signet 0.6.1 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 54a525db784c45a39a547b947ad806222183aafa
-  data.tar.gz: f2e9672239bacebf70d02803f0a072234095ea96
+  metadata.gz: 2417aa777b962d91485c42ae04270934ee8e7f90
+  data.tar.gz: 4e4ae9a6cfa21caeb92f4e15d5efb97016fe1e6d
 SHA512:
-  metadata.gz: f32cda6094a605750a1b1743e0cb1cca838e2d452ddf62d06601321cd0f8fed9910d29966beb1b9208401cb46e7be4e7ce22de8eb80e58ed6d95bc8e96e40821
-  data.tar.gz: f6fb4fdf4853079697938fbf6319c91b4b6d0327551ab68f00260c22070ee6efcdbba0c4d620d6b76ebfb1382d36269e327a54a763952e5ac57a848398387f49
+  metadata.gz: 04a82c96199451572d5a59a3294f05ea728d71a7b4f67ed6116c135c64597ce79545dfa0f356074c443df238dd503fc2953f3ecb571fad3c37bc1fc619f0bdf3
+  data.tar.gz: 210adf33a7fb46b8dd76f1e65e743d67c49cea0b4c44c0b58645b74c84e8f2303ca29936ab3cf421b9f0050abefdaf33f10d90903e0da9e8747ed2ef9880a51b

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+# 0.7
+* No longer overwrite SSL environment variables.
+* Tighten up date & URL (de)serialization for OAuth2 client
+* Allow Hurley as a connection
+* Add expires_within(sec) method to oauth2 client to facilitate proactive
+  refreshes
+
 # 0.6.1
 * Fix language warnings for unused & shadowed variables ((@blowmage)[])
 * Update SSL cert path for OSX ((@gambaroff)[])

data/Gemfile

@@ -3,3 +3,4 @@ source 'https://rubygems.org'
 gemspec
 
 gem 'jruby-openssl', :platforms => :jruby
+gem 'hurley'

data/README.md

@@ -25,26 +25,30 @@ Signet is an OAuth 1.0 / OAuth 2.0 implementation.
 
 ## Example Usage for Google
 
+# Initialize the client
+
 ``` ruby
-require 'signet/oauth_1/client'
-client = Signet::OAuth1::Client.new(
-  :temporary_credential_uri =>
-    'https://www.google.com/accounts/OAuthGetRequestToken',
-  :authorization_uri =>
-    'https://www.google.com/accounts/OAuthAuthorizeToken',
-  :token_credential_uri =>
-    'https://www.google.com/accounts/OAuthGetAccessToken',
-  :client_credential_key => 'anonymous',
-  :client_credential_secret => 'anonymous'
-)
-client.fetch_temporary_credential!(:additional_parameters => {
-  :scope => 'https://mail.google.com/mail/feed/atom'
-})
-# Send the user to client.authorization_uri, obtain verifier
-client.fetch_token_credential!(:verifier => '12345')
-response = client.fetch_protected_resource(
-  :uri => 'https://mail.google.com/mail/feed/atom'
+require 'signet/oauth_2/client'
+client = Signet::OAuth2::Client.new(
+  :authorization_uri => 'https://accounts.google.com/o/oauth2/auth',
+  :token_credential_uri =>  'https://www.googleapis.com/oauth2/v3/token',
+  :client_id => '44410190108-74nkm6jc5e3vvjqis803frkvmu88cu3a.apps.googleusercontent.com',
+  :client_secret => 'X1NUhvO-rQr9sm8uUSMY8i7v',
+  :scope => 'email profile',
+  :redirect_uri => 'https://example.client.com/oauth'
 )
+
+# Request an authorization code
+
+```
+redirect_to(client.authorization_uri)
+```
+
+# Obtain an access token
+
+```
+client.code = request.query['code']
+client.fetch_access_token!
 ```
 
 ## Install

data/lib/signet/oauth_1.rb

@@ -7,8 +7,6 @@ rescue LoadError
   require 'compat/securerandom'
 end
 
-require 'signet/ssl_config'
-
 module Signet #:nodoc:
   module OAuth1
     OUT_OF_BAND = 'oob'

data/lib/signet/oauth_2.rb

@@ -16,7 +16,6 @@ require 'base64'
 require 'signet'
 require 'multi_json'
 require 'compat/multi_json'
-require 'signet/ssl_config'
 
 module Signet #:nodoc:
   ##

data/lib/signet/oauth_2/client.rb

@@ -13,19 +13,19 @@
 #    limitations under the License.
 
 require 'faraday'
-#require 'faraday/utils'
-
 require 'stringio'
 require 'addressable/uri'
 require 'signet'
 require 'signet/errors'
 require 'signet/oauth_2'
-
 require 'jwt'
 
 module Signet
   module OAuth2
     class Client
+
+      OOB_MODES = %w(urn:ietf:wg:oauth:2.0:oob:auto urn:ietf:wg:oauth:2.0:oob oob)
+
       ##
       # Creates an OAuth 2.0 client.
       #
@@ -90,20 +90,19 @@ module Signet
       # @see Signet::OAuth2::Client#update!
       def initialize(options={})
         @authorization_uri    = nil
+        @token_credential_uri = nil
         @client_id            = nil
         @client_secret        = nil
         @code                 = nil
         @expires_at           = nil
         @expires_in           = nil
         @issued_at            = nil
-        @issued_at            = nil
         @issuer               = nil
         @password             = nil
         @principal            = nil
         @redirect_uri         = nil
         @scope                = nil
         @state                = nil
-        @token_credential_uri = nil
         @username             = nil
         self.update!(options)
       end
@@ -571,10 +570,10 @@ module Signet
       # Sets the number of seconds assertions are valid for
       # Used only by the assertion grant type.
       #
-      # @param [String] new_expiry
+      # @param [Fixnum, String] new_expiry
       #   Assertion expiry, in seconds
       def expiry=(new_expiry)
-        @expiry = new_expiry
+        @expiry = new_expiry ? new_expiry.to_i : nil
       end
 
 
@@ -723,7 +722,7 @@ module Signet
       ##
       # Returns the lifetime of the access token in seconds.
       #
-      # @return [Integer] The access token lifetime.
+      # @return [Fixnum] The access token lifetime.
       def expires_in
         return @expires_in
       end
@@ -732,21 +731,21 @@ module Signet
       # Sets the lifetime of the access token in seconds.  Resets the issued
       # timestamp.
       #
-      # @param [String] new_expires_in
+      # @param [String, Fixnum] new_expires_in
       #   The access token lifetime.
       def expires_in=(new_expires_in)
         if new_expires_in != nil
           @expires_in = new_expires_in.to_i
           @issued_at = Time.now
         else
-          @expires_in, @issued_at = nil, nil
+          @expires_in, @issued_at, @expires_at = nil, nil, nil
         end
       end
 
       ##
       # Returns the timestamp the access token was issued at.
       #
-      # @return [Integer] The access token issuance time.
+      # @return [Time] The access token issuance time.
       def issued_at
         return @issued_at
       end
@@ -754,16 +753,16 @@ module Signet
       ##
       # Sets the timestamp the access token was issued at.
       #
-      # @param [String] new_issued_at
+      # @param [String,Fixnum,Time] new_issued_at
       #    The access token issuance time.
       def issued_at=(new_issued_at)
-        @issued_at = new_issued_at
+        @issued_at = normalize_timestamp(new_issued_at)
       end
 
       ##
       # Returns the timestamp the access token will expire at.
       #
-      # @return [Integer] The access token lifetime.
+      # @return [Time] The access token lifetime.
       def expires_at
         if @expires_at
           @expires_at
@@ -777,8 +776,10 @@ module Signet
       ##
       # Limits the lifetime of the access token as number of seconds since
       # the Epoch
+      # @param [String,Fixnum,Time] new_expires_at
+      #    The access token issuance time.
       def expires_at=(new_expires_at)
-        @expires_at = Time.at new_expires_at
+        @expires_at = normalize_timestamp(new_expires_at)
       end
 
       ##
@@ -790,6 +791,18 @@ module Signet
         return self.expires_at != nil && Time.now >= self.expires_at
       end
 
+      ##
+      # Returns true if the access token has expired or expires within
+      # the next n seconds
+      #
+      # @param [Fixnum] sec
+      #  Max number of seconds from now where a token is still considered
+      #  expired.
+      # @return [TrueClass, FalseClass]
+      #   The expiration state of the access token.
+      def expires_within?(sec)
+        return self.expires_at != nil && Time.now >= (self.expires_at - sec)
+      end
 
       ##
       # Removes all credentials from the client.
@@ -869,20 +882,21 @@ module Signet
       # @return [String] A serialized JSON representation of the client.
       def to_json
         return MultiJson.dump({
-          'authorization_uri' => self.authorization_uri,
-          'token_credential_uri' => self.token_credential_uri,
+          'authorization_uri' => self.authorization_uri ? self.authorization_uri.to_s : nil,
+          'token_credential_uri' => self.token_credential_uri ? self.token_credential_uri.to_s : nil,
           'client_id' => self.client_id,
           'client_secret' => self.client_secret,
           'scope' => self.scope,
           'state' => self.state,
           'code' => self.code,
-          'redirect_uri' => self.redirect_uri,
+          'redirect_uri' => self.redirect_uri ? self.redirect_uri.to_s : nil,
           'username' => self.username,
           'password' => self.password,
           'issuer' => self.issuer,
           'audience' => self.audience,
           'person' => self.person,
           'expiry' => self.expiry,
+          'expires_at' => self.expires_at ? self.expires_at.to_i : nil,
           'signing_key' => self.signing_key,
           'refresh_token' => self.refresh_token,
           'access_token' => self.access_token,
@@ -899,16 +913,11 @@ module Signet
       #   - <code>:code</code> -
       #     The authorization code.
       #
+      # @private
       # @return [Array] The request object.
       def generate_access_token_request(options={})
         options = deep_hash_normalize(options)
 
-        if self.token_credential_uri == nil
-          raise ArgumentError, 'Missing token endpoint URI.'
-        end
-
-        options[:connection] ||= Faraday.default_connection
-        method = 'POST'
         parameters = {"grant_type" => self.grant_type}
         case self.grant_type
         when 'authorization_code'
@@ -931,48 +940,53 @@ module Signet
         end
         parameters['client_id'] = self.client_id unless self.client_id.nil?
         parameters['client_secret'] = self.client_secret unless self.client_secret.nil?
-        headers = [
-          ['Cache-Control', 'no-store'],
-          ['Content-Type', 'application/x-www-form-urlencoded']
-        ]
-        parameters.merge!(self.additional_parameters.merge(options[:additional_parameters] || {}))
-        return options[:connection].build_request(
-          method.to_s.downcase.to_sym
-        ) do |req|
-          req.url(Addressable::URI.parse(
-            self.token_credential_uri
-          ).normalize.to_s)
-          req.headers = Faraday::Utils::Headers.new(headers)
-          req.body = Addressable::URI.form_encode(parameters)
-        end
+        parameters['scope'] = options[:scope] if options[:scope]
+        additional = self.additional_parameters.merge(options[:additional_parameters] || {})
+        additional.each { |k, v| parameters[k.to_s] = v }
+        parameters
       end
 
       def fetch_access_token(options={})
+        if self.token_credential_uri == nil
+          raise ArgumentError, 'Missing token endpoint URI.'
+        end
+
         options = deep_hash_normalize(options)
 
-        options[:connection] ||= Faraday.default_connection
-        request = self.generate_access_token_request(options)
-        request_env = request.to_env(options[:connection])
-        request_env[:request] ||= request
-        response = options[:connection].app.call(request_env)
-        if response.status.to_i == 200
-          content_type = response.headers['content-type']
-          return ::Signet::OAuth2.parse_credentials(response.body, content_type)
-        elsif [400, 401, 403].include?(response.status.to_i)
+        client = options[:connection] ||= Faraday.default_connection
+        url = Addressable::URI.parse(self.token_credential_uri).normalize.to_s
+        parameters = self.generate_access_token_request(options)
+
+        response = client.post url, parameters
+        if response.respond_to?(:status)
+          # Faraday connection
+          status = response.status.to_i
+          body = response.body
+          content_type = response.headers['Content-type']
+        else
+          # Hurley
+          status = response.status_code.to_i
+          body = response.body
+          content_type = response.header[:content_type]
+        end
+
+        if status == 200
+          return ::Signet::OAuth2.parse_credentials(body, content_type)
+        elsif [400, 401, 403].include?(status)
           message = 'Authorization failed.'
-          if response.body.to_s.strip.length > 0
+          if body.to_s.strip.length > 0
             message += "  Server message:\n#{response.body.to_s.strip}"
           end
           raise ::Signet::AuthorizationError.new(
-            message, :request => request, :response => response
+            message, :response => response
           )
         else
           message = "Unexpected status code: #{response.status}."
-          if response.body.to_s.strip.length > 0
+          if body.to_s.strip.length > 0
             message += "  Server message:\n#{response.body.to_s.strip}"
           end
           raise ::Signet::AuthorizationError.new(
-            message, :request => request, :response => response
+            message, :response => response
           )
         end
       end
@@ -1019,7 +1033,6 @@ module Signet
       #     The HTTP body for the request.
       #   - <code>:realm</code> -
       #     The Authorization realm.  See RFC 2617.
-      #
       # @return [Faraday::Request] The request object.
       def generate_authenticated_request(options={})
         options = deep_hash_normalize(options)
@@ -1100,16 +1113,6 @@ module Signet
       #     :uri => 'http://www.example.com/protected/resource'
       #   )
       #
-      # @example
-      #   # Using Typhoeus
-      #   response = client.fetch_protected_resource(
-      #     :request => Typhoeus::Request.new(
-      #       'http://www.example.com/protected/resource'
-      #     ),
-      #     :adapter => HTTPAdapter::TyphoeusAdapter.new,
-      #     :connection => connection
-      #   )
-      #
       # @return [Array] The response object.
       def fetch_protected_resource(options={})
         options = deep_hash_normalize(options)
@@ -1147,7 +1150,7 @@ module Signet
       # Check if the URI is a out-of-band
       # @private
       def uri_is_oob?(uri)
-        return uri.to_s == 'urn:ietf:wg:oauth:2.0:oob' || uri.to_s == 'oob'
+        return OOB_MODES.include?(uri.to_s)
       end
 
       # Convert all keys in this hash (nested) to symbols for uniform retrieval
@@ -1160,13 +1163,24 @@ module Signet
       end
 
       def deep_hash_normalize(old_hash)
-        old_hash.inject(formatted_hash={}) do |hash,(k,v)|
+        sym_hash = {}
+        old_hash and old_hash.each {|k,v| sym_hash[k.to_sym] = recursive_hash_normalize_keys(v)}
+        sym_hash
+      end
 
-          hash[k.to_sym] = recursive_hash_normalize_keys(v)
-          hash
+      def normalize_timestamp(time)
+        case time
+        when NilClass
+          nil
+        when Time
+          time
+        when String
+          Time.parse(issued_at)
+        when Fixnum
+          Time.at(time)
+        else
+          fail "Invalid time value #{time}"
         end
-
-        formatted_hash
       end
     end
   end

data/lib/signet/version.rb

@@ -17,8 +17,8 @@ unless defined? Signet::VERSION
   module Signet
     module VERSION
       MAJOR = 0
-      MINOR = 6
-      TINY  = 1
+      MINOR = 7
+      TINY  = 0
 
       STRING = [MAJOR, MINOR, TINY].join('.')
     end

data/signet.gemspec

@@ -27,7 +27,6 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'faraday', '~> 0.9'
   s.add_runtime_dependency 'multi_json', '~> 1.10'
   s.add_runtime_dependency 'jwt', '~> 1.5'
-  s.add_runtime_dependency 'extlib', '~> 0.9'
 
   s.add_development_dependency 'rake', '~> 10.0'
   s.add_development_dependency 'yard', '~> 0.8'

data/spec/signet/oauth_1/services/google_spec.rb

@@ -95,14 +95,16 @@ describe Signet::OAuth1::Client, 'configured for standard Google APIs' do
   end
 
   it 'should raise an error if the token credentials are bogus' do
-    expect(lambda do
+    expect do
+      skip 'Need to replace with mocked response as google endpoints no longer use oauth1'
       @client.token_credential_key = '12345'
       @client.token_credential_secret = '12345'
-      @client.fetch_protected_resource(
+      res = @client.fetch_protected_resource(
         :uri =>
           'https://www.google.com/m8/feeds/'
       )
-    end).to raise_error(Signet::AuthorizationError)
+      puts "Res = #{res.status}"
+    end.to raise_error(Signet::AuthorizationError)
   end
 
   # We have to stub responses for the token credentials
@@ -228,6 +230,7 @@ describe Signet::OAuth1::Client, 'configured for two-legged OAuth' do
   end
 
   it 'should raise an error if the client credentials are bogus' do
+    skip 'Need to replace with mocked response as google endpoints no longer use oauth1'
     expect(lambda do
       @client.fetch_protected_resource(
         :uri =>

data/spec/signet/oauth_2/client_spec.rb

@@ -263,7 +263,7 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
     it 'should send valid access token request' do
       stubs = Faraday::Adapter::Test::Stubs.new do |stub|
         stub.post('/o/oauth2/token') do |env|
-          params = Addressable::URI.form_unencode(env[:body])
+          params = env[:body]
           claim, header = JWT.decode(params.assoc("assertion").last, @key.public_key)
           expect(params.assoc("grant_type")).to eq ['grant_type','urn:ietf:params:oauth:grant-type:jwt-bearer']
           build_json_response({
@@ -370,8 +370,7 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
       'PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU'
 
     request = @client.generate_access_token_request
-    params = Addressable::URI.form_unencode(request.body)
-    expect(params).to include(['assertion', 'PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU'])
+    expect(request).to include('assertion' => 'PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU')
   end
 
   it 'should allow the token to be updated' do
@@ -889,7 +888,7 @@ xwIDAQAB
 -----END PUBLIC KEY-----
 PUBKEY
       @client.decoded_id_token(pubkey)
-    end).to raise_error(JWT::DecodeError, "Signature verification failed")
+    end).to raise_error(JWT::VerificationError)
     stubs.verify_stubbed_calls
   end
 end
@@ -956,9 +955,9 @@ describe Signet::OAuth2::Client, 'configured with custom parameters' do
 
   it 'should merge new generate_access_token_request custom parameters' do
     @client.update!(:code=>'12345')
-    body = @client.generate_access_token_request(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'}).body
-    expect(body).to include("type=new_type")
-    expect(body).to include("new_param=new_val")
+    params = @client.generate_access_token_request(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'})
+    expect(params).to include('type' => 'new_type')
+    expect(params).to include('new_param' => 'new_val')
   end
 end
 
@@ -1000,9 +999,9 @@ describe Signet::OAuth2::Client, 'configured with custom parameters' do
 
   it 'should merge new generate_access_token_request custom parameters' do
     @client.update!(:code=>'12345')
-    body = @client.generate_access_token_request(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'}).body
-    expect(body).to include("type=new_type")
-    expect(body).to include("new_param=new_val")
+    params = @client.generate_access_token_request(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'})
+    expect(params).to include("type" => "new_type")
+    expect(params).to include("new_param" => "new_val")
   end
 end
 
@@ -1049,8 +1048,8 @@ describe Signet::OAuth2::Client, 'configured with custom parameters a la JSON.lo
 
   it 'should merge new generate_access_token_request custom parameters' do
     @client.update!(:code=>'12345')
-    body = @client.generate_access_token_request(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'}).body
-    expect(body).to include("type=new_type")
-    expect(body).to include("new_param=new_val")
+    params = @client.generate_access_token_request(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'})
+    expect(params).to include("type" => "new_type")
+    expect(params).to include("new_param" => "new_val")
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: signet
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.7.0
 platform: ruby
 authors:
 - Bob Aman
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-08 00:00:00.000000000 Z
+date: 2015-12-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -67,20 +67,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.5'
-- !ruby/object:Gem::Dependency
-  name: extlib
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.9'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.9'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -193,7 +179,6 @@ files:
 - lib/signet/oauth_1/signature_methods/rsa_sha1.rb
 - lib/signet/oauth_2.rb
 - lib/signet/oauth_2/client.rb
-- lib/signet/ssl_config.rb
 - lib/signet/version.rb
 - signet.gemspec
 - spec/force_compat/digest/hmac.rb
@@ -241,7 +226,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.5
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.4.6
 signing_key: 
 specification_version: 4
 summary: Signet is an OAuth 1.0 / OAuth 2.0 implementation.

data/lib/signet/ssl_config.rb

@@ -1,55 +0,0 @@
-if (!ENV['SSL_CERT_FILE'] || !File.exist?(ENV['SSL_CERT_FILE'])) &&
-    (!ENV['SSL_CERT_DIR'] || !File.exist?(ENV['SSL_CERT_DIR']))
-  # Attempt to copy over from other environment variables or well-known
-  # locations. But seriously, just set the environment variables!
-  common_ca_file_locations = [
-    ENV['CA_FILE'],
-    '/usr/local/lib/ssl/certs/ca-certificates.crt',
-    '/usr/local/ssl/certs/ca-certificates.crt',
-    '/usr/local/share/curl/curl-ca-bundle.crt',
-    '/usr/local/etc/openssl/cert.pem',
-    '/opt/local/lib/ssl/certs/ca-certificates.crt',
-    '/opt/local/ssl/certs/ca-certificates.crt',
-    '/opt/local/share/curl/curl-ca-bundle.crt',
-    '/opt/local/etc/openssl/cert.pem',
-    '/usr/lib/ssl/certs/ca-certificates.crt',
-    '/usr/ssl/certs/ca-certificates.crt',
-    '/usr/share/curl/curl-ca-bundle.crt',
-    '/etc/ssl/certs/ca-certificates.crt',
-    '/etc/openssl/cert.pem',
-    '/etc/pki/tls/cert.pem',
-    '/etc/pki/CA/cacert.pem',
-    'C:\Windows\curl-ca-bundle.crt',
-    'C:\Windows\ca-bundle.crt',
-    'C:\Windows\cacert.pem',
-    './curl-ca-bundle.crt',
-    './cacert.pem',
-    '~/.cacert.pem'
-  ]
-  common_ca_path_locations = [
-    ENV['CA_PATH'],
-    '/usr/local/lib/ssl/certs',
-    '/usr/local/ssl/certs',
-    '/opt/local/lib/ssl/certs',
-    '/opt/local/ssl/certs',
-    '/usr/lib/ssl/certs',
-    '/usr/ssl/certs',
-    '/etc/ssl/certs'
-  ]
-  ENV['SSL_CERT_FILE'] = nil
-  ENV['SSL_CERT_DIR'] = nil
-  for location in common_ca_file_locations
-    if location && File.exist?(location)
-      ENV['SSL_CERT_FILE'] = File.expand_path(location)
-      break
-    end
-  end
-  unless ENV['SSL_CERT_FILE']
-    for location in common_ca_path_locations
-      if location && File.exist?(location)
-        ENV['SSL_CERT_DIR'] = File.expand_path(location)
-        break
-      end
-    end
-  end
-end