/L
+PxawSzTEsoTaB0Nw0DdRowaZgrPxc0hQsrj9OF20gTIJIYO7ctZzE/JJchmBzgI4
+CdfAYg7zNS+0oc0ylV0CWMerQtLICI6BtiQ482bCuGYJ00NlDcdjd3w+A2cj7PrH
+wH5UhtORL5Q6i9EfGGUCDbmfpiVD9Bd3ukbXAgMBAAGjXDBaMA4GA1UdDwEB/wQE
+AwIFoDAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwKQYDVR0RBCIwIIIL
+Y3VrZS1tYXN0ZXKCCWxvY2FsaG9zdIIGY29uanVyMA0GCSqGSIb3DQEBCwUAA4IB
+AQBCepy6If67+sjuVnT9NGBmjnVaLa11kgGNEB1BZQnvCy0IN7gpLpshoZevxYDR
+3DnPAetQiZ70CSmCwjL4x6AVxQy59rRj0Awl9E1dgFTYI3JxxgLsI9ePdIRVEPnH
+dhXqPY5ZIZhvdHlLStjsXX7laaclEtMeWfSzxe4AmP/Sm/er4ks0gvLQU6/XJNIu
+RnRH59ZB1mZMsIv9Ii790nnioYFR54JmQu1JsIib77ZdSXIJmxAtraJSTLcZbU1E
++SM3XCE423Xols7onyluMYDy3MCUTFwoVMRBcRWCAk5gcv6XvZDfLi6Zwdne6x3Y
+bGenr4vsPuSFsycM03/EcQDT
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIJAJnsrJ1+j9MhMA0GCSqGSIb3DQEBCwUAMD0xETAPBgNV
+BAoTCGN1Y3VtYmVyMRIwEAYDVQQLEwlDb25qdXIgQ0ExFDASBgNVBAMTC2N1a2Ut
+bWFzdGVyMB4XDTE1MTAwNzE2MzAwM1oXDTI1MTAwNDE2MzAwM1owPTERMA8GA1UE
+ChMIY3VjdW1iZXIxEjAQBgNVBAsTCUNvbmp1ciBDQTEUMBIGA1UEAxMLY3VrZS1t
+YXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsuZ06Ld4JDhxZ
+FcxKVxu7MTjXVv6W8pI7qFKmgr39aNqmDpKYJ1H9aM+r9zaTAeithpM4wJpVswkJ
+d0RSuKdm1LOx11yHLyZ1OvlPHFhsVWdZIQZ6R9srhPYBUCMem4sHR5IAcBBX+HkR
+35gaPYUl1uFV/9zCniekt92Kdta+it1WL7XinXTBURlhDawiD/kv1C9x6dICEJVe
+IT/jRohmqHAoM/JSOQTthaDli3Qvu5K8XAx8UXvWVmv3eStZFVDbC4ZEueRd9KAe
+4IZ5FxdpFYkPBgt2lBYeydYKRShyYrDKye1uJBDkeplNaYW4cS4mOhYuRkdKn7MH
+uY/xb1lFAgMBAAGjgYkwgYYwKQYDVR0RBCIwIIILY3VrZS1tYXN0ZXKCCWxvY2Fs
+aG9zdIIGY29uanVyMB0GA1UdDgQWBBRHpGF7aQbHdORYgQKDC2hV6NzEKzAfBgNV
+HSMEGDAWgBRHpGF7aQbHdORYgQKDC2hV6NzEKzAMBgNVHRMEBTADAQH/MAsGA1Ud
+DwQEAwIB5jANBgkqhkiG9w0BAQsFAAOCAQEAGZT9Wek1hYluIVaxu03wSKCKIJ4p
+KxTHw+mLDapg1y9t3Fa/5IQQK0Bx0xGU2qWiQKjda3vdFPJWO6l6XJvsUY5Nwtm5
+Gcsk8l3L/zWCrjrFTH3TdVad5E+DTwVhThelmEjw68AyM+WuOL61j0MItd9mLW74
+Lv2zouj9nQBdnUBHWQ0EL/9d5cfaCVu/bFlDfYt7Yj0IzXCuaWZfJeHodU1hmqVX
+BvYRjnTB2LSxfmSnkrCeFPmhE11bWVtsLIdrGIgtEMX0/s9xg58QuNnva1U3pJsW
+RjvSxre4Xg2qlI9Laybb4oZ4g6DI8hRbL0VdFAsveg6SXg2RxgJcXeJUFw==
+-----END CERTIFICATE-----
+"""
+    end
+
+    let(:store){ double('default store') }
+
+    context 'with one certificate in the chain' do
+      subject{ Conjur::CertUtils.add_chained_cert(store, one_certificate_chain) }
+
+      it 'adds one certificate to the store' do
+        expect(store).to receive(:add_cert).once
+        expect(subject).to be_truthy
+      end
+    end
+
+    context 'with two certificate in the chain' do
+      subject{ Conjur::CertUtils.add_chained_cert(store, two_certificates_chain) }
+
+      it 'adds both certificate to the store' do
+        expect(store).to receive(:add_cert).twice
+        expect(subject).to be_truthy
+      end
+    end
+
+  end
 end

data/spec/configuration_spec.rb

@@ -29,6 +29,28 @@ describe Conjur::Configuration do
       configuration.account = "the-account"
       configuration.appliance_url = "https://conjur/api"
     }
+
+    it "rest_client_options defaults" do
+      expected = {
+        ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
+      }
+      expect(configuration.rest_client_options).to eq(expected)
+    end
+
+    it "rest_client_options propagate to RestClient::Resource" do
+      expected = {
+        ssl_ca_file: "ca_certificate.pem",
+        proxy: "http://proxy.example.com/"
+      }
+      configuration.rest_client_options = {
+        ssl_ca_file: "ca_certificate.pem",
+        proxy: "http://proxy.example.com/"
+      }
+
+      resource = Conjur::API.url_for(:authn_login, *["account", "username", "password"])
+      expect(resource.options).to include(expected)
+    end
+
     it "can still be changed by changing the appliance_url" do
       configuration.appliance_url = "https://other/api"
       expect(configuration.core_url).to eq "https://other/api"
@@ -40,7 +62,7 @@ describe Conjur::Configuration do
       expect(configuration.authn_url).to eq "http://authn-docker"
     end
 
-    context "and duplicated" do 
+    context "and duplicated" do
       subject { configuration.clone override_options }
       let(:override_options) { Hash.new }
 
@@ -72,7 +94,7 @@ describe Conjur::Configuration do
       end
     end
   end
-    
+
   describe "url generation" do
     describe 'authn_url' do
       before {
@@ -281,7 +303,7 @@ RjvSxre4Xg2qlI9Laybb4oZ4g6DI8hRbL0VdFAsveg6SXg2RxgJcXeJUFw==
           expect(subject).to be_truthy
         end
       end
-      
+
     end
 
     context 'when cert file is not readable' do

data/spec/id_spec.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Conjur::Id do
+  it 'requires the id to be fully qualified' do
+    expect { Conjur::Id.new 'foo:bar' }.to raise_error ArgumentError
+  end
+
+  it 'can be constructed from a string' do
+    id = Conjur::Id.new 'foo:bar:baz'
+    expect(id).to be
+    {
+      account: 'foo',
+      kind: 'bar',
+      identifier: 'baz'
+    }.each { |k, v| expect(id.send(k)).to eq v }
+  end
+
+  it 'can be constructed from an array' do
+    id = Conjur::Id.new %w(foo bar baz)
+    expect(id).to be
+    {
+      account: 'foo',
+      kind: 'bar',
+      identifier: 'baz'
+    }.each { |k, v| expect(id.send(k)).to eq v }
+  end
+end

data/spec/spec_helper.rb

@@ -1,4 +1,7 @@
 require 'simplecov'
+require 'simplecov-cobertura'
+
+SimpleCov.formatter = SimpleCov::Formatter::CoberturaFormatter
 SimpleCov.start
 
 require 'rubygems'
@@ -81,7 +84,7 @@ end
 require 'conjur/api'
 
 KIND="asset_kind"
-ID="unique_id" 
+ID="unique_id"
 ROLE='<role>'
 MEMBER='<member>'
 PRIVILEGE='<privilege>'

data/spec/ssl_spec.rb

@@ -16,16 +16,14 @@ describe 'SSL connection' do
 
   context 'with certificate added to the default OpenSSL cert store' do
     before do
-      store = OpenSSL::X509::Store.new
-      store.add_cert cert
-      stub_const 'OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE', store
+      cert_store.add_cert(cert)
     end
 
     it 'works' do
       expect { Conjur::API.login 'foo', 'bar', account: "the-account" }.to raise_error RestClient::ResourceNotFound
     end
   end
-  
+
   let(:server) do
     server = WEBrick::HTTPServer.new \
         Port: 0, SSLEnable: true,
@@ -33,8 +31,14 @@ describe 'SSL connection' do
         SSLCertificate: cert, SSLPrivateKey: key
   end
   let(:port) { server.config[:Port] }
+  let(:cert_store) { OpenSSL::X509::Store.new }
 
   before do
+    # Reset configuration to allow each test to use its own stub
+    # of OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.
+    Conjur.configuration = nil
+    stub_const 'OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE', cert_store
+
     allow(Conjur.configuration).to receive(:authn_url).and_return "https://localhost:#{port}"
   end
 
@@ -50,15 +54,23 @@ describe 'SSL connection' do
   let(:cert) do
     OpenSSL::X509::Certificate.new """
       -----BEGIN CERTIFICATE-----
-      MIIBpDCCAQ2gAwIBAgIJALVPXQuF0w39MA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
-      BAMMCWxvY2FsaG9zdDAeFw0xNTAyMTQxNTE0MDFaFw0yNTAyMTExNTE0MDFaMBQx
-      EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-      n+IqEsmbuZk7E2GdPZpBxETjXC+dGze5XlZHPyKviekQ9sachAsBWApVrjM2QDtf
-      KOwa6GuBqGQ0bdl4Ui7I0CIGB4a0UJHU/EvuDhI1cTzAVVWemW1QaqKxI/2xDgs9
-      bqY471iVirRiSYD+6lm2pFYqOnnR/d+QKIMXhPOi0DMCAwEAATANBgkqhkiG9w0B
-      AQsFAAOBgQCSPchDKAiVPNJlRkaY9KPIXfPbFX6h/+ilJRl1xtHqY+y4SxURbnU0
-      fbYVnapKiuMnrnxTWXwl1z1iMbuuzjUC0RDz8F9pZkQ9IJpBSOaSfyUmk1JrrBRU
-      INyaxnJjtc7YIzW1Yz7+aKtzZAQuFXNhiQa+CIIGeWrpzbExo2ce3Q==
+      MIIDCzCCAfOgAwIBAgIUaApjB95cJZlMTwDg4EBk4Mf1y4swDQYJKoZIhvcNAQEL
+      BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTIxMDQyODIxNTA1OFoYDzQ3NTkw
+      MzI1MjE1MDU4WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB
+      AQUAA4IBDwAwggEKAoIBAQC+MIx1LCzBeAl7kHfI21wYmA6W8luyq14+DecaQPMd
+      bW7fMlHSMJC/nlFDQyqmfYfKlVCiJRV/QTdUtA9hCytPlEKjlVmm4WIYLKfjj8Sp
+      A+X9VURk75Fz+Z7UsF8u2J3pF9wFfhBzznwePlFdcWYyQMIRtghoHk/WSsbJVXVQ
+      so7+0BLFyMYB3otfCyK+H/iyoXWLZll2irYZJedVm/lyTlnc9dT1XDAWWI8kSeUV
+      lCkEulqOf8qZyU7wNUafRkzBuYkR7ddp1Qdkq+QYw7blmfZXyJbAYSt4gEMyDMk8
+      ArScP8j+Efz5D54wS7fZFwmQp41+iP5WTxGsSU3dh44fAgMBAAGjUzBRMB0GA1Ud
+      DgQWBBS4ZJDxXOs8rK3+SyfLopDFqK0IWDAfBgNVHSMEGDAWgBS4ZJDxXOs8rK3+
+      SyfLopDFqK0IWDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAE
+      WuzjqQ/gyho/pluX31hq7EMAFgqqz7ECN6DqmvpqabMD6s1kQ662KTo7gCBEcNtA
+      nC7QycFp4v/Cr8+aUEa1W3+q2MqbmshORonUrLE/vxejK+NUvhSCWnmrM8v60zhR
+      pn9lSSgQCBKWDgaU0VQVn0I9MuexeAj64Qv2uUHnZK3QUx+Gk3uurTmhKEN5FI+D
+      sC7xO0qquTZ1Vv1EkLEso4dnFVW84EjdfmfeiW6JmHO7z1p1ebGsRwoQead/qTKw
+      ze+Y1A1w3GzuhDo55aHlWE/Wvnou0aM3O9gUd++a2j+XJ2P7qaTB/L7SJk4qZ9RA
+      t2PbKVP+tyZjXKtXmgzp
       -----END CERTIFICATE-----
     """.lines.map(&:strip).join("\n")
   end
@@ -66,19 +78,31 @@ describe 'SSL connection' do
   let(:key) do
     OpenSSL::PKey.read """
       -----BEGIN RSA PRIVATE KEY-----
-      MIICXAIBAAKBgQCf4ioSyZu5mTsTYZ09mkHERONcL50bN7leVkc/Iq+J6RD2xpyE
-      CwFYClWuMzZAO18o7Broa4GoZDRt2XhSLsjQIgYHhrRQkdT8S+4OEjVxPMBVVZ6Z
-      bVBqorEj/bEOCz1upjjvWJWKtGJJgP7qWbakVio6edH935AogxeE86LQMwIDAQAB
-      AoGAUCDb7zCFUB4gglUgpfgCT+gqflAKj9J8n2/kIxsyGI7rBpKBbJfLY6FCUZyu
-      6sAWr/6seaEviQI3WHpuF9oEn6gzb1XWpKH7h9ZAu5O2sscdrc5MrpFmBvGjMBnd
-      80u/TcsDHX453QbPgqOJTi+Qt15Y+Ot/iE8ccQjW6pMPiCECQQDLQvNekVF7YJ9e
-      iJNZSJMcx2c9hjAuywm/jPX+57k0xRlxGKCQxyujmxDfztDYU9kHMRHknbxz0sFr
-      0Vkaxo1DAkEAyV3z6vvTtUx7R5IYOUkZqIfeQ6k6ZItQoZdZPKoBW0s7QhqvJyZN
-      qeYJMaFR87A6273LwhpXZTvQwSYUUw6KUQJAQAIfXaJphG7TARQFQtKF8UQiEM/X
-      EIVD1pxvQwx52FJRRro4ph7ycRz93Vzli5or+AXN2q6Jj/fIjUlpw/LOvQJAfyPO
-      FUjpM+hVUiwhFVJdW/ZlVK0tzDvWLiDkXBQvBRhsEuHMQ1jA4ov2tBpaJxXXI9Uj
-      KKv/EFEDDmDfpk1g8QJBAIJhDsxKWgUy1lk+lGYdWRQi/D/BnkNbySklCypmZghu
-      Q6oXJNYB9NWLRWDJaGHlHrAn40Wq6MUx95Aomvj+uHA=
+      MIIEowIBAAKCAQEAvjCMdSwswXgJe5B3yNtcGJgOlvJbsqtePg3nGkDzHW1u3zJR
+      0jCQv55RQ0Mqpn2HypVQoiUVf0E3VLQPYQsrT5RCo5VZpuFiGCyn44/EqQPl/VVE
+      ZO+Rc/me1LBfLtid6RfcBX4Qc858Hj5RXXFmMkDCEbYIaB5P1krGyVV1ULKO/tAS
+      xcjGAd6LXwsivh/4sqF1i2ZZdoq2GSXnVZv5ck5Z3PXU9VwwFliPJEnlFZQpBLpa
+      jn/KmclO8DVGn0ZMwbmJEe3XadUHZKvkGMO25Zn2V8iWwGEreIBDMgzJPAK0nD/I
+      /hH8+Q+eMEu32RcJkKeNfoj+Vk8RrElN3YeOHwIDAQABAoIBAQCnW0ctkDqt3/fQ
+      MHcHWue2iI9GCmvgU+WxC0DSHFcSDQrkAn53S98DjseJPaBZMtr7y9pRY/p/qR6M
+      PYnO5iotc5QUKEbkjy1nglwV5Zuy8kg+XPq7Kwg+GmjGVZDcQybpRuKIPr8xeIBF
+      iKbGaBP6ontjZGAPZqTwN4qm/bkm0QRQkMEVQLpBaOlXjl0BCknhCMgyNA1F0jGc
+      HLqJpFO46qvWDkDaKriMY/ezrkGYxlvV8xGJ2lzoaNWBsQeMXtcDJXuFMJO3lZl4
+      VUjeNbyPprUzL6/kLZGMVFdRWhzKAluJEy3B6zybY4xxmgmifqn8/OxIaT172IXN
+      KACuEorpAoGBAOYZEfuON+73dcstpjq3062+XUOxAAc77aFcGFQ2pqDTUtvoR05R
+      o0uXrSuQqt0/FJVdZqdDx1and6idI7j/LfkOwvmPPg2dJIwKV73T2HdR7BpJaYlI
+      KS6Bgl0AiW2ibjZJbBFJMiINb2tRGeYcOPfWlis309D2DXxl1f1TJTKTAoGBANOZ
+      aDH1VJXh7rdAHrwNonTjoCeYKG7oAh0WTfqmCqcBjAkXsVc7dBd/98XKGS5LPRtl
+      dIaJdYngeYyH5Ey5O2l/63tk0d4sqE8l+GVy+OHFn2AZMuaVXS0JXIQspn4s/U7F
+      CuawmFszE8fv41WgVNhF00ijheoRz/X19yu0ULHFAoGAYmJZ1AutUtowXZ25M+Yh
+      9motCqKF9pHjO1lbdbagbKevCCQ7SPuTLOE/xB7pUAyGyo7TM7XBaAXXHhuCiLlj
+      eNic+YQL7lpApDhP5/TK28oFf//fxjk6ko4Bpa5zFJOdOE0QjhuT+gdwmpxkzIVI
+      vn/cWcJXKUPr5ELOyrBgeU0CgYBWqIUbsLWrjJQPSJtNuOfHp1F35cDpausyrmfR
+      Nx81tlR7hNCEQT0SQr5eqp4Vb4rfJXXLg5A3n08oVp8RLOtAEbuHFYs9ylxDzfEk
+      2ylCjYTv/mHyPUmjoCnbl8237wTutZP5VmmPMCPxxjT8ZGVbDX2ySgYWDqV0vf80
+      TuydYQKBgG24Wpes1CJmKiuWGnPi5I/+iIKZRfpEGidpjnsktkr3O+VZSZNQtDfC
+      uWp/NgMxzxXxYdmmaQTwektB5axrsPUnxxiHmb8KkVU1IcMpYvUulFYiKVvFx+JJ
+      bx/fkItCZ4AP3CG2Onz8xZdosg+c+MEdIlCrg94dA1EmHewCt2Hv
       -----END RSA PRIVATE KEY-----
     """.lines.map(&:strip).join("\n")
   end