grid-proxy 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a79fba06f694fdac9174c53344d410b62f46477d
+  data.tar.gz: 43c42f5fa1de15331325ce880a25f620e214196e
+SHA512:
+  metadata.gz: 1131f2721731e9f49f7b488fe4722c9500af75411a978ee0e31b2a2efb3d496de450aab809dd5a24239adb725a3051fcda0748c4e50d6325ec904894a35044a8
+  data.tar.gz: bbbd7089be9ae6a7cd428011a8f4c0b8b0316f9b22bc45e03aab2371b38dc2b9dc81340cb90307cbb0792da799662d75f0da988dd478977643aaa3641186c311

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.idea

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/Gemfile

@@ -0,0 +1,16 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in grid-proxy.gemspec
+gemspec
+
+group :development, :test do
+  gem 'pry'
+
+  gem 'guard'
+  gem 'guard-rspec', '~>3.0.2'
+
+  gem 'rspec'
+  gem 'rspec-mocks'
+
+  gem 'libnotify'
+end

data/Guardfile

@@ -0,0 +1,5 @@
+guard :rspec do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$}) { |m| "spec/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb') { "spec" }
+end

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Marek Kasztelnik
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,51 @@
+# Grid::Proxy
+
+Simple utility for validating grid proxy.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'grid-proxy'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install grid-proxy
+
+## Usage
+
+```ruby
+require 'grid-proxy'
+
+# Username prefix is used to find correct user name.
+# For example in PlGrid infrastructure all users have 'plg' prefix
+# and this value is the default.
+proxy = GP::Proxy(proxy_payload, username_prefix)
+
+# throws GP::ProxyValidationError with message describing failure, 
+# when proxy is not valid. `path_to_crl_file` is optional
+proxy.verify!(ca_crt_payload, path_to_crl_file) 
+
+# `true` if proxy is valid, false otherwise.
+proxy.valid?(ca_crt_payload, path_to_crl_file)
+
+# Get proxy elements
+proxy.proxycert
+proxy.proxykey
+proxy.usercert
+
+# Get user name basing on given prefix
+proxy.username
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/grid-proxy.gemspec

@@ -0,0 +1,23 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'grid-proxy/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "grid-proxy"
+  spec.version       = GP::VERSION
+  spec.authors       = ["Marek Kasztelnik"]
+  spec.email         = ["mkasztelnik@gmail.com"]
+  spec.description   = %q{Grid proxy utils}
+  spec.summary       = %q{Grid proxy utils}
+  spec.homepage      = "https://github.com/dice-cyfronet/grid-proxy"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+end

data/lib/grid-proxy.rb

@@ -0,0 +1,3 @@
+require "grid-proxy/version"
+require "grid-proxy/proxy"
+require "grid-proxy/exceptions"

data/lib/grid-proxy/exceptions.rb

@@ -0,0 +1,3 @@
+module GP
+  class ProxyValidationError < StandardError; end
+end

data/lib/grid-proxy/proxy.rb

@@ -0,0 +1,101 @@
+module GP
+  class Proxy
+    CERT_START = '-----BEGIN CERTIFICATE-----'
+
+    attr_reader :proxy_payload
+
+    def initialize(proxy_payload, username_prefix = 'plg')
+      @proxy_payload = proxy_payload
+      @username_prefix = username_prefix
+    end
+
+    def proxycert
+      @proxycert ||= cert_for_element(1)
+    end
+
+    def proxykey
+      begin
+        @proxykey ||= OpenSSL::PKey.read(proxy_element(1))
+      rescue
+        nil
+      end
+    end
+
+    def usercert
+      @usercert ||= cert_for_element(2)
+    end
+
+    def verify!(ca_cert_payload, crl_payload = nil)
+      now = Time.now
+      raise GP::ProxyValidationError.new('Proxy is not valid yet') if now < proxycert.not_before
+      raise GP::ProxyValidationError.new('Proxy expired') if now > proxycert.not_after
+      raise GP::ProxyValidationError.new('Usercert not signed with trusted certificate') unless ca_cert_payload && usercert.verify(cert(ca_cert_payload).public_key)
+      raise GP::ProxyValidationError.new('Proxy not signed with user certificate') unless proxycert.verify(usercert.public_key)
+
+      proxycert_issuer = proxycert.issuer.to_s
+      proxycert_subject = proxycert.subject.to_s
+
+      raise GP::ProxyValidationError.new('Proxy and user cert mismatch') unless proxycert_issuer == usercert.subject.to_s
+      raise GP::ProxyValidationError.new("Proxy subject must begin with the issuer") unless proxycert_subject.to_s.index(proxycert_issuer) == 0
+      raise GP::ProxyValidationError.new("Couldn't find '/CN=' in DN, not a proxy") unless proxycert_subject.to_s[proxycert_issuer.size, proxycert_subject.to_s.size].to_s.include?('/CN=')
+
+      raise GP::ProxyValidationError.new("Private proxy key missing") unless proxykey
+      raise GP::ProxyValidationError.new("Private proxy key and cert mismatch") unless proxycert.check_private_key(proxykey)
+
+      raise GP::ProxyValidationError.new("User cert was revoked") if crl_payload != nil and revoked? crl_payload
+
+      if now < usercert.not_before || now > usercert.not_after
+        raise GP::ProxyValidationError.
+              new('Proxy signed by outdated certificate')
+      end
+    end
+
+    def valid?(ca_cert_payload, crl_payload = nil)
+      begin
+        verify! ca_cert_payload, crl_payload
+        true
+      rescue GP::ProxyValidationError
+        false
+      end
+    end
+
+    def revoked?(crl_payload)
+      # crl should to be verified with ca cert
+      # crl(crl_payload).verify()
+
+      #check for usercert serial in list of all revoked certs
+      revoked_cert = crl(crl_payload).revoked().detect do |revoked|
+        revoked.serial == usercert.serial
+      end
+
+      return revoked_cert != nil ? true : false
+
+    end
+
+    def username
+      username_entry = usercert.subject.to_a.detect do |el|
+        el[0] == 'CN' && el[1].start_with?(@username_prefix)
+      end
+
+      username_entry ? username_entry[1] : nil
+    end
+
+    private
+
+    def cert_for_element(element_nr)
+      cert(proxy_element(element_nr))
+    end
+
+    def proxy_element(element_nr)
+      "#{CERT_START}#{@proxy_payload.split(CERT_START)[element_nr]}"
+    end
+
+    def cert(payload)
+      OpenSSL::X509::Certificate.new payload
+    end
+
+    def crl(payload)
+      OpenSSL::X509::CRL.new payload
+    end
+  end
+end

data/lib/grid-proxy/version.rb

@@ -0,0 +1,3 @@
+module GP
+  VERSION = "0.1.0"
+end

data/spec/certs/cert_and_key_mismatch

@@ -0,0 +1,64 @@
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIEccygMzANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJQ
+TDEQMA4GA1UEChMHUEwtR3JpZDETMBEGA1UEChMKVXp5dGtvd25pazERMA8GA1UE
+ChMIQ1lGUk9ORVQxGTAXBgNVBAMTEE1hcmVrIEthc3p0ZWxuaWsxFjAUBgNVBAMT
+DXBsZ2thc3p0ZWxuaWswHhcNMTMxMjA0MDY0ODI5WhcNMTMxMjA0MTg1MzI5WjCB
+jzELMAkGA1UEBhMCUEwxEDAOBgNVBAoTB1BMLUdyaWQxEzARBgNVBAoTClV6eXRr
+b3duaWsxETAPBgNVBAoTCENZRlJPTkVUMRkwFwYDVQQDExBNYXJlayBLYXN6dGVs
+bmlrMRYwFAYDVQQDEw1wbGdrYXN6dGVsbmlrMRMwEQYDVQQDEwoxOTA5MjM1NzYz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDiSbXqodFP+mI9SU2DrI3n3lI7
+j3mMo88c55lqKOzwk93NibvVk79shbz/rzbAFh9Phm/QE58wR460FAFPnbuCvVhu
+N7KcN6p5JDancapWIwAsjsljfMMTsYAQ8xhL0Rxl0UcGeeaUHNsZvXGZX+eWuk+F
+YtzCKlYo5i3sz1swCwIDAQABo0YwRDATBgNVHSUEDDAKBggrBgEFBQcDAjAOBgNV
+HQ8BAf8EBAMCBLAwHQYIKwYBBQUHAQ4BAf8EDjAMMAoGCCsGAQUFBxUBMA0GCSqG
+SIb3DQEBBQUAA4IBAQAiCx3X+5sNXMf9IFe6+D9LLjVzWor3FUaU8mGnSV0oATkH
+evzSSEBggWlnWFDNaxBM1kSugbupFjG7QRl4X8ecCYSeewqC4jyox1SI3EKaPXt9
++x8BwxFDhoszQjh2BUSSlDskr/W4rlqVUc9o45W4Ur8R7dfmegb4LE/UQ7pUqLUC
+RoXibDV8pPaWTtiv/6NuMfGQA6UtNxncDWp5irY22r8NZKpmBJjGeB3RE46CCyiZ
++SlHDM+3DTKSRLOmt03R7PE+HAx+m/h4mnKFpabGECGwmgo69c93BpJz7+b4pZ5B
+7QL0mKdh5Srebiqwxy9pKJt6el53w9C7/7FW+Bvs
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC9GAYDB9Ym65pkR0CxQl8NOjXSBxtuesc5UDXIILpD60BSZ00k
+n70u37KadNmvPUtzT7+DMDZmFkAWxtHSmT7Id33nAz25ge5wkc7HPhmn4g5G4udc
+gMjXG0eWg7+/Oe8nxVh8YgX/VobOhApPvpxsYkuvBwxTyok66uqTzAyD0QIDAQAB
+AoGAdzNKruRkwjopJGeqR1OgmbUFMnXafAWXyvBeRt8irCgDby7BeYHc/0xyyV05
+0HciNfmir29YC3ihQ/pnUIvb/+oO0cWtd4th3ZLGEJo1YFxsNSERvQnjFrm0q/BM
+bNtThlGB6k8KNrp8PIaQDPep0TnlUxEUsr2g5t2d0sYSpzUCQQD1aiAXmBosb1Ql
+XZ2bH+ORkJDm3GNMKYGxg3BgP9eOYaMKD29Pa5xd5xGWvzDV2wFjs+Z7TBsXtK7E
+kyg5rwazAkEAxUAA0YOx1O1Pw7+FwOfEtlW1W2JwEJahPGktz2wE5RLNo/p/eXnJ
+qb3UHz2aSQPKVk1kuoY0L3bx3rExrwvtawJAQvdJeIa1pahfQq7v4bNq6n6TO5up
+sM+mpyShlnH1RNHZplYd3oMTsP/racIT9lcDYwxk+QIEZoyUH+mz0UG0RwJBAKZv
+qgEfkXcsQujV+0NZjVeZHG0es5abszMpQLlL2Rl9cz1RCizzAaGThqBRt5SyeRG3
+Pi5RPUlroQ0aEOU2OD8CQQCA6crpDU0RXqrpBjrTUgi3Nvl6KFj8YPVGd3QOYM3m
+fSh4/xPzp1gsJd1lWN22AuUhJgWggTbXVI98Ueybiu4G
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIE+zCCAuOgAwIBAgIIebhrdbR7A/IwDQYJKoZIhvcNAQEFBQAwMzELMAkGA1UE
+BhMCUEwxEDAOBgNVBAoTB1BMLUdyaWQxEjAQBgNVBAMTCVNpbXBsZSBDQTAeFw0x
+MjEyMTIxMzQ2MDhaFw0xMzEyMTIxMzQ2MDhaMHoxCzAJBgNVBAYTAlBMMRAwDgYD
+VQQKEwdQTC1HcmlkMRMwEQYDVQQKEwpVenl0a293bmlrMREwDwYDVQQKEwhDWUZS
+T05FVDEZMBcGA1UEAxMQTWFyZWsgS2FzenRlbG5pazEWMBQGA1UEAxMNcGxna2Fz
+enRlbG5pazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCzblkq3S7N
+jb1i0feRHMWfJBUxhBpqf8wJrH6Ez9lwgeltEDd/dc7pRpuD9PuORyQrEB2xC+Eu
+iK528UA4ravcCWVOnNlX7o/Ab1BsyevkwtFFzrODfYPpErXM/b+m1uRSRoeZG5/U
+LcPAD0tnsXWoiU+XoGi3DYGAb7xGRm0sQYfHxCJQ/2QmkQKGY3K1leWSVTlvZtxd
+bryNQSgJU+0XZnsuTcJcst6vlyERe02KjCBZ6qYeBMSJ55JHATupc0zF5HIX4Keq
+drvoSueI1QI808Jzqd+saKDOXtHGhDjOslNBw61j0Vb3NXIX9LYTn2I/vBoz2k4P
+JhVYKs0ICn0CAwEAAaOByzCByDAdBgNVHQ4EFgQUb/DPnzblDbrcnpMkcKAq4x4Q
+DUgwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSpE1FZa0RLf5yh9znM2AH8VFVA
+LTAaBgNVHSAEEzARMA8GDSsGAQQBgpYtAQEBAQIwNwYDVR0fBDAwLjAsoCqgKIYm
+aHR0cDovL3BsZ3JpZC1zY2Eud2Nzcy53cm9jLnBsL2NybC5kZXIwDgYDVR0PAQH/
+BAQDAgSwMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4ICAQDD
+0vkRC4BswLwX7IA/W0KsAMEI8W9R7+iw7grMxZY9rsLn3BmRxWpJ27bhhIRr986p
+fR+ydWPHPEslXu4CqOtSp6EJf4IU+4ZM8622W2YjsGHpYDjk3WvSiq2TuSGzFJMd
+SuAqdmVKsX8gudo8TdxUAuf4BdliQiSVJFIN/8HnPolOa4N5yPBudr9/PqQ5yRbJ
+Ijlgsp4It4FRT4ats73u0cmVRMNIKSKJ3PSsDKtP3NUy0hrDdDKlWD8DqkYnE2p2
+KALqmMQ3xiKlH1+VWwBrMDn+Py86hEYJ1+ZaRsyUSrhEKTEi9KZmFCDlPnvtHVJ3
+emI7QguphAXoHcMQmuk35mIcZBWisp/fgJMEH0DgHrxDufpFeI90xDmtI9Nr+Uy0
+n7lfmr52YfYUybRuVbZpGt9W8B6KEXHi9wwbEemh1uX2q/STTnC24ICL2vf7h+yn
++5U2YKmsk02JVy21ADkcDhUGZ7V2wn19MKJOGzL0DxmcomeIp0GEhn6uL01fyDcl
+cJOHH6aXQJRz+v/QHwRnc2kDJi0HzukeHgzGk26IxOB/zkWp/amjJrDwTwVkQu0S
+Jl2p4TIy7eeQsGgN1xiAxFCc7zNRyeZ8gXFQRg+OI49sVUBk1m4HAZJvqJIgxkie
+g8nOThxmD2nRRAYwwEx4pQZdAiid0c/fzt3L0cLAXg==
+-----END CERTIFICATE-----

data/spec/certs/invalid_proxy

@@ -0,0 +1,96 @@
+-----BEGIN CERTIFICATE-----
+MIIDRDCCAiygAwIBAgIEZv7HyDANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJQ
+TDEQMA4GA1UEChMHUEwtR3JpZDETMBEGA1UEChMKVXp5dGtvd25pazERMA8GA1UE
+ChMIQ1lGUk9ORVQxGDAWBgNVBAMTD0RhbmllbCBIYXJlemxhazEUMBIGA1UEAxML
+cGxnaGFyZXpsYWswHhcNMTMxMDIxMDkwNDQ0WhcNMTMxMDIxMjEwOTQ0WjCBjDEL
+MAkGA1UEBhMCUEwxEDAOBgNVBAoTB1BMLUdyaWQxEzARBgNVBAoTClV6eXRrb3du
+aWsxETAPBgNVBAoTCENZRlJPTkVUMRgwFgYDVQQDEw9EYW5pZWwgSGFyZXpsYWsx
+FDASBgNVBAMTC3BsZ2hhcmV6bGFrMRMwEQYDVQQDEwoxNzI3OTczMzIwMIGfMA0G
+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnlWzI9AGKQsoXnNXtB8eRgYRdh617FdQd
+Zhg2r8eCEMu4/o1qUbjFFydNVmjgolpj0Zux6CWOnuvnSAqEJdBk5I+FMCpGGGUk
+VqpobL8pWSEypniWEgVFPgVY7/Ayr4LjLXXvGwq/mbH6fjCJHsvKDRkKbOlfNDmf
+7qQANZVcCQIDAQABo0YwRDATBgNVHSUEDDAKBggrBgEFBQcDAjAOBgNVHQ8BAf8E
+BAMCBLAwHQYIKwYBBQUHAQ4BAf8EDjAMMAoGCCsGAQUFBxUBMA0GCSqGSIb3DQEB
+BQUAA4IBAQCTtTXA5BHQ4jJ+Nivz/3ZxH74UrBpfj8WJFuMiLGBhwRaKItOs4WZE
+xc8Qp/rvanA5pB44ox34PwlKpdqkQrfvOwwnY+N/YnseUHNTR2W6Svs64c2ghEXS
+EzqsPAV2y7VvyCva//8rdR7jJRIphJAqMzhhV26CtbB6qlEK02WN8BQR8kf1Zf21
+b0koEjF10HpjnCKNNLR6N5h57H31+c3ODvXR7z/1xo5qgNWPyYG9tx47Cjns8nYA
+CD1UGpKASm5hjdA4skXDyuqW5wnQbxvkKTBCj+xPhoBnYWZRjE968Wd31v55c1EE
+OuuNI2fjovwzMHwbNPf0kv4/SWbxWP2k
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCnlWzI9AGKQsoXnNXtB8eRgYRdh617FdQdZhg2r8eCEMu4/o1q
+UbjFFydNVmjgolpj0Zux6CWOnuvnSAqEJdBk5I+FMCpGGGUkVqpobL8pWSEypniW
+EgVFPgVY7/Ayr4LjLXXvGwq/mbH6fjCJHsvKDRkKbOlfNDmf7qQANZVcCQIDAQAB
+AoGAagwkywWd8+BQAqE8vsIth+Zt3MH/BeTKVdBFglW56pS2Vlq/IoiUZCRCuq3z
+sDMNAB2kaPB+08G9hp4QCY/kTu4uYtOBSRsuNDVELN9S2zL6wRHzPGnUYSCnKpP0
+hRzhHF+PG5oDtkhe3/mUbHE6aWiccJiJIeXdPCaOl8H3AAECQQDP60d8gMbUT0uh
+W5u+DU0D3+1+7tdYzQqX409nZvVRCDmxH5fzsuhvH54MxkwAUFgwSTMXjH3f0/Qn
+XcMXNc+BAkEAzlZPEqYo9387ples27vFYigPWP4zFlm94I0HlpD8eLZbp4aRXnVe
+mQ7zmchsfdjo9Hq/TYATNmC4ZaC34XFQiQJATFGYk+LRGO1iXYA60rAfLOTtUEJr
+WXUqBkaxxsrMEUprotBt/k4Vc3SvlxDSpOrY9CBqWKKBMb+jRy/rhIGEAQJBAMdm
+tUfKd/CmbpjUReKb1aaEHEDed7RzyYGGCP1C5Bor8Os2qqlkN6Umw9erztzXkFkj
+fliBGxAD7G+aH9moTjECQFBqZBl1vFbfXlYsbJvyzI6BsL+pHdzF6s2AwJMdwbQ7
+w5ty/0htdxg7+3TNUXc5z7vIhz+ugEoccseNzn174fA=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIE+DCCAuCgAwIBAgIIGYYg85BsUXIwDQYJKoZIhvcNAQEFBQAwMzELMAkGA1UE
+BhMCUEwxEDAOBgNVBAoTB1BMLUdyaWQxEjAQBgNVBAMTCVNpbXBsZSBDQTAeFw0x
+MzA3MTAwNjM4NDNaFw0xNDA3MTAwNjM4NDNaMHcxCzAJBgNVBAYTAlBMMRAwDgYD
+VQQKEwdQTC1HcmlkMRMwEQYDVQQKEwpVenl0a293bmlrMREwDwYDVQQKEwhDWUZS
+T05FVDEYMBYGA1UEAxMPRGFuaWVsIEhhcmV6bGFrMRQwEgYDVQQDEwtwbGdoYXJl
+emxhazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALapGpwRnWScy+HS
+NjtLSaL7Ye6vZnnemiQL8NxxL4yFg2A1vLXuxWpbM8BZdhOV2qSs3YCg3s7fAbTf
+D0jEk+V2NODTRk8ajKnK2/o+fGWzwhkgOoAZIY7lzB/QBS3h5Viu3otmfo+UWXDG
+ZFwJIxIluki0KUXcBZkbPoPaIZ5RqBWI9ZP8ihtfNT5zojiKE2Nmccp0QApsJDEX
+bFb490cgwviXhEuoHumAdfiPVNTW3591YzPgVvzrzc2r/dBR3cS08tJfFTLl3oz9
+Yq7luoTai4xehAIxAl4mt1/3gWrSmqlT91g4kKvQna6d1bkGpQ1bjoeik3NCenhP
+2rtp/ucCAwEAAaOByzCByDAdBgNVHQ4EFgQUMMsCoqqMZ93X0zaJwoH4eTTxIUsw
+DAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSpE1FZa0RLf5yh9znM2AH8VFVALTAa
+BgNVHSAEEzARMA8GDSsGAQQBgpYtAQEBAQIwNwYDVR0fBDAwLjAsoCqgKIYmaHR0
+cDovL3BsZ3JpZC1zY2Eud2Nzcy53cm9jLnBsL2NybC5kZXIwDgYDVR0PAQH/BAQD
+AgSwMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4ICAQAkhIBh
+2o6TzODMDseBcH/xKlTt1/+r8s3rCGf0mZ8/T2/DNaPUMgK0xvnPe2UqTJJPLDm4
+2R1d4ILUGfq6zfDiVAxXDIOOJEe0svud68GDTIIICrMqzY3m+NtAgRifd3KQWBBs
+TV6gsvwncG805xUE9e7pYyKzHgOF6B693ByuSbacqukd3gLRyl3ECGxzZg8RjAnX
+KC0QRC+5igtcbh3REqgxkq9AHMF2eHKYIW4cPoUe1EVR5cNv52LNr9AWF+VV8jWV
+6QyhmN9mjMsiYOrJ1VXZdpd4Kv0CTZKcNUektdqh8eg5kwLhdKzfHi/Ta9UdbWDY
+B8IxTDlKieM/LAYSbXpBE8Iocn81FcocqujgFGC4hdRASr6RPkc89TZ5Qb5+Gla4
+eRiO3c7sC+Q8upFqdbdu3RVjVgM/da3f83IETq4nkjC4sDov1zah5+I/oxYL4u0u
+p3a/Hyl0s2FPngxmUVh7snBZpf4om/56mleCCcvmWD+/vc6tWWV53y6LiQ9dL8g5
+3P2Jj1O2OgnSC+8bHxBrmJ7cCY2a/2mAv8SvM3yF4Yqctw3FXZMuEmZVjbMJTHRA
+411MlFWsFDoZQxznq7/Hmm4SLpk7GkYuO06CUCl/Atk8LzEax/yIdjF/tfJbvuFL
+B4DZGgNwe4EA4B+74pVehZHcsBusXcJdctVy7w==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFhjCCA26gAwIBAgIIV39Xlts+63QwDQYJKoZIhvcNAQEFBQAwMzELMAkGA1UE
+BhMCUEwxEDAOBgNVBAoTB1BMLUdyaWQxEjAQBgNVBAMTCVNpbXBsZSBDQTAeFw0x
+MDA0MDIxNDA0MjFaFw0zMDA0MDIxNDA0MjFaMDMxCzAJBgNVBAYTAlBMMRAwDgYD
+VQQKEwdQTC1HcmlkMRIwEAYDVQQDEwlTaW1wbGUgQ0EwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDE0NE7HS6BfXAkwXJbxdKQ/7/urjWyw49IpxXno4SN
+WDa7mFfqDu5pJeY5mw/mAfpirOjshrHouqf34vLRe8en6HTCYADXN23vVICM73QH
+PmvSOJoPNQPQImsVYTOSlwyQA8DgRmOUoQ94wZw+yqwwCTJOQJ9ncuLAYJ9myvYG
+VqPTN6lznFz6o/YUIPECsZ6JtJIc0ubXtt55thVkhzgce8GNusB0jREQ+KMkQlKx
+0xBQLkPJ+GW0cVyJIVW8EC3YHZJnWpmU5CdJn6MTBc76HwTN7IEGELJ3hoPd2lYw
+rLol8AWK1kxNCnOXioDrJNialwA1kTb5pE+PTswBnH3z0UEoxISTjbJzwc418TBt
+9MKOLSqPMXAjIvTkM1ZFj/fCxUgm/aT/4+19m9tDnnQIO6br4An8qMAsmZRmIWQ/
+s2FDVYvhxInJkjtfccFOCYKUMEePl3OCTUgz1K2Aonrg3Iu4dHVWwLZbyersOe32
+NBxEH/q2Xy8XYg+cxwokjlyQwrIohkxwIquwFWr/CXLhtGKIBoHnn/+Tt4Vz5eQb
+2/Z+Xc1hpXPCYXKyYKKu9d+gBrb2mJ9al/SRzJ+DVRfphcuN6bNsIakb+B8cUwP2
+vkh6JNJl7/BmmP9fvZ0adfaI/EQLjo4Angm3dxskzKMNX/PWY0SRInAKxE5MIiEz
+vwIDAQABo4GdMIGaMB0GA1UdDgQWBBSpE1FZa0RLf5yh9znM2AH8VFVALTAPBgNV
+HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKkTUVlrREt/nKH3OczYAfxUVUAtMDcG
+A1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9wbGdyaWQtc2NhLndjc3Mud3JvYy5wbC9j
+cmwuZGVyMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAgEAi13PWttc
+ReDFS9LOX91dhySRQcixT07AJWtys5VDwwy1DjPMwPF+Avanq9JZ5EII3yAvtZ0G
+ikSE5OrYB4PC5mnJFwBGDIU/S2RBgwxEJUTAttRXrubyYPk3KBbJoCCQ2JdSY52P
+Krde43ykQswHpKls9V3bhwpRZIoJt0e76qBNOuiRf4CUupj5BhRto072qDlWWBfY
+BWg6YANwYXJc/+OvwUemEJGmYLT50zQBce7eIE4KcT44NqN5KG5tLMLH4tHfuVPe
+n1eabXUu6W//RtlgxgNKjGKrPF7nz36HPLxcOqzEHcD7h2MEWo9vICbipWPmrfyW
+5OQ8UrCbXRmRnLodzhJrfXzA69PiZqCYERnu0RsvXLNWFRlQsbNfB5Ju3PJo9jtb
+Mi6chpDMOgeogtPJNBw+XtgPha/MMPumOfl2uo1UIoeA1hF1uTGyLG2lDSA1kx+B
+XJIJmDdsy/CBItl7zBM5oI9J+UeZp+H3jbRsmBXX6hmcNq3154nMpKV7n/ZfUbFG
+Dk6eeapZA7/uqmXGcUAzcs5cPYW2FT02dcf2neU43bP5Z4+H7TpOU+LLVhs6Wdvr
+rXaHEPmM8y+Zc9przAguYFseftKKtXwG5s8WC/brfRr5SUrnlYSQnd4LnO4VbDBo
+rdb1YMm3y1JWoXT/Ckvtl9xnumA2r8pyg7g=
+-----END CERTIFICATE-----

data/spec/certs/no_proxy

@@ -0,0 +1,62 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdGgAwIBAgIBADANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJQTDEQ
+MA4GA1UEChMHUEwtR3JpZDETMBEGA1UEChMKVXp5dGtvd25pazERMA8GA1UEChMI
+Q1lGUk9ORVQxGTAXBgNVBAMTEE1hcmVrIEthc3p0ZWxuaWsxFjAUBgNVBAMTDXBs
+Z2thc3p0ZWxuaWswHhcNMTMxMjA0MDY0ODI5WhcNMTMxMjA0MTg1MzI5WjB6MQsw
+CQYDVQQGEwJQTDEQMA4GA1UECgwHUEwtR3JpZDETMBEGA1UECgwKVXp5dGtvd25p
+azERMA8GA1UECgwIQ1lGUk9ORVQxGTAXBgNVBAMMEE1hcmVrIEthc3p0ZWxuaWsx
+FjAUBgNVBAMMDXBsZ2thc3p0ZWxuaWswgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBANEMEopg60rELXV9qz87XbzTxj4lt5HOulQfTNvP1hO3p/GHdZ3UN0TRKGTW
+fUp7zgzbPEeTOFAYbiraQab2heBS9m6M1Sxodt+nRArsm16uu6DIG1r2aNoUolhJ
+Tx9D5WNgmOXZQjrJL905GF3hd2xe/Z7z6e9NcL9QNjvVZwBHAgMBAAEwDQYJKoZI
+hvcNAQEFBQADggEBAF3RnFI4//Y0lke8QW/niB5v7LOzLeO/M6rTrsfEyCFYAPZE
+wXfZo3HLgUQfOVYgpBNJ7USWr171RDbSvnwR1mziynhCpNQ4oc/5Q5cFF1qn+3wV
+bEwZFhij4TYoFUPFtiqT3j3tMuO3HGl2MbF18VKTnzc1YOQnfohXmtISI2lpoQzL
+j+R2RATMPKw3CwnanzsLe/8x8XUfZV0XtuOwb5h+08q+StfAurqgyugwquTSOHn+
+M8ZG5LYOihiMo6XEWbNzri8Z+/KKvNUY3BnAL4llg49zhk6XsJEy0Htx8e6cqtAg
+x4MY+vuO8U+MCNMwUcbtydafwD3bK+lYia4vtXU=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDRDBKKYOtKxC11fas/O12808Y+JbeRzrpUH0zbz9YTt6fxh3Wd
+1DdE0Shk1n1Ke84M2zxHkzhQGG4q2kGm9oXgUvZujNUsaHbfp0QK7JterrugyBta
+9mjaFKJYSU8fQ+VjYJjl2UI6yS/dORhd4XdsXv2e8+nvTXC/UDY71WcARwIDAQAB
+AoGAUg9JH+TXuCu2JI7GMDYfn8YJ5c9sdeIOpoL66rZ1NJw9YsRn2SK651qrXpoL
+6LcctVNCIF6cFmTgqhWu+9l9x1DK/LF6pH7EFz15Hvk7OPJdYGzkEVvj3YxwnVj6
+VD1wTAaXjeBlwB8bQlJvHysl8TtKjqqJd4hzLEESh8QbENECQQD7Vs+DtyP0XMyN
+nUtZ21TWXFy0bbNwG9AKVnSdYGzXw0jaAWvNoKEycI3R00pNvHytg2fFDxlENzgU
++gNpB02jAkEA1Ox88FNzSyhTDMBRaXOSsh3/z2jPjEyWSXGqYK+dgfXd4Bhq3FPq
+x9oQb7a9snKrDwn9BLNzARkAVTgxHOqlDQJAJv29rapguo0W8rU/Nk5vZ93mR9to
+5fB6os/swWlvGT3jdGaaCclsmH2bkrybn1mpYeWr2IdSHSIP4jkzBD0szwJBAIIG
+TKGiBFUQMe8mflDMH/gfc7jgA2Zk2p3NCMN0WtYjI7QWlSMpJ8WVd9YQnTUc6zMK
+4XT+dKtl7hscbnl/HP0CQECEQoUMY80NpwxaLp2nGQ22hVIXE5rurc8iRrPuQyeH
+Oe2POF/BDdy1yNSkdbm8zOo0eCt1zRdnh2bT24yEtOk=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIE+zCCAuOgAwIBAgIIebhrdbR7A/IwDQYJKoZIhvcNAQEFBQAwMzELMAkGA1UE
+BhMCUEwxEDAOBgNVBAoTB1BMLUdyaWQxEjAQBgNVBAMTCVNpbXBsZSBDQTAeFw0x
+MjEyMTIxMzQ2MDhaFw0xMzEyMTIxMzQ2MDhaMHoxCzAJBgNVBAYTAlBMMRAwDgYD
+VQQKEwdQTC1HcmlkMRMwEQYDVQQKEwpVenl0a293bmlrMREwDwYDVQQKEwhDWUZS
+T05FVDEZMBcGA1UEAxMQTWFyZWsgS2FzenRlbG5pazEWMBQGA1UEAxMNcGxna2Fz
+enRlbG5pazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCzblkq3S7N
+jb1i0feRHMWfJBUxhBpqf8wJrH6Ez9lwgeltEDd/dc7pRpuD9PuORyQrEB2xC+Eu
+iK528UA4ravcCWVOnNlX7o/Ab1BsyevkwtFFzrODfYPpErXM/b+m1uRSRoeZG5/U
+LcPAD0tnsXWoiU+XoGi3DYGAb7xGRm0sQYfHxCJQ/2QmkQKGY3K1leWSVTlvZtxd
+bryNQSgJU+0XZnsuTcJcst6vlyERe02KjCBZ6qYeBMSJ55JHATupc0zF5HIX4Keq
+drvoSueI1QI808Jzqd+saKDOXtHGhDjOslNBw61j0Vb3NXIX9LYTn2I/vBoz2k4P
+JhVYKs0ICn0CAwEAAaOByzCByDAdBgNVHQ4EFgQUb/DPnzblDbrcnpMkcKAq4x4Q
+DUgwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSpE1FZa0RLf5yh9znM2AH8VFVA
+LTAaBgNVHSAEEzARMA8GDSsGAQQBgpYtAQEBAQIwNwYDVR0fBDAwLjAsoCqgKIYm
+aHR0cDovL3BsZ3JpZC1zY2Eud2Nzcy53cm9jLnBsL2NybC5kZXIwDgYDVR0PAQH/
+BAQDAgSwMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4ICAQDD
+0vkRC4BswLwX7IA/W0KsAMEI8W9R7+iw7grMxZY9rsLn3BmRxWpJ27bhhIRr986p
+fR+ydWPHPEslXu4CqOtSp6EJf4IU+4ZM8622W2YjsGHpYDjk3WvSiq2TuSGzFJMd
+SuAqdmVKsX8gudo8TdxUAuf4BdliQiSVJFIN/8HnPolOa4N5yPBudr9/PqQ5yRbJ
+Ijlgsp4It4FRT4ats73u0cmVRMNIKSKJ3PSsDKtP3NUy0hrDdDKlWD8DqkYnE2p2
+KALqmMQ3xiKlH1+VWwBrMDn+Py86hEYJ1+ZaRsyUSrhEKTEi9KZmFCDlPnvtHVJ3
+emI7QguphAXoHcMQmuk35mIcZBWisp/fgJMEH0DgHrxDufpFeI90xDmtI9Nr+Uy0
+n7lfmr52YfYUybRuVbZpGt9W8B6KEXHi9wwbEemh1uX2q/STTnC24ICL2vf7h+yn
++5U2YKmsk02JVy21ADkcDhUGZ7V2wn19MKJOGzL0DxmcomeIp0GEhn6uL01fyDcl
+cJOHH6aXQJRz+v/QHwRnc2kDJi0HzukeHgzGk26IxOB/zkWp/amjJrDwTwVkQu0S
+Jl2p4TIy7eeQsGgN1xiAxFCc7zNRyeZ8gXFQRg+OI49sVUBk1m4HAZJvqJIgxkie
+g8nOThxmD2nRRAYwwEx4pQZdAiid0c/fzt3L0cLAXg==
+-----END CERTIFICATE-----