RubyGems - glebtv-httpclient - Versions diffs - 3.2.7 → 3.2.8 - Mend

glebtv-httpclient 3.2.7 → 3.2.8

Files changed (21) hide show

checksums.yaml +4 -4
data/.ruby-version +1 -1
data/.travis.yml +2 -2
data/Gemfile +0 -9
data/Gemfile.lock +34 -258
data/README.md +1 -0
data/httpclient.gemspec +1 -2
data/lib/httpclient/auth.rb +241 -157
data/lib/httpclient/cacert.p7s +3865 -1911
data/lib/httpclient/lru_cache.rb +27 -24
data/lib/httpclient/ssl_config.rb +3 -2
data/lib/httpclient/version.rb +2 -1
data/spec/basic_spec.rb +82 -82
data/spec/cookie_spec.rb +132 -132
data/spec/hexdump_spec.rb +1 -1
data/spec/http_message_spec.rb +37 -37
data/spec/httpclient_spec.rb +267 -263
data/spec/keepalive_spec.rb +5 -5
data/spec/lru_spec.rb +5 -11
data/test/test_auth.rb +29 -2
metadata +2 -30

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 33e7bb7dfb1ddbf876fb650053215d19f03f94a0
-  data.tar.gz: 4a5f3dea5b97925bf854abbedcaf2fbbe7bce915
+  metadata.gz: e431a2b363f87ec472a3c7d50656a1fcd1c054d7
+  data.tar.gz: 85a6326b3ba79941dd50b8636a99a423cd581328
 SHA512:
-  metadata.gz: 457b76dba4f07d671e03d1a2e93f072d7a45a0722c23ce52051e987daf77d938946d6c67e914ed1e261b3e8bfd872876c0269e92cdd6798fcf818cbaa6180aed
-  data.tar.gz: 37be025088bf9bcee7da15afa9a7174ceb9b3e740cab9a1a28d7a0a1abb40c622f8d3465939f8d7c6193107c514764333968c6e7e68c7e6ab7a120f215293f10
+  metadata.gz: eb3f3735bea1202b763ad5f32eaee8f40a16fdca132b4df1594095c06fc335ec45a7904f03a41b7342794ffde71d48e1440a051b1c2ded6f81e37f2caff9ec18
+  data.tar.gz: 7baf041485d74dc7aef7398f96690e43cf56a8e3fb211b41a50cd40ebb3a1e714d3ce9c42a1d621f77bfc2027420adbab2571f4733286f4a35326097320a30d8

data/.ruby-version CHANGED Viewed

	@@ -1 +1 @@
1	- 2.1.1
1	+ 2.1.2

data/.travis.yml CHANGED Viewed

@@ -1,8 +1,8 @@
 rvm:
   - 1.9.3
   - 2.0.0
-  - 2.1.0
-  - 2.1.1
+  - 2.1.2
 notifications:
   email: false

data/Gemfile CHANGED Viewed

@@ -1,12 +1,3 @@
 source "http://rubygems.org"
-platform :jruby do
-  gem 'jruby-openssl'
-end
-platform :rbx do
-  gem 'rubysl', '~> 2.0'
-  gem 'rubinius-developer_tools'
-end
 gemspec

data/Gemfile.lock CHANGED Viewed

@@ -1,15 +1,18 @@
 PATH
   remote: .
   specs:
-    glebtv-httpclient (3.2.6)
+    glebtv-httpclient (3.2.8)
       lru_redux
 GEM
   remote: http://rubygems.org/
   specs:
-    activesupport (3.2.17)
-      i18n (~> 0.6, >= 0.6.4)
-      multi_json (~> 1.0)
+    activesupport (4.1.4)
+      i18n (~> 0.6, >= 0.6.9)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.1)
+      tzinfo (~> 1.1)
     climate_control (0.0.3)
       activesupport (>= 3.0)
     coveralls (0.7.0)
@@ -19,266 +22,44 @@ GEM
       term-ansicolor
       thor
     diff-lcs (1.2.5)
-    docile (1.1.3)
-    ffi2-generators (0.1.1)
-    i18n (0.6.9)
+    docile (1.1.5)
+    i18n (0.6.11)
     json (1.8.1)
     lru_redux (0.8.1)
-    mime-types (2.2)
-    multi_json (1.9.2)
-    rake (10.3.0)
+    mime-types (2.3)
+    minitest (5.4.0)
+    multi_json (1.10.1)
+    netrc (0.7.7)
+    rake (10.3.2)
     rdoc (4.1.1)
       json (~> 1.4)
-    rest-client (1.6.7)
-      mime-types (>= 1.16)
-    rspec (2.14.1)
-      rspec-core (~> 2.14.0)
-      rspec-expectations (~> 2.14.0)
-      rspec-mocks (~> 2.14.0)
-    rspec-core (2.14.8)
-    rspec-expectations (2.14.5)
-      diff-lcs (>= 1.1.3, < 2.0)
-    rspec-mocks (2.14.6)
-    rspecify (0.1.7)
-      activesupport (>= 3.0)
-      i18n (~> 0.6.0)
-      ruby_parser (~> 2.3.1)
-      ruby_scribe (~> 0.1.4)
-      ruby_transform (~> 0.1.4)
-      thor (~> 0.13)
-    rubinius-coverage (2.0.3)
-    rubinius-debugger (2.0.3)
-    rubinius-developer_tools (2.0.0)
-      rubinius-coverage (~> 2.0)
-      rubinius-debugger (~> 2.0)
-      rubinius-profiler (~> 2.0)
-    rubinius-profiler (2.0.1)
-    ruby_parser (2.3.1)
-      sexp_processor (~> 3.0)
-    ruby_scribe (0.1.5)
-      activesupport (~> 3.0)
-      i18n (~> 0.6.0)
-      ruby_parser (~> 2.3.1)
-      thor (~> 0.13)
-    ruby_transform (0.1.5)
-      activesupport (>= 3.0)
-      i18n (~> 0.6.0)
-      ruby_parser (~> 2.3.1)
-      ruby_scribe (~> 0.1.4)
-      thor (~> 0.13)
-    rubysl (2.0.15)
-      rubysl-abbrev (~> 2.0)
-      rubysl-base64 (~> 2.0)
-      rubysl-benchmark (~> 2.0)
-      rubysl-bigdecimal (~> 2.0)
-      rubysl-cgi (~> 2.0)
-      rubysl-cgi-session (~> 2.0)
-      rubysl-cmath (~> 2.0)
-      rubysl-complex (~> 2.0)
-      rubysl-continuation (~> 2.0)
-      rubysl-coverage (~> 2.0)
-      rubysl-csv (~> 2.0)
-      rubysl-curses (~> 2.0)
-      rubysl-date (~> 2.0)
-      rubysl-delegate (~> 2.0)
-      rubysl-digest (~> 2.0)
-      rubysl-drb (~> 2.0)
-      rubysl-e2mmap (~> 2.0)
-      rubysl-english (~> 2.0)
-      rubysl-enumerator (~> 2.0)
-      rubysl-erb (~> 2.0)
-      rubysl-etc (~> 2.0)
-      rubysl-expect (~> 2.0)
-      rubysl-fcntl (~> 2.0)
-      rubysl-fiber (~> 2.0)
-      rubysl-fileutils (~> 2.0)
-      rubysl-find (~> 2.0)
-      rubysl-forwardable (~> 2.0)
-      rubysl-getoptlong (~> 2.0)
-      rubysl-gserver (~> 2.0)
-      rubysl-io-console (~> 2.0)
-      rubysl-io-nonblock (~> 2.0)
-      rubysl-io-wait (~> 2.0)
-      rubysl-ipaddr (~> 2.0)
-      rubysl-irb (~> 2.0)
-      rubysl-logger (~> 2.0)
-      rubysl-mathn (~> 2.0)
-      rubysl-matrix (~> 2.0)
-      rubysl-mkmf (~> 2.0)
-      rubysl-monitor (~> 2.0)
-      rubysl-mutex_m (~> 2.0)
-      rubysl-net-ftp (~> 2.0)
-      rubysl-net-http (~> 2.0)
-      rubysl-net-imap (~> 2.0)
-      rubysl-net-pop (~> 2.0)
-      rubysl-net-protocol (~> 2.0)
-      rubysl-net-smtp (~> 2.0)
-      rubysl-net-telnet (~> 2.0)
-      rubysl-nkf (~> 2.0)
-      rubysl-observer (~> 2.0)
-      rubysl-open-uri (~> 2.0)
-      rubysl-open3 (~> 2.0)
-      rubysl-openssl (~> 2.0)
-      rubysl-optparse (~> 2.0)
-      rubysl-ostruct (~> 2.0)
-      rubysl-pathname (~> 2.0)
-      rubysl-prettyprint (~> 2.0)
-      rubysl-prime (~> 2.0)
-      rubysl-profile (~> 2.0)
-      rubysl-profiler (~> 2.0)
-      rubysl-pstore (~> 2.0)
-      rubysl-pty (~> 2.0)
-      rubysl-rational (~> 2.0)
-      rubysl-readline (~> 2.0)
-      rubysl-resolv (~> 2.0)
-      rubysl-rexml (~> 2.0)
-      rubysl-rinda (~> 2.0)
-      rubysl-rss (~> 2.0)
-      rubysl-scanf (~> 2.0)
-      rubysl-securerandom (~> 2.0)
-      rubysl-set (~> 2.0)
-      rubysl-shellwords (~> 2.0)
-      rubysl-singleton (~> 2.0)
-      rubysl-socket (~> 2.0)
-      rubysl-stringio (~> 2.0)
-      rubysl-strscan (~> 2.0)
-      rubysl-sync (~> 2.0)
-      rubysl-syslog (~> 2.0)
-      rubysl-tempfile (~> 2.0)
-      rubysl-thread (~> 2.0)
-      rubysl-thwait (~> 2.0)
-      rubysl-time (~> 2.0)
-      rubysl-timeout (~> 2.0)
-      rubysl-tmpdir (~> 2.0)
-      rubysl-tsort (~> 2.0)
-      rubysl-un (~> 2.0)
-      rubysl-uri (~> 2.0)
-      rubysl-weakref (~> 2.0)
-      rubysl-webrick (~> 2.0)
-      rubysl-xmlrpc (~> 2.0)
-      rubysl-yaml (~> 2.0)
-      rubysl-zlib (~> 2.0)
-    rubysl-abbrev (2.0.4)
-    rubysl-base64 (2.0.0)
-    rubysl-benchmark (2.0.1)
-    rubysl-bigdecimal (2.0.2)
-    rubysl-cgi (2.0.1)
-    rubysl-cgi-session (2.0.1)
-    rubysl-cmath (2.0.0)
-    rubysl-complex (2.0.0)
-    rubysl-continuation (2.0.0)
-    rubysl-coverage (2.0.3)
-    rubysl-csv (2.0.2)
-      rubysl-english (~> 2.0)
-    rubysl-curses (2.0.1)
-    rubysl-date (2.0.6)
-    rubysl-delegate (2.0.1)
-    rubysl-digest (2.0.3)
-    rubysl-drb (2.0.1)
-    rubysl-e2mmap (2.0.0)
-    rubysl-english (2.0.0)
-    rubysl-enumerator (2.0.0)
-    rubysl-erb (2.0.1)
-    rubysl-etc (2.0.3)
-      ffi2-generators (~> 0.1)
-    rubysl-expect (2.0.0)
-    rubysl-fcntl (2.0.4)
-      ffi2-generators (~> 0.1)
-    rubysl-fiber (2.0.0)
-    rubysl-fileutils (2.0.3)
-    rubysl-find (2.0.1)
-    rubysl-forwardable (2.0.1)
-    rubysl-getoptlong (2.0.0)
-    rubysl-gserver (2.0.0)
-      rubysl-socket (~> 2.0)
-      rubysl-thread (~> 2.0)
-    rubysl-io-console (2.0.0)
-    rubysl-io-nonblock (2.0.0)
-    rubysl-io-wait (2.0.0)
-    rubysl-ipaddr (2.0.0)
-    rubysl-irb (2.0.4)
-      rubysl-e2mmap (~> 2.0)
-      rubysl-mathn (~> 2.0)
-      rubysl-readline (~> 2.0)
-      rubysl-thread (~> 2.0)
-    rubysl-logger (2.0.0)
-    rubysl-mathn (2.0.0)
-    rubysl-matrix (2.1.0)
-      rubysl-e2mmap (~> 2.0)
-    rubysl-mkmf (2.0.1)
-      rubysl-fileutils (~> 2.0)
-      rubysl-shellwords (~> 2.0)
-    rubysl-monitor (2.0.0)
-    rubysl-mutex_m (2.0.0)
-    rubysl-net-ftp (2.0.1)
-    rubysl-net-http (2.0.4)
-      rubysl-cgi (~> 2.0)
-      rubysl-erb (~> 2.0)
-      rubysl-singleton (~> 2.0)
-    rubysl-net-imap (2.0.1)
-    rubysl-net-pop (2.0.1)
-    rubysl-net-protocol (2.0.1)
-    rubysl-net-smtp (2.0.1)
-    rubysl-net-telnet (2.0.0)
-    rubysl-nkf (2.0.1)
-    rubysl-observer (2.0.0)
-    rubysl-open-uri (2.0.0)
-    rubysl-open3 (2.0.0)
-    rubysl-openssl (2.1.0)
-    rubysl-optparse (2.0.1)
-      rubysl-shellwords (~> 2.0)
-    rubysl-ostruct (2.0.4)
-    rubysl-pathname (2.0.0)
-    rubysl-prettyprint (2.0.3)
-    rubysl-prime (2.0.1)
-    rubysl-profile (2.0.0)
-    rubysl-profiler (2.0.1)
-    rubysl-pstore (2.0.0)
-    rubysl-pty (2.0.2)
-    rubysl-rational (2.0.1)
-    rubysl-readline (2.0.2)
-    rubysl-resolv (2.1.0)
-    rubysl-rexml (2.0.2)
-    rubysl-rinda (2.0.1)
-    rubysl-rss (2.0.0)
-    rubysl-scanf (2.0.0)
-    rubysl-securerandom (2.0.0)
-    rubysl-set (2.0.1)
-    rubysl-shellwords (2.0.0)
-    rubysl-singleton (2.0.0)
-    rubysl-socket (2.0.1)
-    rubysl-stringio (2.0.0)
-    rubysl-strscan (2.0.0)
-    rubysl-sync (2.0.0)
-    rubysl-syslog (2.0.1)
-      ffi2-generators (~> 0.1)
-    rubysl-tempfile (2.0.1)
-    rubysl-thread (2.0.2)
-    rubysl-thwait (2.0.0)
-    rubysl-time (2.0.3)
-    rubysl-timeout (2.0.0)
-    rubysl-tmpdir (2.0.1)
-    rubysl-tsort (2.0.1)
-    rubysl-un (2.0.0)
-      rubysl-fileutils (~> 2.0)
-      rubysl-optparse (~> 2.0)
-    rubysl-uri (2.0.0)
-    rubysl-weakref (2.0.0)
-    rubysl-webrick (2.0.0)
-    rubysl-xmlrpc (2.0.0)
-    rubysl-yaml (2.0.4)
-    rubysl-zlib (2.0.1)
-    sexp_processor (3.2.0)
-    simplecov (0.8.2)
+    rest-client (1.7.2)
+      mime-types (>= 1.16, < 3.0)
+      netrc (~> 0.7)
+    rspec (3.0.0)
+      rspec-core (~> 3.0.0)
+      rspec-expectations (~> 3.0.0)
+      rspec-mocks (~> 3.0.0)
+    rspec-core (3.0.3)
+      rspec-support (~> 3.0.0)
+    rspec-expectations (3.0.3)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.0.0)
+    rspec-mocks (3.0.3)
+      rspec-support (~> 3.0.0)
+    rspec-support (3.0.3)
+    simplecov (0.9.0)
       docile (~> 1.1.0)
       multi_json
       simplecov-html (~> 0.8.0)
     simplecov-html (0.8.0)
     term-ansicolor (1.3.0)
       tins (~> 1.0)
-    test-unit (2.5.5)
     thor (0.19.1)
-    tins (1.1.0)
+    thread_safe (0.3.4)
+    tins (1.3.0)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
 PLATFORMS
   ruby
@@ -288,11 +69,6 @@ DEPENDENCIES
   climate_control
   coveralls
   glebtv-httpclient!
-  jruby-openssl
   rake
   rdoc
   rspec
-  rspecify
-  rubinius-developer_tools
-  rubysl (~> 2.0)
-  test-unit

data/README.md CHANGED Viewed

@@ -5,6 +5,7 @@ I just try to make it work properly (as a browser would) for my use cases.
 [![Build Status](https://travis-ci.org/glebtv/httpclient.png?branch=master)](https://travis-ci.org/glebtv/httpclient)
 [![Gem Version](https://badge.fury.io/rb/glebtv-httpclient.png)](http://badge.fury.io/rb/glebtv-httpclient)
 [![Dependency Status](https://www.versioneye.com/user/projects/534eebc9fe0d0784f30008f6/badge.png)](https://www.versioneye.com/user/projects/534eebc9fe0d0784f30008f6)
+[![Dependency Status](https://www.versioneye.com/user/projects/53e73f2b35080d699f000093/badge.svg?style=flat)](https://www.versioneye.com/user/projects/53e73f2b35080d699f000093)
 If you don't like how something works, please send a PR or use original gem: https://github.com/nahi/httpclient

data/httpclient.gemspec CHANGED Viewed

@@ -24,10 +24,9 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'
-  spec.add_development_dependency 'test-unit'
   spec.add_development_dependency 'rspec'
   spec.add_development_dependency 'rdoc'
   spec.add_development_dependency 'coveralls'
   spec.add_development_dependency 'climate_control'
-  spec.add_development_dependency 'rspecify'
 end

data/lib/httpclient/auth.rb CHANGED Viewed

@@ -8,6 +8,7 @@
 require 'digest/md5'
 require 'httpclient/session'
+require 'mutex_m'
 class HTTPClient
@@ -229,40 +230,48 @@ class HTTPClient
   # Used in WWWAuth and ProxyAuth.
   class BasicAuth
     include HTTPClient::Util
+    include Mutex_m
     # Authentication scheme.
     attr_reader :scheme
     # Creates new BasicAuth filter.
     def initialize
+      super
       @cred = nil
       @set = false
       @auth = {}
-      @challengeable = {}
+      @challenge = {}
       @scheme = "Basic"
     end
     # Resets challenge state.  Do not send '*Authorization' header until the
     # server sends '*Authentication' again.
     def reset_challenge
-      @challengeable.clear
+      synchronize {
+        @challenge.clear
+      }
     end
     # Set authentication credential.
     # uri == nil for generic purpose (allow to use user/password for any URL).
     def set(uri, user, passwd)
-      @set = true
-      if uri.nil?
-        @cred = ["#{user}:#{passwd}"].pack('m').tr("\n", '')
-      else
-        uri = Util.uri_dirname(uri)
-        @auth[uri] = ["#{user}:#{passwd}"].pack('m').tr("\n", '')
+      synchronize do
+        if uri.nil?
+          @cred = ["#{user}:#{passwd}"].pack('m').tr("\n", '')
+        else
+          uri = Util.uri_dirname(uri)
+          @auth[uri] = ["#{user}:#{passwd}"].pack('m').tr("\n", '')
+        end
+        @set = true
       end
     end
     # have we marked this as set - ie that it's valid to use in this context?
     def set?
-      @set == true
+      synchronize {
+        @set == true
+      }
     end
     # Response handler: returns credential.
@@ -271,50 +280,63 @@ class HTTPClient
     # * child page of defined credential
     def get(req)
       target_uri = req.header.request_uri
-      return nil unless @challengeable.find { |uri, ok|
-        Util.uri_part_of(target_uri, uri) and ok
-      }
-      return @cred if @cred
-      Util.hash_find_value(@auth) { |uri, cred|
-        Util.uri_part_of(target_uri, uri)
+      synchronize {
+        return nil unless @challenge.find { |uri, ok|
+          Util.uri_part_of(target_uri, uri) and ok
+        }
+        return @cred if @cred
+        Util.hash_find_value(@auth) { |uri, cred|
+          Util.uri_part_of(target_uri, uri)
+        }
       }
     end
     # Challenge handler: remember URL for response.
     def challenge(uri, param_str = nil)
-      @challengeable[urify(uri)] = true
-      true
+      synchronize {
+        @challenge[urify(uri)] = true
+        true
+      }
     end
   end
   class ProxyBasicAuth < BasicAuth
     def set(uri, user, passwd)
-      @set = true
-      @cred = ["#{user}:#{passwd}"].pack('m').tr("\n", '')
+      synchronize do
+        @cred = ["#{user}:#{passwd}"].pack('m').tr("\n", '')
+        @set = true
+      end
     end
     def get(req)
       target_uri = req.header.request_uri
-      return nil unless @challengeable['challenged']
-      @cred
+      synchronize {
+        return nil unless @challenge['challenged']
+        @cred
+      }
     end
     # Challenge handler: remember URL for response.
     def challenge(uri, param_str = nil)
-      @challengeable['challenged'] = true
-      true
+      synchronize {
+        @challenge['challenged'] = true
+        true
+      }
     end
   end
   # Authentication filter for handling DigestAuth negotiation.
   # Used in WWWAuth.
   class DigestAuth
+    include Mutex_m
     # Authentication scheme.
     attr_reader :scheme
     # Creates new DigestAuth filter.
     def initialize
+      super
       @auth = {}
       @challenge = {}
       @set = false
@@ -325,22 +347,28 @@ class HTTPClient
     # Resets challenge state.  Do not send '*Authorization' header until the
     # server sends '*Authentication' again.
     def reset_challenge
-      @challenge.clear
+      synchronize do
+        @challenge.clear
+      end
     end
     # Set authentication credential.
     # uri == nil is ignored.
     def set(uri, user, passwd)
-      @set = true
-      if uri
-        uri = Util.uri_dirname(uri)
-        @auth[uri] = [user, passwd]
+      synchronize do
+        if uri
+          uri = Util.uri_dirname(uri)
+          @auth[uri] = [user, passwd]
+        end
+        @set = true
       end
     end
     # have we marked this as set - ie that it's valid to use in this context?
     def set?
-      @set == true
+      synchronize {
+        @set == true
+      }
     end
     # Response handler: returns credential.
@@ -349,21 +377,25 @@ class HTTPClient
     # * child page of defined credential
     def get(req)
       target_uri = req.header.request_uri
-      param = Util.hash_find_value(@challenge) { |uri, v|
-        Util.uri_part_of(target_uri, uri)
-      }
-      return nil unless param
-      user, passwd = Util.hash_find_value(@auth) { |uri, auth_data|
-        Util.uri_part_of(target_uri, uri)
+      synchronize {
+        param = Util.hash_find_value(@challenge) { |uri, v|
+          Util.uri_part_of(target_uri, uri)
+        }
+        return nil unless param
+        user, passwd = Util.hash_find_value(@auth) { |uri, auth_data|
+          Util.uri_part_of(target_uri, uri)
+        }
+        return nil unless user
+        calc_cred(req, user, passwd, param)
       }
-      return nil unless user
-      calc_cred(req, user, passwd, param)
     end
     # Challenge handler: remember URL and challenge token for response.
     def challenge(uri, param_str)
-      @challenge[uri] = parse_challenge_param(param_str)
-      true
+      synchronize {
+        @challenge[uri] = parse_challenge_param(param_str)
+        true
+      }
     end
   private
@@ -445,8 +477,10 @@ class HTTPClient
     # overrides DigestAuth#set. sets default user name and password. uri is not used.
     def set(uri, user, passwd)
-      @set = true
-      @auth = [user, passwd]
+      synchronize do
+        @set = true
+        @auth = [user, passwd]
+      end
     end
     # overrides DigestAuth#get. Uses default user name and password
@@ -454,20 +488,26 @@ class HTTPClient
     # before
     def get(req)
       target_uri = req.header.request_uri
-      param = @challenge
-      return nil unless param
-      user, passwd = @auth
-      return nil unless user
-      calc_cred(req, user, passwd, param)
+      synchronize {
+        param = @challenge
+        return nil unless param
+        user, passwd = @auth
+        return nil unless user
+        calc_cred(req, user, passwd, param)
+      }
     end
     def reset_challenge
-      @challenge = nil
+      synchronize do
+        @challenge = nil
+      end
     end
     def challenge(uri, param_str)
-      @challenge = parse_challenge_param(param_str)
-      true
+      synchronize {
+        @challenge = parse_challenge_param(param_str)
+        true
+      }
     end
   end
@@ -477,6 +517,8 @@ class HTTPClient
   #
   # NegotiateAuth depends on 'ruby/ntlm' module.
   class NegotiateAuth
+    include Mutex_m
     # Authentication scheme.
     attr_reader :scheme
     # NTLM opt for ruby/ntlm.  {:ntlmv2 => true} by default.
@@ -484,6 +526,7 @@ class HTTPClient
     # Creates new NegotiateAuth filter.
     def initialize(scheme = "Negotiate")
+      super()
       @auth = {}
       @auth_default = nil
       @challenge = {}
@@ -497,24 +540,30 @@ class HTTPClient
     # Resets challenge state.  Do not send '*Authorization' header until the
     # server sends '*Authentication' again.
     def reset_challenge
-      @challenge.clear
+      synchronize do
+        @challenge.clear
+      end
     end
     # Set authentication credential.
     # uri == nil for generic purpose (allow to use user/password for any URL).
     def set(uri, user, passwd)
-      @set = true
-      if uri
-        uri = Util.uri_dirname(uri)
-        @auth[uri] = [user, passwd]
-      else
-        @auth_default = [user, passwd]
+      synchronize do
+        if uri
+          uri = Util.uri_dirname(uri)
+          @auth[uri] = [user, passwd]
+        else
+          @auth_default = [user, passwd]
+        end
+        @set = true
       end
     end
     # have we marked this as set - ie that it's valid to use in this context?
     def set?
-      @set == true
+      synchronize {
+        @set == true
+      }
     end
     # Response handler: returns credential.
@@ -522,50 +571,54 @@ class HTTPClient
     def get(req)
       return nil unless NTLMEnabled
       target_uri = req.header.request_uri
-      domain_uri, param = @challenge.find { |uri, v|
-        Util.uri_part_of(target_uri, uri)
-      }
-      return nil unless param
-      user, passwd = Util.hash_find_value(@auth) { |uri, auth_data|
-        Util.uri_part_of(target_uri, uri)
+      synchronize {
+        domain_uri, param = @challenge.find { |uri, v|
+          Util.uri_part_of(target_uri, uri)
+        }
+        return nil unless param
+        user, passwd = Util.hash_find_value(@auth) { |uri, auth_data|
+          Util.uri_part_of(target_uri, uri)
+        }
+        unless user
+          user, passwd = @auth_default
+        end
+        return nil unless user
+        domain = nil
+        domain, user = user.split("\\") if user.index("\\")
+        state = param[:state]
+        authphrase = param[:authphrase]
+        case state
+        when :init
+          t1 = Net::NTLM::Message::Type1.new
+          t1.domain = domain if domain
+          return t1.encode64
+        when :response
+          t2 = Net::NTLM::Message.decode64(authphrase)
+          param = {:user => user, :password => passwd}
+          param[:domain] = domain if domain
+          t3 = t2.response(param, @ntlm_opt.dup)
+          @challenge.delete(domain_uri)
+          return t3.encode64
+        end
+        nil
       }
-      unless user
-        user, passwd = @auth_default
-      end
-      return nil unless user
-      domain = nil
-      domain, user = user.split("\\") if user.index("\\")
-      state = param[:state]
-      authphrase = param[:authphrase]
-      case state
-      when :init
-        t1 = Net::NTLM::Message::Type1.new
-        t1.domain = domain if domain
-        return t1.encode64
-      when :response
-        t2 = Net::NTLM::Message.decode64(authphrase)
-        param = {:user => user, :password => passwd}
-        param[:domain] = domain if domain
-        t3 = t2.response(param, @ntlm_opt.dup)
-        @challenge.delete(domain_uri)
-        return t3.encode64
-      end
-      nil
     end
     # Challenge handler: remember URL and challenge token for response.
     def challenge(uri, param_str)
       return false unless NTLMEnabled
-      if param_str.nil? or @challenge[uri].nil?
-        c = @challenge[uri] = {}
-        c[:state] = :init
-        c[:authphrase] = ""
-      else
-        c = @challenge[uri]
-        c[:state] = :response
-        c[:authphrase] = param_str
-      end
-      true
+      synchronize {
+        if param_str.nil? or @challenge[uri].nil?
+          c = @challenge[uri] = {}
+          c[:state] = :init
+          c[:authphrase] = ""
+        else
+          c = @challenge[uri]
+          c[:state] = :response
+          c[:authphrase] = param_str
+        end
+        true
+      }
     end
   end
@@ -575,11 +628,14 @@ class HTTPClient
   #
   # SSPINegotiateAuth depends on 'win32/sspi' module.
   class SSPINegotiateAuth
+    include Mutex_m
     # Authentication scheme.
     attr_reader :scheme
     # Creates new SSPINegotiateAuth filter.
     def initialize
+      super
       @challenge = {}
       @scheme = "Negotiate"
     end
@@ -587,7 +643,9 @@ class HTTPClient
     # Resets challenge state.  Do not send '*Authorization' header until the
     # server sends '*Authentication' again.
     def reset_challenge
-      @challenge.clear
+      synchronize do
+        @challenge.clear
+      end
     end
     # Set authentication credential.
@@ -607,48 +665,52 @@ class HTTPClient
     def get(req)
       return nil unless SSPIEnabled || GSSAPIEnabled
       target_uri = req.header.request_uri
-      domain_uri, param = @challenge.find { |uri, v|
-        Util.uri_part_of(target_uri, uri)
-      }
-      return nil unless param
-      state = param[:state]
-      authenticator = param[:authenticator]
-      authphrase = param[:authphrase]
-      case state
-      when :init
-        if SSPIEnabled
-          authenticator = param[:authenticator] = Win32::SSPI::NegotiateAuth.new
-          return authenticator.get_initial_token(@scheme)
-        else # use GSSAPI
-          authenticator = param[:authenticator] = GSSAPI::Simple.new(domain_uri.host, 'HTTP')
-          # Base64 encode the context token
-          return [authenticator.init_context].pack('m').gsub(/\n/,'')
-        end
-      when :response
-        @challenge.delete(domain_uri)
-        if SSPIEnabled
-          return authenticator.complete_authentication(authphrase)
-        else # use GSSAPI
-          return authenticator.init_context(authphrase.unpack('m').pop)
+      synchronize {
+        domain_uri, param = @challenge.find { |uri, v|
+          Util.uri_part_of(target_uri, uri)
+        }
+        return nil unless param
+        state = param[:state]
+        authenticator = param[:authenticator]
+        authphrase = param[:authphrase]
+        case state
+        when :init
+          if SSPIEnabled
+            authenticator = param[:authenticator] = Win32::SSPI::NegotiateAuth.new
+            return authenticator.get_initial_token(@scheme)
+          else # use GSSAPI
+            authenticator = param[:authenticator] = GSSAPI::Simple.new(domain_uri.host, 'HTTP')
+            # Base64 encode the context token
+            return [authenticator.init_context].pack('m').gsub(/\n/,'')
+          end
+        when :response
+          @challenge.delete(domain_uri)
+          if SSPIEnabled
+            return authenticator.complete_authentication(authphrase)
+          else # use GSSAPI
+            return authenticator.init_context(authphrase.unpack('m').pop)
+          end
         end
-      end
-      nil
+        nil
+      }
     end
     # Challenge handler: remember URL and challenge token for response.
     def challenge(uri, param_str)
       return false unless SSPIEnabled || GSSAPIEnabled
-      if param_str.nil? or @challenge[uri].nil?
-        c = @challenge[uri] = {}
-        c[:state] = :init
-        c[:authenticator] = nil
-        c[:authphrase] = ""
-      else
-        c = @challenge[uri]
-        c[:state] = :response
-        c[:authphrase] = param_str
-      end
-      true
+      synchronize {
+        if param_str.nil? or @challenge[uri].nil?
+          c = @challenge[uri] = {}
+          c[:state] = :init
+          c[:authenticator] = nil
+          c[:authphrase] = ""
+        else
+          c = @challenge[uri]
+          c[:state] = :response
+          c[:authphrase] = param_str
+        end
+        true
+      }
     end
   end
@@ -664,6 +726,7 @@ class HTTPClient
   #
   class OAuth
     include HTTPClient::Util
+    include Mutex_m
     # Authentication scheme.
     attr_reader :scheme
@@ -737,9 +800,10 @@ class HTTPClient
     # Creates new DigestAuth filter.
     def initialize
+      super
       @config = nil # common config
       @auth = {} # configs for each site
-      @challengeable = {}
+      @challenge = {}
       @nonce_count = 0
       @signature_handler = {
         'HMAC-SHA1' => method(:sign_hmac_sha1)
@@ -750,7 +814,9 @@ class HTTPClient
     # Resets challenge state.  Do not send '*Authorization' header until the
     # server sends '*Authentication' again.
     def reset_challenge
-      @challengeable.clear
+      synchronize do
+        @challenge.clear
+      end
     end
     # Set authentication credential.
@@ -766,24 +832,21 @@ class HTTPClient
     # Set authentication credential.
     def set_config(uri, config)
-      if uri.nil?
-        @config = config
-      else
-        uri = Util.uri_dirname(urify(uri))
-        @auth[uri] = config
+      synchronize do
+        if uri.nil?
+          @config = config
+        else
+          uri = Util.uri_dirname(urify(uri))
+          @auth[uri] = config
+        end
       end
     end
     # Get authentication credential.
     def get_config(uri = nil)
-      if uri.nil?
-        @config
-      else
-        uri = urify(uri)
-        Util.hash_find_value(@auth) { |cand_uri, cred|
-          Util.uri_part_of(uri, cand_uri)
-        }
-      end
+      synchronize {
+        do_get_config(uri)
+      }
     end
     # Response handler: returns credential.
@@ -792,26 +855,47 @@ class HTTPClient
     # * child page of defined credential
     def get(req)
       target_uri = req.header.request_uri
-      return nil unless @challengeable[nil] or @challengeable.find { |uri, ok|
-        Util.uri_part_of(target_uri, uri) and ok
+      synchronize {
+        return nil unless @challenge[nil] or @challenge.find { |uri, ok|
+          Util.uri_part_of(target_uri, uri) and ok
+        }
+        config = do_get_config(target_uri) || @config
+        return nil unless config
+        calc_cred(req, config)
       }
-      config = get_config(target_uri) || @config
-      return nil unless config
-      calc_cred(req, config)
     end
     # Challenge handler: remember URL for response.
+    #
+    # challenge() in OAuth handler always returns false to avoid connection
+    # retry which should not work in OAuth authentication context.  This
+    # method just remember URL (nil means 'any') for the next connection.
+    # Normally OAuthClient handles this correctly but see how it uses when
+    # you need to use this class directly.
     def challenge(uri, param_str = nil)
+      synchronize {
+        if uri.nil?
+          @challenge[nil] = true
+        else
+          @challenge[urify(uri)] = true
+        end
+        false
+      }
+    end
+  private
+    def do_get_config(uri = nil)
       if uri.nil?
-        @challengeable[nil] = true
+        @config
       else
-        @challengeable[urify(uri)] = true
+        uri = urify(uri)
+        Util.hash_find_value(@auth) { |cand_uri, cred|
+          Util.uri_part_of(uri, cand_uri)
+        }
       end
-      true
     end
-  private
     def calc_cred(req, config)
       header = {}
       header['oauth_consumer_key'] = config.consumer_key