logstash-input-elastic_serverless_forwarder 0.1.0-java

data/lib/logstash/inputs/elastic_serverless_forwarder.rb

@@ -0,0 +1,172 @@
+# encoding: utf-8
+require "logstash/inputs/base"
+require "logstash/namespace"
+
+require "logstash/plugin_mixins/plugin_factory_support"
+
+require 'logstash/inputs/http'
+require 'logstash/codecs/json_lines'
+
+class LogStash::Inputs::ElasticServerlessForwarder < LogStash::Inputs::Base
+  include LogStash::PluginMixins::PluginFactorySupport
+
+  config_name "elastic_serverless_forwarder"
+
+  # no-codec
+  config :codec, obsolete: 'The elastic_serverless_forwarder input does not have an externally-configurable codec'
+
+  # bind address
+  config :host, :validate => :string, :default => "0.0.0.0"
+  config :port, :validate => :number, :required => true
+
+  # optional http basic auth
+  config :auth_basic_username,         :validate => :string
+  config :auth_basic_password,         :validate => :password
+
+  # ssl-config
+  config :ssl,                         :validate => :boolean, :default => true
+
+  # ssl-identity
+  config :ssl_certificate,             :validate => :path
+  config :ssl_key,                     :validate => :path
+  config :ssl_key_passphrase,          :validate => :password
+
+  # ssl-trust
+  config :ssl_certificate_authorities, :validate => :path, :list => true
+  config :ssl_client_authentication,   :validate => %w(none optional required), :default => 'none'
+  config :ssl_verification_mode,       :validate => %w(certificate),            :default => 'certificate'
+
+  # ssl-expert-mode
+  config :ssl_cipher_suites,           :validate => :string,  :list => true
+  config :ssl_supported_protocols,     :validate => :string,  :list => true
+  config :ssl_handshake_timeout,       :validate => :number,  :default => 10_000
+
+  # we present the ES-like ssl_certificate_authorities, but our
+  # internal http input plugin uses ssl_verify_mode to describe
+  # the same behaviour.
+  SSL_CLIENT_AUTHENTICATION_TO_VERIFY_MODE_MAP = {
+    'none'     => 'none',
+    'optional' => 'peer',
+    'required' => 'force_peer',
+  }.each_value(&:freeze).freeze # deep freeze
+  private_constant :SSL_CLIENT_AUTHENTICATION_TO_VERIFY_MODE_MAP
+
+
+  def initialize(*a)
+    super
+    @internal_http = plugin_factory.input('http').new(inner_http_input_options)
+  end
+
+  def register
+    logger.debug("registering inner HTTP input plugin")
+    @internal_http.register
+    logger.debug("registered inner HTTP input plugin")
+  end # def register
+
+
+  def run(queue)
+    logger.debug("starting inner HTTP input plugin")
+    @internal_http.run(QueueWrapper.new(queue))
+    logger.debug('inner HTTP plugin has exited')
+  rescue => e
+    logger.error("inner HTTP plugin has had an unrecoverable exception: #{e.message} at #{e.backtrace.first}")
+    raise
+  end
+
+  def stop
+    logger.debug("stopping inner HTTP input plugin")
+    @internal_http.stop
+    logger.debug('inner HTTP plugin has been stopped')
+  end
+
+  def close
+    logger.debug("closing inner HTTP input plugin")
+    @internal_http.close
+    logger.debug('inner HTTP plugin has been closed')
+  end
+
+  private
+
+  def inner_http_input_options
+    @_inner_http_input_options ||= begin
+      http_options = {
+        # directly-configurable
+        'host' => @host,
+        'port' => @port,
+
+        # non-configurable codec
+        'codec' => plugin_factory.codec('json_lines').new(inner_json_lines_codec_options),
+        'additional_codecs' => {},
+
+        # enrichment avoidance
+        'ecs_compatibility'            => 'disabled',
+        'remote_host_target_field'     => '[@metadata][void]',
+        'request_headers_target_field' => '[@metadata][void]',
+      }
+
+      if @auth_basic_username
+        http_options['user'] = @auth_basic_username
+        http_options['password'] = @auth_basic_password || fail(LogStash::ConfigurationError, '`auth_basic_password` is REQUIRED when `auth_basic_username` is provided')
+        logger.warn("HTTP Basic Auth over non-secured connection") if @ssl == false
+      end
+
+      if @ssl == false
+        ignored_ssl_settings = @original_params.keys.grep('ssl_')
+        logger.warn("Explicit SSL-related settings are ignored because `ssl => false`: #{ignored_ssl_settings.keys}") if ignored_ssl_settings.any?
+      else
+        http_options['ssl'] = true
+
+        http_options['ssl_cipher_suites'] = @ssl_cipher_suites if @original_params.include?('ssl_cipher_suites')
+        http_options['ssl_supported_protocols'] = @ssl_supported_protocols if @original_params.include?('ssl_supported_protocols')
+        http_options['ssl_handshake_timeout'] = @ssl_handshake_timeout
+
+        http_options.merge!(ssl_identity_options)
+        http_options.merge!(ssl_trust_options)
+      end
+
+      http_options
+    end
+  end
+
+  def ssl_identity_options
+    identity_options = {
+      'ssl_certificate' => @ssl_certificate || fail(LogStash::ConfigurationError, '`ssl_certificate` is REQUIRED when `ssl => true`'),
+      'ssl_key'         => @ssl_key         || fail(LogStash::ConfigurationError, '`ssl_key` is REQUIRED when `ssl => true`')
+    }
+    identity_options['ssl_key_passphrase'] = @ssl_key_passphrase if @original_params.include?('ssl_key_passphrase')
+
+    identity_options
+  end
+
+  def ssl_trust_options
+    trust_options = {
+      'ssl_verify_mode' => SSL_CLIENT_AUTHENTICATION_TO_VERIFY_MODE_MAP.fetch(@ssl_client_authentication)
+    }
+    if @ssl_client_authentication == 'none'
+      logger.warn("Explicit `ssl_certificate_authorities` is ignored because `ssl_client_authentication => #{@ssl_client_authentication}`")
+    else
+      trust_options['ssl_certificate_authorities'] = @ssl_certificate_authorities || fail(LogStash::ConfigurationError, "`ssl_certificate_authorities` is REQUIRED when `ssl_client_authentication => #{@ssl_client_authentication}`")
+    end
+
+    trust_options
+  end
+
+  def inner_json_lines_codec_options
+    @_inner_json_lines_codec_options ||= {
+      # enrichment avoidance
+      'ecs_compatibility' => 'disabled',
+    }
+  end
+
+  class QueueWrapper
+    def initialize(wrapped_queue)
+      @wrapped_queue = wrapped_queue
+    end
+
+    def << (event)
+      event.remove('[@metadata][void]')
+      @wrapped_queue << event
+    end
+  end
+
+end # class LogStash::Inputs::ElasticServerlessForwarder

data/logstash-input-elastic_serverless_forwarder.gemspec

@@ -0,0 +1,32 @@
+# encoding: utf-8
+
+Gem::Specification.new do |s|
+  s.name = 'logstash-input-elastic_serverless_forwarder'
+  s.version = '0.1.0'
+  s.licenses = ['Apache License (2.0)']
+  s.summary = "Receives events from Elastic Serverless Forwarder over HTTP or HTTPS"
+  s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
+  s.authors = ["Elastic"]
+  s.email = 'info@elastic.co'
+  s.homepage = "http://www.elastic.co/guide/en/logstash/current/index.html"
+  s.require_paths = ["lib", "vendor/jar-dependencies"]
+
+  # Files
+  s.files = Dir["lib/**/*","spec/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "VERSION", "docs/**/*"]
+  # Tests
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { "logstash_plugin" => "true", "logstash_group" => "input" }
+
+  # Gem dependencies
+  s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
+  s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.2'
+  s.add_runtime_dependency 'logstash-mixin-plugin_factory_support'
+  s.add_runtime_dependency 'logstash-input-http'
+  s.add_runtime_dependency 'logstash-codec-json_lines'
+
+  s.add_development_dependency 'logstash-devutils'
+
+  s.platform = "java"
+end

data/spec/fixtures/certs/generate.sh

@@ -0,0 +1,58 @@
+# warning: do not use the certificates produced by this tool in production.
+# This is for testing purposes only
+set -e
+
+rm -rf generated
+mkdir generated
+cd generated
+
+echo "GENERATED CERTIFICATES FOR TESTING ONLY." >> ./README.txt
+echo "DO NOT USE THESE CERTIFICATES IN PRODUCTION" >> ./README.txt
+
+# certificate authority
+openssl genrsa -out root.key 4096
+openssl req -new -x509 -days 1826 -extensions ca -key root.key -out root.crt -subj "/C=LS/ST=NA/L=Http Input/O=Logstash/CN=root" -config ../openssl.cnf
+
+# server certificate from root
+openssl genrsa -out server_from_root.key 4096
+openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in server_from_root.key -out server_from_root.pkcs8.key
+openssl req -new -key server_from_root.key -out server_from_root.csr -subj "/C=LS/ST=NA/L=Http Input/O=Logstash/CN=server" -config ../openssl.cnf
+openssl x509 -req -extensions server_cert -extfile ../openssl.cnf -days 1096 -in server_from_root.csr -CA root.crt -CAkey root.key -set_serial 03 -out server_from_root.crt -sha256
+
+# client certificate from root
+openssl genrsa -out client_from_root.key 4096
+openssl req -new -key client_from_root.key -out client_from_root.csr -subj "/C=LS/ST=NA/L=Http Input/O=Logstash/CN=client" -config ../openssl.cnf
+openssl x509 -req -extensions client_cert -extfile ../openssl.cnf -days 1096 -in client_from_root.csr -CA root.crt -CAkey root.key -set_serial 04 -out client_from_root.crt -sha256
+
+# self-signed for testing
+openssl req -newkey rsa:4096 -nodes -keyout client_self_signed.key -x509 -days 365 -out client_self_signed.crt -subj "/C=LS/ST=NA/L=Http Input/O=Logstash/CN=self"
+#openssl genrsa -out client_self_signed.key 4096
+#openssl req -new -x509 -days 1826 -extensions client_cert -key client_self_signed.key -out client_self_signed.crt -subj "/C=LS/ST=NA/L=Http Input/O=Logstash/CN=self" -config ../openssl.cnf
+
+## client with invalid subject
+openssl genrsa -out client_no_matching_subject.key 4096
+openssl req -new -key client_no_matching_subject.key -out client_no_matching_subject.csr -subj "/C=LS/ST=NA/L=Http Input/O=Logstash/CN=client_no_matching_subject" -config ../openssl.cnf
+openssl x509 -req -extensions client_cert_no_matching_subject -extfile ../openssl.cnf -days 1096 -in client_no_matching_subject.csr -CA root.crt -CAkey root.key -set_serial 04 -out client_no_matching_subject.crt
+
+# verify :allthethings
+openssl verify -CAfile root.crt server_from_root.crt
+openssl verify -CAfile root.crt client_from_root.crt
+openssl verify -CAfile root.crt client_no_matching_subject.crt
+
+! openssl verify -CAfile root.crt client_self_signed.crt > /dev/null
+openssl verify -CAfile client_self_signed.crt client_self_signed.crt
+
+# create pkcs8 versions of all keys
+openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in client_from_root.key -out client_from_root.key.pkcs8
+openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in server_from_root.key -out server_from_root.key.pkcs8
+
+# create pkcs12 keystores (pass:12345678)
+openssl pkcs12 -export -in client_from_root.crt -inkey client_from_root.key -out client_from_root.p12 -name "client_from_root" -passout 'pass:12345678'
+openssl pkcs12 -export -in client_self_signed.crt -inkey client_self_signed.key -out client_self_signed.p12 -name "client_from_root" -passout 'pass:12345678'
+openssl pkcs12 -export -in client_no_matching_subject.crt -inkey client_no_matching_subject.key -out client_no_matching_subject.p12 -name "client_no_matching_subject" -passout 'pass:12345678'
+
+# use java keytool to convert all pkcs12 keystores to jks-format keystores (pass:12345678)
+keytool -importkeystore -srckeystore client_from_root.p12 -srcstoretype pkcs12 -srcstorepass 12345678 -destkeystore client_from_root.jks -deststorepass 12345678 -alias client_from_root
+
+# cleanup csr, we don't need them
+rm -rf *.csr

data/spec/fixtures/certs/generated/README.txt

@@ -0,0 +1,2 @@
+GENERATED CERTIFICATES FOR TESTING ONLY.
+DO NOT USE THESE CERTIFICATES IN PRODUCTION

data/spec/fixtures/certs/generated/client_from_root.crt

@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGATCCA+mgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJMUzEL
+MAkGA1UECAwCTkExEzARBgNVBAcMCkh0dHAgSW5wdXQxETAPBgNVBAoMCExvZ3N0
+YXNoMQ0wCwYDVQQDDARyb290MB4XDTIyMTExODA2MTA0OFoXDTI1MTExODA2MTA0
+OFowUzELMAkGA1UEBhMCTFMxCzAJBgNVBAgMAk5BMRMwEQYDVQQHDApIdHRwIElu
+cHV0MREwDwYDVQQKDAhMb2dzdGFzaDEPMA0GA1UEAwwGY2xpZW50MIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA49LRvGg28z/chbygtYSEHILCOqkUgPom
+M1K6Zity7oPHHfepVSJjIuvyAeT/c2wSay4VL4npZWQ2/AuNdtltGb58PviuYtB/
+1S2sX8WyC2rPcq3vVk85FA0c7xLsOPA+4Hp7hHLxgBfBkIkCNFBRXQOrMBiPrBM7
+RKrCKo1b254O83Hdy+kiUr6GZGXIWDPK3C3tkksKCAv++fxMQgucB9ERX4cigVAQ
++ZIBZGLrWU7Jm/LbI4+TlbFZj/3dQDflRuAhX01Kb5dktnhxrlQd/UkDcpHCv38+
+2/haBov4wmu9/93eKWfc5tqMx8SnnNPjq+ms3rq8WVQtxBUrh60cKhdEKO9nYhrX
+KssHPIPXiM5V2R8yVddFygmgkEEUkxYIg9VYHFGlMCOQC5OoyXIoi08xs8h+GJbM
+MdODsRF8ZhIPeCA7Va34MlySZrvXEzPavNwk3fq7NVUV4Um1lLWQPVwZ9yR9ii3y
+yDa+xibvUWegs/3y04iFL9hhp4EM3u5ucQOdyQEMurxvXx9WrBi8VhMmJUN7dDq4
+emWe8BITVYG6+vVkX577dgm12FGjah4HCEqJuckudP/QGa1xmgJ+AjQ5Q7xzp0VA
+5/llWSlGjzCcVms0V21wyHKGPm0p1sJ+cmcqLBCCgdFl2dnevoLXVjp18Xt6Oas9
+KI343tBSn7ECAwEAAaOB4TCB3jAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF
+oDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBSsU4ZmryDNkeQXZHZ2zvYu7Xp6tTAfBgNVHSMEGDAW
+gBTA8vgd/nWOBOCTxL+z67d+Am9lqjAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYw
+FAYIKwYBBQUHAwIGCCsGAQUFBwMEMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAA
+ATANBgkqhkiG9w0BAQsFAAOCAgEAKfEdNhRpBfZgjZm8cFVLHEL+ML8zMlCubS2v
+v8JL/Fg3Tlj11iCYa5XmwwHdprpDyrIChZOwsZK+1xWHgy+vGI5W93RbhCxx7o4C
+DzcFkeI13qgjtdDvbzttZIHGNWSN8qaXLlc+rJBYn8uOUyQ95wXYJM+j+hH3E34c
+60Iy8AcYPcBhtiDN94eHswKxiF1EgViHVlVraaTWTU7U0VCeFTHWebQb+Hdg9Fa8
+SjK1Mqcnowd4owgXEjPgbyyf6UOgBe6wScwJjyDPmh7tvDKsSeD4XibRK+Hmwinx
+gtxnZtlM4472EOOENNfd7JGui6H8XxHU9dUMMDTH4YY6cakpHpAopMY5jKYqhEdH
+bCNZX+EmP9XV8cfjQWOJOSck3O1FA8EL5Yekbyh8Rf60gneSu3lrvwvLE2msz00Y
+vILeVMZvBXO3Ua3YitWFv9pxrgkGfpIt1U25H6Bg1pP2qSoEBSh5tCBqXbFqr1o2
+QiuE0Y+bv2DT0rtKZ3Gt1G2klqZg3KpL2pM7Udf5bxm0Bxgj+XA1SycNqNsciGtK
+jPFuA1IsFwNzJd0AcDtDRWK6o0GhtUwQ+JMfP06V07knWg21aTPddhiaDrgpMTFJ
+hD8TJvTs8kkjz4COiv/jTippc9lw0Fy4rneZ2iAt59JaiqmoXvBP0tvj3orBBnqW
+n3C9qbA=
+-----END CERTIFICATE-----

data/spec/fixtures/certs/generated/client_from_root.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEA49LRvGg28z/chbygtYSEHILCOqkUgPomM1K6Zity7oPHHfep
+VSJjIuvyAeT/c2wSay4VL4npZWQ2/AuNdtltGb58PviuYtB/1S2sX8WyC2rPcq3v
+Vk85FA0c7xLsOPA+4Hp7hHLxgBfBkIkCNFBRXQOrMBiPrBM7RKrCKo1b254O83Hd
+y+kiUr6GZGXIWDPK3C3tkksKCAv++fxMQgucB9ERX4cigVAQ+ZIBZGLrWU7Jm/Lb
+I4+TlbFZj/3dQDflRuAhX01Kb5dktnhxrlQd/UkDcpHCv38+2/haBov4wmu9/93e
+KWfc5tqMx8SnnNPjq+ms3rq8WVQtxBUrh60cKhdEKO9nYhrXKssHPIPXiM5V2R8y
+VddFygmgkEEUkxYIg9VYHFGlMCOQC5OoyXIoi08xs8h+GJbMMdODsRF8ZhIPeCA7
+Va34MlySZrvXEzPavNwk3fq7NVUV4Um1lLWQPVwZ9yR9ii3yyDa+xibvUWegs/3y
+04iFL9hhp4EM3u5ucQOdyQEMurxvXx9WrBi8VhMmJUN7dDq4emWe8BITVYG6+vVk
+X577dgm12FGjah4HCEqJuckudP/QGa1xmgJ+AjQ5Q7xzp0VA5/llWSlGjzCcVms0
+V21wyHKGPm0p1sJ+cmcqLBCCgdFl2dnevoLXVjp18Xt6Oas9KI343tBSn7ECAwEA
+AQKCAgEA2fcAHL6kHBP0OqteImw3LUPY6eCMMl2hoKa8mTVmj1XacgxZoI72xBly
+/2cFE3vJH2wGbuYGO7Amfvvai2O34tKA8opf5UBPnThGW5a8Ifo9oR1SB4RiOpHV
+JdI32L3ZmlD0zaJe9UtFMLA0QLK7NT9mT+yfwGTh5m9stuNph/NvoHBHYGibIwkP
+cQyEIgbjRcZXLgjG/y3i827z0phi3oOimH+kfo2IwA11cYLGYjpj3uT5zcr2y1fT
+NVUPkfooTKfwpco/tgXlIEKZmMz3qDVrq/hSl335OOEh2HOgOvpz3FF71Kd/DAr6
+d8HpDr0WbIpzjuCfhONpqdkLPZJchwY/jvZdFbb0WtHtSsnlYR2DSuJ+SvtRZI03
+85EQmHMbqmX6pNKc1/OqgKklBlC8yhCBAINLNCl/Jl2uzTJNseD8enyOzOzKmuC+
+vkz29uz7GM8NfS8pBmu7gAUxA0S22xV4vOmDwYAB4L1vz29kyAQg1EApVAufMvFJ
+CJ4eEo6xJ6/UzEQt647IqTQQx6Z8axZvHRriUPwpegbJnP7lMpIp64iAQRWE6AAj
+xQqauiZs/Xx/Px7eDIAbp3PldUkx+3URxlvQzxZgV2f/XTjL4U7A4l6XDC8hfRSd
+XVnrVX9NNHE2OvZcshbUhlVZA657ZTUPs5LQ7xc4jmPEqB/XnVUCggEBAPm3WE+r
+INDeVrRxaVoTR9+7fnJl/Nig8RaDbNLcrvcSLykrKOr0/tlvq/R4SOnTx5YXULhh
+ZMPGQjyvJfvyetTdTUAlliR+ZIWt1S/dCoDitSTKUKabHsLx8N2m6NpFhTLcnbsZ
+H03TghsZuH9uwW5eIZr2rqZqNh2NMJ8iOcFkaWpCFXntJGRlC1zZL7p/viMNY/af
+0haW/ujYjUPjPnKj5/whbgLEzVAglLkt5cTrSR1MWjnzuu9Ul/L0GwAB1sCNxprf
+VoN5+PCfdgqCLGc/jknRRfZSmqi4yNZSuG2tTmANZ811HjfupQi1jI5H63YuZQKG
+a51b+Rzsm9hnb/cCggEBAOmOcXHGOZ8Ek2gAVO2gES7uVDusZr0+NW+4j9a9NxDO
+c4hHYUhHyHjYSgRIWBrdaCBz1ZtMXS7WZUELXU57o+7bQv0Vm36/eK58ecDFbTlB
+HUb5wSIsts/uTKa7ame9+LCDldZN3Rg/cZ4q8YKf9T7bdiQzRjMbxwwTNuMQrKT7
+mWoqmrhsW8nh0SdoEoO5rp92mgoTqcIAT/eOdKMnU4qFfQdQy2lsMyA4G8pFYHq9
+CGFtldpfuWohHzoc6C18FukkKQvQGe98tUKh3PZqbGtoGmHIzVA1oDwa0lnRq5Rl
+iJ6shQpUlIjbrUllWylkadig/l7DRKP5u629U/Jx05cCggEBANNTzBKv+feJEctm
+5wdppbu7ioj5sn8JxL2Ov3u7cv54jxzB/8DHUR1mGhmr6diodxGX7aH8GjBsCgYd
+G4IadMTL++I7bNK5fAx9ThtRbuAf+7iE1rgIMoI8CeEqrYh6qPygI4QBALL2OfcB
+T1fYvS3Pz5S7Cpae7+kWYX1qk4IMngFkp5QlklS8Bl+vFWs5TAmR/XTrT/n6EwOu
+r+4x09lkyKBhEh6Zuj8DM5l7NCXwEFIRGZJNp3d/GZBr8KWS6NDPqrHKLAbcJEZO
+TLEb9MPzz1C9H/4Tbfs3Vg+6tYVr0xYKgjwnz0j6VwQF0Etgpe2/2Y/Hfi8PdMR7
+oHAFKYUCggEAX7GBQcCaM1FIpEAejA4dfEEiOiD1J2ypsFDKfo2gVj6Aj8HPVjIz
+LXBRQ1fw4XD+DO3pA2xScbJeYjwpytJV5LPpypBj2ZbR94wAxr8ddWv8duw1+a6g
+aKmWtmnruv3XO1tutRPKFvlHsCqgMYkgjtSUn1hy1tX2xDfLMVXPpvl/bkRuiEm9
+ggYIEEFP9LDLn4KUsrRDxb0jBqdTmtWuIP94rtqnvVYbzIOwvzuVwDRbjq+7ynGW
+IqnXhZP6fUhuiq/KMZDeT4WlLtvrEPuh2JAa3x3LIaYXNQk4Tpzd1DuVso21JPpq
+sXhwk7X3mAoQZDXygxk2sojMIO+FybxhmQKCAQAiM0JHZU7S0QMUOWLC3NdzHUAX
+lYHIn/zVnba6AGgd8Pw4mmdl9qKErQSDzkhF8r5TWfUxSE1FDqYEnhOP4XPgUlDW
+ul9ayUxvXWSzK0nPTnHBOFF0Ek3ciUfauNnnv3lJnCJTQgqOtNFlQ4+GzyTf4eeB
+dW65sszW6oKoJKnXlQoVeJRwm/J/s5i2ejFSSMfJ/tsqEvLTuC4YeFtBgq4OmnX1
+BgUcRQnhuCZRhTyQh+VfmN9UFLl7O2CmlUz4KfXobbXgfMxUnWEHwSCh4Wham3vq
+wrSmEtF22xHzu6oU8L2wsVTGPz0rne+7LBGHRS/5v8YLLf/XpYKzHoh9mxPP
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/certs/generated/client_from_root.key.pkcs8

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDj0tG8aDbzP9yF
+vKC1hIQcgsI6qRSA+iYzUrpmK3Lug8cd96lVImMi6/IB5P9zbBJrLhUviellZDb8
+C4122W0Zvnw++K5i0H/VLaxfxbILas9yre9WTzkUDRzvEuw48D7genuEcvGAF8GQ
+iQI0UFFdA6swGI+sEztEqsIqjVvbng7zcd3L6SJSvoZkZchYM8rcLe2SSwoIC/75
+/ExCC5wH0RFfhyKBUBD5kgFkYutZTsmb8tsjj5OVsVmP/d1AN+VG4CFfTUpvl2S2
+eHGuVB39SQNykcK/fz7b+FoGi/jCa73/3d4pZ9zm2ozHxKec0+Or6azeurxZVC3E
+FSuHrRwqF0Qo72diGtcqywc8g9eIzlXZHzJV10XKCaCQQRSTFgiD1VgcUaUwI5AL
+k6jJciiLTzGzyH4Ylswx04OxEXxmEg94IDtVrfgyXJJmu9cTM9q83CTd+rs1VRXh
+SbWUtZA9XBn3JH2KLfLINr7GJu9RZ6Cz/fLTiIUv2GGngQze7m5xA53JAQy6vG9f
+H1asGLxWEyYlQ3t0Orh6ZZ7wEhNVgbr69WRfnvt2CbXYUaNqHgcISom5yS50/9AZ
+rXGaAn4CNDlDvHOnRUDn+WVZKUaPMJxWazRXbXDIcoY+bSnWwn5yZyosEIKB0WXZ
+2d6+gtdWOnXxe3o5qz0ojfje0FKfsQIDAQABAoICAQDZ9wAcvqQcE/Q6q14ibDct
+Q9jp4IwyXaGgpryZNWaPVdpyDFmgjvbEGXL/ZwUTe8kfbAZu5gY7sCZ++9qLY7fi
+0oDyil/lQE+dOEZblrwh+j2hHVIHhGI6kdUl0jfYvdmaUPTNol71S0UwsDRAsrs1
+P2ZP7J/AZOHmb2y242mH82+gcEdgaJsjCQ9xDIQiBuNFxlcuCMb/LeLzbvPSmGLe
+g6KYf6R+jYjADXVxgsZiOmPe5PnNyvbLV9M1VQ+R+ihMp/Clyj+2BeUgQpmYzPeo
+NWur+FKXffk44SHYc6A6+nPcUXvUp38MCvp3wekOvRZsinOO4J+E42mp2Qs9klyH
+Bj+O9l0VtvRa0e1KyeVhHYNK4n5K+1FkjTfzkRCYcxuqZfqk0pzX86qAqSUGULzK
+EIEAg0s0KX8mXa7NMk2x4Px6fI7M7Mqa4L6+TPb27PsYzw19LykGa7uABTEDRLbb
+FXi86YPBgAHgvW/Pb2TIBCDUQClUC58y8UkInh4SjrEnr9TMRC3rjsipNBDHpnxr
+Fm8dGuJQ/Cl6Bsmc/uUykinriIBBFYToACPFCpq6Jmz9fH8/Ht4MgBunc+V1STH7
+dRHGW9DPFmBXZ/9dOMvhTsDiXpcMLyF9FJ1dWetVf000cTY69lyyFtSGVVkDrntl
+NQ+zktDvFziOY8SoH9edVQKCAQEA+bdYT6sg0N5WtHFpWhNH37t+cmX82KDxFoNs
+0tyu9xIvKSso6vT+2W+r9HhI6dPHlhdQuGFkw8ZCPK8l+/J61N1NQCWWJH5kha3V
+L90KgOK1JMpQppsewvHw3abo2kWFMtyduxkfTdOCGxm4f27Bbl4hmvaupmo2HY0w
+nyI5wWRpakIVee0kZGULXNkvun++Iw1j9p/SFpb+6NiNQ+M+cqPn/CFuAsTNUCCU
+uS3lxOtJHUxaOfO671SX8vQbAAHWwI3Gmt9Wg3n48J92CoIsZz+OSdFF9lKaqLjI
+1lK4ba1OYA1nzXUeN+6lCLWMjkfrdi5lAoZrnVv5HOyb2Gdv9wKCAQEA6Y5xccY5
+nwSTaABU7aARLu5UO6xmvT41b7iP1r03EM5ziEdhSEfIeNhKBEhYGt1oIHPVm0xd
+LtZlQQtdTnuj7ttC/RWbfr94rnx5wMVtOUEdRvnBIiy2z+5MprtqZ734sIOV1k3d
+GD9xnirxgp/1Ptt2JDNGMxvHDBM24xCspPuZaiqauGxbyeHRJ2gSg7mun3aaChOp
+wgBP9450oydTioV9B1DLaWwzIDgbykVger0IYW2V2l+5aiEfOhzoLXwW6SQpC9AZ
+73y1QqHc9mpsa2gaYcjNUDWgPBrSWdGrlGWInqyFClSUiNutSWVbKWRp2KD+XsNE
+o/m7rb1T8nHTlwKCAQEA01PMEq/594kRy2bnB2mlu7uKiPmyfwnEvY6/e7ty/niP
+HMH/wMdRHWYaGavp2Kh3EZftofwaMGwKBh0bghp0xMv74jts0rl8DH1OG1Fu4B/7
+uITWuAgygjwJ4SqtiHqo/KAjhAEAsvY59wFPV9i9Lc/PlLsKlp7v6RZhfWqTggye
+AWSnlCWSVLwGX68VazlMCZH9dOtP+foTA66v7jHT2WTIoGESHpm6PwMzmXs0JfAQ
+UhEZkk2nd38ZkGvwpZLo0M+qscosBtwkRk5MsRv0w/PPUL0f/hNt+zdWD7q1hWvT
+FgqCPCfPSPpXBAXQS2Cl7b/Zj8d+Lw90xHugcAUphQKCAQBfsYFBwJozUUikQB6M
+Dh18QSI6IPUnbKmwUMp+jaBWPoCPwc9WMjMtcFFDV/DhcP4M7ekDbFJxsl5iPCnK
+0lXks+nKkGPZltH3jADGvx11a/x27DX5rqBoqZa2aeu6/dc7W261E8oW+UewKqAx
+iSCO1JSfWHLW1fbEN8sxVc+m+X9uRG6ISb2CBggQQU/0sMufgpSytEPFvSMGp1Oa
+1a4g/3iu2qe9VhvMg7C/O5XANFuOr7vKcZYiqdeFk/p9SG6Kr8oxkN5PhaUu2+sQ
++6HYkBrfHcshphc1CThOnN3UO5WyjbUk+mqxeHCTtfeYChBkNfKDGTayiMwg74XJ
+vGGZAoIBACIzQkdlTtLRAxQ5YsLc13MdQBeVgcif/NWdtroAaB3w/DiaZ2X2ooSt
+BIPOSEXyvlNZ9TFITUUOpgSeE4/hc+BSUNa6X1rJTG9dZLMrSc9OccE4UXQSTdyJ
+R9q42ee/eUmcIlNCCo600WVDj4bPJN/h54F1brmyzNbqgqgkqdeVChV4lHCb8n+z
+mLZ6MVJIx8n+2yoS8tO4Lhh4W0GCrg6adfUGBRxFCeG4JlGFPJCH5V+Y31QUuXs7
+YKaVTPgp9ehtteB8zFSdYQfBIKHhaFqbe+rCtKYS0XbbEfO7qhTwvbCxVMY/PSud
+77ssEYdFL/m/xgst/9elgrMeiH2bE88=
+-----END PRIVATE KEY-----

data/spec/fixtures/certs/generated/client_no_matching_subject.crt

@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGEzCCA/ugAwIBAgIBBDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJMUzEL
+MAkGA1UECAwCTkExEzARBgNVBAcMCkh0dHAgSW5wdXQxETAPBgNVBAoMCExvZ3N0
+YXNoMQ0wCwYDVQQDDARyb290MB4XDTIyMTExODA2MTA1MFoXDTI1MTExODA2MTA1
+MFowZzELMAkGA1UEBhMCTFMxCzAJBgNVBAgMAk5BMRMwEQYDVQQHDApIdHRwIElu
+cHV0MREwDwYDVQQKDAhMb2dzdGFzaDEjMCEGA1UEAwwaY2xpZW50X25vX21hdGNo
+aW5nX3N1YmplY3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDR33lr
+wqaslTGu1yAUoMQPL3UupHRmX4z4Ken+XigOiV/73hvfOHRiF4GRBhFXfMAFLzG9
+ayHoiXwAOkRsPA8DSWtwKeMLjtpRjizNPWWuKp4Rkp+snrGTROczJvf44DWDrm2O
+pbcuYym2B0fypEEpP9rvmnewbO8AVKF2Cs9hsy3d9XPDcpbw3/7TvU81uS1os9jS
+CxxCLa26I/1t1SWf5iO+YKwS+7/MDRMTWgN1JbmY1m7KPygS3somS8uCSCVUAL3/
+XFH1cLj99MmKNG4M/P05Qzzwq3ygEl3oY9iWA6jSYHsS6fkM7g7/Uo2cQ0OdS0Eh
+gcAYZTZkhcfcvW+2XwUqDEYpJdmETBm4Mu/s6S9QJRb4sOdnfF8MrNPF517Kxsgv
+m2GiHzu8X+74BgimtWJbJsng4uCs/s9YMVqcWoiz6/Oh12Niv3da//t77hYFipri
+nIYeCNmvZe8FEkUEXZXaxVw57MQrSKXpYFR/YIywqxCkJ3iHabwGU3GN0bOIJdxD
+AgGgvSmwuAb04FgpFazNhpR0pEuXnscxH2w2ekgog3QII2R8qfTfDL8BHTkn4tMS
+D3DoalZRcxPbYg5ljqvfBLYmqJ6RmCjkZUrwpaTcvRUZButj4iKlBbjRIW75zVUw
+WkiNNqSNvoMLZZ6Hj94Md0l0bj48k4zZh1Gc3wIDAQABo4HfMIHcMAkGA1UdEwQC
+MAAwEQYJYIZIAYb4QgEBBAQDAgWgMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdl
+bmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNON6AHvURpMymy9
+mbb6g1RaMS9nMB8GA1UdIwQYMBaAFMDy+B3+dY4E4JPEv7Prt34Cb2WqMA4GA1Ud
+DwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwGAYDVR0R
+BBEwD4IHbm93aGVyZYcEey1DWTANBgkqhkiG9w0BAQUFAAOCAgEAmUN5xaZRBa1W
+nByioq/PfMHfmRBUeKKBbJlropNbDwgA7fOg9htZAx84qkyxCSeg9tehECczkZ/G
+DvNdm9ju77hJbl/Ni/GyTSM/+n1DNLak07jdnrGfrquFN59uLss3GnODi91pDgrb
+3FTUFTYteczMtuQ/H2cK36m+f3R8KbsQqsmzrZZ3tjF/QOnQUfWu+D0YiYoEruWo
+9nvDi9fTHn2ATjJ2xQyr1WaVyh1NyDeso9Fuv7bbzMcRXUOc+abzudE4vxT5vD9p
+BX+i2RdDJ0UFNl5O+XzGkxR/sSN6MVyHvQXP6OCh+lznnF/kCxywsMI6dMfCT8tb
+bcxCO4Dq2X7OqgLWhHT2UmPd8/IdUtrJdQR5f+o7ZGzTfIWq8VzP2FlAUIq74wnd
+sVMFmVRbNK3ay0Wf1AEM4cV09YRGDNpZVZD26XbAcwHDbQvMHy/Sd1xEy3EMDh+n
+QJRCYf7rcuwnXlCjJa6/kyoHL4NHFUMGzrKbK3ZVUc0OdITzG6QMr+N9xA4yeRMm
+Y0TllIhZ27Iakwjz1sjD1ni6I8/kxU7lohSJS5lb8RHnPzEilXSY8KQYFmwKoA3u
+RGCX0H2Qlix7ROSpObTb4xqoabLP4IecBbgdmsF6Z8U51WYP+9Oybk4JKQ9JXqv3
+P5rwcLgNa2F3flh46OFCDDfET1tRU6M=
+-----END CERTIFICATE-----

data/spec/fixtures/certs/generated/client_no_matching_subject.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEA0d95a8KmrJUxrtcgFKDEDy91LqR0Zl+M+Cnp/l4oDolf+94b
+3zh0YheBkQYRV3zABS8xvWsh6Il8ADpEbDwPA0lrcCnjC47aUY4szT1lriqeEZKf
+rJ6xk0TnMyb3+OA1g65tjqW3LmMptgdH8qRBKT/a75p3sGzvAFShdgrPYbMt3fVz
+w3KW8N/+071PNbktaLPY0gscQi2tuiP9bdUln+YjvmCsEvu/zA0TE1oDdSW5mNZu
+yj8oEt7KJkvLgkglVAC9/1xR9XC4/fTJijRuDPz9OUM88Kt8oBJd6GPYlgOo0mB7
+Eun5DO4O/1KNnENDnUtBIYHAGGU2ZIXH3L1vtl8FKgxGKSXZhEwZuDLv7OkvUCUW
++LDnZ3xfDKzTxedeysbIL5thoh87vF/u+AYIprViWybJ4OLgrP7PWDFanFqIs+vz
+oddjYr93Wv/7e+4WBYqa4pyGHgjZr2XvBRJFBF2V2sVcOezEK0il6WBUf2CMsKsQ
+pCd4h2m8BlNxjdGziCXcQwIBoL0psLgG9OBYKRWszYaUdKRLl57HMR9sNnpIKIN0
+CCNkfKn03wy/AR05J+LTEg9w6GpWUXMT22IOZY6r3wS2JqiekZgo5GVK8KWk3L0V
+GQbrY+IipQW40SFu+c1VMFpIjTakjb6DC2Weh4/eDHdJdG4+PJOM2YdRnN8CAwEA
+AQKCAgAPE6LBXwZiN4WOLd4cHUB4ZsxgQWgrQon5+ejZYSI3iR7gFSCjdIbH1TB1
+np34TvnsZWuJU/znm5jQ216298mMTuXs9NVeqzB7017cj6CSVnVshb/6wpu3HKgP
+QKlns5Oklg9AxB7Ysj742KUOhUY5FGFB/TLD9c9lkq7WsAgd2KVe4JckX0MAotbH
+lz3tehQNBX55+FpbVrS4PoWiMkG1ru66am9yHau1mOrZ5QmCjOc8V4s19DuIv4B+
+J8vC3DPySOtdQOCSZTqk48TmrMWLIVF/n5jtISSeyzL70tBoVnL2SgANZ8mAaEmj
+heauZxagYhuXsJ6AIiU6K3IkJWe07M0jhITWuZV3eeBEZFi2kF4zfDUWWE1vWJ1x
+RW8dukI0T5TkPfb8wluBfFi0W1RWGY3UqkfZF4BnKYxGvP/ugzzZN1KLtbNbUV0u
+zQI0k7l5o1f9zm62ck+BNXTzXS9ckvLVrNwQIKD8tnTlxjMP77GlNq4DSPmbQ/a2
+8AD+5O3H6hWkAZtOjSwF+Y6yTS1Ez7I+ZolWG8pQbHC9I/Sj4H7bWbWQzE3OWlBJ
+MEQPauI8pHnS57EfU3Qh6omdc8ijifoe7I+K74Ok8mHHWe42qEy0KiBH5cPp3I+1
+0GhWjYMJ1z0z8ctJqDiruLUzWjsBdG9BJu6a/IDaNfkIH/HEIQKCAQEA+0oYdRO9
++C93xhgcyVHqWR2zlUOMNpImR4Ms457gH+jJ2+Jd72oFQiW0uKpxupa0MnAlpbPB
+ed0KVQmRltr4G8iNa/Z4BRNikKbgGzMnt05gP5kXlE0rj9yfaGl8CEvJYTtKCcgg
+o1vN8zlhgmMQCxNy8IFT16gAt7clf53gX7gIe8A7SLrlFRPHaOpuHRrCQla+aV+F
+a7FnH678TpuUw4J+DJf3G1bczez4+hwp0S8GLI3UnQmbqUKxvClI5NzxwIQomt2f
+ibJEt2O1MWY6uSlLEmnvnl8Vdt2NbqvbKbtMkR6g811c+LR9yVX5wCJeATP6MlSj
+LrsYS2yKRLpyBQKCAQEA1c6gZj1Vuz9qTXg9axRj8ec05lxPsSfQ3SmjKflY+wM9
+gOin+Tjuye5z+jwA9syRZxwQ9TRjvcI9aymX/RlxLWKZjJ3zNxEWVDKQhlT3dAD9
+/UUn/cEOQdq5J5mAOQX3puhXw4gVHdi9f/eAhV/PUehV2pMfNhnPsNLpmOMuGhMp
+GyBEOvHmCyBl2g8MiImjBWm82xm2LJ3gFqFdO7qsT09aZIomPrjfJWcxFL5Dc/hS
+gKF+nXeqd191KAr7CBA2HCXsbPll5O1c3Oys70uOowBwBHkGttvusThZDUE3xSej
++e1ObGXjtThGsXuVe9BaTuXMVRCNp0UBi5fSXF7UkwKCAQAuImxbEkTOS+ixdbvT
+OjbMJafSv5P+cNaWSn7zSzfao+JrfCPC0LQmcMW9IY2/s+thVzWSNm5O8UX0Vs1j
+5M+oSimsqJNgWy69X+XFGJ8yCDGje3fYwlI9F0Qs5zDeVQujzj7JjPRxCWnGPcKp
+LYbEgc2YWiYKcc2v7O/1fgazjBYCokhAEg/8zqTNnjyZG1CO3V4X+nGEVA2aw4WO
+6QFm445AwaWcX1YqeFc9k+4ZeYiopWFjc2Agsx3ubaX0XpwDvD+4LvgbT59ODAA4
+EYy2cd5Wgxx69vn52LMenm6eOsTT38us4ncvMfPmAuLXY3fewKwukVtkOPU847B+
+7bwBAoIBAG70LbUg+06S2D2fum/JQxyUGZW6LfkHapJ7OxtbNNv+kHpHQnRJIVJV
+loYzgWSSQJq7q+kz6Nbe6DSmfyNvgpZE5t5cUY0wJuBG5U1w5oGiyiwXKWu8NgPi
+19c/B5WQDTbmuDTWd+7nPWAdNusAD3y4D2XAl5/hwTBII8Wdj50keF6FXiMgyXrY
+s0J4MM7ibmEuwD0LmMiKnXHhB5spgqYdzhECyFogYlzsskHLgwG5ykbKiAR7x1Dv
+jsLa/+7tSsdMvubGfiRRMbHMeOot0bWxUnBfxiY6+CGr1jrUr3Z23dejWOFT9tli
+fP053xdDxrnO8zzpvDkjzGt+vEIHTFUCggEBALHhZZtwoIblLVSb6eO8o7S0E2Qw
+tSggI4FbamFPBFfz3haNzHm2j2bLYTuuE467fQsx/lB0/G9RXaRVNC/mgNmedmm0
+ma+54uVtI4RUWcCQbNLSmw/zmVXfVIuNFcAcfym4C/+Ab7W14IxCEimEF98DRl+u
+mELacbaPrfN1DSGJS0/gytRf8oZUgfWF8KKEoacyEb7NPJUvxBopxHtjk9TMmsm1
+xYtJKK+2k45TBPcmCNpIB4ut11Zon/3ujPq+nh1/pq+oEw80wG53h3xk9HgGppss
+Sl+fnn44xi0UZZ3Relz3xTa4OipBZi7DFlApPPX0RtbXPja3dUHJdY3xB/E=
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/certs/generated/client_self_signed.crt

@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFHjCCAwYCCQDkSE8sMpnvPTANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJM
+UzELMAkGA1UECAwCTkExEzARBgNVBAcMCkh0dHAgSW5wdXQxETAPBgNVBAoMCExv
+Z3N0YXNoMQ0wCwYDVQQDDARzZWxmMB4XDTIyMTExODA2MTA0OVoXDTIzMTExODA2
+MTA0OVowUTELMAkGA1UEBhMCTFMxCzAJBgNVBAgMAk5BMRMwEQYDVQQHDApIdHRw
+IElucHV0MREwDwYDVQQKDAhMb2dzdGFzaDENMAsGA1UEAwwEc2VsZjCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBANlpTaxVhJRVBopFwkHg1jzn7pt0273T
+gKiAFZr4ohroMnfxmlsVhhiCsmcS+y3We1aMcOZWWp7Mp7Dhf+1p8UK6AgiRBLEW
+jylBdqCOlncbta54jZRPPtU+X4cD/+HcSyASzmoEEJJqdQ8WaXgps2a5YwC9yLcL
+yCDLxqgVGUTIhI2bR1BPjd/KK1VRk5EwPwvubGxgqrMQl6Ombn62sHyiaCaKa2Dh
+2596wdy7d5iaBKLAn/iQ1wdGAN0ZXFlY/FKNmOXWZo3E6JxLKSgNl/jKKDJdo6KE
+aK6HJasIhyDJDtVU7180cRIQh+/iBnx3nWu6cJymelwX6EcGzqwPtWle1kHLyMMK
+p7m+mZo05JOPCXcxmngvzCr5yqsoX9HZAHFEm4C+0qWKKmcXTDz+UUB1msWKU64R
+9GmOtRI8hXx9aZd9fU6cbV0hojkqohZxBKUeAfpjxoGZBV2sFlSEK9661G35ipMv
+WiAZrwPNLXQqBXX8qyo19dUDdZUZ4ZFFUt/P2k8uWRoO+RycPiisU2ms/IMC/Wkg
+IlzocEo8JUeFzYcMqHI7JC9YwZmI7rQhbR6N6Ntdz6vjbaRC8DLbGP1QcQDeFAwU
+qb9SmzW/JGcNYXP4ugi8CFtbm5aEIiaJ/YE/IaRTpt5GhKAqbJHgG4PhdRTo9y9K
+HvccsUeTl8pvAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAGAKEjJ6ZhZkD9Ex/Uf8
+QQt5Ktz+jVSk4fYPHOv4DAUpb2psFRLPMmUda/23lMAxzJDYuIeiWIfjSCLWQuEP
+7p0bokGMcDxYH7uvEBF3WwoSRBgePZ+GfhTIqg7O+pzwW6CeUXtkjEHsyX8TF9ct
+TAfH1t/oajIMhGE/YA9Nt8FCMvbhrxx4GjUf+JryKWQJ/Dq47TQgHT8BDGAonuAi
+xoCyZNKEIY9C0eHgVwmSG74LZhJheuKl6PClLlHAEzkyNUNDEQm/y9pBtKqmB16l
+rBXBJ+zSx22LoT2Hc+mBPh0p/hnyORCU/NJ8abiC48aQxMao/hZ2+VYvDIkKyUQl
+ed68OqP52ntZpsqwnGoRfKh6X9SnxzpoczoKFHyQU250HS8I9rON43B3v51/9Kjd
+YYwc2hgVW6BgllAmtYLUeOGYWEhZ/EXXF/ti/v9ZNaMKthcHF5F25gZdR5DX+4gb
+ozZJ7JANXp9mR/I0prQcpArUFVtOatgd1D5huzfzktSBXgIVhPb1sqJ8hEkZ1u6n
+689yKqJ0jU3XClhcAunf8JafekbGh40JQrycHhTkCo4NaqHEO5bOOl0ciX30S+by
+qtY3PFQ1O8uAGuD+cpbUkJtPdWzV3sTk2SG5fzDk4+yod3wENMNmkoHyOkjp0uPN
+hIQyRZ/KHHatP6/mcMZSLP2W
+-----END CERTIFICATE-----

data/spec/fixtures/certs/generated/client_self_signed.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDZaU2sVYSUVQaK
+RcJB4NY85+6bdNu904CogBWa+KIa6DJ38ZpbFYYYgrJnEvst1ntWjHDmVlqezKew
+4X/tafFCugIIkQSxFo8pQXagjpZ3G7WueI2UTz7VPl+HA//h3EsgEs5qBBCSanUP
+Fml4KbNmuWMAvci3C8ggy8aoFRlEyISNm0dQT43fyitVUZORMD8L7mxsYKqzEJej
+pm5+trB8omgmimtg4dufesHcu3eYmgSiwJ/4kNcHRgDdGVxZWPxSjZjl1maNxOic
+SykoDZf4yigyXaOihGiuhyWrCIcgyQ7VVO9fNHESEIfv4gZ8d51runCcpnpcF+hH
+Bs6sD7VpXtZBy8jDCqe5vpmaNOSTjwl3MZp4L8wq+cqrKF/R2QBxRJuAvtKliipn
+F0w8/lFAdZrFilOuEfRpjrUSPIV8fWmXfX1OnG1dIaI5KqIWcQSlHgH6Y8aBmQVd
+rBZUhCveutRt+YqTL1ogGa8DzS10KgV1/KsqNfXVA3WVGeGRRVLfz9pPLlkaDvkc
+nD4orFNprPyDAv1pICJc6HBKPCVHhc2HDKhyOyQvWMGZiO60IW0ejejbXc+r422k
+QvAy2xj9UHEA3hQMFKm/Ups1vyRnDWFz+LoIvAhbW5uWhCImif2BPyGkU6beRoSg
+KmyR4BuD4XUU6PcvSh73HLFHk5fKbwIDAQABAoICADDa5/hs8zD99k1GJcP2CU6A
+c+79EJAUohm7Rp+fdZYETasEYMJNEOgbHonpCwae5vJo9snb59s9dAVcdwnbv7pV
+4DUamWpN/nev3T9xK0Cyul3teyszr5Ptwzus22hev4cCkt3h8fNk9s8gIy08ebMA
+v82f2CXCAQPVptuIejgpsxe7KAhVCDWc0aYHgdijdddxiW3FPzaj6N9+e9//n6My
+P6NBgaWwu1CYHk5C1jo1igskrA4IRjm9Ml5833K4e2L1rMEhL8R11iug/Cui+l6O
+1v+SaT4Q8REfD4jijrMAW1P3FR9YwnvjuRhfu0NnAbn+mGWrR13AhZLIZdLmaMZN
+wOJPny9PTWrxiCxKdoAMg5R+khnFmyCHjwTv7RrQxsa4FxUpUrdrTKTu4DISMNtW
+Jhz3IyiHgr0fYtGClzreLxHgL5P4+kF7DoahKAyVbKhZqIBXAjgJaNGjPS5oAiPc
+wE0qZmmZj8kG36XLGpq1UwqfCW2bq5Hcxbj4vT+rQpxlHUliAnBYqISGYYrpN4s5
+NCrukVkD5cUjf+rnCublE1Lq3SZ/B8+8Nx3LA8CtYbkC2nZNv301WqioVrTSG8Pb
+fLuzHIfKg1RlBBAkFt1z9KcuVFqmXAYOGTecTYf8S6SCnrwgYpDRwQ0kowVRkc9B
+GdFa2mNMm3dcXhjYHOz5AoIBAQD3qntK/CTPKyi6/MtRVN8Nky648x6Jz7T0ZuM1
+iPzP7Oqx18rPeDmUY/WKj5fAYhfg4josklY05walpqqKnNc4ML6OrzoA+7N/SPXL
+13D/LIpAlP30PunuH6jdzSnqM2xM84BkHISiZWkcmLu5DD+pB3LKXC4RyprVbfyj
+7acGpkb/wiig3PCd7IP1zT8SsZGZxlf8g9vhO9EQFkHdbho19nBaDbOb4G8DcXoK
+M/qdHqSBDWeFSJdoS1JlGYcGu9laL0QcmxNnDFIvKcmyYiTC6dkOxSvAOPR2E/HY
+Ds1pQw6sRowOg3n+n6htT77QR/Iv1Hqbmv8oecgszRPxwdWlAoIBAQDgujGKAPE1
+5NxEIudsNonh24EeuI2uUHz/Qush/6brmgtdWZDDUvgIRQXV3XcwAvu//y/kb9cG
+sogXLKu1KfaL2bWAcxhM1XxGweE2urFyufvq6uQ2VGp+2ecBy35DQSCyMO0em1bz
+j7EVldyIumwl8bk/ahvPvIFkZMXozHc/Rxp12N4hOf7wOdLilc/F6pEoGWWTckaG
++XDlj9OCRGpPMXaUSYrM1m72eUS+nrVlC346wfLpg7VdHaky8IjOUl0UBg7gPIy2
+HPefg+XDYoncJxEwOhDBW0+RAkA5U+LoqDdT4+UgiPCbyYWOEj0szT6oGaZ53Xr7
+nYAnTPK81euDAoIBAQDwPXsjnbrHCwKTf6xp1H4Z2O+1kH/LBqRtf3Be+ebietqe
+cMjWv7R68Qu5wNhfUcf/6PKtUbY10vRrs2Qy2Tkb1IzEM818LqxLiCaF+RIvNLFX
+PC+rwWuCBUv0+5LxD7i6XGnqso8mSGDR0IYoVm1aNVNwYEKAF5xh9DLhgSJIHPs6
+FMj8YdU2G7tVsCbCp2SpWfD3jaC4tyFxDWYOuULLnaYWdLwJNIf7OxQ62Xj8+EBy
+vuHwNB5KmOXwE/ca3RVVmgvkA7mqeBUwksSIOROXzucyoKhz6cuYzngGMTWoKdgN
+3ND3MyofiBgFERnzSBbxtpbIYm2ogZlfe/8gv/nRAoIBAHyRuXQuIYcmXZLHZlDt
+ynCQJHrLAn5lz2QPzBcEh5qBwVr1kvEyxJqQ6DMsmCzc+n/rDLkr5Z2oyRdPg77g
+i/HptFqHcijlDgaK4jRcOJDH14TYv7f+Aypdz1eHXW4aY+1igY49vW01cYvtjlmc
+POarn2wvfUshyvfDhJEPBerllx1MIZV5eH/hDazcLlgfNmdr7IpXBhE7pAEcQLot
+AmDzoi+AtJfnJYsqnZiskRB51nbrm6MlhxsenfPGsY7syPuYgBZ8eeNZG0oo6uvr
+a0/FuBlrlm4YF3riLIeaoGUnGcQ+x3vJbNZuVsHyCkcTXnAAB+/1fX6MR8WBOezD
+B9ECggEAR/+XhZ+ex/d+0P6FXaK4eLN1GQ3HFdrngybANHYYTQlSVUCCcht7Sh/D
+grFBWtHdWLA6j36N8Suw5qbmgkNgiLjEuh6I6vmyncbd5gGZBsSRNHTumeFu5i4j
+ZVzwM3THmnFxnrnvEpEHtxQ4gp1KAEasI7g7JtC/qzkkA1dXTNRETSHElTdk5IIu
+45Yvf2L4kN6xQSOoMZqbnugCuCKarZN/Bo51N/5s6g4ZU1cI3JMWNbKinLhucm1t
+zqWexZ6ZskjF/q/7eNGx/OXZUTekHNBzehmvMRePUsIkcdJorUeKsTQJWvwkjMYX
+DFGSv7HnY1VyDVo1ADyAkW85V09XAg==
+-----END PRIVATE KEY-----

data/spec/fixtures/certs/generated/root.crt

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFiDCCA3CgAwIBAgIJAJCh5OjxT2kkMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV
+BAYTAkxTMQswCQYDVQQIDAJOQTETMBEGA1UEBwwKSHR0cCBJbnB1dDERMA8GA1UE
+CgwITG9nc3Rhc2gxDTALBgNVBAMMBHJvb3QwHhcNMjIxMTE4MDYxMDQ2WhcNMjcx
+MTE4MDYxMDQ2WjBRMQswCQYDVQQGEwJMUzELMAkGA1UECAwCTkExEzARBgNVBAcM
+Ckh0dHAgSW5wdXQxETAPBgNVBAoMCExvZ3N0YXNoMQ0wCwYDVQQDDARyb290MIIC
+IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyNxGk4AN6CblKsvbnu8YQquw
+azUbxZQMGyInLrrdN/5hXX/T+DRHAE1GBTIEc5xakRPaezqa+d8CU6qRSE4EiEPE
+6Hcm0C9dXZ6WxC8MQxkwLR79c8T0Es5Pj8OKsOULPfJPv1Sr80iK2+TbAE+EraNy
+jZ2FfYMu2i+VF2G4LDQmljW9xdthBQ+iEYe+T5uQCkKf6np8X/8wu0yG69dM9h0E
+wIYq/aubxqt1obsRapuH/X28C9YlaFZ03sTuwiHarbINpAeIGifGJHzY5OPWzPv3
+vH2mZlWXxD+oXb9VFrHMmdrB94tijFiSLdMXt1JFU3uziUoOfJCqzKk4GAYOA4mI
+IGw7p+cifYrdc4Lx2m8CsR2MRJGC2/MAqgt0/ul4booXHIJXyodgvZGl3FWxVkZN
+bywazIKD7kH4SwyMrWFPxCbmaRMld0ln91O4TUi5YFkSvwT7IBwA7qTa76dWGNb8
+ypk7BREx5kARA55ib2Gj/RisCw92tG6rmnX25+UyAUCBugy5YXmK05Up4XsZmnz7
+UU3yggoBCJwi6exzhmyjUVGZH8FmsbetBuB66aOperTh3OBPG2lXEto0wOXhLv4K
+YpJQNvUTAOOgXJ5ourH7taG9HwJj2ZFDxy4o+N1WRK8hpvb/KzkRhIj08643qsNp
+VHvM+In4y3zXMfSnDuECAwEAAaNjMGEwHQYDVR0OBBYEFMDy+B3+dY4E4JPEv7Pr
+t34Cb2WqMB8GA1UdIwQYMBaAFMDy+B3+dY4E4JPEv7Prt34Cb2WqMA8GA1UdEwEB
+/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQCGGzct
+O+pIfMs90lz82X4IYOhg/D2qkAUcOsCKY95qcI2/XjHy3RfHTlwsw6pXAWtyLRBb
+vV+wSQIxpsNCzw/vRiRP6UEKlQk8kKbIitXSlne0Cmzf55CWXXy4Bh0VGb1i69Dt
+KHxWDKKpyo5rZbU9KdNv3gmoYxnsFOQayBD4qth5R8wjgSSOq1x8yS2siVJ95AV6
+1x+S5EuVdmlpc/tJcOpO8EJ48Z7LL1ah9btYK64VlVhT57PL7/GNsbJeb+tVO+jB
+cAR1hECtZo29FzlRLEMGZAtAjN4U8K2mJd2oSXlt72QtoJOtCQ4Go0ediZo1yQfG
+6snfup70IBO7lRHQ0c3dSYBZgAeLF1XtOP22FkrkMo0IDyl05xNZwWRUTf5I5VUX
+Jv8GDXINjcyEZeeZlE5UjS2ZT2v97U5INfzh0cYDKAEFOEy2ciuZEZVLMuTITe+K
+MVqqvZ3ongcgVDGIn/m/ldO/VOVNTX2JOXQX+ISYx6piDCafJqaEGRj2sPtdQ8dV
+t3MErWGaSmulNM2TdeNUC753DzDVa8jtebblrrBUUf+oiRXN6cEk51tmp27/0x+W
+SECgxZrfjjxF58yJ38Cd3QoH+eNpTc1sESplyhEt5aZnq6AeKzvN+OuWNArGMUEF
+xSZuhCQLdbzR8ZCp+0zVuhRkyz8h8KAjMWChdA==
+-----END CERTIFICATE-----