itsi-scheduler 0.1.0 → 0.1.2

data/ext/itsi_server/src/response/itsi_response.rs

@@ -0,0 +1,347 @@
+use bytes::{Bytes, BytesMut};
+use derive_more::Debug;
+use futures::stream::{unfold, StreamExt};
+use http::{
+    header::TRANSFER_ENCODING, request::Parts, HeaderMap, HeaderName, HeaderValue, Request,
+    Response, StatusCode,
+};
+use http_body_util::{combinators::BoxBody, Empty, Full, StreamBody};
+use hyper::{body::Frame, upgrade::Upgraded};
+use hyper_util::rt::TokioIo;
+use itsi_error::Result;
+use itsi_tracing::error;
+use magnus::error::Result as MagnusResult;
+use parking_lot::RwLock;
+use std::{
+    convert::Infallible,
+    io,
+    os::{fd::FromRawFd, unix::net::UnixStream},
+    str::FromStr,
+    sync::Arc,
+};
+use tokio::{
+    io::AsyncReadExt,
+    net::UnixStream as TokioUnixStream,
+    sync::{
+        mpsc::{self},
+        watch,
+    },
+};
+use tokio_stream::wrappers::ReceiverStream;
+use tokio_util::io::ReaderStream;
+use tracing::warn;
+
+use crate::server::serve_strategy::single_mode::RunningPhase;
+
+#[magnus::wrap(class = "Itsi::Response", free_immediately, size)]
+#[derive(Debug, Clone)]
+pub struct ItsiResponse {
+    pub data: Arc<ResponseData>,
+}
+
+#[derive(Debug)]
+pub struct ResponseData {
+    pub response: RwLock<Option<Response<BoxBody<Bytes, Infallible>>>>,
+    pub response_writer: RwLock<Option<mpsc::Sender<Option<Bytes>>>>,
+    pub response_buffer: RwLock<BytesMut>,
+    pub hijacked_socket: RwLock<Option<UnixStream>>,
+    pub parts: Parts,
+}
+
+impl ItsiResponse {
+    pub async fn build(
+        &self,
+        first_frame: Option<Bytes>,
+        receiver: mpsc::Receiver<Option<Bytes>>,
+        shutdown_rx: watch::Receiver<RunningPhase>,
+    ) -> Response<BoxBody<Bytes, Infallible>> {
+        if self.is_hijacked() {
+            return match self.process_hijacked_response().await {
+                Ok(result) => result,
+                Err(e) => {
+                    error!("Error processing hijacked response: {}", e);
+                    Response::new(BoxBody::new(Empty::new()))
+                }
+            };
+        }
+
+        let mut response = self.data.response.write().take().unwrap();
+        *response.body_mut() = if first_frame.is_none() {
+            BoxBody::new(Empty::new())
+        } else if receiver.is_closed() && receiver.is_empty() {
+            BoxBody::new(Full::new(first_frame.unwrap()))
+        } else {
+            let initial_frame = tokio_stream::once(Ok(Frame::data(first_frame.unwrap())));
+            let frame_stream = unfold(
+                (ReceiverStream::new(receiver), shutdown_rx),
+                |(mut receiver, mut shutdown_rx)| async move {
+                    if let RunningPhase::ShutdownPending = *shutdown_rx.borrow() {
+                        warn!("Disconnecting streaming client.");
+                        return None;
+                    }
+                    loop {
+                        tokio::select! {
+                            maybe_bytes = receiver.next() => {
+                                if let Some(bytes) = maybe_bytes {
+                                    // We assume `bytes` is Some(Bytes) here.
+                                    return Some((Ok(Frame::data(bytes.unwrap())), (receiver, shutdown_rx)));
+                                } else {
+                                    // Receiver closed, end the stream.
+                                    return None;
+                                }
+                            },
+                            _ = shutdown_rx.changed() => {
+                                match *shutdown_rx.borrow() {
+                                    RunningPhase::ShutdownPending => {
+                                        warn!("Disconnecting streaming client.");
+                                        return None;
+                                    },
+                                    _ => continue,
+                                }
+                            }
+                        }
+                    }
+                },
+            );
+
+            let combined_stream = initial_frame.chain(frame_stream);
+            BoxBody::new(StreamBody::new(combined_stream))
+        };
+        response
+    }
+
+    pub fn close(&self) {
+        self.data.response_writer.write().take();
+    }
+
+    async fn two_way_bridge(upgraded: Upgraded, local: TokioUnixStream) -> io::Result<()> {
+        let client_io = TokioIo::new(upgraded);
+
+        // Split each side
+        let (mut lr, mut lw) = tokio::io::split(local);
+        let (mut cr, mut cw) = tokio::io::split(client_io);
+
+        let to_ruby = tokio::spawn(async move {
+            if let Err(e) = tokio::io::copy(&mut cr, &mut lw).await {
+                eprintln!("Error copying upgraded->local: {:?}", e);
+            }
+        });
+        let from_ruby = tokio::spawn(async move {
+            if let Err(e) = tokio::io::copy(&mut lr, &mut cw).await {
+                eprintln!("Error copying upgraded->local: {:?}", e);
+            }
+        });
+
+        let _ = to_ruby.await;
+        let _ = from_ruby.await;
+        Ok(())
+    }
+
+    async fn read_response_headers(&self, reader: &mut TokioUnixStream) -> Result<Vec<u8>> {
+        let mut buf = [0u8; 1];
+        let mut collected = Vec::new();
+        loop {
+            let n = reader.read(&mut buf).await?;
+            if n == 0 {
+                // EOF reached unexpectedly
+                break;
+            }
+            collected.push(buf[0]);
+            if collected.ends_with(b"\r\n\r\n") {
+                break;
+            }
+        }
+
+        Ok(collected)
+    }
+
+    pub async fn read_hijacked_headers(
+        &self,
+    ) -> Result<(HeaderMap, StatusCode, bool, TokioUnixStream)> {
+        let hijacked_socket =
+            self.data
+                .hijacked_socket
+                .write()
+                .take()
+                .ok_or(itsi_error::ItsiError::InvalidInput(
+                    "Couldn't hijack stream".to_owned(),
+                ))?;
+        let mut reader = TokioUnixStream::from_std(hijacked_socket).unwrap();
+        let response_headers = self.read_response_headers(&mut reader).await?;
+        let mut headers = [httparse::EMPTY_HEADER; 64];
+        let mut resp = httparse::Response::new(&mut headers);
+        resp.parse(&response_headers)?;
+
+        let status = StatusCode::from_u16(resp.code.unwrap_or(200)).unwrap_or(StatusCode::OK);
+        let mut headers = HeaderMap::new();
+        for header in resp.headers.iter() {
+            headers.insert(
+                HeaderName::from_str(header.name).unwrap(),
+                HeaderValue::from_bytes(header.value).unwrap(),
+            );
+        }
+        let requires_upgrade = status == StatusCode::SWITCHING_PROTOCOLS;
+        Ok((headers, status, requires_upgrade, reader))
+    }
+
+    pub async fn process_hijacked_response(&self) -> Result<Response<BoxBody<Bytes, Infallible>>> {
+        let (headers, status, requires_upgrade, reader) = self.read_hijacked_headers().await?;
+        let mut response = if requires_upgrade {
+            let parts = self.data.parts.clone();
+            tokio::spawn(async move {
+                let mut req = Request::from_parts(parts, Empty::<Bytes>::new());
+                match hyper::upgrade::on(&mut req).await {
+                    Ok(upgraded) => {
+                        Self::two_way_bridge(upgraded, reader)
+                            .await
+                            .expect("Error in creating two way bridge");
+                    }
+                    Err(e) => eprintln!("upgrade error: {:?}", e),
+                }
+            });
+            Response::new(BoxBody::new(Empty::new()))
+        } else {
+            let stream = ReaderStream::new(reader);
+            let boxed_body = if headers
+                .get(TRANSFER_ENCODING)
+                .is_some_and(|h| h == "chunked")
+            {
+                BoxBody::new(StreamBody::new(unfold(
+                    (stream, Vec::new()),
+                    |(mut stream, mut buf)| async move {
+                        loop {
+                            if let Some(pos) = buf.iter().position(|&b| b == b'\n') {
+                                let line = buf.drain(..=pos).collect::<Vec<u8>>();
+                                let line = std::str::from_utf8(&line).ok()?.trim();
+                                let chunk_size = usize::from_str_radix(line, 16).ok()?;
+                                if chunk_size == 0 {
+                                    return None;
+                                }
+                                while buf.len() < chunk_size {
+                                    match stream.next().await {
+                                        Some(Ok(chunk)) => buf.extend_from_slice(&chunk),
+                                        _ => return None,
+                                    }
+                                }
+                                let data = buf.drain(..chunk_size).collect::<Vec<u8>>();
+                                if buf.starts_with(b"\r\n") {
+                                    buf.drain(..2);
+                                }
+                                return Some((Ok(Frame::data(Bytes::from(data))), (stream, buf)));
+                            }
+                            match stream.next().await {
+                                Some(Ok(chunk)) => buf.extend_from_slice(&chunk),
+                                _ => return None,
+                            }
+                        }
+                    },
+                )))
+            } else {
+                BoxBody::new(StreamBody::new(stream.map(
+                    |result: std::result::Result<Bytes, io::Error>| {
+                        result
+                            .map(Frame::data)
+                            .map_err(|e| unreachable!("unexpected io error: {:?}", e))
+                    },
+                )))
+            };
+            Response::new(boxed_body)
+        };
+
+        *response.status_mut() = status;
+        *response.headers_mut() = headers;
+        Ok(response)
+    }
+
+    pub fn internal_server_error(&self, message: String) {
+        error!(message);
+        self.data.response_writer.write().take();
+        if let Some(ref mut response) = *self.data.response.write() {
+            *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR;
+        }
+    }
+
+    pub fn send_frame(&self, frame: Bytes) -> MagnusResult<usize> {
+        self.send_frame_into(frame, &self.data.response_writer)
+    }
+
+    pub fn send_and_close(&self, frame: Bytes) -> MagnusResult<usize> {
+        let result = self.send_frame_into(frame, &self.data.response_writer);
+        self.data.response_writer.write().take();
+        result
+    }
+
+    pub fn send_frame_into(
+        &self,
+        frame: Bytes,
+        writer: &RwLock<Option<mpsc::Sender<Option<Bytes>>>>,
+    ) -> MagnusResult<usize> {
+        if let Some(writer) = writer.write().as_ref() {
+            writer
+                .blocking_send(Some(frame))
+                .map_err(|_| itsi_error::ItsiError::ClientConnectionClosed)?;
+        }
+        Ok(0)
+    }
+
+    pub fn is_hijacked(&self) -> bool {
+        self.data.hijacked_socket.read().is_some()
+    }
+
+    pub fn close_write(&self) -> MagnusResult<bool> {
+        self.data.response_writer.write().take();
+        Ok(true)
+    }
+
+    pub fn close_read(&self) -> MagnusResult<bool> {
+        todo!();
+    }
+
+    pub fn new(parts: Parts, response_writer: mpsc::Sender<Option<Bytes>>) -> Self {
+        Self {
+            data: Arc::new(ResponseData {
+                response: RwLock::new(Some(Response::new(BoxBody::new(Empty::new())))),
+                response_writer: RwLock::new(Some(response_writer)),
+                response_buffer: RwLock::new(BytesMut::new()),
+                hijacked_socket: RwLock::new(None),
+                parts,
+            }),
+        }
+    }
+
+    pub fn add_header(&self, name: Bytes, value: Bytes) -> MagnusResult<()> {
+        let header_name: HeaderName = HeaderName::from_bytes(&name).map_err(|e| {
+            itsi_error::ItsiError::InvalidInput(format!("Invalid header name {:?}: {:?}", name, e))
+        })?;
+        let header_value = unsafe { HeaderValue::from_maybe_shared_unchecked(value) };
+        if let Some(ref mut resp) = *self.data.response.write() {
+            resp.headers_mut().insert(header_name, header_value);
+        }
+        Ok(())
+    }
+
+    pub fn set_status(&self, status: u16) -> MagnusResult<()> {
+        if let Some(ref mut resp) = *self.data.response.write() {
+            *resp.status_mut() = StatusCode::from_u16(status).map_err(|e| {
+                itsi_error::ItsiError::InvalidInput(format!(
+                    "Invalid status code {:?}: {:?}",
+                    status, e
+                ))
+            })?;
+        }
+        Ok(())
+    }
+
+    pub fn hijack(&self, fd: i32) -> MagnusResult<()> {
+        let stream = unsafe { UnixStream::from_raw_fd(fd) };
+
+        *self.data.hijacked_socket.write() = Some(stream);
+        if let Some(writer) = self.data.response_writer.write().as_ref() {
+            writer
+                .blocking_send(None)
+                .map_err(|_| itsi_error::ItsiError::ClientConnectionClosed)?;
+        }
+        self.close();
+        Ok(())
+    }
+}

data/ext/itsi_server/src/response/mod.rs

@@ -0,0 +1 @@
+pub mod itsi_response;

data/ext/itsi_server/src/server/bind.rs

@@ -0,0 +1,168 @@
+use super::{bind_protocol::BindProtocol, tls::configure_tls};
+use itsi_error::ItsiError;
+use std::{
+    collections::HashMap,
+    net::{IpAddr, Ipv4Addr, Ipv6Addr, ToSocketAddrs},
+    path::PathBuf,
+    str::FromStr,
+};
+use tokio_rustls::rustls::ServerConfig;
+
+#[derive(Debug, Clone)]
+pub enum BindAddress {
+    Ip(IpAddr),
+    UnixSocket(PathBuf),
+}
+
+impl Default for BindAddress {
+    fn default() -> Self {
+        BindAddress::Ip(IpAddr::V4(Ipv4Addr::UNSPECIFIED))
+    }
+}
+
+#[derive(Default, Clone)]
+#[magnus::wrap(class = "Itsi::Bind")]
+pub struct Bind {
+    pub address: BindAddress,
+    pub port: Option<u16>, // None for Unix Sockets
+    pub protocol: BindProtocol,
+    pub tls_config: Option<ServerConfig>,
+}
+
+impl std::fmt::Debug for Bind {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match &self.address {
+            BindAddress::Ip(ip) => match self.protocol {
+                BindProtocol::Unix | BindProtocol::Unixs => {
+                    write!(f, "{}://{}", self.protocol, ip)
+                }
+                BindProtocol::Https if self.port == Some(443) => {
+                    write!(f, "{}://{}", self.protocol, ip)
+                }
+                BindProtocol::Http if self.port == Some(80) => {
+                    write!(f, "{}://{}", self.protocol, ip)
+                }
+                _ => match self.port {
+                    Some(port) => write!(f, "{}://{}:{}", self.protocol, ip, port),
+                    None => write!(f, "{}://{}", self.protocol, ip),
+                },
+            },
+            BindAddress::UnixSocket(path) => {
+                write!(f, "{}://{}", self.protocol, path.display())
+            }
+        }
+    }
+}
+
+/// We can build a Bind from a string in the format `protocol://host:port?options`
+/// E.g.
+/// *`https://example.com:443?tls_cert=/path/to/cert.pem&tls_key=/path/to/key.pem`
+/// *`unix:///path/to/socket.sock`
+/// *`http://example.com:80`
+/// *`https://[::]:80`
+impl FromStr for Bind {
+    type Err = ItsiError;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        let (protocol, remainder) = if let Some((proto, rest)) = s.split_once("://") {
+            (proto.parse::<BindProtocol>()?, rest)
+        } else {
+            (BindProtocol::Https, s)
+        };
+
+        let (url, options) = if let Some((base, options)) = remainder.split_once('?') {
+            (base, parse_bind_options(options))
+        } else {
+            (remainder, HashMap::new())
+        };
+
+        let (host, port) = if url.starts_with('[') {
+            // IPv6 with brackets `[::]:port`
+            if let Some(end) = url.find(']') {
+                let host = &url[1..end]; // Extract `::`
+                let port = url[end + 1..]
+                    .strip_prefix(':')
+                    .and_then(|p| p.parse().ok());
+                (host, port)
+            } else {
+                return Err(ItsiError::InvalidInput(
+                    "Invalid IPv6 address format".to_owned(),
+                ));
+            }
+        } else if let Some((h, p)) = url.rsplit_once(':') {
+            // Check if `h` is an IPv6 address before assuming it's a port
+            if h.contains('.') || h.parse::<Ipv4Addr>().is_ok() {
+                (h, p.parse::<u16>().ok()) // IPv4 case
+            } else if h.parse::<Ipv6Addr>().is_ok() {
+                // If it's IPv6, require brackets for port
+                return Err(ItsiError::InvalidInput(
+                    "IPv6 addresses must use [ ] when specifying a port".to_owned(),
+                ));
+            } else {
+                (h, None) // Treat as a hostname
+            }
+        } else {
+            (url, None)
+        };
+
+        let address = if let Ok(ip) = host.parse::<IpAddr>() {
+            BindAddress::Ip(ip)
+        } else {
+            resolve_hostname(host)
+                .map(BindAddress::Ip)
+                .ok_or(ItsiError::ArgumentError(format!(
+                    "Failed to resolve hostname {}",
+                    host
+                )))?
+        };
+        let (port, address) = match protocol {
+            BindProtocol::Http => (port.or(Some(80)), address),
+            BindProtocol::Https => (port.or(Some(443)), address),
+            BindProtocol::Unix => (None, BindAddress::UnixSocket(host.into())),
+            BindProtocol::Unixs => (None, BindAddress::UnixSocket(host.into())),
+        };
+
+        let tls_config = match protocol {
+            BindProtocol::Http => None,
+            BindProtocol::Https => Some(configure_tls(host, &options)?),
+            BindProtocol::Unix => None,
+            BindProtocol::Unixs => Some(configure_tls(host, &options)?),
+        };
+
+        Ok(Self {
+            address,
+            port,
+            protocol,
+            tls_config,
+        })
+    }
+}
+
+fn parse_bind_options(query: &str) -> HashMap<String, String> {
+    query
+        .split('&')
+        .filter_map(|pair| pair.split_once('='))
+        .map(|(k, v)| (k.to_owned(), v.to_owned()))
+        .collect()
+}
+
+/// Attempts to resolve a hostname into an IP address.
+fn resolve_hostname(hostname: &str) -> Option<IpAddr> {
+    (hostname, 0)
+        .to_socket_addrs()
+        .ok()?
+        .find_map(|addr| {
+            if addr.is_ipv6() {
+                Some(addr.ip()) // Prefer IPv6
+            } else {
+                None
+            }
+        })
+        .or_else(|| {
+            (hostname, 0)
+                .to_socket_addrs()
+                .ok()?
+                .map(|addr| addr.ip())
+                .next()
+        }) // Fallback to IPv4
+}

data/ext/itsi_server/src/server/bind_protocol.rs

@@ -0,0 +1,37 @@
+use itsi_error::ItsiError;
+use std::str::FromStr;
+
+#[derive(Debug, Default, Clone)]
+pub enum BindProtocol {
+    #[default]
+    Https,
+    Http,
+    Unix,
+    Unixs,
+}
+
+impl FromStr for BindProtocol {
+    type Err = ItsiError;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        match s {
+            "http" => Ok(BindProtocol::Http),
+            "https" => Ok(BindProtocol::Https),
+            "unix" => Ok(BindProtocol::Unix),
+            "tls" => Ok(BindProtocol::Unixs),
+            _ => Err(ItsiError::UnsupportedProtocol(s.to_string())),
+        }
+    }
+}
+
+impl std::fmt::Display for BindProtocol {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        let s = match self {
+            BindProtocol::Https => "https",
+            BindProtocol::Http => "http",
+            BindProtocol::Unix => "unix",
+            BindProtocol::Unixs => "tls",
+        };
+        write!(f, "{}", s)
+    }
+}

data/ext/itsi_server/src/server/io_stream.rs

@@ -0,0 +1,104 @@
+use super::listener::SockAddr;
+use pin_project::pin_project;
+use tokio::net::{TcpStream, UnixStream};
+use tokio_rustls::server::TlsStream;
+
+use std::os::unix::io::{AsRawFd, RawFd};
+use std::pin::Pin;
+use std::task::{Context, Poll};
+use tokio::io::{AsyncRead, AsyncWrite};
+
+#[pin_project(project = IoStreamEnumProj)]
+pub enum IoStream {
+    Tcp {
+        #[pin]
+        stream: TcpStream,
+        addr: SockAddr,
+    },
+    TcpTls {
+        #[pin]
+        stream: TlsStream<TcpStream>,
+        addr: SockAddr,
+    },
+    Unix {
+        #[pin]
+        stream: UnixStream,
+        addr: SockAddr,
+    },
+    UnixTls {
+        #[pin]
+        stream: TlsStream<UnixStream>,
+        addr: SockAddr,
+    },
+}
+
+impl IoStream {
+    pub fn addr(&self) -> SockAddr {
+        match self {
+            IoStream::Tcp { addr, .. } => addr.clone(),
+            IoStream::TcpTls { addr, .. } => addr.clone(),
+            IoStream::Unix { addr, .. } => addr.clone(),
+            IoStream::UnixTls { addr, .. } => addr.clone(),
+        }
+    }
+}
+
+impl AsyncRead for IoStream {
+    fn poll_read(
+        self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &mut tokio::io::ReadBuf<'_>,
+    ) -> Poll<std::io::Result<()>> {
+        match self.project() {
+            IoStreamEnumProj::Tcp { stream, .. } => stream.poll_read(cx, buf),
+            IoStreamEnumProj::TcpTls { stream, .. } => stream.poll_read(cx, buf),
+            IoStreamEnumProj::Unix { stream, .. } => stream.poll_read(cx, buf),
+            IoStreamEnumProj::UnixTls { stream, .. } => stream.poll_read(cx, buf),
+        }
+    }
+}
+
+impl AsyncWrite for IoStream {
+    fn poll_write(
+        self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &[u8],
+    ) -> Poll<std::io::Result<usize>> {
+        match self.project() {
+            IoStreamEnumProj::Tcp { stream, .. } => stream.poll_write(cx, buf),
+            IoStreamEnumProj::TcpTls { stream, .. } => stream.poll_write(cx, buf),
+            IoStreamEnumProj::Unix { stream, .. } => stream.poll_write(cx, buf),
+            IoStreamEnumProj::UnixTls { stream, .. } => stream.poll_write(cx, buf),
+        }
+    }
+
+    fn poll_flush(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<std::io::Result<()>> {
+        match self.project() {
+            IoStreamEnumProj::Tcp { stream, .. } => stream.poll_flush(cx),
+            IoStreamEnumProj::TcpTls { stream, .. } => stream.poll_flush(cx),
+            IoStreamEnumProj::Unix { stream, .. } => stream.poll_flush(cx),
+            IoStreamEnumProj::UnixTls { stream, .. } => stream.poll_flush(cx),
+        }
+    }
+
+    fn poll_shutdown(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<std::io::Result<()>> {
+        match self.project() {
+            IoStreamEnumProj::Tcp { stream, .. } => stream.poll_shutdown(cx),
+            IoStreamEnumProj::TcpTls { stream, .. } => stream.poll_shutdown(cx),
+            IoStreamEnumProj::Unix { stream, .. } => stream.poll_shutdown(cx),
+            IoStreamEnumProj::UnixTls { stream, .. } => stream.poll_shutdown(cx),
+        }
+    }
+}
+
+impl AsRawFd for IoStream {
+    fn as_raw_fd(&self) -> RawFd {
+        // For immutable access, we can simply pattern-match on self.
+        match self {
+            IoStream::Tcp { stream, .. } => stream.as_raw_fd(),
+            IoStream::TcpTls { stream, .. } => stream.get_ref().0.as_raw_fd(),
+            IoStream::Unix { stream, .. } => stream.as_raw_fd(),
+            IoStream::UnixTls { stream, .. } => stream.get_ref().0.as_raw_fd(),
+        }
+    }
+}

data/ext/itsi_server/src/server/itsi_ca/itsi_ca.crt

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB9TCCAZugAwIBAgIUMpQtAScU2Ow9c1Xy/0b/kS/BuwcwCgYIKoZIzj0EAwIw
+UDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBEl0c2kxDTALBgNVBAcMBEl0c2kxEDAO
+BgNVBAoMB0l0c2kgQ0ExETAPBgNVBAMMCGl0c2kuZnlpMB4XDTI1MDMwMzIwMjg1
+N1oXDTM1MDMwMTIwMjg1N1owUDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBEl0c2kx
+DTALBgNVBAcMBEl0c2kxEDAOBgNVBAoMB0l0c2kgQ0ExETAPBgNVBAMMCGl0c2ku
+ZnlpMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqGdC9Vi1r7ARvqSkPXkAgiV5
+gn2MMTeEafagrWT7G1onSh/G+Qstxl61kfFNLOTiy6NSgAtKG+gfveCTo0Pcz6NT
+MFEwHQYDVR0OBBYEFN7zzDodmiK2VAzLDydDvb6Er+U+MB8GA1UdIwQYMBaAFN7z
+zDodmiK2VAzLDydDvb6Er+U+MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwID
+SAAwRQIhAP8q3PiwqTwCbRvYvvetxH39mAce1mfQMosb33ns228VAiBXdb+p9s0o
+5ug5g9/MTvrIPI7GgolXCWZunkouy0LSrw==
+-----END CERTIFICATE-----

data/ext/itsi_server/src/server/itsi_ca/itsi_ca.key

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgC7WOxDmO7pBvDvYn
+YI8+z2/2c0ChxBsuJkQq/dXi1RyhRANCAASoZ0L1WLWvsBG+pKQ9eQCCJXmCfYwx
+N4Rp9qCtZPsbWidKH8b5Cy3GXrWR8U0s5OLLo1KAC0ob6B+94JOjQ9zP
+-----END PRIVATE KEY-----