right_http_connection 1.2.3 → 1.5.1

data/spec/ca/Rakefile

@@ -0,0 +1,64 @@
+#--  -*- mode: ruby; encoding: utf-8 -*-
+# Copyright: Copyright (c) 2011 RightScale, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# 'Software'), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+require 'rubygems'
+require 'rake'
+require 'rake/clean'
+
+file "passphrase.txt" do
+  File.open("passphrase.txt", "w") { |f| f.puts "foobar" }
+end
+
+file "ca.key" => "passphrase.txt" do |t|
+  sh("openssl", "req", "-new", "-x509", "-extensions", "v3_ca",
+     "-keyout", "ca.key", "-out", "ca.crt", "-days", "1825",
+     "-passout", "file:#{t.prerequisites[0]}")
+end
+
+file "ca.crt" => "ca.key"
+
+file "server.key" do |t|
+  sh("openssl", "req", "-new", "-nodes", "-keyout", t.name,
+     "-out", "server.csr", "-days", "365")
+end
+file "server.csr" => "server.key"
+
+directory "demoCA"
+file "demoCA/index.txt" => "demoCA" do
+  sh "touch", "demoCA/index.txt"
+end
+file "demoCA/serial" => "demoCA" do
+  File.open("demoCA/serial", "w") {|f| f.puts "01"}
+end
+
+file "server.crt" => ["server.csr", "ca.key", "passphrase.txt", "demoCA/index.txt", "demoCA/serial"] do |t|
+  sh("openssl", "ca", "-policy", "policy_anything", "-out", t.name,
+     "-outdir", ".",
+     "-cert", "ca.crt", "-keyfile", "ca.key", "-passin", "file:passphrase.txt",
+     "-infiles", "server.csr")
+end
+
+task :default => ["ca.crt", "server.crt", "server.key"] do |t|
+  sh("cp", *(t.prerequisites + [".."]))
+  sh "cp", "ca.crt", "../good.ca"
+end

data/spec/ca/ca.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6TCCA1KgAwIBAgIJAMbnbxA3pDCfMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FudGEgQmFy
+YmFyYTEZMBcGA1UEChMQUmlnaHRTY2FsZSwgSW5jLjEVMBMGA1UECxMMQXp1cmUg
+U3ByaW50MRYwFAYDVQQDEw1BenVyZSB0ZXN0IENBMSQwIgYJKoZIhvcNAQkBFhVn
+cmFoYW1AcmlnaHRzY2FsZS5jb20wHhcNMTEwMjAxMDIzNjU2WhcNMTYwMTMxMDIz
+NjU2WjCBqjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNV
+BAcTDVNhbnRhIEJhcmJhcmExGTAXBgNVBAoTEFJpZ2h0U2NhbGUsIEluYy4xFTAT
+BgNVBAsTDEF6dXJlIFNwcmludDEWMBQGA1UEAxMNQXp1cmUgdGVzdCBDQTEkMCIG
+CSqGSIb3DQEJARYVZ3JhaGFtQHJpZ2h0c2NhbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDha7yTsOMojuy/4RvZqPlPNxQj2AAhEIFONvMcSTXBwlND
+xtOXHzF963LxBrxqOXnCMvfSBnzsfywS6k8dGwBpxoiG420QK6SZ0X3DEwzBXVX7
+jnxQICtMzFO/h/AYhuNbzeAPwzrnRKNhqJGLuKOKga7Z6+ZyyXtKIf2+apjO+wID
+AQABo4IBEzCCAQ8wHQYDVR0OBBYEFL4IVWcPJhd11ajwbIT2va3O5XhpMIHfBgNV
+HSMEgdcwgdSAFL4IVWcPJhd11ajwbIT2va3O5XhpoYGwpIGtMIGqMQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FudGEgQmFyYmFy
+YTEZMBcGA1UEChMQUmlnaHRTY2FsZSwgSW5jLjEVMBMGA1UECxMMQXp1cmUgU3By
+aW50MRYwFAYDVQQDEw1BenVyZSB0ZXN0IENBMSQwIgYJKoZIhvcNAQkBFhVncmFo
+YW1AcmlnaHRzY2FsZS5jb22CCQDG528QN6QwnzAMBgNVHRMEBTADAQH/MA0GCSqG
+SIb3DQEBBQUAA4GBADbJoPLdHiwR3RQ9mrKUgxdCv14BLvg1UAP6QhU1Y8TIUxAp
+HljbEHYk/B9PoG9GsdxTlnFu7LJVOZB7c+aFOaMyRR4TUUwPm/AGMMFnZMbnecqD
+Y9JV2y0mn10i6er9Lz19CGi9TlOUuNdYKLT9cTCaqaVFPvXk44sNb3/5mrpi
+-----END CERTIFICATE-----

data/spec/ca/ca.key

@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,269408AD40EA6D81
+
+u6a+jexScTHmtbYnNUSvhxJgpXVN9e/ctKYKBm27qlFraLz+Vnkj0fMW8yHzY+We
+8517Kl82vytZhTjnU6Elw6RpfgJzs0TnP5OhvLBsmNEXpHymNCcGt7p8jJopHEaa
+8IT87WqKqryyEjbkEFqCb0QfwLBd9PVT+lQeEcPAHlMkC8lwkjVCAsvJaZ3GsURJ
+Tb5xHOYj0jccm/xrg82e/25emMqTGCBKwb7cTyyKxmL8ezi1vA9jJcf9M7KgNgUA
+FGo7mrCK9niHfOLULD8f3WN+2DHoTwIDXseNWS/giSePQZZupVmWEUtDkt2x9qCb
+nJat/ESncAU1BrqXiYTpdtgao/TXcpt+7w/DMLHbOxus7p9sqZnAcXc/0Y+ZsYF1
+rq0spVpgJfDU6sP0ay61rOf7YnTko0oewiF0/c+dB42XErkM88wupNHJfr+M2Cfg
+w8BQeCx1l14W2haWlTgstBhfGWod76CT7Ng7/927L7P3pJ5ebS7qWRMskJGFMCFV
+9rd7OjGiYEqB365YI0VUiZPkXE9bXxRyfnU6K7hVtR3kY+TYADEgcaDE+6W1bgOc
+jwEeObdDqRbAR/YD/3myhvRF9k7C/fQ5PqOC3dlQZTXQCAJYCt9aNXkxBnMmh1WS
+GDDUpF9s6lSoUFm+yic4RXNX9Jj5npUKZR1TBqZfHQjzRLxEKxQo6VESa5QEWkM0
+C2Rsmxs/3dXXTJTOrP9rzWhQmxdCz7n4efHEHuMuVXvRtEAFjMrKfcH1t5fFQ8fA
+sBrulv26/ygJFwZrSfq7ILW/AcYFEMmQflLGoVJ8aiSl4oBwIS7FvA==
+-----END RSA PRIVATE KEY-----

data/spec/ca/demoCA/index.txt

@@ -0,0 +1 @@
+V	120201024841Z		01	unknown	/C=US/ST=California/L=Santa Barbara/O=RightScale, Inc./OU=Azure Sprint/CN=127.0.0.1

data/spec/ca/demoCA/serial

@@ -0,0 +1 @@
+02

data/spec/ca/passphrase.txt

@@ -0,0 +1 @@
+foobar

data/spec/ca/server.csr

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBwTCCASoCAQAwgYAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MRYwFAYDVQQHEw1TYW50YSBCYXJiYXJhMRkwFwYDVQQKExBSaWdodFNjYWxlLCBJ
+bmMuMRUwEwYDVQQLEwxBenVyZSBTcHJpbnQxEjAQBgNVBAMTCTEyNy4wLjAuMTCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvgzuf4/JyaNK3VC7eijUk0uCtJ6H
+WInYzgrpX/Xxmf0Po6nZ6RlY4YiPL9YtqaPLXuT+GDkDDsOMAZDBFsPbiiiZM4QT
+qW8e1hiM8xg6w/wrf/ofBakjTsik3Oa0kIWCs1cymLsEZJMJsoH9CpoDGUvA47AB
+QVkSq00F6IAF0r8CAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBADiV9fCKFAiA9k98
+cgHpVKpLpSGkGXndwyOZO+E0H7rwTtNwW3DM0CKN7z0EpbE4YBtSF+3qOFV2zWJF
+N3dWd2bJWDwfLybtHXWIADKmUXjkoGJfGNoh+APMqNtRLudAXIoDkiJRmBgFizTV
+mA9goBMk2IGpUmMVl778iGD6rBQh
+-----END CERTIFICATE REQUEST-----

data/spec/client/cacert.pem

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAa6gAwIBAgIJAJYV+DprCQ1CMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
+BAMTCE15VGVzdENBMB4XDTExMDkxMzIyNTMxMVoXDTEyMDkxMjIyNTMxMVowEzER
+MA8GA1UEAxMITXlUZXN0Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCwmvBNrd7t/Z7ZVo1YfimpGgerOn1vXZY+OGJtqo+pN11Ei7dhVQfWBd2dAkYH
+B8NlPr5QyxmIT88JIRKEzk7ZZ+nRdfyoocg63FeLn+b6OeR5hwyK38aMRbhqY1Gq
+aIKMYyEpv0YNbuwoomv5Atl8mwvuUFr2XKndyzsrP1TrTCHH4lA5P0UUzIjVyyz9
+F4YAjGLjjoVO5R02LmZ/h/LqT6bJQ+cu/2JeIWGVnjKoFvyWHd0TOaOGDHlQc5h8
+RxgdOFrjsZGpQ5sKlhcI+9p0LOXqVfoC2J2ZWtAjFo0d54E/OarnBPFB6VNtoSmj
+l0z+OLGMKuDGaLflXNE0STVdAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0P
+BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAAbVkvPzS59uhX6Ox1ZT92cJXW8yjP
+IyXrZjcWlaKQSKcn8v5RpebtVA+pL6mCActBE8fMac5ixlwTTnF5LHb9v80XuXMe
+MXooQZBliyim5lVCp9gjKZYXEeVDphsuwDr5M4qO7tdZTB1ezCULObVF1N7qMwpO
+yWI6zifRtLsgWmnRyaeVyv2uNRYoAEsAd2Dj4oJjvuyc9U5QUhtsXwD3jvSPsdi6
+Mbr5tVIcZSpT4W9PSiZw2ZUZXIEbxX+w+FsuehhvoFJCi05R1ashCPxQA13bOJK0
+BmbHqeLDzJCK0+kQs8CRIGWGTGng84AyJ5MygGzd0WN9jtZslWTPDtbz
+-----END CERTIFICATE-----

data/spec/client/cert.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9TCCAd2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhNeVRl
+c3RDQTAeFw0xMTA5MTMyMzAxMDVaFw0xMjA5MTIyMzAxMDVaMDgxJTAjBgNVBAMM
+HE1haGVuZHJhLUt1dGFyZXMtTWFjQm9vay1Qcm8xDzANBgNVBAoMBmNsaWVudDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcEhrVTKKgWVqTUBCGBWJlD
+u7RIk7kPcGAARy7Ctx+4VReEYlgVRqECzt4itglNdrQkUVCHXE0rwJMOozE8Hsgh
+rAOQvxzPJhG3hPUJf/VkfB+Dn0xRsPvrE90HpRlSqdT8X6iuryPEmp5RyMaY122P
+r/+Xs+lHhRlKQPdRpYXHlOwWX/U56Wy7jjGU9lONBEIEV8tD5ExzkCG23nbCvrFr
+/2c4VjrAwXR2RyYfSDRyc/obky49ydKZ8/HKbS3VdJYAWBI4Wnj2hayCcZggEFB0
+zg/IDXpOjnr6zV5UEfdaMIH4/K44ISX7xmZWGmQ3464NTmykj5xUMmfy3rVNREsC
+AwEAAaMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB
+BQUHAwIwDQYJKoZIhvcNAQEFBQADggEBACmNyOoCvNsz8N3LN47VZK7aev54tjtd
+zJilLgAxEGBeaIvHX9LDkgi3sQAvHMHc3VIq4BoEd9TNtyxIrUdc2EG1TCJvHINP
+7YoHtbajvT3bhVLlnWjB7jHp9jNfZtHL7aEDp+5eqPT6wzaVeiu1nABs7gudCQq1
+CJw0Mfz1U3mG0sTb5JlRt7toce9dW0R6jfYTmTj6Yzu3kcgYjQKy2k2BCInLOIhz
+6tyOH51mCGAy1zgcWMvuyKYCeJQxRd46GrR2peyE2wYY6SfSlrK16pjaz48S3uhI
+01jd+HA1LARcImMhkMa/QFTo4uI7lx9Q+Y06Ny+rMuTNSnBSIgCUPQk=
+-----END CERTIFICATE-----

data/spec/client/key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAxwSGtVMoqBZWpNQEIYFYmUO7tEiTuQ9wYABHLsK3H7hVF4Ri
+WBVGoQLO3iK2CU12tCRRUIdcTSvAkw6jMTweyCGsA5C/HM8mEbeE9Ql/9WR8H4Of
+TFGw++sT3QelGVKp1PxfqK6vI8SanlHIxpjXbY+v/5ez6UeFGUpA91GlhceU7BZf
+9TnpbLuOMZT2U40EQgRXy0PkTHOQIbbedsK+sWv/ZzhWOsDBdHZHJh9INHJz+huT
+Lj3J0pnz8cptLdV0lgBYEjhaePaFrIJxmCAQUHTOD8gNek6OevrNXlQR91owgfj8
+rjghJfvGZlYaZDfjrg1ObKSPnFQyZ/LetU1ESwIDAQABAoIBAB23pU3KHxYKT+HI
+7tz57XrlTE/9TmGh1ovfPsHSvXl1Eu+yCuVQN/2u56jv0fLNqF351lKKA9RaJiVP
+WDrv2UDVFlRp9r+chvi6SJY2Vu8TlB04kD7bK+xSC+NDUvnXCBkPnlEX1HsozlW5
+rJtLE0/+1q75vhmlXlCKb+z+OhMhmFnaWTf/xLNbkItO5tOf+mv/CoqBUSEk+i9t
+O6Zjzh02jbpW7xH3jJ/UexKMYOuqxoOMfC/MI6q3Qcu2OeZgl8cEIi94sjafq9ob
+WcFTrZY+YG5b1SE8ILg69Fkqve5d2Mn1sN8mYZxLeM0C/ATNghM5uSWhdze06bNu
+fpcgvOECgYEA/L+J/xVgUySUByELEBosY8q0HYG5Msq+GT7L5GMIoEmEp4j6MPRu
+kF/DihxefcvDyVRLhJh7o/kwR7Vwe4wP9145e3MOe9b7IH6pEwV0nAsBO6ldVToX
+gvrHOIoySNt/XtRurrbtZ08OtUDCLIRQATTnY9ieh8sxTyl1G9GehoMCgYEAyZQE
+r4ByBzXjTiuaODH6tPndbKFxRo2iis9CyxqYXAMDkjvF4NEpQyW5ucRxpRqTt51P
+kR13jdadnOF4t82M0qqEH3G6H4biKisY1jXRNH7mPSbyPbC4vxrQhnAEF3RiqbXz
+f2LUC4uOtLzW7HeyjEiZy2mg7UKdOfsmmJ//oJkCgYEAxZF/8GqoQjW8lJoKyMp8
+2oDQLKSDvSVoVdmVjfCwBIOTc1aKpAveBXMmKealIlZOtCj1Yy/CrlmSmOtGgvzo
+WihIbKxyrPFOmocH6PuBvJyJmTZ5464mRNd9NUApsHQL63fJET+i8feFer+lSSEg
+XOEa4xyoR2PZJpU0mstPzLsCgYBvcS3F+TURV3F7Xg+80aTROPJ5hCej4dni9ALx
+Vpq1A9WNmw4i5H/zZ3/ue/R4WuEfuhCrIade+y/X869RrooUTcENwUos891Fgt4Q
+T2CBrUaMuGNkR7dbr+9o47TfYrDJMpaT7odceqNCuMP5p5NGizy7gII/qXxS+c60
+woAIwQKBgQCiIfXZtAgYTPL23CQrxIMFwnlO0TiOe0ha0et7hjCh/CStG7NET7KK
+U1L1kfyl1YDgoJbLXTsG2WwGZRnK1oyEEFj2iY5EvwoMPr0Sv8/CiOIyEfC62s3V
+MoHemunnFhAj+JAy2HTKV0VYiNNNAxz3CBG8yMLK7YAMgPw1/HQQLQ==
+-----END RSA PRIVATE KEY-----

data/spec/good.ca

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6TCCA1KgAwIBAgIJAMbnbxA3pDCfMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FudGEgQmFy
+YmFyYTEZMBcGA1UEChMQUmlnaHRTY2FsZSwgSW5jLjEVMBMGA1UECxMMQXp1cmUg
+U3ByaW50MRYwFAYDVQQDEw1BenVyZSB0ZXN0IENBMSQwIgYJKoZIhvcNAQkBFhVn
+cmFoYW1AcmlnaHRzY2FsZS5jb20wHhcNMTEwMjAxMDIzNjU2WhcNMTYwMTMxMDIz
+NjU2WjCBqjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNV
+BAcTDVNhbnRhIEJhcmJhcmExGTAXBgNVBAoTEFJpZ2h0U2NhbGUsIEluYy4xFTAT
+BgNVBAsTDEF6dXJlIFNwcmludDEWMBQGA1UEAxMNQXp1cmUgdGVzdCBDQTEkMCIG
+CSqGSIb3DQEJARYVZ3JhaGFtQHJpZ2h0c2NhbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDha7yTsOMojuy/4RvZqPlPNxQj2AAhEIFONvMcSTXBwlND
+xtOXHzF963LxBrxqOXnCMvfSBnzsfywS6k8dGwBpxoiG420QK6SZ0X3DEwzBXVX7
+jnxQICtMzFO/h/AYhuNbzeAPwzrnRKNhqJGLuKOKga7Z6+ZyyXtKIf2+apjO+wID
+AQABo4IBEzCCAQ8wHQYDVR0OBBYEFL4IVWcPJhd11ajwbIT2va3O5XhpMIHfBgNV
+HSMEgdcwgdSAFL4IVWcPJhd11ajwbIT2va3O5XhpoYGwpIGtMIGqMQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FudGEgQmFyYmFy
+YTEZMBcGA1UEChMQUmlnaHRTY2FsZSwgSW5jLjEVMBMGA1UECxMMQXp1cmUgU3By
+aW50MRYwFAYDVQQDEw1BenVyZSB0ZXN0IENBMSQwIgYJKoZIhvcNAQkBFhVncmFo
+YW1AcmlnaHRzY2FsZS5jb22CCQDG528QN6QwnzAMBgNVHRMEBTADAQH/MA0GCSqG
+SIb3DQEBBQUAA4GBADbJoPLdHiwR3RQ9mrKUgxdCv14BLvg1UAP6QhU1Y8TIUxAp
+HljbEHYk/B9PoG9GsdxTlnFu7LJVOZB7c+aFOaMyRR4TUUwPm/AGMMFnZMbnecqD
+Y9JV2y0mn10i6er9Lz19CGi9TlOUuNdYKLT9cTCaqaVFPvXk44sNb3/5mrpi
+-----END CERTIFICATE-----

data/spec/proxy_server.rb

@@ -0,0 +1,75 @@
+#--  -*- mode: ruby; encoding: utf-8 -*-
+# Copyright: Copyright (c) 2011 RightScale, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# 'Software'), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+require 'rubygems'
+require 'bundler/setup'
+require 'trollop'
+require 'webrick/httpproxy'
+require 'webrick/httpauth'
+require 'cgi'
+
+# Patch broken WEBrick escape
+module WEBrick::HTMLUtils
+  def escape(string)
+    CGI.escapeHTML(string.to_s)
+  end
+  module_function :escape
+end
+
+opts = Trollop::options do
+  version "proxy_server 0.1 (c) 2011 RightScale, Inc."
+  banner <<-EOS
+Run a very simple proxy server for debugging.
+
+Usage:
+    proxy_server [options]
+where [options] are:
+EOS
+  opt :username, "Username to use for authentication", :type => :string
+  opt :password, "Password to use for authentication", :type => :string
+  opt :port, "Port to use", :default => 9090
+  opt :disable_connect, "Whether to disable using CONNECT through the proxy"
+end
+
+logger = WEBrick::Log.new($stderr, WEBrick::Log::WARN)
+config = {}
+config[:Port] = opts[:port]
+config[:Logger] = logger
+config[:AccessLog] = [[$stdout, WEBrick::AccessLog::COMBINED_LOG_FORMAT]]
+config[:ProxyAuthProc] = Proc.new do |req, res|
+  if opts[:disable_connect] && req.request_method == "CONNECT"
+    raise WEBrick::HTTPStatus::Forbidden
+  end
+
+  unless opts[:username].nil? || opts[:password].nil?
+    WEBrick::HTTPAuth.proxy_basic_auth(req, res, "Test realm") {|user, pass|
+      user == opts[:username] && pass == opts[:password]
+    }
+  end
+end
+$stdout.sync = true
+server = WEBrick::HTTPProxyServer.new(config)
+['INT', 'TERM'].each {|signal|
+  trap(signal) { server.shutdown }
+}
+server.start

data/spec/really_dumb_webserver.rb

@@ -0,0 +1,122 @@
+#--  -*- mode: ruby; encoding: utf-8 -*-
+# Copyright: Copyright (c) 2011 RightScale, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# 'Software'), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+require 'webrick'
+
+ssl_cert, ssl_key, ca_cert = ARGV[0], ARGV[1], ARGV[2]
+
+# Monkey patch bad User-Agent parsing
+module WEBrick::AccessLog
+  module_function
+
+  def format(format_string, params)
+    format_string.gsub(/\%(?:\{(.*?)\})?>?([a-zA-Z%])/){
+      param, spec = $1, $2
+      case spec[0]
+      when ?e, ?i, ?n, ?o
+        raise AccessLogError,
+        "parameter is required for \"#{spec}\"" unless param
+        if params[spec][param]
+          escape(params[spec][param])
+        else
+          "-"
+        end
+      when ?t
+        params[spec].strftime(param || CLF_TIME_FORMAT)
+      when ?%
+        "%"
+      else
+        escape(params[spec].to_s)
+      end
+    }
+  end
+end
+
+logger = WEBrick::Log.new($stderr, WEBrick::Log::WARN)#WEBrick::Log::DEBUG
+config = {}
+config[:Port] = 7890
+config[:Logger] = logger
+config[:AccessLog] = [[$stdout, WEBrick::AccessLog::COMBINED_LOG_FORMAT]]
+unless ssl_cert.nil? || ssl_key.nil?
+  require 'webrick/https'
+  config[:SSLEnable] = true
+  # http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html#
+  # SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+  # => Server mode: if the client did not return a certificate, the TLS/SSL handshake is immediately terminated with a 'handshake failure' alert.
+  # => This flag must be used together with SSL_VERIFY_PEER.
+  config[:SSLVerifyClient] = OpenSSL::SSL::VERIFY_PEER
+  config[:SSLVerifyClient] |= OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT if ca_cert
+  config[:SSLPrivateKey] = OpenSSL::PKey::RSA.new(File.open(ssl_key).read)
+  config[:SSLCertificate] = OpenSSL::X509::Certificate.new(File.open(ssl_cert).read)
+  # KHRVI: option config[:SSLCertName] does make sense only when config[:SSLCertificate] isn't specified
+  # see: webrick/ssl.rb method :setup_ssl_context
+  # config[:SSLCertName] = [["CN", "Graham Hughes"]]
+  config[:SSLVerifyDepth] = 9
+  config[:SSLCACertificateFile] = ca_cert if ca_cert
+end
+$stdout.sync = true
+server = WEBrick::HTTPServer.new(config)
+
+server.mount_proc('/good') {|req, resp|
+  resp.status = 200
+  resp['Content-Type'] = "text/plain"
+  resp.body = "good"
+}
+intermittent_times = 0
+server.mount_proc('/intermittent-hang') {|req, resp|
+  intermittent_times += 1
+  if intermittent_times % 2 == 1
+    sleep 5
+    resp.status = 403
+    resp['Content-Type'] = "text/plain"
+    resp.body = "bad"
+  else
+    resp.status = 200
+    resp['Content-Type'] = "text/plain"
+    resp.body = "good"
+  end
+}
+server.mount_proc('/hang') {|req, resp|
+  sleep 5
+  resp.status = 200
+  resp['Content-Type'] = "text/plain"
+  resp.body = "good"
+}
+server.mount_proc('/ugly') {|req, resp|
+  resp.status = 404
+  resp['Content-Type'] = "text/plain"
+  resp.body = "ugly"
+}
+server.mount_proc('/filename') {|req, resp|
+  resp.status = 200
+  resp['ETag'] = File.stat('filename').mtime
+  resp['Content-Type'] = "text/plain"
+  resp.body = File.open("filename").read
+}
+
+# trap signals to invoke shutdown cleanly
+['INT', 'TERM'].each { |signal|
+  trap(signal) { server.shutdown }
+}
+
+server.start

data/spec/server.crt

@@ -0,0 +1,62 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=California, L=Santa Barbara, O=RightScale, Inc., OU=Azure Sprint, CN=Azure test CA/emailAddress=graham@rightscale.com
+        Validity
+            Not Before: Feb  1 02:48:41 2011 GMT
+            Not After : Feb  1 02:48:41 2012 GMT
+        Subject: C=US, ST=California, L=Santa Barbara, O=RightScale, Inc., OU=Azure Sprint, CN=127.0.0.1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:be:0c:ee:7f:8f:c9:c9:a3:4a:dd:50:bb:7a:28:
+                    d4:93:4b:82:b4:9e:87:58:89:d8:ce:0a:e9:5f:f5:
+                    f1:99:fd:0f:a3:a9:d9:e9:19:58:e1:88:8f:2f:d6:
+                    2d:a9:a3:cb:5e:e4:fe:18:39:03:0e:c3:8c:01:90:
+                    c1:16:c3:db:8a:28:99:33:84:13:a9:6f:1e:d6:18:
+                    8c:f3:18:3a:c3:fc:2b:7f:fa:1f:05:a9:23:4e:c8:
+                    a4:dc:e6:b4:90:85:82:b3:57:32:98:bb:04:64:93:
+                    09:b2:81:fd:0a:9a:03:19:4b:c0:e3:b0:01:41:59:
+                    12:ab:4d:05:e8:80:05:d2:bf
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                53:2D:31:08:5D:F7:AC:1F:0B:05:68:9D:02:16:EE:A8:95:58:B3:B7
+            X509v3 Authority Key Identifier: 
+                keyid:BE:08:55:67:0F:26:17:75:D5:A8:F0:6C:84:F6:BD:AD:CE:E5:78:69
+
+    Signature Algorithm: sha1WithRSAEncryption
+        24:7e:c8:da:b9:bb:f8:ab:49:cb:cc:58:39:51:eb:e4:70:0f:
+        1c:18:19:f3:91:54:9e:7a:9f:9b:9b:02:e2:83:81:6f:0b:c6:
+        d6:15:e7:22:f3:0b:72:01:fa:d2:1a:f9:17:57:15:aa:fb:f6:
+        1f:d2:9d:ef:45:23:58:66:38:c1:ad:f0:c9:9e:c0:d7:7c:17:
+        f1:1e:f9:6b:bd:52:48:8b:ac:80:89:41:35:10:d4:a1:c8:68:
+        6e:87:e7:18:45:31:ff:35:a7:57:07:c1:aa:54:75:b2:78:f2:
+        3d:7d:33:38:7f:71:4a:4f:ee:ed:d8:ca:cb:f3:8e:01:41:44:
+        2a:3f
+-----BEGIN CERTIFICATE-----
+MIIDHTCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADCBqjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbnRhIEJhcmJhcmExGTAX
+BgNVBAoTEFJpZ2h0U2NhbGUsIEluYy4xFTATBgNVBAsTDEF6dXJlIFNwcmludDEW
+MBQGA1UEAxMNQXp1cmUgdGVzdCBDQTEkMCIGCSqGSIb3DQEJARYVZ3JhaGFtQHJp
+Z2h0c2NhbGUuY29tMB4XDTExMDIwMTAyNDg0MVoXDTEyMDIwMTAyNDg0MVowgYAx
+CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW50
+YSBCYXJiYXJhMRkwFwYDVQQKExBSaWdodFNjYWxlLCBJbmMuMRUwEwYDVQQLEwxB
+enVyZSBTcHJpbnQxEjAQBgNVBAMTCTEyNy4wLjAuMTCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAvgzuf4/JyaNK3VC7eijUk0uCtJ6HWInYzgrpX/Xxmf0Po6nZ
+6RlY4YiPL9YtqaPLXuT+GDkDDsOMAZDBFsPbiiiZM4QTqW8e1hiM8xg6w/wrf/of
+BakjTsik3Oa0kIWCs1cymLsEZJMJsoH9CpoDGUvA47ABQVkSq00F6IAF0r8CAwEA
+AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
+ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFFMtMQhd96wfCwVonQIW7qiVWLO3MB8G
+A1UdIwQYMBaAFL4IVWcPJhd11ajwbIT2va3O5XhpMA0GCSqGSIb3DQEBBQUAA4GB
+ACR+yNq5u/irScvMWDlR6+RwDxwYGfORVJ56n5ubAuKDgW8LxtYV5yLzC3IB+tIa
++RdXFar79h/Sne9FI1hmOMGt8MmewNd8F/Ee+Wu9UkiLrICJQTUQ1KHIaG6H5xhF
+Mf81p1cHwapUdbJ48j19Mzh/cUpP7u3YysvzjgFBRCo/
+-----END CERTIFICATE-----