httpclient 2.8.3 → 2.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 45217dcc777d36d71246dd468e40b79caad351d6
-  data.tar.gz: afcf1a175414e0a1dde95eb5823b0fa339655d9c
+SHA256:
+  metadata.gz: e1df0b78f53d502000683d048be1316f156247e5e17995f5fb04a125302bdb4e
+  data.tar.gz: d533eeaf2333f2f35820441a74cdf84075e5227d4fb0648f4e2ea4d2099bd511
 SHA512:
-  metadata.gz: f5ae105eb3b269d67521a35446e3518b359e7a359c0c8a14500ef9e9ff8c4681c20b103bb4d5a2f96cdd9caa337fc149f39df3754bb9f3185b6914f284adfdc0
-  data.tar.gz: 005d1769b6906e0c107ba63e7a178c4d73aae59198ed3efe866e8722fdadcf4c4142c3724c167b6db5f8a45cb03f517083164c18fdd1aa65074dc4ab362bc9de
+  metadata.gz: 94024e0c5b5bd08800d9b3989151ab919869fabcaed65e4a375490fde0f6ea3b5bfc3ad4a5a9803bb057c5b8d36efc10c6ae5ade8a974c665d443730c63bc7ba
+  data.tar.gz: 768ae9ad96a73740675aca861a81075af3164a4b8875f81368a3228ecfdf523fe6c13cd9355bbe8ddd9155031ff1f908d8ec85e1bd112e0cd31d8b26d809dd6a

data/lib/hexdump.rb

@@ -11,13 +11,13 @@ module HexDump
     result = []
     while raw = str.slice(offset, 16) and raw.length > 0
       # data field
-      data = ''
+      data = ''.dup
       for v in raw.unpack('N* a*')
-	if v.kind_of? Integer
-	  data << sprintf("%08x ", v)
-	else
-	  v.each_byte {|c| data << sprintf("%02x", c) }
-	end
+        if v.kind_of? Integer
+          data << sprintf("%08x ", v)
+        else
+          v.each_byte {|c| data << sprintf("%02x", c) }
+        end
       end
       # text field
       text = raw.tr("\000-\037\177-\377", ".")
@@ -25,12 +25,12 @@ module HexDump
       offset += 16
       # omit duplicate line
       if /^(#{regex_quote_n(raw)})+/n =~ str[offset .. -1]
-	result << sprintf("%08x  ...", offset)
-	offset += $&.length
-	# should print at the end
-	if offset == str.length
-	  result << sprintf("%08x  %-36s  %s", offset-16, data, text)
-	end
+        result << sprintf("%08x  ...", offset)
+        offset += $&.length
+        # should print at the end
+        if offset == str.length
+          result << sprintf("%08x  %-36s  %s", offset-16, data, text)
+        end
       end
     end
     result

data/lib/httpclient/http.rb

@@ -238,7 +238,7 @@ module HTTP
       if defined?(Encoding::ASCII_8BIT)
         def set_body_encoding
           if type = self.content_type
-            OpenURI::Meta.init(o = '')
+            OpenURI::Meta.init(o = ''.dup)
             o.meta_add_field('content-type', type)
             @body_encoding = o.encoding
           end
@@ -491,7 +491,7 @@ module HTTP
       # String.
       #
       # assert: @size is not nil
-      def dump(header = '', dev = '')
+      def dump(header = '', dev = ''.dup)
         if @body.is_a?(Parts)
           dev << header
           @body.parts.each do |part|
@@ -521,7 +521,7 @@ module HTTP
       # reason. (header is dumped to dev, too)
       # If no dev (the second argument) given, this method returns a dumped
       # String.
-      def dump_chunked(header = '', dev = '')
+      def dump_chunked(header = '', dev = ''.dup)
         dev << header
         if @body.is_a?(Parts)
           @body.parts.each do |part|
@@ -574,7 +574,7 @@ module HTTP
       end
 
       def dump_file(io, dev, sz)
-        buf = ''
+        buf = ''.dup
         rest = sz
         while rest > 0
           n = io.read([rest, @chunk_size].min, buf)
@@ -585,7 +585,7 @@ module HTTP
       end
 
       def dump_chunks(io, dev)
-        buf = ''
+        buf = ''.dup
         while !io.read(@chunk_size, buf).nil?
           dev << dump_chunk(buf)
         end
@@ -618,8 +618,8 @@ module HTTP
           if Message.file?(part)
             @as_stream = true
             @body << part
-            if part.respond_to?(:lstat)
-              sz = part.lstat.size
+            if part.respond_to?(:stat)
+              sz = part.stat.size
               add_size(part, sz)
             elsif part.respond_to?(:size)
               if sz = part.size
@@ -954,7 +954,7 @@ module HTTP
 
     # Dumps message (header and body) to given dev.
     # dev needs to respond to <<.
-    def dump(dev = '')
+    def dump(dev = ''.dup)
       str = @http_header.dump + CRLF
       if @http_header.chunked
         dev = @http_body.dump_chunked(str, dev)

data/lib/httpclient/jruby_ssl_socket.rb

@@ -20,14 +20,18 @@ unless defined?(SSLSocket)
 
     BUF_SIZE = 1024 * 16
 
+    def self.normalize_timeout(timeout)
+      [Java::JavaLang::Integer::MAX_VALUE, timeout].min
+    end
+
     def self.connect(socket, site, opts = {})
       socket_addr = InetSocketAddress.new(site.host, site.port)
       if opts[:connect_timeout]
-        socket.connect(socket_addr, opts[:connect_timeout])
+        socket.connect(socket_addr, normalize_timeout(opts[:connect_timeout]))
       else
         socket.connect(socket_addr)
       end
-      socket.setSoTimeout(opts[:so_timeout]) if opts[:so_timeout]
+      socket.setSoTimeout(normalize_timeout(opts[:so_timeout])) if opts[:so_timeout]
       socket.setKeepAlive(true) if opts[:tcp_keepalive]
       socket
     end
@@ -491,6 +495,8 @@ unless defined?(SSLSocket)
         ssl_connect(dest.host)
       rescue java.security.GeneralSecurityException => e
         raise OpenSSL::SSL::SSLError.new(e.getMessage)
+      rescue java.net.SocketTimeoutException => e
+        raise HTTPClient::ConnectTimeoutError.new(e.getMessage)
       rescue java.io.IOException => e
         raise OpenSSL::SSL::SSLError.new("#{e.class}: #{e.getMessage}")
       end
@@ -546,13 +552,13 @@ unless defined?(SSLSocket)
     def create_ssl_socket(socket, dest, config, opts)
       ctx = create_ssl_context(config)
       factory = ctx.getSocketFactory
-      if socket
-        ssl_socket = factory.createSocket(socket, dest.host, dest.port, true)
-      else
-        ssl_socket = factory.createSocket
-        JavaSocketWrap.connect(ssl_socket, dest, opts)
+      unless socket
+        # Create a plain socket first to set connection timeouts on,
+        # then wrap it in a SSL socket so that SNI gets setup on it.
+        socket = javax.net.SocketFactory.getDefault.createSocket
+        JavaSocketWrap.connect(socket, dest, opts)
       end
-      ssl_socket
+      factory.createSocket(socket, dest.host, dest.port, true)
     end
 
     def peer_cert

data/lib/httpclient/session.rb

@@ -21,7 +21,7 @@ require 'zlib'
 require 'httpclient/timeout' # TODO: remove this once we drop 1.8 support
 require 'httpclient/ssl_config'
 require 'httpclient/http'
-if RUBY_ENGINE == 'jruby'
+if defined? JRUBY_VERSION
   require 'httpclient/jruby_ssl_socket'
 else
   require 'httpclient/ssl_socket'
@@ -950,7 +950,7 @@ class HTTPClient
     end
 
     def empty_bin_str
-      str = ''
+      str = ''.dup
       str.force_encoding('BINARY') if str.respond_to?(:force_encoding)
       str
     end

data/lib/httpclient/ssl_config.rb

@@ -39,26 +39,28 @@ class HTTPClient
     if SSLEnabled
       include OpenSSL
 
-      module ::OpenSSL
-        module X509
-          class Store
-            attr_reader :_httpclient_cert_store_items
-
-            # TODO: use prepend instead when we drop JRuby + 1.9.x support
-            wrapped = {}
-
-            wrapped[:initialize] = instance_method(:initialize)
-            define_method(:initialize) do |*args|
-              wrapped[:initialize].bind(self).call(*args)
-              @_httpclient_cert_store_items = [ENV['SSL_CERT_FILE'] || :default]
-            end
+      if defined? JRUBY_VERSION
+        module ::OpenSSL
+          module X509
+            class Store
+              attr_reader :_httpclient_cert_store_items
+
+              # TODO: use prepend instead when we drop JRuby + 1.9.x support
+              wrapped = {}
+
+              wrapped[:initialize] = instance_method(:initialize)
+              define_method(:initialize) do |*args|
+                wrapped[:initialize].bind(self).call(*args)
+                @_httpclient_cert_store_items = [ENV['SSL_CERT_FILE'] || :default]
+              end
 
-            [:add_cert, :add_file, :add_path].each do |m|
-              wrapped[m] = instance_method(m)
-              define_method(m) do |cert|
-                res = wrapped[m].bind(self).call(cert)
-                @_httpclient_cert_store_items << cert
-                res
+              [:add_cert, :add_file, :add_path].each do |m|
+                wrapped[m] = instance_method(m)
+                define_method(m) do |cert|
+                  res = wrapped[m].bind(self).call(cert)
+                  @_httpclient_cert_store_items << cert
+                  res
+                end
               end
             end
           end
@@ -138,7 +140,9 @@ class HTTPClient
     attr_config :client_ca # :nodoc:
 
     # These array keeps original files/dirs that was added to @cert_store
-    def cert_store_items; @cert_store._httpclient_cert_store_items; end
+    if defined? JRUBY_VERSION
+      def cert_store_items; @cert_store._httpclient_cert_store_items; end
+    end
     attr_reader :cert_store_crl_items
 
     # Creates a SSLConfig.
@@ -204,7 +208,9 @@ class HTTPClient
     def clear_cert_store
       @cacerts_loaded = true # avoid lazy override
       @cert_store = X509::Store.new
-      @cert_store._httpclient_cert_store_items.clear
+      if defined? JRUBY_VERSION
+        @cert_store._httpclient_cert_store_items.clear
+      end
       change_notify
     end
 
@@ -403,6 +409,9 @@ class HTTPClient
         return true
       end
 
+      if pathlen > 2
+        warn('pathlen > 2') if $DEBUG
+      end
       return false
     end
 

data/lib/httpclient/util.rb

@@ -64,7 +64,7 @@ class HTTPClient
         # Overwrites the original definition just for one line...
         def authority
           self.host && @authority ||= (begin
-            authority = ""
+            authority = "".dup
             if self.userinfo != nil
               authority << "#{self.userinfo}@"
             end

data/lib/httpclient/version.rb

@@ -1,3 +1,3 @@
 class HTTPClient
-  VERSION = '2.8.3'
+  VERSION = '2.9.0'
 end

data/lib/httpclient.rb

@@ -753,6 +753,10 @@ class HTTPClient
     request(:patch, uri, new_args, &block)
   end
 
+  # :call-seq:
+  #   post(uri, {query: query, body: body, header: header, follow_redirect: follow_redirect}) -> HTTP::Message
+  #   post(uri, body, header, follow_redirect) -> HTTP::Message
+  #
   # Sends POST request to the specified URL.  See request for arguments.
   # You should not depend on :follow_redirect => true for POST method.  It
   # sends the same POST method to the new location which is prohibited in HTTP spec.
@@ -1236,7 +1240,7 @@ private
       conn.push(res)
       return res
     end
-    content = block ? nil : ''
+    content = block ? nil : ''.dup
     res = HTTP::Message.new_response(content, req.header)
     @debug_dev << "= Request\n\n" if @debug_dev
     sess = @session_manager.query(req, proxy)

data/lib/jsonclient.rb

@@ -2,7 +2,7 @@ require 'httpclient'
 require 'json'
  
 # JSONClient auto-converts Hash <-> JSON in request and response.
-# * For POST or PUT request, convert Hash body to JSON String with 'application/json; charset=utf-8' header.
+# * For PATCH, POST or PUT request, convert Hash body to JSON String with 'application/json; charset=utf-8' header.
 # * For response, convert JSON String to Hash when content-type is '(application|text)/(x-)?json'
 class JSONClient < HTTPClient
   CONTENT_TYPE_JSON_REGEX = /(application|text)\/(x-)?json/i
@@ -17,6 +17,10 @@ class JSONClient < HTTPClient
     @content_type_json_response_regex = CONTENT_TYPE_JSON_REGEX
   end
  
+  def patch(uri, *args, &block)
+    request(:patch, uri, argument_to_hash_for_json(args), &block)
+  end
+ 
   def post(uri, *args, &block)
     request(:post, uri, argument_to_hash_for_json(args), &block)
   end
@@ -37,7 +41,7 @@ private
 
   def argument_to_hash_for_json(args)
     hash = argument_to_hash(args, :body, :header, :follow_redirect)
-    if hash[:body].is_a?(Hash)
+    if hash[:body].is_a?(Hash) || hash[:body].is_a?(Array)
       hash[:header] = json_header(hash[:header])
       hash[:body] = JSON.generate(hash[:body])
     end
@@ -47,11 +51,10 @@ private
   def json_header(header)
     header ||= {}
     if header.is_a?(Hash)
-      header['Content-Type'] = @content_type_json_request
+      header.merge('Content-Type' => @content_type_json_request)
     else
-      header << ['Content-Type', @content_type_json_request]
+      header + [['Content-Type', @content_type_json_request]]
     end
-    header
   end
 
   def wrap_json_response(original)

data/sample/auth.rb

@@ -7,5 +7,5 @@ c.debug_dev = STDOUT
 #c.set_proxy_auth("admin", "admin")
 
 # for WWW authentication: supports Basic, Digest and Negotiate.
-c.set_auth("http://dev.ctor.org/http-access2/", "user", "user")
+c.set_auth("http://dev.ctor.org/http-access2/", "username", "password")
 p c.get("http://dev.ctor.org/http-access2/login")

data/sample/generate_test_keys.rb

@@ -0,0 +1,99 @@
+require "openssl"
+
+def build_ca
+  root_key = OpenSSL::PKey::RSA.new 2048 # the CA's public/private key
+  root_ca = OpenSSL::X509::Certificate.new
+  root_ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate
+  root_ca.serial = 1
+  root_ca.subject = OpenSSL::X509::Name.parse "C=JP,O=JIN.GR.JP,OU=RRR,CN=CA"
+  root_ca.issuer = root_ca.subject # root CA's are "self-signed"
+  root_ca.public_key = root_key.public_key
+  root_ca.not_before = Time.now
+  root_ca.not_after = root_ca.not_before + 10 * 365 * 24 * 60 * 60 # 10 years validity
+  ef = OpenSSL::X509::ExtensionFactory.new
+  ef.subject_certificate = root_ca
+  ef.issuer_certificate = root_ca
+  root_ca.add_extension(ef.create_extension("basicConstraints","CA:TRUE",true))
+  root_ca.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true))
+  root_ca.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false))
+  root_ca.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false))
+  root_ca.sign(root_key, OpenSSL::Digest::SHA256.new)
+  [root_key, root_ca]
+end
+
+root_key, root_ca = build_ca
+
+File.write("test/ca.cert", root_ca.to_s)
+File.write("test/ca.key", root_key.to_s)
+
+def sub_cert(root_key, root_ca, cn, intermediate: false)
+  key = OpenSSL::PKey::RSA.new 2048
+  cert = OpenSSL::X509::Certificate.new
+  cert.version = 2
+  cert.serial = 2
+  cert.subject = OpenSSL::X509::Name.parse "C=JP,O=JIN.GR.JP,OU=RRR,CN=#{cn}"
+  cert.issuer = root_ca.subject # root CA is the issuer
+  cert.public_key = key.public_key
+  cert.not_before = Time.now
+  cert.not_after = cert.not_before + 9 * 365 * 24 * 60 * 60 # 9 years validity
+  ef = OpenSSL::X509::ExtensionFactory.new
+  ef.subject_certificate = cert
+  ef.issuer_certificate = root_ca
+  cert.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false))
+  if intermediate
+    cert.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true))
+    cert.add_extension(ef.create_extension("basicConstraints","CA:TRUE",true))
+  else
+    cert.add_extension(ef.create_extension("keyUsage","digitalSignature, keyEncipherment", true))
+    cert.add_extension(ef.create_extension("extendedKeyUsage", "serverAuth"))
+  end
+  cert.sign(root_key, OpenSSL::Digest::SHA256.new)
+  [key, cert]
+end
+
+sub_key, sub_cert = sub_cert(root_key, root_ca, "SubCA", intermediate: true)
+File.write("test/subca.cert", sub_cert.to_s)
+File.write("test/subca.key", sub_key.to_s)
+
+server_key, server_cert = sub_cert(sub_key, sub_cert, "localhost")
+File.write("test/server.cert", server_cert.to_s)
+File.write("test/server.key", server_key.to_s)
+
+client_key, client_cert = sub_cert(root_key, root_ca, "localhost")
+File.write("test/client.cert", client_cert.to_s)
+File.write("test/client.key", client_key.to_s)
+
+system(
+  "openssl", "rsa", "-aes256",
+  "-in", "test/client.key",
+  "-out", "test/client-pass.key",
+  "-passout", "pass:pass4key",
+)
+
+File.write("test/ca-chain.pem", root_ca.to_s + sub_cert.to_s)
+
+verify_key = OpenSSL::PKey::RSA.new 2048
+File.write("test/fixtures/verify.key", verify_key.to_s)
+
+def build_self_signed(key, cn)
+  cert = OpenSSL::X509::Certificate.new
+  cert.version = 2
+  cert.serial = 2
+  cert.subject = OpenSSL::X509::Name.parse "C=JP,O=JIN.GR.JP,OU=RRR,CN=#{cn}"
+  cert.issuer = cert.subject
+  cert.public_key = key.public_key
+  cert.not_before = Time.now
+  cert.not_after = cert.not_before + 9 * 365 * 24 * 60 * 60 # 9 years validity
+  ef = OpenSSL::X509::ExtensionFactory.new
+  ef.subject_certificate = cert
+  ef.issuer_certificate = cert
+  cert.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false))
+  cert.add_extension(ef.create_extension("keyUsage","digitalSignature, keyEncipherment", true))
+  cert.add_extension(ef.create_extension("extendedKeyUsage", "serverAuth"))
+  cert.sign(key, OpenSSL::Digest::SHA256.new)
+  cert
+end
+
+File.write("test/fixtures/verify.localhost.cert", build_self_signed(verify_key, "localhost").to_s)
+File.write("test/fixtures/verify.foo.cert", build_self_signed(verify_key, "foo").to_s)
+File.write("test/fixtures/verify.alt.cert", build_self_signed(verify_key, "alt").to_s)

data/test/ca-chain.pem

@@ -1,44 +1,40 @@
 -----BEGIN CERTIFICATE-----
-MIID0DCCArigAwIBAgIBADANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES
+MIIDVjCCAj6gAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MQswCQYDVQQGEwJKUDES
 MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X
-DTA0MDEzMDAwNDIzMloXDTM2MDEyMjAwNDIzMlowPDELMAkGA1UEBgwCSlAxEjAQ
+DTI1MDIxMjA4NDIzMVoXDTM1MDIxMDA4NDIzMVowPDELMAkGA1UEBhMCSlAxEjAQ
 BgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMQswCQYDVQQDDAJDQTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANbv0x42BTKFEQOE+KJ2XmiSdZpR
-wjzQLAkPLRnLB98tlzs4xo+y4RyY/rd5TT9UzBJTIhP8CJi5GbS1oXEerQXB3P0d
-L5oSSMwGGyuIzgZe5+vZ1kgzQxMEKMMKlzA73rbMd4Jx3u5+jdbP0EDrPYfXSvLY
-bS04n2aX7zrN3x5KdDrNBfwBio2/qeaaj4+9OxnwRvYP3WOvqdW0h329eMfHw0pi
-JI0drIVdsEqClUV4pebT/F+CPUPkEh/weySgo9wANockkYu5ujw2GbLFcO5LXxxm
-dEfcVr3r6t6zOA4bJwL0W/e6LBcrwiG/qPDFErhwtgTLYf6Er67SzLyA66UCAwEA
-AaOB3DCB2TAPBgNVHRMBAf8EBTADAQH/MDEGCWCGSAGG+EIBDQQkFiJSdWJ5L09w
-ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRJ7Xd380KzBV7f
-USKIQ+O/vKbhDzAOBgNVHQ8BAf8EBAMCAQYwZAYDVR0jBF0wW4AUSe13d/NCswVe
-31EiiEPjv7ym4Q+hQKQ+MDwxCzAJBgNVBAYMAkpQMRIwEAYDVQQKDAlKSU4uR1Iu
-SlAxDDAKBgNVBAsMA1JSUjELMAkGA1UEAwwCQ0GCAQAwDQYJKoZIhvcNAQEFBQAD
-ggEBAIu/mfiez5XN5tn2jScgShPgHEFJBR0BTJBZF6xCk0jyqNx/g9HMj2ELCuK+
-r/Y7KFW5c5M3AQ+xWW0ZSc4kvzyTcV7yTVIwj2jZ9ddYMN3nupZFgBK1GB4Y05GY
-MJJFRkSu6d/Ph5ypzBVw2YMT/nsOo5VwMUGLgS7YVjU+u/HNWz80J3oO17mNZllj
-PvORJcnjwlroDnS58KoJ7GDgejv3ESWADvX1OHLE4cRkiQGeLoEU4pxdCxXRqX0U
-PbwIkZN9mXVcrmPHq8MWi4eC/V7hnbZETMHuWhUoiNdOEfsAXr3iP4KjyyRdwc7a
-d/xgcK06UVQRL/HbEYGiQL056mc=
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqxQwHle/gAbPM1QabhCqWiAJDp
+XFroixm6HXKe+azptngzrE69sUFO7533lrvUhkfbPHn3JhgPgm1COGqbPJ5V/it7
+dRsJKuOUeQz3+iC0Jrbz3WP+5RuIuD2m+qyR2RVPf4nCkbxQn9QJX1DpG13NyDMA
+Qp3em5I5GFhECul/VybmC1+6BnJYwe6EJBv7770AAaf9imWsQkW5oTxuKDsL3Iun
++xYgZF1V4Kw8xDiMZOqZYoizhzgQRM180j0emgcDp6owPt/44mEPZX6Y7BhWhBIc
+cS+fJulXJzUYtSl6wZqEvMQzHfYXGO4Q1GtNeTrF8wOoevwmpwo+D42sbVUCAwEA
+AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FGjIj2OhmYxPWPibGOIXv3Eq7RWZMB8GA1UdIwQYMBaAFGjIj2OhmYxPWPibGOIX
+v3Eq7RWZMA0GCSqGSIb3DQEBCwUAA4IBAQBITdjp9RtGUKjQqcNLa+WxlhHUUgSv
+Y2CHTkgG/9LBoe1yCAI0lEMAGOYFFuYc0hsnRSMrrzs7/YTTN4szj+lfUA5EyaSQ
+KWBzfKBz4t35YOpRBc5v02FfYxtaMfbo5QcN3XjQkApqK8GFQuwEbm8g7eyJiWlI
+frVg0JwVypg87MWgrPCr0/foRl2zO1d0KG/rssAOJNQy3lrrrGyaaFNRcmGrDxsG
+59O14d8PCuS7GgaO8DqxirMzRj2PW+kdgNp2+2JTUV7m5Aw6u9yX2rGN+s4zk26P
+dfdzSpXKHc1Mj7MyxCSFk51nIhtwx+VsYQeS53RWoDhm2uSvVT/9+xCU
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIDaDCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES
+MIIDODCCAiCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MQswCQYDVQQGEwJKUDES
 MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X
-DTA0MDEzMDAwNDMyN1oXDTM1MDEyMjAwNDMyN1owPzELMAkGA1UEBgwCSlAxEjAQ
+DTI1MDIxMjA4NDIzMVoXDTM0MDIxMDA4NDIzMVowPzELMAkGA1UEBhMCSlAxEjAQ
 BgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMQ4wDAYDVQQDDAVTdWJDQTCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ0Ou7AyRcRXnB/kVHv/6kwe
-ANzgg/DyJfsAUqW90m7Lu1nqyug8gK0RBd77yU0w5HOAMHTVSdpjZK0g2sgx4Mb1
-d/213eL9TTl5MRVEChTvQr8q5DVG/8fxPPE7fMI8eOAzd98/NOAChk+80r4Sx7fC
-kGVEE1bKwY1MrUsUNjOY2d6t3M4HHV3HX1V8ShuKfsHxgCmLzdI8U+5CnQedFgkm
-3e+8tr8IX5RR1wA1Ifw9VadF7OdI/bGMzog/Q8XCLf+WPFjnK7Gcx6JFtzF6Gi4x
-4dp1Xl45JYiVvi9zQ132wu8A1pDHhiNgQviyzbP+UjcB/tsOpzBQF8abYzgEkWEC
-AwEAAaNyMHAwDwYDVR0TAQH/BAUwAwEB/zAxBglghkgBhvhCAQ0EJBYiUnVieS9P
-cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUlCjXWLsReYzH
-LzsxwVnCXmKoB/owCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCJ/OyN
-rT8Cq2Y+G2yA/L1EMRvvxwFBqxavqaqHl/6rwsIBFlB3zbqGA/0oec6MAVnYynq4
-c4AcHTjx3bQ/S4r2sNTZq0DH4SYbQzIobx/YW8PjQUJt8KQdKMcwwi7arHP7A/Ha
-LKu8eIC2nsUBnP4NhkYSGhbmpJK+PFD0FVtD0ZIRlY/wsnaZNjWWcnWF1/FNuQ4H
-ySjIblqVQkPuzebv3Ror6ZnVDukn96Mg7kP4u6zgxOeqlJGRe1M949SS9Vudjl8X
-SF4aZUUB9pQGhsqQJVqaz2OlhGOp9D0q54xko/rekjAIcuDjl1mdX4F2WRrzpUmZ
-uY/bPeOBYiVsOYVe
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALmNNo+I5XkgbBTJbvKgJxq5
+oiJMEInr64KiCJOsA5Z35oE25a8OIWeRqxKW+jufonF96V/swWNM11gaUcTjYT72
+g66ux42vWNN8uFxhhqhYRyiMjfSVA3HUZFaqmU9WP7H3YQGINJZ83BPOYoinZXEP
+TrQVa8wIKT9Xc5gOq7+SqUuqLvs4jIkgrB744Fo0soCh5WT3V3Op/5K8MA0+N3P4
+VrFm/SP8k7deT3EtT/aOHgkaKLo3hQ8zkDegVFEKfmWyoA/MwTSciioX/ePm7jjb
+z4ffl5/ifg3Hgmuk6m85ZaGULJHCkciEgP8scZUNHkRvDK6ZBluwrUpepv5ARUsC
+AwEAAaNCMEAwHQYDVR0OBBYEFErc4GxPO8mVXXhTgje5yLxWLh0bMA4GA1UdDwEB
+/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCAcHOU
+nvhuV6Vuh4gNZjeLJWapJBVYZdkAOd4EhiWtYpq0wWSqlgE+VzIXV9gccYaulVmf
+NJoLuenzML764U8kOBk8mOWg+U5AYOXwRgsU+e56jgWG6/ijLSf7YfaVkVZNPe36
+59+0KLag6AkkeDOdXbkfageukg6LhTk4Zg1piRMP3JSYbXVzTlgdm8hLKgPOJitQ
+FdjMytGYCU5oGHrRrwhlar0xlIvynzVL5wlkuJ19hKUw4UYjoNFy3ZJtbtdqSaF2
+ZGX/8KNDYFoHAyvGZCYTr22T1ywWeMFQ+4beiYEv2lifVcYIoI0bEA8Pe9i3Egiv
+9u18A/unCSVLPua1
 -----END CERTIFICATE-----

data/test/ca.cert

@@ -1,23 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIID0DCCArigAwIBAgIBADANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES
+MIIDVjCCAj6gAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MQswCQYDVQQGEwJKUDES
 MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X
-DTA0MDEzMDAwNDIzMloXDTM2MDEyMjAwNDIzMlowPDELMAkGA1UEBgwCSlAxEjAQ
+DTI1MDIxMjA4NDIzMVoXDTM1MDIxMDA4NDIzMVowPDELMAkGA1UEBhMCSlAxEjAQ
 BgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMQswCQYDVQQDDAJDQTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANbv0x42BTKFEQOE+KJ2XmiSdZpR
-wjzQLAkPLRnLB98tlzs4xo+y4RyY/rd5TT9UzBJTIhP8CJi5GbS1oXEerQXB3P0d
-L5oSSMwGGyuIzgZe5+vZ1kgzQxMEKMMKlzA73rbMd4Jx3u5+jdbP0EDrPYfXSvLY
-bS04n2aX7zrN3x5KdDrNBfwBio2/qeaaj4+9OxnwRvYP3WOvqdW0h329eMfHw0pi
-JI0drIVdsEqClUV4pebT/F+CPUPkEh/weySgo9wANockkYu5ujw2GbLFcO5LXxxm
-dEfcVr3r6t6zOA4bJwL0W/e6LBcrwiG/qPDFErhwtgTLYf6Er67SzLyA66UCAwEA
-AaOB3DCB2TAPBgNVHRMBAf8EBTADAQH/MDEGCWCGSAGG+EIBDQQkFiJSdWJ5L09w
-ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRJ7Xd380KzBV7f
-USKIQ+O/vKbhDzAOBgNVHQ8BAf8EBAMCAQYwZAYDVR0jBF0wW4AUSe13d/NCswVe
-31EiiEPjv7ym4Q+hQKQ+MDwxCzAJBgNVBAYMAkpQMRIwEAYDVQQKDAlKSU4uR1Iu
-SlAxDDAKBgNVBAsMA1JSUjELMAkGA1UEAwwCQ0GCAQAwDQYJKoZIhvcNAQEFBQAD
-ggEBAIu/mfiez5XN5tn2jScgShPgHEFJBR0BTJBZF6xCk0jyqNx/g9HMj2ELCuK+
-r/Y7KFW5c5M3AQ+xWW0ZSc4kvzyTcV7yTVIwj2jZ9ddYMN3nupZFgBK1GB4Y05GY
-MJJFRkSu6d/Ph5ypzBVw2YMT/nsOo5VwMUGLgS7YVjU+u/HNWz80J3oO17mNZllj
-PvORJcnjwlroDnS58KoJ7GDgejv3ESWADvX1OHLE4cRkiQGeLoEU4pxdCxXRqX0U
-PbwIkZN9mXVcrmPHq8MWi4eC/V7hnbZETMHuWhUoiNdOEfsAXr3iP4KjyyRdwc7a
-d/xgcK06UVQRL/HbEYGiQL056mc=
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqxQwHle/gAbPM1QabhCqWiAJDp
+XFroixm6HXKe+azptngzrE69sUFO7533lrvUhkfbPHn3JhgPgm1COGqbPJ5V/it7
+dRsJKuOUeQz3+iC0Jrbz3WP+5RuIuD2m+qyR2RVPf4nCkbxQn9QJX1DpG13NyDMA
+Qp3em5I5GFhECul/VybmC1+6BnJYwe6EJBv7770AAaf9imWsQkW5oTxuKDsL3Iun
++xYgZF1V4Kw8xDiMZOqZYoizhzgQRM180j0emgcDp6owPt/44mEPZX6Y7BhWhBIc
+cS+fJulXJzUYtSl6wZqEvMQzHfYXGO4Q1GtNeTrF8wOoevwmpwo+D42sbVUCAwEA
+AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FGjIj2OhmYxPWPibGOIXv3Eq7RWZMB8GA1UdIwQYMBaAFGjIj2OhmYxPWPibGOIX
+v3Eq7RWZMA0GCSqGSIb3DQEBCwUAA4IBAQBITdjp9RtGUKjQqcNLa+WxlhHUUgSv
+Y2CHTkgG/9LBoe1yCAI0lEMAGOYFFuYc0hsnRSMrrzs7/YTTN4szj+lfUA5EyaSQ
+KWBzfKBz4t35YOpRBc5v02FfYxtaMfbo5QcN3XjQkApqK8GFQuwEbm8g7eyJiWlI
+frVg0JwVypg87MWgrPCr0/foRl2zO1d0KG/rssAOJNQy3lrrrGyaaFNRcmGrDxsG
+59O14d8PCuS7GgaO8DqxirMzRj2PW+kdgNp2+2JTUV7m5Aw6u9yX2rGN+s4zk26P
+dfdzSpXKHc1Mj7MyxCSFk51nIhtwx+VsYQeS53RWoDhm2uSvVT/9+xCU
 -----END CERTIFICATE-----

data/test/ca.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAmrFDAeV7+ABs8zVBpuEKpaIAkOlcWuiLGbodcp75rOm2eDOs
+Tr2xQU7vnfeWu9SGR9s8efcmGA+CbUI4aps8nlX+K3t1Gwkq45R5DPf6ILQmtvPd
+Y/7lG4i4Pab6rJHZFU9/icKRvFCf1AlfUOkbXc3IMwBCnd6bkjkYWEQK6X9XJuYL
+X7oGcljB7oQkG/vvvQABp/2KZaxCRbmhPG4oOwvci6f7FiBkXVXgrDzEOIxk6pli
+iLOHOBBEzXzSPR6aBwOnqjA+3/jiYQ9lfpjsGFaEEhxxL58m6VcnNRi1KXrBmoS8
+xDMd9hcY7hDUa015OsXzA6h6/CanCj4PjaxtVQIDAQABAoIBACJEnmlvItU/kuMV
+qyOCus8SYjm32GOzHA1o81kO6pRpeaiLGeKflwK2r9I4pMWbQNvuLyl9nIy78tKt
+Vr4XAYi52AJd6QVCNKQRofdDf7966RCiWSrrrmk5EkdmFCXicUqNP92OoqYq3h0k
+rl7IJO3UxkK2DgvW4nOz/jafbCNpX+A3P7u1xeN1iKNn4nWL49im2254mFW/j9c1
+D2g0pSb1wYAwCvGr3UZy49X9DSOylGuxtItP90mBP2TkD+khyXHNzmAWzsS2TWOK
+UCXMHvQQcPrVLmu2sziWe63cMi6gIVhziQRpmZm3GW+rUml3j4LfiWUQNqAkJrhU
+g3pRe0kCgYEA0omMasSzzyZSNBD4mfVfZc+0lEPkgYA/Cxd5+cFtgBi+SouZ+Cb2
++kwg0v4B8gIPee5Xrgyngtnb9NVKKrOUGVVWXgaZZbIUdD7Z/KfvecBxeEr52XDa
+oMJy4Cyh/6ujv6SJc5E12xnfsa5aURdvaA/gqAJVUgd/Vzu866soo8sCgYEAvBif
+R5xxkxL5d/LELh14petFpGIoXIrdKKwrb4Z/oLMgdMztH4FT0sSj/z22ulwEO8+/
+fyTA0XPQNcOW+UOc3c4UZ2fluXur5Wht+4ulKomPipv3TG9u82uYoEBdCL3O04ox
+AZvlfcR4PPxpNQ6jwRHNe7ulH/3hNEpNuZOkT18CgYALM7Rb7fFfQTu4d3qyvmKA
+CUgjZ2VeGpPAJFSiHE+WNDrTvo/Hq1MSyEAq2ccCuGdYZn0VzqiPBsZ0RXD3yqxD
+mM3KnPFGfu4lrT5t+gV85edjriGTFzUavp3cHaPU9a31wWxq0Lwb10mWq580l1mf
+INEkP1OI1MtKuev4Yhf8dwKBgQCD0pW+cEvAkWm4wLDwyMLHNW3nWMuEn+WDHbaL
+QK2tiBxU/1Gn5NFEQ3/T4AJx9Q8ag+xnRPDFWe8v3tWt9862PDlchxoetiewbVG3
+GxU0DJhGwiu8q9QMUPn0RWduOuf6pTzXLdTWIZ1K0HNDNfFZ3Aowjz+YfisYpIJ4
+bpqW7QKBgQDR/IOaV72HxHEvQA9oEbFAPOre8kHCXelDsH7/f1JCcWGNAjCWOdEI
+uRjO612cTv5m3EvV6qSFmvyqC4zFzX/dZ0H/MLu7WV/9Ed4hzJPFxDh4oQfz7OCp
+6dYL+ZdpGSTlzf9iC6zL9cExIZTX7alurMvzwUeguVdhILRHtjrKtw==
+-----END RSA PRIVATE KEY-----

data/test/ca.srl

@@ -0,0 +1 @@
+085BCCD3DDF899479489DF0B996A04A0A1F8C9C9