RubyGems - ssl_certifier - Versions diffs - 0.1.0 - Mend

ssl_certifier 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

data/.gemtest +0 -0
data/.gitignore +4 -0
data/Gemfile +4 -0
data/README.rdoc +19 -0
data/Rakefile +6 -0
data/certs/cacert.pem +3987 -0
data/lib/ssl_certifier.rb +4 -0
data/lib/ssl_certifier/open-uri.rb +12 -0
data/lib/ssl_certifier/version.rb +3 -0
data/spec/certs/ca_cert.pem +59 -0
data/spec/certs/server_cert.pem +61 -0
data/spec/certs/server_key +67 -0
data/spec/data.txt +1 -0
data/spec/open-uri_spec.rb +697 -0
data/spec/open-uri_ssl_spec.rb +89 -0
data/spec/spec_helper.rb +73 -0
data/ssl_certifier.gemspec +23 -0
metadata +85 -0

data/lib/ssl_certifier.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module SslCertifier
+  require 'open-uri'
+  require 'ssl_certifier/open-uri.rb'
+end

data/lib/ssl_certifier/open-uri.rb ADDED Viewed

@@ -0,0 +1,12 @@
+module OpenURI
+  CaCertOptions = {:ssl_ca_cert => File.join(File.expand_path("../../../certs/", __FILE__), 'cacert.pem')}
+  class << self
+    alias_method :open_http_without_ca_cert, :open_http
+    def OpenURI.open_http(buf, target, proxy, options) # :nodoc:
+      options = CaCertOptions.merge(options)
+      OpenURI.open_http_without_ca_cert(buf, target, proxy, options)
+    end
+  end
+end

data/lib/ssl_certifier/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module SslCertifier
+  VERSION = "0.1.0"
+end

data/spec/certs/ca_cert.pem ADDED Viewed

@@ -0,0 +1,59 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=JP, ST=Tokyo, O=RubyTest, CN=Ruby Test CA
+        Validity
+            Not Before: Jan  1 00:00:00 2009 GMT
+            Not After : Dec 31 23:59:59 2049 GMT
+        Subject: C=JP, ST=Tokyo, O=RubyTest, CN=Ruby Test CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:9f:58:19:39:bc:ea:0c:b8:c3:5d:12:a7:d8:20:
+                    6c:53:ac:91:34:c8:b4:db:3f:56:f6:75:b6:6c:23:
+                    80:23:6a:5f:b3:f6:9a:3e:00:b4:16:19:1c:9c:2c:
+                    8d:e8:53:d5:0b:f1:52:3f:7b:60:93:86:ae:89:ab:
+                    20:82:9a:b6:72:14:3c:4d:a9:0b:6c:34:79:9e:d3:
+                    14:82:6d:c9:3b:90:d9:5e:68:6f:8c:b5:d8:09:f4:
+                    6f:3b:22:9f:5e:81:9c:37:df:cf:90:36:65:57:dc:
+                    ad:31:ca:8b:48:92:a7:3c:1e:42:e9:1c:4e:1e:cb:
+                    36:c1:44:4e:ab:9a:b2:73:6d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints:
+                CA:FALSE
+            Netscape Comment:
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier:
+                24:6F:03:A3:EE:06:51:75:B2:BA:FC:3A:38:59:BF:ED:87:CD:E8:7F
+            X509v3 Authority Key Identifier:
+                keyid:24:6F:03:A3:EE:06:51:75:B2:BA:FC:3A:38:59:BF:ED:87:CD:E8:7F
+    Signature Algorithm: sha1WithRSAEncryption
+        13:eb:db:ca:cd:90:f2:09:9e:d9:72:70:5e:42:5d:11:84:ce:
+        00:1d:c4:2f:41:d2:3e:16:e5:d4:97:1f:43:a9:a7:9c:fa:60:
+        c4:35:96:f2:f6:0d:13:6d:0f:36:dd:59:03:08:ee:2e:a6:df:
+        9e:d8:6d:ca:72:8f:02:c2:2b:53:7b:12:7f:55:81:6c:9e:7d:
+        e7:40:7e:f8:f5:75:0d:4b:a0:8d:ee:a4:d9:e8:5f:06:c9:86:
+        66:71:70:6c:41:81:6a:dd:a4:4f:a3:c1:ac:70:d4:78:1b:23:
+        30:2f:a5:ef:98:ee:d4:62:80:fd:bf:d4:7a:9b:8e:2d:18:e5:
+        00:46
+-----BEGIN CERTIFICATE-----
+MIICfzCCAeigAwIBAgIBADANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJKUDEO
+MAwGA1UECBMFVG9reW8xETAPBgNVBAoTCFJ1YnlUZXN0MRUwEwYDVQQDEwxSdWJ5
+IFRlc3QgQ0EwHhcNMDkwMTAxMDAwMDAwWhcNNDkxMjMxMjM1OTU5WjBHMQswCQYD
+VQQGEwJKUDEOMAwGA1UECBMFVG9reW8xETAPBgNVBAoTCFJ1YnlUZXN0MRUwEwYD
+VQQDEwxSdWJ5IFRlc3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ9Y
+GTm86gy4w10Sp9ggbFOskTTItNs/VvZ1tmwjgCNqX7P2mj4AtBYZHJwsjehT1Qvx
+Uj97YJOGromrIIKatnIUPE2pC2w0eZ7TFIJtyTuQ2V5ob4y12An0bzsin16BnDff
+z5A2ZVfcrTHKi0iSpzweQukcTh7LNsFETquasnNtAgMBAAGjezB5MAkGA1UdEwQC
+MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl
+MB0GA1UdDgQWBBQkbwOj7gZRdbK6/Do4Wb/th83ofzAfBgNVHSMEGDAWgBQkbwOj
+7gZRdbK6/Do4Wb/th83ofzANBgkqhkiG9w0BAQUFAAOBgQAT69vKzZDyCZ7ZcnBe
+Ql0RhM4AHcQvQdI+FuXUlx9Dqaec+mDENZby9g0TbQ823VkDCO4upt+e2G3Kco8C
+witTexJ/VYFsnn3nQH749XUNS6CN7qTZ6F8GyYZmcXBsQYFq3aRPo8GscNR4GyMw
+L6XvmO7UYoD9v9R6m44tGOUARg==
+-----END CERTIFICATE-----

data/spec/certs/server_cert.pem ADDED Viewed

@@ -0,0 +1,61 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=JP, ST=Tokyo, O=RubyTest, CN=Ruby Test CA
+        Validity
+            Not Before: Jan  1 00:00:00 2009 GMT
+            Not After : Dec 31 23:59:59 2049 GMT
+        Subject: C=JP, ST=Tokyo, O=RubyTest, CN=127.0.0.1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bb:bd:74:69:53:58:50:24:79:f2:eb:db:8b:97:
+                    e4:69:a4:dd:48:0c:40:35:62:42:b3:35:8c:96:2a:
+                    62:76:98:b5:2a:e0:f8:78:33:b6:ff:f8:55:bf:44:
+                    69:21:d7:b5:0e:bd:8a:dd:31:1b:88:d5:b4:5e:7a:
+                    82:e0:ba:99:6c:04:76:e9:ff:e6:f8:f5:06:8e:7e:
+                    a4:db:db:eb:43:44:12:a7:ca:ca:2b:aa:5f:83:10:
+                    e2:9e:35:55:e8:e8:af:be:c8:7d:bb:c2:d4:aa:c1:
+                    1c:57:0b:c0:0c:3a:1d:6e:23:a9:03:26:7c:ea:8c:
+                    f0:86:61:ce:f1:ff:42:c7:23
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints:
+                CA:FALSE
+            Netscape Cert Type:
+                SSL Server
+            Netscape Comment:
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier:
+                7F:17:5A:58:88:96:E1:1F:44:EA:FF:AD:C6:2E:90:E2:95:32:DD:F0
+            X509v3 Authority Key Identifier:
+                keyid:24:6F:03:A3:EE:06:51:75:B2:BA:FC:3A:38:59:BF:ED:87:CD:E8:7F
+    Signature Algorithm: sha1WithRSAEncryption
+        9a:34:99:ea:76:a2:ed:f0:f7:a7:75:3b:81:fb:75:57:93:c1:
+        27:b6:1e:7a:38:67:95:be:58:42:9a:0a:dd:2b:23:fb:85:42:
+        80:34:bf:b9:0e:9c:5e:5a:dc:2d:25:8c:68:02:a2:c7:7f:c0:
+        eb:f3:e0:61:e2:05:e5:7e:c1:e0:33:1c:76:65:23:2c:25:08:
+        f6:5a:11:b9:d4:f7:e3:80:bb:b0:ce:76:1a:56:22:af:e2:4a:
+        e1:7e:a4:60:f3:fd:9c:53:46:51:57:32:6b:05:53:80:5c:a5:
+        61:93:87:ae:06:a8:a2:ba:4d:a1:b7:1b:0f:8f:82:0a:e8:b3:
+        ea:63
+-----BEGIN CERTIFICATE-----
+MIICkTCCAfqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJKUDEO
+MAwGA1UECBMFVG9reW8xETAPBgNVBAoTCFJ1YnlUZXN0MRUwEwYDVQQDEwxSdWJ5
+IFRlc3QgQ0EwHhcNMDkwMTAxMDAwMDAwWhcNNDkxMjMxMjM1OTU5WjBEMQswCQYD
+VQQGEwJKUDEOMAwGA1UECBMFVG9reW8xETAPBgNVBAoTCFJ1YnlUZXN0MRIwEAYD
+VQQDEwkxMjcuMC4wLjEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALu9dGlT
+WFAkefLr24uX5Gmk3UgMQDViQrM1jJYqYnaYtSrg+Hgztv/4Vb9EaSHXtQ69it0x
+G4jVtF56guC6mWwEdun/5vj1Bo5+pNvb60NEEqfKyiuqX4MQ4p41Vejor77IfbvC
+1KrBHFcLwAw6HW4jqQMmfOqM8IZhzvH/QscjAgMBAAGjgY8wgYwwCQYDVR0TBAIw
+ADARBglghkgBhvhCAQEEBAMCBkAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBR/F1pYiJbhH0Tq/63GLpDilTLd
+8DAfBgNVHSMEGDAWgBQkbwOj7gZRdbK6/Do4Wb/th83ofzANBgkqhkiG9w0BAQUF
+AAOBgQCaNJnqdqLt8PendTuB+3VXk8Enth56OGeVvlhCmgrdKyP7hUKANL+5Dpxe
+WtwtJYxoAqLHf8Dr8+Bh4gXlfsHgMxx2ZSMsJQj2WhG51PfjgLuwznYaViKv4krh
+fqRg8/2cU0ZRVzJrBVOAXKVhk4euBqiiuk2htxsPj4IK6LPqYw==
+-----END CERTIFICATE-----

data/spec/certs/server_key ADDED Viewed

@@ -0,0 +1,67 @@
+Private-Key: (1024 bit)
+modulus:
+    00:bb:bd:74:69:53:58:50:24:79:f2:eb:db:8b:97:
+    e4:69:a4:dd:48:0c:40:35:62:42:b3:35:8c:96:2a:
+    62:76:98:b5:2a:e0:f8:78:33:b6:ff:f8:55:bf:44:
+    69:21:d7:b5:0e:bd:8a:dd:31:1b:88:d5:b4:5e:7a:
+    82:e0:ba:99:6c:04:76:e9:ff:e6:f8:f5:06:8e:7e:
+    a4:db:db:eb:43:44:12:a7:ca:ca:2b:aa:5f:83:10:
+    e2:9e:35:55:e8:e8:af:be:c8:7d:bb:c2:d4:aa:c1:
+    1c:57:0b:c0:0c:3a:1d:6e:23:a9:03:26:7c:ea:8c:
+    f0:86:61:ce:f1:ff:42:c7:23
+publicExponent: 65537 (0x10001)
+privateExponent:
+    00:af:3a:ec:17:0a:f5:d9:07:d2:d3:4c:15:c5:3b:
+    66:b4:bc:6e:d5:ba:a9:8b:aa:45:3b:63:f5:ee:8b:
+    6d:0f:e9:04:e0:1a:cf:8f:d2:25:32:d1:a5:a7:3a:
+    c1:2e:17:5a:25:82:00:c4:e7:fb:1d:42:ea:71:6c:
+    c4:0f:e1:db:23:ff:1e:d6:c8:d6:60:ca:2d:06:fc:
+    54:3c:03:d4:09:96:bb:38:7a:22:a1:61:2c:f7:d0:
+    d0:90:6c:9f:61:ba:61:30:5a:aa:64:ad:43:3a:53:
+    38:e8:ba:cc:8c:51:3e:68:3e:3a:6a:0f:5d:5d:e0:
+    d6:df:f2:54:93:d3:14:22:a1
+prime1:
+    00:e8:ec:11:fe:e6:2b:23:21:29:d5:40:a6:11:ec:
+    4c:ae:4d:08:2a:71:18:ac:d1:3e:40:2f:12:41:59:
+    12:09:e2:f7:c2:d7:6b:0a:96:0a:06:e3:90:6a:4e:
+    b2:eb:25:b7:09:68:e9:13:ab:d0:5a:29:7a:e4:72:
+    1a:ee:46:a0:8b
+prime2:
+    00:ce:57:5e:31:e9:c9:a8:5b:1f:55:af:67:e2:49:
+    2a:af:90:b6:02:c0:32:2f:ca:ae:1e:de:47:81:73:
+    a8:f8:37:53:70:93:24:62:77:d4:b8:80:30:9f:65:
+    26:20:46:ae:5a:65:6e:6d:af:68:4c:8d:e8:3c:f3:
+    d1:d1:d9:6e:c9
+exponent1:
+    03:f1:02:b8:f2:82:26:5d:08:4d:30:83:de:e7:c5:
+    c0:69:53:4b:0c:90:e3:53:c3:1e:e8:ed:01:28:15:
+    b3:0f:21:2c:2d:e3:04:d1:d7:27:98:b0:37:ec:4f:
+    00:c5:a9:9c:42:27:37:8a:ff:c2:96:d3:1a:8c:87:
+    c2:22:75:d3
+exponent2:
+    6f:17:32:ab:84:c7:01:51:2d:e9:9f:ea:3a:36:52:
+    38:fb:9c:42:96:df:6e:43:9c:c3:19:c1:3d:bc:db:
+    77:e7:b1:90:a6:67:ac:6b:ff:a6:e5:bd:47:d3:d9:
+    56:ff:36:d7:8c:4c:8b:d9:28:3a:2f:1c:9d:d4:57:
+    5e:b7:c5:a1
+coefficient:
+    45:50:47:66:56:e9:21:d9:40:0e:af:3f:f2:05:77:
+    ab:e7:08:40:97:88:2a:51:b3:7e:86:b0:b2:03:2e:
+    6d:36:3f:46:42:97:7d:5a:a2:93:6c:05:c2:8b:8b:
+    2d:af:d5:7d:75:e9:70:f0:2d:21:e3:b9:cf:4d:9a:
+    c4:97:e2:79
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC7vXRpU1hQJHny69uLl+RppN1IDEA1YkKzNYyWKmJ2mLUq4Ph4
+M7b/+FW/RGkh17UOvYrdMRuI1bReeoLguplsBHbp/+b49QaOfqTb2+tDRBKnysor
+ql+DEOKeNVXo6K++yH27wtSqwRxXC8AMOh1uI6kDJnzqjPCGYc7x/0LHIwIDAQAB
+AoGBAK867BcK9dkH0tNMFcU7ZrS8btW6qYuqRTtj9e6LbQ/pBOAaz4/SJTLRpac6
+wS4XWiWCAMTn+x1C6nFsxA/h2yP/HtbI1mDKLQb8VDwD1AmWuzh6IqFhLPfQ0JBs
+n2G6YTBaqmStQzpTOOi6zIxRPmg+OmoPXV3g1t/yVJPTFCKhAkEA6OwR/uYrIyEp
+1UCmEexMrk0IKnEYrNE+QC8SQVkSCeL3wtdrCpYKBuOQak6y6yW3CWjpE6vQWil6
+5HIa7kagiwJBAM5XXjHpyahbH1WvZ+JJKq+QtgLAMi/Krh7eR4FzqPg3U3CTJGJ3
+1LiAMJ9lJiBGrlplbm2vaEyN6Dzz0dHZbskCQAPxArjygiZdCE0wg97nxcBpU0sM
+kONTwx7o7QEoFbMPISwt4wTR1yeYsDfsTwDFqZxCJzeK/8KW0xqMh8IiddMCQG8X
+MquExwFRLemf6jo2Ujj7nEKW325DnMMZwT2823fnsZCmZ6xr/6blvUfT2Vb/NteM
+TIvZKDovHJ3UV163xaECQEVQR2ZW6SHZQA6vP/IFd6vnCECXiCpRs36GsLIDLm02
+P0ZCl31aopNsBcKLiy2v1X116XDwLSHjuc9NmsSX4nk=
+-----END RSA PRIVATE KEY-----

data/spec/data.txt ADDED Viewed

	@@ -0,0 +1 @@
1	+ ddd

data/spec/open-uri_spec.rb ADDED Viewed

@@ -0,0 +1,697 @@
+require 'spec_helper'
+describe OpenURI do
+  context "normal http operations" do
+    before(:each) do
+      @proxies = %w[http_proxy HTTP_PROXY ftp_proxy FTP_PROXY no_proxy]
+      @old_proxies = @proxies.map {|k| ENV[k] }
+      @proxies.each {|k| ENV[k] = nil }
+    end
+    after(:each) do
+      @proxies.each_with_index {|k, i| ENV[k] = @old_proxies[i] }
+    end
+    it 'should return 200' do
+      with_http do |srv, dr, url|
+        open("#{dr}/foo200", "w") {|f| f << "foo200" }
+        open("#{url}/foo200") do |f|
+          f.status[0].should == "200"
+          f.read.should == "foo200"
+        end
+      end
+    end
+    it 'should return 200 for a big file' do
+      with_http do |srv, dr, url|
+        content = "foo200big"*10240
+        open("#{dr}/foo200big", "w") {|f| f << content }
+        open("#{url}/foo200big") do |f|
+          f.status[0].should == "200"
+          f.read.should == content
+        end
+      end
+    end
+    it 'should return 404 for a bad url' do
+      with_http do |srv, dr, url|
+        lambda { open("#{url}/not-exist") {} }.should raise_error(OpenURI::HTTPError)
+        #TODO: somehow get the status from the lambda
+        #exc.io.status[0].should == "404"
+      end
+    end
+    it 'should read the string "foo_ou"' do
+      with_http do |srv, dr, url|
+        open("#{dr}/foo_ou", "w") {|f| f << "foo_ou" }
+        u = URI("#{url}/foo_ou")
+        open(u) do |f|
+          f.status[0].should == "200"
+          f.read.should == "foo_ou"
+        end
+      end
+    end
+    it 'should raise an ArgumentError when open is given too many args' do
+      lambda { open("http://192.0.2.1/tma", "r", 0666, :extra) {} }.should raise_error(ArgumentError)
+    end
+    it 'should raise an ArgumentError when open is given an invalid argument' do
+      lambda { open("http://127.0.0.1/", :invalid_option=>true) {} }.should raise_error(ArgumentError)
+    end
+    it 'should raise a Timeout::Error when a read times out' do
+      TCPServer.open("127.0.0.1", 0) do |serv|
+        port = serv.addr[1]
+        th = Thread.new {
+          sock = serv.accept
+          begin
+            req = sock.gets("\r\n\r\n")
+            req.should match %r{\AGET /foo/bar }
+            sock.print "HTTP/1.0 200 OK\r\n"
+            sock.print "Content-Length: 4\r\n\r\n"
+            sleep 1
+            sock.print "ab\r\n"
+          ensure
+            sock.close
+          end
+        }
+        begin
+          lambda { URI("http://127.0.0.1:#{port}/foo/bar").read(:read_timeout=>0.01) }.should raise_error(Timeout::Error)
+        ensure
+          Thread.kill(th)
+          th.join
+        end
+      end
+    end
+    it 'should read when opening in various modes' do
+      with_http do |srv, dr, url|
+        open("#{dr}/mode", "w") {|f| f << "mode" }
+        open("#{url}/mode", "r") do |f|
+          f.status[0].should == "200"
+          f.read.should == "mode"
+        end
+        open("#{url}/mode", "r", 0600) do |f|
+          f.status[0].should == "200"
+          f.read.should == "mode"
+        end
+        lambda { open("#{url}/mode", "a") {} }.should raise_error(ArgumentError)
+        open("#{url}/mode", "r:us-ascii") do |f|
+          f.read.encoding.should == Encoding::US_ASCII
+        end
+        open("#{url}/mode", "r:utf-8") do |f|
+          f.read.encoding.should == Encoding::UTF_8
+        end
+        lambda { open("#{url}/mode", "r:invalid-encoding") {} }.should raise_error(ArgumentError)
+      end
+    end
+    it 'should open a url when a block is not specified' do
+      with_http do |srv, dr, url|
+        open("#{dr}/without_block", "w") {|g| g << "without_block" }
+        begin
+          f = open("#{url}/without_block")
+          f.status[0].should == "200"
+          f.read.should == "without_block"
+        ensure
+          f.close
+        end
+      end
+    end
+    it 'should read the same headers for header1 and header2' do
+      myheader1 = 'barrrr'
+      myheader2 = nil
+      with_http do |srv, dr, url|
+        srv.mount_proc("/h/") {|req, res| myheader2 = req['myheader']; res.body = "foo" }
+        open("#{url}/h/", 'MyHeader'=>myheader1) do |f|
+          f.read.should == "foo"
+          myheader1.should == myheader2
+        end
+      end
+    end
+    it 'should not open with multiple proxy options' do
+      lambda { open("http://127.0.0.1/", :proxy_http_basic_authentication=>true, :proxy=>true) {} }.should raise_error(ArgumentError)
+    end
+    it 'should not open with a non-http proxy' do
+      lambda { open("http://127.0.0.1/", :proxy=>URI("ftp://127.0.0.1/")) {} }.should raise_error(RuntimeError)
+    end
+    it 'should open a url via a proxy' do
+      with_http do |srv, dr, url|
+        log = ''
+        proxy = WEBrick::HTTPProxyServer.new({
+          :ServerType => Thread,
+          :Logger => WEBrick::Log.new(NullLog),
+          :AccessLog => [[NullLog, ""]],
+          :ProxyAuthProc => lambda {|req, res|
+            log << req.request_line
+          },
+          :BindAddress => '127.0.0.1',
+          :Port => 0})
+        _, proxy_port, _, proxy_host = proxy.listeners[0].addr
+        proxy_url = "http://#{proxy_host}:#{proxy_port}/"
+        begin
+          th = proxy.start
+          open("#{dr}/proxy", "w") {|f| f << "proxy" }
+          open("#{url}/proxy", :proxy=>proxy_url) do |f|
+            f.status[0].should == "200"
+            f.read.should == "proxy"
+          end
+          log.should match /#{Regexp.quote url}/
+          log.clear
+          open("#{url}/proxy", :proxy=>URI(proxy_url)) do |f|
+            f.status[0].should == "200"
+            f.read.should == "proxy"
+          end
+          log.should match /#{Regexp.quote url}/
+          log.clear
+          open("#{url}/proxy", :proxy=>nil) do |f|
+            f.status[0].should == "200"
+            f.read.should == "proxy"
+          end
+          log.should == ""
+          log.clear
+          lambda { open("#{url}/proxy", :proxy=>:invalid) {} }.should raise_error(ArgumentError)
+          log.should == ""
+          log.clear
+          with_env("http_proxy"=>proxy_url) {
+            # should not use proxy for 127.0.0.0/8.
+            open("#{url}/proxy") do |f|
+              f.status[0].should == "200"
+              f.read.should == "proxy"
+            end
+          }
+          log.should == ""
+          log.clear
+        ensure
+          proxy.shutdown
+        end
+      end
+    end
+    it 'should open a url via proxy with http basic authentication' do
+      with_http do |srv, dr, url|
+        log = ''
+        proxy = WEBrick::HTTPProxyServer.new({
+          :ServerType => Thread,
+          :Logger => WEBrick::Log.new(NullLog),
+          :AccessLog => [[NullLog, ""]],
+          :ProxyAuthProc => lambda {|req, res|
+            log << req.request_line
+            if req["Proxy-Authorization"] != "Basic #{['user:pass'].pack('m').chomp}"
+              raise WEBrick::HTTPStatus::ProxyAuthenticationRequired
+            end
+          },
+          :BindAddress => '127.0.0.1',
+          :Port => 0})
+        _, proxy_port, _, proxy_host = proxy.listeners[0].addr
+        proxy_url = "http://#{proxy_host}:#{proxy_port}/"
+        begin
+          th = proxy.start
+          open("#{dr}/proxy", "w") {|f| f << "proxy" }
+          lambda { open("#{url}/proxy", :proxy=>proxy_url) {} }.should raise_error(OpenURI::HTTPError)
+          #TODO: somehow extract the status from the lambda
+          #exc.io.status[0].should == "407"
+          log.should match /#{Regexp.quote url}/
+          log.clear
+          open("#{url}/proxy", :proxy_http_basic_authentication=>[proxy_url, "user", "pass"]) do |f|
+            f.status[0].should == "200"
+            f.read.should == "proxy"
+          end
+          log.should match /#{Regexp.quote url}/
+          log.clear
+          lambda { open("#{url}/proxy", :proxy_http_basic_authentication=>[true, "user", "pass"]) {} }.should raise_error(ArgumentError)
+          log.should == ""
+          log.clear
+        ensure
+          proxy.shutdown
+        end
+      end
+    end
+    it 'should open urls with redirects' do
+      with_http do |srv, dr, url|
+        srv.mount_proc("/r1/") {|req, res| res.status = 301; res["location"] = "#{url}/r2"; res.body = "r1" }
+        srv.mount_proc("/r2/") {|req, res| res.body = "r2" }
+        srv.mount_proc("/to-file/") {|req, res| res.status = 301; res["location"] = "file:///foo" }
+        open("#{url}/r1/") do |f|
+          f.base_uri.to_s.should == "#{url}/r2"
+          f.read.should == "r2"
+        end
+        lambda { open("#{url}/r1/", :redirect=>false) {} }.should raise_error(OpenURI::HTTPRedirect)
+        lambda { open("#{url}/to-file/") {} }.should raise_error(RuntimeError)
+      end
+    end
+    it 'should raise a RuntimeError if it enters a redirect loop' do
+      with_http do |srv, dr, url|
+        srv.mount_proc("/r1/") {|req, res| res.status = 301; res["location"] = "#{url}/r2"; res.body = "r1" }
+        srv.mount_proc("/r2/") {|req, res| res.status = 301; res["location"] = "#{url}/r1"; res.body = "r2" }
+        lambda { open("#{url}/r1/") {} }.should raise_error(RuntimeError)
+      end
+    end
+    it 'should open a URI through a relative redirect' do
+      TCPServer.open("127.0.0.1", 0) do |serv|
+        port = serv.addr[1]
+        th = Thread.new {
+          sock = serv.accept
+          begin
+            req = sock.gets("\r\n\r\n")
+            req.should match %r{\AGET /foo/bar }
+            sock.print "HTTP/1.0 302 Found\r\n"
+            sock.print "Location: ../baz\r\n\r\n"
+          ensure
+            sock.close
+          end
+          sock = serv.accept
+          begin
+            req = sock.gets("\r\n\r\n")
+            req.should match %r{\AGET /baz }
+            sock.print "HTTP/1.0 200 OK\r\n"
+            sock.print "Content-Length: 4\r\n\r\n"
+            sock.print "ab\r\n"
+          ensure
+            sock.close
+          end
+        }
+        begin
+          content = URI("http://127.0.0.1:#{port}/foo/bar").read
+          content.should == "ab\r\n"
+        ensure
+          Thread.kill(th)
+          th.join
+        end
+      end
+    end
+    it 'should raise a OpenURI::HTTPError if an invalid redirect is encountered' do
+      TCPServer.open("127.0.0.1", 0) do |serv|
+        port = serv.addr[1]
+        th = Thread.new {
+          sock = serv.accept
+          begin
+            req = sock.gets("\r\n\r\n")
+            req.should match %r{\AGET /foo/bar }
+            sock.print "HTTP/1.0 302 Found\r\n"
+            sock.print "Location: ::\r\n\r\n"
+          ensure
+            sock.close
+          end
+        }
+        begin
+          lambda { URI("http://127.0.0.1:#{port}/foo/bar").read }.should raise_error(OpenURI::HTTPError)
+        ensure
+          Thread.kill(th)
+          th.join
+        end
+      end
+    end
+    it 'should open a url with basic authentication after being redirected' do
+      with_http do |srv, dr, url|
+        srv.mount_proc("/r1/") {|req, res| res.status = 301; res["location"] = "#{url}/r2" }
+        srv.mount_proc("/r2/") do |req, res|
+          if req["Authorization"] != "Basic #{['user:pass'].pack('m').chomp}"
+            raise WEBrick::HTTPStatus::Unauthorized
+          end
+          res.body = "r2"
+        end
+        lambda{ open("#{url}/r2/") {} }.should raise_error(OpenURI::HTTPError)
+        #TODO: somehow get the status from the lambda
+        #exc.io.status[0].should == "401"
+        open("#{url}/r2/", :http_basic_authentication=>['user', 'pass']) do |f|
+          f.read.should == "r2"
+        end
+        lambda { open("#{url}/r1/", :http_basic_authentication=>['user', 'pass']) {} }.should raise_error(OpenURI::HTTPError)
+        #TODO: somehow get the status from the lambda
+        #exc.io.status[0].should == "401"
+      end
+    end
+    it 'should raise an ArgumentError if user information is incorrectly specified in the url' do
+      if "1.9.0" <= RUBY_VERSION
+        lambda { open("http://user:pass@127.0.0.1/") {} }.should raise_error(ArgumentError)
+      end
+    end
+    it 'should open a url and report the progress' do
+      with_http do |srv, dr, url|
+        content = "a" * 100000
+        srv.mount_proc("/data/") {|req, res| res.body = content }
+        length = []
+        progress = []
+        open("#{url}/data/",
+             :content_length_proc => lambda {|n| length << n },
+             :progress_proc => lambda {|n| progress << n }
+            ) {|f|
+          length.length.should == 1
+          length[0].should == content.length
+          progress.length.should be > 1
+          progress.should == progress.sort
+          progress[-1].should == content.length
+          f.read.should == content
+        }
+      end
+    end
+    it 'should open a url and report the progress when the response is chunked' do
+      with_http do |srv, dr, url|
+        content = "a" * 100000
+        srv.mount_proc("/data/") {|req, res| res.body = content; res.chunked = true }
+        length = []
+        progress = []
+        open("#{url}/data/",
+             :content_length_proc => lambda {|n| length << n },
+             :progress_proc => lambda {|n| progress << n }
+            ) {|f|
+          length.length.should == 1
+          length[0].should be nil
+          progress.length.should be > 1
+          progress.should == progress.sort
+          progress[-1].should == content.length
+          f.read.should == content
+        }
+      end
+    end
+    it 'should open a url and read from it' do
+      with_http do |srv, dr, url|
+        open("#{dr}/uriread", "w") {|f| f << "uriread" }
+        data = URI("#{url}/uriread").read
+        data.status[0].should == "200"
+        data.should == "uriread"
+      end
+    end
+    it 'should work with different encodings' do
+      with_http do |srv, dr, url|
+        content_u8 = "\u3042"
+        content_ej = "\xa2\xa4".force_encoding("euc-jp")
+        srv.mount_proc("/u8/") {|req, res| res.body = content_u8; res['content-type'] = 'text/plain; charset=utf-8' }
+        srv.mount_proc("/ej/") {|req, res| res.body = content_ej; res['content-type'] = 'TEXT/PLAIN; charset=EUC-JP' }
+        srv.mount_proc("/nc/") {|req, res| res.body = "aa"; res['content-type'] = 'Text/Plain' }
+        open("#{url}/u8/") do |f|
+          f.read.should == content_u8
+          f.content_type.should == "text/plain"
+          f.charset.should == "utf-8"
+        end
+        open("#{url}/ej/") do |f|
+          f.read.should == content_ej
+          f.content_type.should == "text/plain"
+          f.charset.should == "euc-jp"
+        end
+        open("#{url}/nc/") do |f|
+          f.read.should == "aa"
+          f.content_type.should == "text/plain"
+          f.charset.should == "iso-8859-1"
+          f.charset { "unknown" }.should == "unknown"
+        end
+      end
+    end
+    it 'should open a url with quoted attribute values' do
+      with_http do |srv, dr, url|
+        content_u8 = "\u3042"
+        srv.mount_proc("/qu8/") {|req, res| res.body = content_u8; res['content-type'] = 'text/plain; charset="utf\-8"' }
+        open("#{url}/qu8/") do |f|
+          f.read.should == content_u8
+          f.content_type.should == "text/plain"
+          f.charset.should == "utf-8"
+        end
+      end
+    end
+    it 'should read the last modified date from a url' do
+      with_http do |srv, dr, url|
+        srv.mount_proc("/data/") {|req, res| res.body = "foo"; res['last-modified'] = 'Fri, 07 Aug 2009 06:05:04 GMT' }
+        open("#{url}/data/") do |f|
+          f.read.should == "foo"
+          f.last_modified.should == Time.utc(2009,8,7,6,5,4)
+        end
+      end
+    end
+    it 'should read data with various content encoding' do
+      with_http do |srv, dr, url|
+        content = "abc" * 10000
+        Zlib::GzipWriter.wrap(StringIO.new(content_gz="".force_encoding("ascii-8bit"))) {|z| z.write content }
+        srv.mount_proc("/data/") {|req, res| res.body = content_gz; res['content-encoding'] = 'gzip' }
+        srv.mount_proc("/data2/") {|req, res| res.body = content_gz; res['content-encoding'] = 'gzip'; res.chunked = true }
+        srv.mount_proc("/noce/") {|req, res| res.body = content_gz }
+        open("#{url}/data/") do |f|
+          f.content_encoding.should == ['gzip']
+          f.read.force_encoding("ascii-8bit").should == content_gz
+        end
+        open("#{url}/data2/") do |f|
+          f.content_encoding.should == ['gzip']
+          f.read.force_encoding("ascii-8bit").should == content_gz
+        end
+        open("#{url}/noce/") do |f|
+          f.content_encoding.should == []
+          f.read.force_encoding("ascii-8bit").should == content_gz
+        end
+      end
+    end
+    # 192.0.2.0/24 is TEST-NET.  [RFC3330]
+    it 'should find the proxy for a given url' do
+      URI("http://192.0.2.1/").find_proxy.should be nil
+      URI("ftp://192.0.2.1/").find_proxy.should be nil
+      with_env('http_proxy'=>'http://127.0.0.1:8080') {
+        URI("http://192.0.2.1/").find_proxy.should == URI('http://127.0.0.1:8080')
+        URI("ftp://192.0.2.1/").find_proxy.should be nil
+      }
+      with_env('ftp_proxy'=>'http://127.0.0.1:8080') {
+        URI("http://192.0.2.1/").find_proxy.should be nil
+        URI("ftp://192.0.2.1/").find_proxy.should == URI('http://127.0.0.1:8080')
+      }
+      with_env('REQUEST_METHOD'=>'GET') {
+        URI("http://192.0.2.1/").find_proxy.should be nil
+      }
+      with_env('CGI_HTTP_PROXY'=>'http://127.0.0.1:8080', 'REQUEST_METHOD'=>'GET') {
+        URI("http://192.0.2.1/").find_proxy.should == URI('http://127.0.0.1:8080')
+      }
+      with_env('http_proxy'=>'http://127.0.0.1:8080', 'no_proxy'=>'192.0.2.2') {
+        URI("http://192.0.2.1/").find_proxy.should == URI('http://127.0.0.1:8080')
+        URI("http://192.0.2.2/").find_proxy.should be nil
+      }
+    end
+    it 'should find a proxy for a given url with a case sensitive env' do
+      with_env('http_proxy'=>'http://127.0.0.1:8080', 'REQUEST_METHOD'=>'GET') {
+        URI("http://192.0.2.1/").find_proxy.should == URI('http://127.0.0.1:8080')
+      }
+      with_env('HTTP_PROXY'=>'http://127.0.0.1:8081', 'REQUEST_METHOD'=>'GET') {
+        URI("http://192.0.2.1/").find_proxy.should be nil
+      }
+      with_env('http_proxy'=>'http://127.0.0.1:8080', 'HTTP_PROXY'=>'http://127.0.0.1:8081', 'REQUEST_METHOD'=>'GET') {
+        URI("http://192.0.2.1/").find_proxy.should == URI('http://127.0.0.1:8080')
+      }
+    end unless RUBY_PLATFORM =~ /mswin|mingw/
+    it 'should raise exceptions on invalid ftp requests' do
+      lambda { URI("ftp://127.0.0.1/").read }.should raise_error(ArgumentError)
+      lambda { URI("ftp://127.0.0.1/a%0Db").read }.should raise_error(ArgumentError)
+      lambda { URI("ftp://127.0.0.1/a%0Ab").read }.should raise_error(ArgumentError)
+      lambda { URI("ftp://127.0.0.1/a%0Db/f").read }.should raise_error(ArgumentError)
+      lambda { URI("ftp://127.0.0.1/a%0Ab/f").read }.should raise_error(ArgumentError)
+      lambda { URI("ftp://127.0.0.1/d/f;type=x") }.should raise_error(URI::InvalidComponentError)
+    end
+    it 'should perform FTP operations' do
+      TCPServer.open("127.0.0.1", 0) {|serv|
+        _, port, _, host = serv.addr
+        th = Thread.new {
+          s = serv.accept
+          begin
+            s.print "220 Test FTP Server\r\n"
+            s.gets.should == "USER anonymous\r\n"; s.print "331 name ok\r\n"
+            s.gets.should match /\APASS .*\r\n\z/; s.print "230 logged in\r\n"
+            s.gets.should == "TYPE I\r\n"; s.print "200 type set to I\r\n"
+            s.gets.should == "CWD foo\r\n"; s.print "250 CWD successful\r\n"
+            s.gets.should == "PASV\r\n"
+            TCPServer.open("127.0.0.1", 0) {|data_serv|
+              _, data_serv_port, _, data_serv_host = data_serv.addr
+              hi = data_serv_port >> 8
+              lo = data_serv_port & 0xff
+              s.print "227 Entering Passive Mode (127,0,0,1,#{hi},#{lo}).\r\n"
+              s.gets.should == "RETR bar\r\n"; s.print "150 file okay\r\n"
+              data_sock = data_serv.accept
+              begin
+                data_sock << "content"
+              ensure
+                data_sock.close
+              end
+              s.print "226 transfer complete\r\n"
+              s.gets.should be nil
+            }
+          ensure
+            s.close if s
+          end
+        }
+        begin
+          content = URI("ftp://#{host}:#{port}/foo/bar").read
+          content.should == "content"
+        ensure
+          Thread.kill(th)
+          th.join
+        end
+      }
+    end
+    it 'should perform active FTP operations' do
+      TCPServer.open("127.0.0.1", 0) do |serv|
+        _, port, _, host = serv.addr
+        th = Thread.new {
+          s = serv.accept
+          begin
+            content = "content"
+            s.print "220 Test FTP Server\r\n"
+            s.gets.should == "USER anonymous\r\n"; s.print "331 name ok\r\n"
+            s.gets.should match /\APASS .*\r\n\z/; s.print "230 logged in\r\n"
+            s.gets.should == "TYPE I\r\n"; s.print "200 type set to I\r\n"
+            s.gets.should == "CWD foo\r\n"; s.print "250 CWD successful\r\n"
+            m = s.gets.should match /\APORT 127,0,0,1,(\d+),(\d+)\r\n\z/
+            active_port = m[1].to_i << 8 | m[2].to_i
+            TCPSocket.open("127.0.0.1", active_port) do |data_sock|
+              s.print "200 data connection opened\r\n"
+              s.gets.should == "RETR bar\r\n"; s.print "150 file okay\r\n"
+              begin
+                data_sock << content
+              ensure
+                data_sock.close
+              end
+              s.print "226 transfer complete\r\n"
+              s.gets.should be nil
+            end
+          ensure
+            s.close if s
+          end
+        }
+        begin
+          content = URI("ftp://#{host}:#{port}/foo/bar").read(:ftp_active_mode=>true)
+          content.should == "content"
+        ensure
+          Thread.kill(th)
+          th.join
+        end
+      end
+    end
+    it 'should perform FTP operations in ascii' do
+      TCPServer.open("127.0.0.1", 0) do |serv|
+        _, port, _, host = serv.addr
+        th = Thread.new {
+          s = serv.accept
+          begin
+            content = "content"
+            s.print "220 Test FTP Server\r\n"
+            s.gets.should == "USER anonymous\r\n"; s.print "331 name ok\r\n"
+            s.gets.should match /\APASS .*\r\n\z/; s.print "230 logged in\r\n"
+            s.gets.should == "TYPE I\r\n"; s.print "200 type set to I\r\n"
+            s.gets.should == "CWD /foo\r\n"; s.print "250 CWD successful\r\n"
+            s.gets.should == "TYPE A\r\n"; s.print "200 type set to A\r\n"
+            s.gets.should == "SIZE bar\r\n"; s.print "213 #{content.bytesize}\r\n"
+            s.gets.should == "PASV\r\n"
+            TCPServer.open("127.0.0.1", 0) {|data_serv|
+              _, data_serv_port, _, data_serv_host = data_serv.addr
+              hi = data_serv_port >> 8
+              lo = data_serv_port & 0xff
+              s.print "227 Entering Passive Mode (127,0,0,1,#{hi},#{lo}).\r\n"
+              s.gets.should == "RETR bar\r\n"; s.print "150 file okay\r\n"
+              data_sock = data_serv.accept
+              begin
+                data_sock << content
+              ensure
+                data_sock.close
+              end
+              s.print "226 transfer complete\r\n"
+              s.gets.should be nil
+            }
+          ensure
+            s.close if s
+          end
+        }
+        begin
+          length = []
+          progress = []
+          content = URI("ftp://#{host}:#{port}/%2Ffoo/b%61r;type=a").read(
+           :content_length_proc => lambda {|n| length << n },
+           :progress_proc => lambda {|n| progress << n })
+          content.should == "content"
+          length.should == [7]
+          progress.inject(&:+).should == 7
+        ensure
+          Thread.kill(th)
+          th.join
+        end
+      end
+    end
+    it 'should allow ftp via an http proxy' do
+      TCPServer.open("127.0.0.1", 0) do |proxy_serv|
+        proxy_port = proxy_serv.addr[1]
+        th = Thread.new {
+          proxy_sock = proxy_serv.accept
+          begin
+            req = proxy_sock.gets("\r\n\r\n")
+            req.should match %r{\AGET ftp://192.0.2.1/foo/bar }
+            proxy_sock.print "HTTP/1.0 200 OK\r\n"
+            proxy_sock.print "Content-Length: 4\r\n\r\n"
+            proxy_sock.print "ab\r\n"
+          ensure
+            proxy_sock.close
+          end
+        }
+        begin
+          with_env('ftp_proxy'=>"http://127.0.0.1:#{proxy_port}") {
+            content = URI("ftp://192.0.2.1/foo/bar").read
+            content.should == "ab\r\n"
+          }
+        ensure
+          Thread.kill(th)
+          th.join
+        end
+      end
+    end
+    it 'should allow ftp via an http proxy with basic authorization' do
+      TCPServer.open("127.0.0.1", 0) do |proxy_serv|
+        proxy_port = proxy_serv.addr[1]
+        th = Thread.new {
+          proxy_sock = proxy_serv.accept
+          begin
+            req = proxy_sock.gets("\r\n\r\n")
+            req.should match %r{\AGET ftp://192.0.2.1/foo/bar }
+            req.should match %r{Proxy-Authorization: Basic #{['proxy-user:proxy-password'].pack('m').chomp}\r\n}
+            proxy_sock.print "HTTP/1.0 200 OK\r\n"
+            proxy_sock.print "Content-Length: 4\r\n\r\n"
+            proxy_sock.print "ab\r\n"
+          ensure
+            proxy_sock.close
+          end
+        }
+        begin
+          content = URI("ftp://192.0.2.1/foo/bar").read(
+            :proxy_http_basic_authentication => ["http://127.0.0.1:#{proxy_port}", "proxy-user", "proxy-password"])
+          content.should == "ab\r\n"
+        ensure
+          Thread.kill(th)
+          th.join
+        end
+      end
+    end
+  end
+end