tttls1.3 0.3.5 → 0.3.7

data/spec/encrypted_extensions_spec.rb

@@ -1,94 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe EncryptedExtensions do
-  context 'valid encrypted_extensions' do
-    let(:server_name) do
-      ServerName.new('')
-    end
-
-    let(:supported_groups) do
-      SupportedGroups.new(
-        [
-          NamedGroup::SECP256R1,
-          NamedGroup::SECP384R1,
-          NamedGroup::SECP521R1
-        ]
-      )
-    end
-
-    let(:extensions) do
-      Extensions.new([server_name, supported_groups])
-    end
-
-    let(:message) do
-      EncryptedExtensions.new(extensions)
-    end
-
-    it 'should be generated' do
-      expect(message.msg_type).to eq HandshakeType::ENCRYPTED_EXTENSIONS
-      expect(message.extensions).to eq extensions
-      expect(message.appearable_extensions?).to be true
-    end
-
-    it 'should be serialized' do
-      expect(message.serialize)
-        .to eq HandshakeType::ENCRYPTED_EXTENSIONS \
-               + extensions.serialize.prefix_uint24_length
-    end
-  end
-
-  context 'invalid encrypted_extensions, including forbidden extension type,' do
-    let(:extensions) do
-      signature_algorithms \
-      = SignatureAlgorithms.new([SignatureScheme::ECDSA_SECP256R1_SHA256])
-      Extensions.new([signature_algorithms])
-    end
-
-    let(:message) do
-      EncryptedExtensions.new(extensions)
-    end
-
-    it 'should be generated' do
-      expect(message.msg_type).to eq HandshakeType::ENCRYPTED_EXTENSIONS
-      expect(message.extensions).to eq extensions
-      expect(message.appearable_extensions?).to be false
-    end
-  end
-
-  context 'valid encrypted_extensions, nil argument,' do
-    let(:message) do
-      EncryptedExtensions.new(nil)
-    end
-
-    it 'should be generated' do
-      expect(message.msg_type).to eq HandshakeType::ENCRYPTED_EXTENSIONS
-      expect(message.extensions).to eq Extensions.new
-      expect(message.appearable_extensions?).to be true
-    end
-
-    it 'should be serialized' do
-      expect(message.serialize)
-        .to eq HandshakeType::ENCRYPTED_EXTENSIONS \
-               + Extensions.new.serialize.prefix_uint24_length
-    end
-  end
-
-  context 'valid encrypted_extensions binary' do
-    let(:message) do
-      EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS)
-    end
-
-    it 'should generate valid object' do
-      expect(message.msg_type).to eq HandshakeType::ENCRYPTED_EXTENSIONS
-      expect(message.appearable_extensions?).to be true
-    end
-
-    it 'should generate valid serializable object' do
-      expect(message.serialize).to eq TESTBINARY_ENCRYPTED_EXTENSIONS
-    end
-  end
-end

data/spec/end_of_early_data_spec.rb

@@ -1,28 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe EndOfEarlyData do
-  context 'end_of_early_data' do
-    let(:message) do
-      EndOfEarlyData.new
-    end
-
-    it 'should be serialized' do
-      expect(message.serialize).to eq HandshakeType::END_OF_EARLY_DATA \
-                                      + ''.prefix_uint24_length
-    end
-  end
-
-  context 'valid end_of_early_data binary' do
-    let(:message) do
-      EndOfEarlyData.deserialize(TESTBINARY_0_RTT_END_OF_EARLY_DATA)
-    end
-
-    it 'should generate valid serializable object' do
-      expect(message.serialize).to eq TESTBINARY_0_RTT_END_OF_EARLY_DATA
-    end
-  end
-end

data/spec/endpoint_spec.rb

@@ -1,167 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-
-RSpec.describe Endpoint do
-  context 'endpoint, Simple 1-RTT Handshake,' do
-    let(:key) do
-      n = OpenSSL::BN.new(TESTBINARY_PKEY_MODULUS, 2)
-      e = OpenSSL::BN.new(TESTBINARY_PKEY_PUBLIC_EXPONENT, 2)
-      d = OpenSSL::BN.new(TESTBINARY_PKEY_PRIVATE_EXPONENT, 2)
-      p = OpenSSL::BN.new(TESTBINARY_PKEY_PRIME1, 2)
-      q = OpenSSL::BN.new(TESTBINARY_PKEY_PRIME2, 2)
-      dmp1 = d % (p - 1.to_bn)
-      dmq1 = d % (q - 1.to_bn)
-      iqmp = q**-1.to_bn % p
-      asn1 = OpenSSL::ASN1::Sequence(
-        [
-          OpenSSL::ASN1::Integer(0),
-          OpenSSL::ASN1::Integer(n),
-          OpenSSL::ASN1::Integer(e),
-          OpenSSL::ASN1::Integer(d),
-          OpenSSL::ASN1::Integer(p),
-          OpenSSL::ASN1::Integer(q),
-          OpenSSL::ASN1::Integer(dmp1),
-          OpenSSL::ASN1::Integer(dmq1),
-          OpenSSL::ASN1::Integer(iqmp)
-        ]
-      )
-      OpenSSL::PKey::RSA.new(asn1)
-    end
-
-    let(:ct) do
-      Certificate.deserialize(TESTBINARY_CERTIFICATE)
-    end
-
-    let(:cv) do
-      CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY)
-    end
-
-    let(:cf) do
-      Finished.deserialize(TESTBINARY_CLIENT_FINISHED)
-    end
-
-    let(:sf) do
-      Finished.deserialize(TESTBINARY_SERVER_FINISHED)
-    end
-
-    let(:transcript) do
-      ch = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
-      sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
-      ee = EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS)
-      transcript = Transcript.new
-      transcript.merge!(
-        CH => [ch, TESTBINARY_CLIENT_HELLO],
-        SH => [sh, TESTBINARY_SERVER_HELLO],
-        EE => [ee, TESTBINARY_ENCRYPTED_EXTENSIONS],
-        CT => [ct, TESTBINARY_CERTIFICATE],
-        CV => [cv, TESTBINARY_CERTIFICATE_VERIFY],
-        CF => [cf, TESTBINARY_CLIENT_FINISHED],
-        SF => [sf, TESTBINARY_SERVER_FINISHED]
-      )
-    end
-
-    let(:digest) do
-      CipherSuite.digest(CipherSuite::TLS_AES_128_GCM_SHA256)
-    end
-
-    it 'should verify server CertificateVerify.signature' do
-      public_key = ct.certificate_list.first.cert_data.public_key
-      signature_scheme = cv.signature_scheme
-      signature = cv.signature
-
-      expect(Endpoint.verified_certificate_verify?(
-               public_key:,
-               signature_scheme:,
-               signature:,
-               context: 'TLS 1.3, server CertificateVerify',
-               hash: transcript.hash(digest, CT)
-             )).to be true
-    end
-
-    it 'should sign client Finished.verify_data' do
-      expect(Endpoint.sign_finished(
-               digest: 'SHA256',
-               finished_key: TESTBINARY_CLIENT_FINISHED_KEY,
-               hash: transcript.hash(digest, EOED)
-             )).to eq cf.verify_data
-    end
-
-    it 'should verify server Finished.verify_data' do
-      expect(Endpoint.verified_finished?(
-               finished: sf,
-               digest: 'SHA256',
-               finished_key: TESTBINARY_SERVER_FINISHED_KEY,
-               hash: transcript.hash(digest, CV)
-             )).to be true
-    end
-
-    it 'should sign server CertificateVerify.signature' do
-      public_key = ct.certificate_list.first.cert_data.public_key
-      signature_scheme = cv.signature_scheme
-
-      # used RSASSA-PSS signature_scheme, salt is a random sequence.
-      # CertificateVerify.signature is random.
-      signature = Endpoint.sign_certificate_verify(
-        key:,
-        signature_scheme:,
-        context: 'TLS 1.3, server CertificateVerify',
-        hash: transcript.hash(digest, CT)
-      )
-      expect(Endpoint.verified_certificate_verify?(
-               public_key:,
-               signature_scheme:,
-               signature:,
-               context: 'TLS 1.3, server CertificateVerify',
-               hash: transcript.hash(digest, CT)
-             )).to be true
-    end
-  end
-
-  context 'endpoint, HelloRetryRequest,' do
-    let(:ct) do
-      Certificate.deserialize(TESTBINARY_HRR_CERTIFICATE)
-    end
-
-    let(:cv) do
-      CertificateVerify.deserialize(TESTBINARY_HRR_CERTIFICATE_VERIFY)
-    end
-
-    let(:transcript) do
-      ch1 = ClientHello.deserialize(TESTBINARY_HRR_CLIENT_HELLO1)
-      hrr = ServerHello.deserialize(TESTBINARY_HRR_HELLO_RETRY_REQUEST)
-      ch = ClientHello.deserialize(TESTBINARY_HRR_CLIENT_HELLO)
-      sh = ServerHello.deserialize(TESTBINARY_HRR_SERVER_HELLO)
-      ee = EncryptedExtensions.deserialize(TESTBINARY_HRR_ENCRYPTED_EXTENSIONS)
-      transcript = Transcript.new
-      transcript.merge!(
-        CH1 => [ch1, TESTBINARY_HRR_CLIENT_HELLO1],
-        HRR => [hrr, TESTBINARY_HRR_HELLO_RETRY_REQUEST],
-        CH => [ch, TESTBINARY_HRR_CLIENT_HELLO],
-        SH => [sh, TESTBINARY_HRR_SERVER_HELLO],
-        EE => [ee, TESTBINARY_HRR_ENCRYPTED_EXTENSIONS],
-        CT => [ct, TESTBINARY_HRR_CERTIFICATE],
-        CV => [cv, TESTBINARY_HRR_CERTIFICATE_VERIFY]
-      )
-    end
-
-    let(:digest) do
-      CipherSuite.digest(CipherSuite::TLS_AES_128_GCM_SHA256)
-    end
-
-    it 'should verify server CertificateVerify.signature' do
-      public_key = ct.certificate_list.first.cert_data.public_key
-      signature_scheme = cv.signature_scheme
-      signature = cv.signature
-
-      expect(Endpoint.verified_certificate_verify?(
-               public_key:,
-               signature_scheme:,
-               signature:,
-               context: 'TLS 1.3, server CertificateVerify',
-               hash: transcript.hash(digest, CT)
-             )).to be true
-    end
-  end
-end

data/spec/error_spec.rb

@@ -1,18 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-
-RSpec.describe ErrorAlerts do
-  let(:error) do
-    ErrorAlerts.new('unexpected_message')
-  end
-
-  let(:alert) do
-    Alert.new(description: ALERT_DESCRIPTION[:unexpected_message])
-  end
-
-  it 'should return alert' do
-    expect(error.to_alert.serialize).to eq alert.serialize
-  end
-end

data/spec/extensions_spec.rb

@@ -1,250 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe Extensions do
-  context 'empty extensions' do
-    let(:extensions) do
-      Extensions.new
-    end
-
-    it 'should be generated' do
-      expect(extensions).to be_empty
-    end
-
-    it 'should be serialized' do
-      expect(extensions.serialize).to eq "\x00\x00"
-    end
-  end
-
-  let(:supported_versions) do
-    SupportedVersions.new(
-      msg_type: HandshakeType::CLIENT_HELLO,
-      versions: [ProtocolVersion::TLS_1_3]
-    )
-  end
-
-  let(:signature_algorithms) do
-    SignatureAlgorithms.new([SignatureScheme::RSA_PSS_RSAE_SHA256])
-  end
-
-  let(:supported_groups) do
-    SupportedGroups.new([NamedGroup::SECP256R1])
-  end
-
-  let(:key_share) do
-    ec = OpenSSL::PKey::EC.generate('prime256v1')
-    KeyShare.new(
-      msg_type: HandshakeType::CLIENT_HELLO,
-      key_share_entry: [
-        KeyShareEntry.new(
-          group: NamedGroup::SECP256R1,
-          key_exchange: ec.public_key.to_octet_string(:uncompressed)
-        )
-      ]
-    )
-  end
-
-  let(:server_name) do
-    ServerName.new('example.com')
-  end
-
-  let(:base_exs) do
-    [
-      supported_versions,
-      signature_algorithms,
-      supported_groups,
-      key_share,
-      server_name
-    ]
-  end
-
-  context 'client_hello base extensions' do
-    let(:extensions) do
-      Extensions.new(base_exs)
-    end
-
-    it 'should be generated' do
-      expect(extensions)
-        .to include ExtensionType::SUPPORTED_VERSIONS => supported_versions
-      expect(extensions)
-        .to include ExtensionType::SIGNATURE_ALGORITHMS => signature_algorithms
-      expect(extensions)
-        .to include ExtensionType::SUPPORTED_GROUPS => supported_groups
-      expect(extensions)
-        .to include ExtensionType::KEY_SHARE => key_share
-      expect(extensions)
-        .to include ExtensionType::SERVER_NAME => server_name
-    end
-  end
-
-  context 'extensions that include pre_shared_key' do
-    let(:pre_shared_key) do
-      PreSharedKey.deserialize(TESTBINARY_PRE_SHARED_KEY_CH,
-                               HandshakeType::CLIENT_HELLO)
-    end
-
-    let(:extensions) do
-      exs = [pre_shared_key] + base_exs
-      Extensions.new(exs)
-    end
-
-    it 'should be generated' do
-      expect(extensions)
-        .to include ExtensionType::SUPPORTED_VERSIONS => supported_versions
-      expect(extensions)
-        .to include ExtensionType::SIGNATURE_ALGORITHMS => signature_algorithms
-      expect(extensions)
-        .to include ExtensionType::SUPPORTED_GROUPS => supported_groups
-      expect(extensions)
-        .to include ExtensionType::KEY_SHARE => key_share
-      expect(extensions)
-        .to include ExtensionType::SERVER_NAME => server_name
-      expect(extensions)
-        .to include ExtensionType::PRE_SHARED_KEY => pre_shared_key
-    end
-
-    it 'should be serialized end with pre_shared_key' do
-      expect(extensions.serialize).to end_with TESTBINARY_PRE_SHARED_KEY_CH
-    end
-  end
-
-  context 'extensions that include GREASE' do
-    let(:unknown_exs_key_aa) do
-      "\xaa\xaa"
-    end
-
-    let(:unknown_exs_key_bb) do
-      "\xbb\xbb"
-    end
-
-    let(:grease_aa) do
-      UnknownExtension.new(extension_type: unknown_exs_key_aa,
-                           extension_data: '')
-    end
-
-    let(:grease_bb) do
-      UnknownExtension.new(extension_type: unknown_exs_key_bb,
-                           extension_data: "\x00")
-    end
-
-    let(:extensions) do
-      exs = [grease_aa] + base_exs + [grease_bb]
-      Extensions.new(exs)
-    end
-
-    it 'should be generated' do
-      expect(extensions)
-        .to include ExtensionType::SUPPORTED_VERSIONS => supported_versions
-      expect(extensions)
-        .to include ExtensionType::SIGNATURE_ALGORITHMS => signature_algorithms
-      expect(extensions)
-        .to include ExtensionType::SUPPORTED_GROUPS => supported_groups
-      expect(extensions)
-        .to include ExtensionType::KEY_SHARE => key_share
-      expect(extensions)
-        .to include ExtensionType::SERVER_NAME => server_name
-      # ignore UnknownExtension, so return nil
-      expect(extensions).to include unknown_exs_key_aa => nil
-      expect(extensions).to include unknown_exs_key_bb => nil
-    end
-  end
-
-  context 'extensions binary' do
-    let(:extensions) do
-      Extensions.deserialize(TESTBINARY_EXTENSIONS,
-                             HandshakeType::CLIENT_HELLO)
-    end
-
-    it 'should generate object' do
-      expect(extensions).to include ExtensionType::SUPPORTED_GROUPS
-      expect(extensions).to include ExtensionType::KEY_SHARE
-      expect(extensions).to include ExtensionType::SUPPORTED_VERSIONS
-      expect(extensions).to include ExtensionType::SIGNATURE_ALGORITHMS
-      expect(extensions).to include ExtensionType::PSK_KEY_EXCHANGE_MODES
-      expect(extensions).to include ExtensionType::RECORD_SIZE_LIMIT
-    end
-  end
-
-  context 'duplicated extension_type' do
-    let(:server_name) do
-      ServerName.new('example.com')
-    end
-
-    let(:testbinary) do
-      server_name.serialize * 2
-    end
-
-    it 'should raise error, if extension_type get duplicated' do
-      expect { Extensions.deserialize(testbinary, HandshakeType::CLIENT_HELLO) }
-        .to raise_error(ErrorAlerts)
-    end
-  end
-
-  context 'removing and replacing extensions from EncodedClientHelloInner' do
-    let(:extensions) do
-      extensions, = Client.new(nil, 'localhost').send(:gen_ch_extensions)
-      extensions
-    end
-
-    let(:no_key_share_exs) do
-      Extensions.new(
-        extensions.filter { |k, _| k != ExtensionType::KEY_SHARE }.values
-      )
-    end
-
-    it 'should be equal remove_and_replace! with []' do
-      expected = extensions.clone
-      got = extensions.remove_and_replace!([])
-
-      expect(got.keys).to eq expected.keys
-      expect(got[ExtensionType::ECH_OUTER_EXTENSIONS]).to eq nil
-      expect(extensions.keys - got.keys).to eq []
-    end
-
-    it 'should be equal remove_and_replace! with [key_share]' do
-      expected = extensions.filter { |k, _| k != ExtensionType::KEY_SHARE }
-      expected[ExtensionType::ECH_OUTER_EXTENSIONS] = \
-        Extension::ECHOuterExtensions.new([ExtensionType::KEY_SHARE])
-      got = extensions.remove_and_replace!([ExtensionType::KEY_SHARE])
-
-      expect(got.keys).to eq expected.keys
-      expect(got[ExtensionType::ECH_OUTER_EXTENSIONS].outer_extensions)
-        .to eq expected[ExtensionType::ECH_OUTER_EXTENSIONS].outer_extensions
-      expect(extensions.keys - got.keys)
-        .to eq expected[ExtensionType::ECH_OUTER_EXTENSIONS].outer_extensions
-    end
-
-    it 'should be equal remove_and_replace! with' \
-       ' [key_share,supported_versions]' do
-      outer_extensions = [
-        ExtensionType::KEY_SHARE,
-        ExtensionType::SUPPORTED_VERSIONS
-      ]
-      expected = extensions.filter { |k, _| !outer_extensions.include?(k) }
-      expected[ExtensionType::ECH_OUTER_EXTENSIONS] = \
-        Extension::ECHOuterExtensions.new(
-          extensions.filter { |k, _| outer_extensions.include?(k) }.keys
-        )
-      got = extensions.remove_and_replace!(outer_extensions)
-
-      expect(got.keys).to eq expected.keys
-      expect(got[ExtensionType::ECH_OUTER_EXTENSIONS].outer_extensions)
-        .to eq expected[ExtensionType::ECH_OUTER_EXTENSIONS].outer_extensions
-      expect(extensions.keys - got.keys)
-        .to eq expected[ExtensionType::ECH_OUTER_EXTENSIONS].outer_extensions
-    end
-
-    it 'should be equal remove_and_replace! with no key_share extensions' \
-       ' & [key_share]' do
-      expected = no_key_share_exs.clone
-      got = no_key_share_exs.remove_and_replace!([ExtensionType::KEY_SHARE])
-
-      expect(got).to eq expected
-      expect(got[ExtensionType::ECH_OUTER_EXTENSIONS]).to eq nil
-      expect(no_key_share_exs.keys - got.keys).to eq []
-    end
-  end
-end

data/spec/finished_spec.rb

@@ -1,55 +0,0 @@
-# encoding: ascii-8bit
-# frozen_string_literal: true
-
-require_relative 'spec_helper'
-using Refinements
-
-RSpec.describe Finished do
-  context 'valid finished' do
-    let(:verify_data) do
-      OpenSSL::Random.random_bytes(128)
-    end
-
-    let(:message) do
-      Finished.new(verify_data)
-    end
-
-    it 'should be generated' do
-      expect(message.msg_type).to eq HandshakeType::FINISHED
-      expect(message.verify_data).to eq verify_data
-    end
-
-    it 'should be serialized' do
-      expect(message.serialize).to eq HandshakeType::FINISHED \
-                                      + verify_data.prefix_uint24_length
-    end
-  end
-
-  context 'valid finished binary' do
-    let(:message) do
-      Finished.deserialize(TESTBINARY_SERVER_FINISHED)
-    end
-
-    it 'should generate valid object' do
-      expect(message.msg_type).to eq HandshakeType::FINISHED
-    end
-
-    it 'should generate serializable object' do
-      expect(message.serialize).to eq TESTBINARY_SERVER_FINISHED
-    end
-  end
-
-  context 'valid finished binary' do
-    let(:message) do
-      Finished.deserialize(TESTBINARY_CLIENT_FINISHED)
-    end
-
-    it 'should generate valid object' do
-      expect(message.msg_type).to eq HandshakeType::FINISHED
-    end
-
-    it 'should generate serializable object' do
-      expect(message.serialize).to eq TESTBINARY_CLIENT_FINISHED
-    end
-  end
-end

data/spec/fixtures/rsa_ca.crt

@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC6TCCAdGgAwIBAgIJAPCDjtGMCXxLMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV
-BAMMB3Rlc3QtY2EwHhcNMTkwNTI1MDEyOTA1WhcNMjkwNTIyMDEyOTA1WjASMRAw
-DgYDVQQDDAd0ZXN0LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-uL67dHTIZa/Lv+q/k2cTdXUyARn8EjKYWyWCSlJ9ixm9og5OudrqtjncVEf7m8N4
-cZ4BRztZjHnhFSmaezw79siK1e8/ZtNcKy6cQ6CirmZ7JgHhUTJTWVWqW2k3xp10
-Ur+fAUqOqV+v1iYlznbZSFyV9jkOKQd/kJwUSCpcd1KNDgTjeRI7h47ppAss5QdF
-8GSRnqa+z4yar4cc6zEEHFyvO/MES0rGN+wQ/aZ2Q5RC5tOACLsEndyWjiwnUSYX
-IpivEAb/MUoSsNN3okhBL9VUzIyhy3oLUcvEzUXrdHgXjkimISE74kOSIEqD/Mgh
-YbBOa/7ZZZeXjGu4tfoWpQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T
-AQH/BAUwAwEB/zAdBgNVHQ4EFgQUrMJjif5NxggfH013nhJ6vzK21hIwDQYJKoZI
-hvcNAQELBQADggEBAHNSeg80fBBbFmNQaRDCmAratdBVgXPfTwH2LF7OUZh2JJGA
-n/H0m3mLFgfunQhYgWh5/6T71xWx/A0pAI73WDA/v2UnMUkNcJ6DttUEcRmhZJ7+
-nmu2Ym4LN3dTvMtNe0/6Yph+6PR8cP56HvSu1vIxQTjN3Dadjop92k98hxbX5iVp
-I74YZcLyOYqWWp1id3lF0ro7uyW6dcxUJTf53LXHlGNrIiUj07ThX/wCKBS0yw/H
-+TCUdykUoiBCwgrl+RAn9EE1Hjt4D3q/vlZwzzddFds3kvP97CdjyP2M/60Ff9po
-Bdrqsa1vegwvAk+hRgocvrH3TPJslfycAada1zw=
------END CERTIFICATE-----

data/spec/fixtures/rsa_ca.key

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAuL67dHTIZa/Lv+q/k2cTdXUyARn8EjKYWyWCSlJ9ixm9og5O
-udrqtjncVEf7m8N4cZ4BRztZjHnhFSmaezw79siK1e8/ZtNcKy6cQ6CirmZ7JgHh
-UTJTWVWqW2k3xp10Ur+fAUqOqV+v1iYlznbZSFyV9jkOKQd/kJwUSCpcd1KNDgTj
-eRI7h47ppAss5QdF8GSRnqa+z4yar4cc6zEEHFyvO/MES0rGN+wQ/aZ2Q5RC5tOA
-CLsEndyWjiwnUSYXIpivEAb/MUoSsNN3okhBL9VUzIyhy3oLUcvEzUXrdHgXjkim
-ISE74kOSIEqD/MghYbBOa/7ZZZeXjGu4tfoWpQIDAQABAoIBAFlvC/QubKy9U5dO
-nvtOlN7xowlheOOeVp8ZI1+zW08xYNnIr1fNoH4iuIScbDNVh0MJSHkhRBJ7FflW
-sJAj8qtfHca/ESRIAYBuCfu7EcX3mnolwtu5zxuaGuQxpWyi4KMGXIUVgMaBqe+z
-e+3dHwamu3n82NwH4zswM6lTyHuCScvLr0d/Bbjq6v1pNfRhU58L3RNKDrhETrSA
-aQNEb7Z185q/B/dbDB810pcLaZ5ALbrM89sr7wD4ULPiAgDI7fX/0tK1/Dg4nQzJ
-6j3qrPoR6KdMmiTdtd2/jc3sRbNCBvzsakcGH/8V/47+8ysYGey4T7zBruvJlqY6
-tNkGEGkCgYEA61TM5paQhtzP62cK3b68KhBXFqxov0uV4kVuQFK5jBVVslpExnWl
-Zi+/YXJOOMt8oXkkWeyR2GmBl5BYYiUYfwZHkVWyImDfkYA5dyIpgoB6kGPANaqi
-5J+NCdj3PKgdYSZ7HPnm/pTen9m3Q/Dv5hjMj50Dd+CkJP7qKBavUDcCgYEAyPiM
-k1TgIvSvoVxCXi1yyuxOQgiiAaCBACiEyBpJYu13lVl4H9ziRMnhsXUv22ZsMd+Z
-HW05gMsn+EKifDBWnQqZT8ziRiFXoPylHOOOYbDVBjYMyTOT+ma9OZhJbL+bfTyC
-SjPkiZgIkPRUtqEYsgXZhrQd1qux03rrjUSGCgMCgYBWM3vSwzgxjlTC/72lOCao
-qc+cyI6d88v1VEVsXmEFBROc/x/OKm3pnnfV9A7fEvqWE0/TeKp7wTntELyvRrNQ
-ZDZ28BMOMLn0DCoAj4zw9qrulPtlLRn58M+y2bzGhTYtzfCuzoNkoZdiqldNFcZq
-XI8h0/vfP3Qg8RdIk/anxQKBgG64UGpTFnDrsV8Kvx23mEiny62hp++Rh8CYkh7U
-LJ4uCfXkJsQXIymWt5rW3xjW4sDPWUHXDRkh09F4lKAq2W0Hi9NlIzxT3j05M5Yo
-4CZ+D76uRHkMy3fm5lU2yyz4mydyEK3kzQHpGr8RfSJounxJsL//t3ivevbx/5gC
-qn4VAoGBAIX4k2ugHMPs2R7XVeieURm+otH9QJX81CgVyiLTN67je/0h3bVzmqcI
-SinujOpR6x+Xvc1fMfLEhDkKfO9L+iBAdIb7kd8lQXAdIrgUGhORmvAl99aRFLCC
-1FxaU9P9lk/WMXhuIkq1DmUAHzZGAz+/JzPiXezdo6POcPLoRri4
------END RSA PRIVATE KEY-----

data/spec/fixtures/rsa_rsa.crt

@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC2TCCAcGgAwIBAgIJALo0YKZBVqYnMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV
-BAMMB3Rlc3QtY2EwHhcNMjAwNzE1MTU0NTE4WhcNMzAwNzEzMTU0NTE4WjAUMRIw
-EAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQC65xzvPQrsXXRVsQ4rcrmvOF0gdWV38JKlhHUrS50//T0S55FUSBkuVXUDCZDx
-dOf0y/5HaMb3hm68+ld5B/oNtoPlJWW6Sgc8OLERQy9qGpwR0mXND4SnZ9or7RDV
-8tAEg/Hzq5rm6Xy2WClSR+nHg2tVh2Szde39j7o8ivJpHPzfEyZh37y9oIiY2/FP
-QpbAe8n3Ses04D3jhZRoysdcuneWuG3h5DJ9X4IhZUBM54nEO5IQElyYnF6xY/Lt
-Gykf8+ydiuAZpZF5FGGfoiKB7XdIwhSlK1XRFeBbHRqyAFjpSNtqy6RPdJINLseb
-wG6DNSxcLm91C6ZJaaqu7Qp1AgMBAAGjMDAuMAkGA1UdEwQCMAAwCwYDVR0PBAQD
-AgWgMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEALqaQ
-J5H9jB2VmIEDxhXAQTeqW1Hmp0oHhL1XcAvNS+JILjFfAdjMe/3Kei3hQJv8j8sE
-uck3o7iA4kcE0ydUzO7TM7efjqcksyZrmWSB0xj+NHjcybwhD4Selr1vBSCU0IHN
-Ap+zYbBX7eQawm2lIzniBvS6MmP+dgZjhy73FVQ4oSz+wTcg1iPkhulYL4iV/HSG
-fND5gUvlRbLHGTETpCdq7iJNOpNl/OYboJLPvVpx8H7Jc+L2bQl05fj/koO35xaL
-JuZGj5aVOKw45WvqERpe1RI3077dWE6bAr9DzrW13IqmFMbPD817pcB6+ILZnMAF
-RhobWRU6PA4TdDP8bg==
------END CERTIFICATE-----