diff --git a/authserv/test/test_integration.py b/authserv/test/test_integration.py
new file mode 100644
index 0000000000000000000000000000000000000000..1c536a3c42b4dbe4442d787de28c394df47408b5
--- /dev/null
+++ b/authserv/test/test_integration.py
@@ -0,0 +1,97 @@
+import httplib
+import os
+import sys
+import time
+import urllib
+import urllib2
+from authserv.test import *
+from authserv.ratelimit import *
+from authserv import protocol
+from authserv import server
+from authserv import ssl
+
+URL = '/api/1/auth'
+
+
+def _relpath(x):
+ return os.path.join(os.path.dirname(__file__), x)
+
+
+class HTTPSClientAuthHandler(urllib2.HTTPSHandler):
+
+ def __init__(self, cert, key):
+ urllib2.HTTPSHandler.__init__(self)
+ self.key = key
+ self.cert = cert
+
+ def https_open(self, req):
+ # Rather than pass in a reference to a connection class, we pass in
+ # a reference to a function which, for all intents and purposes,
+ # will behave as a constructor
+ return self.do_open(self.getConnection, req)
+
+ def getConnection(self, host, timeout=300):
+ return httplib.HTTPSConnection(host, key_file=self.key, cert_file=self.cert)
+
+
+class SSLServerTest(unittest.TestCase):
+
+ port = 63127
+
+ ssl_ca = _relpath('testca/public/ca.pem')
+ ssl_cert = _relpath('testca/public/certs/server.pem')
+ ssl_key = _relpath('testca/private/server.key')
+ client_cert = _relpath('testca/public/certs/client.pem')
+ client_key = _relpath('testca/private/client.key')
+
+ def setUp(self):
+ self.users = {
+ 'user': FakeUser('user', 'pass'),
+ }
+ app = server.create_app(userdb=FakeUserDb(self.users),
+ mc=FakeMemcache(time.time))
+ app.config.update({
+ 'TESTING': True,
+ 'DEBUG': True,
+ })
+
+ self._start_server()
+
+ self.opener = urllib2.build_opener(
+ HTTPSClientAuthHandler(self.client_cert, self.client_key))
+
+ def tearDown(self):
+ os.kill(self.pid, 15)
+
+ def _start_server(self):
+ """Run an SSL-enabled HTTP server as a separate process."""
+ pid = os.fork()
+ if pid == 0:
+ print >>sys.stderr, 'starting server on port %d' % self.port
+ ssl_ctx = ssl.create_server_context(
+ self.ssl_cert, self.ssl_key, self.ssl_ca, None)
+ app.run(host='127.0.0.1', port=self.port,
+ use_reloader=False, ssl_context=ssl_ctx)
+ else:
+ self.pid = pid
+ time.sleep(1)
+
+ def test_request_failure_without_cert(self):
+ req = urllib2.Request('https://127.0.0.1:%d%s' % (self.port, URL),
+ data=urllib.urlencode(
+ {'username': 'user',
+ 'password': 'pass',
+ 'service': 'svc',
+ 'source_ip': '127.0.0.1'}))
+ self.assertRaises(urllib2.URLError, urllib2.urlopen, req)
+
+ def test_auth_simple_ok(self):
+ req = urllib2.Request('https://127.0.0.1:%d%s' % (self.port, URL),
+ data=urllib.urlencode(
+ {'username': 'user',
+ 'password': 'pass',
+ 'service': 'svc',
+ 'source_ip': '127.0.0.1'}))
+ resp = self.opener.open(req)
+ data = resp.read()
+ self.assertEquals(protocol.OK, data)
diff --git a/authserv/test/testca/private/ca.key b/authserv/test/testca/private/ca.key
new file mode 100644
index 0000000000000000000000000000000000000000..52636ae73d4df77a061f71527735287026733efc
--- /dev/null
+++ b/authserv/test/testca/private/ca.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIOtp3iRJglHICAggA
+MBQGCCqGSIb3DQMHBAgD9J9TssCqTgSCCUjTlpWg6S2kz9ZeGPMb96pRj+XXbUPE
+0D3po5w3+GQQMTqjwx50PhBaFzAQYYpunM0yra0oY5EEfQuCxNW7KehE/nvNwpWQ
+Hx12ScLLZzHI+6xbhegSQZPcNs4o58wEkzSiGybeS4gy22DylyVPNybn/CKYF4dm
+4KwZ+ZHdOjRkgbwOV7Dru2dgiNAAertDbBl0tvgYmNQjQVZq5aPJlFiAX74KFkOx
+l4yLD7qzgx6KznfM882B9t2nCXSeHwxxw+rOhC8GheW/bvEy1CP5bGSyy29iv0Pw
+zdO0zZyW5lkIPYh7DymS9dQkuSr+09bt4/tCXz2CVzWwMmzmehOBNJLroUrwU0bi
+0bTBeekZbBea7L3pJ6npL8WETHYKGKREOuAMXhPwi7x5cvHBC7QQhae4kiSbJCnp
+Pe1c4Asj0k71gSirQuI2k6sX4UlFGGDczJh2rde0s4aXMbR9IY9jNcIO9S5B/wJl
+7BhGc5bCc/HMfih/eVkKiuFepo03Rqa6HMhdew+NexQC5Daipv9LqZF1uK5kUF6p
++0WQw5i+Zmxf0w+RUqwKOdZfudTcGfrFR4aQvB5ywfGF296drHMc1gGnV5PsxpTE
+2E2Oa4PcQysAQihThyHLiZ4DA+kQz54U4K3TXUQgYktzxGsp5m+PuWiUc1PCaMSD
+XGwJcVp4xGC5WwFuXffud2TLIerz3Q2KPyig3lw87CpFDHXDFcA+bQyB1WwvXZ0K
+obMLlU8BI84crKQPQxEfV16vPP4aH+uTanhjErGqtl7lu5G90/Kf8j5ihbXyVrt0
+EBw8VRFGYiE66oA0yNQRjaoTLr+E53Di4OmNrwWw7L2mCaq9vAO1GTlCEobN4+mQ
+3AOhp1QwNBPiGGD23E8IevD4MwVkpBc7PyR93HDQJ3Gz7Oj/Gv2pnVdaJBB4j80X
+fM19zeUsZAEvwnoNF1oORngONJpiib+05YY/xNNmflGcgAGXVGN4A9cTXf6R+IPe
+lkJ7kGC18nmY3y1zRZEf1mAhz4ssNAHGUesD6Lm8U9OjLoTabOW0YOFxcUcpzMLp
+UgP0Fi7d1vgNNgWNeg4tN65S88svgyJHTiAfpGN4CKVms5rGB6iJFMGPBTOgpS77
+Tdgmap3gicUPTSB0Xcxcu4F8SNYKzjVNfKfvJoCch+5KeNkH4P7n6/Wg6I0m2ubj
+Z1BTfTirmWkrFyY+7sJmv/vzI2lZuO2Oty8Rzg/0/kVuIJtAh53YoS5FCAmrnaxV
+9gSE93vx56oV+fA387qoX+yvbwRxTa9mzQfLnCawyRMJEL1rinU6TA3ypt+uMznN
+zGwJPgth90tI6wo9joQRU09uuQrK+GRJ2OKhT2sWb7IQ6I2QKQSa4SBAgdeyyxSO
+xZRi6/zdMmvmSCC7oQOSWEfI3Hbu8F05flu9zkE/zcIhu//ZGsG6DoUN7QWhmpKZ
+LGt7QnMb+FXluvwXh9gOmCRBT4tSa1rPH7tHyNj/Ra0wXl16P+Me8R+be+IJZZmH
++zDyi+aLfE/cnqPaJB2ZUEnOV7Gi1r0/roAhDCJCSUAQ6b/V0KqbB2ytlKYN3xNX
+AaMfAlL1IJXDYwnQSXvxhyPDa570DYfesSL0xjEvoUBkpLO4SdOSFnNilLAt60TF
+caKQrEsPp14LokUPRQkiOl7XiWZqqkzS9nMMu0bY38/TufL+raYhEy5wtlLDwYNP
+dnaT6ohLunKYnh0wedFxndBSDc2Pu24vHOhjiwSgszYgLnV44uSY4/sBSFW2zCVK
+QnFOAPN5+94HgLJFjnD/wT/WJrB5d5RRCvrCObnCr061mItIHScCHpHbR7lEWZSd
++wfm4LTqbdUlzbOxCkk2ixqH9YCDqZBr1b+iHUGDT539x84Fq6/QzCcTt2QqKATn
+daAckXxm48eoJ/og3+xcX80gLaquA1SJQcJXP9LfhYx2qwvPuz9mqt2jS9FNJX9b
+hrNUdxgCXTASxYrxnW+a8z/V0Lgnc/pRA2Beg1rdkgCDnA9pMrue/JPvhb+9fkZF
+vQxscvTWQ1a38HoozFw21g+QDO7nMtm9R26FkB8+KPbAgtV+TckdtBdBGTwTQ5Og
+8lKf+tCnct3zun6ero1LqsI6rN/+aY09dTVg1YncBcg4i97xEqenCaQTPtoeSP/p
+9/213VBsz+CYIZttPfLuIEjCSzWmtZUe7pROgh+f7WQMqMtU3OrO4fQENiS2K2l7
+HWJmNluGIsaFZF/ze94EPbFJYwnCRN5P9ga1i8U122wgi12bQ0hPa1aAMdlvL03K
+1AE3gPZ62coBnEA8yEHX5lFSSgAL4LLa5p6CJ21qIZ511xv8Ta82O0GGr7KWefxZ
+yRPPoc1ctjs8R6D9xNUrprxRB07dNtkxCBw3TwbECSNWHzOsI/Qy68wwV5h8I6W+
+eEYUoyFc8xHc50GcxpktKM9B7tClMA2FTUNsIPYqphEWJx9jgcKAzx+5smqW80wd
+8hMaLKFzWnx2QRBCKggJjtTAAEONy9vJXmwK+tA1INuaF13/KislcvEvOtTwSUaZ
+3iKzZxTfFltkH4jk+bRFoTgXME2PGjD0CYHWIPi4wZAAsIRG52T4ook07EPj+jxV
+dxNiO+VMIr4GYTahXZSPUYB0aQczjYyHDL0zSuhngGEMLKCWgsVAUDFSFofXHQwy
+5dthAWLakyj2CiPR7ftdX3QZxDsS2PjYlwV287cGMJdZ2GYpEZAIibpAi6tPk+xl
+2PKAMT/2Wt2kL3muoA0ClvYnS0lRzVAJIgLGKhd0ehiuO8Errh9ifTEzFO1ojoer
+tCX5cFNkL1nE6JGa5fIcLphLVwX3MBcHURIsDDcUf+dTm3R2F/mTkXkec7R8ORG0
+Tt5FrQwwuIP0CQuVLxoo0CD8tdja1Z5PGX0S4anqHaAGoRjrNYXAQ1b4XreHGygw
+m7PUp1Xt5kEyueNaXJ/t7EYrN1y1TYmhCfaiLaz5UVUZwqAbajRxFCmEKU41jRpi
+tydZr/ViLemCCA7bn3eIKfkPdKyUdGh92QzPBHVHakSBF4UKZvWWht7ygA895F+4
+OtlTwjaOBivuXBXQ4tsQsoRrArOSWi9m982HVzU9RtZEhwwKNoGA018DkKVouO6K
++bOTE7zx4WyMdo9ICUwIaXC2v03OsVBeXYbj2jteF8YC5I28OCHlUF2YHh+4gMSA
+dSM=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/authserv/test/testca/private/client.key b/authserv/test/testca/private/client.key
new file mode 100644
index 0000000000000000000000000000000000000000..770881d175e8ba9f323d0f87399fd0c4723fdc3b
--- /dev/null
+++ b/authserv/test/testca/private/client.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDB7+uf3RIwpELj
+dArlCjcoZ+6o2nxxnQ/6tbpHtsAlrhmszKC86TH0JsKPOH6Aljp4ruHJOJKo0wU/
+x0a4CoTE7Tb3lgzt+7K2a+WQfac5j13BhPEzlOzpJRRUmn5stRQ4ytOPxI7U8XWN
+u9v6+v5dUjELeyiXHx/8cZyUnNi0tcKXEZDtBri38q0dVqPPeFX1jaRLa0myfo24
+j5HeTxozyW+pBdysmNxvJ0/xwViB1vLk+k/e05t/RJmH7lvN4t6QhAzVKt7wVhzO
+yPHeZynz8TlZpdQ47PPmK+ABxujN0fNUE56FYoh949CeeYTyUBH88oFZw5EJfcSx
+4mNwgZ4wkjhomUTyzJulg4fcrJ7dBWlY24pzneq5MDFrXdUAXLNN6tgWLgLoC+bY
+7/ygKwssc+0oxOn7G7rqbxQzE7az2YWITzXNE+jtUmhfd2s+DPeY+mKYXfFTfPDK
+hlghZTHGWqHPvRCCewP5Th7HeewyCsbJ1Nk2huqyF13opP9Uzmh2H0RxWtUO+yKM
+REd68Epyc9t9b/1uUmCpF1Dd9fr+TW/8JL+edWxlEGS3YbPGuWC87iwLrcfPGGE3
+g8S4RYyUUl4TZpmDFZYDxCAtkOG0vtYd8sQ6tXrBaji7KPk7XB8XHq1ERPKhSoEf
+caIpTNVXi2g7qX7G+a/cZAFw7clPuwIDAQABAoICAQCXFQAbbw6PpDeTmEAwhA/K
+Q4VSN7tAixn6tv3ihkUUVZgc3ODPql9HE7b3+gvawq3UfHDa4F6odJQfRnAaSd96
+xk3O/S8farijklSphqnylnR0oMuC4p7ZVhCLhDu/FiYlxCSiWH7o9x4cB2BtGoF0
+U+ZvSkepyw6RDDTuNW5BAWQRahbcACOA8eXY+DjvFJDqlaiLNI6aJirjv7zkUf1Y
+oLGDHFT4hLEdSqPl8zivFbPtm+8C6Ri3QcrVcWRFdVrrfGO+4QICeyNAGJ0MJJQz
+PRXvd9dnbXjoM//zgnC0fr2wHwScZtFsOUC5ZHOkjaolwwnv0wG3QiosZfAPonqH
+guFQeHs6j1CKOJUDbu5WqwXAGSxI77uMC/V0wWA2mCdzTxOesxwdYl/neFrGcrKf
+vwBxL7Nrf0oJsB0xnoZS2+Debz4/2WrR9UQqTKwbfjfDJGR4yCyLoiM6VegnN6MX
+ENHjWUz5yXaXXEnCD5/2OIpx8ttJ8zReTqSf3tFXo6f/EW+GbOJQ3j/u2J2RDYWv
+YDRQmCjSmBjMYwhpz5iDQ9uJMZob8pBrDGpiKiR/iBsYAaYGo+WdLPhIkaFRU5jS
+C1SmlayDVT0sc+ARvVFJYdiSv5Cx5T4M4BEk5+6Lnf1ZhVlKz/r+jhsw0ir2oWfi
+LxcNlL/Kd1uSWGWv+QenCQKCAQEA5WSSV//XyfJGysFuihKGzBqlovDXLYbS94HH
+rW8qFUDKmbD0S+xTtiSvBLxTCbg5JwBQ1/CORtbC3FD1IwYRgn8cXzhH+pql0A2z
+zQfB+Cr6VLqrikY9Cu4GxQ082PM5iWJJUvg0mZZMtuWGsXgcOHFqxeaX/c9NSzmS
+7BGOgvfN7JoHdG5So6Gow0A0HoLiXnWGi4gpMzuoVfxzQPHa4yfD6/9xxVUY/SXc
+ysiD3cpS9e2mqsSluDuCdocQqC5s+3ZVIQngJ9Lklhy09Ci6OJMT4fUEhRGRerdT
+2faWVCDqTAcnWcdUnfCj6RbDMV6mC4s/x+1ejzFXb/27n0lO/wKCAQEA2G6Np8bZ
+BVLaMNqgmSAJf/C7vZhDACo8suUJfPoyhLsLynY2Ye+qsNwpxGjyh/6S/+f2tQcg
+wKqRDR6phXJQ0/2Hpn+u3mpoOK4PE/NWFP5akEHdfXuLQ0TlA3j3tpFSKq6A5dqS
+7xcYSUwf8CaYuEV2vSuBoFDuzFZ7+8g1/vxA9VgTgNcI9LmHU0G5TFfL+9j0wk3l
+DMutdINhb5UXI3exnWJYmU39Lr3BXteEUfRjt+GcQOvhXRyEvYaRAtl1rPIIZmib
+GlNsCDqb9drYlSoPg/F59hslSOnhKxnz8nEnNV1H6LVIWKh0r+wQSZJX/bk1kMMl
+zTVmFLZAhG37RQKCAQAeQXmb6b7IgBAeRg0SYQcufIVETIfVFWdWBeQUWAkw7G7M
+fq56JR2VdJkxArXhHk9LeZswICZj6YeiD3uFtxMwJxvS41V7FFKyclw4usE2vlRu
+QIDHqCP9ARAbhXd1Ff+Mw03wh5RIfa54oSV22uS9/RecKqH5dBI5zco3IMmvNIgQ
+oPBCxxpXQsdDmYBGVfUNiGrKlJb6ju/RB48cDcpVE7Wftv2GjYbSPOA2TuQ1qK3w
+ifvlojJJbm/yujXUOOte72ijBu5t0j8cHYUwfv6w35VLxEloU7zgdrW0lfWV+xFs
+HbVu/f+HJWo5ICt2o4k7FI7BC+ng8R0bRFgu1jh5AoIBABMVtJIN28c3ZhwWu0Cl
+bZEFlliCm63hC5cu0SZfHaNMpx6ETAlYy/FqiJhUNMa/MRE10DBoX3/9ymqgwIwO
+54e5/IM3ESF1upj86EF3HKkfQLclx7Uv9rjI03T57sX/jIJM/vrFyl0g6ThVaR+R
+F7hwD6dgtb6ARH5qReaO4gwJDGVWDeo3jAegcIlr6z4LI+aiW/riSYdWUoZKq4Xe
+XLr47AWXzX4/PUso2mtVj8p2RXDKiS/EXQwL3ryjqBfbOyAz+3+kS8EHiCg1mtkU
+IjMNEW8uFPYZsLD8Rqm5USSYy79N6XBgw+9lc1yr8Ue7itzJvypzutqckdLTu16y
+IA0CggEBAI3nIKcE+Wz+nJalJm9Vxep3/W3ZAbjK2lQjON5+bY0DnqIT3p0+uxbL
+JXNnyEtDqqWh67n3EnrOp+ypp4jrnx8y0Rp0QL6UsXbq12oDNA24t8HCl9ZeTQCN
+TfMNb0a+Fx2ploGYlLFZcLHHNXsYEl6s8+9vuq1fNA9jE/QsDtjR++MhHm2pn+Sn
+ZGal8tLLm78PRGzUK18YI3rqiBps3qJymSR3IPx7H34D1WnFJlVZPrb28/rkP0vb
+18su1LhQ/uUMBaKxcMUyDrEyFrkHOzH5/41QhjjrL0GEidH7q8ncQ1niHZLs8+bu
+3C6eHbLCkK10EXW6h+czeZ48oBjoPxc=
+-----END PRIVATE KEY-----
diff --git a/authserv/test/testca/private/server.key b/authserv/test/testca/private/server.key
new file mode 100644
index 0000000000000000000000000000000000000000..d4ffccb60f93bae5da0153ec63a3f6a6e58e5fdd
--- /dev/null
+++ b/authserv/test/testca/private/server.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCX+sQG/Y3MskqK
+BvxfibzUML3u/haLthoAqFSzHH9J4VD6mqCcdz9ZTxbYHTC24MVeeMM3RQgq+E/6
+b6tqDnDy+9sM42t/EPBEWD4KtdR5YsNtXsQfs/EQKVcTOH8+b5wiRxCguIRt5RDB
+fgk8ELbtsKh4W7pxrW8CK1ElFw9mfVOZP+KpcFDmywwQQEWLZnru+1lj09+4k1PE
+/DuE1MfrZJF2bm90mEh1WjfF8BpmTIdHkVFNbo1uhS6AjFBieKkoSuj9pAdAUfGb
+OxN8B0wda37KvTeGryJqrVOpPGGzVm57l8nW0FLI2WK8cGWqT6/UgPxx9HSVstcG
+ZJmOINAfQz8M+Z8q+IVjmU6T9O7smlntCgqBJ97LD9DDiwxkSYWS/myKj+U5Et7N
+MQvBVATGnWs6C54+K1a/Ah0E2z32wdiRQH3ChmTtJIImbsQxrErollyyRkE7z8Ih
+RypUWDzxqtQ4LzFcfRcx+SdIXy7ofuGHDNfCyv2qTJMu7ge2/aow5g4zggam2yyw
+UvBmKg7Y4rqN1FQv3VBCXYivD/2HLyFqIEK4+ggCZSDxpzj/KZXN1fhrMGH+D55n
+QIp+QPk6BHFEGcbNiodVU8hzuFmFxEbl5SshBa+YPfGL8hiontGsyLbPszHXvhOE
+5mRGg0wiKrLV4i0LGd0OGAP0Q2VkPwIDAQABAoICAGrkzqGYDvctY64HUdSknTKl
+gcGp5xOnJkzWGJTN8110Y6+PuG20ldLsBMZGabAHEerrh2rFXARVGHOtvWPf+mN8
+70n2XvJFaKi5ZBHGaEZkR84SPGGL/359hSgYsa6pc6jMUQ6qGULuPUXKrxYXL4Ko
+oSXeZpl0AcMF0pIC0Ssl9Pmx7Gt+eviJUdfQTNnKX6bdFLdZG17ICMBhJD++JUsU
+NheVf0EDptsbdGT9BqRzKScWN5f9rO5SMC3sAtHvyhJz9cIIb602tXeYKpEu1MNQ
+iyJvybEqV0uu00wSEym/HgBB943mgoOQGpkteOQ8HhCaFHTWGnX8Dq8JbNOBkr+E
+1Qq1cZlZNch664dB6lNwD9M6HEKzXCHXhYzyKVidzOnDrneSKHOpIfUIizkI4OvK
+zW6ov2ngq29BFQeFQBhXvnBNwSh+d6roGtBetdvxQc/t8/Hn3AN3Lj+cGAyUtwjt
+R1vIoI8ILt8jUlVIx1sVGVGZt2jHu7PQ9KTqRteorzFp7SX2crCWaASq+FCiHx6t
+YNjqKKmYVBXXvqHmyjDN3t2emeSH7xI+x9N+CjTKa7cNLeF31qcOTf7xz928kAQO
+lRWj/OqdbYsuZxi14Jr6tAsJgKuQ8JYeP4jUrkTQjEY0djwOiqJo9N7Xo7l82PSq
+xrOFNkGdPTc/SRyYk4IBAoIBAQDJhbcHc5TuUB8TrvR64pfxwPIMfwQexq6WlCjr
+oUfUl6BJCU/MJ6hJ9X17vxSuwEWBusvUn7Ulgv4M1uYw6EnsRg0ylSkg5hpn+FpJ
+Y3j2F5s5PpG5LwUgCpyYvJ9hUqQLySpoQzLA/E4/kJkR9zk5UhMLs4p5J5q9n8D1
+A8TbPvgucMBwkKtoD382+9yLZMpnoNSarPzZVx8R5Tm+/ReqU1JR7EgVqUCOM3vy
+INbkQGHCnrmJOAB0rDMuQbbfpQ/H2iu1HIHyQkL3eI3ReI9qoPfkEv8cha6gGQqr
+FvFNAl1l1mdwdnfLPIry2NhuCSN0ngGLnns/BbS0q0uRU/EBAoIBAQDBEHW9DXEG
+c/igSA5YAB21KKBjDba4Bu1DWiLf2fLTNmeZu/XbFTAkC4E+rl9qIxhFh6WUQgme
+jEWZ10qZecKVaT14flldJERq2vUQJ9pjlY7drp0+sQmzMIZF/JWb/znl7fwzFQTZ
+JWgUryJyZXQwPL+XPK0KwEajBm9qyQgzveZPYRHbjuElhloEptwI9AoGJCVzeFDf
+XVqzWiPAcVQzFV9kJxg0imt1F6UA/O2gFaxzHTAV6ouTcVU2MiTuQal5q2dzTq7Q
+7w603uDv3OuDW0+dKWjoEZvqPrilpFrW7sG9Ry6aWBGJmaiXd0ZWVoqSoTcmn6yK
+8ijzeDok+BU/AoIBAD76U723aEalsWCUX4D7yWJa2wn+s8nua2dRfAxPRcRxcj0A
+9PgnOJeMaZ+/knYeTlqBhuu20YSckEpw6lVEcr2tErjJFqZaYsw1N/oRZR77N55H
+KIFH6YEe79tnryNaETxBrMgSoAzhjI6e4MdVjIOWW69fd5nvP5OdFk8700x1PFg/
+ElTbUUXe+fGz+jNx1zNVdruz7fz6FhKgoVBHhhrLmUFS5yAl2a/W9RgxHRcN679H
+nVH9t16+5evBy6XOzsS1MM2T0CRmgskV2rQoyiEXlwCm0yUVvgH4cXYQYG6hm5CU
+1ZS24S8Zh47nJ5QTtQnfyznX2EpUvSltEtui8QECggEBAIf2GIRn1+Xse/YcaIWO
+p10x3CmFudzFfAeHjbHJYhleYf1BAjYkKL/pnj5PPICZcHleuru6+d0++bEKjc2h
+kuf3skON708JwGjkA9s5xbGF3JO/aZuBv8wCaz0UUSQHzHVhcM9kiQKHNlICuCaJ
+zhY+YcqW/2Hn4JbkbEhuhKkzneLfAF13tJThlbla7PAdNIX4pKs52vJCYyKVY0Ie
+TWagMYptgb1WkbBnU1trw8iOGuECeB+nCl5uXM0K6Tkk4r39eKAalEAtalTz9MLW
++MCL6HhMdkWgSQXg39Y+9X4RrDyoyWgGh2s43CK268DXt0Tl5dn8bt13BmHXlFL+
+pq8CggEAKRgRie0InUZsBOsDJUgZmKFqcAIt82sRJMRAOsnZGB8CJJ45iguwLzbp
+B+kTlC38KWs/i+5Rbqg2LUZ6q4Wu8DxJ3pLz/dybZjSt51eTy1vGrlW2EEsilDhF
+AOUm/zDynaA3unexauU4ObyHAsPOZnpHXEuXDIihm8PNBLTClGeMCnlTUmrIuZiR
+AeIcJZHpo0OL9vc/SBmGlRVi8/IJlJ5VK71Pmu86c4JpuMtMwCtQ9YPdWl6ljDOk
+P/tUmIdDj4wZQsqrjxJd8OAQXjaH3gEHOfDcXDsCDQVjyBuYbyf1bITVJE3hSNlg
+T2arx0fw1ekkCP0GX7U8EqHea4VR7g==
+-----END PRIVATE KEY-----
diff --git a/authserv/test/testca/public/ca.pem b/authserv/test/testca/public/ca.pem
new file mode 100644
index 0000000000000000000000000000000000000000..7d9dc02568bdf6c8000f52f4c4dfc26dc6023582
--- /dev/null
+++ b/authserv/test/testca/public/ca.pem
@@ -0,0 +1,135 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 331393242 (0x13c0a8da)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=XX, O=Tests, OU=CA, CN=Test CA
+ Validity
+ Not Before: Apr 18 09:30:41 2014 GMT
+ Not After : Apr 15 09:30:41 2024 GMT
+ Subject: C=XX, O=Tests, OU=CA, CN=Test CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:dc:3f:a4:80:b0:2f:1f:f7:b6:c1:54:9f:51:b8:
+ 88:56:4d:17:ae:7f:f0:90:79:63:eb:f4:72:78:c1:
+ b9:05:d1:d1:ea:97:3c:d7:b5:67:5b:7d:1d:98:dc:
+ bd:61:0c:3d:2f:7b:01:6b:49:a8:a2:21:8b:09:38:
+ 4d:28:0d:e8:fe:6e:8a:8c:ca:7f:95:c9:e2:25:f3:
+ e8:5d:79:2b:56:7b:9a:28:c5:c4:cc:b6:6f:40:dd:
+ 1d:05:cb:39:ef:cc:28:b0:e9:7f:26:d8:37:06:93:
+ 6e:ea:f2:0c:fe:c0:d5:14:20:8d:c8:cb:33:bb:30:
+ 8d:e8:e4:42:1c:75:01:0f:6f:32:79:6e:ac:20:76:
+ 73:83:fa:55:d7:7b:20:2d:f7:3f:26:75:bc:f9:ec:
+ ee:a4:1c:1d:18:cc:dd:ac:16:c0:f2:54:5a:28:a0:
+ b6:a8:75:d0:ae:b1:aa:7f:33:21:13:b5:28:28:eb:
+ cc:b3:52:27:14:86:4b:44:a0:68:04:bc:95:65:e0:
+ 8d:d7:f0:5e:5c:6b:45:71:bb:44:c1:37:f1:64:a5:
+ f0:75:10:13:d9:ca:cf:92:33:6f:69:45:8e:79:61:
+ 5c:79:2d:41:28:fe:64:08:5e:fb:62:26:90:68:f2:
+ 80:43:25:95:90:b6:a5:4b:d2:40:3c:62:37:2d:6a:
+ 67:8d:b4:8c:62:1c:ff:33:df:05:12:88:29:f8:42:
+ bd:d2:ef:29:7a:01:c0:36:14:48:5c:4c:e1:e4:60:
+ 6f:c6:06:c6:66:56:d4:b0:04:bd:c2:e8:a2:22:9b:
+ c8:a1:0b:81:b2:3a:ca:f2:e7:84:e7:77:42:e3:c2:
+ 77:c6:61:a0:fb:cf:d1:23:a6:65:0f:e6:2d:b5:47:
+ f8:3f:89:56:57:bf:a9:c3:6c:e1:dd:b0:b7:77:0c:
+ 12:d9:ff:f4:6a:00:bd:8d:e0:8a:bb:e8:f1:66:12:
+ 30:7f:7c:c1:ff:d6:92:e3:96:da:f7:e5:01:ba:4b:
+ f5:97:f3:c3:bc:dd:78:c6:3b:b3:3c:88:4c:cd:99:
+ e7:3c:e6:46:0c:6b:60:08:04:38:e9:9d:58:69:13:
+ c7:e2:6d:99:52:b9:57:7b:e5:dd:f4:f6:25:e6:10:
+ e0:1b:36:da:aa:45:49:17:57:68:c6:e1:b2:4a:4f:
+ 5a:c6:ce:71:0e:91:bb:0a:65:6b:b0:fa:1d:f6:9f:
+ 42:ea:2a:3d:74:f4:65:d5:80:29:55:28:54:7b:e9:
+ 65:e0:99:52:79:b9:17:ad:e0:9c:26:b8:2f:ff:03:
+ 1a:8d:cc:95:f6:e7:7f:bc:a5:98:39:b7:2c:9e:15:
+ fe:c6:36:af:e1:bb:c8:b4:f1:9a:3a:0f:b6:c5:56:
+ b9:b3:c9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 7B:3A:4E:5B:8E:EC:4C:55:1F:2A:2F:A6:97:59:9D:0C:CE:B6:5D:65
+ X509v3 Authority Key Identifier:
+ keyid:7B:3A:4E:5B:8E:EC:4C:55:1F:2A:2F:A6:97:59:9D:0C:CE:B6:5D:65
+ DirName:/C=XX/O=Tests/OU=CA/CN=Test CA
+ serial:13:C0:A8:DA
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage:
+ Certificate Sign, CRL Sign
+ Netscape Cert Type:
+ SSL CA, S/MIME CA, Object Signing CA
+ Netscape Comment:
+ Test CA
+ X509v3 Subject Alternative Name:
+ email:test@example.com
+ X509v3 Issuer Alternative Name:
+ email:test@example.com
+ Signature Algorithm: sha1WithRSAEncryption
+ 06:3e:df:e1:66:9c:27:fe:8f:4e:10:c0:09:d6:0f:8f:ba:ca:
+ fc:33:cf:e1:d5:7c:83:ca:5e:f7:28:1a:a9:b7:64:d2:42:66:
+ 19:96:f3:38:90:39:99:6f:65:11:ae:03:52:8a:50:7e:32:27:
+ 80:d8:fa:28:1c:55:a9:e6:08:bb:da:60:9b:d3:ce:82:1e:a4:
+ 27:9a:0b:a5:bb:2f:22:49:74:ad:cd:0d:de:ca:5c:60:12:30:
+ 30:3b:6d:34:9f:04:55:5f:77:1a:1d:c6:64:f6:dd:42:3e:e9:
+ d9:98:4f:ea:37:9c:69:25:bf:f7:32:8d:51:a2:2e:06:8c:0d:
+ e4:08:48:cc:30:17:2b:69:e4:82:f8:e8:b4:f3:0c:58:48:18:
+ 79:30:2c:27:40:24:2d:b7:15:b7:65:66:7e:ce:a5:61:de:2b:
+ 84:68:5b:6a:b4:92:7b:0f:a1:6c:e5:08:40:ca:35:18:8c:90:
+ 2a:f6:ae:ba:2e:86:47:f5:6a:87:2e:af:47:df:c5:c3:3f:c0:
+ 27:11:90:83:60:61:2f:22:6d:fc:b0:e4:ef:e4:a2:0f:7d:91:
+ 72:fe:37:bc:5b:d0:ef:2d:31:6d:17:5a:8d:95:77:1b:d6:c6:
+ 68:22:5e:ec:0b:b0:36:42:29:32:22:da:23:ff:ca:b2:5b:7d:
+ d4:7c:f4:a8:e2:9a:62:3f:e3:a5:e0:9b:81:4b:0f:29:00:87:
+ 28:e4:2e:00:03:34:c2:20:ee:50:65:86:23:e1:a5:8b:af:f0:
+ 58:d8:9e:eb:0a:83:51:9c:4f:3c:66:2b:78:51:85:a3:f8:a9:
+ 81:9f:26:d9:40:0b:76:54:54:91:f9:56:eb:1a:e7:7a:42:29:
+ 0c:73:3d:54:1a:6f:56:88:63:41:f3:31:2c:22:d5:99:46:12:
+ 53:8d:32:cc:9b:9d:7b:ed:12:43:a3:ce:b5:2e:00:b3:7a:32:
+ 71:50:02:51:ac:5c:2b:a3:e1:98:fa:90:69:9d:6e:70:6e:31:
+ d2:f7:5a:ff:93:de:e6:5b:e3:15:c5:c2:c7:fe:4c:5d:2b:b8:
+ ee:ac:46:e8:d3:27:a9:d9:d5:d5:fc:5c:e8:32:d7:2e:3d:9d:
+ e9:b8:0b:45:c3:b2:11:a6:d8:74:82:d7:82:ef:7a:f2:3b:18:
+ 05:2d:ee:8e:4f:1b:96:61:d1:36:a2:46:ce:ca:b9:73:e7:6a:
+ df:63:0e:48:b3:90:fd:40:54:e0:77:85:88:6e:0e:81:bc:c6:
+ 82:12:02:91:7f:21:94:d7:9b:da:7f:79:5e:57:a8:b7:4b:8f:
+ f3:6f:d8:2f:6b:61:73:a3:c0:c8:ca:60:e8:dc:09:d1:28:62:
+ 39:a7:11:83:25:52:ed:54
+-----BEGIN CERTIFICATE-----
+MIIGBzCCA++gAwIBAgIEE8Co2jANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGEwJY
+WDEOMAwGA1UEChMFVGVzdHMxCzAJBgNVBAsTAkNBMRAwDgYDVQQDEwdUZXN0IENB
+MB4XDTE0MDQxODA5MzA0MVoXDTI0MDQxNTA5MzA0MVowPDELMAkGA1UEBhMCWFgx
+DjAMBgNVBAoTBVRlc3RzMQswCQYDVQQLEwJDQTEQMA4GA1UEAxMHVGVzdCBDQTCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANw/pICwLx/3tsFUn1G4iFZN
+F65/8JB5Y+v0cnjBuQXR0eqXPNe1Z1t9HZjcvWEMPS97AWtJqKIhiwk4TSgN6P5u
+iozKf5XJ4iXz6F15K1Z7mijFxMy2b0DdHQXLOe/MKLDpfybYNwaTburyDP7A1RQg
+jcjLM7swjejkQhx1AQ9vMnlurCB2c4P6Vdd7IC33PyZ1vPns7qQcHRjM3awWwPJU
+Wiigtqh10K6xqn8zIRO1KCjrzLNSJxSGS0SgaAS8lWXgjdfwXlxrRXG7RME38WSl
+8HUQE9nKz5Izb2lFjnlhXHktQSj+ZAhe+2ImkGjygEMllZC2pUvSQDxiNy1qZ420
+jGIc/zPfBRKIKfhCvdLvKXoBwDYUSFxM4eRgb8YGxmZW1LAEvcLooiKbyKELgbI6
+yvLnhOd3QuPCd8ZhoPvP0SOmZQ/mLbVH+D+JVle/qcNs4d2wt3cMEtn/9GoAvY3g
+irvo8WYSMH98wf/WkuOW2vflAbpL9Zfzw7zdeMY7szyITM2Z5zzmRgxrYAgEOOmd
+WGkTx+JtmVK5V3vl3fT2JeYQ4Bs22qpFSRdXaMbhskpPWsbOcQ6Ruwpla7D6Hfaf
+QuoqPXT0ZdWAKVUoVHvpZeCZUnm5F63gnCa4L/8DGo3Mlfbnf7ylmDm3LJ4V/sY2
+r+G7yLTxmjoPtsVWubPJAgMBAAGjggEPMIIBCzAdBgNVHQ4EFgQUezpOW47sTFUf
+Ki+ml1mdDM62XWUwZwYDVR0jBGAwXoAUezpOW47sTFUfKi+ml1mdDM62XWWhQKQ+
+MDwxCzAJBgNVBAYTAlhYMQ4wDAYDVQQKEwVUZXN0czELMAkGA1UECxMCQ0ExEDAO
+BgNVBAMTB1Rlc3QgQ0GCBBPAqNowDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC
+AQYwEQYJYIZIAYb4QgEBBAQDAgAHMBYGCWCGSAGG+EIBDQQJFgdUZXN0IENBMBsG
+A1UdEQQUMBKBEHRlc3RAZXhhbXBsZS5jb20wGwYDVR0SBBQwEoEQdGVzdEBleGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOCAgEABj7f4WacJ/6PThDACdYPj7rK/DPP
+4dV8g8pe9ygaqbdk0kJmGZbzOJA5mW9lEa4DUopQfjIngNj6KBxVqeYIu9pgm9PO
+gh6kJ5oLpbsvIkl0rc0N3spcYBIwMDttNJ8EVV93Gh3GZPbdQj7p2ZhP6jecaSW/
+9zKNUaIuBowN5AhIzDAXK2nkgvjotPMMWEgYeTAsJ0AkLbcVt2Vmfs6lYd4rhGhb
+arSSew+hbOUIQMo1GIyQKvauui6GR/Vqhy6vR9/Fwz/AJxGQg2BhLyJt/LDk7+Si
+D32Rcv43vFvQ7y0xbRdajZV3G9bGaCJe7AuwNkIpMiLaI//Kslt91Hz0qOKaYj/j
+peCbgUsPKQCHKOQuAAM0wiDuUGWGI+Gli6/wWNie6wqDUZxPPGYreFGFo/ipgZ8m
+2UALdlRUkflW6xrnekIpDHM9VBpvVohjQfMxLCLVmUYSU40yzJude+0SQ6POtS4A
+s3oycVACUaxcK6PhmPqQaZ1ucG4x0vda/5Pe5lvjFcXCx/5MXSu47qxG6NMnqdnV
+1fxc6DLXLj2d6bgLRcOyEabYdILXgu968jsYBS3ujk8blmHRNqJGzsq5c+dq32MO
+SLOQ/UBU4HeFiG4OgbzGghICkX8hlNeb2n95Xleot0uP82/YL2thc6PAyMpg6NwJ
+0ShiOacRgyVS7VQ=
+-----END CERTIFICATE-----
diff --git a/authserv/test/testca/public/certs/client.pem b/authserv/test/testca/public/certs/client.pem
new file mode 100644
index 0000000000000000000000000000000000000000..e98155299f301a6837e6549d4713d2e9d3250500
--- /dev/null
+++ b/authserv/test/testca/public/certs/client.pem
@@ -0,0 +1,140 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 331393243 (0x13c0a8db)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=XX, O=Tests, OU=CA, CN=Test CA
+ Validity
+ Not Before: Apr 18 09:30:52 2014 GMT
+ Not After : Apr 18 09:30:52 2015 GMT
+ Subject: C=XX, O=Tests, OU=CA, CN=client
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:c1:ef:eb:9f:dd:12:30:a4:42:e3:74:0a:e5:0a:
+ 37:28:67:ee:a8:da:7c:71:9d:0f:fa:b5:ba:47:b6:
+ c0:25:ae:19:ac:cc:a0:bc:e9:31:f4:26:c2:8f:38:
+ 7e:80:96:3a:78:ae:e1:c9:38:92:a8:d3:05:3f:c7:
+ 46:b8:0a:84:c4:ed:36:f7:96:0c:ed:fb:b2:b6:6b:
+ e5:90:7d:a7:39:8f:5d:c1:84:f1:33:94:ec:e9:25:
+ 14:54:9a:7e:6c:b5:14:38:ca:d3:8f:c4:8e:d4:f1:
+ 75:8d:bb:db:fa:fa:fe:5d:52:31:0b:7b:28:97:1f:
+ 1f:fc:71:9c:94:9c:d8:b4:b5:c2:97:11:90:ed:06:
+ b8:b7:f2:ad:1d:56:a3:cf:78:55:f5:8d:a4:4b:6b:
+ 49:b2:7e:8d:b8:8f:91:de:4f:1a:33:c9:6f:a9:05:
+ dc:ac:98:dc:6f:27:4f:f1:c1:58:81:d6:f2:e4:fa:
+ 4f:de:d3:9b:7f:44:99:87:ee:5b:cd:e2:de:90:84:
+ 0c:d5:2a:de:f0:56:1c:ce:c8:f1:de:67:29:f3:f1:
+ 39:59:a5:d4:38:ec:f3:e6:2b:e0:01:c6:e8:cd:d1:
+ f3:54:13:9e:85:62:88:7d:e3:d0:9e:79:84:f2:50:
+ 11:fc:f2:81:59:c3:91:09:7d:c4:b1:e2:63:70:81:
+ 9e:30:92:38:68:99:44:f2:cc:9b:a5:83:87:dc:ac:
+ 9e:dd:05:69:58:db:8a:73:9d:ea:b9:30:31:6b:5d:
+ d5:00:5c:b3:4d:ea:d8:16:2e:02:e8:0b:e6:d8:ef:
+ fc:a0:2b:0b:2c:73:ed:28:c4:e9:fb:1b:ba:ea:6f:
+ 14:33:13:b6:b3:d9:85:88:4f:35:cd:13:e8:ed:52:
+ 68:5f:77:6b:3e:0c:f7:98:fa:62:98:5d:f1:53:7c:
+ f0:ca:86:58:21:65:31:c6:5a:a1:cf:bd:10:82:7b:
+ 03:f9:4e:1e:c7:79:ec:32:0a:c6:c9:d4:d9:36:86:
+ ea:b2:17:5d:e8:a4:ff:54:ce:68:76:1f:44:71:5a:
+ d5:0e:fb:22:8c:44:47:7a:f0:4a:72:73:db:7d:6f:
+ fd:6e:52:60:a9:17:50:dd:f5:fa:fe:4d:6f:fc:24:
+ bf:9e:75:6c:65:10:64:b7:61:b3:c6:b9:60:bc:ee:
+ 2c:0b:ad:c7:cf:18:61:37:83:c4:b8:45:8c:94:52:
+ 5e:13:66:99:83:15:96:03:c4:20:2d:90:e1:b4:be:
+ d6:1d:f2:c4:3a:b5:7a:c1:6a:38:bb:28:f9:3b:5c:
+ 1f:17:1e:ad:44:44:f2:a1:4a:81:1f:71:a2:29:4c:
+ d5:57:8b:68:3b:a9:7e:c6:f9:af:dc:64:01:70:ed:
+ c9:4f:bb
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Cert Type:
+ SSL Client, SSL Server
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication, TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+ 76:F0:D4:F4:C0:F3:36:1C:F2:59:09:D8:38:F9:BB:65:B7:A3:BA:93
+ X509v3 Authority Key Identifier:
+ keyid:7B:3A:4E:5B:8E:EC:4C:55:1F:2A:2F:A6:97:59:9D:0C:CE:B6:5D:65
+ DirName:/C=XX/O=Tests/OU=CA/CN=Test CA
+ serial:13:C0:A8:DA
+
+ X509v3 Subject Alternative Name:
+ DNS:client
+ X509v3 Issuer Alternative Name:
+ email:test@example.com
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 86:5a:71:46:ac:b0:21:75:61:52:3d:2a:53:78:4a:1f:07:77:
+ 1b:62:fb:30:f6:fe:65:4e:09:17:93:58:ff:8a:65:c1:eb:5b:
+ a3:71:b6:0d:13:40:1c:32:a5:22:72:22:ef:fe:11:1a:46:ba:
+ 25:26:31:08:5a:3f:69:f8:c4:70:25:f8:a0:f4:65:fa:43:53:
+ cf:84:83:48:82:7c:ad:0c:d4:9e:b9:b9:a5:ac:bf:3d:1c:28:
+ cd:ca:7c:aa:e6:73:21:fd:62:18:e5:c3:31:8a:8e:38:03:03:
+ 96:e5:03:a3:84:7d:fc:e0:2c:ff:b9:79:93:d4:5e:70:2e:dc:
+ bf:ea:64:1e:13:7a:f3:b8:62:58:24:e6:9b:74:b4:41:63:87:
+ 0d:b7:63:c5:ad:73:fb:7b:66:1d:e7:75:1d:65:c4:6a:bb:79:
+ 4a:ad:59:34:10:86:3c:e6:8a:bd:4a:85:46:85:c4:14:f4:5d:
+ 48:bc:e6:f1:62:0d:e5:9b:84:7f:99:ef:ae:6a:df:0c:a7:68:
+ 7e:d5:06:2f:c9:8d:e4:7d:00:aa:6c:55:79:9d:39:78:d6:f6:
+ e6:f7:cd:8e:bf:95:f6:a4:94:e3:47:ef:d8:18:f6:f3:3b:85:
+ e0:09:ba:48:9e:b7:53:d8:fd:d6:2e:bc:ac:48:fb:68:de:79:
+ d7:44:f2:e6:9b:42:55:91:b7:f1:b4:eb:11:3c:ac:05:7b:c4:
+ bd:34:40:22:cd:b7:88:3c:e6:57:86:89:9a:a9:de:ac:40:86:
+ 8f:2c:f5:4e:0d:bd:c2:e3:ea:6d:ed:b9:cb:62:82:f9:0a:46:
+ 30:0e:ea:fa:49:54:7c:6b:a6:8a:e3:70:e6:0a:d9:a9:94:2f:
+ ee:e6:91:72:c9:ea:53:5d:d4:1f:ac:3c:21:3e:52:05:b1:ea:
+ 69:9d:45:23:e7:3d:a8:6f:d4:b1:67:36:2a:c0:90:9c:fb:22:
+ 1c:a7:10:7d:a0:ad:66:a5:58:20:c2:54:47:3f:ab:f6:42:cd:
+ 57:1d:d4:f2:09:4d:7e:cd:dd:cf:35:49:48:df:7f:03:e8:a5:
+ 2e:40:19:be:cb:5e:5f:62:f8:b8:37:f2:a1:9e:9a:37:6a:08:
+ fa:67:4d:d2:9d:3f:eb:b4:ea:73:c6:69:77:c2:f7:12:05:da:
+ 69:e9:fd:33:56:49:62:c5:21:aa:fc:5a:a5:c8:cf:a5:86:77:
+ 6e:8f:bb:77:d5:5a:dd:a7:ff:de:03:6b:bc:dd:a8:e8:b5:45:
+ c9:a5:ea:d1:dd:8f:8e:06:a3:6c:e9:52:29:ff:8e:af:e3:95:
+ fb:59:7f:1a:51:99:79:8a:b3:d9:fd:8f:7f:99:0a:fd:fb:a0:
+ ab:7b:33:c1:60:9a:71:5f
+-----BEGIN CERTIFICATE-----
+MIIGEDCCA/igAwIBAgIEE8Co2zANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGEwJY
+WDEOMAwGA1UEChMFVGVzdHMxCzAJBgNVBAsTAkNBMRAwDgYDVQQDEwdUZXN0IENB
+MB4XDTE0MDQxODA5MzA1MloXDTE1MDQxODA5MzA1MlowOzELMAkGA1UEBhMCWFgx
+DjAMBgNVBAoTBVRlc3RzMQswCQYDVQQLEwJDQTEPMA0GA1UEAxMGY2xpZW50MIIC
+IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwe/rn90SMKRC43QK5Qo3KGfu
+qNp8cZ0P+rW6R7bAJa4ZrMygvOkx9CbCjzh+gJY6eK7hyTiSqNMFP8dGuAqExO02
+95YM7fuytmvlkH2nOY9dwYTxM5Ts6SUUVJp+bLUUOMrTj8SO1PF1jbvb+vr+XVIx
+C3solx8f/HGclJzYtLXClxGQ7Qa4t/KtHVajz3hV9Y2kS2tJsn6NuI+R3k8aM8lv
+qQXcrJjcbydP8cFYgdby5PpP3tObf0SZh+5bzeLekIQM1Sre8FYczsjx3mcp8/E5
+WaXUOOzz5ivgAcbozdHzVBOehWKIfePQnnmE8lAR/PKBWcORCX3EseJjcIGeMJI4
+aJlE8sybpYOH3Kye3QVpWNuKc53quTAxa13VAFyzTerYFi4C6Avm2O/8oCsLLHPt
+KMTp+xu66m8UMxO2s9mFiE81zRPo7VJoX3drPgz3mPpimF3xU3zwyoZYIWUxxlqh
+z70QgnsD+U4ex3nsMgrGydTZNobqshdd6KT/VM5odh9EcVrVDvsijERHevBKcnPb
+fW/9blJgqRdQ3fX6/k1v/CS/nnVsZRBkt2GzxrlgvO4sC63HzxhhN4PEuEWMlFJe
+E2aZgxWWA8QgLZDhtL7WHfLEOrV6wWo4uyj5O1wfFx6tRETyoUqBH3GiKUzVV4to
+O6l+xvmv3GQBcO3JT7sCAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwEQYJYIZIAYb4
+QgEBBAQDAgbAMAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB
+BQUHAwEwHQYDVR0OBBYEFHbw1PTA8zYc8lkJ2Dj5u2W3o7qTMGcGA1UdIwRgMF6A
+FHs6TluO7ExVHyovppdZnQzOtl1loUCkPjA8MQswCQYDVQQGEwJYWDEOMAwGA1UE
+ChMFVGVzdHMxCzAJBgNVBAsTAkNBMRAwDgYDVQQDEwdUZXN0IENBggQTwKjaMBEG
+A1UdEQQKMAiCBmNsaWVudDAbBgNVHRIEFDASgRB0ZXN0QGV4YW1wbGUuY29tMBEG
+A1UdHwQKMAgwBqAEoAKGADANBgkqhkiG9w0BAQUFAAOCAgEAhlpxRqywIXVhUj0q
+U3hKHwd3G2L7MPb+ZU4JF5NY/4plwetbo3G2DRNAHDKlInIi7/4RGka6JSYxCFo/
+afjEcCX4oPRl+kNTz4SDSIJ8rQzUnrm5pay/PRwozcp8quZzIf1iGOXDMYqOOAMD
+luUDo4R9/OAs/7l5k9RecC7cv+pkHhN687hiWCTmm3S0QWOHDbdjxa1z+3tmHed1
+HWXEart5Sq1ZNBCGPOaKvUqFRoXEFPRdSLzm8WIN5ZuEf5nvrmrfDKdoftUGL8mN
+5H0AqmxVeZ05eNb25vfNjr+V9qSU40fv2Bj28zuF4Am6SJ63U9j91i68rEj7aN55
+10Ty5ptCVZG38bTrETysBXvEvTRAIs23iDzmV4aJmqnerECGjyz1Tg29wuPqbe25
+y2KC+QpGMA7q+klUfGumiuNw5grZqZQv7uaRcsnqU13UH6w8IT5SBbHqaZ1FI+c9
+qG/UsWc2KsCQnPsiHKcQfaCtZqVYIMJURz+r9kLNVx3U8glNfs3dzzVJSN9/A+il
+LkAZvsteX2L4uDfyoZ6aN2oI+mdN0p0/67Tqc8Zpd8L3EgXaaen9M1ZJYsUhqvxa
+pcjPpYZ3bo+7d9Va3af/3gNrvN2o6LVFyaXq0d2PjgajbOlSKf+Or+OV+1l/GlGZ
+eYqz2f2Pf5kK/fugq3szwWCacV8=
+-----END CERTIFICATE-----
diff --git a/authserv/test/testca/public/certs/server.pem b/authserv/test/testca/public/certs/server.pem
new file mode 100644
index 0000000000000000000000000000000000000000..ec2a27681689afe2550b260ff36b92efb7bc8684
--- /dev/null
+++ b/authserv/test/testca/public/certs/server.pem
@@ -0,0 +1,140 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 331393244 (0x13c0a8dc)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=XX, O=Tests, OU=CA, CN=Test CA
+ Validity
+ Not Before: Apr 18 09:30:56 2014 GMT
+ Not After : Apr 18 09:30:56 2015 GMT
+ Subject: C=XX, O=Tests, OU=CA, CN=server
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:97:fa:c4:06:fd:8d:cc:b2:4a:8a:06:fc:5f:89:
+ bc:d4:30:bd:ee:fe:16:8b:b6:1a:00:a8:54:b3:1c:
+ 7f:49:e1:50:fa:9a:a0:9c:77:3f:59:4f:16:d8:1d:
+ 30:b6:e0:c5:5e:78:c3:37:45:08:2a:f8:4f:fa:6f:
+ ab:6a:0e:70:f2:fb:db:0c:e3:6b:7f:10:f0:44:58:
+ 3e:0a:b5:d4:79:62:c3:6d:5e:c4:1f:b3:f1:10:29:
+ 57:13:38:7f:3e:6f:9c:22:47:10:a0:b8:84:6d:e5:
+ 10:c1:7e:09:3c:10:b6:ed:b0:a8:78:5b:ba:71:ad:
+ 6f:02:2b:51:25:17:0f:66:7d:53:99:3f:e2:a9:70:
+ 50:e6:cb:0c:10:40:45:8b:66:7a:ee:fb:59:63:d3:
+ df:b8:93:53:c4:fc:3b:84:d4:c7:eb:64:91:76:6e:
+ 6f:74:98:48:75:5a:37:c5:f0:1a:66:4c:87:47:91:
+ 51:4d:6e:8d:6e:85:2e:80:8c:50:62:78:a9:28:4a:
+ e8:fd:a4:07:40:51:f1:9b:3b:13:7c:07:4c:1d:6b:
+ 7e:ca:bd:37:86:af:22:6a:ad:53:a9:3c:61:b3:56:
+ 6e:7b:97:c9:d6:d0:52:c8:d9:62:bc:70:65:aa:4f:
+ af:d4:80:fc:71:f4:74:95:b2:d7:06:64:99:8e:20:
+ d0:1f:43:3f:0c:f9:9f:2a:f8:85:63:99:4e:93:f4:
+ ee:ec:9a:59:ed:0a:0a:81:27:de:cb:0f:d0:c3:8b:
+ 0c:64:49:85:92:fe:6c:8a:8f:e5:39:12:de:cd:31:
+ 0b:c1:54:04:c6:9d:6b:3a:0b:9e:3e:2b:56:bf:02:
+ 1d:04:db:3d:f6:c1:d8:91:40:7d:c2:86:64:ed:24:
+ 82:26:6e:c4:31:ac:4a:e8:96:5c:b2:46:41:3b:cf:
+ c2:21:47:2a:54:58:3c:f1:aa:d4:38:2f:31:5c:7d:
+ 17:31:f9:27:48:5f:2e:e8:7e:e1:87:0c:d7:c2:ca:
+ fd:aa:4c:93:2e:ee:07:b6:fd:aa:30:e6:0e:33:82:
+ 06:a6:db:2c:b0:52:f0:66:2a:0e:d8:e2:ba:8d:d4:
+ 54:2f:dd:50:42:5d:88:af:0f:fd:87:2f:21:6a:20:
+ 42:b8:fa:08:02:65:20:f1:a7:38:ff:29:95:cd:d5:
+ f8:6b:30:61:fe:0f:9e:67:40:8a:7e:40:f9:3a:04:
+ 71:44:19:c6:cd:8a:87:55:53:c8:73:b8:59:85:c4:
+ 46:e5:e5:2b:21:05:af:98:3d:f1:8b:f2:18:a8:9e:
+ d1:ac:c8:b6:cf:b3:31:d7:be:13:84:e6:64:46:83:
+ 4c:22:2a:b2:d5:e2:2d:0b:19:dd:0e:18:03:f4:43:
+ 65:64:3f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Cert Type:
+ SSL Client, SSL Server
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication, TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+ C5:71:D1:85:CC:CC:FE:B5:92:43:B7:2A:AF:4C:14:FF:0B:C6:98:12
+ X509v3 Authority Key Identifier:
+ keyid:7B:3A:4E:5B:8E:EC:4C:55:1F:2A:2F:A6:97:59:9D:0C:CE:B6:5D:65
+ DirName:/C=XX/O=Tests/OU=CA/CN=Test CA
+ serial:13:C0:A8:DA
+
+ X509v3 Subject Alternative Name:
+ DNS:server
+ X509v3 Issuer Alternative Name:
+ email:test@example.com
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 07:17:8c:31:b3:cd:e3:1a:f6:8c:0f:b9:bb:06:d1:68:e5:93:
+ 95:22:eb:1f:73:b9:ce:b8:c1:eb:b2:fd:75:3d:5c:45:b9:eb:
+ 25:77:80:7e:b9:41:bb:91:cf:ee:a5:57:f2:23:c2:58:78:37:
+ a3:f8:b8:33:e2:e8:fd:05:51:25:8e:8a:72:07:2c:dd:02:d8:
+ 5c:9a:73:c1:41:f4:56:97:24:3a:06:8c:e6:d2:35:bd:b3:51:
+ 6e:b9:e0:66:68:ad:3b:a8:3f:7d:24:88:b6:67:11:09:31:a1:
+ 03:a6:1e:ea:b8:13:12:b9:47:c6:55:17:61:c5:4a:0d:24:4f:
+ 6e:ee:1c:e5:0c:ba:89:60:0f:8e:a2:6f:9f:0a:64:b2:98:65:
+ 73:ed:9b:f1:c5:0c:d5:aa:a7:0c:52:2b:ac:50:e0:6d:68:5e:
+ 1f:3a:a7:b8:f4:91:30:b8:50:93:13:f2:c0:96:03:8b:74:3a:
+ 6a:0e:2e:ed:7f:fa:02:4d:68:27:3a:cc:a6:51:a4:fa:cd:29:
+ 59:f3:0f:a7:01:7e:7e:05:2c:fe:39:12:34:e6:12:eb:21:70:
+ 04:79:04:2a:55:a7:c6:32:60:94:36:8d:e9:04:ff:37:ca:1e:
+ 6e:3a:80:ad:28:7f:d3:1a:5f:a4:fc:6b:3b:71:d7:50:69:42:
+ 86:4d:d3:4c:f0:36:33:b8:ad:2d:8c:41:0d:8d:d0:c6:0d:6c:
+ 22:03:a6:46:47:f5:65:de:4d:22:e9:ed:75:58:9a:38:77:e3:
+ e0:f5:e3:95:42:0c:41:13:1b:f2:6d:76:61:fc:fb:e6:e0:43:
+ 6f:f3:d9:f5:4b:91:ea:68:a2:e2:2d:60:bd:b3:7a:fc:7f:63:
+ a5:d7:df:75:2c:18:3c:4d:e8:53:cc:8c:dc:17:99:fd:2f:11:
+ 3f:26:99:8f:f8:0d:63:08:52:e8:b3:41:7f:84:41:d7:d4:88:
+ 9a:19:65:02:45:da:47:71:6c:d3:f1:54:8e:a1:d6:7a:5c:99:
+ eb:64:09:0f:8a:3d:0f:90:bb:74:4a:8a:fa:5b:1d:47:21:43:
+ 82:4f:02:a3:4f:70:fb:df:91:a9:bf:bc:72:eb:4e:8a:ca:6b:
+ ef:e7:ec:7a:fb:88:12:6e:13:d4:0e:f5:28:f7:c3:c2:b9:5f:
+ c8:bf:07:2a:a2:50:56:cb:b0:2a:24:7c:19:f4:d3:2e:40:cf:
+ 3b:77:2c:96:bf:7c:b1:b4:ac:4d:82:ad:11:22:00:fb:27:11:
+ ab:b1:68:32:62:1a:9f:36:de:f7:a5:ca:5b:3d:5c:02:bb:52:
+ 67:56:82:3b:b0:bd:3a:88:35:77:de:74:0a:af:60:a9:01:f9:
+ 17:29:72:65:2d:9c:49:08
+-----BEGIN CERTIFICATE-----
+MIIGEDCCA/igAwIBAgIEE8Co3DANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGEwJY
+WDEOMAwGA1UEChMFVGVzdHMxCzAJBgNVBAsTAkNBMRAwDgYDVQQDEwdUZXN0IENB
+MB4XDTE0MDQxODA5MzA1NloXDTE1MDQxODA5MzA1NlowOzELMAkGA1UEBhMCWFgx
+DjAMBgNVBAoTBVRlc3RzMQswCQYDVQQLEwJDQTEPMA0GA1UEAxMGc2VydmVyMIIC
+IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAl/rEBv2NzLJKigb8X4m81DC9
+7v4Wi7YaAKhUsxx/SeFQ+pqgnHc/WU8W2B0wtuDFXnjDN0UIKvhP+m+rag5w8vvb
+DONrfxDwRFg+CrXUeWLDbV7EH7PxEClXEzh/Pm+cIkcQoLiEbeUQwX4JPBC27bCo
+eFu6ca1vAitRJRcPZn1TmT/iqXBQ5ssMEEBFi2Z67vtZY9PfuJNTxPw7hNTH62SR
+dm5vdJhIdVo3xfAaZkyHR5FRTW6NboUugIxQYnipKEro/aQHQFHxmzsTfAdMHWt+
+yr03hq8iaq1TqTxhs1Zue5fJ1tBSyNlivHBlqk+v1ID8cfR0lbLXBmSZjiDQH0M/
+DPmfKviFY5lOk/Tu7JpZ7QoKgSfeyw/Qw4sMZEmFkv5sio/lORLezTELwVQExp1r
+OguePitWvwIdBNs99sHYkUB9woZk7SSCJm7EMaxK6JZcskZBO8/CIUcqVFg88arU
+OC8xXH0XMfknSF8u6H7hhwzXwsr9qkyTLu4Htv2qMOYOM4IGptsssFLwZioO2OK6
+jdRUL91QQl2Irw/9hy8haiBCuPoIAmUg8ac4/ymVzdX4azBh/g+eZ0CKfkD5OgRx
+RBnGzYqHVVPIc7hZhcRG5eUrIQWvmD3xi/IYqJ7RrMi2z7Mx174ThOZkRoNMIiqy
+1eItCxndDhgD9ENlZD8CAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwEQYJYIZIAYb4
+QgEBBAQDAgbAMAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB
+BQUHAwEwHQYDVR0OBBYEFMVx0YXMzP61kkO3Kq9MFP8LxpgSMGcGA1UdIwRgMF6A
+FHs6TluO7ExVHyovppdZnQzOtl1loUCkPjA8MQswCQYDVQQGEwJYWDEOMAwGA1UE
+ChMFVGVzdHMxCzAJBgNVBAsTAkNBMRAwDgYDVQQDEwdUZXN0IENBggQTwKjaMBEG
+A1UdEQQKMAiCBnNlcnZlcjAbBgNVHRIEFDASgRB0ZXN0QGV4YW1wbGUuY29tMBEG
+A1UdHwQKMAgwBqAEoAKGADANBgkqhkiG9w0BAQUFAAOCAgEABxeMMbPN4xr2jA+5
+uwbRaOWTlSLrH3O5zrjB67L9dT1cRbnrJXeAfrlBu5HP7qVX8iPCWHg3o/i4M+Lo
+/QVRJY6Kcgcs3QLYXJpzwUH0VpckOgaM5tI1vbNRbrngZmitO6g/fSSItmcRCTGh
+A6Ye6rgTErlHxlUXYcVKDSRPbu4c5Qy6iWAPjqJvnwpksphlc+2b8cUM1aqnDFIr
+rFDgbWheHzqnuPSRMLhQkxPywJYDi3Q6ag4u7X/6Ak1oJzrMplGk+s0pWfMPpwF+
+fgUs/jkSNOYS6yFwBHkEKlWnxjJglDaN6QT/N8oebjqArSh/0xpfpPxrO3HXUGlC
+hk3TTPA2M7itLYxBDY3Qxg1sIgOmRkf1Zd5NIuntdViaOHfj4PXjlUIMQRMb8m12
+Yfz75uBDb/PZ9UuR6mii4i1gvbN6/H9jpdffdSwYPE3oU8yM3BeZ/S8RPyaZj/gN
+YwhS6LNBf4RB19SImhllAkXaR3Fs0/FUjqHWelyZ62QJD4o9D5C7dEqK+lsdRyFD
+gk8Co09w+9+Rqb+8cutOispr7+fsevuIEm4T1A71KPfDwrlfyL8HKqJQVsuwKiR8
+GfTTLkDPO3cslr98sbSsTYKtESIA+ycRq7FoMmIanzbe96XKWz1cArtSZ1aCO7C9
+Oog1d950Cq9gqQH5FylyZS2cSQg=
+-----END CERTIFICATE-----
diff --git a/authserv/test/testca/test.conf b/authserv/test/testca/test.conf
new file mode 100644
index 0000000000000000000000000000000000000000..b4c88a5400717e7ef31a8b57bdbfcbe18c47c583
--- /dev/null
+++ b/authserv/test/testca/test.conf
@@ -0,0 +1,11 @@
+
+[ca]
+cn = Test CA
+org = Tests
+email = test@example.com
+
+[server]
+cn = server
+
+[client]
+cn = client